System roles should not be modifiable

2025-11-13 08:55:44 +01:00 · 2019-05-08 10:55:24 +02:00
parent dd312308fa
commit c88654739b
2 changed files with 98 additions and 1 deletions
--- a/scm-webapp/src/test/java/sonia/scm/repository/DefaultRepositoryRoleManagerTest.java
+++ b/scm-webapp/src/test/java/sonia/scm/repository/DefaultRepositoryRoleManagerTest.java
@@ -0,0 +1,87 @@
+package sonia.scm.repository;
+
+import org.apache.shiro.authz.UnauthorizedException;
+import org.apache.shiro.subject.Subject;
+import org.apache.shiro.subject.support.SubjectThreadState;
+import org.apache.shiro.util.ThreadContext;
+import org.apache.shiro.util.ThreadState;
+import org.assertj.core.api.Assertions;
+import org.junit.jupiter.api.AfterEach;
+import org.junit.jupiter.api.BeforeEach;
+import org.junit.jupiter.api.Nested;
+import org.junit.jupiter.api.Test;
+import org.junit.jupiter.api.extension.ExtendWith;
+import org.mockito.InjectMocks;
+import org.mockito.Mock;
+import org.mockito.junit.jupiter.MockitoExtension;
+import sonia.scm.security.RepositoryPermissionProvider;
+
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.junit.jupiter.api.Assertions.*;
+import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.ArgumentMatchers.anyString;
+import static org.mockito.Mockito.doAnswer;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.when;
+
+@ExtendWith(MockitoExtension.class)
+class DefaultRepositoryRoleManagerTest {
+
+  private final Subject subject = mock(Subject.class);
+  private final ThreadState subjectThreadState = new SubjectThreadState(subject);
+
+  @Mock
+  private RepositoryRoleDAO dao;
+  @Mock
+  private RepositoryPermissionProvider permissionProvider;
+
+  @InjectMocks
+  private DefaultRepositoryRoleManager manager;
+
+  @BeforeEach
+  void initUser() {
+    subjectThreadState.bind();
+    doAnswer(invocation -> {
+      String permission = invocation.getArguments()[0].toString();
+      if (!subject.isPermitted(permission)) {
+        throw new UnauthorizedException(permission);
+      }
+      return null;
+    }).when(subject).checkPermission(anyString());
+    ThreadContext.bind(subject);
+  }
+
+  @AfterEach
+  void cleanupContext() {
+    ThreadContext.unbindSubject();
+  }
+
+  @Nested
+  class WithAuthorizedUser {
+
+    @BeforeEach
+    void authorizeUser() {
+      when(subject.isPermitted(any(String.class))).thenReturn(true);
+    }
+
+    @Test
+    void shouldReturnNull_forNotExistingRole() {
+      RepositoryRole role = manager.get("noSuchRole");
+      assertThat(role).isNull();
+    }
+  }
+
+  @Nested
+  class WithUnauthorizedUser {
+
+    @BeforeEach
+    void authorizeUser() {
+      when(subject.isPermitted(any(String.class))).thenReturn(false);
+    }
+
+    @Test
+    void x() {
+      assertThrows(UnauthorizedException.class, () -> manager.get("noSuchRole"));
+    }
+  }
+}