hazza/DSpace
1
0
Fork 0
mirror of https://github.com/DSpace/DSpace.git synced 2025-10-15 14:03:17 +00:00
Code Issues Packages Projects Releases Wiki Activity

72450: AdministratorOfFeature: fixes

Browse Source
This commit is contained in:
Yana De Pauw
2020-08-10 15:51:04 +02:00
parent d1ee942bd4
commit 9fa1b78e2e
4 changed files with 341 additions and 124 deletions
Download Patch File Download Diff File Expand all files Collapse all files

27
dspace-api/src/test/java/org/dspace/builder/AbstractDSpaceObjectBuilder.java
View File

@@ -146,6 +146,33 @@ public abstract class AbstractDSpaceObjectBuilder<T extends DSpaceObject>
} }
return (B) this; return (B) this;
} }
/**
* Support method to grant the {@link Constants#READ} permission over an object only to a specific group. Any other
* READ permissions will be removed
*
* @param dso
* the DSpaceObject on which grant the permission
* @param eperson
* the eperson that will be granted of the permission
* @return the builder properly configured to build the object with the additional admin permission
*/
protected <B extends AbstractDSpaceObjectBuilder<T>> B setAdminPermission(DSpaceObject dso, EPerson eperson,
Date startDate) {
try {
ResourcePolicy rp = authorizeService.createOrModifyPolicy(null, context, null, null,
eperson, startDate, Constants.ADMIN,
"Integration Test", dso);
if (rp != null) {
log.info("Updating resource policy with REMOVE for eperson: " + eperson.getEmail());
resourcePolicyService.update(context, rp);
}
} catch (Exception e) {
return handleException(e);
}
return (B) this;
}
/** /**
* Support method to grant {@link Constants#REMOVE} permission to a specific eperson * Support method to grant {@link Constants#REMOVE} permission to a specific eperson

14
dspace-api/src/test/java/org/dspace/builder/ItemBuilder.java
View File

@@ -19,6 +19,7 @@ import org.dspace.content.MetadataSchemaEnum;
import org.dspace.content.WorkspaceItem; import org.dspace.content.WorkspaceItem;
import org.dspace.content.service.DSpaceObjectService; import org.dspace.content.service.DSpaceObjectService;
import org.dspace.core.Context; import org.dspace.core.Context;
import org.dspace.eperson.EPerson;
import org.dspace.eperson.Group; import org.dspace.eperson.Group;
/** /**
@@ -126,6 +127,19 @@ public class ItemBuilder extends AbstractDSpaceObjectBuilder<Item> {
return this; return this;
} }
/**
* Create an admin group for the collection with the specified members
*
* @param members epersons to add to the admin group
* @return this builder
* @throws SQLException
* @throws AuthorizeException
*/
public ItemBuilder withAdminUser(EPerson ePerson) throws SQLException, AuthorizeException {
return setAdminPermission(item, ePerson, null);
}
@Override @Override
public Item build() { public Item build() {
try { try {

9
dspace-server-webapp/src/main/java/org/dspace/app/rest/authorization/impl/AdministratorOfFeature.java
View File

@@ -14,11 +14,13 @@ import org.dspace.app.rest.authorization.AuthorizationFeatureDocumentation;
import org.dspace.app.rest.model.BaseObjectRest; import org.dspace.app.rest.model.BaseObjectRest;
import org.dspace.app.rest.model.CollectionRest; import org.dspace.app.rest.model.CollectionRest;
import org.dspace.app.rest.model.CommunityRest; import org.dspace.app.rest.model.CommunityRest;
import org.dspace.app.rest.model.ItemRest;
import org.dspace.app.rest.model.SiteRest; import org.dspace.app.rest.model.SiteRest;
import org.dspace.app.rest.utils.Utils; import org.dspace.app.rest.utils.Utils;
import org.dspace.authorize.service.AuthorizeService; import org.dspace.authorize.service.AuthorizeService;
import org.dspace.content.Collection; import org.dspace.content.Collection;
import org.dspace.content.Community; import org.dspace.content.Community;
import org.dspace.content.Item;
import org.dspace.core.Context; import org.dspace.core.Context;
import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component; import org.springframework.stereotype.Component;
@@ -53,6 +55,10 @@ public class AdministratorOfFeature implements AuthorizationFeature {
Collection collection = (Collection) utils.getDSpaceAPIObjectFromRest(context, object); Collection collection = (Collection) utils.getDSpaceAPIObjectFromRest(context, object);
return authService.isAdmin(context, collection); return authService.isAdmin(context, collection);
} }
if (object instanceof ItemRest) {
Item item = (Item) utils.getDSpaceAPIObjectFromRest(context, object);
return authService.isAdmin(context, item);
}
} }
return authService.isAdmin(context); return authService.isAdmin(context);
} }
@@ -62,7 +68,8 @@ public class AdministratorOfFeature implements AuthorizationFeature {
return new String[]{ return new String[]{
SiteRest.CATEGORY + "." + SiteRest.NAME, SiteRest.CATEGORY + "." + SiteRest.NAME,
CommunityRest.CATEGORY + "." + CommunityRest.NAME, CommunityRest.CATEGORY + "." + CommunityRest.NAME,
CollectionRest.CATEGORY + "." + CollectionRest.NAME CollectionRest.CATEGORY + "." + CollectionRest.NAME,
ItemRest.CATEGORY + "." + ItemRest.NAME
}; };
} }
} }

415
dspace-server-webapp/src/test/java/org/dspace/app/rest/authorization/AdministratorFeatureIT.java
View File

@@ -11,22 +11,29 @@ import static org.springframework.test.web.servlet.request.MockMvcRequestBuilder
import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.jsonPath; import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.jsonPath;
import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status; import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
import java.sql.SQLException;
import org.dspace.app.rest.authorization.impl.AdministratorOfFeature; import org.dspace.app.rest.authorization.impl.AdministratorOfFeature;
import org.dspace.app.rest.converter.CollectionConverter; import org.dspace.app.rest.converter.CollectionConverter;
import org.dspace.app.rest.converter.CommunityConverter; import org.dspace.app.rest.converter.CommunityConverter;
import org.dspace.app.rest.converter.ItemConverter;
import org.dspace.app.rest.converter.SiteConverter; import org.dspace.app.rest.converter.SiteConverter;
import org.dspace.app.rest.matcher.AuthorizationMatcher; import org.dspace.app.rest.matcher.AuthorizationMatcher;
import org.dspace.app.rest.model.CollectionRest; import org.dspace.app.rest.model.CollectionRest;
import org.dspace.app.rest.model.CommunityRest; import org.dspace.app.rest.model.CommunityRest;
import org.dspace.app.rest.model.ItemRest;
import org.dspace.app.rest.model.SiteRest; import org.dspace.app.rest.model.SiteRest;
import org.dspace.app.rest.projection.DefaultProjection; import org.dspace.app.rest.projection.DefaultProjection;
import org.dspace.app.rest.test.AbstractControllerIntegrationTest; import org.dspace.app.rest.test.AbstractControllerIntegrationTest;
import org.dspace.authorize.AuthorizeException;
import org.dspace.authorize.service.AuthorizeService; import org.dspace.authorize.service.AuthorizeService;
import org.dspace.builder.CollectionBuilder; import org.dspace.builder.CollectionBuilder;
import org.dspace.builder.CommunityBuilder; import org.dspace.builder.CommunityBuilder;
import org.dspace.builder.EPersonBuilder; import org.dspace.builder.EPersonBuilder;
import org.dspace.builder.ItemBuilder;
import org.dspace.content.Collection; import org.dspace.content.Collection;
import org.dspace.content.Community; import org.dspace.content.Community;
import org.dspace.content.Item;
import org.dspace.content.Site; import org.dspace.content.Site;
import org.dspace.content.factory.ContentServiceFactory; import org.dspace.content.factory.ContentServiceFactory;
import org.dspace.content.service.CommunityService; import org.dspace.content.service.CommunityService;
@@ -55,6 +62,8 @@ public class AdministratorFeatureIT extends AbstractControllerIntegrationTest {
@Autowired @Autowired
CommunityService communityService; CommunityService communityService;
@Autowired @Autowired
private ItemConverter itemConverter;
@Autowired
private CommunityConverter communityConverter; private CommunityConverter communityConverter;
@Autowired @Autowired
private CollectionConverter collectionConverter; private CollectionConverter collectionConverter;
@@ -63,6 +72,22 @@ public class AdministratorFeatureIT extends AbstractControllerIntegrationTest {
private SiteService siteService; private SiteService siteService;
private EPerson adminComA;
private EPerson adminComB;
private EPerson adminColA;
private EPerson adminColB;
private EPerson adminItemA;
private EPerson adminItemB;
private Community communityA;
private Community subCommunityOfA;
private Community communityB;
private Collection collectionA;
private Collection collectionB;
private Item itemInCollectionA;
private Item itemInCollectionB;
/** /**
* this hold a reference to the test feature {@link AdministratorOfFeature} * this hold a reference to the test feature {@link AdministratorOfFeature}
*/ */
@@ -74,201 +99,345 @@ public class AdministratorFeatureIT extends AbstractControllerIntegrationTest {
super.setUp(); super.setUp();
siteService = ContentServiceFactory.getInstance().getSiteService(); siteService = ContentServiceFactory.getInstance().getSiteService();
administratorFeature = authorizationFeatureService.find(AdministratorOfFeature.NAME); administratorFeature = authorizationFeatureService.find(AdministratorOfFeature.NAME);
initAdminsAndObjects();
}
private void initAdminsAndObjects() throws SQLException, AuthorizeException {
context.turnOffAuthorisationSystem();
adminComA = EPersonBuilder.createEPerson(context)
.withEmail("adminComA@example.com")
.withPassword(password)
.build();
adminComB = EPersonBuilder.createEPerson(context)
.withEmail("adminComB@example.com")
.withPassword(password)
.build();
adminColA = EPersonBuilder.createEPerson(context)
.withEmail("adminColA@example.com")
.withPassword(password)
.build();
adminColB = EPersonBuilder.createEPerson(context)
.withEmail("adminColB@example.com")
.withPassword(password)
.build();
adminItemA = EPersonBuilder.createEPerson(context)
.withEmail("adminItemA@example.com")
.withPassword(password)
.build();
adminItemB = EPersonBuilder.createEPerson(context)
.withEmail("adminItemB@example.com")
.withPassword(password)
.build();
communityA = CommunityBuilder.createCommunity(context)
.withName("Community A")
.withAdminGroup(adminComA)
.build();
subCommunityOfA = CommunityBuilder.createSubCommunity(context, communityA)
.withName("Sub Community of CommunityA")
.build();
communityB = CommunityBuilder.createCommunity(context)
.withName("Community B")
.withAdminGroup(adminComB)
.build();
collectionA = CollectionBuilder.createCollection(context, subCommunityOfA)
.withName("Collection A")
.withAdminGroup(adminColA)
.build();
collectionB = CollectionBuilder.createCollection(context, communityB)
.withName("Collection B")
.withAdminGroup(adminColB)
.build();
itemInCollectionA = ItemBuilder.createItem(context, collectionA)
.withTitle("Item in Collection A")
.withAdminUser(adminItemA)
.build();
itemInCollectionB = ItemBuilder.createItem(context, collectionB)
.withTitle("Item in Collection B")
.withAdminUser(adminItemB)
.build();
context.restoreAuthSystemState();
} }
@Test @Test
public void communityWithAdministratorFeatureTest() throws Exception { public void communityWithAdministratorFeatureTest() throws Exception {
context.turnOffAuthorisationSystem();
EPerson adminComA = EPersonBuilder.createEPerson(context)
.withEmail("adminComA@example.com")
.withPassword(password)
.build();
EPerson adminComB = EPersonBuilder.createEPerson(context)
.withEmail("adminComB@example.com")
.withPassword(password)
.build();
Community communityA = CommunityBuilder.createCommunity(context)
.withName("Community A")
.withAdminGroup(adminComA)
.build();
Community subCommunityOfA = CommunityBuilder.createSubCommunity(context, communityA)
.withName("Sub Community of CommunityA")
.build();
Collection collectionOfSubComm = CollectionBuilder.createCollection(context, subCommunityOfA)
.withName("Collection of subCommunity")
.build();
Community communityB = CommunityBuilder.createCommunity(context)
.withName("Community B")
.withAdminGroup(adminComB)
.build();
context.restoreAuthSystemState();
CommunityRest communityRestA = communityConverter.convert(communityA, DefaultProjection.DEFAULT); CommunityRest communityRestA = communityConverter.convert(communityA, DefaultProjection.DEFAULT);
CommunityRest SubCommunityOfArest = communityConverter.convert(subCommunityOfA, DefaultProjection.DEFAULT); CommunityRest communityRestB = communityConverter.convert(communityB, DefaultProjection.DEFAULT);
CollectionRest collectionRestOfSubComm = collectionConverter.convert(collectionOfSubComm, CommunityRest SubCommunityOfARest = communityConverter.convert(subCommunityOfA, DefaultProjection.DEFAULT);
DefaultProjection.DEFAULT);
// tokens // tokens
String tokenAdminComA = getAuthToken(adminComA.getEmail(), password); String tokenAdminComA = getAuthToken(adminComA.getEmail(), password);
String tokenAdminComB = getAuthToken(adminComB.getEmail(), password); String tokenAdminComB = getAuthToken(adminComB.getEmail(), password);
String tokenAdmin = getAuthToken(admin.getEmail(), password);
// define authorizations that we know must exists // define authorizations that we know must exists
Authorization authAdminCommunityA = new Authorization(adminComA, administratorFeature, communityRestA); Authorization authAdminSiteComA = new Authorization(admin, administratorFeature, communityRestA);
Authorization authAdminSubCommunityOfA = new Authorization(adminComA, administratorFeature,SubCommunityOfArest); Authorization authAdminComAComA = new Authorization(adminComA, administratorFeature, communityRestA);
Authorization authAdminAColl = new Authorization(adminComA, administratorFeature, collectionRestOfSubComm); Authorization authAdminComASubComA = new Authorization(adminComA, administratorFeature, SubCommunityOfARest);
Authorization authAdminComBComB = new Authorization(adminComB, administratorFeature, communityRestB);
// define authorizations that we know not exists // define authorizations that we know not exists
Authorization authAdminBColl = new Authorization(adminComB, administratorFeature, collectionRestOfSubComm); Authorization authAdminComBComA = new Authorization(adminComB, administratorFeature, communityRestA);
Authorization authAdminBCommunityA = new Authorization(adminComB, administratorFeature, communityRestA); Authorization authAdminComBSubComA = new Authorization(adminComB, administratorFeature, SubCommunityOfARest);
Authorization authAdminColAComA = new Authorization(adminColA, administratorFeature, communityRestA);
Authorization authAdminItemAComA = new Authorization(adminItemA, administratorFeature, communityRestA);
Authorization authEPersonComA = new Authorization(eperson, administratorFeature, communityRestA);
Authorization authAnonymousComA = new Authorization(null, administratorFeature, communityRestA);
getClient(tokenAdminComA).perform(get("/api/authz/authorizations/" + authAdminCommunityA.getID()))
getClient(tokenAdmin).perform(get("/api/authz/authorizations/" + authAdminSiteComA.getID()))
.andExpect(status().isOk()) .andExpect(status().isOk())
.andExpect(jsonPath("$", Matchers.is(AuthorizationMatcher.matchAuthorization(authAdminCommunityA)))); .andExpect(jsonPath("$", Matchers.is(AuthorizationMatcher.matchAuthorization(authAdminSiteComA))));
getClient(tokenAdminComA).perform(get("/api/authz/authorizations/" + authAdminSubCommunityOfA.getID())) getClient(tokenAdminComA).perform(get("/api/authz/authorizations/" + authAdminComAComA.getID()))
.andExpect(status().isOk()) .andExpect(status().isOk())
.andExpect(jsonPath("$", Matchers.is(AuthorizationMatcher .andExpect(jsonPath("$", Matchers.is(AuthorizationMatcher
.matchAuthorization(authAdminSubCommunityOfA)))); .matchAuthorization(authAdminComAComA))));
getClient(tokenAdminComA).perform(get("/api/authz/authorizations/" + authAdminAColl.getID())) getClient(tokenAdminComA).perform(get("/api/authz/authorizations/" + authAdminComASubComA.getID()))
.andExpect(status().isOk()) .andExpect(status().isOk())
.andExpect(jsonPath("$", Matchers.is(AuthorizationMatcher.matchAuthorization(authAdminAColl)))); .andExpect(jsonPath("$", Matchers.is(AuthorizationMatcher.matchAuthorization(authAdminComASubComA))));
getClient(tokenAdminComB).perform(get("/api/authz/authorizations/" + authAdminBCommunityA.getID())) getClient(tokenAdminComB).perform(get("/api/authz/authorizations/" + authAdminComBComB.getID()))
.andExpect(status().isOk())
.andExpect(jsonPath("$", Matchers.is(AuthorizationMatcher.matchAuthorization(authAdminComBComB))));
getClient(tokenAdmin).perform(get("/api/authz/authorizations/" + authAdminComBComA.getID()))
.andExpect(status().isNotFound()); .andExpect(status().isNotFound());
getClient(tokenAdminComB).perform(get("/api/authz/authorizations/" + authAdminBColl.getID())) getClient(tokenAdmin).perform(get("/api/authz/authorizations/" + authAdminComBSubComA.getID()))
.andExpect(status().isNotFound()); .andExpect(status().isNotFound());
getClient(tokenAdmin).perform(get("/api/authz/authorizations/" + authAdminColAComA.getID()))
.andExpect(status().isNotFound());
getClient(tokenAdmin).perform(get("/api/authz/authorizations/" + authAdminItemAComA.getID()))
.andExpect(status().isNotFound());
getClient(tokenAdmin).perform(get("/api/authz/authorizations/" + authEPersonComA.getID()))
.andExpect(status().isNotFound());
getClient(tokenAdmin).perform(get("/api/authz/authorizations/" + authAnonymousComA.getID()))
.andExpect(status().isNotFound());
} }
@Test @Test
public void collectionWithAdministratorFeatureTest() throws Exception { public void collectionWithAdministratorFeatureTest() throws Exception {
context.turnOffAuthorisationSystem();
EPerson adminColA = EPersonBuilder.createEPerson(context)
.withEmail("adminColA@example.com")
.withPassword(password)
.build();
EPerson adminColB = EPersonBuilder.createEPerson(context)
.withEmail("adminColB@example.com")
.withPassword(password)
.build();
Community parentCommunity = CommunityBuilder.createCommunity(context)
.withName("Parent Community")
.build();
Collection collectionA = CollectionBuilder.createCollection(context, parentCommunity)
.withName("Collection A")
.withAdminGroup(adminColA)
.build();
Collection collectionB = CollectionBuilder.createCollection(context, parentCommunity)
.withName("Collection B")
.withAdminGroup(adminColB)
.build();
context.restoreAuthSystemState();
CollectionRest collectionRestA = collectionConverter.convert(collectionA, DefaultProjection.DEFAULT); CollectionRest collectionRestA = collectionConverter.convert(collectionA, DefaultProjection.DEFAULT);
CollectionRest collectionRestB = collectionConverter.convert(collectionB, DefaultProjection.DEFAULT); CollectionRest collectionRestB = collectionConverter.convert(collectionB, DefaultProjection.DEFAULT);
String tokenAdminColA = getAuthToken(adminColA.getEmail(), password); String tokenAdminColA = getAuthToken(adminColA.getEmail(), password);
String tokenAdminColB = getAuthToken(adminColB.getEmail(), password); String tokenAdminColB = getAuthToken(adminColB.getEmail(), password);
String tokenAdminComA = getAuthToken(adminComA.getEmail(), password);
String tokenAdminComB = getAuthToken(adminComB.getEmail(), password);
String tokenAdmin = getAuthToken(admin.getEmail(), password);
// define authorizations that we know must exists // define authorizations that we know must exists
Authorization authAdminCollectionA = new Authorization(adminColA, administratorFeature, collectionRestA);
Authorization authAdminCollectionB = new Authorization(adminColB, administratorFeature, collectionRestB); Authorization authAdminSiteColA = new Authorization(admin, administratorFeature, collectionRestA);
Authorization authAdminComAColA = new Authorization(adminComA, administratorFeature, collectionRestA);
Authorization authAdminColAColA = new Authorization(adminColA, administratorFeature, collectionRestA);
Authorization authAdminSiteColB = new Authorization(admin, administratorFeature, collectionRestB);
Authorization authAdminComBColB = new Authorization(adminComB, administratorFeature, collectionRestB);
Authorization authAdminColBColB = new Authorization(adminColB, administratorFeature, collectionRestB);
// define authorization that we know not exists // define authorization that we know not exists
Authorization authAdminBcollectionA = new Authorization(adminColB, administratorFeature, collectionRestA); Authorization authAdminColBColA = new Authorization(adminColB, administratorFeature, collectionRestA);
Authorization authAdminComBColA = new Authorization(adminComB, administratorFeature, collectionRestA);
Authorization authAdminItemAColA = new Authorization(adminItemA, administratorFeature, collectionRestA);
Authorization authEPersonColA = new Authorization(eperson, administratorFeature, collectionRestA);
Authorization authAnonymousColA = new Authorization(null, administratorFeature, collectionRestA);
getClient(tokenAdminColA).perform(get("/api/authz/authorizations/" + authAdminCollectionA.getID()))
.andExpect(status().isOk())
.andExpect(jsonPath("$", Matchers.is(AuthorizationMatcher.matchAuthorization(authAdminCollectionA))));
getClient(tokenAdminColB).perform(get("/api/authz/authorizations/" + authAdminCollectionB.getID()))
.andExpect(status().isOk())
.andExpect(jsonPath("$", Matchers.is(AuthorizationMatcher.matchAuthorization(authAdminCollectionB))));
getClient(tokenAdminColB).perform(get("/api/authz/authorizations/" + authAdminBcollectionA.getID())) getClient(tokenAdmin).perform(get("/api/authz/authorizations/" + authAdminSiteColA.getID()))
.andExpect(status().isNotFound()); .andExpect(status().isOk())
.andExpect(jsonPath("$", Matchers.is(
AuthorizationMatcher.matchAuthorization(authAdminSiteColA))));
getClient(tokenAdminComA).perform(get("/api/authz/authorizations/" + authAdminComAColA.getID()))
.andExpect(status().isOk())
.andExpect(jsonPath("$", Matchers.is(
AuthorizationMatcher.matchAuthorization(authAdminComAColA))));
getClient(tokenAdminColA).perform(get("/api/authz/authorizations/" + authAdminColAColA.getID()))
.andExpect(status().isOk())
.andExpect(jsonPath("$", Matchers.is(
AuthorizationMatcher.matchAuthorization(authAdminColAColA))));
getClient(tokenAdmin).perform(get("/api/authz/authorizations/" + authAdminSiteColB.getID()))
.andExpect(status().isOk())
.andExpect(jsonPath("$", Matchers.is(
AuthorizationMatcher.matchAuthorization(authAdminSiteColB))));
getClient(tokenAdminComB).perform(get("/api/authz/authorizations/" + authAdminComBColB.getID()))
.andExpect(status().isOk())
.andExpect(jsonPath("$", Matchers.is(
AuthorizationMatcher.matchAuthorization(authAdminComBColB))));
getClient(tokenAdminColB).perform(get("/api/authz/authorizations/" + authAdminColBColB.getID()))
.andExpect(status().isOk())
.andExpect(jsonPath("$", Matchers.is(
AuthorizationMatcher.matchAuthorization(authAdminColBColB))));
getClient(tokenAdmin).perform(get("/api/authz/authorizations/" + authAdminColBColA.getID()))
.andExpect(status().isNotFound());
getClient(tokenAdmin).perform(get("/api/authz/authorizations/" + authAdminComBColA.getID()))
.andExpect(status().isNotFound());
getClient(tokenAdmin).perform(get("/api/authz/authorizations/" + authAdminItemAColA.getID()))
.andExpect(status().isNotFound());
getClient(tokenAdmin).perform(get("/api/authz/authorizations/" + authEPersonColA.getID()))
.andExpect(status().isNotFound());
getClient(tokenAdmin).perform(get("/api/authz/authorizations/" + authAnonymousColA.getID()))
.andExpect(status().isNotFound());
} }
@Test @Test
public void siteWithAdministratorFeatureTest() throws Exception { public void siteWithAdministratorFeatureTest() throws Exception {
context.turnOffAuthorisationSystem();
Community parentCommunity = CommunityBuilder.createCommunity(context)
.withName("Test Parent Community")
.build();
Collection collection = CollectionBuilder.createCollection(context, parentCommunity)
.withName("Test Collection")
.build();
context.restoreAuthSystemState();
Site site = siteService.findSite(context); Site site = siteService.findSite(context);
SiteRest siteRest = siteConverter.convert(site, DefaultProjection.DEFAULT); SiteRest siteRest = siteConverter.convert(site, DefaultProjection.DEFAULT);
CommunityRest communityRest = communityConverter.convert(parentCommunity, DefaultProjection.DEFAULT);
CollectionRest collectionRest = collectionConverter.convert(collection, DefaultProjection.DEFAULT);
// tokens // tokens
String tokenAdmin = getAuthToken(admin.getEmail(), password); String tokenAdmin = getAuthToken(admin.getEmail(), password);
String tokenEperson = getAuthToken(eperson.getEmail(), password);
// define authorizations of Admin that we know must exists // define authorizations of Admin that we know must exists
Authorization authAdminSite = new Authorization(admin, administratorFeature, siteRest); Authorization authAdminSite = new Authorization(admin, administratorFeature, siteRest);
Authorization authAdminCommunity = new Authorization(admin, administratorFeature, communityRest);
Authorization authAdminCollection = new Authorization(admin, administratorFeature, collectionRest);
// define authorizations of EPerson that we know not exists // define authorizations of EPerson that we know not exists
Authorization authAdminComASite = new Authorization(adminComA, administratorFeature, siteRest);
Authorization authAdminColASite = new Authorization(adminColA, administratorFeature, siteRest);
Authorization authAdminItemASite = new Authorization(adminItemA, administratorFeature, siteRest);
Authorization authEPersonSite = new Authorization(eperson, administratorFeature, siteRest); Authorization authEPersonSite = new Authorization(eperson, administratorFeature, siteRest);
Authorization authEpersonCommunity = new Authorization(eperson, administratorFeature, communityRest);
Authorization authEpersonCollection = new Authorization(eperson, administratorFeature, collectionRest);
// define authorizations of Anonymous that we know not exists
Authorization authAnonymousSite = new Authorization(null, administratorFeature, siteRest); Authorization authAnonymousSite = new Authorization(null, administratorFeature, siteRest);
Authorization authAnonymousCommunity = new Authorization(null, administratorFeature, communityRest);
Authorization authAnonymousCollection = new Authorization(null, administratorFeature, collectionRest);
getClient(tokenAdmin).perform(get("/api/authz/authorizations/" + authAdminSite.getID())) getClient(tokenAdmin).perform(get("/api/authz/authorizations/" + authAdminSite.getID()))
.andExpect(status().isOk()) .andExpect(status().isOk())
.andExpect(jsonPath("$", Matchers.is(AuthorizationMatcher.matchAuthorization(authAdminSite)))); .andExpect(jsonPath("$", Matchers.is(AuthorizationMatcher.matchAuthorization(authAdminSite))));
getClient(tokenAdmin).perform(get("/api/authz/authorizations/" + authAdminCommunity.getID())) getClient(tokenAdmin).perform(get("/api/authz/authorizations/" + authEPersonSite.getID()))
.andExpect(status().isOk())
.andExpect(jsonPath("$", Matchers.is(AuthorizationMatcher.matchAuthorization(authAdminCommunity))));
getClient(tokenAdmin).perform(get("/api/authz/authorizations/" + authAdminCollection.getID()))
.andExpect(status().isOk())
.andExpect(jsonPath("$", Matchers.is(AuthorizationMatcher.matchAuthorization(authAdminCollection))));
getClient(tokenEperson).perform(get("/api/authz/authorizations/" + authEPersonSite.getID()))
.andExpect(status().isNotFound()); .andExpect(status().isNotFound());
getClient(tokenEperson).perform(get("/api/authz/authorizations/" + authEpersonCommunity.getID())) getClient(tokenAdmin).perform(get("/api/authz/authorizations/" + authAdminComASite.getID()))
.andExpect(status().isNotFound()); .andExpect(status().isNotFound());
getClient(tokenEperson).perform(get("/api/authz/authorizations/" + authEpersonCollection.getID())) getClient(tokenAdmin).perform(get("/api/authz/authorizations/" + authAdminColASite.getID()))
.andExpect(status().isNotFound()); .andExpect(status().isNotFound());
getClient().perform(get("/api/authz/authorizations/" + authAnonymousSite.getID())) getClient(tokenAdmin).perform(get("/api/authz/authorizations/" + authAdminItemASite.getID()))
.andExpect(status().isNotFound()); .andExpect(status().isNotFound());
getClient().perform(get("/api/authz/authorizations/" + authAnonymousCommunity.getID())) getClient(tokenAdmin).perform(get("/api/authz/authorizations/" + authEPersonSite.getID()))
.andExpect(status().isNotFound()); .andExpect(status().isNotFound());
getClient().perform(get("/api/authz/authorizations/" + authAnonymousCollection.getID())) getClient(tokenAdmin).perform(get("/api/authz/authorizations/" + authAnonymousSite.getID()))
.andExpect(status().isNotFound()); .andExpect(status().isNotFound());
} }
@Test
public void itemWithAdministratorFeatureTest() throws Exception {
ItemRest itemRestA = itemConverter.convert(itemInCollectionA, DefaultProjection.DEFAULT);
ItemRest itemRestB = itemConverter.convert(itemInCollectionB, DefaultProjection.DEFAULT);
String tokenAdminItemA = getAuthToken(adminItemA.getEmail(), password);
String tokenAdminItemB = getAuthToken(adminItemB.getEmail(), password);
String tokenAdminColA = getAuthToken(adminColA.getEmail(), password);
String tokenAdminColB = getAuthToken(adminColB.getEmail(), password);
String tokenAdminComA = getAuthToken(adminComA.getEmail(), password);
String tokenAdminComB = getAuthToken(adminComB.getEmail(), password);
String tokenAdmin = getAuthToken(admin.getEmail(), password);
// define authorizations that we know must exists
Authorization authAdminSiteItemA = new Authorization(admin, administratorFeature, itemRestA);
Authorization authAdminComAItemA = new Authorization(adminComA, administratorFeature, itemRestA);
Authorization authAdminColAItemA = new Authorization(adminColA, administratorFeature, itemRestA);
Authorization authAdminItemAItemA = new Authorization(adminItemA, administratorFeature, itemRestA);
Authorization authAdminSiteItemB = new Authorization(admin, administratorFeature, itemRestB);
Authorization authAdminComBItemB = new Authorization(adminComB, administratorFeature, itemRestB);
Authorization authAdminColBItemB = new Authorization(adminColB, administratorFeature, itemRestB);
Authorization authAdminItemBItemB = new Authorization(adminItemB, administratorFeature, itemRestB);
// define authorization that we know not exists
Authorization authAdminComBItemA = new Authorization(adminComB, administratorFeature, itemRestA);
Authorization authAdminColBItemA = new Authorization(adminColB, administratorFeature, itemRestA);
Authorization authAdminItemBItemA = new Authorization(adminItemB, administratorFeature, itemRestA);
Authorization authEPersonItemA = new Authorization(eperson, administratorFeature, itemRestA);
Authorization authAnonymousItemA = new Authorization(null, administratorFeature, itemRestA);
getClient(tokenAdmin).perform(get("/api/authz/authorizations/" + authAdminSiteItemA.getID()))
.andExpect(status().isOk())
.andExpect(jsonPath("$", Matchers.is(
AuthorizationMatcher.matchAuthorization(authAdminSiteItemA))));
getClient(tokenAdminComA).perform(get("/api/authz/authorizations/" + authAdminComAItemA.getID()))
.andExpect(status().isOk())
.andExpect(jsonPath("$", Matchers.is(
AuthorizationMatcher.matchAuthorization(authAdminComAItemA))));
getClient(tokenAdminColA).perform(get("/api/authz/authorizations/" + authAdminColAItemA.getID()))
.andExpect(status().isOk())
.andExpect(jsonPath("$", Matchers.is(
AuthorizationMatcher.matchAuthorization(authAdminColAItemA))));
getClient(tokenAdminItemA).perform(get("/api/authz/authorizations/" + authAdminItemAItemA.getID()))
.andExpect(status().isOk())
.andExpect(jsonPath("$", Matchers.is(
AuthorizationMatcher.matchAuthorization(authAdminItemAItemA))));
getClient(tokenAdmin).perform(get("/api/authz/authorizations/" + authAdminSiteItemB.getID()))
.andExpect(status().isOk())
.andExpect(jsonPath("$", Matchers.is(
AuthorizationMatcher.matchAuthorization(authAdminSiteItemB))));
getClient(tokenAdminComB).perform(get("/api/authz/authorizations/" + authAdminComBItemB.getID()))
.andExpect(status().isOk())
.andExpect(jsonPath("$", Matchers.is(
AuthorizationMatcher.matchAuthorization(authAdminComBItemB))));
getClient(tokenAdminColB).perform(get("/api/authz/authorizations/" + authAdminColBItemB.getID()))
.andExpect(status().isOk())
.andExpect(jsonPath("$", Matchers.is(
AuthorizationMatcher.matchAuthorization(authAdminColBItemB))));
getClient(tokenAdminItemB).perform(get("/api/authz/authorizations/" + authAdminItemBItemB.getID()))
.andExpect(status().isOk())
.andExpect(jsonPath("$", Matchers.is(
AuthorizationMatcher.matchAuthorization(authAdminItemBItemB))));
getClient(tokenAdmin).perform(get("/api/authz/authorizations/" + authAdminComBItemA.getID()))
.andExpect(status().isNotFound());
getClient(tokenAdmin).perform(get("/api/authz/authorizations/" + authAdminColBItemA.getID()))
.andExpect(status().isNotFound());
getClient(tokenAdmin).perform(get("/api/authz/authorizations/" + authAdminItemBItemA.getID()))
.andExpect(status().isNotFound());
getClient(tokenAdmin).perform(get("/api/authz/authorizations/" + authEPersonItemA.getID()))
.andExpect(status().isNotFound());
getClient(tokenAdmin).perform(get("/api/authz/authorizations/" + authAnonymousItemA.getID()))
.andExpect(status().isNotFound());
}
} }