1 |
|
|
2 |
|
|
3 |
|
|
4 |
|
|
5 |
|
|
6 |
|
|
7 |
|
|
8 |
|
|
9 |
|
|
10 |
|
|
11 |
|
|
12 |
|
|
13 |
|
|
14 |
|
|
15 |
|
|
16 |
|
|
17 |
|
|
18 |
|
|
19 |
|
|
20 |
|
package org.xwiki.security.authorization.internal; |
21 |
|
|
22 |
|
import java.util.ArrayDeque; |
23 |
|
import java.util.ArrayList; |
24 |
|
import java.util.Arrays; |
25 |
|
import java.util.Collections; |
26 |
|
import java.util.Deque; |
27 |
|
import java.util.List; |
28 |
|
|
29 |
|
import org.hamcrest.Matcher; |
30 |
|
import org.junit.Before; |
31 |
|
import org.junit.Rule; |
32 |
|
import org.junit.Test; |
33 |
|
import org.xwiki.security.GroupSecurityReference; |
34 |
|
import org.xwiki.security.SecurityReference; |
35 |
|
import org.xwiki.security.UserSecurityReference; |
36 |
|
import org.xwiki.security.authorization.AbstractAdditionalRightsTestCase; |
37 |
|
import org.xwiki.security.authorization.AuthorizationSettler; |
38 |
|
import org.xwiki.security.authorization.Right; |
39 |
|
import org.xwiki.security.authorization.RuleState; |
40 |
|
import org.xwiki.security.authorization.SecurityAccess; |
41 |
|
import org.xwiki.security.authorization.SecurityAccessEntry; |
42 |
|
import org.xwiki.security.authorization.SecurityRule; |
43 |
|
import org.xwiki.security.authorization.SecurityRuleEntry; |
44 |
|
import org.xwiki.test.mockito.MockitoComponentMockingRule; |
45 |
|
|
46 |
|
import static org.hamcrest.CoreMatchers.anyOf; |
47 |
|
import static org.hamcrest.CoreMatchers.equalTo; |
48 |
|
import static org.hamcrest.CoreMatchers.is; |
49 |
|
import static org.hamcrest.CoreMatchers.not; |
50 |
|
import static org.junit.Assert.assertThat; |
51 |
|
import static org.mockito.Mockito.mock; |
52 |
|
import static org.mockito.Mockito.when; |
53 |
|
import static org.mockito.hamcrest.MockitoHamcrest.argThat; |
54 |
|
import static org.xwiki.security.authorization.RuleState.ALLOW; |
55 |
|
import static org.xwiki.security.authorization.RuleState.DENY; |
56 |
|
import static org.xwiki.security.authorization.RuleState.UNDETERMINED; |
57 |
|
|
58 |
|
|
59 |
|
|
60 |
|
|
61 |
|
@version |
62 |
|
@since |
63 |
|
|
|
|
| 100% |
Uncovered Elements: 0 (201) |
Complexity: 15 |
Complexity Density: 0.08 |
|
64 |
|
public class DefaultAuthorizationSettlerTest extends AbstractAdditionalRightsTestCase |
65 |
|
{ |
66 |
|
@Rule |
67 |
|
public final MockitoComponentMockingRule<AuthorizationSettler> authorizationSettlerMocker = |
68 |
|
new MockitoComponentMockingRule<AuthorizationSettler>(DefaultAuthorizationSettler.class); |
69 |
|
|
70 |
|
private AuthorizationSettler authorizationSettler; |
71 |
|
|
72 |
|
private XWikiSecurityAccess defaultAccess; |
73 |
|
private XWikiSecurityAccess denyAllAccess; |
74 |
|
|
|
|
| 100% |
Uncovered Elements: 0 (5) |
Complexity: 1 |
Complexity Density: 0.2 |
|
75 |
8 |
@Before... |
76 |
|
public void configure() throws Exception |
77 |
|
{ |
78 |
8 |
defaultAccess = XWikiSecurityAccess.getDefaultAccess(); |
79 |
8 |
denyAllAccess = new XWikiSecurityAccess(); |
80 |
8 |
for (Right right : Right.values()) { |
81 |
179 |
denyAllAccess.deny(right); |
82 |
|
} |
83 |
|
|
84 |
8 |
this.authorizationSettler = authorizationSettlerMocker.getComponentUnderTest(); |
85 |
|
} |
86 |
|
|
|
|
| 100% |
Uncovered Elements: 0 (19) |
Complexity: 2 |
Complexity Density: 0.12 |
|
87 |
31 |
private Deque<SecurityRuleEntry> getMockedSecurityRuleEntries(String name, final SecurityReference reference,... |
88 |
|
final List<List<SecurityRule>> ruleEntries) |
89 |
|
{ |
90 |
31 |
final Deque<SecurityReference> refs = reference.getReversedSecurityReferenceChain(); |
91 |
31 |
final Deque<SecurityRuleEntry> entries = new ArrayDeque<SecurityRuleEntry>(refs.size()); |
92 |
|
|
93 |
31 |
for (SecurityReference ref : refs) { |
94 |
119 |
entries.push(mock(SecurityRuleEntry.class, name + ref)); |
95 |
|
} |
96 |
|
|
97 |
31 |
int i = 0; |
98 |
31 |
SecurityReference ref = reference; |
99 |
31 |
for (SecurityRuleEntry entry : entries) { |
100 |
119 |
List<SecurityRule> rules; |
101 |
|
|
102 |
119 |
if (i < ruleEntries.size()) { |
103 |
47 |
rules = ruleEntries.get(i); |
104 |
|
} else { |
105 |
72 |
rules = Collections.emptyList(); |
106 |
|
} |
107 |
|
|
108 |
119 |
when(entry.getReference()).thenReturn(ref); |
109 |
119 |
when(entry.getRules()).thenReturn(rules); |
110 |
119 |
when(entry.isEmpty()).thenReturn(rules.size() == 0); |
111 |
|
|
112 |
119 |
ref = ref.getParentSecurityReference(); |
113 |
119 |
i++; |
114 |
|
} |
115 |
|
|
116 |
31 |
return entries; |
117 |
|
} |
118 |
|
|
|
|
| 100% |
Uncovered Elements: 0 (18) |
Complexity: 1 |
Complexity Density: 0.06 |
|
119 |
25 |
private SecurityRule getMockedSecurityRule(String name, Iterable<UserSecurityReference> users,... |
120 |
|
Iterable<GroupSecurityReference> groups, Iterable<Right> rights, final RuleState state) { |
121 |
25 |
final SecurityRule rule = mock(SecurityRule.class, name); |
122 |
|
|
123 |
25 |
final List<Matcher<? super UserSecurityReference>> userMatchers |
124 |
|
= new ArrayList<Matcher<? super UserSecurityReference>>(); |
125 |
25 |
final List<Matcher<? super GroupSecurityReference>> groupMatchers |
126 |
|
= new ArrayList<Matcher<? super GroupSecurityReference>>(); |
127 |
25 |
final List<Matcher<? super Right>> rightMatchers = new ArrayList<Matcher<? super Right>>(); |
128 |
|
|
129 |
25 |
for (UserSecurityReference user : users) { |
130 |
24 |
userMatchers.add(is(user)); |
131 |
|
} |
132 |
25 |
for (GroupSecurityReference group : groups) { |
133 |
13 |
groupMatchers.add(is(group)); |
134 |
|
} |
135 |
25 |
for (Right right : rights) { |
136 |
116 |
rightMatchers.add(is(right)); |
137 |
|
} |
138 |
|
|
139 |
25 |
when(rule.match(argThat(anyOf(userMatchers)))).thenReturn(true); |
140 |
25 |
when(rule.match(argThat(anyOf(groupMatchers)))).thenReturn(true); |
141 |
25 |
when(rule.match(argThat(anyOf(rightMatchers)))).thenReturn(true); |
142 |
25 |
when(rule.match(argThat(not(anyOf(userMatchers))))).thenReturn(false); |
143 |
25 |
when(rule.match(argThat(not(anyOf(groupMatchers))))).thenReturn(false); |
144 |
25 |
when(rule.match(argThat(not(anyOf(rightMatchers))))).thenReturn(false); |
145 |
25 |
when(rule.getState()).thenReturn(state); |
146 |
|
|
147 |
25 |
return rule; |
148 |
|
} |
149 |
|
|
150 |
|
|
|
|
| 100% |
Uncovered Elements: 0 (7) |
Complexity: 2 |
Complexity Density: 0.4 |
|
151 |
53 |
private void assertAccess(String message, UserSecurityReference user, SecurityReference entity,... |
152 |
|
SecurityAccess access, SecurityAccessEntry actual) |
153 |
|
{ |
154 |
53 |
assertThat(message + " - user", actual.getUserReference(), equalTo(user)); |
155 |
53 |
assertThat(message + " - entity", actual.getReference(), equalTo(entity)); |
156 |
53 |
for (Right right : Right.values()) { |
157 |
1178 |
if (access.get(right) != UNDETERMINED) { |
158 |
898 |
assertThat(message + " - Right(" + right.getName() + ")", |
159 |
|
actual.getAccess().get(right), equalTo(access.get(right))); |
160 |
|
} |
161 |
|
} |
162 |
|
} |
163 |
|
|
|
|
| 100% |
Uncovered Elements: 0 (4) |
Complexity: 1 |
Complexity Density: 0.25 |
1PASS
|
|
164 |
1 |
@Test... |
165 |
|
public void testSettleNoRulesOnMainWiki() throws Exception |
166 |
|
{ |
167 |
1 |
Deque<SecurityRuleEntry> emptyXdocRules |
168 |
|
= getMockedSecurityRuleEntries("emptyXdocRules", xdocRef, Collections.<List<SecurityRule>>emptyList()); |
169 |
|
|
170 |
1 |
assertAccess("When no rules are defined, return default access for main wiki user on main wiki doc", |
171 |
|
xuserRef, xdocRef.getParentSecurityReference().getParentSecurityReference(), defaultAccess, |
172 |
|
authorizationSettler.settle(xuserRef, Collections.<GroupSecurityReference>emptyList(), emptyXdocRules)); |
173 |
|
|
174 |
1 |
assertAccess("When no rules are defined, deny all access for local wiki user on main wiki doc", |
175 |
|
userRef, xdocRef.getParentSecurityReference().getParentSecurityReference(), denyAllAccess, |
176 |
|
authorizationSettler.settle(userRef, Collections.<GroupSecurityReference>emptyList(), |
177 |
|
emptyXdocRules)); |
178 |
|
|
179 |
1 |
assertAccess("When no rules are defined, deny all access for another wiki user on main wiki doc", |
180 |
|
anotherWikiUserRef, xdocRef.getParentSecurityReference().getParentSecurityReference(), denyAllAccess, |
181 |
|
authorizationSettler.settle(anotherWikiUserRef, Collections.<GroupSecurityReference>emptyList(), |
182 |
|
emptyXdocRules)); |
183 |
|
} |
184 |
|
|
|
|
| 100% |
Uncovered Elements: 0 (4) |
Complexity: 1 |
Complexity Density: 0.25 |
1PASS
|
|
185 |
1 |
@Test... |
186 |
|
public void testSettleNoRulesOnLocalWiki() throws Exception |
187 |
|
{ |
188 |
1 |
Deque<SecurityRuleEntry> emptydocRules |
189 |
|
= getMockedSecurityRuleEntries("emptydocRules", docRef, Collections.<List<SecurityRule>>emptyList()); |
190 |
|
|
191 |
1 |
assertAccess("When no rules are defined, return default access for local wiki user on local wiki doc", |
192 |
|
userRef, docRef.getParentSecurityReference().getParentSecurityReference(), defaultAccess, |
193 |
|
authorizationSettler.settle(userRef, Collections.<GroupSecurityReference>emptyList(), emptydocRules)); |
194 |
|
|
195 |
1 |
assertAccess("When no rules are defined, return default access for main wiki on local wiki doc", |
196 |
|
xuserRef, docRef.getParentSecurityReference().getParentSecurityReference(), defaultAccess, |
197 |
|
authorizationSettler.settle(xuserRef, Collections.<GroupSecurityReference>emptyList(), emptydocRules)); |
198 |
|
|
199 |
1 |
assertAccess("When no rules are defined, deny all access for another wiki user on local wiki doc", |
200 |
|
anotherWikiUserRef, docRef.getParentSecurityReference().getParentSecurityReference(), denyAllAccess, |
201 |
|
authorizationSettler.settle(anotherWikiUserRef, Collections.<GroupSecurityReference>emptyList(), |
202 |
|
emptydocRules)); |
203 |
|
} |
204 |
|
|
|
|
| 100% |
Uncovered Elements: 0 (44) |
Complexity: 2 |
Complexity Density: 0.05 |
1PASS
|
|
205 |
1 |
@Test... |
206 |
|
public void testSettleInheritancePolicy() throws Exception |
207 |
|
{ |
208 |
1 |
SecurityRule allowAllTestRightsRulesToXuser = getMockedSecurityRule("allowAllTestRightsRulesToXuser", |
209 |
|
Arrays.asList(xuserRef), Collections.<GroupSecurityReference>emptyList(), allTestRights, ALLOW); |
210 |
1 |
SecurityRule denyAllTestRightsRulesToXuser = getMockedSecurityRule("denyAllTestRightsRulesToXuser", |
211 |
|
Arrays.asList(xuserRef), Collections.<GroupSecurityReference>emptyList(), allTestRights, DENY); |
212 |
1 |
SecurityRule allowAllTestRightsRulesToUser = getMockedSecurityRule("allowAllTestRightsRulesToUser", |
213 |
|
Arrays.asList(userRef), Collections.<GroupSecurityReference>emptyList(), allTestRights, ALLOW); |
214 |
1 |
SecurityRule denyAllTestRightsRulesToUser = getMockedSecurityRule("denyAllTestRightsRulesToUser", |
215 |
|
Arrays.asList(userRef), Collections.<GroupSecurityReference>emptyList(), allTestRights, DENY); |
216 |
1 |
SecurityRule allowAllTestRightsRulesToAnotherWikiUser = getMockedSecurityRule("allowAllTestRightsRulesToAnotherWikiUser", |
217 |
|
Arrays.asList(anotherWikiUserRef), Collections.<GroupSecurityReference>emptyList(), allTestRights, ALLOW); |
218 |
1 |
SecurityRule denyAllTestRightsRulesToAnotherWikiUser = getMockedSecurityRule( |
219 |
|
"denyAllTestRightsRulesToAnotherWikiUser", |
220 |
|
Arrays.asList(anotherWikiUserRef), Collections.<GroupSecurityReference>emptyList(), allTestRights, DENY); |
221 |
|
|
222 |
1 |
Deque<SecurityRuleEntry> allowThenDenyRulesForXdocSpace |
223 |
|
= getMockedSecurityRuleEntries("allowThenDenyRulesForXdocSpace", xdocRef, Arrays.asList( |
224 |
|
Arrays.asList(allowAllTestRightsRulesToXuser, allowAllTestRightsRulesToUser, |
225 |
|
allowAllTestRightsRulesToAnotherWikiUser), |
226 |
|
Arrays.asList(denyAllTestRightsRulesToXuser, denyAllTestRightsRulesToUser, |
227 |
|
denyAllTestRightsRulesToAnotherWikiUser))); |
228 |
|
|
229 |
1 |
Deque<SecurityRuleEntry> denyThenAllowRulesForXdocSpace |
230 |
|
= getMockedSecurityRuleEntries("denyThenAllowRulesForXdocSpace", xdocRef, Arrays.asList( |
231 |
|
Arrays.asList(denyAllTestRightsRulesToXuser, denyAllTestRightsRulesToUser, denyAllTestRightsRulesToAnotherWikiUser), |
232 |
|
Arrays.asList(allowAllTestRightsRulesToXuser, allowAllTestRightsRulesToUser, allowAllTestRightsRulesToAnotherWikiUser))); |
233 |
|
|
234 |
1 |
Deque<SecurityRuleEntry> allowThenDenyRulesForDocSpace |
235 |
|
= getMockedSecurityRuleEntries("allowThenDenyRulesForDocSpace", docRef, Arrays.asList( |
236 |
|
Arrays.asList(allowAllTestRightsRulesToXuser, allowAllTestRightsRulesToUser, |
237 |
|
allowAllTestRightsRulesToAnotherWikiUser), |
238 |
|
Arrays.asList(denyAllTestRightsRulesToXuser, denyAllTestRightsRulesToUser, denyAllTestRightsRulesToAnotherWikiUser))); |
239 |
|
|
240 |
1 |
Deque<SecurityRuleEntry> denyThenAllowRulesForDocSpace |
241 |
|
= getMockedSecurityRuleEntries("denyThenAllowRulesForDocSpace", docRef, Arrays.asList( |
242 |
|
Arrays.asList(denyAllTestRightsRulesToXuser, denyAllTestRightsRulesToUser, |
243 |
|
denyAllTestRightsRulesToAnotherWikiUser), |
244 |
|
Arrays.asList(allowAllTestRightsRulesToXuser, allowAllTestRightsRulesToUser, allowAllTestRightsRulesToAnotherWikiUser))); |
245 |
|
|
246 |
1 |
Deque<SecurityRuleEntry> allowThenDenyRulesForXDocWiki |
247 |
|
= getMockedSecurityRuleEntries("allowThenDenyRulesForXDocWiki", xdocRef, Arrays.asList( |
248 |
|
Arrays.asList(allowAllTestRightsRulesToXuser, allowAllTestRightsRulesToUser, |
249 |
|
allowAllTestRightsRulesToAnotherWikiUser), |
250 |
|
Collections.<SecurityRule>emptyList(), |
251 |
|
Arrays.asList(denyAllTestRightsRulesToXuser, denyAllTestRightsRulesToUser, |
252 |
|
denyAllTestRightsRulesToAnotherWikiUser))); |
253 |
|
|
254 |
1 |
Deque<SecurityRuleEntry> denyThenAllowRulesForXdocWiki |
255 |
|
= getMockedSecurityRuleEntries("denyThenAllowRulesForXdocWiki", xdocRef, Arrays.asList( |
256 |
|
Arrays.asList(denyAllTestRightsRulesToXuser, denyAllTestRightsRulesToUser, denyAllTestRightsRulesToAnotherWikiUser), |
257 |
|
Collections.<SecurityRule>emptyList(), |
258 |
|
Arrays.asList(allowAllTestRightsRulesToXuser, allowAllTestRightsRulesToUser, allowAllTestRightsRulesToAnotherWikiUser))); |
259 |
|
|
260 |
1 |
Deque<SecurityRuleEntry> allowThenDenyRulesForDocWiki |
261 |
|
= getMockedSecurityRuleEntries("allowThenDenyRulesForDocWiki", docRef, Arrays.asList( |
262 |
|
Arrays.asList(allowAllTestRightsRulesToXuser, allowAllTestRightsRulesToUser, allowAllTestRightsRulesToAnotherWikiUser), |
263 |
|
Collections.<SecurityRule>emptyList(), |
264 |
|
Arrays.asList(denyAllTestRightsRulesToXuser, denyAllTestRightsRulesToUser, denyAllTestRightsRulesToAnotherWikiUser))); |
265 |
|
|
266 |
1 |
Deque<SecurityRuleEntry> denyThenAllowRulesForDocWiki |
267 |
|
= getMockedSecurityRuleEntries("denyThenAllowRulesForDocWiki", docRef, Arrays.asList( |
268 |
|
Arrays.asList(denyAllTestRightsRulesToXuser, denyAllTestRightsRulesToUser, denyAllTestRightsRulesToAnotherWikiUser), |
269 |
|
Collections.<SecurityRule>emptyList(), |
270 |
|
Arrays.asList(allowAllTestRightsRulesToXuser, allowAllTestRightsRulesToUser, allowAllTestRightsRulesToAnotherWikiUser))); |
271 |
|
|
272 |
1 |
Deque<SecurityRuleEntry> allowThenDenyRulesForDocXWiki |
273 |
|
= getMockedSecurityRuleEntries("allowThenDenyRulesForDocXWiki", docRef, Arrays.asList( |
274 |
|
Arrays.asList(allowAllTestRightsRulesToXuser, allowAllTestRightsRulesToUser, allowAllTestRightsRulesToAnotherWikiUser), |
275 |
|
Collections.<SecurityRule>emptyList(), |
276 |
|
Collections.<SecurityRule>emptyList(), |
277 |
|
Arrays.asList(denyAllTestRightsRulesToXuser, denyAllTestRightsRulesToUser, denyAllTestRightsRulesToAnotherWikiUser))); |
278 |
|
|
279 |
1 |
Deque<SecurityRuleEntry> denyThenAllowRulesForDocXWiki |
280 |
|
= getMockedSecurityRuleEntries("denyThenAllowRulesForDocXWiki", docRef, Arrays.asList( |
281 |
|
Arrays.asList(denyAllTestRightsRulesToXuser, denyAllTestRightsRulesToUser, denyAllTestRightsRulesToAnotherWikiUser), |
282 |
|
Collections.<SecurityRule>emptyList(), |
283 |
|
Collections.<SecurityRule>emptyList(), |
284 |
|
Arrays.asList(allowAllTestRightsRulesToXuser, allowAllTestRightsRulesToUser, allowAllTestRightsRulesToAnotherWikiUser))); |
285 |
|
|
286 |
1 |
XWikiSecurityAccess allowDenyAccess = new XWikiSecurityAccess(); |
287 |
1 |
for (Right right : allTestRights) { |
288 |
8 |
allowDenyAccess.allow(right); |
289 |
|
} |
290 |
|
|
291 |
1 |
XWikiSecurityAccess denyAllowAccess = new XWikiSecurityAccess(); |
292 |
1 |
for (Right right : allTestRights) { |
293 |
8 |
denyAllowAccess.set(right, right.getInheritanceOverridePolicy() ? DENY : ALLOW); |
294 |
|
} |
295 |
|
|
296 |
1 |
assertAccess("When allowed right on doc are denied on space from main wiki for main wiki user, use inheritance policy", |
297 |
|
xuserRef, xdocRef, allowDenyAccess, |
298 |
|
authorizationSettler.settle(xuserRef, Collections.<GroupSecurityReference>emptyList(), |
299 |
|
allowThenDenyRulesForXdocSpace)); |
300 |
|
|
301 |
1 |
assertAccess("When denied right on doc are allowed on space from main wiki for main wiki user, use inheritance policy", |
302 |
|
xuserRef, xdocRef, denyAllowAccess, |
303 |
|
authorizationSettler.settle(xuserRef, Collections.<GroupSecurityReference>emptyList(), |
304 |
|
denyThenAllowRulesForXdocSpace)); |
305 |
|
|
306 |
1 |
assertAccess("When allowed right on doc are denied on space from local wiki for main wiki user, use inheritance policy", |
307 |
|
xuserRef, docRef, allowDenyAccess, |
308 |
|
authorizationSettler.settle(xuserRef, Collections.<GroupSecurityReference>emptyList(), |
309 |
|
allowThenDenyRulesForDocSpace)); |
310 |
|
|
311 |
1 |
assertAccess("When denied right on doc are allowed on space from local wiki for main wiki user, use inheritance policy", |
312 |
|
xuserRef, docRef, denyAllowAccess, |
313 |
|
authorizationSettler.settle(xuserRef, Collections.<GroupSecurityReference>emptyList(), |
314 |
|
denyThenAllowRulesForDocSpace)); |
315 |
|
|
316 |
1 |
assertAccess("When allowed right on doc are denied on space from local wiki for local wiki user, use inheritance policy", |
317 |
|
userRef, docRef, allowDenyAccess, |
318 |
|
authorizationSettler.settle(userRef, Collections.<GroupSecurityReference>emptyList(), |
319 |
|
allowThenDenyRulesForDocSpace)); |
320 |
|
|
321 |
1 |
assertAccess("When denied right on doc are allowed on space from local wiki for local wiki user, use inheritance policy", |
322 |
|
userRef, docRef, denyAllowAccess, |
323 |
|
authorizationSettler.settle(userRef, Collections.<GroupSecurityReference>emptyList(), |
324 |
|
denyThenAllowRulesForDocSpace)); |
325 |
|
|
326 |
1 |
assertAccess("When allowed right on doc are denied on space from local wiki for another wiki user, use inheritance policy", |
327 |
|
anotherWikiUserRef, docRef, allowDenyAccess, |
328 |
|
authorizationSettler.settle(anotherWikiUserRef, Collections.<GroupSecurityReference>emptyList(), |
329 |
|
allowThenDenyRulesForDocSpace)); |
330 |
|
|
331 |
1 |
assertAccess("When denied right on doc are allowed on space from local wiki for another wiki user, use inheritance policy", |
332 |
|
anotherWikiUserRef, docRef, denyAllowAccess, |
333 |
|
authorizationSettler.settle(anotherWikiUserRef, Collections.<GroupSecurityReference>emptyList(), |
334 |
|
denyThenAllowRulesForDocSpace)); |
335 |
|
|
336 |
|
|
337 |
1 |
assertAccess("When allowed right on doc are denied on wiki from main wiki for main wiki user, use inheritance policy", |
338 |
|
xuserRef, xdocRef, allowDenyAccess, |
339 |
|
authorizationSettler.settle(xuserRef, Collections.<GroupSecurityReference>emptyList(), |
340 |
|
allowThenDenyRulesForXDocWiki)); |
341 |
|
|
342 |
1 |
assertAccess("When denied right on doc are allowed on wiki from main wiki for main wiki user, use inheritance policy", |
343 |
|
xuserRef, xdocRef, denyAllowAccess, |
344 |
|
authorizationSettler.settle(xuserRef, Collections.<GroupSecurityReference>emptyList(), |
345 |
|
denyThenAllowRulesForXdocWiki)); |
346 |
|
|
347 |
1 |
assertAccess("When allowed right on doc are denied on wiki from local wiki for main wiki user, use inheritance policy", |
348 |
|
xuserRef, docRef, allowDenyAccess, |
349 |
|
authorizationSettler.settle(xuserRef, Collections.<GroupSecurityReference>emptyList(), |
350 |
|
allowThenDenyRulesForDocWiki)); |
351 |
|
|
352 |
1 |
assertAccess("When denied right on doc are allowed on wiki from local wiki for main wiki user, use inheritance policy", |
353 |
|
xuserRef, docRef, denyAllowAccess, |
354 |
|
authorizationSettler.settle(xuserRef, Collections.<GroupSecurityReference>emptyList(), |
355 |
|
denyThenAllowRulesForDocWiki)); |
356 |
|
|
357 |
1 |
assertAccess("When allowed right on doc are denied on wiki from local wiki for local wiki user, use inheritance policy", |
358 |
|
userRef, docRef, allowDenyAccess, |
359 |
|
authorizationSettler.settle(userRef, Collections.<GroupSecurityReference>emptyList(), |
360 |
|
allowThenDenyRulesForDocWiki)); |
361 |
|
|
362 |
1 |
assertAccess("When denied right on doc are allowed on wiki from local wiki for local wiki user, use inheritance policy", |
363 |
|
userRef, docRef, denyAllowAccess, |
364 |
|
authorizationSettler.settle(userRef, Collections.<GroupSecurityReference>emptyList(), |
365 |
|
denyThenAllowRulesForDocWiki)); |
366 |
|
|
367 |
1 |
assertAccess("When allowed right on doc are denied on wiki from local wiki for another wiki user, use inheritance policy", |
368 |
|
anotherWikiUserRef, docRef, allowDenyAccess, |
369 |
|
authorizationSettler.settle(anotherWikiUserRef, Collections.<GroupSecurityReference>emptyList(), |
370 |
|
allowThenDenyRulesForDocWiki)); |
371 |
|
|
372 |
1 |
assertAccess("When denied right on doc are allowed on wiki from local wiki for another wiki user, use inheritance policy", |
373 |
|
anotherWikiUserRef, docRef, denyAllowAccess, |
374 |
|
authorizationSettler.settle(anotherWikiUserRef, Collections.<GroupSecurityReference>emptyList(), |
375 |
|
denyThenAllowRulesForDocWiki)); |
376 |
|
|
377 |
|
|
378 |
1 |
assertAccess("When allowed right on doc are denied on main wiki from local wiki for local wiki user, use inheritance policy", |
379 |
|
userRef, docRef, allowDenyAccess, |
380 |
|
authorizationSettler.settle(userRef, Collections.<GroupSecurityReference>emptyList(), |
381 |
|
allowThenDenyRulesForDocXWiki)); |
382 |
|
|
383 |
1 |
assertAccess("When denied right on doc are allowed on main wiki from local wiki for local wiki user, use inheritance policy", |
384 |
|
userRef, docRef, denyAllowAccess, |
385 |
|
authorizationSettler.settle(userRef, Collections.<GroupSecurityReference>emptyList(), |
386 |
|
denyThenAllowRulesForDocXWiki)); |
387 |
|
|
388 |
1 |
assertAccess("When allowed right on doc are denied on main wiki from local wiki for another wiki user, use inheritance policy", |
389 |
|
anotherWikiUserRef, docRef, allowDenyAccess, |
390 |
|
authorizationSettler.settle(anotherWikiUserRef, Collections.<GroupSecurityReference>emptyList(), |
391 |
|
allowThenDenyRulesForDocXWiki)); |
392 |
|
|
393 |
1 |
assertAccess("When denied right on doc are allowed on main wiki from local wiki for another wiki user, use inheritance policy", |
394 |
|
anotherWikiUserRef, docRef, denyAllowAccess, |
395 |
|
authorizationSettler.settle(anotherWikiUserRef, Collections.<GroupSecurityReference>emptyList(), |
396 |
|
denyThenAllowRulesForDocXWiki)); |
397 |
|
|
398 |
|
} |
399 |
|
|
|
|
| 100% |
Uncovered Elements: 0 (24) |
Complexity: 1 |
Complexity Density: 0.04 |
1PASS
|
|
400 |
1 |
@Test... |
401 |
|
public void testSettleTieResolutionPolicy() throws Exception |
402 |
|
{ |
403 |
1 |
SecurityRule allowAllTestRightsUserAndAnotherGroup = getMockedSecurityRule("allowAllTestRightsUserAndAnotherGroup", |
404 |
|
Arrays.asList(userRef), Arrays.asList(anotherGroupRef), allTestRights, ALLOW); |
405 |
1 |
SecurityRule denyAllTestRightsUserAndAnotherGroup = getMockedSecurityRule("denyAllTestRightsUserAndAnotherGroup", |
406 |
|
Arrays.asList(userRef), Arrays.asList(anotherGroupRef), allTestRights, DENY); |
407 |
1 |
SecurityRule denyAllTestRightsAnotherUserAndGroup = getMockedSecurityRule("denyAllTestRightsAnotherUserAndGroup", |
408 |
|
Arrays.asList(anotherUserRef), Arrays.asList(groupRef), allTestRights, DENY); |
409 |
|
|
410 |
|
|
411 |
1 |
Deque<SecurityRuleEntry> conflictAllowDenySameTarget |
412 |
|
= getMockedSecurityRuleEntries("conflictAllowDenySameTarget", docRef, Arrays.asList( |
413 |
|
Arrays.asList(allowAllTestRightsUserAndAnotherGroup, denyAllTestRightsUserAndAnotherGroup))); |
414 |
1 |
Deque<SecurityRuleEntry> conflictDenyAllowSameTarget |
415 |
|
= getMockedSecurityRuleEntries("conflictDenyAllowSameTarget", docRef, Arrays.asList( |
416 |
|
Arrays.asList(denyAllTestRightsUserAndAnotherGroup, allowAllTestRightsUserAndAnotherGroup))); |
417 |
1 |
Deque<SecurityRuleEntry> conflictAllowDenyUserGroup |
418 |
|
= getMockedSecurityRuleEntries("conflictAllowDenyUserGroup", docRef, Arrays.asList( |
419 |
|
Arrays.asList(allowAllTestRightsUserAndAnotherGroup, denyAllTestRightsAnotherUserAndGroup))); |
420 |
1 |
Deque<SecurityRuleEntry> conflictDenyAllowUserGroup |
421 |
|
= getMockedSecurityRuleEntries("conflictDenyAllowUserGroup", docRef, Arrays.asList( |
422 |
|
Arrays.asList(denyAllTestRightsAnotherUserAndGroup, allowAllTestRightsUserAndAnotherGroup))); |
423 |
|
|
424 |
1 |
XWikiSecurityAccess allowAccess = defaultAccess.clone(); |
425 |
1 |
for (Right right : allTestRights) { |
426 |
8 |
allowAccess.allow(right); |
427 |
|
} |
428 |
|
|
429 |
1 |
XWikiSecurityAccess denyAccess = defaultAccess.clone(); |
430 |
1 |
for (Right right : allTestRights) { |
431 |
8 |
denyAccess.deny(right); |
432 |
|
} |
433 |
|
|
434 |
1 |
XWikiSecurityAccess tieAccess = defaultAccess.clone(); |
435 |
1 |
for (Right right : allTestRights) { |
436 |
8 |
tieAccess.set(right, right.getTieResolutionPolicy()); |
437 |
|
} |
438 |
|
|
439 |
1 |
assertAccess("When allowed right for user is denied for same user in another rule, use tie resolution policy", |
440 |
|
userRef, docRef, tieAccess, |
441 |
|
authorizationSettler.settle(userRef, Arrays.asList(groupRef), conflictAllowDenySameTarget)); |
442 |
|
|
443 |
1 |
assertAccess("When denied right for user is allowed for same user in another rule, use tie resolution policy", |
444 |
|
userRef, docRef, tieAccess, |
445 |
|
authorizationSettler.settle(userRef, Arrays.asList(groupRef), conflictDenyAllowSameTarget)); |
446 |
|
|
447 |
1 |
assertAccess("When allowed right for group is denied for same group in another rule, use tie resolution policy", |
448 |
|
anotherUserRef, docRef, tieAccess, |
449 |
|
authorizationSettler.settle(anotherUserRef, Arrays.asList(anotherGroupRef), conflictAllowDenySameTarget)); |
450 |
|
|
451 |
1 |
assertAccess("When denied right for group is allowed for same group in another rule, use tie resolution policy", |
452 |
|
anotherUserRef, docRef, tieAccess, |
453 |
|
authorizationSettler.settle(anotherUserRef, Arrays.asList(anotherGroupRef), conflictDenyAllowSameTarget)); |
454 |
|
|
455 |
1 |
assertAccess("When allowed right for user is denied for its group in another rule, allow it.", |
456 |
|
userRef, docRef, allowAccess, |
457 |
|
authorizationSettler.settle(userRef, Arrays.asList(groupRef), conflictAllowDenyUserGroup)); |
458 |
|
|
459 |
1 |
assertAccess("When allowed right for group is denied for one of its user in another rule, deny it.", |
460 |
|
anotherUserRef, docRef, denyAccess, |
461 |
|
authorizationSettler.settle(anotherUserRef, Arrays.asList(anotherGroupRef), conflictAllowDenyUserGroup)); |
462 |
|
|
463 |
1 |
assertAccess("When denied right for group is allowed for one of its user in another rule, allow it.", |
464 |
|
userRef, docRef, allowAccess, |
465 |
|
authorizationSettler.settle(userRef, Arrays.asList(groupRef), conflictDenyAllowUserGroup)); |
466 |
|
|
467 |
1 |
assertAccess("When denied right for user is allowed for its group in another rule, deny it.", |
468 |
|
anotherUserRef, docRef, denyAccess, |
469 |
|
authorizationSettler.settle(anotherUserRef, Arrays.asList(anotherGroupRef), conflictDenyAllowUserGroup)); |
470 |
|
|
471 |
|
} |
472 |
|
|
|
|
| 100% |
Uncovered Elements: 0 (11) |
Complexity: 1 |
Complexity Density: 0.09 |
1PASS
|
|
473 |
1 |
@Test... |
474 |
|
public void testSettleOneAllowImpliesDenyForAllOthers() throws Exception |
475 |
|
{ |
476 |
1 |
XWikiSecurityAccess defaultAllowRight0 = defaultAccess.clone(); |
477 |
1 |
XWikiSecurityAccess defaultDenyRight0 = defaultAccess.clone(); |
478 |
1 |
XWikiSecurityAccess defaultAllowRight6 = defaultAccess.clone(); |
479 |
1 |
defaultAllowRight0.allow(allTestRights.get(0)); |
480 |
1 |
defaultDenyRight0.deny(allTestRights.get(0)); |
481 |
1 |
defaultAllowRight6.allow(allTestRights.get(6)); |
482 |
|
|
483 |
1 |
assertAccess("When an allow rules is found, deny any not matching user", |
484 |
|
anotherUserRef, docRef, defaultDenyRight0, |
485 |
|
authorizationSettler.settle(anotherUserRef, Arrays.asList(anotherGroupRef), |
486 |
|
getMockedSecurityRuleEntries("onlyRight0", |
487 |
|
docRef, |
488 |
|
Arrays.asList(Arrays.asList(getMockedSecurityRule( |
489 |
|
"onlyRight0", |
490 |
|
Arrays.asList(userRef), |
491 |
|
Collections.<GroupSecurityReference>emptyList(), |
492 |
|
Arrays.asList(allTestRights.get(0)), |
493 |
|
RuleState.ALLOW)))))); |
494 |
|
|
495 |
|
|
496 |
1 |
assertAccess("When an allow rules is found, do not deny a user matching in another rule", |
497 |
|
anotherUserRef, docRef, defaultAllowRight6, |
498 |
|
authorizationSettler.settle(anotherUserRef, Arrays.asList(anotherGroupRef), |
499 |
|
getMockedSecurityRuleEntries("allowRight6ToAnotherUser", |
500 |
|
docRef, |
501 |
|
Arrays.asList(Arrays.asList( |
502 |
|
getMockedSecurityRule( |
503 |
|
"allowRight6ToUser", |
504 |
|
Arrays.asList(userRef), |
505 |
|
Collections.<GroupSecurityReference>emptyList(), |
506 |
|
Arrays.asList(allTestRights.get(6)), |
507 |
|
RuleState.ALLOW), |
508 |
|
getMockedSecurityRule( |
509 |
|
"allowRight6ToAnotherUser", |
510 |
|
Arrays.asList(anotherUserRef), |
511 |
|
Collections.<GroupSecurityReference>emptyList(), |
512 |
|
Arrays.asList(allTestRights.get(6)), |
513 |
|
RuleState.ALLOW)))))); |
514 |
|
|
515 |
1 |
assertAccess("When an allow rules is found, do not deny a user matching in another rule", |
516 |
|
anotherUserRef, docRef, defaultAllowRight6, |
517 |
|
authorizationSettler.settle(anotherUserRef, Arrays.asList(anotherGroupRef), |
518 |
|
getMockedSecurityRuleEntries("allowRight6ToAnotherGroup", |
519 |
|
docRef, |
520 |
|
Arrays.asList(Arrays.asList( |
521 |
|
getMockedSecurityRule( |
522 |
|
"allowRight6ToUserAndGroup", |
523 |
|
Arrays.asList(userRef), |
524 |
|
Arrays.asList(groupRef), |
525 |
|
Arrays.asList(allTestRights.get(6)), |
526 |
|
RuleState.ALLOW), |
527 |
|
getMockedSecurityRule( |
528 |
|
"allowRight6ToAnotherGroup", |
529 |
|
Collections.<UserSecurityReference>emptyList(), |
530 |
|
Arrays.asList(anotherGroupRef), |
531 |
|
Arrays.asList(allTestRights.get(6)), |
532 |
|
RuleState.ALLOW)))))); |
533 |
|
|
534 |
1 |
assertAccess("When an allow rules is found, do not deny a user matching the rule", |
535 |
|
userRef, docRef, defaultAllowRight6, |
536 |
|
authorizationSettler.settle(userRef, Arrays.asList(groupRef), |
537 |
|
getMockedSecurityRuleEntries("onlyRight6", |
538 |
|
docRef, |
539 |
|
Arrays.asList(Arrays.asList(getMockedSecurityRule( |
540 |
|
"onlyRight6", |
541 |
|
Arrays.asList(userRef), |
542 |
|
Collections.<GroupSecurityReference>emptyList(), |
543 |
|
Arrays.asList(allTestRights.get(6)), |
544 |
|
RuleState.ALLOW)))))); |
545 |
|
|
546 |
1 |
assertAccess("When an allow rules is found, do not deny a user matching a group in the rule", |
547 |
|
anotherUserRef, docRef, defaultAllowRight6, |
548 |
|
authorizationSettler.settle(anotherUserRef, Arrays.asList(anotherGroupRef), |
549 |
|
getMockedSecurityRuleEntries("allowRight6", |
550 |
|
docRef, |
551 |
|
Arrays.asList(Arrays.asList( |
552 |
|
getMockedSecurityRule( |
553 |
|
"allowRight6ToUserAndAnotherGroup", |
554 |
|
Arrays.asList(userRef), |
555 |
|
Arrays.asList(anotherGroupRef), |
556 |
|
Arrays.asList(allTestRights.get(6)), |
557 |
|
RuleState.ALLOW)))))); |
558 |
|
|
559 |
|
} |
560 |
|
|
|
|
| 100% |
Uncovered Elements: 0 (47) |
Complexity: 1 |
Complexity Density: 0.02 |
1PASS
|
|
561 |
1 |
@Test... |
562 |
|
public void testSettleRightWithImpliedRights() throws Exception |
563 |
|
{ |
564 |
1 |
SecurityRule allowImpliedADT = getMockedSecurityRule("allowImpliedADT", |
565 |
|
Arrays.asList(userRef), Arrays.asList(anotherGroupRef), Arrays.asList(impliedTestRightsADT), ALLOW); |
566 |
1 |
SecurityRule denyImpliedADT = getMockedSecurityRule("denyImpliedADT", |
567 |
|
Arrays.asList(userRef), Arrays.asList(anotherGroupRef), Arrays.asList(impliedTestRightsADT), DENY); |
568 |
|
|
569 |
1 |
SecurityRule allowImpliedDAF = getMockedSecurityRule("allowImpliedDAF", |
570 |
|
Arrays.asList(userRef), Arrays.asList(anotherGroupRef), Arrays.asList(impliedTestRightsDAF), ALLOW); |
571 |
1 |
SecurityRule denyImpliedDAF = getMockedSecurityRule("denyImpliedDAF", |
572 |
|
Arrays.asList(userRef), Arrays.asList(anotherGroupRef), Arrays.asList(impliedTestRightsDAF), DENY); |
573 |
|
|
574 |
|
|
575 |
1 |
XWikiSecurityAccess allowAccessADT = defaultAccess.clone(); |
576 |
1 |
allowAccessADT.set(impliedTestRightsADT, ALLOW); |
577 |
1 |
for (Right right : allTestRights) { |
578 |
8 |
allowAccessADT.allow(right); |
579 |
|
} |
580 |
1 |
XWikiSecurityAccess tieADT = defaultAccess.clone(); |
581 |
1 |
tieADT.set(impliedTestRightsADT, ALLOW); |
582 |
1 |
for (Right right : allTestRights) { |
583 |
8 |
tieADT.set(right, right.getTieResolutionPolicy()); |
584 |
|
} |
585 |
1 |
XWikiSecurityAccess allowAccessDAF = defaultAccess.clone(); |
586 |
1 |
allowAccessDAF.set(impliedTestRightsDAF, ALLOW); |
587 |
1 |
for (Right right : allTestRights) { |
588 |
8 |
allowAccessDAF.allow(right); |
589 |
|
} |
590 |
1 |
XWikiSecurityAccess denyADTAccess = defaultAccess.clone(); |
591 |
1 |
denyADTAccess.deny(impliedTestRightsADT); |
592 |
1 |
XWikiSecurityAccess denyDAFAccess = defaultAccess.clone(); |
593 |
1 |
denyDAFAccess.deny(impliedTestRightsDAF); |
594 |
|
|
595 |
1 |
XWikiSecurityAccess denyAccessADT = defaultAccess.clone(); |
596 |
1 |
denyAccessADT.set(impliedTestRightsADT, ALLOW); |
597 |
1 |
for (Right right : allTestRights) { |
598 |
8 |
denyAccessADT.deny(right); |
599 |
|
} |
600 |
1 |
XWikiSecurityAccess denyAccessDAF = defaultAccess.clone(); |
601 |
1 |
denyAccessDAF.set(impliedTestRightsDAF, ALLOW); |
602 |
1 |
for (Right right : allTestRights) { |
603 |
8 |
denyAccessDAF.deny(right); |
604 |
|
} |
605 |
|
|
606 |
|
|
607 |
|
|
608 |
1 |
assertAccess("When a right implying others rights is allowed, imply those rights (ADT)", |
609 |
|
userRef, docRef, allowAccessADT, |
610 |
|
authorizationSettler.settle(userRef, Arrays.asList(groupRef), |
611 |
|
getMockedSecurityRuleEntries("allowAccessADT", docRef, |
612 |
|
Arrays.asList(Arrays.asList(allowImpliedADT))))); |
613 |
|
|
614 |
1 |
assertAccess("When a right implying others rights is allowed, imply those rights (DAF)", |
615 |
|
userRef, docRef, allowAccessDAF, |
616 |
|
authorizationSettler.settle(userRef, Arrays.asList(groupRef), |
617 |
|
getMockedSecurityRuleEntries("allowAccessDAF", docRef, |
618 |
|
Arrays.asList(Arrays.asList(allowImpliedDAF))))); |
619 |
|
|
620 |
1 |
assertAccess("When a right implying others rights is denied, do not denied implied rights (ADT)", |
621 |
|
userRef, docRef, denyADTAccess, |
622 |
|
authorizationSettler.settle(userRef, Arrays.asList(groupRef), |
623 |
|
getMockedSecurityRuleEntries("denyAccessADT", docRef, |
624 |
|
Arrays.asList(Arrays.asList(denyImpliedADT))))); |
625 |
|
|
626 |
1 |
assertAccess("When a right implying others rights is denied, do not denied implied rights (DAF)", |
627 |
|
userRef, docRef, denyDAFAccess, |
628 |
|
authorizationSettler.settle(userRef, Arrays.asList(groupRef), |
629 |
|
getMockedSecurityRuleEntries("denyAccessDAF", docRef, |
630 |
|
Arrays.asList(Arrays.asList(denyImpliedDAF))))); |
631 |
|
|
632 |
1 |
SecurityRule allowAllTestRightsUserAndAnotherGroup = getMockedSecurityRule("allowAllTestRightsUserAndAnotherGroup", |
633 |
|
Arrays.asList(userRef), Arrays.asList(anotherGroupRef), allTestRights, ALLOW); |
634 |
1 |
SecurityRule denyAllTestRightsUserAndAnotherGroup = getMockedSecurityRule("denyAllTestRightsUserAndAnotherGroup", |
635 |
|
Arrays.asList(userRef), Arrays.asList(anotherGroupRef), allTestRights, DENY); |
636 |
1 |
SecurityRule denyAllTestRightsAnotherUserAndGroup = getMockedSecurityRule("denyAllTestRightsAnotherUserAndGroup", |
637 |
|
Arrays.asList(anotherUserRef), Arrays.asList(groupRef), allTestRights, DENY); |
638 |
|
|
639 |
|
|
640 |
1 |
Deque<SecurityRuleEntry> conflictAllowDenySameTargetADT |
641 |
|
= getMockedSecurityRuleEntries("conflictAllowDenySameTargetADT", docRef, Arrays.asList( |
642 |
|
Arrays.asList(allowImpliedADT, denyAllTestRightsUserAndAnotherGroup))); |
643 |
1 |
Deque<SecurityRuleEntry> conflictAllowDenySameTargetDAF |
644 |
|
= getMockedSecurityRuleEntries("conflictAllowDenySameTargetDAF", docRef, Arrays.asList( |
645 |
|
Arrays.asList(allowImpliedDAF, denyAllTestRightsUserAndAnotherGroup))); |
646 |
|
|
647 |
1 |
Deque<SecurityRuleEntry> conflictAllowDenyUserGroupADT |
648 |
|
= getMockedSecurityRuleEntries("conflictAllowDenyUserGroupADT", docRef, Arrays.asList( |
649 |
|
Arrays.asList(allowImpliedADT, denyAllTestRightsAnotherUserAndGroup))); |
650 |
1 |
Deque<SecurityRuleEntry> conflictAllowDenyUserGroupDAF |
651 |
|
= getMockedSecurityRuleEntries("conflictAllowDenyUserGroupDAF", docRef, Arrays.asList( |
652 |
|
Arrays.asList(allowImpliedDAF, denyAllTestRightsAnotherUserAndGroup))); |
653 |
|
|
654 |
1 |
assertAccess("When allowed implied right for user is denied for same user in another rule, use most favorable tie resolution policy (ADT)", |
655 |
|
userRef, docRef, tieADT, |
656 |
|
authorizationSettler.settle(userRef, Arrays.asList(groupRef), conflictAllowDenySameTargetADT)); |
657 |
|
|
658 |
1 |
assertAccess("When allowed implied right for user is denied for same user in another rule, use most favorable tie resolution policy (DAF)", |
659 |
|
userRef, docRef, allowAccessDAF, |
660 |
|
authorizationSettler.settle(userRef, Arrays.asList(groupRef), conflictAllowDenySameTargetDAF)); |
661 |
|
|
662 |
1 |
assertAccess("When allowed implied right for group is denied for same group in another rule, use most favorable tie resolution policy (ADT)", |
663 |
|
anotherUserRef, docRef, tieADT, |
664 |
|
authorizationSettler.settle(anotherUserRef, Arrays.asList(anotherGroupRef), conflictAllowDenySameTargetADT)); |
665 |
|
|
666 |
1 |
assertAccess("When allowed implied right for group is denied for same group in another rule, use most favorable tie resolution policy (DAF)", |
667 |
|
anotherUserRef, docRef, allowAccessDAF, |
668 |
|
authorizationSettler.settle(anotherUserRef, Arrays.asList(anotherGroupRef), conflictAllowDenySameTargetDAF)); |
669 |
|
|
670 |
1 |
assertAccess("When allowed implied right for user is denied for its group in another rule, allow it. (ADT)", |
671 |
|
userRef, docRef, allowAccessADT, |
672 |
|
authorizationSettler.settle(userRef, Arrays.asList(groupRef), conflictAllowDenyUserGroupADT)); |
673 |
|
|
674 |
1 |
assertAccess("When allowed implied right for user is denied for its group in another rule, allow it. (DAF)", |
675 |
|
userRef, docRef, allowAccessDAF, |
676 |
|
authorizationSettler.settle(userRef, Arrays.asList(groupRef), conflictAllowDenyUserGroupDAF)); |
677 |
|
|
678 |
1 |
assertAccess("When allowed implied right for group is denied for one of its user in another rule, deny it. (ADT)", |
679 |
|
anotherUserRef, docRef, denyAccessADT, |
680 |
|
authorizationSettler.settle(anotherUserRef, Arrays.asList(anotherGroupRef), conflictAllowDenyUserGroupADT)); |
681 |
|
|
682 |
1 |
assertAccess("When allowed implied right for group is denied for one of its user in another rule, deny it. (DAF)", |
683 |
|
anotherUserRef, docRef, denyAccessDAF, |
684 |
|
authorizationSettler.settle(anotherUserRef, Arrays.asList(anotherGroupRef), conflictAllowDenyUserGroupDAF)); |
685 |
|
} |
686 |
|
|
|
|
| 100% |
Uncovered Elements: 0 (4) |
Complexity: 1 |
Complexity Density: 0.25 |
1PASS
|
|
687 |
1 |
@Test... |
688 |
|
public void testSettleNewRightJustAdded() throws Exception |
689 |
|
{ |
690 |
1 |
Right newRight = getNewTestRight("RightAddedLater",DENY,DENY,true); |
691 |
1 |
XWikiSecurityAccess defaultNewRight = defaultAccess.clone(); |
692 |
1 |
defaultNewRight.allow(newRight); |
693 |
|
|
694 |
1 |
assertAccess("Allow a new right just added now", |
695 |
|
userRef, docRef, defaultNewRight, |
696 |
|
authorizationSettler.settle(userRef, Arrays.asList(groupRef), |
697 |
|
getMockedSecurityRuleEntries("onlyNewRight", |
698 |
|
docRef, |
699 |
|
Arrays.asList(Arrays.asList(getMockedSecurityRule( |
700 |
|
"onlyNewRight", |
701 |
|
Arrays.asList(userRef), |
702 |
|
Collections.<GroupSecurityReference>emptyList(), |
703 |
|
Arrays.asList(newRight), |
704 |
|
RuleState.ALLOW)))))); |
705 |
|
} |
706 |
|
|
|
|
| 100% |
Uncovered Elements: 0 (2) |
Complexity: 1 |
Complexity Density: 0.5 |
1PASS
|
|
707 |
1 |
@Test... |
708 |
|
public void testSettleEntityTypeWithoutAnyEnabledRight() throws Exception |
709 |
|
{ |
710 |
1 |
SecurityRule allowAllTestRightsRulesToXuser = getMockedSecurityRule("allowAllTestRightsRulesToXuser", |
711 |
|
Collections.singletonList(xuserRef), Collections.<GroupSecurityReference>emptyList(), allTestRights, ALLOW); |
712 |
|
|
713 |
1 |
assertAccess("Allow rights to entity without any acceptable right on itself but having some (XWIKI-12552)", |
714 |
|
xuserRef, xattachmentRef, defaultAccess, |
715 |
|
authorizationSettler.settle(xuserRef, Collections.<GroupSecurityReference>emptyList(), |
716 |
|
getMockedSecurityRuleEntries("allrights", |
717 |
|
xattachmentRef, |
718 |
|
Collections.singletonList(Collections.singletonList(allowAllTestRightsRulesToXuser))))); |
719 |
|
} |
720 |
|
} |