From bb1e13a3b2dec50dfed1d78d1c20863d6c2ccf75 Mon Sep 17 00:00:00 2001
From: Pascal-Nicolas Becker <dspace@pascal-becker.de>
Date: Wed, 26 Apr 2017 21:44:04 +0200
Subject: [PATCH] DS-3572: Adding simple unit test for DS-3572.

---
 .../authorize/AuthorizeServiceTest.java       | 144 ++++++++++++++++++
 1 file changed, 144 insertions(+)
 create mode 100644 dspace-api/src/test/java/org/dspace/authorize/AuthorizeServiceTest.java

diff --git a/dspace-api/src/test/java/org/dspace/authorize/AuthorizeServiceTest.java b/dspace-api/src/test/java/org/dspace/authorize/AuthorizeServiceTest.java
new file mode 100644
index 0000000000..b6117ceb6f
--- /dev/null
+++ b/dspace-api/src/test/java/org/dspace/authorize/AuthorizeServiceTest.java
@@ -0,0 +1,144 @@
+/**
+ * The contents of this file are subject to the license and copyright
+ * detailed in the LICENSE and NOTICE files at the root of the source
+ * tree and available online at
+ *
+ * http://www.dspace.org/license/
+ */
+
+package org.dspace.authorize;
+
+import org.dspace.AbstractUnitTest;
+import org.dspace.authorize.factory.AuthorizeServiceFactory;
+import org.dspace.authorize.service.ResourcePolicyService;
+import org.dspace.content.Community;
+import org.dspace.content.factory.ContentServiceFactory;
+import org.dspace.content.service.CommunityService;
+import org.dspace.core.Constants;
+import org.dspace.eperson.EPerson;
+import org.dspace.eperson.Group;
+import org.dspace.eperson.factory.EPersonServiceFactory;
+import org.dspace.eperson.service.EPersonService;
+import org.dspace.eperson.service.GroupService;
+import org.junit.After;
+import org.junit.Assert;
+import org.junit.Before;
+import org.junit.Test;
+
+import java.io.IOException;
+import java.sql.SQLException;
+
+/**
+ * Created by pbecker as he wanted to write a test against DS-3572.
+ * This definitely needs to be extended, but it's at least a start.
+ */
+public class AuthorizeServiceTest  extends AbstractUnitTest
+{
+
+    protected EPersonService ePersonService = EPersonServiceFactory.getInstance().getEPersonService();
+    protected GroupService groupService = EPersonServiceFactory.getInstance().getGroupService();
+    protected ResourcePolicyService resourcePolicyService = AuthorizeServiceFactory.getInstance().getResourcePolicyService();
+    protected CommunityService communityService = ContentServiceFactory.getInstance().getCommunityService();
+
+    public AuthorizeServiceTest()
+    {}
+
+    @Test
+    public void testauthorizeMethodDoesNotConfuseEPersonWithCurrentUser()
+    {
+        Community dso;
+        EPerson eperson1;
+        EPerson eperson2;
+        Group group;
+
+        try
+        {
+            context.turnOffAuthorisationSystem();
+
+            // create two epersons: one to test a permission the other one to be used as currentUser
+            eperson1 = ePersonService.create(context);
+            eperson2 = ePersonService.create(context);
+            // create a group as the bug described in DS-3572 contains a wrong group membership check
+            group = groupService.create(context);
+            // add eperson1 to the group.
+            groupService.addMember(context, group, eperson1);
+            groupService.update(context, group);
+
+            // Use a top level community as DSpaceObject to test permissions
+            dso = communityService.create(null, context);
+
+            // grant write permission to the eperson1 by its group membership
+            authorizeService.addPolicy(context, dso, Constants.WRITE, group);
+            context.commit();
+
+            // set the other eperson as the current user
+            // Notice that it is not a member of the group, and does not have write permission
+            context.setCurrentUser(eperson2);
+        }
+        catch (SQLException | AuthorizeException ex)
+        {
+            throw new RuntimeException(ex);
+        }
+        finally
+        {
+            context.restoreAuthSystemState();
+        }
+
+        try {
+            // eperson1 should be able to write as he is member of a group that has write permissions
+            Assert.assertTrue(authorizeService.authorizeActionBoolean(context, eperson1, dso, Constants.WRITE, true));
+            // person2 shouldn't have write access
+            Assert.assertFalse(authorizeService.authorizeActionBoolean(context, eperson2, dso, Constants.WRITE, true));
+        }
+        catch (SQLException ex)
+        {
+            throw new RuntimeException(ex);
+        }
+    }
+
+    @Test
+    public void testauthorizeMethodRespectSpecialGroups()
+    {
+
+        EPerson eperson1;
+        EPerson eperson2;
+        Group group1;
+
+        Community dso;
+        try
+        {
+            context.turnOffAuthorisationSystem();
+
+            // create an eperson and a group
+            eperson1 = ePersonService.create(context);
+            group1 = groupService.create(context);
+
+            // Use a top level community as DSpaceObject to test permissions
+            dso = communityService.create(null, context);
+
+            // allow the group some action on a DSpaceObject and set it as
+            // special group to the user. Then test if the action on the DSO
+            // is allowed for the user
+            authorizeService.addPolicy(context, dso, Constants.ADD, group1);
+            context.setCurrentUser(eperson1);
+            context.setSpecialGroup(group1.getID());
+            context.commit();
+        }
+        catch (SQLException | AuthorizeException ex)
+        {
+            throw new RuntimeException(ex);
+        }
+        finally
+        {
+            context.restoreAuthSystemState();
+        }
+
+        try {
+            Assert.assertTrue(authorizeService.authorizeActionBoolean(context, eperson1, dso, Constants.ADD, true));
+        }
+        catch (SQLException ex)
+        {
+            throw new RuntimeException(ex);
+        }
+    }
+}