git.aero2k.de Git - tmp/jakarta-migration.git/blob

   1 /**
   2  *  This document is a part of the source code and related artifacts
   3  *  for CollectionSpace, an open source collections management system
   4  *  for museums and related institutions:
   5
   6  *  http://www.collectionspace.org
   7  *  http://wiki.collectionspace.org
   8
   9  *  Copyright 2010 University of California at Berkeley
  10
  11  *  Licensed under the Educational Community License (ECL), Version 2.0.
  12  *  You may not use this file except in compliance with this License.
  13
  14  *  You may obtain a copy of the ECL 2.0 License at
  15
  16  *  https://source.collectionspace.org/collection-space/LICENSE.txt
  17
  18  *  Unless required by applicable law or agreed to in writing, software
  19  *  distributed under the License is distributed on an "AS IS" BASIS,
  20  *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  21  *  See the License for the specific language governing permissions and
  22  *  limitations under the License.
  23  */
  24 /*
  25  * To change this template, choose Tools | Templates
  26  * and open the template in the editor.
  27  */
  28 package org.collectionspace.services.security.client.test;
  29
  30 import java.util.ArrayList;
  31 import java.util.Collection;
  32 import java.util.Date;
  33 import java.util.Hashtable;
  34 import java.util.List;
  35 import javax.ws.rs.core.MediaType;
  36 import javax.ws.rs.core.Response;
  37 import org.collectionspace.services.account.AccountsCommon;
  38 import org.collectionspace.services.authorization.AccountRole;
  39 import org.collectionspace.services.authorization.AccountValue;
  40 import org.collectionspace.services.authorization.perms.ActionType;
  41 import org.collectionspace.services.authorization.perms.EffectType;
  42
  43 import org.collectionspace.services.authorization.perms.Permission;
  44 import org.collectionspace.services.authorization.perms.PermissionAction;
  45 import org.collectionspace.services.authorization.PermissionRole;
  46 import org.collectionspace.services.authorization.PermissionValue;
  47 import org.collectionspace.services.authorization.Role;
  48 import org.collectionspace.services.authorization.RoleValue;
  49 import org.collectionspace.services.client.AccountClient;
  50 import org.collectionspace.services.client.AccountFactory;
  51 import org.collectionspace.services.client.AccountRoleClient;
  52 import org.collectionspace.services.client.AccountRoleFactory;
  53 import org.collectionspace.services.client.CollectionSpaceClient;
  54 import org.collectionspace.services.client.DimensionClient;
  55 import org.collectionspace.services.client.DimensionFactory;
  56 import org.collectionspace.services.client.IntakeClient;
  57 import org.collectionspace.services.client.PayloadOutputPart;
  58 import org.collectionspace.services.client.PermissionClient;
  59 import org.collectionspace.services.client.PermissionFactory;
  60 import org.collectionspace.services.client.PermissionRoleClient;
  61 import org.collectionspace.services.client.PermissionRoleFactory;
  62 import org.collectionspace.services.client.PoxPayloadIn;
  63 import org.collectionspace.services.client.PoxPayloadOut;
  64 import org.collectionspace.services.client.RoleClient;
  65 import org.collectionspace.services.client.RoleFactory;
  66 import org.collectionspace.services.client.test.AbstractServiceTestImpl;
  67 import org.collectionspace.services.dimension.DimensionsCommon;
  68 import org.collectionspace.services.intake.IntakesCommon;
  69 import org.collectionspace.services.jaxb.AbstractCommonList;
  70 import org.jboss.resteasy.client.ClientResponse;
  71 import org.jboss.resteasy.plugins.providers.multipart.MultipartInput;
  72 import org.jboss.resteasy.plugins.providers.multipart.MultipartOutput;
  73 import org.jboss.resteasy.plugins.providers.multipart.OutputPart;
  74
  75 import org.testng.Assert;
  76 import org.testng.annotations.Test;
  77
  78 import org.slf4j.Logger;
  79 import org.slf4j.LoggerFactory;
  80 import org.testng.annotations.AfterClass;
  81 import org.testng.annotations.BeforeClass;
  82
  83 /**
  84  * AuthorizationServiceTest, carries out tests against a
  85  * deployed and running Permission, Role, AccountRole, PermissionRole and
  86  * CollectionObject Services.
  87  *
  88  * Pre-requisite : authorization-mgt/client tests seed some permissions used
  89  * by this test
  90  *
  91  * $LastChangedRevision: 917 $
  92  * $LastChangedDate: 2009-11-06 12:20:28 -0800 (Fri, 06 Nov 2009) $
  93  */
  94 public class AuthorizationServiceTest extends AbstractServiceTestImpl {
  95
  96     private final String CLASS_NAME = AuthorizationServiceTest.class.getName();
  97     private final Logger logger = LoggerFactory.getLogger(CLASS_NAME);
  98     // Instance variables specific to this test.
  99     private String knownResourceId = null;
 100     private List<String> allResourceIdsCreated = new ArrayList();
 101     //key for accValues is userId
 102     private Hashtable<String, AccountValue> accValues = new Hashtable<String, AccountValue>();
 103     //key for permValues is id as there could be several perms for the same resource
 104     private Hashtable<String, PermissionValue> permValues = new Hashtable<String, PermissionValue>();
 105     //key for roleValues is roleName
 106     private Hashtable<String, RoleValue> roleValues = new Hashtable<String, RoleValue>();
 107     private String bigbirdPermId;
 108     private String elmoPermId;
 109     private final static String TEST_SERVICE_NAME = "dimensions";
 110     private boolean accountRolesFlipped = false;
 111     /*
 112      * This method is called only by the parent class, AbstractServiceTestImpl
 113      */
 114
 115     @Override
 116         protected String getServiceName() {
 117         // no need to return anything but null since no auth resources are
 118         // accessed
 119         throw new UnsupportedOperationException();
 120         }
 121
 122     @Override
 123     protected String getServicePathComponent() {
 124         // no need to return anything but null since no auth resources are
 125         // accessed
 126         throw new UnsupportedOperationException();
 127     }
 128
 129     @BeforeClass(alwaysRun = true)
 130     public void seedData() {
 131         seedPermissions();
 132         seedRoles();
 133         seedAccounts();
 134         seedAccountRoles();
 135         seedPermissionRoles();
 136     }
 137
 138     private void seedPermissions() {
 139         String res = TEST_SERVICE_NAME;
 140
 141         PermissionAction pac = new PermissionAction();
 142         pac.setName(ActionType.CREATE);
 143         PermissionAction par = new PermissionAction();
 144         par.setName(ActionType.READ);
 145         PermissionAction pau = new PermissionAction();
 146         pau.setName(ActionType.UPDATE);
 147
 148
 149         //bigbird can create, read and update but not delete
 150         List<PermissionAction> bbactions = new ArrayList<PermissionAction>();
 151         bbactions.add(pac);
 152         bbactions.add(par);
 153         bbactions.add(pau);
 154         bigbirdPermId = createPermission(res, bbactions, EffectType.PERMIT);
 155         PermissionValue bbpv = new PermissionValue();
 156         bbpv.setResourceName(res);
 157         bbpv.setPermissionId(bigbirdPermId);
 158         permValues.put(bbpv.getPermissionId(), bbpv);
 159
 160         //elmo can only read
 161         List<PermissionAction> eactions = new ArrayList<PermissionAction>();
 162         eactions.add(par);
 163         elmoPermId = createPermission(res, eactions, EffectType.PERMIT);
 164         PermissionValue epv = new PermissionValue();
 165         epv.setResourceName(res);
 166         epv.setPermissionId(elmoPermId);
 167         permValues.put(epv.getPermissionId(), epv);
 168     }
 169
 170     private void seedRoles() {
 171         String rn1 = "ROLE_TEST_CM";
 172         String r1RoleId = createRole(rn1);
 173         RoleValue rv1 = new RoleValue();
 174         rv1.setRoleId(r1RoleId);
 175         rv1.setRoleName(rn1);
 176         roleValues.put(rv1.getRoleName(), rv1);
 177
 178         String rn2 = "ROLE_TEST_INTERN";
 179         String r2RoleId = createRole(rn2);
 180         RoleValue rv2 = new RoleValue();
 181         rv2.setRoleId(r2RoleId);
 182         rv2.setRoleName(rn2);
 183         roleValues.put(rv2.getRoleName(), rv2);
 184     }
 185
 186     private void seedAccounts() {
 187         String userId1 = "bigbird2010";
 188         String accId1 = createAccount(userId1, "bigbird@cspace.org");
 189         AccountValue av1 = new AccountValue();
 190         av1.setScreenName(userId1);
 191         av1.setUserId(userId1);
 192         av1.setAccountId(accId1);
 193         accValues.put(av1.getUserId(), av1);
 194
 195         String userId2 = "elmo2010";
 196         String accId2 = createAccount(userId2, "elmo@cspace.org");
 197         AccountValue av2 = new AccountValue();
 198         av2.setScreenName(userId2);
 199         av2.setUserId(userId2);
 200         av2.setAccountId(accId2);
 201         accValues.put(av2.getUserId(), av2);
 202
 203         String userId3 = "lockedOut";
 204         String accId3 = createAccount(userId3, "lockedOut@cspace.org");
 205         AccountValue av3 = new AccountValue();
 206         av3.setScreenName(userId3);
 207         av3.setUserId(userId3);
 208         av3.setAccountId(accId3);
 209         accValues.put(av3.getUserId(), av3);
 210     }
 211
 212     private void seedAccountRoles() {
 213
 214         List<RoleValue> bigbirdRoleValues = new ArrayList<RoleValue>();
 215         bigbirdRoleValues.add(roleValues.get("ROLE_TEST_CM"));
 216         createAccountRole(accValues.get("bigbird2010"), bigbirdRoleValues);
 217
 218         List<RoleValue> elmoRoleValues = new ArrayList<RoleValue>();
 219         elmoRoleValues.add(roleValues.get("ROLE_TEST_INTERN"));
 220         createAccountRole(accValues.get("elmo2010"), elmoRoleValues);
 221     }
 222
 223     private void seedPermissionRoles() {
 224
 225         List<RoleValue> bigbirdRoleValues = new ArrayList<RoleValue>();
 226         bigbirdRoleValues.add(roleValues.get("ROLE_TEST_CM"));
 227         createPermissionRole(permValues.get(bigbirdPermId), bigbirdRoleValues);
 228
 229         List<RoleValue> elmoRoleValues = new ArrayList<RoleValue>();
 230         elmoRoleValues.add(roleValues.get("ROLE_TEST_INTERN"));
 231         createPermissionRole(permValues.get(elmoPermId), elmoRoleValues);
 232
 233     }
 234
 235
 236     /* (non-Javadoc)
 237      * @see org.collectionspace.services.client.test.BaseServiceTest#getClientInstance()
 238      */
 239     @Override
 240     protected CollectionSpaceClient getClientInstance() {
 241         return null;
 242     }
 243
 244     /* (non-Javadoc)
 245      * @see org.collectionspace.services.client.test.BaseServiceTest#getAbstractCommonList(org.jboss.resteasy.client.ClientResponse)
 246      */
 247     @Override
 248     protected AbstractCommonList getAbstractCommonList(
 249             ClientResponse<AbstractCommonList> response) {
 250         //FIXME: http://issues.collectionspace.org/browse/CSPACE-1697
 251         throw new UnsupportedOperationException();
 252     }
 253
 254     @Test(dataProvider = "testName")
 255     @Override
 256     public void readPaginatedList(String testName) throws Exception {
 257         //FIXME: http://issues.collectionspace.org/browse/CSPACE-1697
 258     }
 259     // ---------------------------------------------------------------
 260     // CRUD tests : CREATE tests
 261     // ---------------------------------------------------------------
 262     // Success outcomes
 263
 264     @Override
 265     @Test(dataProvider = "testName", dataProviderClass = AbstractServiceTestImpl.class)
 266     public void create(String testName) throws Exception {
 267         if (logger.isDebugEnabled()) {
 268             logger.debug(testBanner(testName, CLASS_NAME));
 269         }
 270         setupCreate();
 271
 272         // Submit the request to the service and store the response.
 273         DimensionClient client = new DimensionClient();
 274         //bigbird allowed to create
 275         client.setAuth(true, "bigbird2010", true, "bigbird2010", true);
 276         String identifier = createIdentifier();
 277         DimensionsCommon dimension = new DimensionsCommon();
 278         dimension.setDimension("dimensionType");
 279         dimension.setMeasurementUnit("measurementUnit-" + identifier);
 280         dimension.setValueDate(new Date().toString());
 281         PoxPayloadOut multipart = DimensionFactory.createDimensionInstance(client.getCommonPartName(),
 282                 dimension);
 283         ClientResponse<Response> res = client.create(multipart);
 284
 285         int statusCode = res.getStatus();
 286
 287         if (logger.isDebugEnabled()) {
 288             logger.debug(testName + ": status = " + statusCode);
 289         }
 290         Assert.assertTrue(REQUEST_TYPE.isValidStatusCode(statusCode),
 291                 invalidStatusCodeMessage(REQUEST_TYPE, statusCode));
 292         Assert.assertEquals(statusCode, Response.Status.CREATED.getStatusCode());
 293         knownResourceId = extractId(res);
 294         if (logger.isDebugEnabled()) {
 295             logger.debug(testName + ": knownResourceId=" + knownResourceId);
 296         }
 297
 298         // Now verify that elmo cannot create
 299         client = new DimensionClient();
 300         client.setAuth(true, "elmo2010", true, "elmo2010", true);
 301         res = client.create(multipart);
 302
 303         statusCode = res.getStatus();
 304         if (logger.isDebugEnabled()) {
 305             logger.debug(testName + " (verify not allowed): status = " + statusCode);
 306         }
 307         Assert.assertTrue(REQUEST_TYPE.isValidStatusCode(statusCode),
 308                 invalidStatusCodeMessage(REQUEST_TYPE, statusCode));
 309         Assert.assertEquals(statusCode, Response.Status.FORBIDDEN.getStatusCode());
 310
 311         //Finally, verify that elmo has no access to Intakes
 312         // Submit the request to the service and store the response.
 313         IntakeClient iclient = new IntakeClient();
 314         iclient.setAuth(true, "elmo2010", true, "elmo2010", true);
 315         multipart = createIntakeInstance(
 316                 "entryNumber-" + identifier,
 317                 "entryDate-" + identifier,
 318                 "depositor-" + identifier);
 319         res = iclient.create(multipart);
 320         if (logger.isDebugEnabled()) {
 321             logger.debug(testName + " (verify create intake not allowed): status = " + statusCode);
 322         }
 323         Assert.assertTrue(REQUEST_TYPE.isValidStatusCode(statusCode),
 324                 invalidStatusCodeMessage(REQUEST_TYPE, statusCode));
 325         Assert.assertEquals(statusCode, Response.Status.FORBIDDEN.getStatusCode());
 326
 327     }
 328
 329     /**
 330      * Creates the intake instance.
 331      *
 332      * @param entryNumber the entry number
 333      * @param entryDate the entry date
 334      * @param depositor the depositor
 335      * @return the multipart output
 336      */
 337     private PoxPayloadOut createIntakeInstance(String entryNumber,
 338                 String entryDate,
 339                 String depositor) {
 340         IntakesCommon intake = new IntakesCommon();
 341         intake.setEntryNumber(entryNumber);
 342         intake.setEntryDate(entryDate);
 343         intake.setDepositor(depositor);
 344
 345         PoxPayloadOut multipart = new PoxPayloadOut(IntakeClient.SERVICE_PAYLOAD_NAME);
 346         PayloadOutputPart commonPart =
 347             multipart.addPart(intake, MediaType.APPLICATION_XML_TYPE);
 348         commonPart.setLabel(new IntakeClient().getCommonPartName());
 349
 350         if(logger.isDebugEnabled()){
 351             logger.debug("to be created, intake common");
 352             logger.debug(objectAsXmlString(intake, IntakesCommon.class));
 353         }
 354
 355         return multipart;
 356     }
 357
 358
 359     @Test(dataProvider = "testName", dataProviderClass = AbstractServiceTestImpl.class,
 360             dependsOnMethods = {"delete"})
 361     public void verifyCreateWithFlippedRoles(String testName) throws Exception {
 362         if (logger.isDebugEnabled()) {
 363             logger.debug(testBanner(testName, CLASS_NAME));
 364         }
 365         setupCreate();
 366
 367         // Submit the request to the service and store the response.
 368         DimensionClient client = new DimensionClient();
 369         flipInitialAccountRoles();
 370
 371         // Now verify that elmo can create
 372         client.setAuth(true, "elmo2010", true, "elmo2010", true);
 373         client = new DimensionClient();
 374
 375         String identifier = createIdentifier();
 376         DimensionsCommon dimension = new DimensionsCommon();
 377         dimension.setDimension("dimensionType");
 378         dimension.setMeasurementUnit("measurementUnit-" + identifier);
 379         dimension.setValueDate(new Date().toString());
 380         PoxPayloadOut multipart = DimensionFactory.createDimensionInstance(client.getCommonPartName(),
 381                 dimension);
 382         ClientResponse<Response> res = client.create(multipart);
 383
 384         int statusCode = res.getStatus();
 385
 386         if (logger.isDebugEnabled()) {
 387             logger.debug(testName + ": status = " + statusCode);
 388         }
 389         Assert.assertTrue(REQUEST_TYPE.isValidStatusCode(statusCode),
 390                 invalidStatusCodeMessage(REQUEST_TYPE, statusCode));
 391         Assert.assertEquals(statusCode, Response.Status.CREATED.getStatusCode());
 392         knownResourceId = extractId(res);
 393         if (logger.isDebugEnabled()) {
 394             logger.debug(testName + ": knownResourceId=" + knownResourceId);
 395         }
 396
 397         //bigbird no longer allowed to create
 398         client.setAuth(true, "bigbird2010", true, "bigbird2010", true);
 399         res = client.create(multipart);
 400
 401         statusCode = res.getStatus();
 402         if (logger.isDebugEnabled()) {
 403             logger.debug(testName + " (verify not allowed): status = " + statusCode);
 404         }
 405         Assert.assertTrue(REQUEST_TYPE.isValidStatusCode(statusCode),
 406                 invalidStatusCodeMessage(REQUEST_TYPE, statusCode));
 407         Assert.assertEquals(statusCode, Response.Status.FORBIDDEN.getStatusCode());
 408         restoreInitialAccountRoles();
 409     }
 410
 411     //to not cause uniqueness violation for permRole, createList is removed
 412     @Override
 413     @Test(dataProvider = "testName", dataProviderClass = AbstractServiceTestImpl.class,
 414     dependsOnMethods = {"create"})
 415     public void createList(String testName) throws Exception {
 416     }
 417
 418     // Failure outcomes
 419     // Placeholders until the three tests below can be uncommented.
 420     // See Issue CSPACE-401.
 421     @Override
 422     public void createWithEmptyEntityBody(String testName) throws Exception {
 423     }
 424
 425     @Override
 426     public void createWithMalformedXml(String testName) throws Exception {
 427     }
 428
 429     @Override
 430     public void createWithWrongXmlSchema(String testName) throws Exception {
 431     }
 432
 433     // ---------------------------------------------------------------
 434     // CRUD tests : READ tests
 435     // ---------------------------------------------------------------
 436     // Success outcomes
 437     @Override
 438     @Test(dataProvider = "testName", dataProviderClass = AbstractServiceTestImpl.class,
 439     dependsOnMethods = {"create"})
 440     public void read(String testName) throws Exception {
 441
 442         if (logger.isDebugEnabled()) {
 443             logger.debug(testBanner(testName, CLASS_NAME));
 444         }
 445         // Perform setup.
 446         setupRead();
 447
 448         // Submit the request to the service and store the response.
 449         DimensionClient client = new DimensionClient();
 450         //elmo allowed to read
 451         client.setAuth(true, "elmo2010", true, "elmo2010", true);
 452         ClientResponse<String> res = client.read(knownResourceId);
 453         assertStatusCode(res, testName);
 454
 455         PoxPayloadIn input = new PoxPayloadIn(res.getEntity());
 456         DimensionsCommon dimension = (DimensionsCommon) extractPart(input,
 457                 client.getCommonPartName(), DimensionsCommon.class);
 458         Assert.assertNotNull(dimension);
 459     }
 460
 461     @Test(dataProvider = "testName", dataProviderClass = AbstractServiceTestImpl.class,
 462             dependsOnMethods = {"read"})
 463     public void readLockedOut(String testName) throws Exception {
 464
 465         if (logger.isDebugEnabled()) {
 466             logger.debug(testBanner(testName, CLASS_NAME));
 467         }
 468         // Perform setup.
 469         setupRead();
 470
 471         // Submit the request to the service and store the response.
 472         DimensionClient client = new DimensionClient();
 473         //lockedOut allowed to read
 474         client.setAuth(true, "lockedOut", true, "lockedOut", true);
 475         ClientResponse<String> res = client.read(knownResourceId);
 476         int statusCode = res.getStatus();
 477
 478         // Check the status code of the response: does it match
 479         // the expected response(s)?
 480         if (logger.isDebugEnabled()) {
 481             logger.debug(testName + " (test lockedOut): status = " + statusCode);
 482         }
 483         Assert.assertTrue(REQUEST_TYPE.isValidStatusCode(statusCode),
 484                 invalidStatusCodeMessage(REQUEST_TYPE, statusCode));
 485         Assert.assertEquals(statusCode, Response.Status.FORBIDDEN.getStatusCode());
 486     }
 487
 488     // Failure outcomes
 489     @Override
 490     @Test(dataProvider = "testName", dataProviderClass = AbstractServiceTestImpl.class)
 491     public void readNonExistent(String testName) throws Exception {
 492
 493         // Perform setup.
 494         setupReadNonExistent();
 495     }
 496
 497     // ---------------------------------------------------------------
 498     // CRUD tests : READ_LIST tests
 499     // ---------------------------------------------------------------
 500     // Success outcomes
 501     @Override
 502     @Test(dataProvider = "testName", dataProviderClass = AbstractServiceTestImpl.class,
 503     dependsOnMethods = {"createList", "read"})
 504     public void readList(String testName) throws Exception {
 505         setupReadList();
 506     }
 507
 508     // Failure outcomes
 509     // None at present.
 510     // ---------------------------------------------------------------
 511     // CRUD tests : UPDATE tests
 512     // ---------------------------------------------------------------
 513     // Success outcomes
 514     @Override
 515     @Test(dataProvider = "testName", dataProviderClass = AbstractServiceTestImpl.class,
 516     dependsOnMethods = {"read", "readList", "readNonExistent"})
 517     public void update(String testName) throws Exception {
 518         setupUpdate();
 519
 520     }
 521
 522     @Test(dataProvider = "testName", dataProviderClass = AbstractServiceTestImpl.class,
 523     dependsOnMethods = {"read", "readList", "readNonExistent"})
 524     public void updateNotAllowed(String testName) throws Exception {
 525
 526         if (logger.isDebugEnabled()) {
 527             logger.debug(testBanner(testName, CLASS_NAME));
 528         }
 529         setupUpdate();
 530
 531         DimensionClient client = new DimensionClient();
 532
 533         //elmo not allowed to update
 534         client.setAuth(true, "elmo2010", true, "elmo2010", true);
 535
 536         DimensionsCommon dimension = new DimensionsCommon();
 537         dimension.setDimension("dimensionType");
 538         // Update the content of this resource.
 539         dimension.setMeasurementUnit("updated-" + dimension.getMeasurementUnit());
 540         dimension.setValueDate("updated-" + dimension.getValueDate());
 541         // Submit the request to the service and store the response.
 542         PoxPayloadOut output = new PoxPayloadOut(DimensionClient.SERVICE_PAYLOAD_NAME);
 543         PayloadOutputPart commonPart = output.addPart(dimension, MediaType.APPLICATION_XML_TYPE);
 544         commonPart.setLabel(client.getCommonPartName());
 545
 546         ClientResponse<String> res = client.update(knownResourceId, output);
 547         int statusCode = res.getStatus();
 548         // Check the status code of the response: does it match the expected response(s)?
 549         if (logger.isDebugEnabled()) {
 550             logger.debug(testName + ": status = " + statusCode);
 551         }
 552         Assert.assertTrue(REQUEST_TYPE.isValidStatusCode(statusCode),
 553                 invalidStatusCodeMessage(REQUEST_TYPE, statusCode));
 554         Assert.assertEquals(statusCode, Response.Status.FORBIDDEN.getStatusCode());
 555
 556         client = new DimensionClient();
 557
 558         //lockedOut not allowed to update
 559         client.setAuth(true, "lockedOut", true, "lockedOut", true);
 560         res = client.update(knownResourceId, output);
 561         statusCode = res.getStatus();
 562         // Check the status code of the response: does it match the expected response(s)?
 563         if (logger.isDebugEnabled()) {
 564             logger.debug(testName + ": (lockedOut) status = " + statusCode);
 565         }
 566         Assert.assertTrue(REQUEST_TYPE.isValidStatusCode(statusCode),
 567                 invalidStatusCodeMessage(REQUEST_TYPE, statusCode));
 568         Assert.assertEquals(statusCode, Response.Status.FORBIDDEN.getStatusCode());
 569
 570     }
 571
 572     // Failure outcomes
 573     // Placeholders until the three tests below can be uncommented.
 574     // See Issue CSPACE-401.
 575     @Override
 576     public void updateWithEmptyEntityBody(String testName) throws Exception {
 577     }
 578
 579     @Override
 580     public void updateWithMalformedXml(String testName) throws Exception {
 581     }
 582
 583     @Override
 584     public void updateWithWrongXmlSchema(String testName) throws Exception {
 585     }
 586
 587     @Override
 588     @Test(dataProvider = "testName", dataProviderClass = AbstractServiceTestImpl.class,
 589     dependsOnMethods = {"readNonExistent", "testSubmitRequest"})
 590     public void updateNonExistent(String testName) throws Exception {
 591     }
 592
 593     // ---------------------------------------------------------------
 594     // CRUD tests : DELETE tests
 595     // ---------------------------------------------------------------
 596     // Success outcomes
 597     @Test(dataProvider = "testName", dataProviderClass = AbstractServiceTestImpl.class,
 598     dependsOnMethods = {"updateNotAllowed"})
 599     public void deleteNotAllowed(String testName) throws Exception {
 600
 601         if (logger.isDebugEnabled()) {
 602             logger.debug(testBanner(testName, CLASS_NAME));
 603         }
 604         // Perform setup.
 605         setupDelete();
 606
 607         // Submit the request to the service and store the response.
 608         DimensionClient client = new DimensionClient();
 609         //bigbird can not delete
 610         client.setAuth(true, "bigbird2010", true, "bigbird2010", true);
 611         ClientResponse<Response> res = client.delete(knownResourceId);
 612         int statusCode = res.getStatus();
 613
 614         // Check the status code of the response: does it match
 615         // the expected response(s)?
 616         if (logger.isDebugEnabled()) {
 617             logger.debug(testName + ": status = " + statusCode);
 618         }
 619         Assert.assertTrue(REQUEST_TYPE.isValidStatusCode(statusCode),
 620                 invalidStatusCodeMessage(REQUEST_TYPE, statusCode));
 621         Assert.assertEquals(statusCode, Response.Status.FORBIDDEN.getStatusCode());
 622
 623     }
 624
 625     @Override
 626     @Test(dataProvider = "testName", dataProviderClass = AbstractServiceTestImpl.class,
 627     dependsOnMethods = {"deleteNotAllowed"})
 628     public void delete(String testName) throws Exception {
 629
 630         if (logger.isDebugEnabled()) {
 631             logger.debug(testBanner(testName, CLASS_NAME));
 632         }
 633         // Perform setup.
 634         setupDelete();
 635
 636         // Submit the request to the service and store the response.
 637         DimensionClient client = new DimensionClient();
 638
 639         ClientResponse<Response> res = client.delete(knownResourceId);
 640         int statusCode = res.getStatus();
 641
 642         // Check the status code of the response: does it match
 643         // the expected response(s)?
 644         if (logger.isDebugEnabled()) {
 645             logger.debug(testName + ": status = " + statusCode);
 646         }
 647         Assert.assertTrue(REQUEST_TYPE.isValidStatusCode(statusCode),
 648                 invalidStatusCodeMessage(REQUEST_TYPE, statusCode));
 649         Assert.assertEquals(statusCode, EXPECTED_STATUS_CODE);
 650
 651     }
 652
 653     // Failure outcomes
 654     @Override
 655     @Test(dataProvider = "testName", dataProviderClass = AbstractServiceTestImpl.class)
 656     public void deleteNonExistent(String testName) throws Exception {
 657         //ignoring this test as the service side returns 200 now even if it does
 658         //not find a record in the db
 659     }
 660
 661     // ---------------------------------------------------------------
 662     // Search tests
 663     // ---------------------------------------------------------------
 664
 665     @Override
 666     @Test(dataProvider = "testName", dataProviderClass = AbstractServiceTestImpl.class)
 667     public void searchWorkflowDeleted(String testName) throws Exception {
 668         // Fixme: null test for now, overriding test in base class
 669     }
 670
 671     // ---------------------------------------------------------------
 672     // Utility tests : tests of code used in tests above
 673     // ---------------------------------------------------------------
 674     /**
 675      * Tests the code for manually submitting data that is used by several
 676      * of the methods above.
 677      */
 678     @Test(dependsOnMethods = {"create"})
 679     public void testSubmitRequest() throws Exception {
 680     }
 681
 682     // ---------------------------------------------------------------
 683     // Utility methods used by tests above
 684     // ---------------------------------------------------------------
 685     @AfterClass(alwaysRun = true)
 686     public void cleanUp() {
 687         setupDelete();
 688         String noTest = System.getProperty("noTestCleanup");
 689         if (Boolean.TRUE.toString().equalsIgnoreCase(noTest)) {
 690             if (logger.isDebugEnabled()) {
 691                 logger.debug("Skipping Cleanup phase ...");
 692             }
 693             return;
 694         }
 695         if (logger.isDebugEnabled()) {
 696             logger.debug("Cleaning up temporary resources created for testing ...");
 697         }
 698
 699         deletePermissionRoles();
 700         deleteAccountRoles();
 701         //FIXME delete on permission deletes all associations with roles
 702         //this would delete association with ROLE_ADMINISTRATOR too
 703         //deletePermissions();
 704         deleteRoles();
 705         deleteAccounts();
 706     }
 707
 708     private void deletePermissionRoles() {
 709
 710         List<RoleValue> bigbirdRoleValues = new ArrayList<RoleValue>();
 711         bigbirdRoleValues.add(roleValues.get("ROLE_TEST_CM"));
 712         deletePermissionRole(permValues.get(bigbirdPermId), bigbirdRoleValues);
 713
 714         List<RoleValue> elmoRoleValues = new ArrayList<RoleValue>();
 715         elmoRoleValues.add(roleValues.get("ROLE_TEST_INTERN"));
 716         deletePermissionRole(permValues.get(elmoPermId), elmoRoleValues);
 717
 718     }
 719
 720     private void deleteAccountRoles() {
 721         List<RoleValue> bigbirdRoleValues = new ArrayList<RoleValue>();
 722         bigbirdRoleValues.add(roleValues.get("ROLE_TEST_CM"));
 723
 724         List<RoleValue> elmoRoleValues = new ArrayList<RoleValue>();
 725         elmoRoleValues.add(roleValues.get("ROLE_TEST_INTERN"));
 726         if(!accountRolesFlipped) {
 727                 deleteAccountRole(accValues.get("bigbird2010"), bigbirdRoleValues);
 728                 deleteAccountRole(accValues.get("elmo2010"), elmoRoleValues);
 729         } else {
 730                 deleteAccountRole(accValues.get("bigbird2010"), elmoRoleValues);
 731                 deleteAccountRole(accValues.get("elmo2010"),bigbirdRoleValues );
 732         }
 733     }
 734
 735     private void flipInitialAccountRoles() {
 736         if(!accountRolesFlipped) {
 737                 List<RoleValue> cmRoleValues = new ArrayList<RoleValue>();
 738                 List<RoleValue> internRoleValues = new ArrayList<RoleValue>();
 739                 cmRoleValues.add(roleValues.get("ROLE_TEST_CM"));
 740                 internRoleValues.add(roleValues.get("ROLE_TEST_INTERN"));
 741
 742                 deleteAccountRole(accValues.get("bigbird2010"), cmRoleValues);
 743                 deleteAccountRole(accValues.get("elmo2010"), internRoleValues);
 744
 745                 createAccountRole(accValues.get("bigbird2010"), internRoleValues);
 746                 createAccountRole(accValues.get("elmo2010"), cmRoleValues);
 747
 748                 accountRolesFlipped = true;
 749         }
 750     }
 751
 752     private void restoreInitialAccountRoles() {
 753         if(accountRolesFlipped) {
 754                 List<RoleValue> cmRoleValues = new ArrayList<RoleValue>();
 755                 List<RoleValue> internRoleValues = new ArrayList<RoleValue>();
 756                 cmRoleValues.add(roleValues.get("ROLE_TEST_CM"));
 757                 internRoleValues.add(roleValues.get("ROLE_TEST_INTERN"));
 758
 759                 deleteAccountRole(accValues.get("bigbird2010"), internRoleValues);
 760                 deleteAccountRole(accValues.get("elmo2010"), cmRoleValues);
 761
 762                 createAccountRole(accValues.get("bigbird2010"), internRoleValues);
 763                 createAccountRole(accValues.get("elmo2010"), cmRoleValues);
 764                 accountRolesFlipped = false;
 765         }
 766     }
 767
 768
 769
 770     private void deletePermissions() {
 771         //delete entities
 772         for (PermissionValue pv : permValues.values()) {
 773             deletePermission(pv.getPermissionId());
 774         }
 775     }
 776
 777     private void deleteRoles() {
 778         for (RoleValue rv : roleValues.values()) {
 779             deleteRole(rv.getRoleId());
 780         }
 781     }
 782
 783     private void deleteAccounts() {
 784
 785         for (AccountValue av1 : accValues.values()) {
 786             deleteAccount(av1.getAccountId());
 787         }
 788     }
 789
 790     private String createPermission(String resName, EffectType effect) {
 791         List<PermissionAction> actions = PermissionFactory.createDefaultActions();
 792         return createPermission(resName, actions, effect);
 793     }
 794
 795     private String createPermission(String resName,
 796             List<PermissionAction> actions, EffectType effect) {
 797         setupCreate();
 798         PermissionClient permClient = new PermissionClient();
 799         Permission permission = PermissionFactory.createPermissionInstance(resName,
 800                 "default permissions for " + resName,
 801                 actions, effect, true, true, true);
 802         ClientResponse<Response> res = permClient.create(permission);
 803         int statusCode = res.getStatus();
 804         if (logger.isDebugEnabled()) {
 805             logger.debug("createPermission: resName=" + resName
 806                     + " status = " + statusCode);
 807         }
 808         Assert.assertTrue(REQUEST_TYPE.isValidStatusCode(statusCode),
 809                 invalidStatusCodeMessage(REQUEST_TYPE, statusCode));
 810         Assert.assertEquals(statusCode, EXPECTED_STATUS_CODE);
 811         res.releaseConnection();
 812         return extractId(res);
 813     }
 814
 815     private void deletePermission(String permId) {
 816         setupDelete();
 817         PermissionClient permClient = new PermissionClient();
 818         ClientResponse<Response> res = permClient.delete(permId);
 819         int statusCode = res.getStatus();
 820         if (logger.isDebugEnabled()) {
 821             logger.debug("deletePermission: delete permission id="
 822                     + permId + " status=" + statusCode);
 823         }
 824         Assert.assertTrue(REQUEST_TYPE.isValidStatusCode(statusCode),
 825                 invalidStatusCodeMessage(REQUEST_TYPE, statusCode));
 826         Assert.assertEquals(statusCode, EXPECTED_STATUS_CODE);
 827         res.releaseConnection();
 828     }
 829
 830     private String createRole(String roleName) {
 831         setupCreate();
 832         RoleClient roleClient = new RoleClient();
 833
 834         Role role = RoleFactory.createRoleInstance(roleName,
 835                         roleName, //the display name
 836                 "role for " + roleName, true);
 837         ClientResponse<Response> res = roleClient.create(role);
 838         int statusCode = res.getStatus();
 839         if (logger.isDebugEnabled()) {
 840             logger.debug("createRole: name=" + roleName
 841                     + " status = " + statusCode);
 842         }
 843         Assert.assertTrue(REQUEST_TYPE.isValidStatusCode(statusCode),
 844                 invalidStatusCodeMessage(REQUEST_TYPE, statusCode));
 845         Assert.assertEquals(statusCode, EXPECTED_STATUS_CODE);
 846         res.releaseConnection();
 847         return extractId(res);
 848     }
 849
 850     private void deleteRole(String roleId) {
 851         setupDelete();
 852         RoleClient roleClient = new RoleClient();
 853         ClientResponse<Response> res = roleClient.delete(roleId);
 854         int statusCode = res.getStatus();
 855         if (logger.isDebugEnabled()) {
 856             logger.debug("deleteRole: delete role id=" + roleId
 857                     + " status=" + statusCode);
 858         }
 859         Assert.assertTrue(REQUEST_TYPE.isValidStatusCode(statusCode),
 860                 invalidStatusCodeMessage(REQUEST_TYPE, statusCode));
 861         Assert.assertEquals(statusCode, EXPECTED_STATUS_CODE);
 862         res.releaseConnection();
 863     }
 864
 865     private String createAccount(String userName, String email) {
 866         setupCreate();
 867         AccountClient accountClient = new AccountClient();
 868         AccountsCommon account = AccountFactory.createAccountInstance(
 869                 userName, userName, userName, email, accountClient.getTenantId(),
 870                 true, false, true, true);
 871         ClientResponse<Response> res = accountClient.create(account);
 872         int statusCode = res.getStatus();
 873         if (logger.isDebugEnabled()) {
 874             logger.debug("createAccount: userName=" + userName
 875                     + " status = " + statusCode);
 876         }
 877         Assert.assertTrue(REQUEST_TYPE.isValidStatusCode(statusCode),
 878                 invalidStatusCodeMessage(REQUEST_TYPE, statusCode));
 879         Assert.assertEquals(statusCode, EXPECTED_STATUS_CODE);
 880         res.releaseConnection();
 881         return extractId(res);
 882     }
 883
 884     private void deleteAccount(String accId) {
 885         setupDelete();
 886         AccountClient accClient = new AccountClient();
 887         ClientResponse<Response> res = accClient.delete(accId);
 888         int statusCode = res.getStatus();
 889         if (logger.isDebugEnabled()) {
 890             logger.debug("deleteAccount: delete account id="
 891                     + accId + " status=" + statusCode);
 892         }
 893         Assert.assertTrue(REQUEST_TYPE.isValidStatusCode(statusCode),
 894                 invalidStatusCodeMessage(REQUEST_TYPE, statusCode));
 895         Assert.assertEquals(statusCode, EXPECTED_STATUS_CODE);
 896         res.releaseConnection();
 897     }
 898
 899     private String createAccountRole(AccountValue av,
 900             Collection<RoleValue> rvs) {
 901         setupCreate();
 902
 903         // Submit the request to the service and store the response.
 904         AccountRole accRole = AccountRoleFactory.createAccountRoleInstance(
 905                 av, rvs, true, true);
 906         AccountRoleClient client = new AccountRoleClient();
 907         ClientResponse<Response> res = client.create(av.getAccountId(), accRole);
 908         int statusCode = res.getStatus();
 909
 910         if (logger.isDebugEnabled()) {
 911             logger.debug("createAccountRole: status = " + statusCode);
 912         }
 913         Assert.assertTrue(REQUEST_TYPE.isValidStatusCode(statusCode),
 914                 invalidStatusCodeMessage(REQUEST_TYPE, statusCode));
 915         Assert.assertEquals(statusCode, EXPECTED_STATUS_CODE);
 916         res.releaseConnection();
 917         return extractId(res);
 918     }
 919
 920     private void deleteAccountRole(AccountValue av,
 921             Collection<RoleValue> rvs) {
 922         // Perform setup.
 923         setupDelete();
 924
 925         // Submit the request to the service and store the response.
 926         AccountRoleClient client = new AccountRoleClient();
 927         AccountRole accRole = AccountRoleFactory.createAccountRoleInstance(
 928                 av, rvs, true, true);
 929         ClientResponse<Response> res = client.delete(
 930                 av.getAccountId());
 931         int statusCode = res.getStatus();
 932
 933         // Check the status code of the response: does it match
 934         // the expected response(s)?
 935         if (logger.isDebugEnabled()) {
 936             logger.debug("deleteAccountRole: status = " + statusCode);
 937         }
 938         Assert.assertTrue(REQUEST_TYPE.isValidStatusCode(statusCode),
 939                 invalidStatusCodeMessage(REQUEST_TYPE, statusCode));
 940         Assert.assertEquals(statusCode, EXPECTED_STATUS_CODE);
 941         res.releaseConnection();
 942     }
 943
 944     private String createPermissionRole(PermissionValue pv,
 945             Collection<RoleValue> rvs) {
 946         setupCreate();
 947         List<RoleValue> rvls = new ArrayList<RoleValue>();
 948         rvls.addAll(rvs);
 949         PermissionRole permRole = PermissionRoleFactory.createPermissionRoleInstance(
 950                 pv, rvls, true, true);
 951         PermissionRoleClient client = new PermissionRoleClient();
 952         ClientResponse<Response> res = client.create(pv.getPermissionId(), permRole);
 953         int statusCode = res.getStatus();
 954
 955         if (logger.isDebugEnabled()) {
 956             logger.debug("createPermissionRole: status = " + statusCode);
 957         }
 958         Assert.assertTrue(REQUEST_TYPE.isValidStatusCode(statusCode),
 959                 invalidStatusCodeMessage(REQUEST_TYPE, statusCode));
 960         Assert.assertEquals(statusCode, EXPECTED_STATUS_CODE);
 961         res.releaseConnection();
 962         return extractId(res);
 963     }
 964
 965     private void deletePermissionRole(PermissionValue pv,
 966             Collection<RoleValue> rvs) {
 967         List<RoleValue> rvls = new ArrayList<RoleValue>();
 968         rvls.addAll(rvs);
 969
 970         // Perform setup.
 971         setupDelete();
 972
 973         // Submit the request to the service and store the response.
 974         PermissionRoleClient client = new PermissionRoleClient();
 975         PermissionRole permRole = PermissionRoleFactory.createPermissionRoleInstance(
 976                 pv, rvls, true, true);
 977         ClientResponse<Response> res = client.delete(pv.getPermissionId());
 978         int statusCode = res.getStatus();
 979
 980         // Check the status code of the response: does it match
 981         // the expected response(s)?
 982         if (logger.isDebugEnabled()) {
 983             logger.debug("deletePermissionRole : status = " + statusCode);
 984         }
 985         Assert.assertTrue(REQUEST_TYPE.isValidStatusCode(statusCode),
 986                 invalidStatusCodeMessage(REQUEST_TYPE, statusCode));
 987         Assert.assertEquals(statusCode, EXPECTED_STATUS_CODE);
 988         res.releaseConnection();
 989     }
 990 }