Google Git
Sign in
apache / sling-org-apache-sling-launchpad-testing / 6e154e79e91e32ec97483b734208d5ae490eaa6d / . / src / test / java / org / apache / sling / launchpad / webapp / integrationtest / userManager / PrivilegesInfoTest.java
blob: 9d878cae31a002df1188d722895363d2054581c1 [file] [log] [blame]
/*
* Licensed to the Apache Software Foundation (ASF) under one or more
* contributor license agreements. See the NOTICE file distributed with
* this work for additional information regarding copyright ownership.
* The ASF licenses this file to You under the Apache License, Version 2.0
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.apache.sling.launchpad.webapp.integrationtest.userManager;
import java.io.IOException;
import java.util.ArrayList;
import java.util.HashSet;
import java.util.List;
import java.util.Set;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.httpclient.Credentials;
import org.apache.commons.httpclient.NameValuePair;
import org.apache.commons.httpclient.UsernamePasswordCredentials;
import org.apache.sling.commons.json.JSONException;
import org.apache.sling.commons.json.JSONObject;
/**
* Tests for the PrivilegesInfo Script Helper
*/
public class PrivilegesInfoTest extends AbstractUserManagerTest {
String testUserId = null;
String testUserId2 = null;
String testGroupId = null;
String testFolderUrl = null;
Set<String> toDelete = new HashSet<String>();
@Override
protected void setUp() throws Exception {
super.setUp();
// Script for server-side PrivilegeInfo calculations
String scriptPath = "/apps/sling/servlet/default";
testClient.mkdirs(WEBDAV_BASE_URL, scriptPath);
toDelete.add(uploadTestScript(scriptPath,
"usermanager/privileges-info.json.esp",
"privileges-info.json.esp"));
}
@Override
protected void tearDown() throws Exception {
super.tearDown();
Credentials creds = new UsernamePasswordCredentials("admin", "admin");
if (testFolderUrl != null) {
//remove the test user if it exists.
String postUrl = testFolderUrl;
List<NameValuePair> postParams = new ArrayList<NameValuePair>();
postParams.add(new NameValuePair(":operation", "delete"));
assertAuthenticatedPostStatus(creds, postUrl, HttpServletResponse.SC_OK, postParams, null);
}
if (testGroupId != null) {
//remove the test user if it exists.
String postUrl = HTTP_BASE_URL + "/system/userManager/group/" + testGroupId + ".delete.html";
List<NameValuePair> postParams = new ArrayList<NameValuePair>();
assertAuthenticatedPostStatus(creds, postUrl, HttpServletResponse.SC_OK, postParams, null);
}
if (testUserId != null) {
//remove the test user if it exists.
String postUrl = HTTP_BASE_URL + "/system/userManager/user/" + testUserId + ".delete.html";
List<NameValuePair> postParams = new ArrayList<NameValuePair>();
assertAuthenticatedPostStatus(creds, postUrl, HttpServletResponse.SC_OK, postParams, null);
}
if (testUserId2 != null) {
//remove the test user if it exists.
String postUrl = HTTP_BASE_URL + "/system/userManager/user/" + testUserId2 + ".delete.html";
List<NameValuePair> postParams = new ArrayList<NameValuePair>();
assertAuthenticatedPostStatus(creds, postUrl, HttpServletResponse.SC_OK, postParams, null);
}
for(String script : toDelete) {
testClient.delete(script);
}
}
/**
* Checks whether the current user has been granted privileges
* to add a new user.
*/
public void testCanAddUser() throws JSONException, IOException {
testUserId = createTestUser();
String getUrl = HTTP_BASE_URL + "/system/userManager/user/" + testUserId + ".privileges-info.json";
//fetch the JSON for the test page to verify the settings.
Credentials testUserCreds = new UsernamePasswordCredentials(testUserId, "testPwd");
String json = getAuthenticatedContent(testUserCreds, getUrl, CONTENT_TYPE_JSON, null, HttpServletResponse.SC_OK);
assertNotNull(json);
JSONObject jsonObj = new JSONObject(json);
assertEquals(false, jsonObj.getBoolean("canAddUser"));
//now add the user to the 'User Admin' group.
addUserToUserAdminGroup(testUserId);
//fetch the JSON again
String json2 = getAuthenticatedContent(testUserCreds, getUrl, CONTENT_TYPE_JSON, null, HttpServletResponse.SC_OK);
assertNotNull(json2);
JSONObject jsonObj2 = new JSONObject(json2);
assertEquals(true, jsonObj2.getBoolean("canAddUser"));
}
/**
* Checks whether the current user has been granted privileges
* to add a new group.
*/
public void testCanAddGroup() throws IOException, JSONException {
testUserId = createTestUser();
String getUrl = HTTP_BASE_URL + "/system/userManager/user/" + testUserId + ".privileges-info.json";
//fetch the JSON for the test page to verify the settings.
Credentials testUserCreds = new UsernamePasswordCredentials(testUserId, "testPwd");
String json = getAuthenticatedContent(testUserCreds, getUrl, CONTENT_TYPE_JSON, null, HttpServletResponse.SC_OK);
assertNotNull(json);
JSONObject jsonObj = new JSONObject(json);
assertEquals(false, jsonObj.getBoolean("canAddGroup"));
//now add the user to the 'Group Admin' group.
addUserToGroupAdminGroup(testUserId);
//fetch the JSON again
String json2 = getAuthenticatedContent(testUserCreds, getUrl, CONTENT_TYPE_JSON, null, HttpServletResponse.SC_OK);
assertNotNull(json2);
JSONObject jsonObj2 = new JSONObject(json2);
assertEquals(true, jsonObj2.getBoolean("canAddGroup"));
}
/**
* Checks whether the current user has been granted privileges
* to update the properties of the specified user.
*/
public void testCanUpdateUserProperties() throws IOException, JSONException {
testUserId = createTestUser();
//1. verify user can update thier own properties
String getUrl = HTTP_BASE_URL + "/system/userManager/user/" + testUserId + ".privileges-info.json";
//fetch the JSON for the test page to verify the settings.
Credentials testUserCreds = new UsernamePasswordCredentials(testUserId, "testPwd");
String json = getAuthenticatedContent(testUserCreds, getUrl, CONTENT_TYPE_JSON, null, HttpServletResponse.SC_OK);
assertNotNull(json);
JSONObject jsonObj = new JSONObject(json);
//user can update their own properties
assertEquals(true, jsonObj.getBoolean("canUpdateProperties"));
//2. now try another user
testUserId2 = createTestUser();
//fetch the JSON for the test page to verify the settings.
Credentials testUser2Creds = new UsernamePasswordCredentials(testUserId2, "testPwd");
String json2 = getAuthenticatedContent(testUser2Creds, getUrl, CONTENT_TYPE_JSON, null, HttpServletResponse.SC_OK);
assertNotNull(json2);
JSONObject jsonObj2 = new JSONObject(json2);
//user can not update other users properties
assertEquals(false, jsonObj2.getBoolean("canUpdateProperties"));
//3. now add the user to the 'User Admin' group.
addUserToUserAdminGroup(testUserId2);
//fetch the JSON again
String json3 = getAuthenticatedContent(testUser2Creds, getUrl, CONTENT_TYPE_JSON, null, HttpServletResponse.SC_OK);
assertNotNull(json3);
JSONObject jsonObj3 = new JSONObject(json3);
//user in 'User Admin' group can update the properties of other users
assertEquals(true, jsonObj3.getBoolean("canUpdateProperties"));
}
/**
* Checks whether the current user has been granted privileges
* to update the properties of the specified group.
*/
public void testCanUpdateGroupProperties() throws IOException, JSONException {
testGroupId = createTestGroup();
testUserId = createTestUser();
//1. Verify non admin user can not update group properties
String getUrl = HTTP_BASE_URL + "/system/userManager/group/" + testGroupId + ".privileges-info.json";
//fetch the JSON for the test page to verify the settings.
Credentials testUserCreds = new UsernamePasswordCredentials(testUserId, "testPwd");
String json = getAuthenticatedContent(testUserCreds, getUrl, CONTENT_TYPE_JSON, null, HttpServletResponse.SC_OK);
assertNotNull(json);
JSONObject jsonObj = new JSONObject(json);
//normal user can not update group properties
assertEquals(false, jsonObj.getBoolean("canUpdateProperties"));
//2. now add the user to the 'Group Admin' group.
addUserToGroupAdminGroup(testUserId);
//fetch the JSON again
String json2 = getAuthenticatedContent(testUserCreds, getUrl, CONTENT_TYPE_JSON, null, HttpServletResponse.SC_OK);
assertNotNull(json2);
JSONObject jsonObj2 = new JSONObject(json2);
//user in 'Group Admin' group can update the properties of groups
assertEquals(true, jsonObj2.getBoolean("canUpdateProperties"));
}
/**
* Checks whether the current user has been granted privileges
* to remove the specified user.
*/
public void testCanRemoveUser() throws IOException, JSONException {
testUserId = createTestUser();
//1. verify user can not remove themselves
String getUrl = HTTP_BASE_URL + "/system/userManager/user/" + testUserId + ".privileges-info.json";
//fetch the JSON for the test page to verify the settings.
Credentials testUserCreds = new UsernamePasswordCredentials(testUserId, "testPwd");
String json = getAuthenticatedContent(testUserCreds, getUrl, CONTENT_TYPE_JSON, null, HttpServletResponse.SC_OK);
assertNotNull(json);
JSONObject jsonObj = new JSONObject(json);
//user can not remove themselves
assertEquals(false, jsonObj.getBoolean("canRemove"));
//2. now try another user
testUserId2 = createTestUser();
//fetch the JSON for the test page to verify the settings.
Credentials testUser2Creds = new UsernamePasswordCredentials(testUserId2, "testPwd");
String json2 = getAuthenticatedContent(testUser2Creds, getUrl, CONTENT_TYPE_JSON, null, HttpServletResponse.SC_OK);
assertNotNull(json2);
JSONObject jsonObj2 = new JSONObject(json2);
//user can not delete other users
assertEquals(false, jsonObj2.getBoolean("canRemove"));
//3. now add the user to the 'User Admin' group.
addUserToUserAdminGroup(testUserId2);
//fetch the JSON again
String json3 = getAuthenticatedContent(testUser2Creds, getUrl, CONTENT_TYPE_JSON, null, HttpServletResponse.SC_OK);
assertNotNull(json3);
JSONObject jsonObj3 = new JSONObject(json3);
//user in 'User Admin' group can remove other users
assertEquals(true, jsonObj3.getBoolean("canRemove"));
}
/**
* Checks whether the current user has been granted privileges
* to remove the specified group.
*/
public void testCanRemoveGroup() throws IOException, JSONException {
testGroupId = createTestGroup();
testUserId = createTestUser();
//1. Verify non admin user can not remove group
String getUrl = HTTP_BASE_URL + "/system/userManager/group/" + testGroupId + ".privileges-info.json";
//fetch the JSON for the test page to verify the settings.
Credentials testUserCreds = new UsernamePasswordCredentials(testUserId, "testPwd");
String json = getAuthenticatedContent(testUserCreds, getUrl, CONTENT_TYPE_JSON, null, HttpServletResponse.SC_OK);
assertNotNull(json);
JSONObject jsonObj = new JSONObject(json);
//normal user can not remove group
assertEquals(false, jsonObj.getBoolean("canRemove"));
//2. now add the user to the 'Group Admin' group.
addUserToGroupAdminGroup(testUserId);
//fetch the JSON again
String json2 = getAuthenticatedContent(testUserCreds, getUrl, CONTENT_TYPE_JSON, null, HttpServletResponse.SC_OK);
assertNotNull(json2);
JSONObject jsonObj2 = new JSONObject(json2);
//user in 'Group Admin' group can update the properties of groups
assertEquals(true, jsonObj2.getBoolean("canRemove"));
}
/**
* Checks whether the current user has been granted privileges
* to update the membership of the specified group.
*/
public void testCanUpdateGroupMembers() throws IOException, JSONException {
testGroupId = createTestGroup();
testUserId = createTestUser();
//1. Verify non admin user can not update group membership
String getUrl = HTTP_BASE_URL + "/system/userManager/group/" + testGroupId + ".privileges-info.json";
//fetch the JSON for the test page to verify the settings.
Credentials testUserCreds = new UsernamePasswordCredentials(testUserId, "testPwd");
String json = getAuthenticatedContent(testUserCreds, getUrl, CONTENT_TYPE_JSON, null, HttpServletResponse.SC_OK);
assertNotNull(json);
JSONObject jsonObj = new JSONObject(json);
//normal user can not remove group
assertEquals(false, jsonObj.getBoolean("canUpdateGroupMembers"));
//2. now add the user to the 'Group Admin' group.
addUserToGroupAdminGroup(testUserId);
//fetch the JSON again
String json2 = getAuthenticatedContent(testUserCreds, getUrl, CONTENT_TYPE_JSON, null, HttpServletResponse.SC_OK);
assertNotNull(json2);
JSONObject jsonObj2 = new JSONObject(json2);
//user in 'Group Admin' group can update the membership of groups
assertEquals(true, jsonObj2.getBoolean("canUpdateGroupMembers"));
//3. remove user from the 'Group Admin' group
removeUserFromGroup(testUserId, "GroupAdmin");
//fetch the JSON again
String json3 = getAuthenticatedContent(testUserCreds, getUrl, CONTENT_TYPE_JSON, null, HttpServletResponse.SC_OK);
assertNotNull(json3);
JSONObject jsonObj3 = new JSONObject(json3);
//user not in 'Group Admin' group can not update the membership of groups
assertEquals(false, jsonObj3.getBoolean("canUpdateGroupMembers"));
//4. add user to the 'User Admin' group
addUserToUserAdminGroup(testUserId);
//fetch the JSON again
String json4 = getAuthenticatedContent(testUserCreds, getUrl, CONTENT_TYPE_JSON, null, HttpServletResponse.SC_OK);
assertNotNull(json4);
JSONObject jsonObj4 = new JSONObject(json4);
//user in 'User Admin' group can update the membership of groups
assertEquals(true, jsonObj4.getBoolean("canUpdateGroupMembers"));
}
}