View Javadoc
1   /*
2    * Licensed to the Apache Software Foundation (ASF) under one
3    * or more contributor license agreements.  See the NOTICE file
4    * distributed with this work for additional information
5    * regarding copyright ownership.  The ASF licenses this file
6    * to you under the Apache License, Version 2.0 (the
7    * "License"); you may not use this file except in compliance
8    * with the License.  You may obtain a copy of the License at
9    *
10   *   http://www.apache.org/licenses/LICENSE-2.0
11   *
12   * Unless required by applicable law or agreed to in writing,
13   * software distributed under the License is distributed on an
14   * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
15   * KIND, either express or implied.  See the License for the
16   * specific language governing permissions and limitations
17   * under the License.
18   */
19  package org.apache.syncope.fit.core;
20  
21  import static org.junit.jupiter.api.Assertions.assertEquals;
22  import static org.junit.jupiter.api.Assertions.assertFalse;
23  import static org.junit.jupiter.api.Assertions.assertNotNull;
24  import static org.junit.jupiter.api.Assertions.assertTrue;
25  import static org.junit.jupiter.api.Assertions.fail;
26  
27  import java.util.List;
28  import javax.ws.rs.core.Response;
29  import org.apache.syncope.common.lib.SyncopeClientException;
30  import org.apache.syncope.common.lib.SyncopeConstants;
31  import org.apache.syncope.common.lib.to.DynRealmTO;
32  import org.apache.syncope.common.lib.to.RoleTO;
33  import org.apache.syncope.common.lib.to.UserTO;
34  import org.apache.syncope.common.lib.types.AnyTypeKind;
35  import org.apache.syncope.common.lib.types.ClientExceptionType;
36  import org.apache.syncope.common.lib.types.FlowableEntitlement;
37  import org.apache.syncope.common.lib.types.IdRepoEntitlement;
38  import org.apache.syncope.common.rest.api.service.RoleService;
39  import org.apache.syncope.fit.AbstractITCase;
40  import org.junit.jupiter.api.Assertions;
41  import org.junit.jupiter.api.Test;
42  
43  public class RoleITCase extends AbstractITCase {
44  
45      public static RoleTO getSampleRoleTO(final String name) {
46          RoleTO role = new RoleTO();
47          role.setKey(name + getUUIDString());
48          role.getRealms().add("/even");
49          role.getEntitlements().add(IdRepoEntitlement.AUDIT_SET);
50  
51          return role;
52      }
53  
54      @Test
55      public void list() {
56          List<RoleTO> roleTOs = ROLE_SERVICE.list();
57          assertNotNull(roleTOs);
58          assertFalse(roleTOs.isEmpty());
59          roleTOs.forEach(Assertions::assertNotNull);
60      }
61  
62      @Test
63      public void read() {
64          RoleTO roleTO = ROLE_SERVICE.read("Search for realm evenTwo");
65          assertNotNull(roleTO);
66          assertTrue(roleTO.getEntitlements().contains(IdRepoEntitlement.USER_READ));
67      }
68  
69      @Test
70      public void create() {
71          RoleTO role = new RoleTO();
72          role.getRealms().add(SyncopeConstants.ROOT_REALM);
73          role.getRealms().add("/even/two");
74          role.getEntitlements().add(IdRepoEntitlement.AUDIT_SET);
75  
76          try {
77              createRole(role);
78              fail("This should not happen");
79          } catch (SyncopeClientException e) {
80              assertEquals(ClientExceptionType.InvalidRole, e.getType());
81          }
82  
83          role.setKey("new" + getUUIDString());
84          role = createRole(role);
85          assertNotNull(role);
86      }
87  
88      @Test
89      public void createWithTilde() {
90          RoleTO role = new RoleTO();
91          role.getRealms().add(SyncopeConstants.ROOT_REALM);
92          role.getEntitlements().add(IdRepoEntitlement.AUDIT_SET);
93          role.setKey("new~" + getUUIDString());
94          role = createRole(role);
95          assertNotNull(role);
96      }
97  
98      @Test
99      public void update() {
100         RoleTO role = getSampleRoleTO("update");
101         role = createRole(role);
102         assertNotNull(role);
103 
104         assertFalse(role.getEntitlements().contains(FlowableEntitlement.WORKFLOW_TASK_LIST));
105         assertFalse(role.getRealms().contains("/even/two"));
106 
107         role.getEntitlements().add(FlowableEntitlement.WORKFLOW_TASK_LIST);
108         role.getRealms().add("/even/two");
109 
110         ROLE_SERVICE.update(role);
111 
112         role = ROLE_SERVICE.read(role.getKey());
113         assertTrue(role.getEntitlements().contains(FlowableEntitlement.WORKFLOW_TASK_LIST));
114         assertTrue(role.getRealms().contains("/even/two"));
115     }
116 
117     @Test
118     public void delete() {
119         RoleTO role = getSampleRoleTO("delete");
120         Response response = ROLE_SERVICE.create(role);
121 
122         RoleTO actual = getObject(response.getLocation(), RoleService.class, RoleTO.class);
123         assertNotNull(actual);
124 
125         ROLE_SERVICE.delete(actual.getKey());
126 
127         try {
128             ROLE_SERVICE.read(actual.getKey());
129             fail("This should not happen");
130         } catch (SyncopeClientException e) {
131             assertEquals(ClientExceptionType.NotFound, e.getType());
132         }
133     }
134 
135     @Test
136     public void dynMembership() {
137         UserTO bellini = USER_SERVICE.read("bellini");
138         assertTrue(bellini.getDynRoles().isEmpty());
139         assertTrue(bellini.getPrivileges().isEmpty());
140 
141         RoleTO role = getSampleRoleTO("dynMembership");
142         role.getPrivileges().add("getMighty");
143         role.setDynMembershipCond("cool==true");
144         Response response = ROLE_SERVICE.create(role);
145         role = getObject(response.getLocation(), RoleService.class, RoleTO.class);
146         assertNotNull(role);
147 
148         bellini = USER_SERVICE.read("bellini");
149         assertTrue(bellini.getDynRoles().contains(role.getKey()));
150         assertTrue(bellini.getPrivileges().contains("getMighty"));
151 
152         role.setDynMembershipCond("cool==false");
153         ROLE_SERVICE.update(role);
154 
155         bellini = USER_SERVICE.read("bellini");
156         assertTrue(bellini.getDynMemberships().isEmpty());
157         assertTrue(bellini.getPrivileges().isEmpty());
158     }
159 
160     @Test
161     public void issueSYNCOPE1472() {
162         DynRealmTO dynRealmTO = new DynRealmTO();
163         dynRealmTO.setKey("dynRealm");
164         dynRealmTO.getDynMembershipConds().put(AnyTypeKind.USER.name(), "username=~rossini");
165         DYN_REALM_SERVICE.create(dynRealmTO);
166 
167         // 1. associate role Other again to /odd realm and twice to dynRealm
168         RoleTO roleTO = ROLE_SERVICE.read("Other");
169         roleTO.getRealms().add("/odd");
170         roleTO.getDynRealms().add("dynRealm");
171         roleTO.getDynRealms().add("dynRealm");
172         ROLE_SERVICE.update(roleTO);
173 
174         // 2. update by removing realm and dynamic realm
175         roleTO = ROLE_SERVICE.read("Other");
176         roleTO.getRealms().remove("/odd");
177         roleTO.getDynRealms().remove("dynRealm");
178         ROLE_SERVICE.update(roleTO);
179 
180         roleTO = ROLE_SERVICE.read("Other");
181 
182         assertFalse(roleTO.getRealms().contains("/odd"), "Should not contain removed realms");
183         assertFalse(roleTO.getDynRealms().contains("dynRealm"), "Should not contain removed dynamic realms");
184     }
185 }