git.aero2k.de Git - tmp/jakarta-migration.git/blob

   1 /**
   2  *  This document is a part of the source code and related artifacts
   3  *  for CollectionSpace, an open source collections management system
   4  *  for museums and related institutions:
   5
   6  *  http://www.collectionspace.org
   7  *  http://wiki.collectionspace.org
   8
   9  *  Copyright 2010 University of California at Berkeley
  10
  11  *  Licensed under the Educational Community License (ECL), Version 2.0.
  12  *  You may not use this file except in compliance with this License.
  13
  14  *  You may obtain a copy of the ECL 2.0 License at
  15
  16  *  https://source.collectionspace.org/collection-space/LICENSE.txt
  17
  18  *  Unless required by applicable law or agreed to in writing, software
  19  *  distributed under the License is distributed on an "AS IS" BASIS,
  20  *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  21  *  See the License for the specific language governing permissions and
  22  *  limitations under the License.
  23  */
  24 /*
  25  * To change this template, choose Tools | Templates
  26  * and open the template in the editor.
  27  */
  28 package org.collectionspace.services.security.client.test;
  29
  30 import java.util.ArrayList;
  31 import java.util.Collection;
  32 import java.util.Date;
  33 import java.util.Hashtable;
  34 import java.util.List;
  35 import javax.ws.rs.core.MediaType;
  36 import javax.ws.rs.core.Response;
  37 import org.collectionspace.services.account.AccountsCommon;
  38 import org.collectionspace.services.authorization.AccountRole;
  39 import org.collectionspace.services.authorization.AccountValue;
  40 import org.collectionspace.services.authorization.ActionType;
  41 import org.collectionspace.services.authorization.EffectType;
  42
  43 import org.collectionspace.services.authorization.Permission;
  44 import org.collectionspace.services.authorization.PermissionAction;
  45 import org.collectionspace.services.authorization.PermissionRole;
  46 import org.collectionspace.services.authorization.PermissionValue;
  47 import org.collectionspace.services.authorization.Role;
  48 import org.collectionspace.services.authorization.RoleValue;
  49 import org.collectionspace.services.client.AccountClient;
  50 import org.collectionspace.services.client.AccountFactory;
  51 import org.collectionspace.services.client.AccountRoleClient;
  52 import org.collectionspace.services.client.AccountRoleFactory;
  53 import org.collectionspace.services.client.CollectionSpaceClient;
  54 import org.collectionspace.services.client.DimensionClient;
  55 import org.collectionspace.services.client.DimensionFactory;
  56 import org.collectionspace.services.client.IntakeClient;
  57 import org.collectionspace.services.client.PayloadOutputPart;
  58 import org.collectionspace.services.client.PermissionClient;
  59 import org.collectionspace.services.client.PermissionFactory;
  60 import org.collectionspace.services.client.PermissionRoleClient;
  61 import org.collectionspace.services.client.PermissionRoleFactory;
  62 import org.collectionspace.services.client.PoxPayloadIn;
  63 import org.collectionspace.services.client.PoxPayloadOut;
  64 import org.collectionspace.services.client.RoleClient;
  65 import org.collectionspace.services.client.RoleFactory;
  66 import org.collectionspace.services.client.test.AbstractServiceTestImpl;
  67 import org.collectionspace.services.dimension.DimensionsCommon;
  68 import org.collectionspace.services.intake.IntakesCommon;
  69 import org.collectionspace.services.jaxb.AbstractCommonList;
  70 import org.jboss.resteasy.client.ClientResponse;
  71 import org.jboss.resteasy.plugins.providers.multipart.MultipartInput;
  72 import org.jboss.resteasy.plugins.providers.multipart.MultipartOutput;
  73 import org.jboss.resteasy.plugins.providers.multipart.OutputPart;
  74
  75 import org.testng.Assert;
  76 import org.testng.annotations.Test;
  77
  78 import org.slf4j.Logger;
  79 import org.slf4j.LoggerFactory;
  80 import org.testng.annotations.AfterClass;
  81 import org.testng.annotations.BeforeClass;
  82
  83 /**
  84  * AuthorizationServiceTest, carries out tests against a
  85  * deployed and running Permission, Role, AccountRole, PermissionRole and
  86  * CollectionObject Services.
  87  *
  88  * Pre-requisite : authorization-mgt/client tests seed some permissions used
  89  * by this test
  90  *
  91  * $LastChangedRevision: 917 $
  92  * $LastChangedDate: 2009-11-06 12:20:28 -0800 (Fri, 06 Nov 2009) $
  93  */
  94 public class AuthorizationServiceTest extends AbstractServiceTestImpl {
  95
  96     private final String CLASS_NAME = AuthorizationServiceTest.class.getName();
  97     private final Logger logger = LoggerFactory.getLogger(CLASS_NAME);
  98     // Instance variables specific to this test.
  99     private String knownResourceId = null;
 100     private List<String> allResourceIdsCreated = new ArrayList();
 101     //key for accValues is userId
 102     private Hashtable<String, AccountValue> accValues = new Hashtable<String, AccountValue>();
 103     //key for permValues is id as there could be several perms for the same resource
 104     private Hashtable<String, PermissionValue> permValues = new Hashtable<String, PermissionValue>();
 105     //key for roleValues is roleName
 106     private Hashtable<String, RoleValue> roleValues = new Hashtable<String, RoleValue>();
 107     private String bigbirdPermId;
 108     private String elmoPermId;
 109     private final static String TEST_SERVICE_NAME = "dimensions";
 110     private boolean accountRolesFlipped = false;
 111     /*
 112      * This method is called only by the parent class, AbstractServiceTestImpl
 113      */
 114
 115     @Override
 116         protected String getServiceName() {
 117         // no need to return anything but null since no auth resources are
 118         // accessed
 119         throw new UnsupportedOperationException();
 120         }
 121
 122     @Override
 123     protected String getServicePathComponent() {
 124         // no need to return anything but null since no auth resources are
 125         // accessed
 126         throw new UnsupportedOperationException();
 127     }
 128
 129     @BeforeClass(alwaysRun = true)
 130     public void seedData() {
 131         seedPermissions();
 132         seedRoles();
 133         seedAccounts();
 134         seedAccountRoles();
 135         seedPermissionRoles();
 136     }
 137
 138     private void seedPermissions() {
 139         String res = TEST_SERVICE_NAME;
 140
 141         PermissionAction pac = new PermissionAction();
 142         pac.setName(ActionType.CREATE);
 143         PermissionAction par = new PermissionAction();
 144         par.setName(ActionType.READ);
 145         PermissionAction pau = new PermissionAction();
 146         pau.setName(ActionType.UPDATE);
 147
 148
 149         //bigbird can create, read and update but not delete
 150         List<PermissionAction> bbactions = new ArrayList<PermissionAction>();
 151         bbactions.add(pac);
 152         bbactions.add(par);
 153         bbactions.add(pau);
 154         bigbirdPermId = createPermission(res, bbactions, EffectType.PERMIT);
 155         PermissionValue bbpv = new PermissionValue();
 156         bbpv.setResourceName(res);
 157         bbpv.setPermissionId(bigbirdPermId);
 158         permValues.put(bbpv.getPermissionId(), bbpv);
 159
 160         //elmo can only read
 161         List<PermissionAction> eactions = new ArrayList<PermissionAction>();
 162         eactions.add(par);
 163         elmoPermId = createPermission(res, eactions, EffectType.PERMIT);
 164         PermissionValue epv = new PermissionValue();
 165         epv.setResourceName(res);
 166         epv.setPermissionId(elmoPermId);
 167         permValues.put(epv.getPermissionId(), epv);
 168     }
 169
 170     private void seedRoles() {
 171         String rn1 = "ROLE_TEST_CM";
 172         String r1RoleId = createRole(rn1);
 173         RoleValue rv1 = new RoleValue();
 174         rv1.setRoleId(r1RoleId);
 175         rv1.setRoleName(rn1);
 176         roleValues.put(rv1.getRoleName(), rv1);
 177
 178         String rn2 = "ROLE_TEST_INTERN";
 179         String r2RoleId = createRole(rn2);
 180         RoleValue rv2 = new RoleValue();
 181         rv2.setRoleId(r2RoleId);
 182         rv2.setRoleName(rn2);
 183         roleValues.put(rv2.getRoleName(), rv2);
 184     }
 185
 186     private void seedAccounts() {
 187         String userId1 = "bigbird2010";
 188         String accId1 = createAccount(userId1, "bigbird@cspace.org");
 189         AccountValue av1 = new AccountValue();
 190         av1.setScreenName(userId1);
 191         av1.setUserId(userId1);
 192         av1.setAccountId(accId1);
 193         accValues.put(av1.getUserId(), av1);
 194
 195         String userId2 = "elmo2010";
 196         String accId2 = createAccount(userId2, "elmo@cspace.org");
 197         AccountValue av2 = new AccountValue();
 198         av2.setScreenName(userId2);
 199         av2.setUserId(userId2);
 200         av2.setAccountId(accId2);
 201         accValues.put(av2.getUserId(), av2);
 202
 203         String userId3 = "lockedOut";
 204         String accId3 = createAccount(userId3, "lockedOut@cspace.org");
 205         AccountValue av3 = new AccountValue();
 206         av3.setScreenName(userId3);
 207         av3.setUserId(userId3);
 208         av3.setAccountId(accId3);
 209         accValues.put(av3.getUserId(), av3);
 210     }
 211
 212     private void seedAccountRoles() {
 213
 214         List<RoleValue> bigbirdRoleValues = new ArrayList<RoleValue>();
 215         bigbirdRoleValues.add(roleValues.get("ROLE_TEST_CM"));
 216         createAccountRole(accValues.get("bigbird2010"), bigbirdRoleValues);
 217
 218         List<RoleValue> elmoRoleValues = new ArrayList<RoleValue>();
 219         elmoRoleValues.add(roleValues.get("ROLE_TEST_INTERN"));
 220         createAccountRole(accValues.get("elmo2010"), elmoRoleValues);
 221     }
 222
 223     private void seedPermissionRoles() {
 224
 225         List<RoleValue> bigbirdRoleValues = new ArrayList<RoleValue>();
 226         bigbirdRoleValues.add(roleValues.get("ROLE_TEST_CM"));
 227         createPermissionRole(permValues.get(bigbirdPermId), bigbirdRoleValues);
 228
 229         List<RoleValue> elmoRoleValues = new ArrayList<RoleValue>();
 230         elmoRoleValues.add(roleValues.get("ROLE_TEST_INTERN"));
 231         createPermissionRole(permValues.get(elmoPermId), elmoRoleValues);
 232
 233     }
 234
 235
 236     /* (non-Javadoc)
 237      * @see org.collectionspace.services.client.test.BaseServiceTest#getClientInstance()
 238      */
 239     @Override
 240     protected CollectionSpaceClient getClientInstance() {
 241         return null;
 242     }
 243
 244     /* (non-Javadoc)
 245      * @see org.collectionspace.services.client.test.BaseServiceTest#getAbstractCommonList(org.jboss.resteasy.client.ClientResponse)
 246      */
 247     @Override
 248     protected AbstractCommonList getAbstractCommonList(
 249             ClientResponse<AbstractCommonList> response) {
 250         //FIXME: http://issues.collectionspace.org/browse/CSPACE-1697
 251         throw new UnsupportedOperationException();
 252     }
 253
 254     @Test(dataProvider = "testName")
 255     @Override
 256     public void readPaginatedList(String testName) throws Exception {
 257         //FIXME: http://issues.collectionspace.org/browse/CSPACE-1697
 258     }
 259     // ---------------------------------------------------------------
 260     // CRUD tests : CREATE tests
 261     // ---------------------------------------------------------------
 262     // Success outcomes
 263
 264     @Override
 265     @Test(dataProvider = "testName", dataProviderClass = AbstractServiceTestImpl.class)
 266     public void create(String testName) throws Exception {
 267         if (logger.isDebugEnabled()) {
 268             logger.debug(testBanner(testName, CLASS_NAME));
 269         }
 270         setupCreate();
 271
 272         // Submit the request to the service and store the response.
 273         DimensionClient client = new DimensionClient();
 274         //bigbird allowed to create
 275         client.setAuth(true, "bigbird2010", true, "bigbird2010", true);
 276         String identifier = createIdentifier();
 277         DimensionsCommon dimension = new DimensionsCommon();
 278         dimension.setDimension("dimensionType");
 279         dimension.setValue("value-" + identifier);
 280         dimension.setValueDate(new Date().toString());
 281         PoxPayloadOut multipart = DimensionFactory.createDimensionInstance(client.getCommonPartName(),
 282                 dimension);
 283         ClientResponse<Response> res = client.create(multipart);
 284
 285         int statusCode = res.getStatus();
 286
 287         if (logger.isDebugEnabled()) {
 288             logger.debug(testName + ": status = " + statusCode);
 289         }
 290         Assert.assertTrue(REQUEST_TYPE.isValidStatusCode(statusCode),
 291                 invalidStatusCodeMessage(REQUEST_TYPE, statusCode));
 292         Assert.assertEquals(statusCode, Response.Status.CREATED.getStatusCode());
 293         knownResourceId = extractId(res);
 294         if (logger.isDebugEnabled()) {
 295             logger.debug(testName + ": knownResourceId=" + knownResourceId);
 296         }
 297
 298         // Now verify that elmo cannot create
 299         client = new DimensionClient();
 300         client.setAuth(true, "elmo2010", true, "elmo2010", true);
 301         res = client.create(multipart);
 302
 303         statusCode = res.getStatus();
 304         if (logger.isDebugEnabled()) {
 305             logger.debug(testName + " (verify not allowed): status = " + statusCode);
 306         }
 307         Assert.assertTrue(REQUEST_TYPE.isValidStatusCode(statusCode),
 308                 invalidStatusCodeMessage(REQUEST_TYPE, statusCode));
 309         Assert.assertEquals(statusCode, Response.Status.FORBIDDEN.getStatusCode());
 310
 311         //Finally, verify that elmo has no access to Intakes
 312         // Submit the request to the service and store the response.
 313         IntakeClient iclient = new IntakeClient();
 314         iclient.setAuth(true, "elmo2010", true, "elmo2010", true);
 315         multipart = createIntakeInstance(
 316                 "entryNumber-" + identifier,
 317                 "entryDate-" + identifier,
 318                 "depositor-" + identifier);
 319         res = iclient.create(multipart);
 320         if (logger.isDebugEnabled()) {
 321             logger.debug(testName + " (verify create intake not allowed): status = " + statusCode);
 322         }
 323         Assert.assertTrue(REQUEST_TYPE.isValidStatusCode(statusCode),
 324                 invalidStatusCodeMessage(REQUEST_TYPE, statusCode));
 325         Assert.assertEquals(statusCode, Response.Status.FORBIDDEN.getStatusCode());
 326
 327     }
 328
 329     /**
 330      * Creates the intake instance.
 331      *
 332      * @param entryNumber the entry number
 333      * @param entryDate the entry date
 334      * @param depositor the depositor
 335      * @return the multipart output
 336      */
 337     private PoxPayloadOut createIntakeInstance(String entryNumber,
 338                 String entryDate,
 339                 String depositor) {
 340         IntakesCommon intake = new IntakesCommon();
 341         intake.setEntryNumber(entryNumber);
 342         intake.setEntryDate(entryDate);
 343         intake.setDepositor(depositor);
 344
 345         PoxPayloadOut multipart = new PoxPayloadOut(IntakeClient.SERVICE_PAYLOAD_NAME);
 346         PayloadOutputPart commonPart =
 347             multipart.addPart(intake, MediaType.APPLICATION_XML_TYPE);
 348         commonPart.setLabel(new IntakeClient().getCommonPartName());
 349
 350         if(logger.isDebugEnabled()){
 351             logger.debug("to be created, intake common");
 352             logger.debug(objectAsXmlString(intake, IntakesCommon.class));
 353         }
 354
 355         return multipart;
 356     }
 357
 358
 359     @Test(dataProvider = "testName", dataProviderClass = AbstractServiceTestImpl.class,
 360             dependsOnMethods = {"delete"})
 361     public void verifyCreateWithFlippedRoles(String testName) throws Exception {
 362         if (logger.isDebugEnabled()) {
 363             logger.debug(testBanner(testName, CLASS_NAME));
 364         }
 365         setupCreate();
 366
 367         // Submit the request to the service and store the response.
 368         DimensionClient client = new DimensionClient();
 369         flipInitialAccountRoles();
 370
 371         // Now verify that elmo can create
 372         client.setAuth(true, "elmo2010", true, "elmo2010", true);
 373         client = new DimensionClient();
 374
 375         String identifier = createIdentifier();
 376         DimensionsCommon dimension = new DimensionsCommon();
 377         dimension.setDimension("dimensionType");
 378         dimension.setValue("value-" + identifier);
 379         dimension.setValueDate(new Date().toString());
 380         PoxPayloadOut multipart = DimensionFactory.createDimensionInstance(client.getCommonPartName(),
 381                 dimension);
 382         ClientResponse<Response> res = client.create(multipart);
 383
 384         int statusCode = res.getStatus();
 385
 386         if (logger.isDebugEnabled()) {
 387             logger.debug(testName + ": status = " + statusCode);
 388         }
 389         Assert.assertTrue(REQUEST_TYPE.isValidStatusCode(statusCode),
 390                 invalidStatusCodeMessage(REQUEST_TYPE, statusCode));
 391         Assert.assertEquals(statusCode, Response.Status.CREATED.getStatusCode());
 392         knownResourceId = extractId(res);
 393         if (logger.isDebugEnabled()) {
 394             logger.debug(testName + ": knownResourceId=" + knownResourceId);
 395         }
 396
 397         //bigbird no longer allowed to create
 398         client.setAuth(true, "bigbird2010", true, "bigbird2010", true);
 399         res = client.create(multipart);
 400
 401         statusCode = res.getStatus();
 402         if (logger.isDebugEnabled()) {
 403             logger.debug(testName + " (verify not allowed): status = " + statusCode);
 404         }
 405         Assert.assertTrue(REQUEST_TYPE.isValidStatusCode(statusCode),
 406                 invalidStatusCodeMessage(REQUEST_TYPE, statusCode));
 407         Assert.assertEquals(statusCode, Response.Status.FORBIDDEN.getStatusCode());
 408         restoreInitialAccountRoles();
 409     }
 410
 411     //to not cause uniqueness violation for permRole, createList is removed
 412     @Override
 413     @Test(dataProvider = "testName", dataProviderClass = AbstractServiceTestImpl.class,
 414     dependsOnMethods = {"create"})
 415     public void createList(String testName) throws Exception {
 416     }
 417
 418     // Failure outcomes
 419     // Placeholders until the three tests below can be uncommented.
 420     // See Issue CSPACE-401.
 421     @Override
 422     public void createWithEmptyEntityBody(String testName) throws Exception {
 423     }
 424
 425     @Override
 426     public void createWithMalformedXml(String testName) throws Exception {
 427     }
 428
 429     @Override
 430     public void createWithWrongXmlSchema(String testName) throws Exception {
 431     }
 432
 433     // ---------------------------------------------------------------
 434     // CRUD tests : READ tests
 435     // ---------------------------------------------------------------
 436     // Success outcomes
 437     @Override
 438     @Test(dataProvider = "testName", dataProviderClass = AbstractServiceTestImpl.class,
 439     dependsOnMethods = {"create"})
 440     public void read(String testName) throws Exception {
 441
 442         if (logger.isDebugEnabled()) {
 443             logger.debug(testBanner(testName, CLASS_NAME));
 444         }
 445         // Perform setup.
 446         setupRead();
 447
 448         // Submit the request to the service and store the response.
 449         DimensionClient client = new DimensionClient();
 450         //elmo allowed to read
 451         client.setAuth(true, "elmo2010", true, "elmo2010", true);
 452         ClientResponse<String> res = client.read(knownResourceId);
 453         int statusCode = res.getStatus();
 454
 455         // Check the status code of the response: does it match
 456         // the expected response(s)?
 457         if (logger.isDebugEnabled()) {
 458             logger.debug(testName + ": status = " + statusCode);
 459         }
 460         Assert.assertTrue(REQUEST_TYPE.isValidStatusCode(statusCode),
 461                 invalidStatusCodeMessage(REQUEST_TYPE, statusCode));
 462         Assert.assertEquals(statusCode, EXPECTED_STATUS_CODE);
 463
 464         PoxPayloadIn input = new PoxPayloadIn(res.getEntity());
 465         DimensionsCommon dimension = (DimensionsCommon) extractPart(input,
 466                 client.getCommonPartName(), DimensionsCommon.class);
 467         Assert.assertNotNull(dimension);
 468     }
 469
 470     @Test(dataProvider = "testName", dataProviderClass = AbstractServiceTestImpl.class,
 471             dependsOnMethods = {"read"})
 472     public void readLockedOut(String testName) throws Exception {
 473
 474         if (logger.isDebugEnabled()) {
 475             logger.debug(testBanner(testName, CLASS_NAME));
 476         }
 477         // Perform setup.
 478         setupRead();
 479
 480         // Submit the request to the service and store the response.
 481         DimensionClient client = new DimensionClient();
 482         //lockedOut allowed to read
 483         client.setAuth(true, "lockedOut", true, "lockedOut", true);
 484         ClientResponse<String> res = client.read(knownResourceId);
 485         int statusCode = res.getStatus();
 486
 487         // Check the status code of the response: does it match
 488         // the expected response(s)?
 489         if (logger.isDebugEnabled()) {
 490             logger.debug(testName + " (test lockedOut): status = " + statusCode);
 491         }
 492         Assert.assertTrue(REQUEST_TYPE.isValidStatusCode(statusCode),
 493                 invalidStatusCodeMessage(REQUEST_TYPE, statusCode));
 494         Assert.assertEquals(statusCode, Response.Status.FORBIDDEN.getStatusCode());
 495     }
 496
 497     // Failure outcomes
 498     @Override
 499     @Test(dataProvider = "testName", dataProviderClass = AbstractServiceTestImpl.class)
 500     public void readNonExistent(String testName) throws Exception {
 501
 502         // Perform setup.
 503         setupReadNonExistent();
 504     }
 505
 506     // ---------------------------------------------------------------
 507     // CRUD tests : READ_LIST tests
 508     // ---------------------------------------------------------------
 509     // Success outcomes
 510     @Override
 511     @Test(dataProvider = "testName", dataProviderClass = AbstractServiceTestImpl.class,
 512     dependsOnMethods = {"createList", "read"})
 513     public void readList(String testName) throws Exception {
 514         setupReadList();
 515     }
 516
 517     // Failure outcomes
 518     // None at present.
 519     // ---------------------------------------------------------------
 520     // CRUD tests : UPDATE tests
 521     // ---------------------------------------------------------------
 522     // Success outcomes
 523     @Override
 524     @Test(dataProvider = "testName", dataProviderClass = AbstractServiceTestImpl.class,
 525     dependsOnMethods = {"read", "readList", "readNonExistent"})
 526     public void update(String testName) throws Exception {
 527         setupUpdate();
 528
 529     }
 530
 531     @Test(dataProvider = "testName", dataProviderClass = AbstractServiceTestImpl.class,
 532     dependsOnMethods = {"read", "readList", "readNonExistent"})
 533     public void updateNotAllowed(String testName) throws Exception {
 534
 535         if (logger.isDebugEnabled()) {
 536             logger.debug(testBanner(testName, CLASS_NAME));
 537         }
 538         setupUpdate();
 539
 540         DimensionClient client = new DimensionClient();
 541
 542         //elmo not allowed to update
 543         client.setAuth(true, "elmo2010", true, "elmo2010", true);
 544
 545         DimensionsCommon dimension = new DimensionsCommon();
 546         dimension.setDimension("dimensionType");
 547         // Update the content of this resource.
 548         dimension.setValue("updated-" + dimension.getValue());
 549         dimension.setValueDate("updated-" + dimension.getValueDate());
 550         // Submit the request to the service and store the response.
 551         PoxPayloadOut output = new PoxPayloadOut(DimensionClient.SERVICE_PAYLOAD_NAME);
 552         PayloadOutputPart commonPart = output.addPart(dimension, MediaType.APPLICATION_XML_TYPE);
 553         commonPart.setLabel(client.getCommonPartName());
 554
 555         ClientResponse<String> res = client.update(knownResourceId, output);
 556         int statusCode = res.getStatus();
 557         // Check the status code of the response: does it match the expected response(s)?
 558         if (logger.isDebugEnabled()) {
 559             logger.debug(testName + ": status = " + statusCode);
 560         }
 561         Assert.assertTrue(REQUEST_TYPE.isValidStatusCode(statusCode),
 562                 invalidStatusCodeMessage(REQUEST_TYPE, statusCode));
 563         Assert.assertEquals(statusCode, Response.Status.FORBIDDEN.getStatusCode());
 564
 565         client = new DimensionClient();
 566
 567         //lockedOut not allowed to update
 568         client.setAuth(true, "lockedOut", true, "lockedOut", true);
 569         res = client.update(knownResourceId, output);
 570         statusCode = res.getStatus();
 571         // Check the status code of the response: does it match the expected response(s)?
 572         if (logger.isDebugEnabled()) {
 573             logger.debug(testName + ": (lockedOut) status = " + statusCode);
 574         }
 575         Assert.assertTrue(REQUEST_TYPE.isValidStatusCode(statusCode),
 576                 invalidStatusCodeMessage(REQUEST_TYPE, statusCode));
 577         Assert.assertEquals(statusCode, Response.Status.FORBIDDEN.getStatusCode());
 578
 579     }
 580
 581     // Failure outcomes
 582     // Placeholders until the three tests below can be uncommented.
 583     // See Issue CSPACE-401.
 584     @Override
 585     public void updateWithEmptyEntityBody(String testName) throws Exception {
 586     }
 587
 588     @Override
 589     public void updateWithMalformedXml(String testName) throws Exception {
 590     }
 591
 592     @Override
 593     public void updateWithWrongXmlSchema(String testName) throws Exception {
 594     }
 595
 596     @Override
 597     @Test(dataProvider = "testName", dataProviderClass = AbstractServiceTestImpl.class,
 598     dependsOnMethods = {"readNonExistent", "testSubmitRequest"})
 599     public void updateNonExistent(String testName) throws Exception {
 600     }
 601
 602     // ---------------------------------------------------------------
 603     // CRUD tests : DELETE tests
 604     // ---------------------------------------------------------------
 605     // Success outcomes
 606     @Test(dataProvider = "testName", dataProviderClass = AbstractServiceTestImpl.class,
 607     dependsOnMethods = {"updateNotAllowed"})
 608     public void deleteNotAllowed(String testName) throws Exception {
 609
 610         if (logger.isDebugEnabled()) {
 611             logger.debug(testBanner(testName, CLASS_NAME));
 612         }
 613         // Perform setup.
 614         setupDelete();
 615
 616         // Submit the request to the service and store the response.
 617         DimensionClient client = new DimensionClient();
 618         //bigbird can not delete
 619         client.setAuth(true, "bigbird2010", true, "bigbird2010", true);
 620         ClientResponse<Response> res = client.delete(knownResourceId);
 621         int statusCode = res.getStatus();
 622
 623         // Check the status code of the response: does it match
 624         // the expected response(s)?
 625         if (logger.isDebugEnabled()) {
 626             logger.debug(testName + ": status = " + statusCode);
 627         }
 628         Assert.assertTrue(REQUEST_TYPE.isValidStatusCode(statusCode),
 629                 invalidStatusCodeMessage(REQUEST_TYPE, statusCode));
 630         Assert.assertEquals(statusCode, Response.Status.FORBIDDEN.getStatusCode());
 631
 632     }
 633
 634     @Override
 635     @Test(dataProvider = "testName", dataProviderClass = AbstractServiceTestImpl.class,
 636     dependsOnMethods = {"deleteNotAllowed"})
 637     public void delete(String testName) throws Exception {
 638
 639         if (logger.isDebugEnabled()) {
 640             logger.debug(testBanner(testName, CLASS_NAME));
 641         }
 642         // Perform setup.
 643         setupDelete();
 644
 645         // Submit the request to the service and store the response.
 646         DimensionClient client = new DimensionClient();
 647
 648         ClientResponse<Response> res = client.delete(knownResourceId);
 649         int statusCode = res.getStatus();
 650
 651         // Check the status code of the response: does it match
 652         // the expected response(s)?
 653         if (logger.isDebugEnabled()) {
 654             logger.debug(testName + ": status = " + statusCode);
 655         }
 656         Assert.assertTrue(REQUEST_TYPE.isValidStatusCode(statusCode),
 657                 invalidStatusCodeMessage(REQUEST_TYPE, statusCode));
 658         Assert.assertEquals(statusCode, EXPECTED_STATUS_CODE);
 659
 660     }
 661
 662     // Failure outcomes
 663     @Override
 664     @Test(dataProvider = "testName", dataProviderClass = AbstractServiceTestImpl.class)
 665     public void deleteNonExistent(String testName) throws Exception {
 666         //ignoring this test as the service side returns 200 now even if it does
 667         //not find a record in the db
 668     }
 669
 670     // ---------------------------------------------------------------
 671     // Utility tests : tests of code used in tests above
 672     // ---------------------------------------------------------------
 673     /**
 674      * Tests the code for manually submitting data that is used by several
 675      * of the methods above.
 676      */
 677     @Test(dependsOnMethods = {"create"})
 678     public void testSubmitRequest() throws Exception {
 679     }
 680
 681     // ---------------------------------------------------------------
 682     // Utility methods used by tests above
 683     // ---------------------------------------------------------------
 684     @AfterClass(alwaysRun = true)
 685     public void cleanUp() {
 686         setupDelete();
 687         String noTest = System.getProperty("noTestCleanup");
 688         if (Boolean.TRUE.toString().equalsIgnoreCase(noTest)) {
 689             if (logger.isDebugEnabled()) {
 690                 logger.debug("Skipping Cleanup phase ...");
 691             }
 692             return;
 693         }
 694         if (logger.isDebugEnabled()) {
 695             logger.debug("Cleaning up temporary resources created for testing ...");
 696         }
 697
 698         deletePermissionRoles();
 699         deleteAccountRoles();
 700         //FIXME delete on permission deletes all associations with roles
 701         //this would delete association with ROLE_ADMINISTRATOR too
 702         //deletePermissions();
 703         deleteRoles();
 704         deleteAccounts();
 705     }
 706
 707     private void deletePermissionRoles() {
 708
 709         List<RoleValue> bigbirdRoleValues = new ArrayList<RoleValue>();
 710         bigbirdRoleValues.add(roleValues.get("ROLE_TEST_CM"));
 711         deletePermissionRole(permValues.get(bigbirdPermId), bigbirdRoleValues);
 712
 713         List<RoleValue> elmoRoleValues = new ArrayList<RoleValue>();
 714         elmoRoleValues.add(roleValues.get("ROLE_TEST_INTERN"));
 715         deletePermissionRole(permValues.get(elmoPermId), elmoRoleValues);
 716
 717     }
 718
 719     private void deleteAccountRoles() {
 720         List<RoleValue> bigbirdRoleValues = new ArrayList<RoleValue>();
 721         bigbirdRoleValues.add(roleValues.get("ROLE_TEST_CM"));
 722
 723         List<RoleValue> elmoRoleValues = new ArrayList<RoleValue>();
 724         elmoRoleValues.add(roleValues.get("ROLE_TEST_INTERN"));
 725         if(!accountRolesFlipped) {
 726                 deleteAccountRole(accValues.get("bigbird2010"), bigbirdRoleValues);
 727                 deleteAccountRole(accValues.get("elmo2010"), elmoRoleValues);
 728         } else {
 729                 deleteAccountRole(accValues.get("bigbird2010"), elmoRoleValues);
 730                 deleteAccountRole(accValues.get("elmo2010"),bigbirdRoleValues );
 731         }
 732     }
 733
 734     private void flipInitialAccountRoles() {
 735         if(!accountRolesFlipped) {
 736                 List<RoleValue> cmRoleValues = new ArrayList<RoleValue>();
 737                 List<RoleValue> internRoleValues = new ArrayList<RoleValue>();
 738                 cmRoleValues.add(roleValues.get("ROLE_TEST_CM"));
 739                 internRoleValues.add(roleValues.get("ROLE_TEST_INTERN"));
 740
 741                 deleteAccountRole(accValues.get("bigbird2010"), cmRoleValues);
 742                 deleteAccountRole(accValues.get("elmo2010"), internRoleValues);
 743
 744                 createAccountRole(accValues.get("bigbird2010"), internRoleValues);
 745                 createAccountRole(accValues.get("elmo2010"), cmRoleValues);
 746
 747                 accountRolesFlipped = true;
 748         }
 749     }
 750
 751     private void restoreInitialAccountRoles() {
 752         if(accountRolesFlipped) {
 753                 List<RoleValue> cmRoleValues = new ArrayList<RoleValue>();
 754                 List<RoleValue> internRoleValues = new ArrayList<RoleValue>();
 755                 cmRoleValues.add(roleValues.get("ROLE_TEST_CM"));
 756                 internRoleValues.add(roleValues.get("ROLE_TEST_INTERN"));
 757
 758                 deleteAccountRole(accValues.get("bigbird2010"), internRoleValues);
 759                 deleteAccountRole(accValues.get("elmo2010"), cmRoleValues);
 760
 761                 createAccountRole(accValues.get("bigbird2010"), internRoleValues);
 762                 createAccountRole(accValues.get("elmo2010"), cmRoleValues);
 763                 accountRolesFlipped = false;
 764         }
 765     }
 766
 767
 768
 769     private void deletePermissions() {
 770         //delete entities
 771         for (PermissionValue pv : permValues.values()) {
 772             deletePermission(pv.getPermissionId());
 773         }
 774     }
 775
 776     private void deleteRoles() {
 777         for (RoleValue rv : roleValues.values()) {
 778             deleteRole(rv.getRoleId());
 779         }
 780     }
 781
 782     private void deleteAccounts() {
 783
 784         for (AccountValue av1 : accValues.values()) {
 785             deleteAccount(av1.getAccountId());
 786         }
 787     }
 788
 789     private String createPermission(String resName, EffectType effect) {
 790         List<PermissionAction> actions = PermissionFactory.createDefaultActions();
 791         return createPermission(resName, actions, effect);
 792     }
 793
 794     private String createPermission(String resName,
 795             List<PermissionAction> actions, EffectType effect) {
 796         setupCreate();
 797         PermissionClient permClient = new PermissionClient();
 798         Permission permission = PermissionFactory.createPermissionInstance(resName,
 799                 "default permissions for " + resName,
 800                 actions, effect, true, true, true);
 801         ClientResponse<Response> res = permClient.create(permission);
 802         int statusCode = res.getStatus();
 803         if (logger.isDebugEnabled()) {
 804             logger.debug("createPermission: resName=" + resName
 805                     + " status = " + statusCode);
 806         }
 807         Assert.assertTrue(REQUEST_TYPE.isValidStatusCode(statusCode),
 808                 invalidStatusCodeMessage(REQUEST_TYPE, statusCode));
 809         Assert.assertEquals(statusCode, EXPECTED_STATUS_CODE);
 810         res.releaseConnection();
 811         return extractId(res);
 812     }
 813
 814     private void deletePermission(String permId) {
 815         setupDelete();
 816         PermissionClient permClient = new PermissionClient();
 817         ClientResponse<Response> res = permClient.delete(permId);
 818         int statusCode = res.getStatus();
 819         if (logger.isDebugEnabled()) {
 820             logger.debug("deletePermission: delete permission id="
 821                     + permId + " status=" + statusCode);
 822         }
 823         Assert.assertTrue(REQUEST_TYPE.isValidStatusCode(statusCode),
 824                 invalidStatusCodeMessage(REQUEST_TYPE, statusCode));
 825         Assert.assertEquals(statusCode, EXPECTED_STATUS_CODE);
 826         res.releaseConnection();
 827     }
 828
 829     private String createRole(String roleName) {
 830         setupCreate();
 831         RoleClient roleClient = new RoleClient();
 832
 833         Role role = RoleFactory.createRoleInstance(roleName,
 834                         roleName, //the display name
 835                 "role for " + roleName, true);
 836         ClientResponse<Response> res = roleClient.create(role);
 837         int statusCode = res.getStatus();
 838         if (logger.isDebugEnabled()) {
 839             logger.debug("createRole: name=" + roleName
 840                     + " status = " + statusCode);
 841         }
 842         Assert.assertTrue(REQUEST_TYPE.isValidStatusCode(statusCode),
 843                 invalidStatusCodeMessage(REQUEST_TYPE, statusCode));
 844         Assert.assertEquals(statusCode, EXPECTED_STATUS_CODE);
 845         res.releaseConnection();
 846         return extractId(res);
 847     }
 848
 849     private void deleteRole(String roleId) {
 850         setupDelete();
 851         RoleClient roleClient = new RoleClient();
 852         ClientResponse<Response> res = roleClient.delete(roleId);
 853         int statusCode = res.getStatus();
 854         if (logger.isDebugEnabled()) {
 855             logger.debug("deleteRole: delete role id=" + roleId
 856                     + " status=" + statusCode);
 857         }
 858         Assert.assertTrue(REQUEST_TYPE.isValidStatusCode(statusCode),
 859                 invalidStatusCodeMessage(REQUEST_TYPE, statusCode));
 860         Assert.assertEquals(statusCode, EXPECTED_STATUS_CODE);
 861         res.releaseConnection();
 862     }
 863
 864     private String createAccount(String userName, String email) {
 865         setupCreate();
 866         AccountClient accountClient = new AccountClient();
 867         AccountsCommon account = AccountFactory.createAccountInstance(
 868                 userName, userName, userName, email, accountClient.getTenantId(),
 869                 true, false, true, true);
 870         ClientResponse<Response> res = accountClient.create(account);
 871         int statusCode = res.getStatus();
 872         if (logger.isDebugEnabled()) {
 873             logger.debug("createAccount: userName=" + userName
 874                     + " status = " + statusCode);
 875         }
 876         Assert.assertTrue(REQUEST_TYPE.isValidStatusCode(statusCode),
 877                 invalidStatusCodeMessage(REQUEST_TYPE, statusCode));
 878         Assert.assertEquals(statusCode, EXPECTED_STATUS_CODE);
 879         res.releaseConnection();
 880         return extractId(res);
 881     }
 882
 883     private void deleteAccount(String accId) {
 884         setupDelete();
 885         AccountClient accClient = new AccountClient();
 886         ClientResponse<Response> res = accClient.delete(accId);
 887         int statusCode = res.getStatus();
 888         if (logger.isDebugEnabled()) {
 889             logger.debug("deleteAccount: delete account id="
 890                     + accId + " status=" + statusCode);
 891         }
 892         Assert.assertTrue(REQUEST_TYPE.isValidStatusCode(statusCode),
 893                 invalidStatusCodeMessage(REQUEST_TYPE, statusCode));
 894         Assert.assertEquals(statusCode, EXPECTED_STATUS_CODE);
 895         res.releaseConnection();
 896     }
 897
 898     private String createAccountRole(AccountValue av,
 899             Collection<RoleValue> rvs) {
 900         setupCreate();
 901
 902         // Submit the request to the service and store the response.
 903         AccountRole accRole = AccountRoleFactory.createAccountRoleInstance(
 904                 av, rvs, true, true);
 905         AccountRoleClient client = new AccountRoleClient();
 906         ClientResponse<Response> res = client.create(av.getAccountId(), accRole);
 907         int statusCode = res.getStatus();
 908
 909         if (logger.isDebugEnabled()) {
 910             logger.debug("createAccountRole: status = " + statusCode);
 911         }
 912         Assert.assertTrue(REQUEST_TYPE.isValidStatusCode(statusCode),
 913                 invalidStatusCodeMessage(REQUEST_TYPE, statusCode));
 914         Assert.assertEquals(statusCode, EXPECTED_STATUS_CODE);
 915         res.releaseConnection();
 916         return extractId(res);
 917     }
 918
 919     private void deleteAccountRole(AccountValue av,
 920             Collection<RoleValue> rvs) {
 921         // Perform setup.
 922         setupDelete();
 923
 924         // Submit the request to the service and store the response.
 925         AccountRoleClient client = new AccountRoleClient();
 926         AccountRole accRole = AccountRoleFactory.createAccountRoleInstance(
 927                 av, rvs, true, true);
 928         ClientResponse<Response> res = client.delete(
 929                 av.getAccountId());
 930         int statusCode = res.getStatus();
 931
 932         // Check the status code of the response: does it match
 933         // the expected response(s)?
 934         if (logger.isDebugEnabled()) {
 935             logger.debug("deleteAccountRole: status = " + statusCode);
 936         }
 937         Assert.assertTrue(REQUEST_TYPE.isValidStatusCode(statusCode),
 938                 invalidStatusCodeMessage(REQUEST_TYPE, statusCode));
 939         Assert.assertEquals(statusCode, EXPECTED_STATUS_CODE);
 940         res.releaseConnection();
 941     }
 942
 943     private String createPermissionRole(PermissionValue pv,
 944             Collection<RoleValue> rvs) {
 945         setupCreate();
 946         List<RoleValue> rvls = new ArrayList<RoleValue>();
 947         rvls.addAll(rvs);
 948         PermissionRole permRole = PermissionRoleFactory.createPermissionRoleInstance(
 949                 pv, rvls, true, true);
 950         PermissionRoleClient client = new PermissionRoleClient();
 951         ClientResponse<Response> res = client.create(pv.getPermissionId(), permRole);
 952         int statusCode = res.getStatus();
 953
 954         if (logger.isDebugEnabled()) {
 955             logger.debug("createPermissionRole: status = " + statusCode);
 956         }
 957         Assert.assertTrue(REQUEST_TYPE.isValidStatusCode(statusCode),
 958                 invalidStatusCodeMessage(REQUEST_TYPE, statusCode));
 959         Assert.assertEquals(statusCode, EXPECTED_STATUS_CODE);
 960         res.releaseConnection();
 961         return extractId(res);
 962     }
 963
 964     private void deletePermissionRole(PermissionValue pv,
 965             Collection<RoleValue> rvs) {
 966         List<RoleValue> rvls = new ArrayList<RoleValue>();
 967         rvls.addAll(rvs);
 968
 969         // Perform setup.
 970         setupDelete();
 971
 972         // Submit the request to the service and store the response.
 973         PermissionRoleClient client = new PermissionRoleClient();
 974         PermissionRole permRole = PermissionRoleFactory.createPermissionRoleInstance(
 975                 pv, rvls, true, true);
 976         ClientResponse<Response> res = client.delete(pv.getPermissionId());
 977         int statusCode = res.getStatus();
 978
 979         // Check the status code of the response: does it match
 980         // the expected response(s)?
 981         if (logger.isDebugEnabled()) {
 982             logger.debug("deletePermissionRole : status = " + statusCode);
 983         }
 984         Assert.assertTrue(REQUEST_TYPE.isValidStatusCode(statusCode),
 985                 invalidStatusCodeMessage(REQUEST_TYPE, statusCode));
 986         Assert.assertEquals(statusCode, EXPECTED_STATUS_CODE);
 987         res.releaseConnection();
 988     }
 989 }