plugins/acl/project-role-based/src/main/test/java/org/apache/cloudstack/acl/ProjectRoleBasedApiAccessCheckerTest.java - cloudstack - Git at Google

 // Licensed to the Apache Software Foundation (ASF) under one
 // or more contributor license agreements.  See the NOTICE file
 // distributed with this work for additional information
 // regarding copyright ownership.  The ASF licenses this file
 // to you under the Apache License, Version 2.0 (the
 // "License"); you may not use this file except in compliance
 // with the License.  You may obtain a copy of the License at
 //
 //   http://www.apache.org/licenses/LICENSE-2.0
 //
 // Unless required by applicable law or agreed to in writing,
 // software distributed under the License is distributed on an
 // "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
 // KIND, either express or implied.  See the License for the
 // specific language governing permissions and limitations
 // under the License.
 package org.apache.cloudstack.acl;

 import com.cloud.exception.PermissionDeniedException;
 import com.cloud.projects.Project;
 import com.cloud.projects.ProjectAccount;
 import com.cloud.projects.ProjectAccountVO;
 import com.cloud.projects.ProjectVO;
 import com.cloud.projects.dao.ProjectAccountDao;
 import com.cloud.user.User;
 import com.cloud.user.UserVO;

 import org.apache.cloudstack.context.CallContext;
 import org.junit.Assert;
 import org.junit.Before;
 import org.junit.Test;
 import org.junit.runner.RunWith;
 import org.mockito.InjectMocks;
 import org.mockito.Mock;
 import org.mockito.Mockito;
 import org.powermock.api.mockito.PowerMockito;
 import org.powermock.core.classloader.annotations.PrepareForTest;
 import org.powermock.modules.junit4.PowerMockRunner;

 import java.util.ArrayList;
 import java.util.Arrays;
 import java.util.List;

 import junit.framework.TestCase;

 @RunWith(PowerMockRunner.class)
 @PrepareForTest(CallContext.class)
 public class ProjectRoleBasedApiAccessCheckerTest extends TestCase {
     @Mock
     ProjectAccountDao projectAccountDaoMock;

     @Mock
     RoleService roleServiceMock;

     @Mock
     ProjectAccountVO projectAccountVOMock;

     @Mock
     CallContext callContextMock;

     @InjectMocks
     ProjectRoleBasedApiAccessChecker projectRoleBasedApiAccessCheckerSpy = Mockito.spy(ProjectRoleBasedApiAccessChecker.class);

     List<String> apiNames = new ArrayList<>(Arrays.asList("apiName"));

     @Before
     public void setup() {

         Mockito.doReturn(true).when(roleServiceMock).isEnabled();
     }

     public Project getTestProject() {
         return new ProjectVO("Teste", "Teste", 1L, 1L);
     }

     private User getTestUser() {
         return new UserVO(12L, "some user", "password", "firstName", "lastName",
                 "email@gmail.com", "GMT", "uuid", User.Source.UNKNOWN);
     }

     @Test
     public void getApisAllowedToUserTestRoleServiceIsDisabledShouldReturnUnchangedApiList() {
         Mockito.doReturn(false).when(roleServiceMock).isEnabled();

         List<String> apisReceived = projectRoleBasedApiAccessCheckerSpy.getApisAllowedToUser(null, getTestUser(), apiNames);
         Assert.assertEquals(1, apisReceived.size());
     }

     @Test
     public void getApisAllowedToUserTestProjectIsNullShouldReturnUnchangedApiList() {
         PowerMockito.mockStatic(CallContext.class);
         PowerMockito.when(CallContext.current()).thenReturn(callContextMock);

         Mockito.doReturn(null).when(callContextMock).getProject();

         List<String> apisReceived = projectRoleBasedApiAccessCheckerSpy.getApisAllowedToUser(null, getTestUser(), apiNames);
         Assert.assertEquals(1, apisReceived.size());
     }

     @Test (expected = PermissionDeniedException.class)
     public void getApisAllowedToUserTestProjectAccountIsNullThrowPermissionDeniedException() {
         PowerMockito.mockStatic(CallContext.class);
         PowerMockito.when(CallContext.current()).thenReturn(callContextMock);

         Mockito.when(callContextMock.getProject()).thenReturn(getTestProject());
         Mockito.when(projectAccountDaoMock.findByProjectIdAccountId(Mockito.anyLong(), Mockito.anyLong())).thenReturn(null);
         Mockito.when(projectAccountDaoMock.findByProjectIdUserId(Mockito.anyLong(), Mockito.anyLong(), Mockito.anyLong())).thenReturn(null);

         projectRoleBasedApiAccessCheckerSpy.getApisAllowedToUser(null, getTestUser(), apiNames);
     }

     @Test
     public void getApisAllowedToUserTestProjectAccountHasAdminRoleReturnsUnchangedApiList() {
         PowerMockito.mockStatic(CallContext.class);
         PowerMockito.when(CallContext.current()).thenReturn(callContextMock);

         Mockito.doReturn(getTestProject()).when(callContextMock).getProject();
         Mockito.doReturn(projectAccountVOMock).when(projectAccountDaoMock).findByProjectIdUserId(Mockito.anyLong(), Mockito.anyLong(), Mockito.anyLong());
         Mockito.doReturn(ProjectAccount.Role.Admin).when(projectAccountVOMock).getAccountRole();

         List<String> apisReceived = projectRoleBasedApiAccessCheckerSpy.getApisAllowedToUser(null, getTestUser(), apiNames);
         Assert.assertEquals(1, apisReceived.size());
     }

     @Test
     public void getApisAllowedToUserTestProjectAccountNotPermittedForTheApiListShouldReturnEmptyList() {
         PowerMockito.mockStatic(CallContext.class);
         PowerMockito.when(CallContext.current()).thenReturn(callContextMock);

         Mockito.doReturn(getTestProject()).when(callContextMock).getProject();
         Mockito.doReturn(projectAccountVOMock).when(projectAccountDaoMock).findByProjectIdUserId(Mockito.anyLong(), Mockito.anyLong(), Mockito.anyLong());
         Mockito.doReturn(ProjectAccount.Role.Regular).when(projectAccountVOMock).getAccountRole();
         Mockito.doReturn(false).when(projectRoleBasedApiAccessCheckerSpy).isPermitted(Mockito.any(Project.class), Mockito.any(ProjectAccount.class), Mockito.anyString());


         List<String> apisReceived = projectRoleBasedApiAccessCheckerSpy.getApisAllowedToUser(null, getTestUser(), apiNames);
         Assert.assertTrue(apisReceived.isEmpty());
     }

     @Test
     public void getApisAllowedToUserTestProjectAccountPermittedForTheApiListShouldReturnTheSameList() {
         PowerMockito.mockStatic(CallContext.class);
         PowerMockito.when(CallContext.current()).thenReturn(callContextMock);

         Mockito.doReturn(getTestProject()).when(callContextMock).getProject();
         Mockito.doReturn(projectAccountVOMock).when(projectAccountDaoMock).findByProjectIdUserId(Mockito.anyLong(), Mockito.anyLong(), Mockito.anyLong());
         Mockito.doReturn(ProjectAccount.Role.Regular).when(projectAccountVOMock).getAccountRole();
         Mockito.doReturn(true).when(projectRoleBasedApiAccessCheckerSpy).isPermitted(Mockito.any(Project.class), Mockito.any(ProjectAccount.class), Mockito.anyString());


         List<String> apisReceived = projectRoleBasedApiAccessCheckerSpy.getApisAllowedToUser(null, getTestUser(), apiNames);
         Assert.assertEquals(1, apisReceived.size());
     }
 }
	// Licensed to the Apache Software Foundation (ASF) under one
	// or more contributor license agreements. See the NOTICE file
	// distributed with this work for additional information
	// regarding copyright ownership. The ASF licenses this file
	// to you under the Apache License, Version 2.0 (the
	// "License"); you may not use this file except in compliance
	// with the License. You may obtain a copy of the License at
	//
	// http://www.apache.org/licenses/LICENSE-2.0
	//
	// Unless required by applicable law or agreed to in writing,
	// software distributed under the License is distributed on an
	// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
	// KIND, either express or implied. See the License for the
	// specific language governing permissions and limitations
	// under the License.
	package org.apache.cloudstack.acl;

	import com.cloud.exception.PermissionDeniedException;
	import com.cloud.projects.Project;
	import com.cloud.projects.ProjectAccount;
	import com.cloud.projects.ProjectAccountVO;
	import com.cloud.projects.ProjectVO;
	import com.cloud.projects.dao.ProjectAccountDao;
	import com.cloud.user.User;
	import com.cloud.user.UserVO;

	import org.apache.cloudstack.context.CallContext;
	import org.junit.Assert;
	import org.junit.Before;
	import org.junit.Test;
	import org.junit.runner.RunWith;
	import org.mockito.InjectMocks;
	import org.mockito.Mock;
	import org.mockito.Mockito;
	import org.powermock.api.mockito.PowerMockito;
	import org.powermock.core.classloader.annotations.PrepareForTest;
	import org.powermock.modules.junit4.PowerMockRunner;

	import java.util.ArrayList;
	import java.util.Arrays;
	import java.util.List;

	import junit.framework.TestCase;

	@RunWith(PowerMockRunner.class)
	@PrepareForTest(CallContext.class)
	public class ProjectRoleBasedApiAccessCheckerTest extends TestCase {
	@Mock
	ProjectAccountDao projectAccountDaoMock;

	@Mock
	RoleService roleServiceMock;

	@Mock
	ProjectAccountVO projectAccountVOMock;

	@Mock
	CallContext callContextMock;

	@InjectMocks
	ProjectRoleBasedApiAccessChecker projectRoleBasedApiAccessCheckerSpy = Mockito.spy(ProjectRoleBasedApiAccessChecker.class);

	List<String> apiNames = new ArrayList<>(Arrays.asList("apiName"));

	@Before
	public void setup() {

	Mockito.doReturn(true).when(roleServiceMock).isEnabled();
	}

	public Project getTestProject() {
	return new ProjectVO("Teste", "Teste", 1L, 1L);
	}

	private User getTestUser() {
	return new UserVO(12L, "some user", "password", "firstName", "lastName",
	"email@gmail.com", "GMT", "uuid", User.Source.UNKNOWN);
	}

	@Test
	public void getApisAllowedToUserTestRoleServiceIsDisabledShouldReturnUnchangedApiList() {
	Mockito.doReturn(false).when(roleServiceMock).isEnabled();

	List<String> apisReceived = projectRoleBasedApiAccessCheckerSpy.getApisAllowedToUser(null, getTestUser(), apiNames);
	Assert.assertEquals(1, apisReceived.size());
	}

	@Test
	public void getApisAllowedToUserTestProjectIsNullShouldReturnUnchangedApiList() {
	PowerMockito.mockStatic(CallContext.class);
	PowerMockito.when(CallContext.current()).thenReturn(callContextMock);

	Mockito.doReturn(null).when(callContextMock).getProject();

	List<String> apisReceived = projectRoleBasedApiAccessCheckerSpy.getApisAllowedToUser(null, getTestUser(), apiNames);
	Assert.assertEquals(1, apisReceived.size());
	}

	@Test (expected = PermissionDeniedException.class)
	public void getApisAllowedToUserTestProjectAccountIsNullThrowPermissionDeniedException() {
	PowerMockito.mockStatic(CallContext.class);
	PowerMockito.when(CallContext.current()).thenReturn(callContextMock);

	Mockito.when(callContextMock.getProject()).thenReturn(getTestProject());
	Mockito.when(projectAccountDaoMock.findByProjectIdAccountId(Mockito.anyLong(), Mockito.anyLong())).thenReturn(null);
	Mockito.when(projectAccountDaoMock.findByProjectIdUserId(Mockito.anyLong(), Mockito.anyLong(), Mockito.anyLong())).thenReturn(null);

	projectRoleBasedApiAccessCheckerSpy.getApisAllowedToUser(null, getTestUser(), apiNames);
	}

	@Test
	public void getApisAllowedToUserTestProjectAccountHasAdminRoleReturnsUnchangedApiList() {
	PowerMockito.mockStatic(CallContext.class);
	PowerMockito.when(CallContext.current()).thenReturn(callContextMock);

	Mockito.doReturn(getTestProject()).when(callContextMock).getProject();
	Mockito.doReturn(projectAccountVOMock).when(projectAccountDaoMock).findByProjectIdUserId(Mockito.anyLong(), Mockito.anyLong(), Mockito.anyLong());
	Mockito.doReturn(ProjectAccount.Role.Admin).when(projectAccountVOMock).getAccountRole();

	List<String> apisReceived = projectRoleBasedApiAccessCheckerSpy.getApisAllowedToUser(null, getTestUser(), apiNames);
	Assert.assertEquals(1, apisReceived.size());
	}

	@Test
	public void getApisAllowedToUserTestProjectAccountNotPermittedForTheApiListShouldReturnEmptyList() {
	PowerMockito.mockStatic(CallContext.class);
	PowerMockito.when(CallContext.current()).thenReturn(callContextMock);

	Mockito.doReturn(getTestProject()).when(callContextMock).getProject();
	Mockito.doReturn(projectAccountVOMock).when(projectAccountDaoMock).findByProjectIdUserId(Mockito.anyLong(), Mockito.anyLong(), Mockito.anyLong());
	Mockito.doReturn(ProjectAccount.Role.Regular).when(projectAccountVOMock).getAccountRole();
	Mockito.doReturn(false).when(projectRoleBasedApiAccessCheckerSpy).isPermitted(Mockito.any(Project.class), Mockito.any(ProjectAccount.class), Mockito.anyString());


	List<String> apisReceived = projectRoleBasedApiAccessCheckerSpy.getApisAllowedToUser(null, getTestUser(), apiNames);
	Assert.assertTrue(apisReceived.isEmpty());
	}

	@Test
	public void getApisAllowedToUserTestProjectAccountPermittedForTheApiListShouldReturnTheSameList() {
	PowerMockito.mockStatic(CallContext.class);
	PowerMockito.when(CallContext.current()).thenReturn(callContextMock);

	Mockito.doReturn(getTestProject()).when(callContextMock).getProject();
	Mockito.doReturn(projectAccountVOMock).when(projectAccountDaoMock).findByProjectIdUserId(Mockito.anyLong(), Mockito.anyLong(), Mockito.anyLong());
	Mockito.doReturn(ProjectAccount.Role.Regular).when(projectAccountVOMock).getAccountRole();
	Mockito.doReturn(true).when(projectRoleBasedApiAccessCheckerSpy).isPermitted(Mockito.any(Project.class), Mockito.any(ProjectAccount.class), Mockito.anyString());


	List<String> apisReceived = projectRoleBasedApiAccessCheckerSpy.getApisAllowedToUser(null, getTestUser(), apiNames);
	Assert.assertEquals(1, apisReceived.size());
	}
	}