SLING-10040 resolve code quality warnings and issues reported by sonar
clean up code duplication
diff --git a/src/main/java/org/apache/sling/jackrabbit/usermanager/impl/AuthorizablePrivilegesInfoImpl.java b/src/main/java/org/apache/sling/jackrabbit/usermanager/impl/AuthorizablePrivilegesInfoImpl.java
index c8b9f24..69a9cc6 100644
--- a/src/main/java/org/apache/sling/jackrabbit/usermanager/impl/AuthorizablePrivilegesInfoImpl.java
+++ b/src/main/java/org/apache/sling/jackrabbit/usermanager/impl/AuthorizablePrivilegesInfoImpl.java
@@ -26,6 +26,7 @@
import javax.jcr.security.Privilege;
import org.apache.jackrabbit.api.security.user.Authorizable;
+import org.apache.jackrabbit.api.security.user.Group;
import org.apache.jackrabbit.api.security.user.User;
import org.apache.jackrabbit.api.security.user.UserManager;
import org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeConstants;
@@ -191,31 +192,50 @@
return hasRights;
}
+ protected boolean checkAuthorizablePath(Session jcrSession, String principalId,
+ AuthorizableChecker authorizableChecker, AccessChecker accessChecker) throws RepositoryException {
+ boolean hasRights = false;
+ UserManager userManager = AccessControlUtil.getUserManager(jcrSession);
+ Authorizable currentUser = userManager.getAuthorizable(jcrSession.getUserID());
+
+ Authorizable authorizable = userManager.getAuthorizable(principalId);
+
+ if (authorizable == null) {
+ log.debug("Failed to find authorizable: {}", principalId);
+ } else {
+ // delegate to the checker to determine if valid
+ if (authorizableChecker != null && !authorizableChecker.isValid(authorizable)) {
+ // no rights, so skip the rest
+ } else {
+ if (currentUser instanceof User && ((User)currentUser).isAdmin()){
+ hasRights = true; //admin user has full control
+ } else {
+ String path = authorizable.getPath();
+ if (accessChecker != null) {
+ hasRights = accessChecker.hasRights(path);
+ }
+ }
+ }
+ }
+
+ return hasRights;
+ }
+
/* (non-Javadoc)
* @see org.apache.sling.jackrabbit.usermanager.AuthorizablePrivilegesInfo#canRemove(javax.jcr.Session, java.lang.String)
*/
public boolean canRemove(Session jcrSession, String principalId) {
boolean hasRights = false;
try {
- UserManager userManager = AccessControlUtil.getUserManager(jcrSession);
- Authorizable currentUser = userManager.getAuthorizable(jcrSession.getUserID());
-
- if (currentUser instanceof User && ((User)currentUser).isAdmin()) {
- hasRights = true; //admin user has full control
- } else {
- Authorizable authorizable = userManager.getAuthorizable(principalId);
- if (authorizable == null) {
- log.debug("Failed to find authorizable: {}", principalId);
- } else {
- String path = authorizable.getPath();
+ hasRights = checkAuthorizablePath(jcrSession, principalId, null,
+ path -> {
//check if the non-admin user has sufficient rights on the home folder
AccessControlManager acm = jcrSession.getAccessControlManager();
- hasRights = acm.hasPrivileges(path, new Privilege[] {
+ return acm.hasPrivileges(path, new Privilege[] {
acm.privilegeFromName(Privilege.JCR_READ),
acm.privilegeFromName(PrivilegeConstants.REP_USER_MANAGEMENT)
});
- }
- }
+ });
} catch (RepositoryException e) {
log.warn("Failed to determine if {} can remove authorizable {}", jcrSession.getUserID(), principalId);
}
@@ -228,25 +248,16 @@
public boolean canUpdateGroupMembers(Session jcrSession, String groupId) {
boolean hasRights = false;
try {
- UserManager userManager = AccessControlUtil.getUserManager(jcrSession);
- Authorizable currentUser = userManager.getAuthorizable(jcrSession.getUserID());
-
- if (currentUser instanceof User && ((User)currentUser).isAdmin()) {
- hasRights = true; //admin user has full control
- } else {
- Authorizable authorizable = userManager.getAuthorizable(groupId);
- if (authorizable == null) {
- log.debug("Failed to find group: {}", groupId);
- } else {
- String path = authorizable.getPath();
+ hasRights = checkAuthorizablePath(jcrSession, groupId,
+ authorizable -> authorizable instanceof Group,
+ path -> {
//check if the non-admin user has sufficient rights on the home folder
AccessControlManager acm = jcrSession.getAccessControlManager();
- hasRights = acm.hasPrivileges(path, new Privilege[] {
+ return acm.hasPrivileges(path, new Privilege[] {
acm.privilegeFromName(Privilege.JCR_READ),
acm.privilegeFromName(PrivilegeConstants.REP_USER_MANAGEMENT)
});
- }
- }
+ });
} catch (RepositoryException e) {
log.warn("Failed to determine if {} can remove authorizable {}", jcrSession.getUserID(), groupId);
}
@@ -270,50 +281,38 @@
PropertyUpdateTypes... propertyUpdateTypes) {
boolean hasRights = false;
try {
- UserManager userManager = AccessControlUtil.getUserManager(jcrSession);
- Authorizable currentUser = userManager.getAuthorizable(jcrSession.getUserID());
-
- if (currentUser instanceof User && ((User)currentUser).isAdmin()) {
- hasRights = true; //admin user has full control
- } else {
- Authorizable authorizable = userManager.getAuthorizable(principalId);
- if (authorizable == null) {
- log.debug("Failed to find authorizable: {}", principalId);
- } else {
- String path = authorizable.getPath();
- if (path != null) {
- //check if the non-admin user has sufficient rights on the home folder
- AccessControlManager acm = jcrSession.getAccessControlManager();
- Set<Privilege> requiredPrivileges = new HashSet<>();
- requiredPrivileges.add(acm.privilegeFromName(Privilege.JCR_READ));
- if (propertyUpdateTypes != null) {
- for (PropertyUpdateTypes updateType : propertyUpdateTypes) {
- updateType = PropertyUpdateTypes.convertDeprecated(updateType);
- switch (updateType) {
- case ADD_NESTED_PROPERTY:
- requiredPrivileges.add(acm.privilegeFromName(PrivilegeConstants.REP_ADD_PROPERTIES));
- requiredPrivileges.add(acm.privilegeFromName(Privilege.JCR_ADD_CHILD_NODES));
- break;
- case ADD_PROPERTY:
- requiredPrivileges.add(acm.privilegeFromName(PrivilegeConstants.REP_ADD_PROPERTIES));
- break;
- case ALTER_PROPERTY:
- requiredPrivileges.add(acm.privilegeFromName(PrivilegeConstants.REP_ALTER_PROPERTIES));
- break;
- case REMOVE_PROPERTY:
- requiredPrivileges.add(acm.privilegeFromName(PrivilegeConstants.REP_REMOVE_PROPERTIES));
- break;
- default:
- log.warn("Unexpected property update type: {}", updateType);
- break;
- }
+ hasRights = checkAuthorizablePath(jcrSession, principalId, null,
+ path -> {
+ //check if the non-admin user has sufficient rights on the home folder
+ AccessControlManager acm = jcrSession.getAccessControlManager();
+ Set<Privilege> requiredPrivileges = new HashSet<>();
+ requiredPrivileges.add(acm.privilegeFromName(Privilege.JCR_READ));
+ if (propertyUpdateTypes != null) {
+ for (PropertyUpdateTypes updateType : propertyUpdateTypes) {
+ updateType = PropertyUpdateTypes.convertDeprecated(updateType);
+ switch (updateType) {
+ case ADD_NESTED_PROPERTY:
+ requiredPrivileges.add(acm.privilegeFromName(PrivilegeConstants.REP_ADD_PROPERTIES));
+ requiredPrivileges.add(acm.privilegeFromName(Privilege.JCR_ADD_CHILD_NODES));
+ break;
+ case ADD_PROPERTY:
+ requiredPrivileges.add(acm.privilegeFromName(PrivilegeConstants.REP_ADD_PROPERTIES));
+ break;
+ case ALTER_PROPERTY:
+ requiredPrivileges.add(acm.privilegeFromName(PrivilegeConstants.REP_ALTER_PROPERTIES));
+ break;
+ case REMOVE_PROPERTY:
+ requiredPrivileges.add(acm.privilegeFromName(PrivilegeConstants.REP_REMOVE_PROPERTIES));
+ break;
+ default:
+ log.warn("Unexpected property update type: {}", updateType);
+ break;
}
}
-
- hasRights = acm.hasPrivileges(path, requiredPrivileges.toArray(new Privilege[requiredPrivileges.size()]));
}
- }
- }
+
+ return acm.hasPrivileges(path, requiredPrivileges.toArray(new Privilege[requiredPrivileges.size()]));
+ });
} catch (RepositoryException e) {
log.warn("Failed to determine if {} can update properties of authorizable {}", jcrSession.getUserID(), principalId);
}
@@ -327,25 +326,16 @@
public boolean canDisable(Session jcrSession, String userId) {
boolean hasRights = false;
try {
- UserManager userManager = AccessControlUtil.getUserManager(jcrSession);
- Authorizable currentUser = userManager.getAuthorizable(jcrSession.getUserID());
-
- if (currentUser instanceof User && ((User)currentUser).isAdmin()) {
- hasRights = true; //admin user has full control
- } else {
- Authorizable authorizable = userManager.getAuthorizable(userId);
- if (!(authorizable instanceof User)) {
- log.debug("Failed to find user: {}", userId);
- } else {
- String path = authorizable.getPath();
+ hasRights = checkAuthorizablePath(jcrSession, userId,
+ authorizable -> authorizable instanceof User,
+ path -> {
//check if the non-admin user has sufficient rights on the home folder
AccessControlManager acm = jcrSession.getAccessControlManager();
Set<Privilege> requiredPrivileges = new HashSet<>();
requiredPrivileges.add(acm.privilegeFromName(Privilege.JCR_READ));
requiredPrivileges.add(acm.privilegeFromName(PrivilegeConstants.REP_USER_MANAGEMENT));
- hasRights = acm.hasPrivileges(path, requiredPrivileges.toArray(new Privilege[requiredPrivileges.size()]));
- }
- }
+ return acm.hasPrivileges(path, requiredPrivileges.toArray(new Privilege[requiredPrivileges.size()]));
+ });
} catch (RepositoryException e) {
log.warn("Failed to determine if {} can disable user {}", jcrSession.getUserID(), userId);
}
@@ -359,34 +349,26 @@
public boolean canChangePassword(Session jcrSession, String userId) {
boolean hasRights = false;
try {
- UserManager userManager = AccessControlUtil.getUserManager(jcrSession);
- Authorizable currentUser = userManager.getAuthorizable(jcrSession.getUserID());
-
- Authorizable authorizable = userManager.getAuthorizable(userId);
- if (!(authorizable instanceof User)) {
- log.debug("Failed to find user: {}", userId);
- } else {
- if (((User)authorizable).isSystemUser() || "anonymous".equals(authorizable.getID())) {
+ hasRights = checkAuthorizablePath(jcrSession, userId,
//system users and anonymous have no passwords
- } else if (currentUser instanceof User && ((User)currentUser).isAdmin()) {
- hasRights = true; //admin user has full control
- } else {
- // otherwise let's check the granted privileges
- String path = authorizable.getPath();
- //check if the non-admin user has sufficient rights on the home folder
- AccessControlManager acm = jcrSession.getAccessControlManager();
- Set<Privilege> requiredPrivileges = new HashSet<>();
- requiredPrivileges.add(acm.privilegeFromName(Privilege.JCR_READ));
- requiredPrivileges.add(acm.privilegeFromName(PrivilegeConstants.REP_USER_MANAGEMENT));
- hasRights = acm.hasPrivileges(path, requiredPrivileges.toArray(new Privilege[requiredPrivileges.size()]));
+ authorizable -> authorizable instanceof User &&
+ !((User)authorizable).isSystemUser() && !"anonymous".equals(authorizable.getID()),
+ path -> {
+ boolean allowed = false;
+ //check if the non-admin user has sufficient rights on the home folder
+ AccessControlManager acm = jcrSession.getAccessControlManager();
+ Set<Privilege> requiredPrivileges = new HashSet<>();
+ requiredPrivileges.add(acm.privilegeFromName(Privilege.JCR_READ));
+ requiredPrivileges.add(acm.privilegeFromName(PrivilegeConstants.REP_USER_MANAGEMENT));
+ allowed = acm.hasPrivileges(path, requiredPrivileges.toArray(new Privilege[requiredPrivileges.size()]));
- if (!hasRights && jcrSession.getUserID().equals(userId)) {
- // check if the ChangeUserPassword service is configured to always allow
- // a user to change their own password.
- hasRights = alwaysAllowSelfChangePassword;
- }
- }
- }
+ if (!allowed && jcrSession.getUserID().equals(userId)) {
+ // check if the ChangeUserPassword service is configured to always allow
+ // a user to change their own password.
+ allowed = alwaysAllowSelfChangePassword;
+ }
+ return allowed;
+ });
} catch (RepositoryException e) {
log.warn("Failed to determine if {} can change the password of user {}", jcrSession.getUserID(), userId);
}
@@ -407,4 +389,11 @@
log.warn("Configuration setting for {} is deprecated and will not have any effect", PAR_GROUP_ADMIN_GROUP_NAME);
}
}
+
+ protected static interface AuthorizableChecker {
+ public boolean isValid(Authorizable authorizable) throws RepositoryException;
+ }
+ protected static interface AccessChecker {
+ public boolean hasRights(String path) throws RepositoryException;
+ }
}
diff --git a/src/test/java/org/apache/sling/jcr/jackrabbit/usermanager/it/post/UserPrivilegesInfoIT.java b/src/test/java/org/apache/sling/jcr/jackrabbit/usermanager/it/post/UserPrivilegesInfoIT.java
index 4a7a13d..9f5a21b 100644
--- a/src/test/java/org/apache/sling/jcr/jackrabbit/usermanager/it/post/UserPrivilegesInfoIT.java
+++ b/src/test/java/org/apache/sling/jcr/jackrabbit/usermanager/it/post/UserPrivilegesInfoIT.java
@@ -43,6 +43,57 @@
@ExamReactorStrategy(PerClass.class)
public class UserPrivilegesInfoIT extends UserManagerClientTestSupport {
+ enum CanAdd {
+ USER("canAddUser"),
+ GROUP("canAddGroup");
+
+ private String propName;
+
+ CanAdd(String propName) {
+ this.propName = propName;
+ }
+
+ public String propName() {
+ return propName;
+ }
+
+ }
+
+ enum CanChangeUser {
+ REMOVE("canRemove"),
+ UPDATE_PROPERTIES("canUpdateProperties"),
+ CHANGE_PASSWORD("canChangePassword"),
+ DISABLE("canDisable");
+
+ private String propName;
+
+ CanChangeUser(String propName) {
+ this.propName = propName;
+ }
+
+ public String propName() {
+ return propName;
+ }
+
+ }
+
+ enum CanChangeGroup {
+ REMOVE("canRemove"),
+ UPDATE_PROPERTIES("canUpdateProperties"),
+ UPDATE_GROUP_MEMBERS("canUpdateGroupMembers");
+
+ private String propName;
+
+ CanChangeGroup(String propName) {
+ this.propName = propName;
+ }
+
+ public String propName() {
+ return propName;
+ }
+
+ }
+
@Override
protected Option buildBundleResourcesBundle() {
final List<String> resourcePaths = Arrays.asList("/apps/sling/servlet/default/privileges-info.json.esp");
@@ -66,13 +117,11 @@
}
/**
- * Checks whether the current user has been granted privileges
- * to add a new user.
+ * The common impl for checking add permissions for users and groups
+ * @param can specify which type of add to test
*/
- @Test
- public void testCanAddUser() throws JsonException, IOException {
+ private void testCanAdd(CanAdd can) throws IOException {
testUserId = createTestUser();
-
String getUrl = String.format("%s/system/userManager/user/%s.privileges-info.json", baseServerUri, testUserId);
//fetch the JSON for the test page to verify the settings.
@@ -82,7 +131,7 @@
assertNotNull(json);
JsonObject jsonObj = parseJson(json);
- assertEquals(false, jsonObj.getBoolean("canAddUser"));
+ assertEquals(false, jsonObj.getBoolean(can.propName()));
//try admin user
testUserCreds = new UsernamePasswordCredentials("admin", "admin");
@@ -91,7 +140,7 @@
assertNotNull(json);
jsonObj = parseJson(json);
- assertEquals(true, jsonObj.getBoolean("canAddUser"));
+ assertEquals(true, jsonObj.getBoolean(can.propName()));
//try non-admin with sufficient privileges
testUserId3 = createTestUser();
@@ -103,59 +152,17 @@
assertNotNull(json);
jsonObj = parseJson(json);
- assertEquals(true, jsonObj.getBoolean("canAddUser"));
+ assertEquals(true, jsonObj.getBoolean(can.propName()));
}
/**
- * Checks whether the current user has been granted privileges
- * to add a new group.
+ * The common impl for checking change permissions for a user
+ * @param can specify which type of change to test
*/
- @Test
- public void testCanAddGroup() throws IOException, JsonException {
+ private void testCanChange(CanChangeUser can) throws IOException {
testUserId = createTestUser();
- String getUrl = String.format("%s/system/userManager/user/%s.privileges-info.json", baseServerUri, testUserId);
-
- //fetch the JSON for the test page to verify the settings.
- Credentials testUserCreds = new UsernamePasswordCredentials(testUserId, "testPwd");
-
- String json = getAuthenticatedContent(testUserCreds, getUrl, CONTENT_TYPE_JSON, HttpServletResponse.SC_OK);
- assertNotNull(json);
- JsonObject jsonObj = parseJson(json);
-
- assertEquals(false, jsonObj.getBoolean("canAddGroup"));
-
- //try admin user
- testUserCreds = new UsernamePasswordCredentials("admin", "admin");
-
- json = getAuthenticatedContent(testUserCreds, getUrl, CONTENT_TYPE_JSON, HttpServletResponse.SC_OK);
- assertNotNull(json);
- jsonObj = parseJson(json);
-
- assertEquals(true, jsonObj.getBoolean("canAddGroup"));
-
- //try non-admin with sufficient privileges
- testUserId3 = createTestUser();
- grantUserManagerRights(testUserId3);
-
- testUserCreds = new UsernamePasswordCredentials(testUserId3, "testPwd");
-
- json = getAuthenticatedContent(testUserCreds, getUrl, CONTENT_TYPE_JSON, HttpServletResponse.SC_OK);
- assertNotNull(json);
- jsonObj = parseJson(json);
-
- assertEquals(true, jsonObj.getBoolean("canAddGroup"));
- }
-
- /**
- * Checks whether the current user has been granted privileges
- * to update the properties of the specified user.
- */
- @Test
- public void testCanUpdateUserProperties() throws IOException, JsonException {
- testUserId = createTestUser();
-
- //1. verify user can update thier own properties
+ //1. verify user can update their own properties
String getUrl = String.format("%s/system/userManager/user/%s.privileges-info.json", baseServerUri, testUserId);
//fetch the JSON for the test page to verify the settings.
@@ -166,7 +173,7 @@
JsonObject jsonObj = parseJson(json);
//user can update their own properties
- assertEquals(true, jsonObj.getBoolean("canUpdateProperties"));
+ assertEquals(true, jsonObj.getBoolean(can.propName()));
//2. now try another user
@@ -180,7 +187,7 @@
JsonObject jsonObj2 = parseJson(json2);
//user can not update other users properties
- assertEquals(false, jsonObj2.getBoolean("canUpdateProperties"));
+ assertEquals(false, jsonObj2.getBoolean(can.propName()));
//try admin user
@@ -190,7 +197,7 @@
assertNotNull(json);
jsonObj = parseJson(json);
- assertEquals(true, jsonObj.getBoolean("canUpdateProperties"));
+ assertEquals(true, jsonObj.getBoolean(can.propName()));
//try non-admin with sufficient privileges
testUserId3 = createTestUser();
@@ -202,15 +209,14 @@
assertNotNull(json);
jsonObj = parseJson(json);
- assertEquals(true, jsonObj.getBoolean("canUpdateProperties"));
+ assertEquals(true, jsonObj.getBoolean(can.propName()));
}
/**
- * Checks whether the current user has been granted privileges
- * to update the properties of the specified group.
+ * The common impl for checking change permissions for a group
+ * @param can specify which type of change to test
*/
- @Test
- public void testCanUpdateGroupProperties() throws IOException, JsonException {
+ private void testCanChange(CanChangeGroup can) throws IOException {
testGroupId = createTestGroup();
testUserId = createTestUser();
@@ -225,7 +231,7 @@
JsonObject jsonObj = parseJson(json);
//normal user can not update group properties
- assertEquals(false, jsonObj.getBoolean("canUpdateProperties"));
+ assertEquals(false, jsonObj.getBoolean(can.propName()));
//try admin user
@@ -235,7 +241,7 @@
assertNotNull(json);
jsonObj = parseJson(json);
- assertEquals(true, jsonObj.getBoolean("canUpdateProperties"));
+ assertEquals(true, jsonObj.getBoolean(can.propName()));
//try non-admin with sufficient privileges
testUserId3 = createTestUser();
@@ -247,7 +253,43 @@
assertNotNull(json);
jsonObj = parseJson(json);
- assertEquals(true, jsonObj.getBoolean("canUpdateProperties"));
+ assertEquals(true, jsonObj.getBoolean(can.propName()));
+ }
+
+ /**
+ * Checks whether the current user has been granted privileges
+ * to add a new user.
+ */
+ @Test
+ public void testCanAddUser() throws JsonException, IOException {
+ testCanAdd(CanAdd.USER);
+ }
+
+ /**
+ * Checks whether the current user has been granted privileges
+ * to add a new group.
+ */
+ @Test
+ public void testCanAddGroup() throws IOException, JsonException {
+ testCanAdd(CanAdd.GROUP);
+ }
+
+ /**
+ * Checks whether the current user has been granted privileges
+ * to update the properties of the specified user.
+ */
+ @Test
+ public void testCanUpdateUserProperties() throws IOException, JsonException {
+ testCanChange(CanChangeUser.UPDATE_PROPERTIES);
+ }
+
+ /**
+ * Checks whether the current user has been granted privileges
+ * to update the properties of the specified group.
+ */
+ @Test
+ public void testCanUpdateGroupProperties() throws IOException, JsonException {
+ testCanChange(CanChangeGroup.UPDATE_PROPERTIES);
}
/**
@@ -256,56 +298,7 @@
*/
@Test
public void testCanRemoveUser() throws IOException, JsonException {
- testUserId = createTestUser();
-
- //1. verify user can remove themselves as they have jcr:all permissions by default in the starter
- String getUrl = String.format("%s/system/userManager/user/%s.privileges-info.json", baseServerUri, testUserId);
-
- //fetch the JSON for the test page to verify the settings.
- Credentials testUserCreds = new UsernamePasswordCredentials(testUserId, "testPwd");
-
- String json = getAuthenticatedContent(testUserCreds, getUrl, CONTENT_TYPE_JSON, HttpServletResponse.SC_OK);
- assertNotNull(json);
- JsonObject jsonObj = parseJson(json);
-
- //user can remove themself
- assertEquals(true, jsonObj.getBoolean("canRemove"));
-
-
- //2. now try another user
- testUserId2 = createTestUser();
-
- //fetch the JSON for the test page to verify the settings.
- Credentials testUser2Creds = new UsernamePasswordCredentials(testUserId2, "testPwd");
-
- String json2 = getAuthenticatedContent(testUser2Creds, getUrl, CONTENT_TYPE_JSON, HttpServletResponse.SC_OK);
- assertNotNull(json2);
- JsonObject jsonObj2 = parseJson(json2);
-
- //user can not delete other users
- assertEquals(false, jsonObj2.getBoolean("canRemove"));
-
-
- //try admin user
- testUserCreds = new UsernamePasswordCredentials("admin", "admin");
-
- json = getAuthenticatedContent(testUserCreds, getUrl, CONTENT_TYPE_JSON, HttpServletResponse.SC_OK);
- assertNotNull(json);
- jsonObj = parseJson(json);
-
- assertEquals(true, jsonObj.getBoolean("canRemove"));
-
- //try non-admin with sufficient privileges
- testUserId3 = createTestUser();
- grantUserManagerRights(testUserId3);
-
- testUserCreds = new UsernamePasswordCredentials(testUserId3, "testPwd");
-
- json = getAuthenticatedContent(testUserCreds, getUrl, CONTENT_TYPE_JSON, HttpServletResponse.SC_OK);
- assertNotNull(json);
- jsonObj = parseJson(json);
-
- assertEquals(true, jsonObj.getBoolean("canRemove"));
+ testCanChange(CanChangeUser.REMOVE);
}
/**
@@ -314,42 +307,7 @@
*/
@Test
public void testCanRemoveGroup() throws IOException, JsonException {
- testGroupId = createTestGroup();
- testUserId = createTestUser();
-
- //1. Verify non admin user can not remove group
- String getUrl = String.format("%s/system/userManager/group/%s.privileges-info.json", baseServerUri, testGroupId);
-
- //fetch the JSON for the test page to verify the settings.
- Credentials testUserCreds = new UsernamePasswordCredentials(testUserId, "testPwd");
-
- String json = getAuthenticatedContent(testUserCreds, getUrl, CONTENT_TYPE_JSON, HttpServletResponse.SC_OK);
- assertNotNull(json);
- JsonObject jsonObj = parseJson(json);
-
- //normal user can not remove group
- assertEquals(false, jsonObj.getBoolean("canRemove"));
-
- //try admin user
- testUserCreds = new UsernamePasswordCredentials("admin", "admin");
-
- json = getAuthenticatedContent(testUserCreds, getUrl, CONTENT_TYPE_JSON, HttpServletResponse.SC_OK);
- assertNotNull(json);
- jsonObj = parseJson(json);
-
- assertEquals(true, jsonObj.getBoolean("canRemove"));
-
- //try non-admin with sufficient privileges
- testUserId3 = createTestUser();
- grantUserManagerRights(testUserId3);
-
- testUserCreds = new UsernamePasswordCredentials(testUserId3, "testPwd");
-
- json = getAuthenticatedContent(testUserCreds, getUrl, CONTENT_TYPE_JSON, HttpServletResponse.SC_OK);
- assertNotNull(json);
- jsonObj = parseJson(json);
-
- assertEquals(true, jsonObj.getBoolean("canRemove"));
+ testCanChange(CanChangeGroup.REMOVE);
}
/**
@@ -358,42 +316,7 @@
*/
@Test
public void testCanUpdateGroupMembers() throws IOException, JsonException {
- testGroupId = createTestGroup();
- testUserId = createTestUser();
-
- //1. Verify non admin user can not update group membership
- String getUrl = String.format("%s/system/userManager/group/%s.privileges-info.json", baseServerUri, testGroupId);
-
- //fetch the JSON for the test page to verify the settings.
- Credentials testUserCreds = new UsernamePasswordCredentials(testUserId, "testPwd");
-
- String json = getAuthenticatedContent(testUserCreds, getUrl, CONTENT_TYPE_JSON, HttpServletResponse.SC_OK);
- assertNotNull(json);
- JsonObject jsonObj = parseJson(json);
-
- //normal user can not remove group
- assertEquals(false, jsonObj.getBoolean("canUpdateGroupMembers"));
-
- //try admin user
- testUserCreds = new UsernamePasswordCredentials("admin", "admin");
-
- json = getAuthenticatedContent(testUserCreds, getUrl, CONTENT_TYPE_JSON, HttpServletResponse.SC_OK);
- assertNotNull(json);
- jsonObj = parseJson(json);
-
- assertEquals(true, jsonObj.getBoolean("canUpdateGroupMembers"));
-
- //try non-admin with sufficient privileges
- testUserId3 = createTestUser();
- grantUserManagerRights(testUserId3);
-
- testUserCreds = new UsernamePasswordCredentials(testUserId3, "testPwd");
-
- json = getAuthenticatedContent(testUserCreds, getUrl, CONTENT_TYPE_JSON, HttpServletResponse.SC_OK);
- assertNotNull(json);
- jsonObj = parseJson(json);
-
- assertEquals(true, jsonObj.getBoolean("canUpdateGroupMembers"));
+ testCanChange(CanChangeGroup.UPDATE_GROUP_MEMBERS);
}
/**
@@ -402,57 +325,7 @@
*/
@Test
public void testCanChangePassword() throws IOException, JsonException {
- testUserId = createTestUser();
-
- //1. verify user can update thier own password
- String getUrl = String.format("%s/system/userManager/user/%s.privileges-info.json", baseServerUri, testUserId);
-
- //fetch the JSON for the test page to verify the settings.
- Credentials testUserCreds = new UsernamePasswordCredentials(testUserId, "testPwd");
-
- String json = getAuthenticatedContent(testUserCreds, getUrl, CONTENT_TYPE_JSON, HttpServletResponse.SC_OK);
- assertNotNull(json);
- JsonObject jsonObj = parseJson(json);
-
- //user can update their own password
- assertEquals(true, jsonObj.getBoolean("canChangePassword"));
-
-
- //2. now try another user
- testUserId2 = createTestUser();
-
- //fetch the JSON for the test page to verify the settings.
- Credentials testUser2Creds = new UsernamePasswordCredentials(testUserId2, "testPwd");
-
- String json2 = getAuthenticatedContent(testUser2Creds, getUrl, CONTENT_TYPE_JSON, HttpServletResponse.SC_OK);
- assertNotNull(json2);
- JsonObject jsonObj2 = parseJson(json2);
-
- //user can not update other users password
- assertEquals(false, jsonObj2.getBoolean("canChangePassword"));
-
-
- //try admin user
- testUserCreds = new UsernamePasswordCredentials("admin", "admin");
-
- json = getAuthenticatedContent(testUserCreds, getUrl, CONTENT_TYPE_JSON, HttpServletResponse.SC_OK);
- assertNotNull(json);
- jsonObj = parseJson(json);
-
- assertEquals(true, jsonObj.getBoolean("canChangePassword"));
-
- //try non-admin with sufficient privileges
- testUserId3 = createTestUser();
- grantUserManagerRights(testUserId3);
-
- testUserCreds = new UsernamePasswordCredentials(testUserId3, "testPwd");
-
- json = getAuthenticatedContent(testUserCreds, getUrl, CONTENT_TYPE_JSON, HttpServletResponse.SC_OK);
- assertNotNull(json);
- jsonObj = parseJson(json);
-
- //user can update other users password
- assertEquals(true, jsonObj.getBoolean("canChangePassword"));
+ testCanChange(CanChangeUser.CHANGE_PASSWORD);
}
/**
@@ -461,58 +334,7 @@
*/
@Test
public void testCanDisable() throws IOException, JsonException {
- testUserId = createTestUser();
-
- //1. verify user can disable themselves
- String getUrl = String.format("%s/system/userManager/user/%s.privileges-info.json", baseServerUri, testUserId);
-
- //fetch the JSON for the test page to verify the settings.
- Credentials testUserCreds = new UsernamePasswordCredentials(testUserId, "testPwd");
-
- String json = getAuthenticatedContent(testUserCreds, getUrl, CONTENT_TYPE_JSON, HttpServletResponse.SC_OK);
- assertNotNull(json);
- JsonObject jsonObj = parseJson(json);
-
- //user can can disable themselves
- assertEquals(true, jsonObj.getBoolean("canDisable"));
-
-
- //2. now try another user
- testUserId2 = createTestUser();
-
- //fetch the JSON for the test page to verify the settings.
- Credentials testUser2Creds = new UsernamePasswordCredentials(testUserId2, "testPwd");
-
- String json2 = getAuthenticatedContent(testUser2Creds, getUrl, CONTENT_TYPE_JSON, HttpServletResponse.SC_OK);
- assertNotNull(json2);
- JsonObject jsonObj2 = parseJson(json2);
-
- //user can not disable other user
- assertEquals(false, jsonObj2.getBoolean("canDisable"));
-
-
- //try admin user
- testUserCreds = new UsernamePasswordCredentials("admin", "admin");
-
- json = getAuthenticatedContent(testUserCreds, getUrl, CONTENT_TYPE_JSON, HttpServletResponse.SC_OK);
- assertNotNull(json);
- jsonObj = parseJson(json);
-
- //admin can disable other user
- assertEquals(true, jsonObj.getBoolean("canDisable"));
-
- //try non-admin with sufficient privileges
- testUserId3 = createTestUser();
- grantUserManagerRights(testUserId3);
-
- testUserCreds = new UsernamePasswordCredentials(testUserId3, "testPwd");
-
- json = getAuthenticatedContent(testUserCreds, getUrl, CONTENT_TYPE_JSON, HttpServletResponse.SC_OK);
- assertNotNull(json);
- jsonObj = parseJson(json);
-
- //user can disable other user
- assertEquals(true, jsonObj.getBoolean("canDisable"));
+ testCanChange(CanChangeUser.DISABLE);
}
}