1 |
|
|
2 |
|
|
3 |
|
|
4 |
|
|
5 |
|
|
6 |
|
|
7 |
|
|
8 |
|
|
9 |
|
|
10 |
|
|
11 |
|
|
12 |
|
|
13 |
|
|
14 |
|
|
15 |
|
|
16 |
|
|
17 |
|
|
18 |
|
|
19 |
|
|
20 |
|
package org.xwiki.query.internal; |
21 |
|
|
22 |
|
import org.junit.Before; |
23 |
|
import org.junit.Rule; |
24 |
|
import org.junit.Test; |
25 |
|
import org.mockito.invocation.InvocationOnMock; |
26 |
|
import org.mockito.stubbing.Answer; |
27 |
|
import org.xwiki.query.Query; |
28 |
|
import org.xwiki.query.QueryException; |
29 |
|
import org.xwiki.query.QueryExecutorManager; |
30 |
|
import org.xwiki.security.authorization.ContextualAuthorizationManager; |
31 |
|
import org.xwiki.security.authorization.Right; |
32 |
|
import org.xwiki.test.mockito.MockitoComponentMockingRule; |
33 |
|
|
34 |
|
import static org.junit.Assert.assertTrue; |
35 |
|
|
36 |
|
import static org.junit.Assert.assertFalse; |
37 |
|
import static org.junit.Assert.assertEquals; |
38 |
|
import static org.junit.Assert.fail; |
39 |
|
import static org.mockito.Mockito.mock; |
40 |
|
import static org.mockito.Mockito.when; |
41 |
|
|
42 |
|
|
43 |
|
@link |
44 |
|
|
45 |
|
@version |
46 |
|
|
|
|
| 96% |
Uncovered Elements: 1 (25) |
Complexity: 6 |
Complexity Density: 0.3 |
|
47 |
|
public class SecureQueryExecutorManagerTest |
48 |
|
{ |
49 |
|
@Rule |
50 |
|
public MockitoComponentMockingRule<QueryExecutorManager> mocker = |
51 |
|
new MockitoComponentMockingRule<QueryExecutorManager>(SecureQueryExecutorManager.class); |
52 |
|
|
53 |
|
private ContextualAuthorizationManager authorization; |
54 |
|
|
55 |
|
private boolean hasProgrammingRight; |
56 |
|
|
57 |
|
|
58 |
|
|
59 |
|
|
60 |
|
private QueryExecutorManager executor; |
61 |
|
|
|
|
| 100% |
Uncovered Elements: 0 (4) |
Complexity: 1 |
Complexity Density: 0.25 |
|
62 |
3 |
@Before... |
63 |
|
public void before() throws Exception |
64 |
|
{ |
65 |
3 |
this.executor = this.mocker.getComponentUnderTest(); |
66 |
3 |
this.authorization = this.mocker.getInstance(ContextualAuthorizationManager.class); |
67 |
|
|
68 |
3 |
when(this.authorization.hasAccess(Right.PROGRAM)).then(new Answer<Boolean>() |
69 |
|
{ |
|
|
| 100% |
Uncovered Elements: 0 (1) |
Complexity: 1 |
Complexity Density: 1 |
|
70 |
2 |
@Override... |
71 |
|
public Boolean answer(InvocationOnMock invocation) throws Throwable |
72 |
|
{ |
73 |
2 |
return hasProgrammingRight; |
74 |
|
} |
75 |
|
}); |
76 |
|
|
77 |
3 |
this.hasProgrammingRight = true; |
78 |
|
} |
79 |
|
|
80 |
|
|
81 |
|
|
|
|
| 83.3% |
Uncovered Elements: 1 (6) |
Complexity: 2 |
Complexity Density: 0.33 |
1PASS
|
|
82 |
1 |
@Test... |
83 |
|
public void executeNotSecureQueryWithoutProgrammingRight() |
84 |
|
{ |
85 |
1 |
this.hasProgrammingRight = false; |
86 |
|
|
87 |
|
|
88 |
1 |
Query query = mock(Query.class); |
89 |
|
|
90 |
1 |
try { |
91 |
1 |
this.executor.execute(query); |
92 |
0 |
fail("Should have thrown an exception here"); |
93 |
|
} catch (QueryException expected) { |
94 |
1 |
assertEquals("Unsecure query require programming right. Query statement = [null]", |
95 |
|
expected.getMessage()); |
96 |
|
} |
97 |
|
} |
98 |
|
|
|
|
| 100% |
Uncovered Elements: 0 (3) |
Complexity: 1 |
Complexity Density: 0.33 |
1PASS
|
|
99 |
1 |
@Test... |
100 |
|
public void executeNotSecureQueryWithProgrammingRight() throws QueryException |
101 |
|
{ |
102 |
1 |
this.hasProgrammingRight = true; |
103 |
|
|
104 |
1 |
Query query = mock(Query.class); |
105 |
|
|
106 |
1 |
this.executor.execute(query); |
107 |
|
} |
108 |
|
|
|
|
| 100% |
Uncovered Elements: 0 (6) |
Complexity: 1 |
Complexity Density: 0.17 |
1PASS
|
|
109 |
1 |
@Test... |
110 |
|
public void executeSecureQueryWithoutCheckCurrentAuthor() throws QueryException |
111 |
|
{ |
112 |
1 |
DefaultQuery query = new DefaultQuery("statement", "language", this.executor); |
113 |
|
|
114 |
1 |
assertFalse(query.isCurrentAuthorChecked()); |
115 |
1 |
; |
116 |
|
|
117 |
1 |
this.executor.execute(query); |
118 |
|
|
119 |
1 |
assertTrue(query.isCurrentAuthorChecked()); |
120 |
1 |
; |
121 |
|
} |
122 |
|
} |