add unit test for DefaultSecuritySystem

scm-test/src/main/java/sonia/scm/AbstractTestBase.java

@@ -151,6 +151,7 @@ public class AbstractTestBase
     try
     {
       preTearDown();
+      clearSubject();
     }
     finally
     {
@@ -179,7 +180,7 @@ public class AbstractTestBase
   //~--- methods --------------------------------------------------------------
 
   /**
-   * Clears Shiro's thread state, ensuring the thread remains clean for 
+   * Clears Shiro's thread state, ensuring the thread remains clean for
    * future test execution.
    */
   protected void clearSubject()

scm-test/src/main/java/sonia/scm/util/MockUtil.java

@@ -41,6 +41,7 @@ import org.apache.shiro.authz.Permission;
 import org.apache.shiro.subject.PrincipalCollection;
 import org.apache.shiro.subject.SimplePrincipalCollection;
 import org.apache.shiro.subject.Subject;
+import org.apache.shiro.subject.Subject.Builder;
 
 import org.mockito.invocation.InvocationOnMock;
 import org.mockito.stubbing.Answer;
@@ -136,6 +137,20 @@ public final class MockUtil
    * @return
    */
   public static Subject createUserSubject()
+  {
+    return createUserSubject(null);
+  }
+
+  /**
+   * Method description
+   *
+   *
+   *
+   * @param securityManager
+   * @return
+   */
+  public static Subject createUserSubject(
+    org.apache.shiro.mgt.SecurityManager securityManager)
   {
     SimplePrincipalCollection collection = new SimplePrincipalCollection();
     User user = UserTestData.createTrillian();
@@ -143,8 +158,18 @@ public final class MockUtil
     collection.add(user.getName(), "junit");
     collection.add(user, "junit");
 
-    return new Subject.Builder().principals(collection).authenticated(
+    Builder builder;
-      true).buildSubject();
+
+    if (securityManager != null)
+    {
+      builder = new Subject.Builder(securityManager);
+    }
+    else
+    {
+      builder = new Subject.Builder();
+    }
+
+    return builder.principals(collection).authenticated(true).buildSubject();
   }
 
   //~--- get methods ----------------------------------------------------------

scm-webapp/src/main/java/sonia/scm/security/DefaultSecuritySystem.java

@@ -444,7 +444,7 @@ public class DefaultSecuritySystem implements SecuritySystem
 
     return classLoader;
   }
-
+  
   //~--- inner classes --------------------------------------------------------
 
   /**

scm-webapp/src/test/java/sonia/scm/security/DefaultSecuritySystemTest.java

@@ -0,0 +1,333 @@
+/**
+ * Copyright (c) 2010, Sebastian Sdorra All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer. 2. Redistributions in
+ * binary form must reproduce the above copyright notice, this list of
+ * conditions and the following disclaimer in the documentation and/or other
+ * materials provided with the distribution. 3. Neither the name of SCM-Manager;
+ * nor the names of its contributors may be used to endorse or promote products
+ * derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE FOR
+ * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+ * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+ * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ * http://bitbucket.org/sdorra/scm-manager
+ *
+ */
+
+
+
+package sonia.scm.security;
+
+//~--- non-JDK imports --------------------------------------------------------
+
+import com.google.common.base.Predicate;
+
+import org.apache.shiro.authz.UnauthorizedException;
+import org.apache.shiro.mgt.DefaultSecurityManager;
+import org.apache.shiro.realm.SimpleAccountRealm;
+
+import org.junit.Before;
+import org.junit.Test;
+
+import sonia.scm.AbstractTestBase;
+import sonia.scm.store.JAXBConfigurationEntryStoreFactory;
+import sonia.scm.util.MockUtil;
+
+import static org.hamcrest.Matchers.*;
+
+import static org.junit.Assert.*;
+
+//~--- JDK imports ------------------------------------------------------------
+
+import java.util.List;
+
+/**
+ *
+ * @author Sebastian Sdorra
+ */
+public class DefaultSecuritySystemTest extends AbstractTestBase
+{
+
+  /**
+   * Method description
+   *
+   */
+  @Before
+  public void createSecuritySystem()
+  {
+    JAXBConfigurationEntryStoreFactory factory =
+      new JAXBConfigurationEntryStoreFactory(new UUIDKeyGenerator(),
+        contextProvider);
+
+    securitySystem = new DefaultSecuritySystem(factory);
+
+    // ScmEventBus.getInstance().register(listener);
+  }
+
+  /**
+   * Method description
+   *
+   */
+  @Test
+  public void testAddPermission()
+  {
+    setAdminSubject();
+
+    StoredAssignedPermission sap = createPermission("trillian", false,
+                                     "repository:*:READ");
+
+    assertEquals("trillian", sap.getName());
+    assertEquals("repository:*:READ", sap.getPermission());
+    assertEquals(false, sap.isGroupPermission());
+  }
+
+  /**
+   * Method description
+   *
+   */
+  @Test
+  public void testAvailablePermissions()
+  {
+    setAdminSubject();
+
+    List<PermissionDescriptor> list = securitySystem.getAvailablePermissions();
+
+    assertNotNull(list);
+    assertThat(list.size(), greaterThan(0));
+  }
+
+  /**
+   * Method description
+   *
+   */
+  @Test
+  public void testDeletePermission()
+  {
+    setAdminSubject();
+
+    StoredAssignedPermission sap = createPermission("trillian", false,
+                                     "repository:*:READ");
+
+    securitySystem.deletePermission(sap);
+
+    assertNull(securitySystem.getPermission(sap.getId()));
+  }
+
+  /**
+   * Method description
+   *
+   */
+  @Test
+  public void testGetAllPermissions()
+  {
+    setAdminSubject();
+
+    StoredAssignedPermission trillian = createPermission("trillian", false,
+                                          "repository:*:READ");
+    StoredAssignedPermission dent = createPermission("dent", false,
+                                      "repository:*:READ");
+    StoredAssignedPermission marvin = createPermission("marvin", false,
+                                        "repository:*:READ");
+
+    List<StoredAssignedPermission> all = securitySystem.getAllPermissions();
+
+    assertEquals(3, all.size());
+    assertThat(all, containsInAnyOrder(trillian, dent, marvin));
+  }
+
+  /**
+   * Method description
+   *
+   */
+  @Test
+  public void testGetPermission()
+  {
+    setAdminSubject();
+
+    StoredAssignedPermission sap = createPermission("trillian", false,
+                                     "repository:*:READ");
+
+    StoredAssignedPermission other = securitySystem.getPermission(sap.getId());
+
+    assertEquals(sap.getId(), other.getId());
+    assertEquals(sap, other);
+  }
+
+  /**
+   * Method description
+   *
+   */
+  @Test
+  public void testGetPermissionsWithPredicate()
+  {
+    setAdminSubject();
+
+    StoredAssignedPermission trillian = createPermission("trillian", false,
+                                          "repository:*:READ");
+    StoredAssignedPermission dent = createPermission("dent", false,
+                                      "repository:*:READ");
+
+    createPermission("hitchhiker", true, "repository:*:READ");
+
+    List<StoredAssignedPermission> filtered =
+      securitySystem.getPermissions(new Predicate<AssignedPermission>()
+    {
+
+      @Override
+      public boolean apply(AssignedPermission input)
+      {
+        return !input.isGroupPermission();
+      }
+    });
+
+    assertEquals(2, filtered.size());
+    assertThat(filtered, containsInAnyOrder(trillian, dent));
+  }
+
+  /**
+   * Method description
+   *
+   */
+  @Test
+  public void testModifyPermission()
+  {
+    setAdminSubject();
+
+    StoredAssignedPermission sap = createPermission("trillian", false,
+                                     "repository:*:READ");
+    StoredAssignedPermission modified =
+      new StoredAssignedPermission(sap.getId(),
+        new AssignedPermission("trillian", "repository:*:WRITE"));
+
+    securitySystem.modifyPermission(modified);
+
+    sap = securitySystem.getPermission(modified.getId());
+
+    assertEquals(modified.getId(), sap.getId());
+    assertEquals(modified, sap);
+  }
+
+  /**
+   * Method description
+   *
+   */
+  @Test(expected = UnauthorizedException.class)
+  public void testUnauthorizedAddPermission()
+  {
+    setUserSubject();
+    createPermission("trillian", false, "repository:*:READ");
+  }
+
+  /**
+   * Method description
+   *
+   */
+  @Test(expected = UnauthorizedException.class)
+  public void testUnauthorizedDeletePermission()
+  {
+    setAdminSubject();
+
+    StoredAssignedPermission sap = createPermission("trillian", false,
+                                     "repository:*:READ");
+
+    setUserSubject();
+    securitySystem.deletePermission(sap);
+  }
+
+  /**
+   * Method description
+   *
+   */
+  @Test(expected = UnauthorizedException.class)
+  public void testUnauthorizedGetPermission()
+  {
+    setAdminSubject();
+
+    StoredAssignedPermission sap = createPermission("trillian", false,
+                                     "repository:*:READ");
+
+    setUserSubject();
+    securitySystem.getPermission(sap.getId());
+  }
+
+  /**
+   * Method description
+   *
+   */
+  @Test(expected = UnauthorizedException.class)
+  public void testUnauthorizedModifyPermission()
+  {
+    setAdminSubject();
+
+    StoredAssignedPermission sap = createPermission("trillian", false,
+                                     "repository:*:READ");
+
+    setUserSubject();
+
+    securitySystem.modifyPermission(sap);
+  }
+
+  /**
+   * Method description
+   *
+   *
+   * @param name
+   * @param groupPermission
+   * @param value
+   *
+   * @return
+   */
+  private StoredAssignedPermission createPermission(String name,
+    boolean groupPermission, String value)
+  {
+    AssignedPermission ap = new AssignedPermission(name, groupPermission,
+                              value);
+    StoredAssignedPermission sap = securitySystem.addPermission(ap);
+
+    assertNotNull(sap);
+    assertNotNull(sap.getId());
+
+    return sap;
+  }
+
+  //~--- set methods ----------------------------------------------------------
+
+  /**
+   * Method description
+   *
+   */
+  private void setAdminSubject()
+  {
+    setSubject(MockUtil.createAdminSubject());
+  }
+
+  /**
+   * Method description
+   *
+   */
+  private void setUserSubject()
+  {
+    org.apache.shiro.mgt.SecurityManager sm =
+      new DefaultSecurityManager(new SimpleAccountRealm());
+
+    setSubject(MockUtil.createUserSubject(sm));
+  }
+
+  //~--- fields ---------------------------------------------------------------
+
+  /** Field description */
+  private DefaultSecuritySystem securitySystem;
+}