start implementation of permission tests for ScmRealm

scm-webapp/src/main/java/sonia/scm/security/ScmRealm.java

@@ -131,7 +131,6 @@ public class ScmRealm extends AuthorizingRealm
    * @param cacheManager
    * @param userManager
    * @param groupManager
-   * @param repositoryManager
    * @param repositoryDAO
    * @param userDAO
    * @param authenticator
@@ -141,8 +140,8 @@ public class ScmRealm extends AuthorizingRealm
   @Inject
   public ScmRealm(ScmConfiguration configuration, CacheManager cacheManager,
     UserManager userManager, GroupManager groupManager,
-    RepositoryManager repositoryManager, RepositoryDAO repositoryDAO,
+    RepositoryDAO repositoryDAO, UserDAO userDAO,
-    UserDAO userDAO, AuthenticationManager authenticator,
+    AuthenticationManager authenticator,
     Provider<HttpServletRequest> requestProvider,
     Provider<HttpServletResponse> responseProvider)
   {

scm-webapp/src/test/java/sonia/scm/security/ScmRealmTest.java

@@ -42,16 +42,19 @@ import org.apache.shiro.authc.AuthenticationToken;
 import org.apache.shiro.authc.UnknownAccountException;
 import org.apache.shiro.authc.UsernamePasswordToken;
 import org.apache.shiro.authz.AuthorizationInfo;
+import org.apache.shiro.authz.Permission;
 import org.apache.shiro.subject.PrincipalCollection;
 
 import org.junit.Test;
 
 import sonia.scm.cache.MapCacheManager;
 import sonia.scm.config.ScmConfiguration;
+import sonia.scm.group.Group;
 import sonia.scm.group.GroupManager;
 import sonia.scm.group.GroupNames;
+import sonia.scm.repository.PermissionType;
+import sonia.scm.repository.Repository;
 import sonia.scm.repository.RepositoryDAO;
-import sonia.scm.repository.RepositoryManager;
 import sonia.scm.user.User;
 import sonia.scm.user.UserDAO;
 import sonia.scm.user.UserManager;
@@ -94,6 +97,30 @@ public class ScmRealmTest
     realm.getAuthenticationInfo(token("marvin", trillian.getPassword()));
   }
 
+  /**
+   * Method description
+   *
+   */
+  @Test
+  public void testAuthorizationAdminPermissions()
+  {
+    User trillian = createSampleUser();
+
+    trillian.setAdmin(true);
+
+    AuthorizationInfo ai = authorizationInfo(trillian);
+    Collection<Permission> permissions = ai.getObjectPermissions();
+
+    assertNotNull(permissions);
+    assertFalse(permissions.isEmpty());
+    assertEquals(1, permissions.size());
+    //J-
+    assertTrue(
+      permissions.contains(new RepositoryPermission("*", PermissionType.OWNER))
+    );
+    //J+
+  }
+
   /**
    * Method description
    *
@@ -114,6 +141,22 @@ public class ScmRealmTest
     assertTrue(roles.contains(Role.USER));
   }
 
+  /**
+   *  Method description
+   *
+   */
+  @Test
+  public void testAuthorizationDefaultUserPermissions()
+  {
+    User trillian = createSampleUser();
+
+    AuthorizationInfo ai = authorizationInfo(trillian);
+    Collection<Permission> permissions = ai.getObjectPermissions();
+
+    assertNotNull(permissions);
+    assertTrue(permissions.isEmpty());
+  }
+
   /**
    * Method description
    *
@@ -151,7 +194,14 @@ public class ScmRealmTest
   {
     User trillian = createSampleUser();
 
-    ScmRealm realm = createRealm(trillian, ImmutableSet.of("g1", "g2"));
+    //J-
+    ScmRealm realm = createRealm(
+      trillian, 
+      ImmutableSet.of("g1", "g2"), 
+      ImmutableSet.of(new Group("xml", "g3"), new Group("xml", "g4")),
+      null
+    );
+    //J+
     AuthenticationInfo ai = realm.getAuthenticationInfo(token(trillian));
 
     assertNotNull(ai);
@@ -168,7 +218,8 @@ public class ScmRealmTest
 
     assertNotNull(groups);
     assertFalse(groups.getCollection().isEmpty());
-    assertThat(groups, containsInAnyOrder("g1", "g2"));
+    assertEquals(4, groups.getCollection().size());
+    assertThat(groups, containsInAnyOrder("g1", "g2", "g3", "g4"));
   }
 
   /**
@@ -200,7 +251,7 @@ public class ScmRealmTest
    */
   private ScmRealm createRealm(User user)
   {
-    return createRealm(user, null);
+    return createRealm(user, null, null, null);
   }
 
   /**
@@ -209,15 +260,30 @@ public class ScmRealmTest
    *
    *
    * @param user
-   * @param groups
+   * @param authenticationGroups
+   * @param dbGroups
+   * @param repositories
    * @return
    */
-  private ScmRealm createRealm(User user, Collection<String> groups)
+  private ScmRealm createRealm(User user,
+    Collection<String> authenticationGroups, Collection<Group> dbGroups,
+    Collection<Repository> repositories)
   {
     UserManager userManager = mock(UserManager.class);
     GroupManager groupManager = mock(GroupManager.class);
-    RepositoryManager repositoryManager = mock(RepositoryManager.class);
+
+    if (dbGroups != null)
+    {
+      when(groupManager.getGroupsForMember(user.getId())).thenReturn(dbGroups);
+    }
+
     RepositoryDAO repositoryDAO = mock(RepositoryDAO.class);
+
+    if (repositories != null)
+    {
+      when(repositoryDAO.getAll()).thenReturn(repositories);
+    }
+
     UserDAO userDAO = mock(UserDAO.class);
 
     when(userDAO.get(user.getId())).thenReturn(user);
@@ -262,7 +328,7 @@ public class ScmRealmTest
         eq(user.getPassword())
       ) 
     ).thenReturn( 
-      new AuthenticationResult(user, groups, AuthenticationState.SUCCESS) 
+      new AuthenticationResult(user, authenticationGroups, AuthenticationState.SUCCESS) 
     );
     
     when( 
@@ -297,7 +363,6 @@ public class ScmRealmTest
       new MapCacheManager(),
       userManager,
       groupManager,
-      repositoryManager,
       repositoryDAO,
       userDAO,
       authManager,