View Javadoc
1   /*
2    * Licensed to the Apache Software Foundation (ASF) under one
3    * or more contributor license agreements.  See the NOTICE file
4    * distributed with this work for additional information
5    * regarding copyright ownership.  The ASF licenses this file
6    * to you under the Apache License, Version 2.0 (the
7    * "License"); you may not use this file except in compliance
8    * with the License.  You may obtain a copy of the License at
9    *
10   *   http://www.apache.org/licenses/LICENSE-2.0
11   *
12   * Unless required by applicable law or agreed to in writing,
13   * software distributed under the License is distributed on an
14   * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
15   * KIND, either express or implied.  See the License for the
16   * specific language governing permissions and limitations
17   * under the License.
18   */
19  package org.apache.syncope.core.persistence.jpa.outer;
20  
21  import static org.junit.jupiter.api.Assertions.assertEquals;
22  import static org.junit.jupiter.api.Assertions.assertNotNull;
23  import static org.junit.jupiter.api.Assertions.assertNull;
24  import static org.junit.jupiter.api.Assertions.assertTrue;
25  
26  import java.time.OffsetDateTime;
27  import java.util.ArrayList;
28  import java.util.Collection;
29  import java.util.HashSet;
30  import java.util.List;
31  import java.util.Set;
32  import javax.persistence.Query;
33  import org.apache.syncope.common.lib.types.AnyTypeKind;
34  import org.apache.syncope.common.lib.types.IdRepoEntitlement;
35  import org.apache.syncope.core.persistence.api.attrvalue.validation.PlainAttrValidationManager;
36  import org.apache.syncope.core.persistence.api.dao.AnyTypeClassDAO;
37  import org.apache.syncope.core.persistence.api.dao.DelegationDAO;
38  import org.apache.syncope.core.persistence.api.dao.PlainSchemaDAO;
39  import org.apache.syncope.core.persistence.api.dao.RealmDAO;
40  import org.apache.syncope.core.persistence.api.dao.RoleDAO;
41  import org.apache.syncope.core.persistence.api.dao.UserDAO;
42  import org.apache.syncope.core.persistence.api.entity.Delegation;
43  import org.apache.syncope.core.persistence.api.entity.Role;
44  import org.apache.syncope.core.persistence.api.entity.user.DynRoleMembership;
45  import org.apache.syncope.core.persistence.api.entity.user.UPlainAttr;
46  import org.apache.syncope.core.persistence.api.entity.user.User;
47  import org.apache.syncope.core.persistence.jpa.AbstractTest;
48  import org.apache.syncope.core.persistence.jpa.dao.JPARoleDAO;
49  import org.apache.syncope.core.persistence.jpa.entity.user.JPADynRoleMembership;
50  import org.junit.jupiter.api.Test;
51  import org.springframework.beans.factory.annotation.Autowired;
52  import org.springframework.transaction.annotation.Transactional;
53  
54  @Transactional("Master")
55  public class RoleTest extends AbstractTest {
56  
57      @Autowired
58      private RoleDAO roleDAO;
59  
60      @Autowired
61      private RealmDAO realmDAO;
62  
63      @Autowired
64      private PlainSchemaDAO plainSchemaDAO;
65  
66      @Autowired
67      private UserDAO userDAO;
68  
69      @Autowired
70      private AnyTypeClassDAO anyTypeClassDAO;
71  
72      @Autowired
73      private DelegationDAO delegationDAO;
74  
75      @Autowired
76      private PlainAttrValidationManager validator;
77  
78      /**
79       * Static copy of {@link org.apache.syncope.core.persistence.jpa.dao.JPAUserDAO} method with same signature:
80       * required for avoiding creating new transaction - good for general use case but bad for the way how
81       * this test class is architected.
82       */
83      private List<Role> findDynRoles(final User user) {
84          Query query = entityManager().createNativeQuery(
85                  "SELECT role_id FROM " + JPARoleDAO.DYNMEMB_TABLE + " WHERE any_id=?");
86          query.setParameter(1, user.getKey());
87  
88          List<Role> result = new ArrayList<>();
89          for (Object key : query.getResultList()) {
90              String actualKey = key instanceof Object[]
91                      ? (String) ((Object[]) key)[0]
92                      : ((String) key);
93  
94              Role role = roleDAO.find(actualKey);
95              if (role != null && !result.contains(role)) {
96                  result.add(role);
97              }
98          }
99          return result;
100     }
101 
102     @Test
103     public void dynMembership() {
104         // 0. create user matching the condition below
105         User user = entityFactory.newEntity(User.class);
106         user.setUsername("username");
107         user.setRealm(realmDAO.findByFullPath("/even/two"));
108         user.add(anyTypeClassDAO.find("other"));
109 
110         UPlainAttr attr = entityFactory.newEntity(UPlainAttr.class);
111         attr.setOwner(user);
112         attr.setSchema(plainSchemaDAO.find("cool"));
113         attr.add(validator, "true", anyUtilsFactory.getInstance(AnyTypeKind.USER));
114         user.add(attr);
115 
116         user = userDAO.save(user);
117         String newUserKey = user.getKey();
118         assertNotNull(newUserKey);
119 
120         // 1. create role with dynamic membership
121         Role role = entityFactory.newEntity(Role.class);
122         role.setKey("new");
123         role.add(realmDAO.getRoot());
124         role.add(realmDAO.findByFullPath("/even/two"));
125         role.getEntitlements().add(IdRepoEntitlement.AUDIT_LIST);
126         role.getEntitlements().add(IdRepoEntitlement.AUDIT_SET);
127 
128         DynRoleMembership dynMembership = entityFactory.newEntity(DynRoleMembership.class);
129         dynMembership.setFIQLCond("cool==true");
130         dynMembership.setRole(role);
131 
132         role.setDynMembership(dynMembership);
133 
134         Role actual = roleDAO.saveAndRefreshDynMemberships(role);
135         assertNotNull(actual);
136 
137         entityManager().flush();
138 
139         // 2. verify that dynamic membership is there
140         actual = roleDAO.find(actual.getKey());
141         assertNotNull(actual);
142         assertNotNull(actual.getDynMembership());
143         assertNotNull(actual.getDynMembership().getKey());
144         assertEquals(actual, actual.getDynMembership().getRole());
145 
146         // 3. verify that expected users have the created role dynamically assigned
147         List<String> members = roleDAO.findDynMembers(actual);
148         assertEquals(2, members.size());
149         assertEquals(Set.of("c9b2dec2-00a7-4855-97c0-d854842b4b24", newUserKey), new HashSet<>(members));
150 
151         user = userDAO.find("c9b2dec2-00a7-4855-97c0-d854842b4b24");
152         assertNotNull(user);
153         Collection<Role> dynRoleMemberships = findDynRoles(user);
154         assertEquals(1, dynRoleMemberships.size());
155         assertTrue(dynRoleMemberships.contains(actual.getDynMembership().getRole()));
156 
157         // 4. delete the new user and verify that dynamic membership was updated
158         userDAO.delete(newUserKey);
159 
160         entityManager().flush();
161 
162         actual = roleDAO.find(actual.getKey());
163         members = roleDAO.findDynMembers(actual);
164         assertEquals(1, members.size());
165         assertEquals("c9b2dec2-00a7-4855-97c0-d854842b4b24", members.get(0));
166 
167         // 5. delete role and verify that dynamic membership was also removed
168         String dynMembershipKey = actual.getDynMembership().getKey();
169 
170         roleDAO.delete(actual);
171 
172         entityManager().flush();
173 
174         assertNull(entityManager().find(JPADynRoleMembership.class, dynMembershipKey));
175 
176         dynRoleMemberships = findDynRoles(user);
177         assertTrue(dynRoleMemberships.isEmpty());
178     }
179 
180     @Test
181     public void delete() {
182         // 0. create role
183         Role role = entityFactory.newEntity(Role.class);
184         role.setKey("new");
185         role.add(realmDAO.getRoot());
186         role.add(realmDAO.findByFullPath("/even/two"));
187         role.getEntitlements().add(IdRepoEntitlement.AUDIT_LIST);
188         role.getEntitlements().add(IdRepoEntitlement.AUDIT_SET);
189 
190         role = roleDAO.save(role);
191         assertNotNull(role);
192 
193         // 1. create user and assign that role
194         User user = entityFactory.newEntity(User.class);
195         user.setUsername("username");
196         user.setRealm(realmDAO.findByFullPath("/even/two"));
197         user.add(role);
198 
199         user = userDAO.save(user);
200         assertNotNull(user);
201 
202         // 2. remove role
203         roleDAO.delete(role);
204 
205         entityManager().flush();
206 
207         // 3. verify that role was removed from user
208         user = userDAO.find(user.getKey());
209         assertNotNull(user);
210         assertTrue(user.getRoles().isEmpty());
211     }
212 
213     @Test
214     public void deleteCascadeOnDelegations() {
215         User bellini = userDAO.findByUsername("bellini");
216         User rossini = userDAO.findByUsername("rossini");
217 
218         Role reviewer = roleDAO.find("User reviewer");
219 
220         Delegation delegation = entityFactory.newEntity(Delegation.class);
221         delegation.setDelegating(bellini);
222         delegation.setDelegated(rossini);
223         delegation.setStart(OffsetDateTime.now());
224         delegation.add(reviewer);
225         delegation = delegationDAO.save(delegation);
226 
227         entityManager().flush();
228 
229         delegation = delegationDAO.find(delegation.getKey());
230 
231         assertEquals(List.of(delegation), delegationDAO.findByRole(reviewer));
232 
233         roleDAO.delete(reviewer.getKey());
234 
235         entityManager().flush();
236 
237         assertTrue(delegationDAO.find(delegation.getKey()).getRoles().isEmpty());
238     }
239 }