1. Project Clover database Sat Feb 2 2019 06:45:20 CET
  2. Package com.xpn.xwiki.user.impl.xwiki

File XWikiRightServiceImplTest.java

 

Code metrics

16
326
22
1
849
614
30
0.09
14.82
22
1.36

Classes

Class Line # Actions
XWikiRightServiceImplTest 50 326 0% 30 4
0.98901198.9%
 

Contributing tests

This file is covered by 13 tests. .

Source view

1    /*
2    * See the NOTICE file distributed with this work for additional
3    * information regarding copyright ownership.
4    *
5    * This is free software; you can redistribute it and/or modify it
6    * under the terms of the GNU Lesser General Public License as
7    * published by the Free Software Foundation; either version 2.1 of
8    * the License, or (at your option) any later version.
9    *
10    * This software is distributed in the hope that it will be useful,
11    * but WITHOUT ANY WARRANTY; without even the implied warranty of
12    * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13    * Lesser General Public License for more details.
14    *
15    * You should have received a copy of the GNU Lesser General Public
16    * License along with this software; if not, write to the Free
17    * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
18    * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
19    */
20    package com.xpn.xwiki.user.impl.xwiki;
21   
22    import java.util.Collections;
23    import java.util.HashMap;
24    import java.util.Map;
25   
26    import org.jmock.Mock;
27    import org.jmock.core.Invocation;
28    import org.jmock.core.stub.CustomStub;
29    import org.xwiki.model.EntityType;
30    import org.xwiki.model.reference.DocumentReference;
31    import org.xwiki.model.reference.EntityReference;
32   
33    import com.xpn.xwiki.XWiki;
34    import com.xpn.xwiki.XWikiContext;
35    import com.xpn.xwiki.XWikiException;
36    import com.xpn.xwiki.api.Document;
37    import com.xpn.xwiki.doc.XWikiDocument;
38    import com.xpn.xwiki.objects.BaseObject;
39    import com.xpn.xwiki.test.AbstractBridgedXWikiComponentTestCase;
40    import com.xpn.xwiki.user.api.XWikiGroupService;
41    import com.xpn.xwiki.user.api.XWikiRightNotFoundException;
42    import com.xpn.xwiki.user.api.XWikiRightService;
43    import com.xpn.xwiki.user.api.XWikiUser;
44   
45    /**
46    * Unit tests for {@link com.xpn.xwiki.user.impl.xwiki.XWikiRightServiceImpl}.
47    *
48    * @version $Id: 596223088f9281f45511a42d428ab59cb67b4d23 $
49    */
 
50    public class XWikiRightServiceImplTest extends AbstractBridgedXWikiComponentTestCase
51    {
52    private static final EntityReference XWIKIPREFERENCES_REFERENCE = new EntityReference("XWikiPreferences",
53    EntityType.DOCUMENT, new EntityReference("XWiki", EntityType.SPACE));
54   
55    private XWikiRightServiceImpl rightService;
56   
57    private Mock mockGroupService;
58   
59    private Mock mockXWiki;
60   
61    private XWikiDocument user;
62   
63    private XWikiDocument group;
64   
65    private XWikiDocument group2;
66   
 
67  13 toggle @Override
68    protected void setUp() throws Exception
69    {
70  13 super.setUp();
71  13 this.rightService = new XWikiRightServiceImpl();
72   
73  13 this.mockGroupService = mock(XWikiGroupService.class, new Class[] {}, new Object[] {});
74   
75  13 this.mockXWiki = mock(XWiki.class);
76  13 this.mockXWiki.stubs().method("getGroupService").will(returnValue(this.mockGroupService.proxy()));
77  13 this.mockXWiki.stubs().method("isReadOnly").will(returnValue(false));
78  13 this.mockXWiki.stubs().method("getWikiOwner").will(returnValue(null));
79  13 this.mockXWiki.stubs().method("getMaxRecursiveSpaceChecks").will(returnValue(0));
80  13 this.mockXWiki.stubs().method("getDocument").with(ANYTHING, eq("WebPreferences"), ANYTHING).will(
81    new CustomStub("Implements XWiki.getDocument")
82    {
 
83  64 toggle @Override
84    public Object invoke(Invocation invocation) throws Throwable
85    {
86  64 return new XWikiDocument(new DocumentReference(getContext().getWikiId(),
87    (String) invocation.parameterValues.get(0), "WebPreferences"));
88    }
89    });
90    // Called from MessageToolVelocityContextInitializer.
91  13 this.mockXWiki.stubs().method("prepareResources");
92   
93  13 getContext().setWiki((XWiki) this.mockXWiki.proxy());
94   
95  13 this.user = new XWikiDocument(new DocumentReference("wiki", "XWiki", "user"));
96  13 this.user.setNew(false);
97  13 getContext().setWikiId(this.user.getWikiName());
98  13 BaseObject userObject = new BaseObject();
99  13 userObject.setClassName("XWiki.XWikiUser");
100  13 this.user.addXObject(userObject);
101  13 this.mockXWiki.stubs().method("getDocument").with(eq(this.user.getPrefixedFullName()), ANYTHING).will(
102    returnValue(this.user));
103   
104  13 this.group = new XWikiDocument(new DocumentReference("wiki", "XWiki", "group"));
105  13 this.group.setNew(false);
106  13 getContext().setWikiId(this.group.getWikiName());
107  13 BaseObject groupObject = new BaseObject();
108  13 groupObject.setClassName("XWiki.XWikiGroups");
109  13 groupObject.setStringValue("member", this.user.getFullName());
110  13 this.group.addXObject(groupObject);
111  13 this.mockXWiki.stubs().method("getDocument").with(eq(this.group.getPrefixedFullName()), ANYTHING).will(
112    returnValue(this.group));
113   
114  13 this.group2 = new XWikiDocument(new DocumentReference("wiki2", "XWiki", "group2"));
115  13 this.group2.setNew(false);
116  13 getContext().setWikiId(this.group2.getWikiName());
117  13 BaseObject group2Object = new BaseObject();
118  13 group2Object.setClassName("XWiki.XWikiGroups");
119  13 group2Object.setStringValue("member", this.user.getPrefixedFullName());
120  13 this.group2.addXObject(groupObject);
121  13 this.mockXWiki.stubs().method("getDocument").with(eq(this.group2.getPrefixedFullName()), ANYTHING).will(
122    returnValue(this.group2));
123   
124  13 this.mockGroupService.stubs().method("getAllGroupsReferencesForMember").with(
125    eq(this.user.getDocumentReference()), ANYTHING, ANYTHING, ANYTHING).will(
126    new CustomStub("Implements XWikiGroupService.getAllGroupsReferencesForMember")
127    {
 
128  8 toggle @Override
129    public Object invoke(Invocation invocation) throws Throwable
130    {
131  8 XWikiContext context = (XWikiContext) invocation.parameterValues.get(3);
132   
133  8 if (context.getWikiId().equals(group.getWikiName())) {
134  5 return Collections.singleton(group.getDocumentReference());
135  3 } else if (context.getWikiId().equals(group2.getWikiName())) {
136  3 return Collections.singleton(group2.getDocumentReference());
137    } else {
138  0 return Collections.emptyList();
139    }
140    }
141    });
142   
143  13 this.mockGroupService.stubs().method("getAllGroupsReferencesForMember").with(
144    eq(this.group.getDocumentReference()), ANYTHING, ANYTHING, ANYTHING).will(
145    returnValue(Collections.emptyList()));
146  13 this.mockGroupService.stubs().method("getAllGroupsReferencesForMember").with(
147    eq(this.group2.getDocumentReference()), ANYTHING, ANYTHING, ANYTHING).will(
148    returnValue(Collections.emptyList()));
149    }
150   
151    /**
152    * Test if checkRight() take care of users's groups from other wikis.
153    */
 
154  1 toggle public void testCheckRight() throws XWikiRightNotFoundException, XWikiException
155    {
156  1 final XWikiDocument doc = new XWikiDocument(new DocumentReference("wiki2", "Space", "Page"));
157   
158  1 Mock mockGlobalRightObj = mock(BaseObject.class, new Class[] {}, new Object[] {});
159  1 mockGlobalRightObj.stubs().method("getStringValue").with(eq("levels")).will(returnValue("view"));
160  1 mockGlobalRightObj.stubs().method("getStringValue").with(eq("groups")).will(
161    returnValue(this.group.getPrefixedFullName()));
162  1 mockGlobalRightObj.stubs().method("getStringValue").with(eq("users")).will(returnValue(""));
163  1 mockGlobalRightObj.stubs().method("getIntValue").with(eq("allow")).will(returnValue(1));
164  1 mockGlobalRightObj.stubs().method("setNumber");
165  1 mockGlobalRightObj.stubs().method("setDocumentReference");
166  1 mockGlobalRightObj.stubs().method("setOwnerDocument");
167   
168  1 doc.addObject("XWiki.XWikiGlobalRights", (BaseObject) mockGlobalRightObj.proxy());
169   
170  1 getContext().setWikiId("wiki2");
171   
172  1 boolean result =
173    this.rightService.checkRight(this.user.getPrefixedFullName(), doc, "view", true, true, true, getContext());
174   
175  1 assertTrue(this.user.getPrefixedFullName() + " does not have global view right on wiki2", result);
176    }
177   
 
178  1 toggle public void testHasAccessLevelAdminOnDocument() throws Exception
179    {
180  1 final String wikiName = this.user.getWikiName();
181   
182  1 final XWikiDocument doc = new XWikiDocument(new DocumentReference(wikiName,
183    "Space", "Page"));
184   
185  1 final XWikiDocument preferences = new XWikiDocument(new DocumentReference(wikiName,
186    "XWiki", "XWikiPreference"));
187   
188  1 BaseObject rightsObject = new BaseObject();
189  1 rightsObject.setClassName("XWiki.XWikiRights");
190  1 rightsObject.setStringValue("levels", "admin");
191  1 rightsObject.setStringValue("users", this.user.getPrefixedFullName());
192  1 rightsObject.setIntValue("allow", 1);
193  1 doc.addXObject(rightsObject);
194   
195  1 BaseObject preferencesObject = new BaseObject();
196  1 preferencesObject.setClassName("XWiki.XWikiGlobalRights");
197  1 preferencesObject.setStringValue("levels", "admin");
198  1 preferencesObject.setIntValue("allow", 0);
199  1 preferencesObject.setStringValue("users", this.user.getPrefixedFullName());
200  1 preferences.addXObject(preferencesObject);
201  1 preferences.setNew(false);
202   
203  1 this.mockXWiki.stubs().method("getDocument").with(eq(XWIKIPREFERENCES_REFERENCE), ANYTHING).will(
204    new CustomStub("Implements XWiki.getDocument")
205    {
 
206  2 toggle @Override
207    public Object invoke(Invocation invocation) throws Throwable
208    {
209  2 if (!getContext().getWikiId().equals(wikiName)) {
210  1 new XWikiDocument(new DocumentReference(getContext().getWikiId(), "XWiki", "XWikiPreference"));
211    }
212   
213  2 return preferences;
214    }
215    });
216  1 this.mockXWiki.stubs().method("getDocument").with(eq(doc.getPrefixedFullName()), ANYTHING).will(
217    returnValue(doc));
218   
219  1 getContext().setWikiId(wikiName);
220   
221  1 assertFalse("Admin rights must not be considered when set on document level.",
222    this.rightService.hasAccessLevel("admin", this.user.getPrefixedFullName(),
223    doc.getPrefixedFullName(), true,
224    getContext()));
225    }
226   
 
227  1 toggle public void testHasAccessLevelWhithUserFromAnotherWiki() throws XWikiException
228    {
229  1 final XWikiDocument doc = new XWikiDocument(new DocumentReference(this.group2.getWikiName(), "Space", "Page"));
230   
231  1 final XWikiDocument preferences = new XWikiDocument(new DocumentReference("wiki2", "XWiki", "XWikiPreference"));
232  1 BaseObject preferencesObject = new BaseObject();
233  1 preferencesObject.setClassName("XWiki.XWikiGlobalRights");
234  1 preferencesObject.setStringValue("levels", "view");
235  1 preferencesObject.setIntValue("allow", 1);
236  1 preferences.addXObject(preferencesObject);
237  1 preferences.setNew(false);
238   
239  1 this.mockXWiki.stubs().method("getDocument").with(eq(XWIKIPREFERENCES_REFERENCE), ANYTHING).will(
240    new CustomStub("Implements XWiki.getDocument")
241    {
 
242  30 toggle @Override
243    public Object invoke(Invocation invocation) throws Throwable
244    {
245  30 if (!getContext().getWikiId().equals("wiki2")) {
246  17 new XWikiDocument(new DocumentReference(getContext().getWikiId(), "XWiki", "XWikiPreference"));
247    }
248   
249  30 return preferences;
250    }
251    });
252  1 this.mockXWiki.stubs().method("getDocument").with(eq(doc.getPrefixedFullName()), ANYTHING).will(
253    returnValue(doc));
254   
255  1 getContext().setWikiId("wiki");
256   
257  1 assertFalse("User from another wiki has right on a local wiki", this.rightService.hasAccessLevel("view",
258    this.user.getPrefixedFullName(), doc.getPrefixedFullName(), true, getContext()));
259   
260    // direct user rights
261   
262  1 preferencesObject.setStringValue("users", this.user.getPrefixedFullName());
263   
264  1 getContext().setWikiId(this.user.getWikiName());
265   
266  1 assertTrue("User from another wiki does not have right on a local wiki when tested from user wiki",
267    this.rightService.hasAccessLevel("view", this.user.getPrefixedFullName(), doc.getPrefixedFullName(), true,
268    getContext()));
269  1 assertTrue("User from another wiki does not have right on a local wiki when tested from user wiki",
270    this.rightService.hasAccessLevel("view", this.user.getFullName(), doc.getPrefixedFullName(), true,
271    getContext()));
272   
273  1 getContext().setWikiId(doc.getWikiName());
274   
275  1 assertTrue("User from another wiki does not have right on a local wiki when tested from local wiki",
276    this.rightService.hasAccessLevel("view", this.user.getPrefixedFullName(), doc.getPrefixedFullName(), true,
277    getContext()));
278  1 assertTrue("User from another wiki does not have right on a local wiki when tested from local wiki",
279    this.rightService.hasAccessLevel("view", this.user.getPrefixedFullName(), doc.getFullName(), true,
280    getContext()));
281   
282    // user group rights
283   
284  1 preferencesObject.removeField("users");
285   
286    // group from user's wiki
287   
288  1 preferencesObject.setStringValue("groups", this.group.getPrefixedFullName());
289   
290  1 getContext().setWikiId(this.user.getWikiName());
291   
292  1 assertTrue("User group from another wiki does not have right on a local wiki when tested from user wiki",
293    this.rightService.hasAccessLevel("view", this.user.getPrefixedFullName(), doc.getPrefixedFullName(), true,
294    getContext()));
295  1 assertTrue("User group from another wiki does not have right on a local wiki when tested from user wiki",
296    this.rightService.hasAccessLevel("view", this.user.getFullName(), doc.getPrefixedFullName(), true,
297    getContext()));
298   
299  1 getContext().setWikiId(doc.getWikiName());
300   
301  1 assertTrue("User group from another wiki does not have right on a local wiki when tested from local wiki",
302    this.rightService.hasAccessLevel("view", this.user.getPrefixedFullName(), doc.getPrefixedFullName(), true,
303    getContext()));
304  1 assertTrue("User group from another wiki does not have right on a local wiki when tested from local wiki",
305    this.rightService.hasAccessLevel("view", this.user.getPrefixedFullName(), doc.getFullName(), true,
306    getContext()));
307   
308    // group from document's wiki
309   
310  1 preferencesObject.setStringValue("groups", this.group2.getFullName());
311   
312  1 getContext().setWikiId(this.user.getWikiName());
313   
314  1 assertTrue("User group from another wiki does not have right on a local wiki when tested from user wiki",
315    this.rightService.hasAccessLevel("view", this.user.getPrefixedFullName(), doc.getPrefixedFullName(), true,
316    getContext()));
317  1 assertTrue("User group from another wiki does not have right on a local wiki when tested from user wiki",
318    this.rightService.hasAccessLevel("view", this.user.getFullName(), doc.getPrefixedFullName(), true,
319    getContext()));
320   
321  1 getContext().setWikiId(doc.getWikiName());
322   
323  1 assertTrue("User group from another wiki does not have right on a local wiki when tested from local wiki",
324    this.rightService.hasAccessLevel("view", this.user.getPrefixedFullName(), doc.getPrefixedFullName(), true,
325    getContext()));
326  1 assertTrue("User group from another wiki does not have right on a local wiki when tested from local wiki",
327    this.rightService.hasAccessLevel("view", this.user.getPrefixedFullName(), doc.getFullName(), true,
328    getContext()));
329   
330    // user is wiki owner
331   
332  1 preferencesObject.removeField("groups");
333  1 this.mockXWiki.stubs().method("getWikiOwner").with(eq(doc.getWikiName()), ANYTHING).will(
334    returnValue(this.user.getPrefixedFullName()));
335   
336  1 getContext().setWikiId(this.user.getWikiName());
337   
338  1 assertTrue("Wiki owner from another wiki does not have right on a local wiki when tested from user wiki",
339    this.rightService.hasAccessLevel("view", this.user.getPrefixedFullName(), doc.getPrefixedFullName(), true,
340    getContext()));
341  1 assertTrue("Wiki owner group from another wiki does not have right on a local wiki when tested from user wiki",
342    this.rightService.hasAccessLevel("view", this.user.getFullName(), doc.getPrefixedFullName(), true,
343    getContext()));
344   
345  1 getContext().setWikiId(doc.getWikiName());
346   
347  1 assertTrue(
348    "Wiki owner group from another wiki does not have right on a local wiki when tested from local wiki",
349    this.rightService.hasAccessLevel("view", this.user.getPrefixedFullName(), doc.getPrefixedFullName(), true,
350    getContext()));
351  1 assertTrue(
352    "Wiki owner group from another wiki does not have right on a local wiki when tested from local wiki",
353    this.rightService.hasAccessLevel("view", this.user.getPrefixedFullName(), doc.getFullName(), true,
354    getContext()));
355    }
356   
 
357  1 toggle public void testHasAccessLevelWhithOnlyPageAsReference() throws XWikiException
358    {
359  1 final XWikiDocument doc = new XWikiDocument(new DocumentReference("wiki", "Space", "Page"));
360   
361  1 final XWikiDocument preferences =
362    new XWikiDocument(new DocumentReference(doc.getWikiName(), doc.getSpaceName(), "WebPreferences"));
363  1 BaseObject preferencesObject = new BaseObject();
364  1 preferencesObject.setClassName("XWiki.XWikiGlobalRights");
365  1 preferencesObject.setStringValue("levels", "view");
366  1 preferencesObject.setIntValue("allow", 1);
367  1 preferences.addXObject(preferencesObject);
368  1 preferences.setNew(false);
369   
370  1 this.mockXWiki.stubs().method("getDocument").with(eq(preferences.getSpaceName()),
371    eq(preferences.getPageName()), ANYTHING).will(returnValue(preferences));
372  1 this.mockXWiki.stubs().method("getDocument").with(eq(XWIKIPREFERENCES_REFERENCE), ANYTHING).will(
373    returnValue(new XWikiDocument(
374    new DocumentReference(getContext().getWikiId(), "XWiki", "XWikiPreferences"))));
375  1 this.mockXWiki.stubs().method("getDocument").with(eq(doc.getPrefixedFullName()), ANYTHING).will(
376    returnValue(doc));
377   
378  1 getContext().setWikiId("wiki");
379  1 getContext().setDoc(doc);
380   
381  1 assertFalse("Failed to check right with only page name", this.rightService.hasAccessLevel("view", this.user
382    .getPageName(), doc.getPageName(), true, getContext()));
383    }
384   
385    /**
386    * Test that programming rights are checked on the context user when no context document is set.
387    */
 
388  1 toggle public void testProgrammingRightsWhenNoContextDocumentIsSet()
389    {
390    // Setup an XWikiPreferences document granting programming rights to XWiki.Programmer
391  1 XWikiDocument prefs = new XWikiDocument(new DocumentReference(getContext().getMainXWiki(), "XWiki", "XWikiPreferences"));
392  1 Mock mockGlobalRightObj = mock(BaseObject.class, new Class[] {}, new Object[] {});
393  1 mockGlobalRightObj.stubs().method("getStringValue").with(eq("levels")).will(returnValue("programming"));
394  1 mockGlobalRightObj.stubs().method("getStringValue").with(eq("users")).will(returnValue("XWiki.Programmer"));
395  1 mockGlobalRightObj.stubs().method("getIntValue").with(eq("allow")).will(returnValue(1));
396  1 mockGlobalRightObj.stubs().method("setNumber");
397  1 mockGlobalRightObj.stubs().method("setDocumentReference");
398  1 mockGlobalRightObj.stubs().method("setOwnerDocument");
399  1 prefs.addObject("XWiki.XWikiGlobalRights", (BaseObject) mockGlobalRightObj.proxy());
400  1 this.mockXWiki.stubs().method("getDocument").with(eq(XWIKIPREFERENCES_REFERENCE), eq(getContext()))
401    .will(returnValue(prefs));
402  1 this.mockGroupService.stubs().method("getAllGroupsReferencesForMember")
403    .with(eq(new DocumentReference(getContext().getMainXWiki(), "XWiki", "Programmer")), eq(0), eq(0), same(getContext()))
404    .will(returnValue(Collections.EMPTY_LIST));
405   
406    // Setup the context (no context document)
407  1 this.mockXWiki.stubs().method("getDatabase").will(returnValue("xwiki"));
408  1 getContext().remove("doc");
409  1 getContext().remove("sdoc");
410   
411  1 getContext().setWikiId(getContext().getMainXWiki());
412   
413    // XWiki.Programmer should have PR, as per the global rights.
414  1 getContext().setUser("XWiki.Programmer");
415  1 assertTrue(this.rightService.hasProgrammingRights(getContext()));
416   
417  1 this.mockGroupService.stubs().method("getAllGroupsReferencesForMember").with(
418    eq(new DocumentReference("xwiki", "XWiki", XWikiRightService.GUEST_USER)), ANYTHING, ANYTHING, ANYTHING)
419    .will(returnValue(Collections.emptyList()));
420   
421    // Guests should not have PR
422  1 getContext().setUser(XWikiRightService.GUEST_USER_FULLNAME);
423  1 assertFalse(this.rightService.hasProgrammingRights(getContext()));
424   
425    // superadmin should always have PR
426  1 getContext().setUser(XWikiRightService.SUPERADMIN_USER_FULLNAME);
427  1 assertTrue(this.rightService.hasProgrammingRights(getContext()));
428    }
429   
 
430  1 toggle public void testHasAccessLevelWhithGuestUser() throws XWikiException
431    {
432  1 final XWikiDocument doc = new XWikiDocument(new DocumentReference("wiki2", "Space", "Page"));
433   
434  1 final XWikiDocument preferences = new XWikiDocument(new DocumentReference("wiki2", "XWiki", "XWikiPreference"));
435  1 BaseObject preferencesObject = new BaseObject();
436  1 preferencesObject.setClassName("XWiki.XWikiGlobalRights");
437  1 preferencesObject.setStringValue("levels", "view");
438  1 preferencesObject.setIntValue("allow", 1);
439  1 preferences.addXObject(preferencesObject);
440   
441  1 this.mockXWiki.stubs().method("getDocument").with(eq(XWIKIPREFERENCES_REFERENCE), ANYTHING).will(
442    new CustomStub("Implements XWiki.getDocument")
443    {
 
444  6 toggle @Override
445    public Object invoke(Invocation invocation) throws Throwable
446    {
447  6 if (!getContext().getWikiId().equals("wiki2")) {
448  3 new XWikiDocument(new DocumentReference(getContext().getWikiId(), "XWiki", "XWikiPreference"));
449    }
450   
451  6 return preferences;
452    }
453    });
454  1 this.mockXWiki.stubs().method("getDocument").with(eq(doc.getPrefixedFullName()), ANYTHING).will(
455    returnValue(doc));
456  1 this.mockXWiki.stubs().method("getXWikiPreference").with(eq("authenticate_view"), ANYTHING, ANYTHING).will(
457    returnValue("false"));
458  1 this.mockXWiki.stubs().method("getXWikiPreferenceAsInt").with(eq("authenticate_view"), ANYTHING, ANYTHING)
459    .will(returnValue(0));
460  1 this.mockXWiki.stubs().method("getSpacePreference").with(eq("authenticate_view"), ANYTHING, ANYTHING).will(
461    returnValue("false"));
462  1 this.mockXWiki.stubs().method("getSpacePreferenceAsInt").with(eq("authenticate_view"), ANYTHING, ANYTHING)
463    .will(returnValue(0));
464   
465  1 this.mockGroupService.stubs().method("getAllGroupsReferencesForMember").with(
466    eq(new DocumentReference("xwiki", "XWiki", XWikiRightService.GUEST_USER)), ANYTHING, ANYTHING, ANYTHING)
467    .will(returnValue(Collections.emptyList()));
468  1 this.mockGroupService.stubs().method("getAllGroupsReferencesForMember").with(
469    eq(new DocumentReference("wiki2", "XWiki", XWikiRightService.GUEST_USER)), ANYTHING, ANYTHING, ANYTHING)
470    .will(returnValue(Collections.emptyList()));
471   
472  1 getContext().setWikiId("wiki");
473   
474  1 assertFalse("Guest has wiew right on the document", this.rightService.hasAccessLevel("view",
475    XWikiRightService.GUEST_USER_FULLNAME, doc.getPrefixedFullName(), true, getContext()));
476   
477    // direct user rights
478   
479  1 preferencesObject.setStringValue("users", XWikiRightService.GUEST_USER_FULLNAME);
480   
481  1 getContext().setWikiId("wiki");
482   
483  1 assertTrue("Guest does not have right on the document when tested from another wiki", this.rightService
484    .hasAccessLevel("view", XWikiRightService.GUEST_USER_FULLNAME, doc.getPrefixedFullName(), true,
485    getContext()));
486   
487  1 getContext().setWikiId(doc.getDatabase());
488   
489  1 assertTrue("Guest does not have right on the document when tested from the document wiki", this.rightService
490    .hasAccessLevel("view", XWikiRightService.GUEST_USER_FULLNAME, doc.getPrefixedFullName(), true,
491    getContext()));
492    }
493   
494    /**
495    * This test will fail unless:
496    * SuperAdmin has programming permission before calling dropPermissions().
497    * SuperAdmin does not have programming permission after calling dropPermissions().
498    */
 
499  1 toggle public void testProgrammingRightsAfterDropPermissions()
500    {
501    // Nobody even superadmin gets PR after they have given it up.
502  1 this.getContext().setUser(XWikiRightService.SUPERADMIN_USER_FULLNAME);
503   
504  1 assertTrue("User does not have programming right prior to calling dropPermissions()",
505    this.rightService.hasProgrammingRights(this.getContext()));
506  1 this.getContext().dropPermissions();
507  1 assertFalse("Author retains programming right after calling dropPermissions()",
508    this.rightService.hasProgrammingRights(this.getContext()));
509    }
510   
511    /**
512    *
513    * This test will fail unless:
514    * SuperAdmin has programming permission before calling Document#dropPermissions().
515    * SuperAdmin does not have programming permission after calling dropPermissions().
516    */
 
517  1 toggle public void testProgrammingRightsAfterDropPermissionsForRenderingCycle()
518    {
519  1 final Document doc =
520    new Document(new XWikiDocument(new DocumentReference("XWiki", "Test", "Permissions")), this.getContext());
521   
522    // doc.setContentAuthor(XWikiRightService.SUPERADMIN_USER_FULLNAME);
523   
524    //this.getContext().setDoc(doc);
525  1 this.getContext().setUser(XWikiRightService.SUPERADMIN_USER_FULLNAME);
526   
527  1 assertTrue("User does not have programming right prior to calling "
528    + "doc.dropPermissions()",
529    this.rightService.hasProgrammingRights(this.getContext()));
530   
531  1 final Map<String, Object> backup = new HashMap<String, Object>();
532  1 XWikiDocument.backupContext(backup, this.getContext());
533   
534  1 doc.dropPermissions();
535   
536  1 assertFalse("Author retains programming right after calling doc.dropPermissions()",
537    this.rightService.hasProgrammingRights(this.getContext()));
538   
539  1 final Map<String, Object> backup2 = new HashMap<String, Object>();
540  1 XWikiDocument.backupContext(backup2, this.getContext());
541   
542  1 assertTrue("User does not have programming right after switching contexts.",
543    this.rightService.hasProgrammingRights(this.getContext()));
544   
545  1 XWikiDocument.restoreContext(backup2, this.getContext());
546   
547  1 assertFalse("Author did not lose programming right after switching contexts back.",
548    this.rightService.hasProgrammingRights(this.getContext()));
549   
550  1 XWikiDocument.restoreContext(backup, this.getContext());
551   
552  1 assertTrue("Author did not regain programming right after switching contexts back.",
553    this.rightService.hasProgrammingRights(this.getContext()));
554    }
555   
 
556  1 toggle public void testHasAccessLevelForDeleteRightWhenUserIsDocumentCreator() throws Exception
557    {
558  1 getContext().setWikiId(this.user.getWikiName());
559  1 final XWikiDocument doc = new XWikiDocument(new DocumentReference(this.user.getWikiName(), "Space", "Page"));
560   
561    // Set the creator to be the user we test against since creator should get delete rights
562  1 doc.setCreatorReference(this.user.getDocumentReference());
563   
564  1 this.mockXWiki.stubs().method("getDocument").with(eq(doc.getPrefixedFullName()), ANYTHING).will(
565    returnValue(doc));
566  1 final XWikiDocument xwikiPreferences = new XWikiDocument(
567    new DocumentReference(this.user.getWikiName(), "XWiki", "XWikiPreferences"));
568  1 this.mockXWiki.stubs().method("getDocument").with(eq("XWiki.XWikiPreferences"), ANYTHING).will(
569    returnValue(xwikiPreferences));
570   
571  1 assertTrue("Should allow delete rights for page creator",
572    this.rightService.hasAccessLevel("delete", this.user.getFullName(), doc.getFullName(), true, getContext()));
573    }
574   
 
575  7 toggle private void assertAccessLevelForGuestUser(String level, XWikiDocument doc, boolean shouldAllow) throws Exception
576    {
577   
578  7 if (shouldAllow) {
579  6 assertTrue("Empty wiki should allow " + level + " for guest.",
580    this.rightService.hasAccessLevel(level, XWikiRightService.GUEST_USER_FULLNAME,
581    doc.getFullName(), getContext()));
582    } else {
583  1 assertFalse("Empty wiki should deny " + level + " for guest.",
584    this.rightService.hasAccessLevel(level, XWikiRightService.GUEST_USER_FULLNAME,
585    doc.getFullName(), getContext()));
586    }
587    }
588   
 
589  1 toggle public void testHasAccessLevelOnEmptyWiki() throws Exception
590    {
591  1 getContext().setWikiId("xwiki");
592   
593  1 final XWikiDocument doc
594    = new XWikiDocument(new DocumentReference(getContext().getWikiId(), "Space", "Page"));
595   
596  1 final XWikiDocument xwikiPreferences
597    = new XWikiDocument(new DocumentReference(getContext().getWikiId(), "XWiki", "XWikiPreference"));
598   
599  1 this.mockGroupService.stubs().method("getAllGroupsReferencesForMember")
600    .with(ANYTHING, ANYTHING, ANYTHING, ANYTHING).will(
601    returnValue(Collections.emptyList()));
602   
603  1 this.mockXWiki.stubs().method("getDocument").with(eq(doc.getFullName()), ANYTHING)
604    .will(returnValue(doc));
605   
606  1 this.mockXWiki.stubs().method("getDocument").with(eq(XWIKIPREFERENCES_REFERENCE), ANYTHING).will(
607    returnValue(xwikiPreferences));
608   
609  1 this.mockXWiki.stubs().method("getXWikiPreference").with(ANYTHING, ANYTHING, ANYTHING).will(
610    returnValue("false"));
611  1 this.mockXWiki.stubs().method("getXWikiPreferenceAsInt").with(ANYTHING, ANYTHING, ANYTHING)
612    .will(returnValue(0));
613  1 this.mockXWiki.stubs().method("getSpacePreference").with(ANYTHING, ANYTHING, ANYTHING).will(
614    returnValue("false"));
615  1 this.mockXWiki.stubs().method("getSpacePreferenceAsInt").with(ANYTHING, ANYTHING, ANYTHING)
616    .will(returnValue(0));
617   
618  1 assertAccessLevelForGuestUser("login" , doc, true);
619  1 assertAccessLevelForGuestUser("register" , doc, true);
620  1 assertAccessLevelForGuestUser("view" , doc, true);
621  1 assertAccessLevelForGuestUser("edit" , doc, true);
622  1 assertAccessLevelForGuestUser("delete" , doc, true);
623  1 assertAccessLevelForGuestUser("admin" , doc, true);
624  1 assertAccessLevelForGuestUser("programming", doc, false);
625    }
626   
 
627  7 toggle private void assertAccessLevelForAdminUser(String level, XWikiDocument doc, boolean shouldAllow) throws Exception
628    {
629   
630  7 if (shouldAllow) {
631  7 assertTrue(level + " for admin should be allowed.",
632    this.rightService.hasAccessLevel(level, getContext().getWikiId() + ":XWiki.Admin",
633    doc.getFullName(), getContext()));
634    } else {
635  0 assertFalse(level + " for admin should be denied.",
636    this.rightService.hasAccessLevel(level, getContext().getWikiId() + ":XWiki.Admin",
637    doc.getFullName(), getContext()));
638    }
639    }
640   
 
641  1 toggle public void testAdminAccessLevels() throws Exception
642    {
643  1 getContext().setWikiId("xwiki");
644   
645  1 final XWikiDocument doc
646    = new XWikiDocument(new DocumentReference(getContext().getWikiId(), "Space", "Page"));
647   
648  1 final XWikiDocument xwikiPreferences
649    = new XWikiDocument(new DocumentReference(getContext().getWikiId(), "XWiki", "XWikiPreference"));
650   
651  1 this.mockGroupService.stubs().method("getAllGroupsReferencesForMember")
652    .with(ANYTHING, ANYTHING, ANYTHING, ANYTHING).will(
653    returnValue(Collections.emptyList()));
654   
655  1 this.mockXWiki.stubs().method("getDocument").with(eq(doc.getFullName()), ANYTHING)
656    .will(returnValue(doc));
657   
658  1 this.mockXWiki.stubs().method("getDocument").with(eq(doc.getPrefixedFullName()), ANYTHING)
659    .will(returnValue(doc));
660   
661  1 this.mockXWiki.stubs().method("getDocument").with(eq(XWIKIPREFERENCES_REFERENCE), ANYTHING).will(
662    returnValue(xwikiPreferences));
663   
664  1 this.mockXWiki.stubs().method("getXWikiPreference").with(ANYTHING, ANYTHING, ANYTHING).will(
665    returnValue("false"));
666  1 this.mockXWiki.stubs().method("getXWikiPreferenceAsInt").with(ANYTHING, ANYTHING, ANYTHING)
667    .will(returnValue(0));
668  1 this.mockXWiki.stubs().method("getSpacePreference").with(ANYTHING, ANYTHING, ANYTHING).will(
669    returnValue("false"));
670  1 this.mockXWiki.stubs().method("getSpacePreferenceAsInt").with(ANYTHING, ANYTHING, ANYTHING)
671    .will(returnValue(0));
672   
673  1 BaseObject preferencesObject = new BaseObject();
674  1 preferencesObject.setClassName("XWiki.XWikiGlobalRights");
675  1 preferencesObject.setStringValue("levels", "admin");
676  1 preferencesObject.setIntValue("allow", 1);
677  1 preferencesObject.setStringValue("users", getContext().getWikiId() + ":XWiki.Admin");
678  1 xwikiPreferences.addXObject(preferencesObject);
679   
680  1 assertAccessLevelForAdminUser("login" , doc, true);
681  1 assertAccessLevelForAdminUser("register" , doc, true);
682  1 assertAccessLevelForAdminUser("view" , doc, true);
683  1 assertAccessLevelForAdminUser("edit" , doc, true);
684  1 assertAccessLevelForAdminUser("delete" , doc, true);
685  1 assertAccessLevelForAdminUser("admin" , doc, true);
686  1 assertAccessLevelForAdminUser("programming", doc, true);
687   
688    }
689   
690    /**
691    * Verify that edit rights is not sufficient for editing
692    * *.WebPreferences and XWiki.XWikiPreferences, since that can be
693    * used to elevate the privileges to admin.
694    */
 
695  1 toggle public void testEditRightsOnWebPreferencesDocuments() throws Exception
696    {
697   
698  1 this.mockGroupService.stubs().method("getAllGroupsReferencesForMember")
699    .with(ANYTHING, ANYTHING, ANYTHING, ANYTHING).will(
700    returnValue(Collections.emptyList()));
701   
702  1 this.user = new XWikiDocument(new DocumentReference("wiki", "XWiki", "user"));
703  1 this.user.setNew(false);
704  1 getContext().setWikiId(this.user.getWikiName());
705  1 BaseObject userObject = new BaseObject();
706  1 userObject.setClassName("XWiki.XWikiUser");
707  1 this.user.addXObject(userObject);
708  1 this.mockXWiki.stubs().method("getDocument").with(eq(this.user.getPrefixedFullName()), ANYTHING).will(
709    returnValue(this.user));
710   
711  1 getContext().setWikiId(this.user.getWikiName());
712  1 final XWikiDocument doc = new XWikiDocument(new DocumentReference("wiki", "Space", "Document"));
713   
714  1 this.mockXWiki.stubs().method("getDocument").with(eq(doc.getPrefixedFullName()), ANYTHING).will(
715    returnValue(doc));
716   
717  1 final XWikiDocument preferences = new XWikiDocument(new DocumentReference("wiki", "XWiki", "XWikiPreference"));
718   
719  1 BaseObject preferencesObject = new BaseObject();
720  1 preferencesObject.setClassName("XWiki.XWikiGlobalRights");
721  1 preferencesObject.setStringValue("levels", "admin");
722  1 preferencesObject.setIntValue("allow", 0);
723  1 preferencesObject.setStringValue("users", "xwiki:XWiki.UserA");
724  1 preferences.addXObject(preferencesObject);
725   
726  1 this.mockXWiki.stubs().method("getDocument").with(eq("wiki:Space.WebPreferences"), ANYTHING)
727    .will(returnValue(
728    new XWikiDocument(new DocumentReference("wiki",
729    "Space", "WebPreferences"))));
730   
731  1 this.mockXWiki.stubs().method("getDocument").with(eq("wiki:XWiki.XWikiPreferences"), ANYTHING)
732    .will(returnValue(
733    new XWikiDocument(new DocumentReference("wiki",
734    "XWiki", "XWikiPreferences"))));
735   
736  1 this.mockXWiki.stubs().method("getDocument").with(eq("wiki:Space.XWikiPreferences"), ANYTHING)
737    .will(returnValue(
738    new XWikiDocument(new DocumentReference("wiki",
739    "Space", "XWikiPreferences"))));
740   
741  1 this.mockXWiki.stubs().method("getDocument").with(eq(XWIKIPREFERENCES_REFERENCE), ANYTHING).will(
742    new CustomStub("Implements XWiki.getDocument")
743    {
 
744  20 toggle @Override
745    public Object invoke(Invocation invocation) throws Throwable
746    {
747  20 if (!getContext().getWikiId().equals("wiki")) {
748  12 new XWikiDocument(new DocumentReference(getContext().getWikiId(), "XWiki", "XWikiPreference"));
749    }
750   
751  20 return preferences;
752    }
753    });
754   
755  1 assertFalse( "Programming rights have not been configured.",
756    rightService.hasAccessLevel("programming", "xwiki:XWiki.UserA", "wiki:Space.WebPreferences", getContext()));
757   
758  1 assertFalse( "Admin rights have not been configured.",
759    rightService.hasAccessLevel("admin", "xwiki:XWiki.UserA", "wiki:Space.WebPreferences", getContext()));
760   
761  1 assertFalse( "Shouldn't allow edit rights by default on WebPreferences documents.",
762    rightService.hasAccessLevel("edit", "xwiki:XWiki.UserA", "wiki:Space.WebPreferences", getContext()));
763   
764  1 assertFalse( "Edit rights should be denied by default on XWiki.XWikiPreferences",
765    rightService.hasAccessLevel("edit", "xwiki:XWiki.UserA", "wiki:XWiki.XWikiPreferences", getContext()));
766   
767  1 assertTrue( "Other documents named XWikiPreferences should be unaffected.",
768    rightService.hasAccessLevel("edit", "xwiki:XWiki.UserA", "wiki:Space.XWikiPreferences", getContext()));
769   
770  1 preferencesObject = new BaseObject();
771  1 preferencesObject.setClassName("XWiki.XWikiGlobalRights");
772  1 preferencesObject.setStringValue("levels", "edit");
773  1 preferencesObject.setIntValue("allow", 1);
774  1 preferencesObject.setStringValue("users", "xwiki:XWiki.UserA");
775  1 preferences.addXObject(preferencesObject);
776   
777  1 assertTrue( "Edit rights have been configured.",
778    rightService.hasAccessLevel("edit", "xwiki:XWiki.UserA", "wiki:Space.Document", getContext()));
779   
780  1 assertFalse( "No admin rights have been configured.",
781    rightService.hasAccessLevel("admin", "xwiki:XWiki.UserA", "wiki:Space.Document", getContext()));
782   
783  1 assertFalse( "Edit rights should be denied WebPreferences document for non-admin users.",
784    rightService.hasAccessLevel("edit", "xwiki:XWiki.UserA", "wiki:Space.WebPreferences", getContext()));
785   
786  1 assertFalse( "Edit rights should be denied XWiki.XWikiPreferences document for non-admin users.",
787    rightService.hasAccessLevel("edit", "xwiki:XWiki.UserA", "wiki:XWiki.XWikiPreferences", getContext()));
788   
789  1 preferencesObject = new BaseObject();
790  1 preferencesObject.setClassName("XWiki.XWikiGlobalRights");
791  1 preferencesObject.setStringValue("levels", "admin");
792  1 preferencesObject.setIntValue("allow", 1);
793  1 preferencesObject.setStringValue("users", "xwiki:XWiki.UserA");
794  1 preferences.addXObject(preferencesObject);
795   
796  1 assertTrue( "Admin rights have been configured.",
797    rightService.hasAccessLevel("admin", "xwiki:XWiki.UserA", "wiki:Space.Document", getContext()));
798   
799  1 assertTrue( "Edit rights should be granted on WebPreferences document for admin users.",
800    rightService.hasAccessLevel("edit", "xwiki:XWiki.UserA", "wiki:Space.WebPreferences", getContext()));
801   
802  1 assertTrue( "Edit rights should be granted on XWiki.XWikiPreferences document for non-admin users.",
803    rightService.hasAccessLevel("edit", "xwiki:XWiki.UserA", "wiki:XWiki.XWikiPreferences", getContext()));
804   
805   
806    }
807   
808    // This is currently a proof-of-behavior test to show that if a document prevents you from editing
809    // it, calling hasAccessLevel('create') on that document will also fail.
810    // Changing this behavior is proposed here: http://lists.xwiki.org/pipermail/devs/2013-March/053802.html
811    // See also: https://jira.xwiki.org/browse/XWIKI-8892
 
812  1 toggle public void testDeniesAccessLevelForCreateIfDocumentDeniesEdit() throws Exception
813    {
814  1 getContext().setWikiId(this.user.getWikiName());
815  1 final XWikiDocument doc = new XWikiDocument(new DocumentReference(this.user.getWikiName(), "Space", "Page"));
816   
817    // Set the creator to be the user we test against since creator should get delete rights
818  1 BaseObject xo = new BaseObject();
819  1 xo.setClassName("XWiki.XWikiRights");
820  1 xo.setStringValue("levels", "edit");
821  1 xo.setStringValue("users", user.getFullName());
822  1 xo.setIntValue("allow", 0);
823  1 doc.addXObject(xo);
824   
825  1 DocumentReference dr = new DocumentReference(this.user.getWikiName(), "XWiki", "XWikiPreferences");
826  1 this.mockXWiki.stubs().method("getDocument").with(isA(EntityReference.class), ANYTHING)
827    .will(returnValue(new XWikiDocument(new DocumentReference(dr))));
828   
829  1 this.mockXWiki.stubs().method("getDocument").with(eq(doc.getPrefixedFullName()), ANYTHING).will(
830    returnValue(doc));
831  1 this.mockXWiki.stubs().method("getXWikiPreference").with(eq("authenticate_edit"), ANYTHING, ANYTHING).will(
832    returnValue(""));
833  1 this.mockXWiki.stubs().method("getXWikiPreferenceAsInt").with(eq("authenticate_edit"), ANYTHING, ANYTHING).will(
834    returnValue(0));
835  1 this.mockXWiki.stubs().method("getSpacePreference").with(eq("authenticate_edit"), ANYTHING, ANYTHING).will(
836    returnValue(""));
837  1 this.mockXWiki.stubs().method("getSpacePreferenceAsInt").with(eq("authenticate_edit"), ANYTHING, ANYTHING).will(
838    returnValue(0));
839  1 this.mockXWiki.stubs().method("checkAuth").with(ANYTHING).will(
840    returnValue(new XWikiUser(this.user.getFullName())));
841  1 this.mockXWiki.stubs().method("getRightService").will(returnValue(this.rightService));
842   
843  1 assertFalse("Should not have edit permission on document if it is denied at a document level",
844    this.rightService.checkAccess("edit", doc, getContext()));
845  1 assertFalse("Should not have create permission on document if it is denied at a document level",
846    this.rightService.checkAccess("create", doc, getContext()));
847    }
848    }
849