<xmlReplay>
<auths>
<!-- IMPORTANT: THESE ARE STICKY :: THEY STICK AROUND UNTIL RESET, IN EXEC ORDER OF THIS FILE. -->
+ <!-- Auth = Base64Encode("username:password") See https://www.base64encode.org/
+ For example:
+ Username = "grover"
+ Password = "grover2018"
+ Token String = "grover:grover2018"
+ Auth ID = "Z3JvdmVyOmdyb3ZlcjIwMTg="
+ -->
<auth ID="admin@core.collectionspace.org">YWRtaW5AY29yZS5jb2xsZWN0aW9uc3BhY2Uub3JnOkFkbWluaXN0cmF0b3I=</auth>
<auth ID="user1@museum1">dXNlcjFAbXVzZXVtMS5vcmc6dXNlcjFAbXVzZXVtMS5vcmc=</auth>
<auth ID="bigbird2010">YmlnYmlyZDIwMTA6YmlnYmlyZDIwMTA=</auth>
<auth ID="elmo2010">ZWxtbzIwMTA6ZWxtbzIwMTA=</auth>
- <auth ID="grover2018">Z3JvdmVyMjAxODpncm92ZXIyMDE4</auth>
+ <auth ID="grover">Z3JvdmVyOmdyb3ZlcjIwMTg=</auth>
</auths>
- <testGroup ID="slipOut" autoDeletePOSTS="true">
+ <testGroup ID="SimpleRoles" autoDeletePOSTS="true">
+ <test ID="simpleAccount-1">
+ <method>POST</method>
+ <uri>/cspace-services/accounts</uri>
+ <filename>security/BasicRoles/createSimpleAccount-1.xml</filename>
+ </test>
+ <test ID="simpleRole-1">
+ <method>POST</method>
+ <uri>/cspace-services/authorization/roles</uri>
+ <filename>security/BasicRoles/createSimpleRole-1.xml</filename>
+ </test>
+ <!--
+ Create an account and role(s) with a single payload request
+ -->
+ <test ID="simpleRole_2">
+ <method>POST</method>
+ <uri>/cspace-services/authorization/roles</uri>
+ <filename>security/BasicRoles/createSimpleRole-2.xml</filename>
+ </test>
+ <test ID="simpleAccount-2">
+ <method>POST</method>
+ <uri>/cspace-services/accounts</uri>
+ <filename>security/BasicRoles/createSimpleAccount-2.xml</filename>
+ </test>
+ </testGroup>
+
+ <testGroup ID="SlipOut" autoDeletePOSTS="true">
<test ID="slipOutPerm">
<method>POST</method>
<uri>/cspace-services/authorization/permissions</uri>
- <filename>security/slipOutPerm.xml</filename>
+ <filename>security/SlipOut/slipOutPerm.xml</filename>
</test>
<test ID="slipOutRole">
<method>POST</method>
<uri>/cspace-services/authorization/roles</uri>
- <filename>security/slipOutRole.xml</filename>
+ <filename>security/SlipOut/slipOutRole.xml</filename>
</test>
- <test ID="accountGrover">
+ <test ID="slipOutAccount">
<method>POST</method>
<uri>/cspace-services/accounts</uri>
- <filename>security/create-account-grover.xml</filename>
+ <filename>security/SlipOut/slipOutAccount-1.xml</filename>
</test>
- <test ID="slipOutVocab-1" auth="grover2018">
+ <test ID="slipOutVocab-1" auth="grover">
<method>POST</method>
<uri>/cspace-services/vocabularies</uri>
- <filename>security/slipOutVocab-1.xml</filename>
+ <filename>security/SlipOut/slipOutVocab-1.xml</filename>
</test>
<test ID="update-slipOutPerm" auth="admin@core.collectionspace.org">
<method>PUT</method>
<uri>/cspace-services/authorization/permissions/${slipOutPerm.CSID}</uri>
- <filename>security/slipOutPerm-update.xml</filename>
+ <filename>security/SlipOut/slipOutPerm-update.xml</filename>
</test>
- <test ID="slipOutVocab-2" auth="grover2018">
+ <test ID="slipOutVocab-2" auth="grover">
<expectedCodes>403</expectedCodes>
<method>POST</method>
<uri>/cspace-services/vocabularies</uri>
- <filename>security/slipOutVocab-2.xml</filename>
+ <filename>security/SlipOut/slipOutVocab-2.xml</filename>
</test>
</testGroup>
</test>
</testGroup>
- <testGroup ID="deleteBug" autoDeletePOSTS="false">
+ <testGroup ID="DeleteBug" autoDeletePOSTS="false">
<test ID="permElmo">
<method>POST</method>
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
-<ns2:accounts_common
-xmlns:ns2="http://collectionspace.org/services/account"
-xmlns:ns3="http://collectionspace.org/services/hyperjaxb">
- <screenName>elmo2010</screenName>
- <personRefName>elmo2010</personRefName>
- <email>elmo@cspace.org</email>
- <phone>1234567890</phone>
- <userId>elmo2010</userId>
- <!-- Pass word is elmo2010, base64 encoded -->
- <password>ZWxtbzIwMTA=</password>
- <tenants>
- <tenant_id>1</tenant_id>
- </tenants>
+<ns2:accounts_common xmlns:ns2="http://collectionspace.org/services/account" xmlns:ns3="http://collectionspace.org/services/hyperjaxb">
+ <screenName>elmo2018</screenName>
+ <personRefName>elmo2018</personRefName>
+ <email>elmo2018@DeleteBug.accountelemo.org</email>
+ <phone>1234567890</phone>
+ <userId>elmo2018</userId>
+ <!-- Pass word is grover2018, base64 encoded -->
+ <password>Z3JvdmVyMjAxOA==</password>
+ <tenants>
+ <tenant_id>1</tenant_id>
+ </tenants>
+ <role>
+ <roleId>${permElmo.CSID}</roleId> <!-- It should be ok that role name is missing -->
+ </role>
</ns2:accounts_common>
-
--- /dev/null
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<ns2:accounts_common xmlns:ns2="http://collectionspace.org/services/account" xmlns:ns3="http://collectionspace.org/services/hyperjaxb">
+ <screenName>simpleAccount-1</screenName>
+ <personRefName>simpleAccount-1</personRefName>
+ <email>simpleAccount-1@security.simpleroles.org</email>
+ <phone>1234567890</phone>
+ <userId>simpleAccount-1</userId>
+ <!-- Pass word is elmo2010, base64 encoded -->
+ <password>ZWxtbzIwMTA=</password>
+ <tenants>
+ <tenant_id>1</tenant_id>
+ </tenants>
+</ns2:accounts_common>
--- /dev/null
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<ns2:accounts_common xmlns:ns2="http://collectionspace.org/services/account" xmlns:ns3="http://collectionspace.org/services/hyperjaxb">
+ <screenName>simpleAccount-2</screenName>
+ <personRefName>simpleAccount-2</personRefName>
+ <email>simpleAccount-2@security.simpleroles.org</email>
+ <phone>1234567890</phone>
+ <userId>simpleAccount-2</userId>
+ <!-- Pass word is elmo2010, base64 encoded -->
+ <password>ZWxtbzIwMTA=</password>
+ <tenants>
+ <tenant_id>1</tenant_id>
+ </tenants>
+ <role>
+ <roleId>9a1fed44-25b0-48f9-8356-d16ac7555cae</roleId>
+ <roleName>ROLE_1_TENANT_ADMINISTRATOR</roleName>
+ </role>
+ <role>
+ <roleId>${simpleRole_2.CSID}</roleId>
+ </role>
+</ns2:accounts_common>
--- /dev/null
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<ns2:role xmlns:ns2="http://collectionspace.org/services/authorization">
+ <roleName>BasicRoles-SimpleRole-1</roleName>
+ <description>Role for BasicRoles-simpleRole-1 create test.</description>
+</ns2:role>
--- /dev/null
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<ns2:role xmlns:ns2="http://collectionspace.org/services/authorization">
+ <roleName>BasicRoles-SimpleRole-2</roleName>
+ <description>Role for BasicRoles-simpleRole-2 create test.</description>
+ <permission>
+ <permissionId>1-vocabularies-RL</permissionId>
+ </permission>
+ <permission>
+ <permissionId>1-groups-RL</permissionId>
+ </permission>
+</ns2:role>
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<ns2:accounts_common xmlns:ns2="http://collectionspace.org/services/account" xmlns:ns3="http://collectionspace.org/services/hyperjaxb">
- <screenName>grover2018</screenName>
- <personRefName>grover2018</personRefName>
+ <screenName>grover</screenName>
+ <personRefName>grover</personRefName>
<email>grover@cspace.org</email>
<phone>1234567890</phone>
- <userId>grover2018</userId>
+ <userId>grover</userId>
<!-- Pass word is grover2018, base64 encoded -->
<password>Z3JvdmVyMjAxOA==</password>
<tenants>
<!-- legal values for dumpServiceResult=[minimal,detailed,full,auto] -->
<dump payloads="false" dumpServiceResult="auto" />
+ <!-- Auth = Base64Encode("username:password") See https://www.base64encode.org/
+ For example:
+ Username = "grover"
+ Password = "grover2018"
+ Token String = "grover:grover2018"
+ Auth ID = "Z3JvdmVyOmdyb3ZlcjIwMTg="
+ -->
<auths default="admin@core.collectionspace.org">
<auth ID="admin@core.collectionspace.org">YWRtaW5AY29yZS5jb2xsZWN0aW9uc3BhY2Uub3JnOkFkbWluaXN0cmF0b3I=</auth>
</auths>
-
-
-
<run controlFile="./security-oauth.xml" />
<run controlFile="./security.xml" testGroup="deleteBug" />
<run controlFile="objectexit/object-exit.xml" testGroup="makeone" />
avc.setAccountId(coAccId);
accValues.put(avc.getScreenName(), avc);
- String rn1 = "ROLE_CO1";
+ String rn1 = "xROLE_CO1";
String r1RoleId = createRole(rn1);
RoleValue rv1 = new RoleValue();
rv1.setRoleId(r1RoleId);
rv1.setRoleName(rn1);
roleValues.put(rv1.getRoleName(), rv1);
- String rn2 = "ROLE_CO2";
+ String rn2 = "xROLE_CO2";
String r2RoleId = createRole(rn2);
RoleValue rv2 = new RoleValue();
rv2.setRoleId(r2RoleId);
}
/*
- * In this test, for setup, we associate both test roles ("ROLE_CO1", "ROLE_CO2") with the test account "acc-role-user2".
+ * In this test, for setup, we associate both test roles ("xROLE_CO1", "xROLE_CO2") with the test account "acc-role-user2".
* After we've performed this setup, our call to "/role/{csid}/accountroles" should contain an AccountRole that has
* a list of 1 account -the test user account we associated during setup.
*/
}
//
- // Now read the list of accounts associated with the role "ROLE_CO1".
+ // Now read the list of accounts associated with the role "xROLE_CO1".
// There should be just the "acc-role-user2" account.
//
RoleClient roleClient = new RoleClient();
// Submit the request to the service and store the response.
setupRead();
Response res = roleClient.readRoleAccounts(
- roleValues.get("ROLE_CO1").getRoleId());
+ roleValues.get("xROLE_CO1").getRoleId());
try {
// Check the status code of the response: does it match
// the expected response(s)?
import org.collectionspace.services.client.AccountClient;
import org.collectionspace.services.client.PayloadOutputPart;
import org.collectionspace.services.client.RoleClient;
+import org.collectionspace.services.common.CSWebApplicationException;
import org.collectionspace.services.common.EmailUtil;
import org.collectionspace.services.common.SecurityResourceBase;
import org.collectionspace.services.common.ServiceMain;
import org.collectionspace.services.common.context.RemoteServiceContextFactory;
import org.collectionspace.services.common.context.ServiceContext;
import org.collectionspace.services.common.context.ServiceContextFactory;
+import org.collectionspace.services.common.document.DocumentException;
import org.collectionspace.services.common.document.DocumentNotFoundException;
import org.collectionspace.services.common.query.UriInfoImpl;
import org.collectionspace.services.common.storage.StorageClient;
import java.util.Collections;
import java.util.List;
+import javax.persistence.NoResultException;
import javax.ws.rs.Consumes;
import javax.ws.rs.DELETE;
import javax.ws.rs.GET;
@GET
@Path("{csid}")
public AccountsCommon getAccount(@Context UriInfo ui, @PathParam("csid") String csid) {
- return (AccountsCommon)get(ui, csid, AccountsCommon.class);
+ AccountsCommon result = null;
+
+ result = (AccountsCommon)get(ui, csid, AccountsCommon.class);
+
+ return result;
}
@GET
import org.collectionspace.services.account.AccountRoleSubResource;
import org.collectionspace.services.account.Status;
import org.collectionspace.services.authorization.AccountRole;
-import org.collectionspace.services.authorization.AccountValue;
import org.collectionspace.services.authorization.SubjectType;
import org.collectionspace.services.account.RoleValue;
import org.collectionspace.services.client.AccountClient;
-import org.collectionspace.services.client.AccountFactory;
import org.collectionspace.services.client.AccountRoleFactory;
import org.collectionspace.services.common.storage.TransactionContext;
import org.collectionspace.services.common.storage.jpa.JpaDocumentHandler;
@Override
public void completeUpdate(DocumentWrapper<AccountsCommon> wrapDoc) throws Exception {
AccountsCommon upAcc = wrapDoc.getWrappedObject();
- getServiceContext().setOutput(upAcc);
- sanitize(upAcc);
+ getServiceContext().setOutput(upAcc);
}
@Override
* sanitize removes data not needed to be sent to the consumer
* @param account
*/
- private void sanitize(AccountsCommon account) {
+ @Override
+ public void sanitize(DocumentWrapper<AccountsCommon> wrapDoc) {
+ AccountsCommon account = wrapDoc.getWrappedObject();
+ sanitize(account);
+ }
+
+ private void sanitize(AccountsCommon account) {
account.setPassword(null);
if (!SecurityUtils.isCSpaceAdmin()) {
account.setTenants(new ArrayList<AccountTenant>(0));
}
- }
+ }
/* (non-Javadoc)
* @see org.collectionspace.services.common.document.DocumentHandler#initializeDocumentFilter(org.collectionspace.services.common.context.ServiceContext)
*/
- public void initializeDocumentFilter(ServiceContext ctx) {
+ public void initializeDocumentFilter(ServiceContext<AccountsCommon, AccountsCommon> ctx) {
// set a default document filter in this method
}
}
DocumentWrapper<AccountsCommon> wrapDoc =
new DocumentWrapperImpl<AccountsCommon>(accountFound);
handler.handle(Action.UPDATE, wrapDoc);
- handler.complete(Action.UPDATE, wrapDoc);
-
+ handler.complete(Action.UPDATE, wrapDoc);
jpaConnectionContext.commitTransaction();
+ //
+ // Don't sanitize until we've committed changes to the DB
+ //
+ handler.sanitize(wrapDoc);
} catch (BadRequestException bre) {
jpaConnectionContext.markForRollback();
throw bre;
}
- // Failure outcomes
- /* (non-Javadoc)
- * @see org.collectionspace.services.client.test.AbstractServiceTestImpl#readNonExistent(java.lang.String)
- */
- @Override
- @Test(dataProvider = "testName", dataProviderClass = AbstractServiceTestImpl.class)
- public void readNonExistent(String testName) throws Exception {
- // Perform setup.
- setupReadNonExistent();
-
- // Submit the request to the service and store the response.
- PermissionRoleClient client = new PermissionRoleClient();
- Response res = null;
- try {
- res = client.read(NON_EXISTENT_ID);
- int statusCode = res.getStatus();
-
- // Check the status code of the response: does it match
- // the expected response(s)?
- if (logger.isDebugEnabled()) {
- logger.debug(testName + ": status = " + statusCode);
- }
- Assert.assertTrue(testRequestType.isValidStatusCode(statusCode),
- invalidStatusCodeMessage(testRequestType, statusCode));
- Assert.assertEquals(statusCode, testExpectedStatusCode);
- } finally {
- if (res != null) {
- res.close();
- }
- }
- }
-
@Test(dataProvider = "testName",
dependsOnMethods = {"CRUDTests"})
public void readNoRelationship(String testName) throws Exception {
// Perform setup.
- setupRead();
+ setupReadNonExistent();
// Submit the request to the service and store the response.
PermissionRoleClient client = new PermissionRoleClient();
Response res = null;
try {
- res = client.read(
- permValues.get(TEST_SERVICE_NAME + TEST_MARKER + NO_REL_SUFFIX).getPermissionId());
- // Check the status code of the response: does it match
- // the expected response(s)?
+ String permId = permValues.get(TEST_SERVICE_NAME + TEST_MARKER + NO_REL_SUFFIX).getPermissionId();
+ res = client.read(permId);
assertStatusCode(res, testName);
- PermissionRole output = res.readEntity(PermissionRole.class);
-
- String sOutput = objectAsXmlString(output, PermissionRole.class);
- if (logger.isDebugEnabled()) {
- logger.debug(testName + " received " + sOutput);
- }
} finally {
if (res != null) {
res.close();
* refer to this method in their @Test annotation declarations.
*/
@Override
- @Test(dataProvider = "testName",
- dependsOnMethods = {
+ @Test(dataProvider = "testName", dependsOnMethods = {
"org.collectionspace.services.client.test.AbstractServiceTestImpl.baseCRUDTests"})
public void CRUDTests(String testName) {
- // Do nothing. Simply here to for a TestNG execution order for our tests
+ System.out.println("no-op");
}
@Override
// Used to create unique identifiers
static private final Random random = new Random(System.currentTimeMillis());
- private static final String PERM_1_RL_RESOURCE = "xROLE_TEST_PERMVALUE_RESOURCE_1";
+ private static final String PERM_1_RL_RESOURCE = "intakes";
private static final String PERM_1_RL_ACTIONGROUP = "RL";
- private static final String PERM_2_RL_RESOURCE = "xROLE_TEST_PERMVALUE_RESOURCE_2";
+
+ private static final String PERM_2_RL_RESOURCE = "dimensions";
private static final String PERM_2_RL_ACTIONGROUP = "CRUL";
- private static final String PERM_3_RL_RESOURCE = "xROLE_TEST_PERMVALUE_RESOURCE_3";
+
+ private static final String PERM_3_RL_RESOURCE = "loansin";
private static final String PERM_3_RL_ACTIONGROUP = "CRUDL";
// Submit the request to the service and store the response.
CollectionSpaceClient client = this.getClientInstance();
- Response res = client.read(NON_EXISTENT_ID);
- int statusCode = res.getStatus();
+ Response res = null;
try {
+ res = client.read(NON_EXISTENT_ID);
+ int statusCode = res.getStatus();
// Check the status code of the response: does it match
// the expected response(s)?
if (logger.isDebugEnabled()) {
invalidStatusCodeMessage(testRequestType, statusCode));
Assert.assertEquals(statusCode, testExpectedStatusCode);
} finally {
- res.close();
+ if (res != null) res.close();
}
}
package org.collectionspace.services.common;
import org.collectionspace.services.common.context.ServiceContext;
+import org.collectionspace.services.common.document.DocumentException;
import org.collectionspace.services.common.document.DocumentFilter;
import org.collectionspace.services.common.document.DocumentHandler;
import org.collectionspace.services.common.storage.TransactionContext;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
+import javax.persistence.NoResultException;
import javax.ws.rs.core.MultivaluedMap;
import javax.ws.rs.core.Response;
import javax.ws.rs.core.UriBuilder;
logger.debug("get with csid=" + csid);
ensureCSID(csid, ServiceMessages.GET_FAILED + "csid");
Object result = null;
+
try {
ServiceContext<IT, OT> ctx = createServiceContext((IT) null, objectClass, ui);
DocumentHandler handler = createDocumentHandler(ctx);
getStorageClient(ctx).get(ctx, csid, handler);
result = ctx.getOutput();
- } catch (Exception e) {
+ } catch (DocumentException e) {
+ Exception cause = (Exception) e.getCause();
+ if (cause instanceof NoResultException) {
+ Response response = Response.status(Response.Status.NOT_FOUND).entity(result).type("text/plain").build();
+ throw new CSWebApplicationException(response);
+ }
+ } catch (Exception e) {
throw bigReThrow(e, ServiceMessages.GET_FAILED, csid);
}
+
checkResult(result, csid, ServiceMessages.GET_FAILED);
return result;
}
return result;
}
+
+ @Override
+ public void sanitize(DocumentWrapper<WT> wrapDoc) {
+ //
+ // By default, do nothing. Sub-classes can override if they want to.
+ //
+ }
+
/* (non-Javadoc)
* @see org.collectionspace.services.common.document.DocumentHandler#handleCreate(org.collectionspace.services.common.document.DocumentWrapper)
import java.util.Map;
+import org.collectionspace.services.account.AccountsCommon;
import org.collectionspace.services.common.context.ServiceContext;
import org.collectionspace.services.common.query.QueryContext;
import org.collectionspace.services.common.vocabulary.RefNameServiceUtils.Specifier;
*/
void completeSync(DocumentWrapper<Object> wrapDoc) throws Exception;
+ public void sanitize(DocumentWrapper<WT> wrapDoc);
+
}
import javax.persistence.PersistenceException;
import javax.persistence.EntityManager;
import javax.persistence.EntityManagerFactory;
+import javax.persistence.EntityNotFoundException;
import javax.persistence.NoResultException;
import javax.persistence.Persistence;
import javax.persistence.Query;
q.setParameter(paramName, paramBindings.get(paramName));
}
- result = q.getSingleResult();
+ result = q.getSingleResult();
if (result == null) {
logger.debug("Call to getEntity() returned empty set.");
projects / tmp / jakarta-migration.git / commitdiff