mirror of
https://github.com/DSpace/DSpace.git
synced 2025-10-07 01:54:22 +00:00
72450: AdministratorOfFeature: fixes
This commit is contained in:
Yana De Pauw
@@ -146,6 +146,33 @@ public abstract class AbstractDSpaceObjectBuilder<T extends DSpaceObject>
|
||||
}
|
||||
return (B) this;
|
||||
}
|
||||
/**
|
||||
* Support method to grant the {@link Constants#READ} permission over an object only to a specific group. Any other
|
||||
* READ permissions will be removed
|
||||
*
|
||||
* @param dso
|
||||
* the DSpaceObject on which grant the permission
|
||||
* @param eperson
|
||||
* the eperson that will be granted of the permission
|
||||
* @return the builder properly configured to build the object with the additional admin permission
|
||||
*/
|
||||
protected <B extends AbstractDSpaceObjectBuilder<T>> B setAdminPermission(DSpaceObject dso, EPerson eperson,
|
||||
Date startDate) {
|
||||
try {
|
||||
|
||||
ResourcePolicy rp = authorizeService.createOrModifyPolicy(null, context, null, null,
|
||||
eperson, startDate, Constants.ADMIN,
|
||||
"Integration Test", dso);
|
||||
if (rp != null) {
|
||||
log.info("Updating resource policy with REMOVE for eperson: " + eperson.getEmail());
|
||||
resourcePolicyService.update(context, rp);
|
||||
}
|
||||
} catch (Exception e) {
|
||||
return handleException(e);
|
||||
}
|
||||
return (B) this;
|
||||
|
||||
}
|
||||
|
||||
/**
|
||||
* Support method to grant {@link Constants#REMOVE} permission to a specific eperson
|
||||
|
||||
@@ -19,6 +19,7 @@ import org.dspace.content.MetadataSchemaEnum;
|
||||
import org.dspace.content.WorkspaceItem;
|
||||
import org.dspace.content.service.DSpaceObjectService;
|
||||
import org.dspace.core.Context;
|
||||
import org.dspace.eperson.EPerson;
|
||||
import org.dspace.eperson.Group;
|
||||
|
||||
/**
|
||||
@@ -126,6 +127,19 @@ public class ItemBuilder extends AbstractDSpaceObjectBuilder<Item> {
|
||||
return this;
|
||||
}
|
||||
|
||||
/**
|
||||
* Create an admin group for the collection with the specified members
|
||||
*
|
||||
* @param members epersons to add to the admin group
|
||||
* @return this builder
|
||||
* @throws SQLException
|
||||
* @throws AuthorizeException
|
||||
*/
|
||||
public ItemBuilder withAdminUser(EPerson ePerson) throws SQLException, AuthorizeException {
|
||||
return setAdminPermission(item, ePerson, null);
|
||||
}
|
||||
|
||||
|
||||
@Override
|
||||
public Item build() {
|
||||
try {
|
||||
|
||||
@@ -14,11 +14,13 @@ import org.dspace.app.rest.authorization.AuthorizationFeatureDocumentation;
|
||||
import org.dspace.app.rest.model.BaseObjectRest;
|
||||
import org.dspace.app.rest.model.CollectionRest;
|
||||
import org.dspace.app.rest.model.CommunityRest;
|
||||
import org.dspace.app.rest.model.ItemRest;
|
||||
import org.dspace.app.rest.model.SiteRest;
|
||||
import org.dspace.app.rest.utils.Utils;
|
||||
import org.dspace.authorize.service.AuthorizeService;
|
||||
import org.dspace.content.Collection;
|
||||
import org.dspace.content.Community;
|
||||
import org.dspace.content.Item;
|
||||
import org.dspace.core.Context;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.stereotype.Component;
|
||||
@@ -53,6 +55,10 @@ public class AdministratorOfFeature implements AuthorizationFeature {
|
||||
Collection collection = (Collection) utils.getDSpaceAPIObjectFromRest(context, object);
|
||||
return authService.isAdmin(context, collection);
|
||||
}
|
||||
if (object instanceof ItemRest) {
|
||||
Item item = (Item) utils.getDSpaceAPIObjectFromRest(context, object);
|
||||
return authService.isAdmin(context, item);
|
||||
}
|
||||
}
|
||||
return authService.isAdmin(context);
|
||||
}
|
||||
@@ -62,7 +68,8 @@ public class AdministratorOfFeature implements AuthorizationFeature {
|
||||
return new String[]{
|
||||
SiteRest.CATEGORY + "." + SiteRest.NAME,
|
||||
CommunityRest.CATEGORY + "." + CommunityRest.NAME,
|
||||
CollectionRest.CATEGORY + "." + CollectionRest.NAME
|
||||
CollectionRest.CATEGORY + "." + CollectionRest.NAME,
|
||||
ItemRest.CATEGORY + "." + ItemRest.NAME
|
||||
};
|
||||
}
|
||||
}
|
||||
@@ -11,22 +11,29 @@ import static org.springframework.test.web.servlet.request.MockMvcRequestBuilder
|
||||
import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.jsonPath;
|
||||
import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
|
||||
|
||||
import java.sql.SQLException;
|
||||
|
||||
import org.dspace.app.rest.authorization.impl.AdministratorOfFeature;
|
||||
import org.dspace.app.rest.converter.CollectionConverter;
|
||||
import org.dspace.app.rest.converter.CommunityConverter;
|
||||
import org.dspace.app.rest.converter.ItemConverter;
|
||||
import org.dspace.app.rest.converter.SiteConverter;
|
||||
import org.dspace.app.rest.matcher.AuthorizationMatcher;
|
||||
import org.dspace.app.rest.model.CollectionRest;
|
||||
import org.dspace.app.rest.model.CommunityRest;
|
||||
import org.dspace.app.rest.model.ItemRest;
|
||||
import org.dspace.app.rest.model.SiteRest;
|
||||
import org.dspace.app.rest.projection.DefaultProjection;
|
||||
import org.dspace.app.rest.test.AbstractControllerIntegrationTest;
|
||||
import org.dspace.authorize.AuthorizeException;
|
||||
import org.dspace.authorize.service.AuthorizeService;
|
||||
import org.dspace.builder.CollectionBuilder;
|
||||
import org.dspace.builder.CommunityBuilder;
|
||||
import org.dspace.builder.EPersonBuilder;
|
||||
import org.dspace.builder.ItemBuilder;
|
||||
import org.dspace.content.Collection;
|
||||
import org.dspace.content.Community;
|
||||
import org.dspace.content.Item;
|
||||
import org.dspace.content.Site;
|
||||
import org.dspace.content.factory.ContentServiceFactory;
|
||||
import org.dspace.content.service.CommunityService;
|
||||
@@ -55,6 +62,8 @@ public class AdministratorFeatureIT extends AbstractControllerIntegrationTest {
|
||||
@Autowired
|
||||
CommunityService communityService;
|
||||
@Autowired
|
||||
private ItemConverter itemConverter;
|
||||
@Autowired
|
||||
private CommunityConverter communityConverter;
|
||||
@Autowired
|
||||
private CollectionConverter collectionConverter;
|
||||
@@ -63,6 +72,22 @@ public class AdministratorFeatureIT extends AbstractControllerIntegrationTest {
|
||||
|
||||
private SiteService siteService;
|
||||
|
||||
private EPerson adminComA;
|
||||
private EPerson adminComB;
|
||||
private EPerson adminColA;
|
||||
private EPerson adminColB;
|
||||
private EPerson adminItemA;
|
||||
private EPerson adminItemB;
|
||||
|
||||
private Community communityA;
|
||||
private Community subCommunityOfA;
|
||||
private Community communityB;
|
||||
private Collection collectionA;
|
||||
private Collection collectionB;
|
||||
private Item itemInCollectionA;
|
||||
private Item itemInCollectionB;
|
||||
|
||||
|
||||
/**
|
||||
* this hold a reference to the test feature {@link AdministratorOfFeature}
|
||||
*/
|
||||
@@ -74,201 +99,345 @@ public class AdministratorFeatureIT extends AbstractControllerIntegrationTest {
|
||||
super.setUp();
|
||||
siteService = ContentServiceFactory.getInstance().getSiteService();
|
||||
administratorFeature = authorizationFeatureService.find(AdministratorOfFeature.NAME);
|
||||
initAdminsAndObjects();
|
||||
}
|
||||
|
||||
private void initAdminsAndObjects() throws SQLException, AuthorizeException {
|
||||
context.turnOffAuthorisationSystem();
|
||||
|
||||
|
||||
adminComA = EPersonBuilder.createEPerson(context)
|
||||
.withEmail("adminComA@example.com")
|
||||
.withPassword(password)
|
||||
.build();
|
||||
|
||||
adminComB = EPersonBuilder.createEPerson(context)
|
||||
.withEmail("adminComB@example.com")
|
||||
.withPassword(password)
|
||||
.build();
|
||||
|
||||
adminColA = EPersonBuilder.createEPerson(context)
|
||||
.withEmail("adminColA@example.com")
|
||||
.withPassword(password)
|
||||
.build();
|
||||
|
||||
adminColB = EPersonBuilder.createEPerson(context)
|
||||
.withEmail("adminColB@example.com")
|
||||
.withPassword(password)
|
||||
.build();
|
||||
|
||||
adminItemA = EPersonBuilder.createEPerson(context)
|
||||
.withEmail("adminItemA@example.com")
|
||||
.withPassword(password)
|
||||
.build();
|
||||
|
||||
adminItemB = EPersonBuilder.createEPerson(context)
|
||||
.withEmail("adminItemB@example.com")
|
||||
.withPassword(password)
|
||||
.build();
|
||||
|
||||
communityA = CommunityBuilder.createCommunity(context)
|
||||
.withName("Community A")
|
||||
.withAdminGroup(adminComA)
|
||||
.build();
|
||||
|
||||
subCommunityOfA = CommunityBuilder.createSubCommunity(context, communityA)
|
||||
.withName("Sub Community of CommunityA")
|
||||
.build();
|
||||
|
||||
communityB = CommunityBuilder.createCommunity(context)
|
||||
.withName("Community B")
|
||||
.withAdminGroup(adminComB)
|
||||
.build();
|
||||
|
||||
collectionA = CollectionBuilder.createCollection(context, subCommunityOfA)
|
||||
.withName("Collection A")
|
||||
.withAdminGroup(adminColA)
|
||||
.build();
|
||||
|
||||
collectionB = CollectionBuilder.createCollection(context, communityB)
|
||||
.withName("Collection B")
|
||||
.withAdminGroup(adminColB)
|
||||
.build();
|
||||
|
||||
itemInCollectionA = ItemBuilder.createItem(context, collectionA)
|
||||
.withTitle("Item in Collection A")
|
||||
.withAdminUser(adminItemA)
|
||||
.build();
|
||||
|
||||
itemInCollectionB = ItemBuilder.createItem(context, collectionB)
|
||||
.withTitle("Item in Collection B")
|
||||
.withAdminUser(adminItemB)
|
||||
.build();
|
||||
|
||||
context.restoreAuthSystemState();
|
||||
}
|
||||
|
||||
@Test
|
||||
public void communityWithAdministratorFeatureTest() throws Exception {
|
||||
context.turnOffAuthorisationSystem();
|
||||
EPerson adminComA = EPersonBuilder.createEPerson(context)
|
||||
.withEmail("adminComA@example.com")
|
||||
.withPassword(password)
|
||||
.build();
|
||||
|
||||
EPerson adminComB = EPersonBuilder.createEPerson(context)
|
||||
.withEmail("adminComB@example.com")
|
||||
.withPassword(password)
|
||||
.build();
|
||||
|
||||
Community communityA = CommunityBuilder.createCommunity(context)
|
||||
.withName("Community A")
|
||||
.withAdminGroup(adminComA)
|
||||
.build();
|
||||
|
||||
Community subCommunityOfA = CommunityBuilder.createSubCommunity(context, communityA)
|
||||
.withName("Sub Community of CommunityA")
|
||||
.build();
|
||||
|
||||
Collection collectionOfSubComm = CollectionBuilder.createCollection(context, subCommunityOfA)
|
||||
.withName("Collection of subCommunity")
|
||||
.build();
|
||||
|
||||
Community communityB = CommunityBuilder.createCommunity(context)
|
||||
.withName("Community B")
|
||||
.withAdminGroup(adminComB)
|
||||
.build();
|
||||
|
||||
context.restoreAuthSystemState();
|
||||
|
||||
CommunityRest communityRestA = communityConverter.convert(communityA, DefaultProjection.DEFAULT);
|
||||
CommunityRest SubCommunityOfArest = communityConverter.convert(subCommunityOfA, DefaultProjection.DEFAULT);
|
||||
CollectionRest collectionRestOfSubComm = collectionConverter.convert(collectionOfSubComm,
|
||||
DefaultProjection.DEFAULT);
|
||||
CommunityRest communityRestB = communityConverter.convert(communityB, DefaultProjection.DEFAULT);
|
||||
CommunityRest SubCommunityOfARest = communityConverter.convert(subCommunityOfA, DefaultProjection.DEFAULT);
|
||||
|
||||
// tokens
|
||||
String tokenAdminComA = getAuthToken(adminComA.getEmail(), password);
|
||||
String tokenAdminComB = getAuthToken(adminComB.getEmail(), password);
|
||||
String tokenAdmin = getAuthToken(admin.getEmail(), password);
|
||||
|
||||
// define authorizations that we know must exists
|
||||
Authorization authAdminCommunityA = new Authorization(adminComA, administratorFeature, communityRestA);
|
||||
Authorization authAdminSubCommunityOfA = new Authorization(adminComA, administratorFeature,SubCommunityOfArest);
|
||||
Authorization authAdminAColl = new Authorization(adminComA, administratorFeature, collectionRestOfSubComm);
|
||||
Authorization authAdminSiteComA = new Authorization(admin, administratorFeature, communityRestA);
|
||||
Authorization authAdminComAComA = new Authorization(adminComA, administratorFeature, communityRestA);
|
||||
Authorization authAdminComASubComA = new Authorization(adminComA, administratorFeature, SubCommunityOfARest);
|
||||
Authorization authAdminComBComB = new Authorization(adminComB, administratorFeature, communityRestB);
|
||||
|
||||
|
||||
// define authorizations that we know not exists
|
||||
Authorization authAdminBColl = new Authorization(adminComB, administratorFeature, collectionRestOfSubComm);
|
||||
Authorization authAdminBCommunityA = new Authorization(adminComB, administratorFeature, communityRestA);
|
||||
Authorization authAdminComBComA = new Authorization(adminComB, administratorFeature, communityRestA);
|
||||
Authorization authAdminComBSubComA = new Authorization(adminComB, administratorFeature, SubCommunityOfARest);
|
||||
Authorization authAdminColAComA = new Authorization(adminColA, administratorFeature, communityRestA);
|
||||
Authorization authAdminItemAComA = new Authorization(adminItemA, administratorFeature, communityRestA);
|
||||
Authorization authEPersonComA = new Authorization(eperson, administratorFeature, communityRestA);
|
||||
Authorization authAnonymousComA = new Authorization(null, administratorFeature, communityRestA);
|
||||
|
||||
getClient(tokenAdminComA).perform(get("/api/authz/authorizations/" + authAdminCommunityA.getID()))
|
||||
|
||||
|
||||
getClient(tokenAdmin).perform(get("/api/authz/authorizations/" + authAdminSiteComA.getID()))
|
||||
.andExpect(status().isOk())
|
||||
.andExpect(jsonPath("$", Matchers.is(AuthorizationMatcher.matchAuthorization(authAdminCommunityA))));
|
||||
.andExpect(jsonPath("$", Matchers.is(AuthorizationMatcher.matchAuthorization(authAdminSiteComA))));
|
||||
|
||||
getClient(tokenAdminComA).perform(get("/api/authz/authorizations/" + authAdminSubCommunityOfA.getID()))
|
||||
getClient(tokenAdminComA).perform(get("/api/authz/authorizations/" + authAdminComAComA.getID()))
|
||||
.andExpect(status().isOk())
|
||||
.andExpect(jsonPath("$", Matchers.is(AuthorizationMatcher
|
||||
.matchAuthorization(authAdminSubCommunityOfA))));
|
||||
.matchAuthorization(authAdminComAComA))));
|
||||
|
||||
getClient(tokenAdminComA).perform(get("/api/authz/authorizations/" + authAdminAColl.getID()))
|
||||
getClient(tokenAdminComA).perform(get("/api/authz/authorizations/" + authAdminComASubComA.getID()))
|
||||
.andExpect(status().isOk())
|
||||
.andExpect(jsonPath("$", Matchers.is(AuthorizationMatcher.matchAuthorization(authAdminAColl))));
|
||||
.andExpect(jsonPath("$", Matchers.is(AuthorizationMatcher.matchAuthorization(authAdminComASubComA))));
|
||||
|
||||
getClient(tokenAdminComB).perform(get("/api/authz/authorizations/" + authAdminBCommunityA.getID()))
|
||||
getClient(tokenAdminComB).perform(get("/api/authz/authorizations/" + authAdminComBComB.getID()))
|
||||
.andExpect(status().isOk())
|
||||
.andExpect(jsonPath("$", Matchers.is(AuthorizationMatcher.matchAuthorization(authAdminComBComB))));
|
||||
|
||||
getClient(tokenAdmin).perform(get("/api/authz/authorizations/" + authAdminComBComA.getID()))
|
||||
.andExpect(status().isNotFound());
|
||||
|
||||
getClient(tokenAdminComB).perform(get("/api/authz/authorizations/" + authAdminBColl.getID()))
|
||||
getClient(tokenAdmin).perform(get("/api/authz/authorizations/" + authAdminComBSubComA.getID()))
|
||||
.andExpect(status().isNotFound());
|
||||
getClient(tokenAdmin).perform(get("/api/authz/authorizations/" + authAdminColAComA.getID()))
|
||||
.andExpect(status().isNotFound());
|
||||
getClient(tokenAdmin).perform(get("/api/authz/authorizations/" + authAdminItemAComA.getID()))
|
||||
.andExpect(status().isNotFound());
|
||||
getClient(tokenAdmin).perform(get("/api/authz/authorizations/" + authEPersonComA.getID()))
|
||||
.andExpect(status().isNotFound());
|
||||
getClient(tokenAdmin).perform(get("/api/authz/authorizations/" + authAnonymousComA.getID()))
|
||||
.andExpect(status().isNotFound());
|
||||
|
||||
|
||||
}
|
||||
|
||||
@Test
|
||||
public void collectionWithAdministratorFeatureTest() throws Exception {
|
||||
context.turnOffAuthorisationSystem();
|
||||
|
||||
EPerson adminColA = EPersonBuilder.createEPerson(context)
|
||||
.withEmail("adminColA@example.com")
|
||||
.withPassword(password)
|
||||
.build();
|
||||
|
||||
EPerson adminColB = EPersonBuilder.createEPerson(context)
|
||||
.withEmail("adminColB@example.com")
|
||||
.withPassword(password)
|
||||
.build();
|
||||
|
||||
Community parentCommunity = CommunityBuilder.createCommunity(context)
|
||||
.withName("Parent Community")
|
||||
.build();
|
||||
|
||||
Collection collectionA = CollectionBuilder.createCollection(context, parentCommunity)
|
||||
.withName("Collection A")
|
||||
.withAdminGroup(adminColA)
|
||||
.build();
|
||||
|
||||
Collection collectionB = CollectionBuilder.createCollection(context, parentCommunity)
|
||||
.withName("Collection B")
|
||||
.withAdminGroup(adminColB)
|
||||
.build();
|
||||
|
||||
context.restoreAuthSystemState();
|
||||
|
||||
CollectionRest collectionRestA = collectionConverter.convert(collectionA, DefaultProjection.DEFAULT);
|
||||
CollectionRest collectionRestB = collectionConverter.convert(collectionB, DefaultProjection.DEFAULT);
|
||||
|
||||
String tokenAdminColA = getAuthToken(adminColA.getEmail(), password);
|
||||
String tokenAdminColB = getAuthToken(adminColB.getEmail(), password);
|
||||
String tokenAdminComA = getAuthToken(adminComA.getEmail(), password);
|
||||
String tokenAdminComB = getAuthToken(adminComB.getEmail(), password);
|
||||
String tokenAdmin = getAuthToken(admin.getEmail(), password);
|
||||
|
||||
// define authorizations that we know must exists
|
||||
Authorization authAdminCollectionA = new Authorization(adminColA, administratorFeature, collectionRestA);
|
||||
Authorization authAdminCollectionB = new Authorization(adminColB, administratorFeature, collectionRestB);
|
||||
|
||||
Authorization authAdminSiteColA = new Authorization(admin, administratorFeature, collectionRestA);
|
||||
Authorization authAdminComAColA = new Authorization(adminComA, administratorFeature, collectionRestA);
|
||||
Authorization authAdminColAColA = new Authorization(adminColA, administratorFeature, collectionRestA);
|
||||
|
||||
Authorization authAdminSiteColB = new Authorization(admin, administratorFeature, collectionRestB);
|
||||
Authorization authAdminComBColB = new Authorization(adminComB, administratorFeature, collectionRestB);
|
||||
Authorization authAdminColBColB = new Authorization(adminColB, administratorFeature, collectionRestB);
|
||||
|
||||
// define authorization that we know not exists
|
||||
Authorization authAdminBcollectionA = new Authorization(adminColB, administratorFeature, collectionRestA);
|
||||
Authorization authAdminColBColA = new Authorization(adminColB, administratorFeature, collectionRestA);
|
||||
Authorization authAdminComBColA = new Authorization(adminComB, administratorFeature, collectionRestA);
|
||||
Authorization authAdminItemAColA = new Authorization(adminItemA, administratorFeature, collectionRestA);
|
||||
Authorization authEPersonColA = new Authorization(eperson, administratorFeature, collectionRestA);
|
||||
Authorization authAnonymousColA = new Authorization(null, administratorFeature, collectionRestA);
|
||||
|
||||
getClient(tokenAdminColA).perform(get("/api/authz/authorizations/" + authAdminCollectionA.getID()))
|
||||
.andExpect(status().isOk())
|
||||
.andExpect(jsonPath("$", Matchers.is(AuthorizationMatcher.matchAuthorization(authAdminCollectionA))));
|
||||
|
||||
getClient(tokenAdminColB).perform(get("/api/authz/authorizations/" + authAdminCollectionB.getID()))
|
||||
.andExpect(status().isOk())
|
||||
.andExpect(jsonPath("$", Matchers.is(AuthorizationMatcher.matchAuthorization(authAdminCollectionB))));
|
||||
|
||||
getClient(tokenAdminColB).perform(get("/api/authz/authorizations/" + authAdminBcollectionA.getID()))
|
||||
.andExpect(status().isNotFound());
|
||||
getClient(tokenAdmin).perform(get("/api/authz/authorizations/" + authAdminSiteColA.getID()))
|
||||
.andExpect(status().isOk())
|
||||
.andExpect(jsonPath("$", Matchers.is(
|
||||
AuthorizationMatcher.matchAuthorization(authAdminSiteColA))));
|
||||
|
||||
getClient(tokenAdminComA).perform(get("/api/authz/authorizations/" + authAdminComAColA.getID()))
|
||||
.andExpect(status().isOk())
|
||||
.andExpect(jsonPath("$", Matchers.is(
|
||||
AuthorizationMatcher.matchAuthorization(authAdminComAColA))));
|
||||
|
||||
getClient(tokenAdminColA).perform(get("/api/authz/authorizations/" + authAdminColAColA.getID()))
|
||||
.andExpect(status().isOk())
|
||||
.andExpect(jsonPath("$", Matchers.is(
|
||||
AuthorizationMatcher.matchAuthorization(authAdminColAColA))));
|
||||
|
||||
|
||||
getClient(tokenAdmin).perform(get("/api/authz/authorizations/" + authAdminSiteColB.getID()))
|
||||
.andExpect(status().isOk())
|
||||
.andExpect(jsonPath("$", Matchers.is(
|
||||
AuthorizationMatcher.matchAuthorization(authAdminSiteColB))));
|
||||
|
||||
getClient(tokenAdminComB).perform(get("/api/authz/authorizations/" + authAdminComBColB.getID()))
|
||||
.andExpect(status().isOk())
|
||||
.andExpect(jsonPath("$", Matchers.is(
|
||||
AuthorizationMatcher.matchAuthorization(authAdminComBColB))));
|
||||
|
||||
getClient(tokenAdminColB).perform(get("/api/authz/authorizations/" + authAdminColBColB.getID()))
|
||||
.andExpect(status().isOk())
|
||||
.andExpect(jsonPath("$", Matchers.is(
|
||||
AuthorizationMatcher.matchAuthorization(authAdminColBColB))));
|
||||
|
||||
|
||||
getClient(tokenAdmin).perform(get("/api/authz/authorizations/" + authAdminColBColA.getID()))
|
||||
.andExpect(status().isNotFound());
|
||||
getClient(tokenAdmin).perform(get("/api/authz/authorizations/" + authAdminComBColA.getID()))
|
||||
.andExpect(status().isNotFound());
|
||||
getClient(tokenAdmin).perform(get("/api/authz/authorizations/" + authAdminItemAColA.getID()))
|
||||
.andExpect(status().isNotFound());
|
||||
getClient(tokenAdmin).perform(get("/api/authz/authorizations/" + authEPersonColA.getID()))
|
||||
.andExpect(status().isNotFound());
|
||||
getClient(tokenAdmin).perform(get("/api/authz/authorizations/" + authAnonymousColA.getID()))
|
||||
.andExpect(status().isNotFound());
|
||||
}
|
||||
|
||||
@Test
|
||||
public void siteWithAdministratorFeatureTest() throws Exception {
|
||||
context.turnOffAuthorisationSystem();
|
||||
|
||||
Community parentCommunity = CommunityBuilder.createCommunity(context)
|
||||
.withName("Test Parent Community")
|
||||
.build();
|
||||
|
||||
Collection collection = CollectionBuilder.createCollection(context, parentCommunity)
|
||||
.withName("Test Collection")
|
||||
.build();
|
||||
|
||||
context.restoreAuthSystemState();
|
||||
|
||||
Site site = siteService.findSite(context);
|
||||
SiteRest siteRest = siteConverter.convert(site, DefaultProjection.DEFAULT);
|
||||
CommunityRest communityRest = communityConverter.convert(parentCommunity, DefaultProjection.DEFAULT);
|
||||
CollectionRest collectionRest = collectionConverter.convert(collection, DefaultProjection.DEFAULT);
|
||||
|
||||
// tokens
|
||||
String tokenAdmin = getAuthToken(admin.getEmail(), password);
|
||||
String tokenEperson = getAuthToken(eperson.getEmail(), password);
|
||||
|
||||
|
||||
// define authorizations of Admin that we know must exists
|
||||
Authorization authAdminSite = new Authorization(admin, administratorFeature, siteRest);
|
||||
Authorization authAdminCommunity = new Authorization(admin, administratorFeature, communityRest);
|
||||
Authorization authAdminCollection = new Authorization(admin, administratorFeature, collectionRest);
|
||||
|
||||
// define authorizations of EPerson that we know not exists
|
||||
Authorization authAdminComASite = new Authorization(adminComA, administratorFeature, siteRest);
|
||||
Authorization authAdminColASite = new Authorization(adminColA, administratorFeature, siteRest);
|
||||
Authorization authAdminItemASite = new Authorization(adminItemA, administratorFeature, siteRest);
|
||||
Authorization authEPersonSite = new Authorization(eperson, administratorFeature, siteRest);
|
||||
Authorization authEpersonCommunity = new Authorization(eperson, administratorFeature, communityRest);
|
||||
Authorization authEpersonCollection = new Authorization(eperson, administratorFeature, collectionRest);
|
||||
|
||||
// define authorizations of Anonymous that we know not exists
|
||||
Authorization authAnonymousSite = new Authorization(null, administratorFeature, siteRest);
|
||||
Authorization authAnonymousCommunity = new Authorization(null, administratorFeature, communityRest);
|
||||
Authorization authAnonymousCollection = new Authorization(null, administratorFeature, collectionRest);
|
||||
|
||||
getClient(tokenAdmin).perform(get("/api/authz/authorizations/" + authAdminSite.getID()))
|
||||
.andExpect(status().isOk())
|
||||
.andExpect(jsonPath("$", Matchers.is(AuthorizationMatcher.matchAuthorization(authAdminSite))));
|
||||
|
||||
getClient(tokenAdmin).perform(get("/api/authz/authorizations/" + authAdminCommunity.getID()))
|
||||
.andExpect(status().isOk())
|
||||
.andExpect(jsonPath("$", Matchers.is(AuthorizationMatcher.matchAuthorization(authAdminCommunity))));
|
||||
|
||||
getClient(tokenAdmin).perform(get("/api/authz/authorizations/" + authAdminCollection.getID()))
|
||||
.andExpect(status().isOk())
|
||||
.andExpect(jsonPath("$", Matchers.is(AuthorizationMatcher.matchAuthorization(authAdminCollection))));
|
||||
|
||||
getClient(tokenEperson).perform(get("/api/authz/authorizations/" + authEPersonSite.getID()))
|
||||
getClient(tokenAdmin).perform(get("/api/authz/authorizations/" + authEPersonSite.getID()))
|
||||
.andExpect(status().isNotFound());
|
||||
|
||||
getClient(tokenEperson).perform(get("/api/authz/authorizations/" + authEpersonCommunity.getID()))
|
||||
getClient(tokenAdmin).perform(get("/api/authz/authorizations/" + authAdminComASite.getID()))
|
||||
.andExpect(status().isNotFound());
|
||||
|
||||
getClient(tokenEperson).perform(get("/api/authz/authorizations/" + authEpersonCollection.getID()))
|
||||
getClient(tokenAdmin).perform(get("/api/authz/authorizations/" + authAdminColASite.getID()))
|
||||
.andExpect(status().isNotFound());
|
||||
|
||||
getClient().perform(get("/api/authz/authorizations/" + authAnonymousSite.getID()))
|
||||
getClient(tokenAdmin).perform(get("/api/authz/authorizations/" + authAdminItemASite.getID()))
|
||||
.andExpect(status().isNotFound());
|
||||
|
||||
getClient().perform(get("/api/authz/authorizations/" + authAnonymousCommunity.getID()))
|
||||
getClient(tokenAdmin).perform(get("/api/authz/authorizations/" + authEPersonSite.getID()))
|
||||
.andExpect(status().isNotFound());
|
||||
|
||||
getClient().perform(get("/api/authz/authorizations/" + authAnonymousCollection.getID()))
|
||||
getClient(tokenAdmin).perform(get("/api/authz/authorizations/" + authAnonymousSite.getID()))
|
||||
.andExpect(status().isNotFound());
|
||||
}
|
||||
|
||||
@Test
|
||||
public void itemWithAdministratorFeatureTest() throws Exception {
|
||||
|
||||
ItemRest itemRestA = itemConverter.convert(itemInCollectionA, DefaultProjection.DEFAULT);
|
||||
ItemRest itemRestB = itemConverter.convert(itemInCollectionB, DefaultProjection.DEFAULT);
|
||||
|
||||
String tokenAdminItemA = getAuthToken(adminItemA.getEmail(), password);
|
||||
String tokenAdminItemB = getAuthToken(adminItemB.getEmail(), password);
|
||||
String tokenAdminColA = getAuthToken(adminColA.getEmail(), password);
|
||||
String tokenAdminColB = getAuthToken(adminColB.getEmail(), password);
|
||||
String tokenAdminComA = getAuthToken(adminComA.getEmail(), password);
|
||||
String tokenAdminComB = getAuthToken(adminComB.getEmail(), password);
|
||||
String tokenAdmin = getAuthToken(admin.getEmail(), password);
|
||||
|
||||
// define authorizations that we know must exists
|
||||
|
||||
Authorization authAdminSiteItemA = new Authorization(admin, administratorFeature, itemRestA);
|
||||
Authorization authAdminComAItemA = new Authorization(adminComA, administratorFeature, itemRestA);
|
||||
Authorization authAdminColAItemA = new Authorization(adminColA, administratorFeature, itemRestA);
|
||||
Authorization authAdminItemAItemA = new Authorization(adminItemA, administratorFeature, itemRestA);
|
||||
|
||||
Authorization authAdminSiteItemB = new Authorization(admin, administratorFeature, itemRestB);
|
||||
Authorization authAdminComBItemB = new Authorization(adminComB, administratorFeature, itemRestB);
|
||||
Authorization authAdminColBItemB = new Authorization(adminColB, administratorFeature, itemRestB);
|
||||
Authorization authAdminItemBItemB = new Authorization(adminItemB, administratorFeature, itemRestB);
|
||||
|
||||
|
||||
// define authorization that we know not exists
|
||||
Authorization authAdminComBItemA = new Authorization(adminComB, administratorFeature, itemRestA);
|
||||
Authorization authAdminColBItemA = new Authorization(adminColB, administratorFeature, itemRestA);
|
||||
Authorization authAdminItemBItemA = new Authorization(adminItemB, administratorFeature, itemRestA);
|
||||
Authorization authEPersonItemA = new Authorization(eperson, administratorFeature, itemRestA);
|
||||
Authorization authAnonymousItemA = new Authorization(null, administratorFeature, itemRestA);
|
||||
|
||||
|
||||
|
||||
getClient(tokenAdmin).perform(get("/api/authz/authorizations/" + authAdminSiteItemA.getID()))
|
||||
.andExpect(status().isOk())
|
||||
.andExpect(jsonPath("$", Matchers.is(
|
||||
AuthorizationMatcher.matchAuthorization(authAdminSiteItemA))));
|
||||
|
||||
getClient(tokenAdminComA).perform(get("/api/authz/authorizations/" + authAdminComAItemA.getID()))
|
||||
.andExpect(status().isOk())
|
||||
.andExpect(jsonPath("$", Matchers.is(
|
||||
AuthorizationMatcher.matchAuthorization(authAdminComAItemA))));
|
||||
|
||||
getClient(tokenAdminColA).perform(get("/api/authz/authorizations/" + authAdminColAItemA.getID()))
|
||||
.andExpect(status().isOk())
|
||||
.andExpect(jsonPath("$", Matchers.is(
|
||||
AuthorizationMatcher.matchAuthorization(authAdminColAItemA))));
|
||||
|
||||
getClient(tokenAdminItemA).perform(get("/api/authz/authorizations/" + authAdminItemAItemA.getID()))
|
||||
.andExpect(status().isOk())
|
||||
.andExpect(jsonPath("$", Matchers.is(
|
||||
AuthorizationMatcher.matchAuthorization(authAdminItemAItemA))));
|
||||
|
||||
getClient(tokenAdmin).perform(get("/api/authz/authorizations/" + authAdminSiteItemB.getID()))
|
||||
.andExpect(status().isOk())
|
||||
.andExpect(jsonPath("$", Matchers.is(
|
||||
AuthorizationMatcher.matchAuthorization(authAdminSiteItemB))));
|
||||
|
||||
getClient(tokenAdminComB).perform(get("/api/authz/authorizations/" + authAdminComBItemB.getID()))
|
||||
.andExpect(status().isOk())
|
||||
.andExpect(jsonPath("$", Matchers.is(
|
||||
AuthorizationMatcher.matchAuthorization(authAdminComBItemB))));
|
||||
|
||||
getClient(tokenAdminColB).perform(get("/api/authz/authorizations/" + authAdminColBItemB.getID()))
|
||||
.andExpect(status().isOk())
|
||||
.andExpect(jsonPath("$", Matchers.is(
|
||||
AuthorizationMatcher.matchAuthorization(authAdminColBItemB))));
|
||||
|
||||
getClient(tokenAdminItemB).perform(get("/api/authz/authorizations/" + authAdminItemBItemB.getID()))
|
||||
.andExpect(status().isOk())
|
||||
.andExpect(jsonPath("$", Matchers.is(
|
||||
AuthorizationMatcher.matchAuthorization(authAdminItemBItemB))));
|
||||
|
||||
|
||||
|
||||
getClient(tokenAdmin).perform(get("/api/authz/authorizations/" + authAdminComBItemA.getID()))
|
||||
.andExpect(status().isNotFound());
|
||||
getClient(tokenAdmin).perform(get("/api/authz/authorizations/" + authAdminColBItemA.getID()))
|
||||
.andExpect(status().isNotFound());
|
||||
getClient(tokenAdmin).perform(get("/api/authz/authorizations/" + authAdminItemBItemA.getID()))
|
||||
.andExpect(status().isNotFound());
|
||||
getClient(tokenAdmin).perform(get("/api/authz/authorizations/" + authEPersonItemA.getID()))
|
||||
.andExpect(status().isNotFound());
|
||||
getClient(tokenAdmin).perform(get("/api/authz/authorizations/" + authAnonymousItemA.getID()))
|
||||
.andExpect(status().isNotFound());
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user