Google Git
Sign in
apache / rya / 6ec8cd2aa7b5d8ce7631ee095336b5cf58eb99dc / . / dao / mongodb.rya / src / test / java / org / apache / rya / mongodb / MongoDBRyaDAOIT.java
blob: c5ff223cccec42dbda0eb4f2c6a75c37e80feefd [file] [log] [blame]
/**
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. The ASF licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
package org.apache.rya.mongodb;
import static org.apache.rya.mongodb.dao.SimpleMongoDBStorageStrategy.DOCUMENT_VISIBILITY;
import static org.apache.rya.mongodb.dao.SimpleMongoDBStorageStrategy.TIMESTAMP;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertFalse;
import static org.junit.Assert.assertTrue;
import java.io.IOException;
import org.apache.accumulo.core.security.Authorizations;
import org.apache.rya.api.domain.RyaStatement;
import org.apache.rya.api.domain.RyaStatement.RyaStatementBuilder;
import org.apache.rya.api.domain.RyaURI;
import org.apache.rya.api.persist.RyaDAOException;
import org.apache.rya.api.persist.query.RyaQuery;
import org.apache.rya.mongodb.document.util.AuthorizationsUtil;
import org.apache.rya.mongodb.document.visibility.DocumentVisibility;
import org.bson.Document;
import org.calrissian.mango.collect.CloseableIterable;
import org.junit.Test;
import com.mongodb.MongoException;
import com.mongodb.client.MongoCollection;
import com.mongodb.client.MongoDatabase;
public class MongoDBRyaDAOIT extends MongoITBase {
@Override
protected void updateConfiguration(final MongoDBRdfConfiguration conf) {
conf.setAuths("A", "B", "C");
}
@Test
public void testDeleteWildcard() throws RyaDAOException {
final MongoDBRyaDAO dao = new MongoDBRyaDAO();
try {
dao.setConf(conf);
dao.init();
final RyaStatementBuilder builder = new RyaStatementBuilder();
builder.setPredicate(new RyaURI("http://temp.com"));
builder.setColumnVisibility(new DocumentVisibility("A").flatten());
dao.delete(builder.build(), conf);
} finally {
dao.destroy();
}
}
@Test
public void testAdd() throws RyaDAOException, MongoException, IOException {
final MongoDBRyaDAO dao = new MongoDBRyaDAO();
try {
dao.setConf(conf);
dao.init();
final RyaStatementBuilder builder = new RyaStatementBuilder();
builder.setPredicate(new RyaURI("http://temp.com"));
builder.setSubject(new RyaURI("http://subject.com"));
builder.setObject(new RyaURI("http://object.com"));
builder.setColumnVisibility(new DocumentVisibility("B").flatten());
final MongoDatabase db = conf.getMongoClient().getDatabase(conf.get(MongoDBRdfConfiguration.MONGO_DB_NAME));
final MongoCollection<Document> coll = db.getCollection(conf.getTriplesCollectionName());
dao.add(builder.build());
assertEquals(coll.count(),1);
final Document dbo = coll.find().first();
assertTrue(dbo.containsKey(DOCUMENT_VISIBILITY));
assertTrue(dbo.containsKey(TIMESTAMP));
} finally {
dao.destroy();
}
}
@Test
public void testDelete() throws RyaDAOException, MongoException, IOException {
final MongoDBRyaDAO dao = new MongoDBRyaDAO();
try {
dao.setConf(conf);
dao.init();
final RyaStatementBuilder builder = new RyaStatementBuilder();
builder.setPredicate(new RyaURI("http://temp.com"));
builder.setSubject(new RyaURI("http://subject.com"));
builder.setObject(new RyaURI("http://object.com"));
builder.setColumnVisibility(new DocumentVisibility("C").flatten());
final RyaStatement statement = builder.build();
final MongoDatabase db = conf.getMongoClient().getDatabase(conf.get(MongoDBRdfConfiguration.MONGO_DB_NAME));
final MongoCollection<Document> coll = db.getCollection(conf.getTriplesCollectionName());
dao.add(statement);
assertEquals(1, coll.count());
dao.delete(statement, conf);
assertEquals(0, coll.count());
} finally {
dao.destroy();
}
}
@Test
public void testDeleteWildcardSubjectWithContext() throws RyaDAOException, MongoException, IOException {
final MongoDBRyaDAO dao = new MongoDBRyaDAO();
try {
dao.setConf(conf);
dao.init();
final RyaStatementBuilder builder = new RyaStatementBuilder();
builder.setPredicate(new RyaURI("http://temp.com"));
builder.setSubject(new RyaURI("http://subject.com"));
builder.setObject(new RyaURI("http://object.com"));
builder.setContext(new RyaURI("http://context.com"));
builder.setColumnVisibility(new DocumentVisibility("A&B&C").flatten());
final RyaStatement statement = builder.build();
final MongoDatabase db = conf.getMongoClient().getDatabase(conf.get(MongoDBRdfConfiguration.MONGO_DB_NAME));
final MongoCollection<Document> coll = db.getCollection(conf.getTriplesCollectionName());
dao.add(statement);
assertEquals(1, coll.count());
final RyaStatementBuilder builder2 = new RyaStatementBuilder();
builder2.setPredicate(new RyaURI("http://temp.com"));
builder2.setObject(new RyaURI("http://object.com"));
builder2.setContext(new RyaURI("http://context3.com"));
final RyaStatement query = builder2.build();
dao.delete(query, conf);
assertEquals(1, coll.count());
} finally {
dao.destroy();
}
}
@Test
public void testReconstructDao() throws RyaDAOException, IOException {
MongoDBRyaDAO dao = new MongoDBRyaDAO();
try {
dao.setConf(conf);
dao.init();
final RyaStatementBuilder builder = new RyaStatementBuilder();
builder.setPredicate(new RyaURI("http://temp.com"));
builder.setSubject(new RyaURI("http://subject.com"));
builder.setObject(new RyaURI("http://object.com"));
builder.setColumnVisibility(new DocumentVisibility("B").flatten());
final MongoDatabase db = conf.getMongoClient().getDatabase(conf.get(MongoDBRdfConfiguration.MONGO_DB_NAME));
final MongoCollection<Document> coll = db.getCollection(conf.getTriplesCollectionName());
dao.add(builder.build());
assertEquals(coll.count(), 1);
final Document dbo = coll.find().first();
assertTrue(dbo.containsKey(DOCUMENT_VISIBILITY));
assertTrue(dbo.containsKey(TIMESTAMP));
} finally {
dao.destroy();
}
// Test reinitializing the same instance
try {
dao.init();
} finally {
dao.destroy();
}
// Reconstruct new DAO and try again
dao = new MongoDBRyaDAO();
try {
dao.setConf(conf);
dao.init();
final RyaStatementBuilder builder = new RyaStatementBuilder();
builder.setPredicate(new RyaURI("http://temp.com"));
builder.setSubject(new RyaURI("http://subject.com"));
builder.setObject(new RyaURI("http://object.com"));
builder.setColumnVisibility(new DocumentVisibility("B").flatten());
final MongoDatabase db = conf.getMongoClient().getDatabase(conf.get(MongoDBRdfConfiguration.MONGO_DB_NAME));
final MongoCollection<Document> coll = db.getCollection(conf.getTriplesCollectionName());
dao.add(builder.build());
assertEquals(coll.count(), 1);
final Document dbo = coll.find().first();
assertTrue(dbo.containsKey(DOCUMENT_VISIBILITY));
assertTrue(dbo.containsKey(TIMESTAMP));
} finally {
dao.destroy();
}
}
@Test
public void testVisibility() throws RyaDAOException, MongoException, IOException {
final MongoDBRyaDAO dao = new MongoDBRyaDAO();
try {
dao.setConf(conf);
dao.init();
// Doc requires "A" and user has "B" = User CANNOT view
assertFalse(testVisibilityStatement(dao, "A", new Authorizations("B")));
// Doc requires "A" and user has "A" = User can view
assertTrue(testVisibilityStatement(dao, "A", new Authorizations("A")));
// Doc requires "A" and "B" and user has "A" and "B" = User can view
assertTrue(testVisibilityStatement(dao, "A&B", new Authorizations("A", "B")));
// Doc requires "A" or "B" and user has "A" and "B" = User can view
assertTrue(testVisibilityStatement(dao, "A|B", new Authorizations("A", "B")));
// Doc requires "A" and user has "A" and "B" = User can view
assertTrue(testVisibilityStatement(dao, "A", new Authorizations("A", "B")));
// Doc requires "A" and user has "A" and "B" and "C" = User can view
assertTrue(testVisibilityStatement(dao, "A", new Authorizations("A", "B", "C")));
// Doc requires "A" and "B" and user has "A" = User CANNOT view
assertFalse(testVisibilityStatement(dao, "A&B", new Authorizations("A")));
// Doc requires "A" and "B" and user has "B" = User CANNOT view
assertFalse(testVisibilityStatement(dao, "A&B", new Authorizations("B")));
// Doc requires "A" and "B" and user has "C" = User CANNOT view
assertFalse(testVisibilityStatement(dao, "A&B", new Authorizations("C")));
// Doc requires "A" and "B" and "C" and user has "A" and "B" and "C" = User can view
assertTrue(testVisibilityStatement(dao, "A&B&C", new Authorizations("A", "B", "C")));
// Doc requires "A" and "B" and "C" and user has "A" and "B" = User CANNOT view
assertFalse(testVisibilityStatement(dao, "A&B&C", new Authorizations("A", "B")));
// Doc requires "A" and "B" and "C" and user has "A" = User CANNOT view
assertFalse(testVisibilityStatement(dao, "A&B&C", new Authorizations("A")));
// Doc requires "A" and "B" and "C" and user has "B" = User CANNOT view
assertFalse(testVisibilityStatement(dao, "A&B&C", new Authorizations("B")));
// Doc requires "A" and "B" and "C" and user has "C" = User CANNOT view
assertFalse(testVisibilityStatement(dao, "A&B&C", new Authorizations("C")));
// Doc requires "A" and "B" and user has "A" and "B" and "C" = User can view
assertTrue(testVisibilityStatement(dao, "A&B", new Authorizations("A", "B", "C")));
// Doc requires "A" or "B" and user has "A" = User can view
assertTrue(testVisibilityStatement(dao, "A|B", new Authorizations("A")));
// Doc requires "A" or "B" and user has "B" = User can view
assertTrue(testVisibilityStatement(dao, "A|B", new Authorizations("B")));
// Doc requires "A" or "B" and user has "C" = User CANNOT view
assertFalse(testVisibilityStatement(dao, "A|B", new Authorizations("C")));
// Doc requires "A" or "B" or "C" and user has "A" and "B" and "C" = User can view
assertTrue(testVisibilityStatement(dao, "A|B|C", new Authorizations("A", "B", "C")));
// Doc requires "A" or "B" or "C" and user has "A" and "B" = User can view
assertTrue(testVisibilityStatement(dao, "A|B|C", new Authorizations("A", "B")));
// Doc requires "A" or "B" or "C" and user has "A" = User can view
assertTrue(testVisibilityStatement(dao, "A|B|C", new Authorizations("A")));
// Doc requires "A" or "B" or "C" and user has "B" = User can view
assertTrue(testVisibilityStatement(dao, "A|B|C", new Authorizations("B")));
// Doc requires "A" or "B" or "C" and user has "C" = User can view
assertTrue(testVisibilityStatement(dao, "A|B|C", new Authorizations("C")));
// Doc requires "A" or "B" and user has "A" and "B" and "C" = User can view
assertTrue(testVisibilityStatement(dao, "A|B", new Authorizations("A", "B", "C")));
// Doc requires "A" and user has ALL_AUTHORIZATIONS = User can view
assertTrue(testVisibilityStatement(dao, "A", MongoDbRdfConstants.ALL_AUTHORIZATIONS));
// Doc requires "A" and "B" and user has ALL_AUTHORIZATIONS = User can view
assertTrue(testVisibilityStatement(dao, "A&B", MongoDbRdfConstants.ALL_AUTHORIZATIONS));
// Doc requires "A" or "B" and user has ALL_AUTHORIZATIONS = User can view
assertTrue(testVisibilityStatement(dao, "A|B", MongoDbRdfConstants.ALL_AUTHORIZATIONS));
// Doc has no requirement and user has ALL_AUTHORIZATIONS = User can view
assertTrue(testVisibilityStatement(dao, "", MongoDbRdfConstants.ALL_AUTHORIZATIONS));
// Doc has no requirement and user has "A" = User can view
assertTrue(testVisibilityStatement(dao, "", new Authorizations("A")));
// Doc has no requirement and user has "A" and "B" = User can view
assertTrue(testVisibilityStatement(dao, "", new Authorizations("A", "B")));
// Doc requires "A" or ("B" and "C") and user has "A" = User can view
assertTrue(testVisibilityStatement(dao, "A|(B&C)", new Authorizations("A")));
// Doc requires "A" or ("B" and "C") and user has "B" and "C" = User can view
assertTrue(testVisibilityStatement(dao, "A|(B&C)", new Authorizations("B", "C")));
// Doc requires "A" or ("B" and "C") and user has "B" = User CANNOT view
assertFalse(testVisibilityStatement(dao, "A|(B&C)", new Authorizations("B")));
// Doc requires "A" or ("B" and "C") and user has "C" = User CANNOT view
assertFalse(testVisibilityStatement(dao, "A|(B&C)", new Authorizations("C")));
// Doc requires "A" and ("B" or "C") and user has "A" and "B" = User can view
assertTrue(testVisibilityStatement(dao, "A&(B|C)", new Authorizations("A", "B")));
// Doc requires "A" and ("B" or "C") and user has "A" and "B" = User can view
assertTrue(testVisibilityStatement(dao, "A&(B|C)", new Authorizations("A", "C")));
// Doc requires "A" and ("B" or "C") and user has "B" and "C" = User CANNOT view
assertFalse(testVisibilityStatement(dao, "A&(B|C)", new Authorizations("B", "C")));
// Doc requires "A" and ("B" or "C") and user has "A" = User CANNOT view
assertFalse(testVisibilityStatement(dao, "A&(B|C)", new Authorizations("A")));
// Doc requires "A" and ("B" or "C") and user has "B" = User CANNOT view
assertFalse(testVisibilityStatement(dao, "A&(B|C)", new Authorizations("B")));
// Doc requires "A" and ("B" or "C") and user has "C" = User can view
assertFalse(testVisibilityStatement(dao, "A&(B|C)", new Authorizations("C")));
// Doc requires ("A" and "B") or ("C" and "D") and user has "A" = User CANNOT view
assertFalse(testVisibilityStatement(dao, "(A&B)|(C&D)", new Authorizations("A")));
// Doc requires ("A" and "B") or ("C" and "D") and user has "B" = User CANNOT view
assertFalse(testVisibilityStatement(dao, "(A&B)|(C&D)", new Authorizations("B")));
// Doc requires ("A" and "B") or ("C" and "D") and user has "C" = User CANNOT view
assertFalse(testVisibilityStatement(dao, "(A&B)|(C&D)", new Authorizations("C")));
// Doc requires ("A" and "B") or ("C" and "D") and user has "D" = User CANNOT view
assertFalse(testVisibilityStatement(dao, "(A&B)|(C&D)", new Authorizations("D")));
// Doc requires ("A" and "B") or ("C" and "D") and user has "E" = User CANNOT view
assertFalse(testVisibilityStatement(dao, "(A&B)|(C&D)", new Authorizations("E")));
// Doc requires ("A" and "B") or ("C" and "D") and user has "A" and "B" = User can view
assertTrue(testVisibilityStatement(dao, "(A&B)|(C&D)", new Authorizations("A", "B")));
// Doc requires ("A" and "B") or ("C" and "D") and user has "C" and "D" = User can view
assertTrue(testVisibilityStatement(dao, "(A&B)|(C&D)", new Authorizations("C", "D")));
// Doc requires ("A" and "B") or ("C" and "D") and user has "A" and "B" and "E" = User can view
assertTrue(testVisibilityStatement(dao, "(A&B)|(C&D)", new Authorizations("A", "B", "E")));
// Doc requires ("A" and "B")mongoClient or ("C" and "D") and user has
// "C" and "D" and "E" = User can view
assertTrue(testVisibilityStatement(dao, "(A&B)|(C&D)", new Authorizations("C", "D", "E")));
// Doc requires ("A" and "B") or ("C" and "D") and user has "A" and "C" = User CANNOT view
assertFalse(testVisibilityStatement(dao, "(A&B)|(C&D)", new Authorizations("A", "C")));
// Doc requires ("A" and "B") or ("C" and "D") and user has "A" and "D" = User CANNOT view
assertFalse(testVisibilityStatement(dao, "(A&B)|(C&D)", new Authorizations("A", "D")));
// Doc requires ("A" and "B") or ("C" and "D") and user has "B" and "C" = User CANNOT view
assertFalse(testVisibilityStatement(dao, "(A&B)|(C&D)", new Authorizations("B", "C")));
// Doc requires ("A" and "B") or ("C" and "D") and user has "B" and "D" = User CANNOT view
assertFalse(testVisibilityStatement(dao, "(A&B)|(C&D)", new Authorizations("B", "D")));
// Doc requires ("A" and "B") or ("C" and "D") and user has "A" and "B" and "C" = User can view
assertTrue(testVisibilityStatement(dao, "(A&B)|(C&D)", new Authorizations("A", "B", "C")));
// Doc requires ("A" and "B") or ("C" and "D") and user has "A" and "B" and "C" = User can view
assertTrue(testVisibilityStatement(dao, "(A&B)|(C&D)", new Authorizations("A", "B", "D")));
// Doc requires ("A" and "B") or ("C" and "D") and user has "A" and "C" and "D" = User can view
assertTrue(testVisibilityStatement(dao, "(A&B)|(C&D)", new Authorizations("A", "C", "D")));
// Doc requires ("A" and "B") or ("C" and "D") and user has "B" and "C" and "D" = User can view
assertTrue(testVisibilityStatement(dao, "(A&B)|(C&D)", new Authorizations("B", "C", "D")));
// Doc requires ("A" and "B") or ("C" and "D") and user has "B" and "C" and "D" and "E"= User can view
assertTrue(testVisibilityStatement(dao, "(A&B)|(C&D)", new Authorizations("B", "C", "D", "E")));
// Doc requires ("A" and "B") or ("C" and "D") and user has "A" and "B" and "C" and "D" = User can view
assertTrue(testVisibilityStatement(dao, "(A&B)|(C&D)", new Authorizations("A", "B", "C", "D")));
// Doc requires ("A" and "B") or ("C" and "D") and user has "A" and "B" and "C" and "D" and "E" = User can view
assertTrue(testVisibilityStatement(dao, "(A&B)|(C&D)", new Authorizations("A", "B", "C", "D", "E")));
// Doc requires ("A" or "B") and ("C" or "D") and user has "A" = User CANNOT view
assertFalse(testVisibilityStatement(dao, "(A|B)&(C|D)", new Authorizations("A")));
// Doc requires ("A" or "B") and ("C" or "D") and user has "B" = User CANNOT view
assertFalse(testVisibilityStatement(dao, "(A|B)&(C|D)", new Authorizations("B")));
// Doc requires ("A" or "B") and ("C" or "D") and user has "C" = User CANNOT view
assertFalse(testVisibilityStatement(dao, "(A|B)&(C|D)", new Authorizations("C")));
// Doc requires ("A" or "B") and ("C" or "D") and user has "D" = User CANNOT view
assertFalse(testVisibilityStatement(dao, "(A|B)&(C|D)", new Authorizations("D")));
// Doc requires ("A" or "B") and ("C" or "D") and user has "E" = User CANNOT view
assertFalse(testVisibilityStatement(dao, "(A|B)&(C|D)", new Authorizations("E")));
// Doc requires ("A" or "B") and ("C" or "D") and user has "A" and "B" = User CANNOT view
assertFalse(testVisibilityStatement(dao, "(A|B)&(C|D)", new Authorizations("A", "B")));
// Doc requires ("A" or "B") and ("C" or "D") and user has "C" and "D" = User CANNOT view
assertFalse(testVisibilityStatement(dao, "(A|B)&(C|D)", new Authorizations("C", "D")));
// Doc requires ("A" or "B") and ("C" or "D") and user has "A" and "B" and "E" = User CANNOT view
assertFalse(testVisibilityStatement(dao, "(A|B)&(C|D)", new Authorizations("A", "B", "E")));
// Doc requires ("A" or "B") and ("C" or "D") and user has "C" and "D" and "E" = User CANNOT view
assertFalse(testVisibilityStatement(dao, "(A|B)&(C|D)", new Authorizations("C", "D", "E")));
// Doc requires ("A" or "B") and ("C" or "D") and user has "A" and "C" = User can view
assertTrue(testVisibilityStatement(dao, "(A|B)&(C|D)", new Authorizations("A", "C")));
// Doc requires ("A" or "B") and ("C" or "D") and user has "A" and "D" = User can view
assertTrue(testVisibilityStatement(dao, "(A|B)&(C|D)", new Authorizations("A", "D")));
// Doc requires ("A" or "B") and ("C" or "D") and user has "B" and "C" = User can view
assertTrue(testVisibilityStatement(dao, "(A|B)&(C|D)", new Authorizations("B", "C")));
// Doc requires ("A" or "B") and ("C" or "D") and user has "B" and "D" = User can view
assertTrue(testVisibilityStatement(dao, "(A|B)&(C|D)", new Authorizations("B", "D")));
// Doc requires ("A" or "B") and ("C" or "D") and user has "B" and "D" and "E" = User can view
assertTrue(testVisibilityStatement(dao, "(A|B)&(C|D)", new Authorizations("B", "D", "E")));
// Doc requires ("A" or "B") and ("C" or "D") and user has "A" and "B" and "C" = User can view
assertTrue(testVisibilityStatement(dao, "(A|B)&(C|D)", new Authorizations("A", "B", "C")));
// Doc requires ("A" or "B") and ("C" or "D") and user has "A" and "B" and "C" = User can view
assertTrue(testVisibilityStatement(dao, "(A|B)&(C|D)", new Authorizations("A", "B", "D")));
// Doc requires ("A" or "B") and ("C" or "D") and user has "A" and "C" and "D" = User can view
assertTrue(testVisibilityStatement(dao, "(A|B)&(C|D)", new Authorizations("A", "C", "D")));
// Doc requires ("A" or "B") and ("C" or "D") and user has "B" and "C" and "D" = User can view
assertTrue(testVisibilityStatement(dao, "(A|B)&(C|D)", new Authorizations("B", "C", "D")));
// Doc requires ("A" or "B") and ("C" or "D") and user has "B" and "C" and "D" and "E"= User can view
assertTrue(testVisibilityStatement(dao, "(A|B)&(C|D)", new Authorizations("B", "C", "D", "E")));
// Doc requires ("A" or "B") and ("C" or "D") and user has "A" and "B" and "C" and "D" = User can view
assertTrue(testVisibilityStatement(dao, "(A|B)&(C|D)", new Authorizations("A", "B", "C", "D")));
// Doc requires ("A" or "B") and ("C" or "D") and user has "A" and "B" and "C" and "D" and "E" = User can view
assertTrue(testVisibilityStatement(dao, "(A|B)&(C|D)", new Authorizations("A", "B", "C", "D", "E")));
// Doc requires "(A|B)&(C|(D&E))" and user has "A" and "C" = User can view
assertTrue(testVisibilityStatement(dao, "(A|B)&(C|(D&E))", new Authorizations("A", "C")));
// Doc requires "(A|B)&(C|(D&E))" and user has "B" and "C" = User can view
assertTrue(testVisibilityStatement(dao, "(A|B)&(C|(D&E))", new Authorizations("B", "C")));
// Doc requires "(A|B)&(C|(D&E))" and user has "A" and "D" and "E" = User can view
assertTrue(testVisibilityStatement(dao, "(A|B)&(C|(D&E))", new Authorizations("A", "D", "E")));
// Doc requires "(A|B)&(C|(D&E))" and user has "B" and "D" and "E" = User can view
assertTrue(testVisibilityStatement(dao, "(A|B)&(C|(D&E))", new Authorizations("B", "D", "E")));
// Doc requires "(A|B)&(C|(D&E))" and user has "A" = User CANNOT view
assertFalse(testVisibilityStatement(dao, "(A|B)&(C|(D&E))", new Authorizations("A")));
// Doc requires "(A|B)&(C|(D&E))" and user has "B" = User CANNOT view
assertFalse(testVisibilityStatement(dao, "(A|B)&(C|(D&E))", new Authorizations("B")));
// Doc requires "(A|B)&(C|(D&E))" and user has "C" = User CANNOT view
assertFalse(testVisibilityStatement(dao, "(A|B)&(C|(D&E))", new Authorizations("C")));
// Doc requires "(A|B)&(C|(D&E))" and user has "D" = User CANNOT view
assertFalse(testVisibilityStatement(dao, "(A|B)&(C|(D&E))", new Authorizations("D")));
// Doc requires "(A|B)&(C|(D&E))" and user has "E" = User CANNOT view
assertFalse(testVisibilityStatement(dao, "(A|B)&(C|(D&E))", new Authorizations("E")));
// Doc requires "(A|B)&(C|(D&E))" and user has "D" and "E" = User CANNOT view
assertFalse(testVisibilityStatement(dao, "(A|B)&(C|(D&E))", new Authorizations("D", "E")));
// Doc requires "(A|B)&(C|(D&E))" and user has "A" and "D" = User CANNOT view
assertFalse(testVisibilityStatement(dao, "(A|B)&(C|(D&E))", new Authorizations("A", "D")));
// Doc requires "(A|B)&(C|(D&E))" and user has "B" and "E" = User CANNOT view
assertFalse(testVisibilityStatement(dao, "(A|B)&(C|(D&E))", new Authorizations("B", "E")));
// Doc requires "A|(B&C&(D|E))" and user has "A" = User can view
assertTrue(testVisibilityStatement(dao, "A|(B&C&(D|E))", new Authorizations("A")));
// Doc requires "A|(B&C&(D|E))" and user has "B" and "C" and "D" = User can view
assertTrue(testVisibilityStatement(dao, "A|(B&C&(D|E))", new Authorizations("B", "C", "D")));
// Doc requires "A|(B&C&(D|E))" and user has "B" and "C" and "E" = User can view
assertTrue(testVisibilityStatement(dao, "A|(B&C&(D|E))", new Authorizations("B", "C", "E")));
// Doc requires "A|(B&C&(D|E))" and user has "B" = User CANNOT view
assertFalse(testVisibilityStatement(dao, "A|(B&C&(D|E))", new Authorizations("B")));
// Doc requires "A|(B&C&(D|E))" and user has "C" = User CANNOT view
assertFalse(testVisibilityStatement(dao, "A|(B&C&(D|E))", new Authorizations("C")));
// Doc requires "A|(B&C&(D|E))" and user has "D" = User CANNOT view
assertFalse(testVisibilityStatement(dao, "A|(B&C&(D|E))", new Authorizations("D")));
// Doc requires "A|(B&C&(D|E))" and user has "E" = User CANNOT view
assertFalse(testVisibilityStatement(dao, "A|(B&C&(D|E))", new Authorizations("E")));
// Doc requires "A|(B&C&(D|E))" and user has "B" and "C" = User CANNOT view
assertFalse(testVisibilityStatement(dao, "A|(B&C&(D|E))", new Authorizations("B", "C")));
// Doc requires "A|(B&C&(D|E))" and user has "D" and "E" = User CANNOT view
assertFalse(testVisibilityStatement(dao, "A|(B&C&(D|E))", new Authorizations("D", "E")));
// Doc requires "A|B|C|D|(E&F&G&H)" and user has "A" = User can view
assertTrue(testVisibilityStatement(dao, "A|B|C|D|(E&F&G&H)", new Authorizations("A")));
// Doc requires "A|B|C|D|(E&F&G&H)" and user has "E" = User CANNOT view
assertFalse(testVisibilityStatement(dao, "A|B|C|D|(E&F&G&H)", new Authorizations("E")));
// Doc requires "A|B|C|D|(E&F&G&H)" and user has "E" and "F" = User CANNOT view
assertFalse(testVisibilityStatement(dao, "A|B|C|D|(E&F&G&H)", new Authorizations("E", "F")));
// Doc requires "A|B|C|D|(E&F&G&H)" and user has "I" = User CANNOT view
assertFalse(testVisibilityStatement(dao, "A|B|C|D|(E&F&G&H)", new Authorizations("I")));
// Doc requires "A|B|C|D|(E&F&G&H)" and user has "A" and "I" = User can view
assertTrue(testVisibilityStatement(dao, "A|B|C|D|(E&F&G&H)", new Authorizations("A", "I")));
// Doc requires "A|B|C|D|(E&F&G&H)" and user has "E" and "F" and "G" and "H" = User can view
assertTrue(testVisibilityStatement(dao, "A|B|C|D|(E&F&G&H)", new Authorizations("E", "F", "G", "H")));
// Doc requires "A|B|C|D|(E&F&G&H)" and user has "E" and "F" and "G" and "H" and "I" = User can view
assertTrue(testVisibilityStatement(dao, "A|B|C|D|(E&F&G&H)", new Authorizations("E", "F", "G", "H", "I")));
// Doc has no requirement and user has ALL_AUTHORIZATIONS = User can view
assertTrue(testVisibilityStatement(dao, null, MongoDbRdfConstants.ALL_AUTHORIZATIONS));
// Doc has no requirement and user has "A" = User can view
assertTrue(testVisibilityStatement(dao, null, new Authorizations("A")));
// Doc has no requirement and user has "A" and "B" = User can view
assertTrue(testVisibilityStatement(dao, null, new Authorizations("A", "B")));
// Doc has no requirement and user has no authorizations = User can view
assertTrue(testVisibilityStatement(dao, null, null));
// Doc has no requirement and user has no authorizations = User can view
assertTrue(testVisibilityStatement(dao, "", null));
// Doc requires "A" and user has no authorizations = User can view
assertTrue(testVisibilityStatement(dao, "A", null));
// Doc requires "A" and "B" and user has no authorizations = User can view
assertTrue(testVisibilityStatement(dao, "A&B", null));
// Doc requires "A" or "B" and user has no authorizations = User can view
assertTrue(testVisibilityStatement(dao, "A|B", null));
} finally {
dao.destroy();
}
}
/**
* Generates a test statement with the provided document visibility to
* determine if the specified user authorization can view the statement.
*
* @param dao - The DAO that will be used by the test.
* @param documentVisibility - The document visibility boolean expression
* string.
* @param userAuthorizations - The user authorization strings.
* @return {@code true} if provided authorization could access the document
* in the collection. {@code false} otherwise.
* @throws RyaDAOException
*/
private boolean testVisibilityStatement(
final MongoDBRyaDAO dao,
final String documentVisibility,
final Authorizations userAuthorizations) throws RyaDAOException {
final MongoDatabase db = conf.getMongoClient().getDatabase(conf.get(MongoDBRdfConfiguration.MONGO_DB_NAME));
final MongoCollection<Document> coll = db.getCollection(conf.getTriplesCollectionName());
final RyaStatement statement = buildVisibilityTestRyaStatement(documentVisibility);
dao.getConf().setAuths(AuthorizationsUtil.getAuthorizationsStringArray(Authorizations.EMPTY));
dao.add(statement);
dao.getConf().setAuths(AuthorizationsUtil.getAuthorizationsStringArray(userAuthorizations != null ? userAuthorizations : Authorizations.EMPTY));
assertEquals(1, coll.count());
final MongoDBQueryEngine queryEngine = (MongoDBQueryEngine) dao.getQueryEngine();
queryEngine.setConf(conf);
final CloseableIterable<RyaStatement> iter = queryEngine.query(new RyaQuery(statement));
// Check if user has authorization to view document based on its visibility
final boolean hasNext = iter.iterator().hasNext();
// Reset
dao.delete(statement, conf);
assertEquals(0, coll.count());
dao.getConf().setAuths(AuthorizationsUtil.getAuthorizationsStringArray(Authorizations.EMPTY));
return hasNext;
}
private static RyaStatement buildVisibilityTestRyaStatement(final String documentVisibility) {
final RyaStatementBuilder builder = new RyaStatementBuilder();
builder.setPredicate(new RyaURI("http://temp.com"));
builder.setSubject(new RyaURI("http://subject.com"));
builder.setObject(new RyaURI("http://object.com"));
builder.setContext(new RyaURI("http://context.com"));
builder.setColumnVisibility(documentVisibility != null ? documentVisibility.getBytes() : null);
final RyaStatement statement = builder.build();
return statement;
}
}