From: Sanjay Dalal Date: Tue, 30 Mar 2010 00:15:29 +0000 (+0000) Subject: CSPACE-1345 refactored role into roles.xsd, added roles_list and role X-Git-Url: https://git.aero2k.de/?a=commitdiff_plain;h=7313eae2773dc4f680ec8d462e64eef2c253e0ec;p=tmp%2Fjakarta-migration.git CSPACE-1345 refactored role into roles.xsd, added roles_list and role CSPACE-1346 refactored permission-config to permissions.xsd, removed parent-child relationship between perm and role...made it association, permission-action has parent child rel added id, etc., added list CSPACE-1347 refactored users_roles into users_roles.xsd, added list cleaned up persistence.xml, removed list classes if not used in persistence test: authz gen_ddl, create_db, gentest, seedtest, mvn test at the service level M services/JaxRsServiceProvider/src/main/resources/META-INF/persistence.xml M services/account/pstore/src/test/resources/META-INF/persistence.xml _M services/authorization M services/authorization/service/src/test/java/org/collectionspace/services/authorization/test/AuthorizationSeedTest.java A services/authorization/service/src/test/java/org/collectionspace/services/authorization/test/AbstractAuthorizationTestImpl.java A services/authorization/service/src/test/java/org/collectionspace/services/authorization/test/AuthorizationGenTest.java M services/authorization/service/src/test/resources/test-data/test-permissions.xml A services/authorization/service/src/test/resources/test-data/test-permissions-roles.xml M services/authorization/service/src/main/java/org/collectionspace/services/authorization/AuthZ.java D services/authorization/jaxb/src/test/resources/META-INF/persistence.xml D services/authorization/jaxb/src/test/resources/hibernate.cfg.xml A + services/authorization/jaxb/src/main/resources/roles.xsd A services/authorization/jaxb/src/main/resources/users_roles.xsd D services/authorization/jaxb/src/main/resources/authorization_provider.xsd A services/authorization/jaxb/src/main/resources/permissions.xsd A services/authorization/jaxb/src/main/resources/permissions_roles.xsd M services/authorization/pstore/src/test/resources/META-INF/persistence.xml M services/authorization/pstore/src/main/resources/db/mysql/authorization_index.sql M services/authorization/pstore/src/main/resources/db/mysql/authorization.sql --- diff --git a/services/JaxRsServiceProvider/src/main/resources/META-INF/persistence.xml b/services/JaxRsServiceProvider/src/main/resources/META-INF/persistence.xml index 5cc85d50d..b0061ffaa 100644 --- a/services/JaxRsServiceProvider/src/main/resources/META-INF/persistence.xml +++ b/services/JaxRsServiceProvider/src/main/resources/META-INF/persistence.xml @@ -5,14 +5,12 @@ org.hibernate.ejb.HibernatePersistence CspaceDS org.collectionspace.services.account.AccountsCommon - org.collectionspace.services.account.AccountsCommonList$AccountListItem org.collectionspace.services.account.Tenant org.collectionspace.services.account.AccountTenant org.collectionspace.services.account.Status org.collectionspace.services.authentication.User org.collectionspace.services.authorization.Role org.collectionspace.services.authorization.UserRole - diff --git a/services/account/pstore/src/test/resources/META-INF/persistence.xml b/services/account/pstore/src/test/resources/META-INF/persistence.xml index 43c1402c9..f332caa05 100644 --- a/services/account/pstore/src/test/resources/META-INF/persistence.xml +++ b/services/account/pstore/src/test/resources/META-INF/persistence.xml @@ -3,8 +3,6 @@ http://java.sun.com/xml/ns/persistence/orm http://java.sun.com/xml/ns/persistence/orm_1_0.xsd" xmlns="http://java.sun.com/xml/ns/persistence" xmlns:orm="http://java.sun.com/xml/ns/persistence/orm" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> org.collectionspace.services.account.AccountsCommon - org.collectionspace.services.account.AccountsCommonList - org.collectionspace.services.account.AccountsCommonList$AccountListItem org.collectionspace.services.account.Tenant org.collectionspace.services.account.AccountTenant org.collectionspace.services.account.Status diff --git a/services/authorization/jaxb/src/main/resources/authorization_provider.xsd b/services/authorization/jaxb/src/main/resources/authorization_provider.xsd deleted file mode 100644 index 8a9b1d643..000000000 --- a/services/authorization/jaxb/src/main/resources/authorization_provider.xsd +++ /dev/null @@ -1,206 +0,0 @@ - - - - - - - - - - - - Role definition in CollectionSpace - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - UserRole defines association between user and role in CollectionSpace - - - - - - username - rolename - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - permission configuration list - - - - - - - - - - CspacePermissionConfig describes permission in CollectionSpace - - - - - - - - resourceName could be a servicename or a servicename#attribute - - - - - - - - - - - - - - Action describes the actions that coudl be taken - - - - - - - - - - - - - - - - - EffectType describes the effect of access control - - - - - - - - - diff --git a/services/authorization/jaxb/src/main/resources/permissions.xsd b/services/authorization/jaxb/src/main/resources/permissions.xsd new file mode 100644 index 000000000..b63c557d2 --- /dev/null +++ b/services/authorization/jaxb/src/main/resources/permissions.xsd @@ -0,0 +1,178 @@ + + + + + + + + + + + + + + + + + + + permission configuration list + + + + + + + + + + CspacePermissionConfig describes permission in CollectionSpace + - resourceName could be a service path, e.g. collectionobjects or intakes + no need to give slash at the beginning or end + - attributeName could be an attribute of the service schema + e.g. otherNumber from collectionobjects_common + - action describes the actions that could be taken on given resource (and attribute) + - effect describes the effect of the access control for the action + performed on the given resource (and attribute) + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/services/authorization/jaxb/src/main/resources/permissions_roles.xsd b/services/authorization/jaxb/src/main/resources/permissions_roles.xsd new file mode 100644 index 000000000..c746b2497 --- /dev/null +++ b/services/authorization/jaxb/src/main/resources/permissions_roles.xsd @@ -0,0 +1,109 @@ + + + + + + + + + + + + + + + + + + permission role list + + + + + + + + + PermissionRole defines association between permission and role in CollectionSpace + + + + + + permission_id + rolename + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/services/authorization/jaxb/src/main/resources/roles.xsd b/services/authorization/jaxb/src/main/resources/roles.xsd new file mode 100644 index 000000000..5408db980 --- /dev/null +++ b/services/authorization/jaxb/src/main/resources/roles.xsd @@ -0,0 +1,112 @@ + + + + + + + + + + + + + + + + + + role list + + + + + + + + + Role definition in CollectionSpace + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/services/authorization/jaxb/src/main/resources/users_roles.xsd b/services/authorization/jaxb/src/main/resources/users_roles.xsd new file mode 100644 index 000000000..3715aebda --- /dev/null +++ b/services/authorization/jaxb/src/main/resources/users_roles.xsd @@ -0,0 +1,110 @@ + + + + + + + + + + + + + + + + + + user role list + + + + + + + + + UserRole defines association between user and role in CollectionSpace + + + + + + username + rolename + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/services/authorization/jaxb/src/test/resources/META-INF/persistence.xml b/services/authorization/jaxb/src/test/resources/META-INF/persistence.xml deleted file mode 100644 index a922bf945..000000000 --- a/services/authorization/jaxb/src/test/resources/META-INF/persistence.xml +++ /dev/null @@ -1,18 +0,0 @@ - - - - org.collectionspace.services.authorization.Role - org.collectionspace.services.authorization.UserRole - - - - - - - diff --git a/services/authorization/jaxb/src/test/resources/hibernate.cfg.xml b/services/authorization/jaxb/src/test/resources/hibernate.cfg.xml deleted file mode 100644 index c7c600995..000000000 --- a/services/authorization/jaxb/src/test/resources/hibernate.cfg.xml +++ /dev/null @@ -1,24 +0,0 @@ - - - - - - - jdbc:mysql://localhost:3306/cspace - com.mysql.jdbc.Driver - test - test - org.hibernate.dialect.MySQLDialect - org.hibernate.transaction.JDBCTransactionFactory - thread - true - - diff --git a/services/authorization/pstore/src/main/resources/db/mysql/authorization.sql b/services/authorization/pstore/src/main/resources/db/mysql/authorization.sql index 3a5b1e58c..e26f9bb13 100644 --- a/services/authorization/pstore/src/main/resources/db/mysql/authorization.sql +++ b/services/authorization/pstore/src/main/resources/db/mysql/authorization.sql @@ -1,4 +1,12 @@ +alter table permissions_actions drop foreign key FK85F8204295972CE9; +drop table if exists permissions; +drop table if exists permissions_actions; +drop table if exists permissions_roles; drop table if exists roles; drop table if exists users_roles; -create table roles (rolename varchar(200) not null, created_at datetime not null, rolegroup varchar(255) not null, updated_at datetime, primary key (rolename)); +create table permissions (csid varchar(128) not null, attribute_name varchar(128), created_at datetime not null, description varchar(255), effect varchar(32) not null, resource_name varchar(128) not null, updated_at datetime, primary key (csid)); +create table permissions_actions (HJID bigint not null auto_increment, name varchar(128) not null, ACTION__PERMISSION_CSID varchar(128), primary key (HJID)); +create table permissions_roles (HJID bigint not null auto_increment, created_at datetime not null, permission_id varchar(128) not null, rolename varchar(200) not null, updated_at datetime, primary key (HJID), unique (permission_id, rolename)); +create table roles (rolename varchar(200) not null, created_at datetime not null, description varchar(255), rolegroup varchar(255) not null, updated_at datetime, primary key (rolename)); create table users_roles (HJID bigint not null auto_increment, created_at datetime not null, rolename varchar(200) not null, updated_at datetime, username varchar(128) not null, primary key (HJID), unique (username, rolename)); +alter table permissions_actions add index FK85F8204295972CE9 (ACTION__PERMISSION_CSID), add constraint FK85F8204295972CE9 foreign key (ACTION__PERMISSION_CSID) references permissions (csid); diff --git a/services/authorization/pstore/src/main/resources/db/mysql/authorization_index.sql b/services/authorization/pstore/src/main/resources/db/mysql/authorization_index.sql index 4f93e3225..efa5e5c8f 100644 --- a/services/authorization/pstore/src/main/resources/db/mysql/authorization_index.sql +++ b/services/authorization/pstore/src/main/resources/db/mysql/authorization_index.sql @@ -7,3 +7,5 @@ use cspace; CREATE INDEX index_rolename ON roles (rolegroup); CREATE INDEX index_username ON users_roles (username); CREATE INDEX index_rolename ON users_roles (rolename); +CREATE INDEX index_permission_id ON permissions_roles (permission_id); +CREATE INDEX index_rolename ON permissions_roles (rolename); diff --git a/services/authorization/pstore/src/test/resources/META-INF/persistence.xml b/services/authorization/pstore/src/test/resources/META-INF/persistence.xml index 403959633..ed8a21faf 100644 --- a/services/authorization/pstore/src/test/resources/META-INF/persistence.xml +++ b/services/authorization/pstore/src/test/resources/META-INF/persistence.xml @@ -1,9 +1,16 @@ + http://java.sun.com/xml/ns/persistence/orm http://java.sun.com/xml/ns/persistence/orm_1_0.xsd" xmlns="http://java.sun.com/xml/ns/persistence" xmlns:orm="http://java.sun.com/xml/ns/persistence/orm" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> + org.collectionspace.services.authorization.Permission + org.collectionspace.services.authorization.PermissionAction + org.collectionspace.services.authorization.PermissionsList + org.collectionspace.services.authorization.PermissionRole + org.collectionspace.services.authorization.PermissionsRolesList org.collectionspace.services.authorization.Role + org.collectionspace.services.authorization.RolesList org.collectionspace.services.authorization.UserRole + org.collectionspace.services.authorization.UsersRolesList diff --git a/services/authorization/service/src/main/java/org/collectionspace/services/authorization/AuthZ.java b/services/authorization/service/src/main/java/org/collectionspace/services/authorization/AuthZ.java index ebea99fa9..21cf0528f 100644 --- a/services/authorization/service/src/main/java/org/collectionspace/services/authorization/AuthZ.java +++ b/services/authorization/service/src/main/java/org/collectionspace/services/authorization/AuthZ.java @@ -49,6 +49,7 @@ */ package org.collectionspace.services.authorization; +import java.util.ArrayList; import java.util.List; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; @@ -102,14 +103,22 @@ public class AuthZ { * addPermissions add permissions from given permission configuration * @param permission configuration */ - public void addPermissions(PermissionConfig pConfig) { - List principals = pConfig.getRole(); - List users = pConfig.getUser(); - principals.addAll(users); - List actions = pConfig.getAction(); - for (ActionType action : actions) { - URIResourceImpl uriRes = new URIResourceImpl(pConfig.getResourceName(), - action); + public void addPermissions(Permission perm, + List permRoles) { + List principals = new ArrayList(); + for (PermissionRole permRole : permRoles) { + if (!perm.getCsid().equals(permRole.getPermissionId())) { + throw new IllegalArgumentException("permission ids do not" + + " match role=" + permRole.getRoleName() + + " permission=" + perm.getCsid()); + } + //assuming permrole belongs to the same perm + principals.add(permRole.getRoleName()); + } + List permActions = perm.getAction(); + for (PermissionAction permAction : permActions) { + URIResourceImpl uriRes = new URIResourceImpl(perm.getResourceName(), + permAction.getName()); addPermission(uriRes, principals.toArray(new String[0])); } } diff --git a/services/authorization/service/src/test/java/org/collectionspace/services/authorization/test/AbstractAuthorizationTestImpl.java b/services/authorization/service/src/test/java/org/collectionspace/services/authorization/test/AbstractAuthorizationTestImpl.java new file mode 100644 index 000000000..f8364c9fc --- /dev/null +++ b/services/authorization/service/src/test/java/org/collectionspace/services/authorization/test/AbstractAuthorizationTestImpl.java @@ -0,0 +1,177 @@ +/** + * This document is a part of the source code and related artifacts + * for CollectionSpace, an open source collections management system + * for museums and related institutions: + + * http://www.collectionspace.org + * http://wiki.collectionspace.org + + * Copyright 2009 University of California at Berkeley + + * Licensed under the Educational Community License (ECL), Version 2.0. + * You may not use this file except in compliance with this License. + + * You may obtain a copy of the ECL 2.0 License at + + * https://source.collectionspace.org/collection-space/LICENSE.txt + + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + *//** + * This document is a part of the source code and related artifacts + * for CollectionSpace, an open source collections management system + * for museums and related institutions: + + * http://www.collectionspace.org + * http://wiki.collectionspace.org + + * Copyright 2009 University of California at Berkeley + + * Licensed under the Educational Community License (ECL), Version 2.0. + * You may not use this file except in compliance with this License. + + * You may obtain a copy of the ECL 2.0 License at + + * https://source.collectionspace.org/collection-space/LICENSE.txt + + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +/* + * To change this template, choose Tools | Templates + * and open the template in the editor. + */ +package org.collectionspace.services.authorization.test; + +import java.io.File; +import java.io.InputStream; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import java.lang.reflect.Method; +import java.util.ArrayList; +import java.util.HashSet; +import javax.xml.bind.JAXBContext; +import javax.xml.bind.Marshaller; +import javax.xml.bind.Unmarshaller; +import org.collectionspace.services.authorization.ActionType; +import org.collectionspace.services.authorization.AuthZ; +import org.collectionspace.services.authorization.Permission; +import org.collectionspace.services.authorization.EffectType; +import org.collectionspace.services.authorization.PermissionAction; +import org.collectionspace.services.authorization.PermissionsList; +import org.collectionspace.services.authorization.PermissionRole; +import org.collectionspace.services.authorization.PermissionsList; +import org.collectionspace.services.authorization.PermissionsRolesList; +import org.springframework.context.support.ClassPathXmlApplicationContext; +import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; +import org.springframework.security.core.Authentication; +import org.springframework.security.core.GrantedAuthority; +import org.springframework.security.core.authority.GrantedAuthorityImpl; +import org.springframework.security.core.context.SecurityContextHolder; +import org.springframework.transaction.TransactionDefinition; +import org.springframework.transaction.TransactionStatus; +import org.springframework.transaction.support.DefaultTransactionDefinition; +import org.testng.annotations.BeforeClass; +import org.testng.annotations.DataProvider; +import org.testng.annotations.Test; + +/** + * + * @author + */ +public abstract class AbstractAuthorizationTestImpl { + + final Logger logger = LoggerFactory.getLogger(AbstractAuthorizationTestImpl.class); + private org.springframework.jdbc.datasource.DataSourceTransactionManager txManager; + + /** + * Returns the name of the currently running test. + * + * Note: although the return type is listed as Object[][], + * this method instead returns a String. + * + * @param m The currently running test method. + * + * @return The name of the currently running test method. + */ + @DataProvider(name = "testName") + protected static Object[][] testName(Method m) { + return new Object[][]{ + new Object[]{m.getName()} + }; + } + + + protected void setup() { + ClassPathXmlApplicationContext appContext = new ClassPathXmlApplicationContext( + new String[]{"applicationContext-authorization-test.xml"}); + login(); + AuthZ authZ = AuthZ.get(); + txManager = (org.springframework.jdbc.datasource.DataSourceTransactionManager) appContext.getBean("transactionManager"); + } + + protected void login() { + GrantedAuthority gauth = new GrantedAuthorityImpl("ROLE_ADMINISTRATOR"); + HashSet gauths = new HashSet(); + gauths.add(gauth); + Authentication authRequest = new UsernamePasswordAuthenticationToken("test", "test", gauths); + SecurityContextHolder.getContext().setAuthentication(authRequest); + } + + protected void logout() { + SecurityContextHolder.getContext().setAuthentication(null); + } + + protected TransactionStatus beginTransaction(String name) { + DefaultTransactionDefinition def = new DefaultTransactionDefinition(); + // explicitly setting the transaction name is something that can only be done programmatically + def.setName(name); + def.setPropagationBehavior(TransactionDefinition.PROPAGATION_REQUIRED); + return txManager.getTransaction(def); + } + + protected void rollbackTransaction(TransactionStatus status) { + txManager.rollback(status); + } + + protected void commitTransaction(TransactionStatus status) { + txManager.commit(status); + } + + + protected void toFile(Object o, Class jaxbClass, String fileName) { + File f = new File(fileName); + try { + JAXBContext jc = JAXBContext.newInstance(jaxbClass); + Marshaller m = jc.createMarshaller(); + m.setProperty(Marshaller.JAXB_FORMATTED_OUTPUT, + Boolean.TRUE); + m.marshal(o, f); + } catch (Exception e) { + e.printStackTrace(); + } + } + + protected Object fromFile(Class jaxbClass, String fileName) throws Exception { + ClassLoader tccl = Thread.currentThread().getContextClassLoader(); + InputStream is = tccl.getResourceAsStream(fileName); + JAXBContext context = JAXBContext.newInstance(jaxbClass); + Unmarshaller unmarshaller = context.createUnmarshaller(); + //note: setting schema to null will turn validator off + unmarshaller.setSchema(null); + return jaxbClass.cast(unmarshaller.unmarshal(is)); + } + + @Test(dataProvider = "testName", dataProviderClass = AbstractAuthorizationTestImpl.class) + public void test(String testName) { + if (logger.isDebugEnabled()) { + logger.debug(testName); + } + } +} diff --git a/services/authorization/service/src/test/java/org/collectionspace/services/authorization/test/AuthorizationGenTest.java b/services/authorization/service/src/test/java/org/collectionspace/services/authorization/test/AuthorizationGenTest.java new file mode 100644 index 000000000..16245b9f2 --- /dev/null +++ b/services/authorization/service/src/test/java/org/collectionspace/services/authorization/test/AuthorizationGenTest.java @@ -0,0 +1,127 @@ +/** + * This document is a part of the source code and related artifacts + * for CollectionSpace, an open source collections management system + * for museums and related institutions: + + * http://www.collectionspace.org + * http://wiki.collectionspace.org + + * Copyright 2009 University of California at Berkeley + + * Licensed under the Educational Community License (ECL), Version 2.0. + * You may not use this file except in compliance with this License. + + * You may obtain a copy of the ECL 2.0 License at + + * https://source.collectionspace.org/collection-space/LICENSE.txt + + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + *//** + * This document is a part of the source code and related artifacts + * for CollectionSpace, an open source collections management system + * for museums and related institutions: + + * http://www.collectionspace.org + * http://wiki.collectionspace.org + + * Copyright 2009 University of California at Berkeley + + * Licensed under the Educational Community License (ECL), Version 2.0. + * You may not use this file except in compliance with this License. + + * You may obtain a copy of the ECL 2.0 License at + + * https://source.collectionspace.org/collection-space/LICENSE.txt + + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.collectionspace.services.authorization.test; + +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import java.util.ArrayList; +import org.collectionspace.services.authorization.ActionType; +import org.collectionspace.services.authorization.Permission; +import org.collectionspace.services.authorization.EffectType; +import org.collectionspace.services.authorization.PermissionAction; +import org.collectionspace.services.authorization.PermissionRole; +import org.collectionspace.services.authorization.PermissionsList; +import org.collectionspace.services.authorization.PermissionsRolesList; +import org.testng.annotations.Test; + +/** + * + * @author + */ +public class AuthorizationGenTest extends AbstractAuthorizationTestImpl { + + final Logger logger = LoggerFactory.getLogger(AuthorizationGenTest.class); + + @Test + public void genPermissions() { + PermissionsList pcList = new PermissionsList(); + ArrayList apcList = new ArrayList(); + pcList.setPermission(apcList); + + Permission accPerm = buildCommonPermission("1", "accounts"); + apcList.add(accPerm); + Permission coPerm = buildCommonPermission("2", "collectionobjects"); + apcList.add(coPerm); + toFile(pcList, PermissionsList.class, "./target/test-permissions.xml"); + + } + + private Permission buildCommonPermission(String id, String resourceName) { + Permission perm = new Permission(); + perm.setCsid(id); + perm.setResourceName(resourceName); + perm.setEffect(EffectType.PERMIT); + + ArrayList pas = new ArrayList(); + perm.setAction(pas); + + PermissionAction pa = new PermissionAction(); + pa.setName(ActionType.CREATE); + pas.add(pa); + PermissionAction pa1 = new PermissionAction(); + pa1.setName(ActionType.READ); + pas.add(pa1); + PermissionAction pa2 = new PermissionAction(); + pa2.setName(ActionType.UPDATE); + pas.add(pa2); + PermissionAction pa3 = new PermissionAction(); + pa3.setName(ActionType.DELETE); + pas.add(pa3); + return perm; + } + + @Test + public void genPermissionsRoles() { + PermissionsRolesList psrsl = new PermissionsRolesList(); + ArrayList prl = buildCommonPermissionRoles("1"); + prl.addAll(buildCommonPermissionRoles("2")); + psrsl.setPermissionRole(prl); + toFile(psrsl, PermissionsRolesList.class, "./target/test-permissions-roles.xml"); + } + + private ArrayList buildCommonPermissionRoles(String id) { + ArrayList prl = new ArrayList(); + PermissionRole pr = new PermissionRole(); + pr.setPermissionId(id); + pr.setRoleName("ROLE_USERS"); + prl.add(pr); + PermissionRole pr1 = new PermissionRole(); + pr1.setPermissionId(id); + pr1.setRoleName("ROLE_ADMINISTRATOR"); + prl.add(pr1); + return prl; + } +} diff --git a/services/authorization/service/src/test/java/org/collectionspace/services/authorization/test/AuthorizationSeedTest.java b/services/authorization/service/src/test/java/org/collectionspace/services/authorization/test/AuthorizationSeedTest.java index 06e9be7c7..7e2b9236a 100644 --- a/services/authorization/service/src/test/java/org/collectionspace/services/authorization/test/AuthorizationSeedTest.java +++ b/services/authorization/service/src/test/java/org/collectionspace/services/authorization/test/AuthorizationSeedTest.java @@ -43,95 +43,42 @@ * See the License for the specific language governing permissions and * limitations under the License. */ -/* - * To change this template, choose Tools | Templates - * and open the template in the editor. - */ + package org.collectionspace.services.authorization.test; -import java.io.File; -import java.io.InputStream; +import java.util.ArrayList; +import java.util.List; import org.slf4j.Logger; import org.slf4j.LoggerFactory; -import java.lang.reflect.Method; -import java.util.ArrayList; -import java.util.HashSet; -import javax.xml.bind.JAXBContext; -import javax.xml.bind.Marshaller; -import javax.xml.bind.Unmarshaller; -import org.collectionspace.services.authorization.ActionType; import org.collectionspace.services.authorization.AuthZ; -import org.collectionspace.services.authorization.PermissionConfig; -import org.collectionspace.services.authorization.EffectType; -import org.collectionspace.services.authorization.PermissionConfigList; -import org.springframework.context.support.ClassPathXmlApplicationContext; -import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; -import org.springframework.security.core.Authentication; -import org.springframework.security.core.GrantedAuthority; -import org.springframework.security.core.authority.GrantedAuthorityImpl; -import org.springframework.security.core.context.SecurityContextHolder; -import org.springframework.transaction.TransactionDefinition; +import org.collectionspace.services.authorization.Permission; +import org.collectionspace.services.authorization.PermissionRole; +import org.collectionspace.services.authorization.PermissionsList; +import org.collectionspace.services.authorization.PermissionsRolesList; import org.springframework.transaction.TransactionStatus; -import org.springframework.transaction.support.DefaultTransactionDefinition; import org.testng.annotations.BeforeClass; -import org.testng.annotations.DataProvider; -import org.testng.annotations.Test; /** * * @author */ -public class AuthorizationSeedTest { +public class AuthorizationSeedTest extends AbstractAuthorizationTestImpl { final Logger logger = LoggerFactory.getLogger(AuthorizationSeedTest.class); - /** - * Returns the name of the currently running test. - * - * Note: although the return type is listed as Object[][], - * this method instead returns a String. - * - * @param m The currently running test method. - * - * @return The name of the currently running test method. - */ - @DataProvider(name = "testName") - public static Object[][] testName(Method m) { - return new Object[][]{ - new Object[]{m.getName()} - }; - } - @BeforeClass(alwaysRun = true) public void seedData() { - ClassPathXmlApplicationContext appContext = new ClassPathXmlApplicationContext( - new String[]{"applicationContext-authorization-test.xml"}); - GrantedAuthority gauth = new GrantedAuthorityImpl("ROLE_ADMINISTRATOR"); - HashSet gauths = new HashSet(); - gauths.add(gauth); - Authentication authRequest = new UsernamePasswordAuthenticationToken("test", "test", gauths); - - SecurityContextHolder.getContext().setAuthentication(authRequest); - AuthZ authZ = AuthZ.get(); - - org.springframework.jdbc.datasource.DataSourceTransactionManager txManager = - (org.springframework.jdbc.datasource.DataSourceTransactionManager) appContext.getBean("transactionManager"); - DefaultTransactionDefinition def = new DefaultTransactionDefinition(); - // explicitly setting the transaction name is something that can only be done programmatically - def.setName("seedData"); - def.setPropagationBehavior(TransactionDefinition.PROPAGATION_REQUIRED); - - TransactionStatus status = txManager.getTransaction(def); + setup(); + TransactionStatus status = beginTransaction("seedData"); try { seedRoles(); seedPermissions(); } catch (Exception ex) { - txManager.rollback(status); + rollbackTransaction(status); ex.printStackTrace(); throw new RuntimeException(ex); } - txManager.commit(status); - + commitTransaction(status); } public void seedRoles() throws Exception { @@ -139,67 +86,31 @@ public class AuthorizationSeedTest { public void seedPermissions() throws Exception { - PermissionConfigList pcList = - (PermissionConfigList) fromFile(PermissionConfigList.class, + PermissionsList pcList = + (PermissionsList) fromFile(PermissionsList.class, "./test-data/test-permissions.xml"); - AuthZ authZ = AuthZ.get(); - for (PermissionConfig pc : pcList.getPermission()) { - if(logger.isDebugEnabled()) { - logger.debug("adding permission for res=" + pc.getResourceName()); - } - authZ.addPermissions(pc); - } - } - private void genPermissions() { - PermissionConfigList pcList = new PermissionConfigList(); - ArrayList apcList = new ArrayList(); - pcList.setPermission(apcList); - PermissionConfig pc = new PermissionConfig(); - pc.setResourceName("accounts"); - pc.setEffect(EffectType.PERMIT); - ArrayList roles = new ArrayList(); - roles.add("ROLE_USERS"); - roles.add("ROLE_ADMINISTRATOR"); - pc.setRole(roles); - ArrayList actions = new ArrayList(); - actions.add(ActionType.CREATE); - actions.add(ActionType.READ); - actions.add(ActionType.UPDATE); - actions.add(ActionType.DELETE); - pc.setAction(actions); - apcList.add(pc); - toFile(pcList, PermissionConfigList.class, "./target/test-permissions.xml"); + PermissionsRolesList pcrList = + (PermissionsRolesList) fromFile(PermissionsRolesList.class, + "./test-data/test-permissions-roles.xml"); - } - - private void toFile(Object o, Class jaxbClass, String fileName) { - File f = new File(fileName); - try { - JAXBContext jc = JAXBContext.newInstance(jaxbClass); - Marshaller m = jc.createMarshaller(); - m.setProperty(Marshaller.JAXB_FORMATTED_OUTPUT, - Boolean.TRUE); - m.marshal(o, f); - } catch (Exception e) { - e.printStackTrace(); + AuthZ authZ = AuthZ.get(); + for (Permission p : pcList.getPermission()) { + if (logger.isDebugEnabled()) { + logger.debug("adding permission for res=" + p.getResourceName()); + } + List prl = getPermissionRoles(pcrList, p.getCsid()); + authZ.addPermissions(p, prl); } } - private Object fromFile(Class jaxbClass, String fileName) throws Exception { - ClassLoader tccl = Thread.currentThread().getContextClassLoader(); - InputStream is = tccl.getResourceAsStream(fileName); - JAXBContext context = JAXBContext.newInstance(jaxbClass); - Unmarshaller unmarshaller = context.createUnmarshaller(); - //note: setting schema to null will turn validator off - unmarshaller.setSchema(null); - return jaxbClass.cast(unmarshaller.unmarshal(is)); - } - - @Test(dataProvider = "testName", dataProviderClass = AuthorizationSeedTest.class) - public void test(String testName) { - if (logger.isDebugEnabled()) { - logger.debug(testName); + private List getPermissionRoles(PermissionsRolesList pcrList, String permId) { + List prList = new ArrayList(); + for (PermissionRole pr : pcrList.getPermissionRole()) { + if (pr.getPermissionId().equals(permId)) { + prList.add(pr); + } } + return prList; } } diff --git a/services/authorization/service/src/test/resources/test-data/test-permissions-roles.xml b/services/authorization/service/src/test/resources/test-data/test-permissions-roles.xml new file mode 100644 index 000000000..b5e89cfa9 --- /dev/null +++ b/services/authorization/service/src/test/resources/test-data/test-permissions-roles.xml @@ -0,0 +1,19 @@ + + + + 1 + ROLE_USERS + + + 1 + ROLE_ADMINISTRATOR + + + 2 + ROLE_USERS + + + 2 + ROLE_ADMINISTRATOR + + diff --git a/services/authorization/service/src/test/resources/test-data/test-permissions.xml b/services/authorization/service/src/test/resources/test-data/test-permissions.xml index 3ff219af0..4d1becb26 100644 --- a/services/authorization/service/src/test/resources/test-data/test-permissions.xml +++ b/services/authorization/service/src/test/resources/test-data/test-permissions.xml @@ -1,22 +1,35 @@ - - + + accounts - CREATE - READ - UPDATE - DELETE - ROLE_ADMINISTRATOR + + CREATE + + + READ + + + UPDATE + + + DELETE + PERMIT - + collectionobjects - CREATE - READ - UPDATE - DELETE - ROLE_USERS - ROLE_ADMINISTRATOR + + CREATE + + + READ + + + UPDATE + + + DELETE + PERMIT - +