/sigmah/src/test/java/org/sigmah/server/endpoint/gwtrpc/handler/UpdateUserPermissionsHandlerTest.java
Java | 241 lines | 119 code | 48 blank | 74 comment | 0 complexity | 7185f1508853a1a7515ee46db8d521f1 MD5 | raw file
1/* 2 * All Sigmah code is released under the GNU General Public License v3 3 * See COPYRIGHT.txt and LICENSE.txt. 4 */ 5 6package org.sigmah.server.endpoint.gwtrpc.handler; 7 8import static org.easymock.EasyMock.createMock; 9import static org.easymock.EasyMock.isA; 10import static org.easymock.EasyMock.replay; 11import static org.easymock.EasyMock.verify; 12 13import java.util.Locale; 14 15import org.junit.Before; 16import org.junit.Test; 17import org.sigmah.MockDb; 18import org.sigmah.server.dao.PartnerDAO; 19import org.sigmah.server.mail.Invitation; 20import org.sigmah.server.mail.Mailer; 21import org.sigmah.shared.command.UpdateUserPermissions; 22import org.sigmah.shared.dao.UserDAO; 23import org.sigmah.shared.dao.DAO; 24import org.sigmah.shared.dao.UserDatabaseDAO; 25import org.sigmah.shared.dao.UserPermissionDAO; 26import org.sigmah.shared.domain.OrgUnit; 27import org.sigmah.shared.domain.User; 28import org.sigmah.shared.domain.UserDatabase; 29import org.sigmah.shared.domain.UserPermission; 30import org.sigmah.shared.dto.PartnerDTO; 31import org.sigmah.shared.dto.UserPermissionDTO; 32import org.sigmah.shared.exception.IllegalAccessCommandException; 33import org.sigmah.shared.dao.DAO; 34 35/** 36 * @author Alex Bertram 37 */ 38public class UpdateUserPermissionsHandlerTest { 39 40 private OrgUnit NRC; 41 private OrgUnit IRC; 42 private PartnerDTO NRC_DTO; 43 44 private MockDb db = new MockDb(); 45 protected Mailer<Invitation> mailer; 46 protected UpdateUserPermissionsHandler handler; 47 protected User owner; 48 49 @Before 50 public void setup() { 51 52 NRC = new OrgUnit(); 53 NRC.setId(1); 54 NRC.setName("NRC"); 55 NRC.setFullName("Norwegian Refugee Council"); 56 db.persist(NRC); 57 58 IRC = new OrgUnit(); 59 IRC.setId(2); 60 IRC.setName("IRC"); 61 IRC.setFullName("International Rescue Committee"); 62 db.persist(IRC); 63 64 NRC_DTO = new PartnerDTO(1, "NRC"); 65 66 mailer = createMock("InvitationMailer", Mailer.class); 67 68 handler = new UpdateUserPermissionsHandler( 69 db.getDAO(UserDatabaseDAO.class), db.getDAO(PartnerDAO.class), db.getDAO(UserDAO.class), 70 db.getDAO(UserPermissionDAO.class), mailer); 71 72 73 owner = new User(); 74 owner.setId(99); 75 owner.setName("Alex"); 76 db.persist(owner); 77 78 UserDatabase udb = new UserDatabase(1, "PEAR"); 79 udb.setOwner(owner); 80 db.persist(udb); 81 82 } 83 84 @Test 85 public void ownerCanAddUser() throws Exception { 86 87 mailer.send(isA(Invitation.class), isA(Locale.class)); 88 replay(mailer); 89 90 UserPermissionDTO user = new UserPermissionDTO(); 91 user.setEmail("other@foobar"); 92 user.setPartner(NRC_DTO); 93 user.setAllowView(true); 94 95 UpdateUserPermissions cmd = new UpdateUserPermissions(1, user); 96 97 handler.execute(cmd, owner); 98 99 verify(mailer); 100 } 101 102 103 /** 104 * Asserts that someone with ManageUsersPermission will 105 * be permitted to grant some one edit rights. 106 */ 107 @Test 108 public void testVerifyAuthorityForViewPermissions() throws IllegalAccessCommandException { 109 110 UserPermission executingUserPermissions = new UserPermission(); 111 executingUserPermissions.setPartner(NRC); 112 executingUserPermissions.setAllowManageUsers(true); 113 114 UserPermissionDTO dto = new UserPermissionDTO(); 115 dto.setPartner(NRC_DTO); 116 dto.setAllowView(true); 117 118 UpdateUserPermissions cmd = new UpdateUserPermissions(1, dto); 119 120 UpdateUserPermissionsHandler.verifyAuthority(cmd, executingUserPermissions); 121 } 122 123 /** 124 * Asserts that someone with ManageUsersPermission will 125 * be permitted to grant some one edit rights. 126 */ 127 @Test 128 public void testVerifyAuthorityForEditPermissions() throws IllegalAccessCommandException { 129 130 UserPermission executingUserPermissions = new UserPermission(); 131 executingUserPermissions.setPartner(NRC); 132 executingUserPermissions.setAllowManageUsers(true); 133 134 UserPermissionDTO dto = new UserPermissionDTO(); 135 dto.setPartner(NRC_DTO); 136 dto.setAllowView(true); 137 dto.setAllowEdit(true); 138 139 UpdateUserPermissions cmd = new UpdateUserPermissions(1, dto); 140 141 UpdateUserPermissionsHandler.verifyAuthority(cmd, executingUserPermissions); 142 } 143 144 @Test(expected = IllegalAccessCommandException.class) 145 public void testFailingVerifyAuthorityForView() throws IllegalAccessCommandException { 146 147 UserPermission executingUserPermissions = new UserPermission(); 148 executingUserPermissions.setPartner(IRC); 149 executingUserPermissions.setAllowManageUsers(true); 150 151 UserPermissionDTO dto = new UserPermissionDTO(); 152 dto.setPartner(NRC_DTO); 153 dto.setAllowView(true); 154 dto.setAllowEdit(true); 155 156 UpdateUserPermissions cmd = new UpdateUserPermissions(1, dto); 157 158 UpdateUserPermissionsHandler.verifyAuthority(cmd, executingUserPermissions); 159 } 160 161 @Test 162 public void testVerifyAuthorityForViewByOtherPartner() throws IllegalAccessCommandException { 163 164 UserPermission executingUserPermissions = new UserPermission(); 165 executingUserPermissions.setPartner(IRC); 166 executingUserPermissions.setAllowManageUsers(true); 167 executingUserPermissions.setAllowManageAllUsers(true); 168 169 UserPermissionDTO dto = new UserPermissionDTO(); 170 dto.setPartner(NRC_DTO); 171 dto.setAllowView(true); 172 dto.setAllowEdit(true); 173 174 UpdateUserPermissions cmd = new UpdateUserPermissions(1, dto); 175 176 UpdateUserPermissionsHandler.verifyAuthority(cmd, executingUserPermissions); 177 } 178 179 180// 181// 182// /** 183// * Verifies that a user with the manageUsers permission can 184// * add another user to the UserDatabase 185// * 186// * @throws CommandException 187// */ 188// @Test 189// public void testAuthorizedCreate() throws CommandException { 190// 191// populate("schema1"); 192// 193// setUser(2); 194// 195// UserPermissionDTO user = new UserPermissionDTO(); 196// user.setEmail("ralph@lauren.com"); 197// user.setName("Ralph"); 198// user.setPartner(new PartnerDTO(1, "NRC")); 199// user.setAllowView(true); 200// user.setAllowEdit(true); 201// 202// UpdateUserPermissions cmd = new UpdateUserPermissions(1, user); 203// execute(cmd); 204// 205// UserResult result = execute(new GetUsers(1)); 206// Assert.assertEquals(1, result.getTotalLength()); 207// Assert.assertEquals("ralph@lauren.com", result.getData().get(0).getEmail()); 208// Assert.assertTrue("edit permissions", result.getData().get(0).getAllowEdit()); 209// } 210// 211// /** 212// * Verifies that the owner of a database can update an existing users 213// * permission 214// * 215// * @throws CommandException 216// */ 217// @Test 218// public void testOwnerUpdate() throws CommandException { 219// populate("schema1"); 220// setUser(1); 221// 222// UserPermissionDTO user = new UserPermissionDTO(); 223// user.setEmail("bavon@nrcdrc.org"); 224// user.setPartner(new PartnerDTO(1, "NRC")); 225// user.setAllowView(true); 226// user.setAllowViewAll(false); 227// user.setAllowEdit(true); 228// user.setAllowEdit(false); 229// user.setAllowDesign(true); 230// 231// execute(new UpdateUserPermissions(1, user)); 232// 233// UserResult result = execute(new GetUsers(1)); 234// UserPermissionDTO reUser = result.getData().get(0); 235// Assert.assertEquals("bavon@nrcdrc.org", reUser.getEmail()); 236// Assert.assertTrue("design rights", user.getAllowDesign()); 237// 238// } 239 240 241}