Code Review / it / otf.git / blob
? search:
summary | shortlog | log | commit | commitdiff | review | tree
history | raw | HEAD
added svcapi ui and camunda code
[it/otf.git] / otf-service-api / src / test / java / org / oran / otf / api / tests / integration / services / Permissions / PermissionServiceIT.java
1 /*  Copyright (c) 2019 AT&T Intellectual Property.                             #\r
2 #                                                                              #\r
3 #   Licensed under the Apache License, Version 2.0 (the "License");            #\r
4 #   you may not use this file except in compliance with the License.           #\r
5 #   You may obtain a copy of the License at                                    #\r
6 #                                                                              #\r
7 #       http://www.apache.org/licenses/LICENSE-2.0                             #\r
8 #                                                                              #\r
9 #   Unless required by applicable law or agreed to in writing, software        #\r
10 #   distributed under the License is distributed on an "AS IS" BASIS,          #\r
11 #   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.   #\r
12 #   See the License for the specific language governing permissions and        #\r
13 #   limitations under the License.                                             #\r
14 ##############################################################################*/\r
15 \r
16 \r
17 package org.oran.otf.api.tests.integration.services.Permissions;\r
18 \r
19 import org.oran.otf.api.Application;\r
20 import org.oran.otf.api.tests.shared.MemoryDatabase;\r
21 import org.oran.otf.common.model.Group;\r
22 import org.oran.otf.common.model.GroupMember;\r
23 import org.oran.otf.common.model.User;\r
24 import org.oran.otf.common.repository.GroupRepository;\r
25 import org.oran.otf.common.utility.permissions.PermissionChecker;\r
26 import org.oran.otf.common.utility.permissions.PermissionUtil;\r
27 import org.oran.otf.common.utility.permissions.UserPermission;\r
28 import org.bson.types.ObjectId;\r
29 import org.junit.*;\r
30 import org.junit.runner.RunWith;\r
31 import org.mockito.Mockito;\r
32 import org.springframework.beans.factory.annotation.Autowired;\r
33 import org.springframework.boot.test.context.SpringBootTest;\r
34 import org.springframework.test.context.ActiveProfiles;\r
35 import org.springframework.test.context.TestPropertySource;\r
36 import org.springframework.test.context.junit4.SpringRunner;\r
37 \r
38 import java.util.*;\r
39 \r
40 @RunWith(SpringRunner.class)\r
41 @SpringBootTest(\r
42         webEnvironment = SpringBootTest.WebEnvironment.RANDOM_PORT,\r
43         classes = {\r
44                 Application.class,\r
45         })\r
46 @TestPropertySource("classpath:application-test.properties")\r
47 @ActiveProfiles("test")\r
48 public class PermissionServiceIT {\r
49     @Autowired\r
50     private GroupRepository groupRepository;\r
51     private List<Group> groups;\r
52     private Group parentGroup;\r
53     private Group firstChildGroup;\r
54     private Group childOfChildGroup;\r
55 \r
56     @BeforeClass\r
57     public static void setUp() throws Exception{\r
58         MemoryDatabase.setup();\r
59         MemoryDatabase.createGroupsForPermission();\r
60     }\r
61     @Before\r
62     public void setUpGroups()\r
63     {\r
64         groups = groupRepository.findAll();\r
65         parentGroup = groupRepository.findFirstByGroupName("parent group");\r
66         firstChildGroup = groupRepository.findFirstByGroupName("first child group");\r
67         childOfChildGroup = groupRepository.findFirstByGroupName("child of child group");\r
68     }\r
69     @AfterClass\r
70     public static void cleanup(){\r
71         MemoryDatabase.cleanup();\r
72     }\r
73     /*\r
74      if this test failed there was a error during set up so ignore the failures produced by other tests til this pass\r
75     */\r
76     @Test\r
77     public void setUpTest(){\r
78         List<Group> groups = groupRepository.findAll();\r
79         parentGroup = groupRepository.findFirstByGroupName("parent group");\r
80         firstChildGroup = groupRepository.findFirstByGroupName("first child group");\r
81         childOfChildGroup = groupRepository.findFirstByGroupName("child of child group");\r
82         Assert.assertNotNull(groups);\r
83         Assert.assertFalse(groups.isEmpty());\r
84 \r
85         Assert.assertNotNull(parentGroup.getMembers());\r
86         Assert.assertFalse(parentGroup.getMembers().isEmpty());\r
87         Assert.assertNotNull(parentGroup.getRoles());\r
88         Assert.assertFalse(parentGroup.getRoles().isEmpty());\r
89 \r
90         Assert.assertNotNull(firstChildGroup.getMembers());\r
91         Assert.assertFalse(firstChildGroup.getMembers().isEmpty());\r
92         Assert.assertNotNull(firstChildGroup.getRoles());\r
93         Assert.assertFalse(firstChildGroup.getRoles().isEmpty());\r
94 \r
95         Assert.assertNotNull(childOfChildGroup.getMembers());\r
96         Assert.assertFalse(childOfChildGroup.getMembers().isEmpty());\r
97         Assert.assertNotNull(childOfChildGroup.getRoles());\r
98         Assert.assertFalse(childOfChildGroup.getRoles().isEmpty());\r
99         // all groups are set up with 1 member in memory db\r
100         Assert.assertEquals(1,parentGroup.getMembers().size());\r
101         Assert.assertEquals(1,firstChildGroup.getMembers().size());\r
102         Assert.assertEquals(1,childOfChildGroup.getMembers().size());\r
103     }\r
104     @Test\r
105     public void findUserRoles(){\r
106         GroupMember parentMember = parentGroup.getMembers().get(0);\r
107         GroupMember firstChildMember = firstChildGroup.getMembers().get(0);\r
108         GroupMember childOfChildMember = childOfChildGroup.getMembers().get(0);\r
109 \r
110         User parentUserMock = Mockito.mock(User.class);\r
111         User firstChildUserMock = Mockito.mock(User.class);\r
112         User childOfChildUserMock = Mockito.mock(User.class);\r
113 \r
114         Mockito.when(parentUserMock.get_id()).thenReturn(parentMember.getUserId());\r
115         Mockito.when(firstChildUserMock.get_id()).thenReturn(firstChildMember.getUserId());\r
116         Mockito.when(childOfChildUserMock.get_id()).thenReturn(childOfChildMember.getUserId());\r
117 \r
118         Set<String> parentMemberRoles = PermissionUtil.findUserRoles(parentUserMock, parentGroup);\r
119         Set<String> firstChildRoles = PermissionUtil.findUserRoles(firstChildUserMock, firstChildGroup);\r
120         Set<String> childOfChildRoles = PermissionUtil.findUserRoles(childOfChildUserMock, childOfChildGroup);\r
121 \r
122         // all group members should only have 1 role (admin) set up except first child\r
123         Assert.assertEquals(1,parentMemberRoles.size());\r
124         Assert.assertTrue(parentMemberRoles.contains("admin"));\r
125         Assert.assertEquals(2,firstChildRoles.size());\r
126         Assert.assertTrue(firstChildRoles.contains("admin"));\r
127         Assert.assertTrue(firstChildRoles.contains("dev"));\r
128         Assert.assertEquals(1,childOfChildRoles.size());\r
129         Assert.assertTrue(childOfChildRoles.contains("executor"));\r
130 \r
131         Assert.assertFalse(parentMemberRoles.contains("executor"));\r
132         Assert.assertFalse(firstChildRoles.contains("executor"));\r
133         Assert.assertFalse("should not have admin roles in child of child", childOfChildRoles.contains("admin"));\r
134     }\r
135     @Test\r
136     public void getRolePermissionsTest()\r
137     {\r
138         ObjectId firstChildId =firstChildGroup.getMembers().get(0).getUserId();\r
139         User firstChildUserMock = Mockito.mock(User.class);\r
140         Mockito.when(firstChildUserMock.get_id()).thenReturn(firstChildId);\r
141         Set<String> roles = PermissionUtil.findUserRoles(firstChildUserMock,firstChildGroup); //dev and admin roles only\r
142 \r
143         Assert.assertEquals(2,roles.size());\r
144         for(String role : roles){\r
145             Set<String> permissions = PermissionUtil.getRolePermissions(role,parentGroup);\r
146             Assert.assertTrue("all permissions allowed except execute and delete",permissions.contains("READ"));\r
147             Assert.assertTrue("all permissions allowed except execute and delete",permissions.contains("WRITE"));\r
148             Assert.assertFalse("all permissions allowed except execute and delete",permissions.contains("DELETE"));\r
149             Assert.assertFalse("all permissions allowed except execute and delete",permissions.contains("EXECUTE"));\r
150         }\r
151     }\r
152     @Test\r
153     public void getUserGroupPermissionTest(){\r
154         GroupMember firstChildMember = firstChildGroup.getMembers().get(0);\r
155         User firstChildUser = Mockito.mock(User.class);\r
156         Mockito.when(firstChildUser.get_id()).thenReturn(firstChildMember.getUserId());\r
157         Set<String> permissions = PermissionUtil.getUserGroupPermissions(firstChildUser,firstChildGroup); // should include everything except execute and delete\r
158 \r
159         Assert.assertEquals(3,permissions.size());\r
160         Assert.assertTrue("all permissions allowed except execute and delete",permissions.contains("READ"));\r
161         Assert.assertTrue("all permissions allowed except execute and delete",permissions.contains("WRITE"));\r
162         Assert.assertFalse("all permissions allowed except execute and delete",permissions.contains("DELETE"));\r
163         Assert.assertFalse("all permissions allowed except execute and delete",permissions.contains("EXECUTE"));\r
164         Assert.assertTrue("all permissions allowed except execute and delete",permissions.contains("MANAGEMENT"));\r
165     }\r
166 \r
167     @Test\r
168     public void hasPermissionToTest(){\r
169         GroupMember parentMember = parentGroup.getMembers().get(0);\r
170         GroupMember firstChildMember = firstChildGroup.getMembers().get(0);\r
171         GroupMember childOfChildMember = childOfChildGroup.getMembers().get(0);\r
172 \r
173         User parentGroupUser = Mockito.mock(User.class);\r
174         User firstChildUser = Mockito.mock(User.class);\r
175         User childOfChildUser =Mockito.mock(User.class);\r
176         Mockito.when(parentGroupUser.get_id()).thenReturn(parentMember.getUserId());\r
177         Mockito.when(firstChildUser.get_id()).thenReturn(firstChildMember.getUserId());\r
178         Mockito.when(childOfChildUser.get_id()).thenReturn(childOfChildMember.getUserId());\r
179 \r
180         String read = "read";\r
181         String write= "write";\r
182         String manage = "management";\r
183         String delete = "delete";\r
184         String execute= "execute";\r
185 \r
186         Assert.assertTrue(PermissionUtil.hasPermissionTo(read,parentGroupUser,parentGroup));\r
187         Assert.assertTrue(PermissionUtil.hasPermissionTo(write,parentGroupUser,parentGroup));\r
188         Assert.assertTrue(PermissionUtil.hasPermissionTo(manage,parentGroupUser,parentGroup));\r
189         Assert.assertFalse(PermissionUtil.hasPermissionTo(delete,parentGroupUser,parentGroup));\r
190         Assert.assertFalse(PermissionUtil.hasPermissionTo(execute,parentGroupUser,parentGroup));\r
191 \r
192         Assert.assertTrue(PermissionUtil.hasPermissionTo(read,firstChildUser,firstChildGroup));\r
193         Assert.assertTrue(PermissionUtil.hasPermissionTo(write,firstChildUser,firstChildGroup));\r
194         Assert.assertTrue(PermissionUtil.hasPermissionTo(manage,firstChildUser,firstChildGroup));\r
195         Assert.assertFalse(PermissionUtil.hasPermissionTo(delete,firstChildUser,firstChildGroup));\r
196         Assert.assertFalse(PermissionUtil.hasPermissionTo(execute,firstChildUser,firstChildGroup));\r
197 \r
198         Assert.assertFalse(PermissionUtil.hasPermissionTo(read,childOfChildUser,childOfChildGroup));\r
199         Assert.assertFalse(PermissionUtil.hasPermissionTo(write,childOfChildUser,childOfChildGroup));\r
200         Assert.assertFalse(PermissionUtil.hasPermissionTo(manage,childOfChildUser,childOfChildGroup));\r
201         Assert.assertFalse(PermissionUtil.hasPermissionTo(delete,childOfChildUser,childOfChildGroup));\r
202         Assert.assertTrue(PermissionUtil.hasPermissionTo(execute,childOfChildUser,childOfChildGroup));\r
203     }\r
204     @Test\r
205     public void buildUserPermissionTest()\r
206     {\r
207         /*\r
208            should be the following format\r
209            parent members:\r
210            parentGroup = {read,write,management}\r
211            first Child group = {read}\r
212            child of child group = {read}\r
213 \r
214            first child group:\r
215            parentGroup = {read}\r
216            first Child group = {read,write,management}\r
217            child of child group = {read}\r
218 \r
219            child of child:\r
220            parentGroup = {read}\r
221            first Child group = {read}\r
222            child of child group = {execute}\r
223          */\r
224 \r
225         GroupMember parentMember = parentGroup.getMembers().get(0);\r
226         GroupMember firstChildMember = firstChildGroup.getMembers().get(0);\r
227         GroupMember childOfChildMember = childOfChildGroup.getMembers().get(0);\r
228 \r
229         User parentGroupUser = Mockito.mock(User.class);\r
230         User firstChildUser = Mockito.mock(User.class);\r
231         User childOfChildUser =Mockito.mock(User.class);\r
232         Mockito.when(parentGroupUser.get_id()).thenReturn(parentMember.getUserId());\r
233         Mockito.when(firstChildUser.get_id()).thenReturn(firstChildMember.getUserId());\r
234         Mockito.when(childOfChildUser.get_id()).thenReturn(childOfChildMember.getUserId());\r
235 \r
236         String read = "READ";\r
237         String write= "WRITE";\r
238         String manage = "MANAGEMENT";\r
239         String delete = "DELETE";\r
240         String execute= "EXECUTE";\r
241 \r
242         UserPermission parentUserPermissions = new PermissionUtil().buildUserPermission(parentGroupUser,groupRepository);\r
243         UserPermission firstChildUserPermissions = new PermissionUtil().buildUserPermission(firstChildUser,groupRepository);\r
244         UserPermission childOfChildUserPermissions = new PermissionUtil().buildUserPermission(childOfChildUser,groupRepository);\r
245         Map<String,Set<String>> parentAccessControl = parentUserPermissions.getUserAccessMap();\r
246         Map<String,Set<String>> firstChildAccessControl = firstChildUserPermissions.getUserAccessMap();\r
247         Map<String,Set<String>> childOfChildAccessControl = childOfChildUserPermissions.getUserAccessMap();\r
248 \r
249         //test for parent access control\r
250         Assert.assertTrue(parentAccessControl.get(parentGroup.get_id().toString()).contains(read));\r
251         Assert.assertTrue(parentAccessControl.get(parentGroup.get_id().toString()).contains(write));\r
252         Assert.assertTrue(parentAccessControl.get(parentGroup.get_id().toString()).contains(manage));\r
253         //test all access is passed to firstChildGroup\r
254         Assert.assertTrue(parentAccessControl.get(firstChildGroup.get_id().toString()).contains(read));\r
255         Assert.assertTrue(parentAccessControl.get(firstChildGroup.get_id().toString()).contains(write));\r
256         Assert.assertTrue(parentAccessControl.get(firstChildGroup.get_id().toString()).contains(manage));\r
257         //test all access is passed to child of child group\r
258         Assert.assertTrue(parentAccessControl.get(childOfChildGroup.get_id().toString()).contains(read));\r
259         Assert.assertTrue(parentAccessControl.get(childOfChildGroup.get_id().toString()).contains(write));\r
260         Assert.assertTrue(parentAccessControl.get(childOfChildGroup.get_id().toString()).contains(manage));\r
261         // make sure parent user dont have other permissions in first child group\r
262         Assert.assertFalse(parentAccessControl.get(firstChildGroup.get_id().toString()).contains(delete));\r
263         Assert.assertFalse(parentAccessControl.get(firstChildGroup.get_id().toString()).contains(execute));\r
264         //test that parent dont have other permissions in child of child group\r
265         Assert.assertFalse(parentAccessControl.get(childOfChildGroup.get_id().toString()).contains(delete));\r
266         Assert.assertFalse(parentAccessControl.get(childOfChildGroup.get_id().toString()).contains(execute));\r
267 \r
268         //test for first child access control\r
269         Assert.assertTrue(firstChildAccessControl.get(parentGroup.get_id().toString()).contains(read));\r
270         Assert.assertTrue(firstChildAccessControl.get(firstChildGroup.get_id().toString()).contains(read));\r
271         Assert.assertTrue(firstChildAccessControl.get(firstChildGroup.get_id().toString()).contains(write));\r
272         Assert.assertTrue(firstChildAccessControl.get(firstChildGroup.get_id().toString()).contains(manage));\r
273         // test that first child group get passed to child of child\r
274         Assert.assertTrue(firstChildAccessControl.get(childOfChildGroup.get_id().toString()).contains(read));\r
275         Assert.assertTrue(firstChildAccessControl.get(childOfChildGroup.get_id().toString()).contains(write));\r
276         Assert.assertTrue(firstChildAccessControl.get(childOfChildGroup.get_id().toString()).contains(manage));\r
277         // make sure firstchild user dont have other permissions\r
278         Assert.assertFalse(firstChildAccessControl.get(parentGroup.get_id().toString()).contains(write));\r
279         Assert.assertFalse(firstChildAccessControl.get(parentGroup.get_id().toString()).contains(manage));\r
280         Assert.assertFalse(firstChildAccessControl.get(parentGroup.get_id().toString()).contains(delete));\r
281         Assert.assertFalse(firstChildAccessControl.get(parentGroup.get_id().toString()).contains(execute));\r
282         // test to confirm no extra permission is passed to child of child\r
283         Assert.assertFalse(firstChildAccessControl.get(childOfChildGroup.get_id().toString()).contains(delete));\r
284         Assert.assertFalse(firstChildAccessControl.get(childOfChildGroup.get_id().toString()).contains(execute));\r
285 \r
286         //test for child of child access control\r
287         Assert.assertTrue(childOfChildAccessControl.get(parentGroup.get_id().toString()).contains(read));\r
288         Assert.assertTrue(childOfChildAccessControl.get(firstChildGroup.get_id().toString()).contains(read));\r
289         Assert.assertTrue(childOfChildAccessControl.get(childOfChildGroup.get_id().toString()).contains(execute));\r
290         // make sure child of child user dont have other permissions\r
291         Assert.assertFalse(childOfChildAccessControl.get(parentGroup.get_id().toString()).contains(write));\r
292         Assert.assertFalse(childOfChildAccessControl.get(parentGroup.get_id().toString()).contains(manage));\r
293         Assert.assertFalse(childOfChildAccessControl.get(parentGroup.get_id().toString()).contains(delete));\r
294         Assert.assertFalse(childOfChildAccessControl.get(parentGroup.get_id().toString()).contains(execute));\r
295 \r
296         Assert.assertFalse(childOfChildAccessControl.get(firstChildGroup.get_id().toString()).contains(write));\r
297         Assert.assertFalse(childOfChildAccessControl.get(firstChildGroup.get_id().toString()).contains(manage));\r
298         Assert.assertFalse(childOfChildAccessControl.get(firstChildGroup.get_id().toString()).contains(delete));\r
299         Assert.assertFalse(childOfChildAccessControl.get(firstChildGroup.get_id().toString()).contains(execute));\r
300 \r
301         Assert.assertFalse(childOfChildAccessControl.get(childOfChildGroup.get_id().toString()).contains(write));\r
302         Assert.assertFalse(childOfChildAccessControl.get(childOfChildGroup.get_id().toString()).contains(manage));\r
303         Assert.assertFalse(childOfChildAccessControl.get(childOfChildGroup.get_id().toString()).contains(delete));\r
304         Assert.assertFalse(childOfChildAccessControl.get(childOfChildGroup.get_id().toString()).contains(read));\r
305     }\r
306     @Test\r
307     public void basicTest(){\r
308         GroupMember parentMember = parentGroup.getMembers().get(0);\r
309         GroupMember firstChildMember = firstChildGroup.getMembers().get(0);\r
310         GroupMember childOfChildMember = childOfChildGroup.getMembers().get(0);\r
311 \r
312         User parentGroupUser = Mockito.mock(User.class);\r
313         User firstChildUser = Mockito.mock(User.class);\r
314         User childOfChildUser =Mockito.mock(User.class);\r
315         Mockito.when(parentGroupUser.get_id()).thenReturn(parentMember.getUserId());\r
316         Mockito.when(firstChildUser.get_id()).thenReturn(firstChildMember.getUserId());\r
317         Mockito.when(childOfChildUser.get_id()).thenReturn(childOfChildMember.getUserId());\r
318 \r
319         Assert.assertTrue(PermissionChecker.hasPermissionTo(childOfChildUser,firstChildGroup,UserPermission.Permission.READ,groupRepository));\r
320         Assert.assertTrue(PermissionChecker.hasPermissionTo(childOfChildUser,parentGroup,UserPermission.Permission.READ,groupRepository));\r
321         Assert.assertFalse(PermissionChecker.hasPermissionTo(childOfChildUser,childOfChildGroup,UserPermission.Permission.READ,groupRepository));\r
322 \r
323         Assert.assertFalse(PermissionChecker.hasPermissionTo(childOfChildUser,firstChildGroup,UserPermission.Permission.EXECUTE,groupRepository));\r
324         Assert.assertTrue(PermissionChecker.hasPermissionTo(firstChildUser,firstChildGroup,UserPermission.Permission.WRITE,groupRepository));\r
325         Assert.assertFalse(PermissionChecker.hasPermissionTo(firstChildUser,firstChildGroup,UserPermission.Permission.EXECUTE,groupRepository));\r
326 \r
327         Assert.assertFalse(PermissionChecker.hasPermissionTo(parentGroupUser,parentGroup,UserPermission.Permission.DELETE,groupRepository));\r
328         Assert.assertFalse(PermissionChecker.hasPermissionTo(parentGroupUser,parentGroup,UserPermission.Permission.EXECUTE,groupRepository));\r
329         Assert.assertFalse(PermissionChecker.hasPermissionTo(parentGroupUser,firstChildGroup,UserPermission.Permission.EXECUTE,groupRepository));\r
330     }\r
331 }\r