| /* |
| * Licensed to the Apache Software Foundation (ASF) under one |
| * or more contributor license agreements. See the NOTICE file |
| * distributed with this work for additional information |
| * regarding copyright ownership. The ASF licenses this file |
| * to you under the Apache License, Version 2.0 (the |
| * "License"); you may not use this file except in compliance |
| * with the License. You may obtain a copy of the License at |
| * |
| * http://www.apache.org/licenses/LICENSE-2.0 |
| * |
| * Unless required by applicable law or agreed to in writing, |
| * software distributed under the License is distributed on an |
| * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY |
| * KIND, either express or implied. See the License for the |
| * specific language governing permissions and limitations |
| * under the License. |
| */ |
| package org.apache.sling.resourceaccesssecurity.impl; |
| |
| |
| import junit.framework.TestCase; |
| import org.apache.sling.api.resource.ModifiableValueMap; |
| import org.apache.sling.api.resource.Resource; |
| import org.apache.sling.api.resource.ValueMap; |
| import org.apache.sling.api.security.ResourceAccessSecurity; |
| import org.apache.sling.resourceaccesssecurity.ResourceAccessGate; |
| import org.junit.Before; |
| import org.junit.Test; |
| import org.osgi.framework.Bundle; |
| import org.osgi.framework.BundleContext; |
| import org.osgi.framework.ServiceReference; |
| |
| |
| import static org.junit.Assert.assertFalse; |
| import static org.junit.Assert.assertNull; |
| import static org.mockito.Mockito.mock; |
| import static org.mockito.Mockito.times; |
| import static org.mockito.Mockito.when; |
| import static org.mockito.Mockito.verify; |
| |
| import static org.junit.Assert.assertTrue; |
| |
| public class ResourceAccessSecurityImplTests { |
| |
| ServiceReference serviceReference; |
| ResourceAccessSecurity resourceAccessSecurity; |
| ResourceAccessGate resourceAccessGate; |
| |
| @Before |
| public void setUp() { |
| resourceAccessSecurity = new ProviderResourceAccessSecurityImpl(); |
| } |
| |
| |
| @Test |
| public void testCanUpdate(){ |
| initMocks("/content", new String[] { "update"} ); |
| |
| Resource resource = mock(Resource.class); |
| when(resource.getPath()).thenReturn("/content"); |
| when(resourceAccessGate.canUpdate(resource)).thenReturn(ResourceAccessGate.GateResult.GRANTED); |
| assertTrue(resourceAccessSecurity.canUpdate(resource)); |
| } |
| |
| @Test |
| public void testCannotUpdate(){ |
| initMocks("/content", new String[] { "update"} ); |
| |
| Resource resource = mock(Resource.class); |
| when(resource.getPath()).thenReturn("/content"); |
| when(resourceAccessGate.canUpdate(resource)).thenReturn(ResourceAccessGate.GateResult.DENIED); |
| assertFalse(resourceAccessSecurity.canUpdate(resource)); |
| } |
| |
| @Test |
| public void testCannotUpdateWrongPath(){ |
| initMocks("/content", new String[] { "update"} ); |
| |
| Resource resource = mock(Resource.class); |
| when(resource.getPath()).thenReturn("/wrongcontent"); |
| when(resourceAccessGate.canUpdate(resource)).thenReturn(ResourceAccessGate.GateResult.GRANTED); |
| assertFalse(resourceAccessSecurity.canUpdate(resource)); |
| } |
| |
| @Test |
| public void testCanUpdateUsingReadableResource(){ |
| // one needs to have also read rights to obtain the resource |
| |
| initMocks("/content", new String[] { "read", "update"} ); |
| |
| Resource resource = mock(Resource.class); |
| when(resource.getPath()).thenReturn("/content"); |
| |
| ModifiableValueMap valueMap = mock(ModifiableValueMap.class); |
| when(resource.adaptTo(ModifiableValueMap.class)).thenReturn(valueMap); |
| |
| when(resourceAccessGate.canRead(resource)).thenReturn(ResourceAccessGate.GateResult.GRANTED); |
| when(resourceAccessGate.canUpdate(resource)).thenReturn(ResourceAccessGate.GateResult.GRANTED); |
| Resource readableResource = resourceAccessSecurity.getReadableResource(resource); |
| |
| ModifiableValueMap resultValueMap = readableResource.adaptTo(ModifiableValueMap.class); |
| |
| |
| resultValueMap.put("modified", "value"); |
| |
| verify(valueMap, times(1)).put("modified", "value"); |
| } |
| |
| |
| @Test |
| public void testCannotUpdateUsingReadableResourceIfCannotRead(){ |
| initMocks("/content", new String[] { "read", "update"} ); |
| |
| Resource resource = mock(Resource.class); |
| when(resource.getPath()).thenReturn("/content"); |
| |
| ModifiableValueMap valueMap = mock(ModifiableValueMap.class); |
| when(resource.adaptTo(ModifiableValueMap.class)).thenReturn(valueMap); |
| |
| when(resourceAccessGate.canRead(resource)).thenReturn(ResourceAccessGate.GateResult.DENIED); |
| when(resourceAccessGate.canUpdate(resource)).thenReturn(ResourceAccessGate.GateResult.GRANTED); |
| Resource readableResource = resourceAccessSecurity.getReadableResource(resource); |
| |
| |
| assertNull(readableResource); |
| } |
| |
| |
| @Test |
| public void testCannotUpdateUsingReadableResourceIfCannotUpdate(){ |
| initMocks("/content", new String[] { "read", "update"} ); |
| |
| Resource resource = mock(Resource.class); |
| when(resource.getPath()).thenReturn("/content"); |
| |
| ModifiableValueMap valueMap = mock(ModifiableValueMap.class); |
| when(resource.adaptTo(ModifiableValueMap.class)).thenReturn(valueMap); |
| |
| when(resourceAccessGate.canRead(resource)).thenReturn(ResourceAccessGate.GateResult.GRANTED); |
| when(resourceAccessGate.canUpdate(resource)).thenReturn(ResourceAccessGate.GateResult.DENIED); |
| Resource readableResource = resourceAccessSecurity.getReadableResource(resource); |
| |
| ModifiableValueMap resultValueMap = readableResource.adaptTo(ModifiableValueMap.class); |
| |
| assertNull(resultValueMap); |
| } |
| |
| |
| @Test |
| public void testCannotUpdateAccidentallyUsingReadableResourceIfCannotUpdate(){ |
| initMocks("/content", new String[] { "read", "update"} ); |
| |
| Resource resource = mock(Resource.class); |
| when(resource.getPath()).thenReturn("/content"); |
| |
| ModifiableValueMap valueMap = mock(ModifiableValueMap.class); |
| when(resource.adaptTo(ModifiableValueMap.class)).thenReturn(valueMap); |
| |
| when(resourceAccessGate.canRead(resource)).thenReturn(ResourceAccessGate.GateResult.GRANTED); |
| when(resourceAccessGate.canUpdate(resource)).thenReturn(ResourceAccessGate.GateResult.DENIED); |
| Resource readableResource = resourceAccessSecurity.getReadableResource(resource); |
| |
| ValueMap resultValueMap = readableResource.adaptTo(ValueMap.class); |
| |
| resultValueMap.put("modified", "value"); |
| |
| verify(valueMap, times(0)).put("modified", "value"); |
| } |
| |
| private void initMocks(String path, String[] operations){ |
| serviceReference = mock(ServiceReference.class); |
| Bundle bundle = mock(Bundle.class); |
| BundleContext bundleContext = mock(BundleContext.class); |
| resourceAccessGate = mock(ResourceAccessGate.class); |
| |
| when(serviceReference.getBundle()).thenReturn(bundle); |
| when(bundle.getBundleContext()).thenReturn(bundleContext); |
| when(bundleContext.getService(serviceReference)).thenReturn(resourceAccessGate); |
| |
| when(serviceReference.getProperty(ResourceAccessGate.PATH)).thenReturn(path); |
| when(serviceReference.getProperty(ResourceAccessGate.OPERATIONS)).thenReturn(operations); |
| |
| ((ProviderResourceAccessSecurityImpl) resourceAccessSecurity).bindResourceAccessGate(serviceReference); |
| } |
| |
| |
| |
| } |