jspwiki-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ajaqu...@apache.org
Subject svn commit: r627271 [4/8] - in /incubator/jspwiki/branches/JSPWIKI_STRIPES_BRANCH/tests/com/ecyrd/jspwiki: ./ action/ attachment/ auth/ auth/acl/ auth/authorize/ auth/login/ auth/permissions/ auth/user/ dav/ diff/ filters/ htmltowiki/ parser/
Date Wed, 13 Feb 2008 06:24:06 GMT
Added: incubator/jspwiki/branches/JSPWIKI_STRIPES_BRANCH/tests/com/ecyrd/jspwiki/auth/AuthorizationManagerTest.java
URL: http://svn.apache.org/viewvc/incubator/jspwiki/branches/JSPWIKI_STRIPES_BRANCH/tests/com/ecyrd/jspwiki/auth/AuthorizationManagerTest.java?rev=627271&view=auto
==============================================================================
--- incubator/jspwiki/branches/JSPWIKI_STRIPES_BRANCH/tests/com/ecyrd/jspwiki/auth/AuthorizationManagerTest.java (added)
+++ incubator/jspwiki/branches/JSPWIKI_STRIPES_BRANCH/tests/com/ecyrd/jspwiki/auth/AuthorizationManagerTest.java Tue Feb 12 22:24:02 2008
@@ -0,0 +1,668 @@
+package com.ecyrd.jspwiki.auth;
+
+import java.io.File;
+import java.security.Permission;
+import java.security.Principal;
+import java.util.Properties;
+
+import junit.framework.Test;
+import junit.framework.TestCase;
+import junit.framework.TestSuite;
+
+import org.apache.commons.lang.ArrayUtils;
+
+import com.ecyrd.jspwiki.TestEngine;
+import com.ecyrd.jspwiki.WikiException;
+import com.ecyrd.jspwiki.WikiPage;
+import com.ecyrd.jspwiki.WikiSession;
+import com.ecyrd.jspwiki.WikiSessionTest;
+import com.ecyrd.jspwiki.attachment.Attachment;
+import com.ecyrd.jspwiki.auth.acl.UnresolvedPrincipal;
+import com.ecyrd.jspwiki.auth.authorize.Group;
+import com.ecyrd.jspwiki.auth.authorize.GroupManager;
+import com.ecyrd.jspwiki.auth.authorize.Role;
+import com.ecyrd.jspwiki.auth.permissions.AllPermission;
+import com.ecyrd.jspwiki.auth.permissions.PagePermission;
+import com.ecyrd.jspwiki.auth.permissions.PermissionFactory;
+import com.ecyrd.jspwiki.auth.permissions.WikiPermission;
+import com.ecyrd.jspwiki.auth.user.DefaultUserProfile;
+import com.ecyrd.jspwiki.auth.user.UserProfile;
+import com.ecyrd.jspwiki.providers.ProviderException;
+
+/**
+ * Tests the AuthorizationManager class.
+ * @author Janne Jalkanen
+ */
+public class AuthorizationManagerTest extends TestCase
+{
+    private AuthorizationManager m_auth;
+
+    private TestEngine           m_engine;
+
+    private GroupManager         m_groupMgr;
+
+    private WikiSession          m_session;
+
+    private static class TestPrincipal implements Principal
+    {
+        private final String m_name;
+
+        public TestPrincipal( String name )
+        {
+            m_name = name;
+        }
+
+        public String getName()
+        {
+            return m_name;
+        }
+    }
+
+    public AuthorizationManagerTest( String s )
+    {
+        super( s );
+    }
+
+    public static Test suite()
+    {
+        TestSuite suite = new TestSuite( "Authorization Manager test" );
+        suite.addTestSuite( AuthorizationManagerTest.class );
+        return suite;
+    }
+
+    public void setUp() throws Exception
+    {
+        Properties props = new Properties();
+        props.load( TestEngine.findTestProperties() );
+        m_engine = new TestEngine( props );
+        m_auth = m_engine.getAuthorizationManager();
+        m_groupMgr = m_engine.getGroupManager();
+        m_session = WikiSessionTest.adminSession( m_engine );
+    }
+
+    /**
+     * Tests the default policy. Anonymous users can read, Authenticated can
+     * edit, etc. Uses the default tests/etc/jspwiki.policy file installed by
+     * the JRE at startup.
+     * @throws Exception
+     */
+    public void testDefaultPermissions() throws Exception
+    {
+        // Save a page without an ACL
+        m_engine.saveText( "TestDefaultPage", "Foo" );
+        Permission view = PermissionFactory.getPagePermission( "*:TestDefaultPage", "view" );
+        Permission edit = PermissionFactory.getPagePermission( "*:TestDefaultPage", "edit" );
+        WikiSession session;
+
+        // Alice is asserted
+        session = WikiSessionTest.assertedSession( m_engine, Users.ALICE );
+        assertTrue( "Alice view", m_auth.checkPermission( session, view ) );
+        assertTrue( "Alice edit", m_auth.checkPermission( session, edit ) );
+
+        // Bob is logged in
+        session = WikiSessionTest.authenticatedSession( m_engine, Users.BOB, Users.BOB_PASS );
+        assertTrue( "Bob view", m_auth.checkPermission( session, view ) );
+        assertTrue( "Bob edit", m_auth.checkPermission( session, edit ) );
+
+        // Delete the test page
+        try
+        {
+            m_engine.deletePage( "TestDefaultPage" );
+        }
+        catch( ProviderException e )
+        {
+            assertTrue( false );
+        }
+    }
+
+    public void testGetRoles() throws Exception
+    {
+        WikiSession session;
+        Principal[] principals;
+
+        // Create a new "asserted" session for Bob
+        session = WikiSessionTest.assertedSession( m_engine, Users.BOB );
+
+        // Set up a group without Bob in it
+        Group test = m_groupMgr.parseGroup( "Test", "Alice \n Charlie", true );
+        m_groupMgr.setGroup( m_session, test );
+
+        // Bob should have two roles: ASSERTED and ALL
+        principals = session.getRoles();
+        assertTrue( "Bob in ALL", ArrayUtils.contains( principals, Role.ALL ) );
+        assertTrue( "Bob in ASSERTED", ArrayUtils.contains( principals, Role.ASSERTED ) );
+        assertFalse( "Bob not in ANONYMOUS", ArrayUtils.contains( principals, Role.ANONYMOUS ) );
+        assertFalse( "Bob not in Test", ArrayUtils.contains( principals, test.getPrincipal() ) );
+
+        // Re-save group "Test" with Bob as a member
+        test = m_groupMgr.parseGroup( "Test", "Alice \n Bob \nCharlie", true );
+        m_groupMgr.setGroup( m_session, test );
+
+        // Bob not authenticated: should still have only two romes
+        principals = session.getRoles();
+        assertTrue( "Bob in ALL", ArrayUtils.contains( principals, Role.ALL ) );
+        assertTrue( "Bob in ASSERTED", ArrayUtils.contains( principals, Role.ASSERTED ) );
+        assertFalse( "Bob not in ANONYMOUS", ArrayUtils.contains( principals, Role.ANONYMOUS ) );
+        assertFalse( "Bob in Test", ArrayUtils.contains( principals, test.getPrincipal() ) );
+
+        // Elevate Bob to "authenticated" status
+        session = WikiSessionTest.authenticatedSession( m_engine, Users.BOB, Users.BOB_PASS );
+
+        // Re-save the group; Bob should possess the role now
+        test = m_groupMgr.parseGroup( "Test", "Alice \n Bob \n Charlie", true );
+        m_groupMgr.setGroup( m_session, test );
+        principals = session.getRoles();
+        assertTrue( "Bob in ALL", ArrayUtils.contains( principals, Role.ALL ) );
+        assertFalse( "Bob in ASSERTED", ArrayUtils.contains( principals, Role.ASSERTED ) );
+        assertFalse( "Bob not in ANONYMOUS", ArrayUtils.contains( principals, Role.ANONYMOUS ) );
+        assertTrue( "Bob in Test", ArrayUtils.contains( principals, test.getPrincipal() ) );
+
+        // Cleanup
+        m_groupMgr.removeGroup( "Test" );
+    }
+
+    public void testAssertedSession() throws Exception
+    {
+        // Create Alice and her roles
+        Principal alice = new WikiPrincipal( Users.ALICE );
+        Role it = new Role( "IT" );
+        Role engineering = new Role( "Engineering" );
+        Role finance = new Role( "Finance" );
+        Principal admin = new GroupPrincipal( "Admin" );
+        WikiSession session = WikiSessionTest.assertedSession(
+                m_engine,
+                Users.ALICE,
+                new Principal[] { it, engineering, admin } );
+
+        // Create two groups: Alice should be part of group Bar, but not Foo
+        Group fooGroup = m_groupMgr.parseGroup( "Foo", "", true );
+        Group barGroup = m_groupMgr.parseGroup( "Bar", "", true );
+        barGroup.add( alice );
+        m_groupMgr.setGroup( m_session, fooGroup );
+        m_groupMgr.setGroup( m_session, barGroup );
+
+        // Test user principal posession: Alice isn't considered to
+        // have the "Alice" principal because she's not authenticated
+        assertFalse ( "Alice has Alice", m_auth.hasRoleOrPrincipal( session, new WikiPrincipal( Users.ALICE ) ) );
+        assertFalse ( "Alice has Alice", m_auth.hasRoleOrPrincipal( session, new TestPrincipal( Users.ALICE ) ) );
+        assertFalse( "Alice not has Bob", m_auth.hasRoleOrPrincipal( session, new WikiPrincipal( Users.BOB ) ) );
+        assertFalse( "Alice not has Bob", m_auth.hasRoleOrPrincipal( session, new TestPrincipal( Users.BOB ) ) );
+
+        // Built-in role memberships
+        assertTrue( "Alice in ALL", m_auth.hasRoleOrPrincipal( session, Role.ALL ) );
+        assertFalse( "Alice not in ANONYMOUS", m_auth.hasRoleOrPrincipal( session, Role.ANONYMOUS ) );
+        assertTrue( "Alice in ASSERTED", m_auth.hasRoleOrPrincipal( session, Role.ASSERTED ) );
+        assertFalse( "Alice not in AUTHENTICATED", m_auth.hasRoleOrPrincipal( session, Role.AUTHENTICATED ) );
+
+        // Custom roles should be FALSE because Alice is asserted
+        assertFalse( "Alice not in IT", m_auth.hasRoleOrPrincipal( session, it ) );
+        assertFalse( "Alice not in Engineering", m_auth.hasRoleOrPrincipal( session, engineering ) );
+        assertFalse( "Alice not in Finance", m_auth.hasRoleOrPrincipal( session, finance ) );
+
+        // Group memberships should be FALSE because Alice is asserted
+        assertFalse( "Alice not in Foo", m_auth.hasRoleOrPrincipal( session, fooGroup.getPrincipal() ) );
+        assertFalse( "Alice not in Bar", m_auth.hasRoleOrPrincipal( session, barGroup.getPrincipal() ) );
+
+        // Clean up
+        m_groupMgr.removeGroup( "Foo" );
+        m_groupMgr.removeGroup( "Bar" );
+    }
+
+    public void testAuthenticatedSession() throws Exception
+    {
+        // Create Alice and her roles
+        Principal alice = new WikiPrincipal( Users.ALICE );
+        Role it = new Role( "IT" );
+        Role engineering = new Role( "Engineering" );
+        Role finance = new Role( "Finance" );
+        Principal admin = new GroupPrincipal( "Admin" );
+        WikiSession session = WikiSessionTest.containerAuthenticatedSession(
+                m_engine,
+                Users.ALICE,
+                new Principal[] { it, engineering, admin } );
+
+        // Create two groups: Alice should be part of group Bar, but not Foo
+        Group fooGroup = m_groupMgr.parseGroup( "Foo", "", true );
+        Group barGroup = m_groupMgr.parseGroup( "Bar", "", true );
+        barGroup.add( alice );
+        m_groupMgr.setGroup( m_session, fooGroup );
+        m_groupMgr.setGroup( m_session, barGroup );
+
+        // Test user principal posession: user principals of different
+        // types should still be "the same" if their names are equal
+        assertTrue( "Alice has Alice", m_auth.hasRoleOrPrincipal( session, new WikiPrincipal( Users.ALICE ) ) );
+        assertTrue( "Alice has Alice", m_auth.hasRoleOrPrincipal( session, new TestPrincipal( Users.ALICE ) ) );
+        assertFalse( "Alice not has Bob", m_auth.hasRoleOrPrincipal( session, new WikiPrincipal( Users.BOB ) ) );
+        assertFalse( "Alice not has Bob", m_auth.hasRoleOrPrincipal( session, new TestPrincipal( Users.BOB ) ) );
+
+        // Built-in role membership
+        assertTrue( "Alice in ALL", m_auth.hasRoleOrPrincipal( session, Role.ALL ) );
+        assertFalse( "Alice not in ANONYMOUS", m_auth.hasRoleOrPrincipal( session, Role.ANONYMOUS ) );
+        assertFalse( "Alice not in ASSERTED", m_auth.hasRoleOrPrincipal( session, Role.ASSERTED ) );
+        assertTrue( "Alice in AUTHENTICATED", m_auth.hasRoleOrPrincipal( session, Role.AUTHENTICATED ) );
+
+        // Custom roles
+        assertTrue( "Alice in IT", m_auth.hasRoleOrPrincipal( session, it ) );
+        assertTrue( "Alice in Engineering", m_auth.hasRoleOrPrincipal( session, engineering ) );
+        assertFalse( "Alice not in Finance", m_auth.hasRoleOrPrincipal( session, finance ) );
+
+        // Group memberships
+        assertFalse( "Alice not in Foo", m_auth.hasRoleOrPrincipal( session, fooGroup.getPrincipal() ) );
+        assertTrue( "Alice in Bar", m_auth.hasRoleOrPrincipal( session, barGroup.getPrincipal() ) );
+
+        // Cleanup
+        m_groupMgr.removeGroup( "Foo" );
+        m_groupMgr.removeGroup( "Bar" );
+    }
+
+    public void testInheritedPermissions() throws Exception
+    {
+        // Create test page & attachment
+        String src = "[{ALLOW edit Alice}] ";
+        m_engine.saveText( "Test", src );
+
+        File f = m_engine.makeAttachmentFile();
+        Attachment att = new Attachment( m_engine, "Test", "test1.txt" );
+        att.setAuthor( "FirstPost" );
+        m_engine.getAttachmentManager().storeAttachment( att, f );
+
+        Attachment p = (Attachment) m_engine.getPage( "Test/test1.txt" );
+        Permission view = PermissionFactory.getPagePermission( p, "view" );
+        Permission edit = PermissionFactory.getPagePermission( p, "edit" );
+
+        // Create authenticated session with user 'Alice', who can read & edit (in ACL)
+        WikiSession session;
+        session = WikiSessionTest.authenticatedSession( m_engine, Users.ALICE, Users.ALICE_PASS );
+        assertTrue( "Alice view Test/test1.txt", m_auth.checkPermission( session, view ) );
+        assertTrue( "Alice edit Test/test1.txt", m_auth.checkPermission( session, edit ) );
+
+        // Create authenticated session with user 'Bob', who can't read or edit (not in ACL)
+        session = WikiSessionTest.authenticatedSession( m_engine, Users.BOB, Users.BOB_PASS );
+        assertFalse( "Bob !view Test/test1.txt", m_auth.checkPermission( session, view ) );
+        assertFalse( "Bob !edit Test/test1.txt", m_auth.checkPermission( session, edit ) );
+
+        // Delete test page & attachment
+        m_engine.getAttachmentManager().deleteAttachment( att );
+        m_engine.deletePage( "Test" );
+    }
+
+    public void testInheritedAclPermissions() throws Exception
+    {
+        // Create test page & attachment
+        String src = "[{ALLOW view Alice}] ";
+        m_engine.saveText( "Test", src );
+
+        File f = m_engine.makeAttachmentFile();
+        Attachment att = new Attachment( m_engine, "Test", "test1.txt" );
+        att.setAuthor( "FirstPost" );
+        m_engine.getAttachmentManager().storeAttachment( att, f );
+
+        Attachment p = (Attachment) m_engine.getPage( "Test/test1.txt" );
+        Permission view = PermissionFactory.getPagePermission( p, "view" );
+        Permission edit = PermissionFactory.getPagePermission( p, "edit" );
+
+        // Create session with user 'Alice', who can read (in ACL)
+        WikiSession session;
+        session = WikiSessionTest.authenticatedSession( m_engine, Users.ALICE, Users.ALICE_PASS );
+        assertTrue( "Foo view Test", m_auth.checkPermission( session, view ) );
+        assertFalse( "Foo !edit Test", m_auth.checkPermission( session, edit ) );
+
+        // Create session with user 'Bob', who can't read or edit (not in ACL)
+        session = WikiSessionTest.authenticatedSession( m_engine, Users.BOB, Users.BOB_PASS );
+        assertFalse( "Bar !view Test", m_auth.checkPermission( session, view ) );
+        assertFalse( "Bar !edit Test", m_auth.checkPermission( session, view ) );
+
+        // Delete test page & attachment
+        m_engine.getAttachmentManager().deleteAttachment( att );
+        m_engine.deletePage( "Test" );
+    }
+
+    public void testHasRoleOrPrincipal() throws Exception
+    {
+        // Create new user Alice and 2 sample roles
+        Principal alice = new WikiPrincipal( Users.ALICE );
+        Role it = new Role( "IT" );
+        Role finance = new Role( "Finance" );
+
+        // Create Group1 with Alice in it, Group2 without
+        WikiSession session = WikiSessionTest.adminSession( m_engine );
+        Group g1 = m_groupMgr.parseGroup( "Group1", "Alice", true );
+        m_groupMgr.setGroup( session, g1 );
+        Principal group1 = g1.getPrincipal();
+        Group g2 = m_groupMgr.parseGroup( "Group2", "Bob", true );
+        m_groupMgr.setGroup( session, g2 );
+        Principal group2 = g2.getPrincipal();
+
+        // Create anonymous session; not in ANY custom roles or groups
+        session = WikiSessionTest.anonymousSession( m_engine );
+        assertTrue ( "Anon anonymous", m_auth.hasRoleOrPrincipal( session, Role.ANONYMOUS ) );
+        assertFalse( "Anon not asserted", m_auth.hasRoleOrPrincipal( session, Role.ASSERTED ) );
+        assertFalse( "Anon not authenticated", m_auth.hasRoleOrPrincipal( session, Role.AUTHENTICATED ) );
+        assertFalse( "Alice not in Anon", m_auth.hasRoleOrPrincipal( session, alice ) );
+        assertFalse( "Anon not in IT", m_auth.hasRoleOrPrincipal( session, it ) );
+        assertFalse( "Anon not in Finance", m_auth.hasRoleOrPrincipal( session, finance ) );
+        assertFalse( "Anon not in Group1", m_auth.hasRoleOrPrincipal( session, group1 ) );
+        assertFalse( "Anon not in Group2", m_auth.hasRoleOrPrincipal( session, group2 ) );
+
+        // Create asserted session with 1 GroupPrincipal & 1 custom Role
+        // Alice is asserted, and thus not in ANY custom roles or groups
+        session = WikiSessionTest.assertedSession( m_engine, Users.ALICE, new Principal[] { it } );
+        assertFalse( "Alice not anonymous", m_auth.hasRoleOrPrincipal( session, Role.ANONYMOUS ) );
+        assertTrue ( "Alice asserted", m_auth.hasRoleOrPrincipal( session, Role.ASSERTED ) );
+        assertFalse( "Alice not authenticated", m_auth.hasRoleOrPrincipal( session, Role.AUTHENTICATED ) );
+        assertFalse( "Alice not in Alice", m_auth.hasRoleOrPrincipal( session, alice ) );
+        assertFalse( "Alice not in IT", m_auth.hasRoleOrPrincipal( session, it ) );
+        assertFalse( "Alice not in Finance", m_auth.hasRoleOrPrincipal( session, finance ) );
+        assertFalse( "Alice not in Group1", m_auth.hasRoleOrPrincipal( session, group1 ) );
+        assertFalse( "Alice not in Group2", m_auth.hasRoleOrPrincipal( session, group2 ) );
+
+        // Create authenticated session with 1 GroupPrincipal & 1 custom Role
+        // Alice is authenticated, and thus part of custom roles and groups
+        session = WikiSessionTest.containerAuthenticatedSession( m_engine, Users.ALICE, new Principal[] { it } );
+        assertFalse( "Alice not anonymous", m_auth.hasRoleOrPrincipal( session, Role.ANONYMOUS ) );
+        assertFalse( "Alice not asserted", m_auth.hasRoleOrPrincipal( session, Role.ASSERTED ) );
+        assertTrue ( "Alice authenticated", m_auth.hasRoleOrPrincipal( session, Role.AUTHENTICATED ) );
+        assertTrue ( "Alice in Ernie", m_auth.hasRoleOrPrincipal( session, alice ) );
+        assertTrue ( "Alice in IT", m_auth.hasRoleOrPrincipal( session, it ) );
+        assertFalse( "Alice not in Finance", m_auth.hasRoleOrPrincipal( session, finance ) );
+        assertTrue ( "Alice in Group1", m_auth.hasRoleOrPrincipal( session, group1 ) );
+        assertFalse( "Alice not in Group2", m_auth.hasRoleOrPrincipal( session, group2 ) );
+
+        // Clean up
+        m_groupMgr.removeGroup( "Group1" );
+        m_groupMgr.removeGroup( "Group2" );
+    }
+
+    public void testIsUserInRole() throws Exception
+    {
+        // Create new user Alice and 2 sample roles
+        Principal alice = new WikiPrincipal( Users.ALICE );
+        Role it = new Role( "IT" );
+        Role finance = new Role( "Finance" );
+
+        // Create Group1 with Alice in it, Group2 without
+        WikiSession session = WikiSessionTest.adminSession( m_engine );
+        Group g1 = m_groupMgr.parseGroup( "Group1", "Alice", true );
+        m_groupMgr.setGroup( session, g1 );
+        Principal group1 = g1.getPrincipal();
+        Group g2 = m_groupMgr.parseGroup( "Group2", "Bob", true );
+        m_groupMgr.setGroup( session, g2 );
+        Principal group2 = g2.getPrincipal();
+
+        // Create anonymous session; not in ANY custom roles or groups
+        session = WikiSessionTest.anonymousSession( m_engine );
+        assertTrue ( "Anon anonymous", m_auth.isUserInRole( session, Role.ANONYMOUS ) );
+        assertFalse( "Anon not asserted", m_auth.isUserInRole( session, Role.ASSERTED ) );
+        assertFalse( "Anon not authenticated", m_auth.isUserInRole( session, Role.AUTHENTICATED ) );
+        assertFalse( "Anon not in Ernie", m_auth.isUserInRole( session, alice ) );
+        assertFalse( "Anon not in IT", m_auth.isUserInRole( session, it ) );
+        assertFalse( "Anon not in Finance", m_auth.isUserInRole( session, finance ) );
+        assertFalse( "Anon not in Group1", m_auth.isUserInRole( session, group1 ) );
+        assertFalse( "Anon not in Group2", m_auth.isUserInRole( session, group2 ) );
+
+        // Create asserted session with 1 GroupPrincipal & 1 custom Role
+        // Alice is asserted, and thus not in ANY custom roles or groups
+        session = WikiSessionTest.assertedSession( m_engine, Users.ALICE, new Principal[] { it } );
+        assertFalse( "Alice not anonymous", m_auth.isUserInRole( session, Role.ANONYMOUS ) );
+        assertTrue ( "Alice asserted", m_auth.isUserInRole( session, Role.ASSERTED ) );
+        assertFalse( "Alice not authenticated", m_auth.isUserInRole( session, Role.AUTHENTICATED ) );
+        assertFalse( "Alice not in Alice", m_auth.isUserInRole( session, alice ) );
+        assertFalse( "Alice not in IT", m_auth.isUserInRole( session, it ) );
+        assertFalse( "Alice not in Finance", m_auth.isUserInRole( session, finance ) );
+        assertFalse( "Alice not in Group1", m_auth.isUserInRole( session, group1 ) );
+        assertFalse( "Alice not in Group2", m_auth.isUserInRole( session, group2 ) );
+
+        // Create authenticated session with 1 GroupPrincipal & 1 custom Role
+        // Ernie is authenticated, and thus part of custom roles and groups
+        session = WikiSessionTest.containerAuthenticatedSession( m_engine, Users.ALICE, new Principal[] { it } );
+        assertFalse( "Alice not anonymous", m_auth.isUserInRole( session, Role.ANONYMOUS ) );
+        assertFalse( "Alice not asserted", m_auth.isUserInRole( session, Role.ASSERTED ) );
+        assertTrue ( "Alice not authenticated", m_auth.isUserInRole( session, Role.AUTHENTICATED ) );
+        assertFalse( "Alice not in Alice", m_auth.isUserInRole( session, alice ) );
+        assertTrue ( "Alice in IT", m_auth.isUserInRole( session, it ) );
+        assertFalse( "Alice not in Finance", m_auth.isUserInRole( session, finance ) );
+        assertTrue ( "Alice in Group1", m_auth.isUserInRole( session, group1 ) );
+        assertFalse( "Alice not in Group2", m_auth.isUserInRole( session, group2 ) );
+
+        // Clean up
+        m_groupMgr.removeGroup( "Group1" );
+        m_groupMgr.removeGroup( "Group2" );
+    }
+
+    public void testPrincipalAcl() throws Exception
+    {
+        // Create test page & attachment
+        String src = "[{ALLOW edit Alice}] ";
+        m_engine.saveText( "Test", src );
+
+        WikiPage p = m_engine.getPage( "Test" );
+        Permission view = PermissionFactory.getPagePermission( p, "view" );
+        Permission edit = PermissionFactory.getPagePermission( p, "edit" );
+
+        // Create session with authenticated user 'Alice', who can read & edit (in ACL)
+        WikiSession session;
+        session = WikiSessionTest.authenticatedSession( m_engine, Users.ALICE, Users.ALICE_PASS );
+        assertTrue( "Alice view Test", m_auth.checkPermission( session, view ) );
+        assertTrue( "Alice edit Test", m_auth.checkPermission( session, edit ) );
+
+        // Create session with authenticated user 'Bob', who can't read or edit (not in ACL)
+        session = WikiSessionTest.authenticatedSession( m_engine, Users.BOB, Users.BOB_PASS );
+        assertFalse( "Bob !view Test", m_auth.checkPermission( session, view ) );
+        assertFalse( "Bob !edit Test", m_auth.checkPermission( session, edit ) );
+
+        // Cleanup
+        try
+        {
+            m_engine.deletePage( "Test" );
+        }
+        catch( ProviderException e )
+        {
+            fail( "Could not delete page" );
+        }
+    }
+
+    /**
+     * Any principal strings that have same names as built-in roles should
+     * resolve as built-in roles!
+     */
+    public void testResolveBuiltInRoles()
+    {
+        Principal principal = Role.AUTHENTICATED;
+        assertEquals( principal, m_auth.resolvePrincipal( "Authenticated" ) );
+        principal = Role.ASSERTED;
+        assertEquals( principal, m_auth.resolvePrincipal( "Asserted" ) );
+        principal = Role.ALL;
+        assertEquals( principal, m_auth.resolvePrincipal( "All" ) );
+        principal = Role.ANONYMOUS;
+        assertEquals( principal, m_auth.resolvePrincipal( "Anonymous" ) );
+
+        // This should not resolve because there's no built-in role Admin
+        principal = new WikiPrincipal( "Admin" );
+        assertFalse( principal.equals( m_auth.resolvePrincipal( "Admin" ) ) );
+    }
+
+    public void testResolveGroups() throws WikiException
+    {
+        Group group1 = m_groupMgr.parseGroup( "SampleGroup", "", true );
+        m_groupMgr.setGroup( m_session, group1 );
+
+        assertEquals( group1.getPrincipal(), m_auth.resolvePrincipal( "SampleGroup" ) );
+        m_groupMgr.removeGroup( "SampleGroup" );
+
+        // We shouldn't be able to spoof a built-in role
+        try
+        {
+            Group group2 = m_groupMgr.parseGroup( "Authenticated", "", true );
+            assertNotSame( group2.getPrincipal(), m_auth.resolvePrincipal( "Authenticated" ) );
+        }
+        catch ( WikiSecurityException e )
+        {
+            assertTrue ( "Authenticated not allowed as group name.", true );
+        }
+        assertEquals( Role.AUTHENTICATED, m_auth.resolvePrincipal( "Authenticated" ) );
+    }
+
+    public void testResolveUsers() throws WikiException
+    {
+        // We should be able to resolve a user by login, user, or wiki name
+        UserProfile profile = new DefaultUserProfile();
+        profile.setEmail( "authmanagertest@tester.net" );
+        profile.setFullname( "AuthorizationManagerTest User" );
+        profile.setLoginName( "authmanagertest" );
+        try
+        {
+            m_engine.getUserManager().getUserDatabase().save( profile );
+        }
+        catch( WikiSecurityException e )
+        {
+            fail( "Failed save: " + e.getLocalizedMessage() );
+        }
+        assertEquals( new WikiPrincipal( "authmanagertest",  WikiPrincipal.LOGIN_NAME ), m_auth.resolvePrincipal( "authmanagertest" ) );
+        assertEquals( new WikiPrincipal( "AuthorizationManagerTest User", WikiPrincipal.FULL_NAME ), m_auth.resolvePrincipal( "AuthorizationManagerTest User" ) );
+        assertEquals( new WikiPrincipal( "AuthorizationManagerTestUser", WikiPrincipal.WIKI_NAME ), m_auth.resolvePrincipal( "AuthorizationManagerTestUser" ) );
+        try
+        {
+            m_engine.getUserManager().getUserDatabase().deleteByLoginName( "authmanagertest" );
+        }
+        catch( WikiSecurityException e )
+        {
+            fail( "Failed delete: " + e.getLocalizedMessage() );
+        }
+
+
+        // A wiki group should resolve to itself
+        Group group1 = m_groupMgr.parseGroup( "SampleGroup", "", true );
+        m_groupMgr.setGroup( m_session, group1 );
+        assertEquals( group1.getPrincipal(), m_auth.resolvePrincipal( "SampleGroup" ) );
+        m_groupMgr.removeGroup( "SampleGroup" );
+
+        // A built-in role should resolve to itself
+        assertEquals( Role.AUTHENTICATED, m_auth.resolvePrincipal( "Authenticated" ) );
+
+        // We shouldn't be able to spoof a built-in role
+        assertNotSame( new WikiPrincipal( "Authenticated" ), m_auth.resolvePrincipal( "Authenticated" ) );
+
+        // An unknown user should resolve to a generic UnresolvedPrincipal
+        Principal principal = new UnresolvedPrincipal( "Bart Simpson" );
+        assertEquals( principal, m_auth.resolvePrincipal( "Bart Simpson" ) );
+    }
+
+    public void testRoleAcl() throws Exception
+    {
+        // Create test page & attachment
+        String src = "[{ALLOW edit Authenticated}] ";
+        m_engine.saveText( "Test", src );
+
+        WikiPage p = m_engine.getPage( "Test" );
+        Permission view = PermissionFactory.getPagePermission( p, "view" );
+        Permission edit = PermissionFactory.getPagePermission( p, "edit" );
+
+        // Create session with authenticated user 'Alice', who can read & edit
+        WikiSession session;
+        session = WikiSessionTest.authenticatedSession( m_engine, Users.ALICE, Users.ALICE_PASS );
+        assertTrue( "Alice view Test", m_auth.checkPermission( session, view ) );
+        assertTrue( "Alice edit Test", m_auth.checkPermission( session, edit ) );
+
+        // Create session with asserted user 'Bob', who can't read or edit (not in ACL)
+        session = WikiSessionTest.assertedSession( m_engine, Users.BOB );
+        assertFalse( "Bob !view Test", m_auth.checkPermission( session, view ) );
+        assertFalse( "Bob !edit Test", m_auth.checkPermission( session, edit ) );
+
+        // Cleanup
+        try
+        {
+            m_engine.deletePage( "Test" );
+        }
+        catch( ProviderException e )
+        {
+            assertTrue( false );
+        }
+    }
+
+    public void testStaticPermission() throws Exception
+    {
+        WikiSession s = WikiSessionTest.anonymousSession( m_engine );
+        assertTrue( "Anonymous view", m_auth.checkStaticPermission( s, PagePermission.VIEW ) );
+        assertTrue( "Anonymous edit", m_auth.checkStaticPermission( s, PagePermission.EDIT ) );
+        assertTrue( "Anonymous comment", m_auth.checkStaticPermission( s, PagePermission.COMMENT ) );
+        assertFalse( "Anonymous modify", m_auth.checkStaticPermission( s, PagePermission.MODIFY ) );
+        assertFalse( "Anonymous upload", m_auth.checkStaticPermission( s, PagePermission.UPLOAD ) );
+        assertFalse( "Anonymous rename", m_auth.checkStaticPermission( s, PagePermission.RENAME ) );
+        assertFalse( "Anonymous delete", m_auth.checkStaticPermission( s, PagePermission.DELETE ) );
+        assertTrue( "Anonymous prefs", m_auth.checkStaticPermission( s, WikiPermission.EDIT_PREFERENCES ) );
+        assertTrue( "Anonymous profile", m_auth.checkStaticPermission( s, WikiPermission.EDIT_PROFILE ) );
+        assertTrue( "Anonymous pages", m_auth.checkStaticPermission( s, WikiPermission.CREATE_PAGES ) );
+        assertFalse( "Anonymous groups", m_auth.checkStaticPermission( s, WikiPermission.CREATE_GROUPS ) );
+
+        s = WikiSessionTest.assertedSession( m_engine, "Jack Sparrow" );
+        assertTrue( "Asserted view", m_auth.checkStaticPermission( s, PagePermission.VIEW ) );
+        assertTrue( "Asserted edit", m_auth.checkStaticPermission( s, PagePermission.EDIT ) );
+        assertTrue( "Asserted comment", m_auth.checkStaticPermission( s, PagePermission.COMMENT ) );
+        assertFalse( "Asserted modify", m_auth.checkStaticPermission( s, PagePermission.MODIFY ) );
+        assertFalse( "Asserted upload", m_auth.checkStaticPermission( s, PagePermission.UPLOAD ) );
+        assertFalse( "Asserted rename", m_auth.checkStaticPermission( s, PagePermission.RENAME ) );
+        assertFalse( "Asserted delete", m_auth.checkStaticPermission( s, PagePermission.DELETE ) );
+        assertTrue( "Asserted prefs", m_auth.checkStaticPermission( s, WikiPermission.EDIT_PREFERENCES ) );
+        assertTrue( "Asserted profile", m_auth.checkStaticPermission( s, WikiPermission.EDIT_PROFILE ) );
+        assertTrue( "Asserted pages", m_auth.checkStaticPermission( s, WikiPermission.CREATE_PAGES ) );
+        assertFalse( "Asserted groups", m_auth.checkStaticPermission( s, WikiPermission.CREATE_GROUPS ) );
+
+        s = WikiSessionTest.authenticatedSession( m_engine, Users.JANNE, Users.JANNE_PASS );
+        assertTrue( "Authenticated view", m_auth.checkStaticPermission( s, PagePermission.VIEW ) );
+        assertTrue( "Authenticated edit", m_auth.checkStaticPermission( s, PagePermission.EDIT ) );
+        assertTrue( "Authenticated comment", m_auth.checkStaticPermission( s, PagePermission.COMMENT ) );
+        assertTrue( "Authenticated modify", m_auth.checkStaticPermission( s, PagePermission.MODIFY ) );
+        assertTrue( "Authenticated upload", m_auth.checkStaticPermission( s, PagePermission.UPLOAD ) );
+        assertTrue( "Authenticated rename", m_auth.checkStaticPermission( s, PagePermission.RENAME ) );
+        assertFalse( "Authenticated delete", m_auth.checkStaticPermission( s, PagePermission.DELETE ) );
+        assertTrue( "Authenticated prefs", m_auth.checkStaticPermission( s, WikiPermission.EDIT_PREFERENCES ) );
+        assertTrue( "Authenticated profile", m_auth.checkStaticPermission( s, WikiPermission.EDIT_PROFILE ) );
+        assertTrue( "Authenticated pages", m_auth.checkStaticPermission( s, WikiPermission.CREATE_PAGES ) );
+        assertTrue( "Authenticated groups", m_auth.checkStaticPermission( s, WikiPermission.CREATE_GROUPS ) );
+
+        s = WikiSessionTest.adminSession( m_engine );
+        assertTrue( "Admin view", m_auth.checkStaticPermission( s, PagePermission.VIEW ) );
+        assertTrue( "Admin edit", m_auth.checkStaticPermission( s, PagePermission.EDIT ) );
+        assertTrue( "Admin comment", m_auth.checkStaticPermission( s, PagePermission.COMMENT ) );
+        assertTrue( "Admin modify", m_auth.checkStaticPermission( s, PagePermission.MODIFY ) );
+        assertTrue( "Admin upload", m_auth.checkStaticPermission( s, PagePermission.UPLOAD ) );
+        assertTrue( "Admin rename", m_auth.checkStaticPermission( s, PagePermission.RENAME ) );
+        // Even though we grant AllPermission in the policy, 'delete' isn't explicit so the check
+        // for delete privileges will fail (but it will succeed if requested via the checkPermission())
+        assertFalse( "Admin delete", m_auth.checkStaticPermission( s, PagePermission.DELETE ) );
+        assertTrue( "Admin prefs", m_auth.checkStaticPermission( s, WikiPermission.EDIT_PREFERENCES ) );
+        assertTrue( "Admin profile", m_auth.checkStaticPermission( s, WikiPermission.EDIT_PROFILE ) );
+        assertTrue( "Admin pages", m_auth.checkStaticPermission( s, WikiPermission.CREATE_PAGES ) );
+        assertTrue( "Admin groups", m_auth.checkStaticPermission( s, WikiPermission.CREATE_GROUPS ) );
+    }
+    
+    public void testAdminView()
+       throws Exception
+    {
+        m_engine.saveText( "TestDefaultPage", "Foo [{ALLOW view FooBar}]" );
+        
+        Principal admin = new GroupPrincipal( "Admin" );
+        WikiSession session = WikiSessionTest.containerAuthenticatedSession(
+                m_engine,
+                Users.ALICE,
+                new Principal[] { admin } );
+
+        assertTrue( "Alice has AllPermission", m_auth.checkPermission( session, 
+                                                                       new AllPermission( m_engine.getApplicationName() )));
+        assertTrue( "Alice cannot read", m_auth.checkPermission( session, 
+                                                                 new PagePermission("TestDefaultPage","view") ) );
+    }
+
+    public void testAdminView2() throws Exception 
+    {
+        m_engine.saveText( "TestDefaultPage", "Foo [{ALLOW view FooBar}]" );
+     
+        WikiSession session = WikiSessionTest.adminSession(m_engine);
+
+        assertTrue( "Alice has AllPermission", m_auth.checkPermission( session, 
+                                                                       new AllPermission( m_engine.getApplicationName() )));
+        assertTrue( "Alice cannot read", m_auth.checkPermission( session, 
+                                                                 new PagePermission("TestDefaultPage","view") ) );
+    }
+
+}

Added: incubator/jspwiki/branches/JSPWIKI_STRIPES_BRANCH/tests/com/ecyrd/jspwiki/auth/GroupManagerTest.java
URL: http://svn.apache.org/viewvc/incubator/jspwiki/branches/JSPWIKI_STRIPES_BRANCH/tests/com/ecyrd/jspwiki/auth/GroupManagerTest.java?rev=627271&view=auto
==============================================================================
--- incubator/jspwiki/branches/JSPWIKI_STRIPES_BRANCH/tests/com/ecyrd/jspwiki/auth/GroupManagerTest.java (added)
+++ incubator/jspwiki/branches/JSPWIKI_STRIPES_BRANCH/tests/com/ecyrd/jspwiki/auth/GroupManagerTest.java Tue Feb 12 22:24:02 2008
@@ -0,0 +1,197 @@
+package com.ecyrd.jspwiki.auth;
+
+import java.security.Principal;
+import java.util.Properties;
+
+import org.apache.commons.lang.ArrayUtils;
+
+import junit.framework.Test;
+import junit.framework.TestCase;
+import junit.framework.TestSuite;
+
+import com.ecyrd.jspwiki.TestEngine;
+import com.ecyrd.jspwiki.WikiException;
+import com.ecyrd.jspwiki.WikiSession;
+import com.ecyrd.jspwiki.WikiSessionTest;
+import com.ecyrd.jspwiki.auth.authorize.Group;
+import com.ecyrd.jspwiki.auth.authorize.GroupManager;
+import com.ecyrd.jspwiki.event.WikiSecurityEvent;
+
+public class GroupManagerTest extends TestCase
+{
+    private TestEngine        m_engine;
+
+    private GroupManager      m_groupMgr;
+
+    private SecurityEventTrap m_trap = new SecurityEventTrap();
+
+    private WikiSession       m_session;
+
+    public GroupManagerTest( String s )
+    {
+        super( s );
+    }
+
+    public void setUp() throws Exception
+    {
+        Properties props = new Properties();
+        props.load( TestEngine.findTestProperties() );
+
+        m_engine = new TestEngine( props );
+        m_groupMgr = m_engine.getGroupManager();
+        m_session = WikiSessionTest.adminSession( m_engine );
+
+        // Flush any pre-existing groups (left over from previous failures, perhaps)
+        try
+        {
+            m_groupMgr.removeGroup( "Test" );
+            m_groupMgr.removeGroup( "Test2" );
+            m_groupMgr.removeGroup( "Test3" );
+        }
+        catch ( NoSuchPrincipalException e )
+        {
+            // It's not a problem if we can't find the principals...
+        }
+
+        m_groupMgr.addWikiEventListener( m_trap );
+        m_trap.clearEvents();
+
+        // Add 3 test groups
+        Group group;
+        group = m_groupMgr.parseGroup( "Test", "Alice \n Bob \n Charlie", true );
+        m_groupMgr.setGroup( m_session, group );
+        group = m_groupMgr.parseGroup( "Test2", "Bob", true );
+        m_groupMgr.setGroup( m_session, group );
+        group = m_groupMgr.parseGroup( "Test3", "Fred Flintstone", true );
+        m_groupMgr.setGroup( m_session, group );
+
+        // We should see 3 events: 1 for each group add
+        assertEquals( 3, m_trap.events().length );
+        m_trap.clearEvents();
+    }
+
+    public void tearDown() throws WikiException
+    {
+        m_groupMgr.removeGroup( "Test" );
+        m_groupMgr.removeGroup( "Test2" );
+        m_groupMgr.removeGroup( "Test3" );
+   }
+
+    public void testParseGroup() throws WikiSecurityException
+    {
+        String members = "Biff";
+        Group group = m_groupMgr.parseGroup( "Group1", members, true );
+        assertEquals( 1, group.getMembers().size() );
+        assertTrue ( group.isMember( new WikiPrincipal( "Biff" ) ) );
+
+        members = "Biff \n SteveAustin \n FredFlintstone";
+        group = m_groupMgr.parseGroup( "Group2", members, true );
+        assertEquals( 3, group.getMembers().size() );
+        assertTrue ( group.isMember( new WikiPrincipal( "Biff" ) ) );
+        assertTrue ( group.isMember( new WikiPrincipal( "SteveAustin" ) ) );
+        assertTrue ( group.isMember( new WikiPrincipal( "FredFlintstone" ) ) );
+    }
+
+    public void testGetRoles()
+    {
+        Principal[] roles = m_groupMgr.getRoles();
+        assertTrue( "Found Test", ArrayUtils.contains( roles, new GroupPrincipal( "Test" ) ) );
+        assertTrue( "Found Test2", ArrayUtils.contains( roles, new GroupPrincipal( "Test2" ) ) );
+        assertTrue( "Found Test3", ArrayUtils.contains( roles, new GroupPrincipal( "Test3" ) ) );
+    }
+
+    public void testGroupMembership() throws Exception
+    {
+        WikiSession s;
+
+        // Anonymous; should belong to NO groups
+        s = WikiSessionTest.anonymousSession( m_engine );
+        assertFalse( m_groupMgr.isUserInRole( s, new GroupPrincipal( "Test" ) ) );
+        assertFalse( m_groupMgr.isUserInRole( s, new GroupPrincipal( "Test2" ) ) );
+        assertFalse( m_groupMgr.isUserInRole( s, new GroupPrincipal( "Test3" ) ) );
+        assertFalse( m_groupMgr.isUserInRole( s, new GroupPrincipal( "NonExistant" ) ) );
+
+        // Alice is asserted; should belong to NO groups
+        s = WikiSessionTest.assertedSession( m_engine, Users.ALICE );
+        assertFalse( m_groupMgr.isUserInRole( s, new GroupPrincipal( "Test" ) ) );
+        assertFalse( m_groupMgr.isUserInRole( s, new GroupPrincipal( "Test2" ) ) );
+        assertFalse( m_groupMgr.isUserInRole( s, new GroupPrincipal( "Test3" ) ) );
+        assertFalse( m_groupMgr.isUserInRole( s, new GroupPrincipal( "NonExistant" ) ) );
+
+        // Alice is authenticated; should belong to Test
+        s = WikiSessionTest.authenticatedSession( m_engine, Users.ALICE, Users.ALICE_PASS );
+        assertTrue( m_groupMgr.isUserInRole( s, new GroupPrincipal( "Test" ) ) );
+        assertFalse( m_groupMgr.isUserInRole( s, new GroupPrincipal( "Test2" ) ) );
+        assertFalse( m_groupMgr.isUserInRole( s, new GroupPrincipal( "Test3" ) ) );
+        assertFalse( m_groupMgr.isUserInRole( s, new GroupPrincipal( "NonExistant" ) ) );
+
+        // Bob is authenticated; should belong to Test & Test2
+        s = WikiSessionTest.authenticatedSession( m_engine, Users.BOB, Users.BOB_PASS );
+        assertTrue( m_groupMgr.isUserInRole( s, new GroupPrincipal( "Test" ) ) );
+        assertTrue( m_groupMgr.isUserInRole( s, new GroupPrincipal( "Test2" ) ) );
+        assertFalse( m_groupMgr.isUserInRole( s, new GroupPrincipal( "Test3" ) ) );
+        assertFalse( m_groupMgr.isUserInRole( s, new GroupPrincipal( "NonExistant" ) ) );
+
+        // Charlie is authenticated; should belong to Test
+        s = WikiSessionTest.authenticatedSession( m_engine, Users.CHARLIE, Users.CHARLIE_PASS );
+        assertTrue( m_groupMgr.isUserInRole( s, new GroupPrincipal( "Test" ) ) );
+        assertFalse( m_groupMgr.isUserInRole( s, new GroupPrincipal( "Test2" ) ) );
+        assertFalse( m_groupMgr.isUserInRole( s, new GroupPrincipal( "Test3" ) ) );
+        assertFalse( m_groupMgr.isUserInRole( s, new GroupPrincipal( "NonExistant" ) ) );
+
+        // Fred is authenticated; should belong to Test3
+        s = WikiSessionTest.authenticatedSession( m_engine, Users.FRED, Users.FRED_PASS );
+        assertFalse( m_groupMgr.isUserInRole( s, new GroupPrincipal( "Test" ) ) );
+        assertFalse( m_groupMgr.isUserInRole( s, new GroupPrincipal( "Test2" ) ) );
+        assertTrue( m_groupMgr.isUserInRole( s, new GroupPrincipal( "Test3" ) ) );
+        assertFalse( m_groupMgr.isUserInRole( s, new GroupPrincipal( "NonExistant" ) ) );
+
+        // Nobody loves Biff!
+        s = WikiSessionTest.authenticatedSession( m_engine, Users.BIFF, Users.BIFF_PASS );
+        assertFalse( m_groupMgr.isUserInRole( s, new GroupPrincipal( "Test" ) ) );
+        assertFalse( m_groupMgr.isUserInRole( s, new GroupPrincipal( "Test2" ) ) );
+        assertFalse( m_groupMgr.isUserInRole( s, new GroupPrincipal( "Test3" ) ) );
+        assertFalse( m_groupMgr.isUserInRole( s, new GroupPrincipal( "NonExistant" ) ) );
+    }
+
+    public void testGroupAddEvents() throws Exception
+    {
+        // Flush any pre-existing groups (left over from previous failures, perhaps)
+        try
+        {
+            m_groupMgr.removeGroup( "Events" );
+        }
+        catch ( NoSuchPrincipalException e )
+        {
+            // It's not a problem if we get here...
+        }
+        m_trap.clearEvents();
+
+        Group group = m_groupMgr.parseGroup( "Events", "", true );
+        m_groupMgr.setGroup( m_session, group );
+        WikiSecurityEvent event;
+        group = m_groupMgr.getGroup( "Events" );
+        group.add( new WikiPrincipal( "Alice" ) );
+        group.add( new WikiPrincipal( "Bob" ) );
+        group.add( new WikiPrincipal( "Charlie" ) );
+
+        // We should see a GROUP_ADD event
+        WikiSecurityEvent[] events = m_trap.events();
+        assertEquals( 1, events.length );
+        event = events[0];
+        assertEquals( m_groupMgr, event.getSource() );
+        assertEquals( WikiSecurityEvent.GROUP_ADD, event.getType() );
+        assertEquals( group, event.getTarget() );
+
+        // Clean up
+        m_groupMgr.removeGroup( "Events" );
+    }
+
+    public static Test suite()
+    {
+        TestSuite suite = new TestSuite("Group manager tests");
+        suite.addTestSuite( GroupManagerTest.class );
+        return suite;
+    }
+
+}

Added: incubator/jspwiki/branches/JSPWIKI_STRIPES_BRANCH/tests/com/ecyrd/jspwiki/auth/SecurityEventTrap.java
URL: http://svn.apache.org/viewvc/incubator/jspwiki/branches/JSPWIKI_STRIPES_BRANCH/tests/com/ecyrd/jspwiki/auth/SecurityEventTrap.java?rev=627271&view=auto
==============================================================================
--- incubator/jspwiki/branches/JSPWIKI_STRIPES_BRANCH/tests/com/ecyrd/jspwiki/auth/SecurityEventTrap.java (added)
+++ incubator/jspwiki/branches/JSPWIKI_STRIPES_BRANCH/tests/com/ecyrd/jspwiki/auth/SecurityEventTrap.java Tue Feb 12 22:24:02 2008
@@ -0,0 +1,48 @@
+package com.ecyrd.jspwiki.auth;
+
+import java.util.ArrayList;
+import java.util.List;
+
+import com.ecyrd.jspwiki.event.WikiEvent;
+import com.ecyrd.jspwiki.event.WikiEventListener;
+import com.ecyrd.jspwiki.event.WikiSecurityEvent;
+
+/**
+ * Traps the most recent WikiEvent so that it can be used in assertions.
+ * @author Andrew Jaquith
+ * @since 2.3.79
+ */
+public class SecurityEventTrap implements WikiEventListener
+{
+    private WikiSecurityEvent m_lastEvent = null;
+    private List<WikiSecurityEvent> m_events = new ArrayList<WikiSecurityEvent>();
+
+    public void actionPerformed( WikiEvent event )
+    {
+        if ( event instanceof WikiSecurityEvent )
+        {
+            m_lastEvent = (WikiSecurityEvent)event;
+            m_events.add( (WikiSecurityEvent)event );
+        }
+        else
+        {
+            throw new IllegalArgumentException( "Event wasn't a WikiSecurityEvent. Check the unit test code!" );
+        }
+    }
+    
+    public WikiSecurityEvent lastEvent()
+    {
+        return m_lastEvent;
+    }
+    
+    public void clearEvents()
+    {
+        m_events.clear();
+    }
+    
+    public WikiSecurityEvent[] events() 
+    {
+        return m_events.toArray(new WikiSecurityEvent[m_events.size()]);
+    }
+
+}

Added: incubator/jspwiki/branches/JSPWIKI_STRIPES_BRANCH/tests/com/ecyrd/jspwiki/auth/UserManagerTest.java
URL: http://svn.apache.org/viewvc/incubator/jspwiki/branches/JSPWIKI_STRIPES_BRANCH/tests/com/ecyrd/jspwiki/auth/UserManagerTest.java?rev=627271&view=auto
==============================================================================
--- incubator/jspwiki/branches/JSPWIKI_STRIPES_BRANCH/tests/com/ecyrd/jspwiki/auth/UserManagerTest.java (added)
+++ incubator/jspwiki/branches/JSPWIKI_STRIPES_BRANCH/tests/com/ecyrd/jspwiki/auth/UserManagerTest.java Tue Feb 12 22:24:02 2008
@@ -0,0 +1,404 @@
+package com.ecyrd.jspwiki.auth;
+import java.security.Principal;
+import java.util.Collection;
+import java.util.List;
+import java.util.Properties;
+
+import org.apache.commons.lang.ArrayUtils;
+
+import junit.framework.TestCase;
+
+import com.ecyrd.jspwiki.*;
+import com.ecyrd.jspwiki.auth.authorize.Group;
+import com.ecyrd.jspwiki.auth.authorize.GroupManager;
+import com.ecyrd.jspwiki.auth.permissions.PermissionFactory;
+import com.ecyrd.jspwiki.auth.user.*;
+import com.ecyrd.jspwiki.workflow.*;
+
+
+
+/**
+ * @author Andrew Jaquith
+ */
+public class UserManagerTest extends TestCase
+{
+
+  private TestEngine m_engine;
+  private UserManager m_mgr;
+  private UserDatabase m_db;
+  
+  /**
+   * @see junit.framework.TestCase#setUp()
+   */
+  protected void setUp() throws Exception
+  {
+    super.setUp();
+    Properties props = new Properties();
+    props.load( TestEngine.findTestProperties() );
+    
+    // Make sure user profile save workflow is OFF
+    props.remove( "jspwiki.approver"+UserManager.SAVE_APPROVER );
+    
+    // Make sure we are using the XML user database
+    props.put( XMLUserDatabase.PROP_USERDATABASE, "tests/etc/userdatabase.xml" );
+    m_engine  = new TestEngine( props );
+    m_mgr = m_engine.getUserManager();
+    m_db = m_mgr.getUserDatabase();
+  }
+  
+  /** Call this setup program to use the save-profile workflow. */
+  protected void setUpWithWorkflow() throws Exception
+  {
+      Properties props = new Properties();
+      props.load( TestEngine.findTestProperties() );
+      
+      // Turn on user profile saves by the Admin group
+      props.put( "jspwiki.approver."+UserManager.SAVE_APPROVER, "Admin" );
+      
+      // Make sure we are using the XML user database
+      props.put( XMLUserDatabase.PROP_USERDATABASE, "tests/etc/userdatabase.xml" );
+      m_engine  = new TestEngine( props );
+      m_mgr = m_engine.getUserManager();
+      m_db = m_mgr.getUserDatabase();
+  }
+  
+  public void testSetRenamedUserProfile() throws Exception
+  {
+      // First, count the number of users, groups, and pages
+      int oldUserCount = m_db.getWikiNames().length;
+      GroupManager groupManager = m_engine.getGroupManager();
+      PageManager pageManager = m_engine.getPageManager();
+      AuthorizationManager authManager = m_engine.getAuthorizationManager();
+      int oldGroupCount = groupManager.getRoles().length;
+      int oldPageCount = pageManager.getTotalPageCount();
+      
+      // Setup Step 1: create a new user with random name
+      WikiSession session = m_engine.guestSession();
+      long now = System.currentTimeMillis();
+      String oldLogin     = "TestLogin" + now;
+      String oldName      = "Test User " + now;
+      String newLogin     = "RenamedLogin" + now;
+      String newName      = "Renamed User " + now;
+      UserProfile profile = new DefaultUserProfile();
+      profile.setEmail( "testuser@testville.com" );
+      profile.setLoginName( oldLogin );
+      profile.setFullname ( oldName );
+      profile.setPassword ( "password" );
+      m_mgr.setUserProfile( session, profile );
+      
+      // 1a. Make sure the profile saved successfully
+      profile = m_mgr.getUserProfile( session );
+      assertEquals( oldLogin, profile.getLoginName() );
+      assertEquals( oldName, profile.getFullname() );
+      assertEquals( oldUserCount+1, m_db.getWikiNames().length );
+      
+      // Setup Step 2: create a new group with our test user in it
+      String groupName = "Group"+now;
+      Group group = groupManager.parseGroup( groupName, "Alice \n Bob \n Charlie \n " + oldLogin + "\n" + oldName, true );
+      groupManager.setGroup( session, group );
+      
+      // 2a. Make sure the group is created with the user in it, and the role is added to the Subject
+      assertEquals( oldGroupCount+1, groupManager.getRoles().length );
+      assertTrue  ( group.isMember( new WikiPrincipal( oldLogin ) ) );
+      assertTrue  ( group.isMember( new WikiPrincipal( oldName  ) ) );
+      assertFalse ( group.isMember( new WikiPrincipal( newLogin ) ) );
+      assertFalse ( group.isMember( new WikiPrincipal( newName  ) ) );
+      assertTrue  ( groupManager.isUserInRole( session, group.getPrincipal() ) );
+      
+      // Setup Step 3: create a new page with our test user in the ACL
+      String pageName = "TestPage" + now;
+      m_engine.saveText( pageName, "Test text. [{ALLOW view " + oldName + ", " + oldLogin + ", Alice}] More text." );
+      
+      // 3a. Make sure the page got saved, and that ONLY our test user has permission to read it.
+      WikiPage p = m_engine.getPage( pageName );
+      assertEquals ( oldPageCount+1, pageManager.getTotalPageCount() );
+      assertNotNull( p.getAcl().getEntry( new WikiPrincipal( oldLogin ) ) );
+      assertNotNull( p.getAcl().getEntry( new WikiPrincipal( oldName  ) ) );
+      assertNull   ( p.getAcl().getEntry( new WikiPrincipal( newLogin ) ) );
+      assertNull   ( p.getAcl().getEntry( new WikiPrincipal( newName  ) ) );
+      assertTrue   ( "Test User view page", authManager.checkPermission( session, PermissionFactory.getPagePermission( p, "view" ) ) );
+      WikiSession bobSession = WikiSessionTest.authenticatedSession( m_engine, Users.BOB, Users.BOB_PASS );
+      assertFalse  ( "Bob !view page", authManager.checkPermission( bobSession, PermissionFactory.getPagePermission( p, "view" ) ) );
+      
+      // Setup Step 4: change the user name in the profile and see what happens
+      profile = new DefaultUserProfile();
+      profile.setEmail    ( "testuser@testville.com" );
+      profile.setLoginName( oldLogin );
+      profile.setFullname ( newName );
+      profile.setPassword ( "password" );
+      m_mgr.setUserProfile( session, profile );
+      
+      // Test 1: the wiki session should have the new wiki name in Subject
+      Principal[] principals = session.getPrincipals();
+      assertTrue ( ArrayUtils.contains( principals, new WikiPrincipal( oldLogin ) ) );
+      assertFalse( ArrayUtils.contains( principals, new WikiPrincipal( oldName  ) ) );
+      assertFalse( ArrayUtils.contains( principals, new WikiPrincipal( newLogin ) ) );
+      assertTrue ( ArrayUtils.contains( principals, new WikiPrincipal( newName  ) ) );
+      
+      // Test 2: our group should not contain the old name OR login name any more
+      // (the full name is always used)
+      group = groupManager.getGroup( groupName );
+      assertFalse( group.isMember( new WikiPrincipal( oldLogin ) ) );
+      assertFalse( group.isMember( new WikiPrincipal( oldName  ) ) );
+      assertFalse( group.isMember( new WikiPrincipal( newLogin ) ) );
+      assertTrue ( group.isMember( new WikiPrincipal( newName  ) ) );
+      
+      // Test 3: our page should not contain the old wiki name OR login name
+      // in the ACL any more (the full name is always used)
+      p = m_engine.getPage( pageName );
+      assertNull   ( p.getAcl().getEntry( new WikiPrincipal( oldLogin ) ) );
+      assertNull   ( p.getAcl().getEntry( new WikiPrincipal( oldName  ) ) );
+      assertNull   ( p.getAcl().getEntry( new WikiPrincipal( newLogin ) ) );
+      assertNotNull( p.getAcl().getEntry( new WikiPrincipal( newName  ) ) );
+      assertTrue( "Test User view page", authManager.checkPermission( session, PermissionFactory.getPagePermission( p, "view" ) ) );
+      assertFalse( "Bob !view page", authManager.checkPermission( bobSession, PermissionFactory.getPagePermission( p, "view" ) ) );
+      
+      // Test 4: our page text should have been re-written
+      // (The new full name should be in the ACL, but the login name should have been removed)
+      String expectedText = "[{ALLOW view Alice," + newName + "}]\nTest text.  More text.\r\n";
+      String actualText = m_engine.getText( pageName );
+      assertEquals( expectedText, actualText );
+      
+      // Remove our test page
+      m_engine.deletePage( pageName );
+      
+      // Setup Step 6: re-create the group with our old test user names in it
+      group = groupManager.parseGroup( groupName, "Alice \n Bob \n Charlie \n " + oldLogin + "\n" + oldName, true );
+      groupManager.setGroup( session, group );
+      
+      // Setup Step 7: Save a new page with the old login/wiki names in the ACL again
+      // The test user should still be able to see the page (because the login name matches...)
+      pageName = "TestPage2" + now;
+      m_engine.saveText( pageName, "More test text. [{ALLOW view " + oldName + ", " + oldLogin + ", Alice}] More text." );
+      p = m_engine.getPage( pageName );
+      assertEquals ( oldPageCount+1, pageManager.getTotalPageCount() );
+      assertNotNull( p.getAcl().getEntry( new WikiPrincipal( oldLogin ) ) );
+      assertNotNull( p.getAcl().getEntry( new WikiPrincipal( oldName  ) ) );
+      assertNull   ( p.getAcl().getEntry( new WikiPrincipal( newLogin ) ) );
+      assertNull   ( p.getAcl().getEntry( new WikiPrincipal( newName  ) ) );
+      assertTrue   ( "Test User view page", authManager.checkPermission( session, PermissionFactory.getPagePermission( p, "view" ) ) );
+      assertFalse  ( "Bob !view page", authManager.checkPermission( bobSession, PermissionFactory.getPagePermission( p, "view" ) ) );
+      
+      // Setup Step 8: re-save the profile with the new login name
+      profile = new DefaultUserProfile();
+      profile.setEmail    ( "testuser@testville.com" );
+      profile.setLoginName( newLogin );
+      profile.setFullname ( oldName );
+      profile.setPassword ( "password" );
+      m_mgr.setUserProfile( session, profile );
+
+      // Test 5: the wiki session should have the new login name in Subject
+      principals = session.getPrincipals();
+      assertFalse( ArrayUtils.contains( principals, new WikiPrincipal( oldLogin ) ) );
+      assertTrue ( ArrayUtils.contains( principals, new WikiPrincipal( oldName  ) ) );
+      assertTrue ( ArrayUtils.contains( principals, new WikiPrincipal( newLogin ) ) );
+      assertFalse( ArrayUtils.contains( principals, new WikiPrincipal( newName  ) ) );
+      
+      // Test 6: our group should not contain the old name OR login name any more
+      // (the full name is always used)
+      group = groupManager.getGroup( groupName );
+      assertFalse( group.isMember( new WikiPrincipal( oldLogin ) ) );
+      assertTrue ( group.isMember( new WikiPrincipal( oldName  ) ) );
+      assertFalse( group.isMember( new WikiPrincipal( newLogin ) ) );
+      assertFalse( group.isMember( new WikiPrincipal( newName  ) ) );
+      
+      // Test 7: our page should not contain the old wiki name OR login name
+      // in the ACL any more (the full name is always used)
+      p = m_engine.getPage( pageName );
+      assertNull   ( p.getAcl().getEntry( new WikiPrincipal( oldLogin ) ) );
+      assertNotNull( p.getAcl().getEntry( new WikiPrincipal( oldName  ) ) );
+      assertNull   ( p.getAcl().getEntry( new WikiPrincipal( newLogin ) ) );
+      assertNull   ( p.getAcl().getEntry( new WikiPrincipal( newName  ) ) );
+      assertTrue( "Test User view page", authManager.checkPermission( session, PermissionFactory.getPagePermission( p, "view" ) ) );
+      assertFalse( "Bob !view page", authManager.checkPermission( bobSession, PermissionFactory.getPagePermission( p, "view" ) ) );
+      
+      // Test 8: our page text should have been re-written
+      // (The new full name should be in the ACL, but the login name should have been removed)
+      expectedText = "[{ALLOW view Alice," + oldName + "}]\nMore test text.  More text.\r\n";
+      actualText = m_engine.getText( pageName );
+      assertEquals( expectedText, actualText );
+      
+      // CLEANUP: delete the profile; user and page; should be back to old counts
+      m_db.deleteByLoginName( newLogin );
+      assertEquals( oldUserCount, m_db.getWikiNames().length );
+      
+      groupManager.removeGroup( group.getName() );
+      assertEquals( oldGroupCount, groupManager.getRoles().length );
+      
+      m_engine.deletePage( pageName );
+      assertEquals( oldPageCount, pageManager.getTotalPageCount() );
+  }
+
+  public void testSetUserProfile() throws Exception
+  {
+      // First, count the number of users in the db now.
+      int oldUserCount = m_db.getWikiNames().length;
+      
+      // Create a new user with random name
+      WikiSession session = m_engine.guestSession();
+      String loginName = "TestUser" + String.valueOf( System.currentTimeMillis() );
+      UserProfile profile = new DefaultUserProfile();
+      profile.setEmail( "testuser@testville.com" );
+      profile.setLoginName( loginName );
+      profile.setFullname( "FullName"+loginName );
+      profile.setPassword( "password");
+      m_mgr.setUserProfile( session, profile );
+      
+      // Make sure the profile saved successfully
+      profile = m_mgr.getUserProfile( session );
+      assertEquals( loginName, profile.getLoginName() );
+      assertEquals( oldUserCount+1, m_db.getWikiNames().length );
+
+      // Now delete the profile; should be back to old count
+      m_db.deleteByLoginName( loginName );
+      assertEquals( oldUserCount, m_db.getWikiNames().length );
+  }
+
+  public void testSetUserProfileWithApproval() throws Exception
+  {
+      setUpWithWorkflow();
+      
+      // First, count the number of users in the db now.
+      int oldUserCount = m_db.getWikiNames().length;
+      
+      // Create a new user with random name
+      WikiSession session = m_engine.guestSession();
+      String loginName = "TestUser" + String.valueOf( System.currentTimeMillis() );
+      UserProfile profile = new DefaultUserProfile();
+      profile.setEmail( "testuser@testville.com" );
+      profile.setLoginName( loginName );
+      profile.setFullname( "FullName"+loginName );
+      profile.setPassword( "password");
+      
+      // Because user profile saves require approvals, we will catch a Redirect
+      try 
+      {
+          m_mgr.setUserProfile( session, profile );
+          fail( "We should have caught a DecisionRequiredException caused by approval!" );
+      }
+      catch ( DecisionRequiredException e )
+      {
+      }
+      
+      // The user should NOT be saved yet
+      assertEquals( oldUserCount, m_db.getWikiNames().length );
+      
+      // Now, look in Admin's queue, and verify there's a pending Decision there
+      DecisionQueue dq = m_engine.getWorkflowManager().getDecisionQueue();
+      Collection decisions = dq.getActorDecisions( m_engine.adminSession() );
+      assertEquals( 1, decisions.size() );
+
+      // Verify that the Decision has all the facts and attributes we need
+      Decision d = (Decision)decisions.iterator().next();
+      List facts = d.getFacts();
+      assertEquals( new Fact( UserManager.PREFS_FULL_NAME, profile.getFullname() ), facts.get(0) );
+      assertEquals( new Fact( UserManager.PREFS_LOGIN_NAME, profile.getLoginName() ), facts.get(1) );
+      assertEquals( new Fact( UserManager.FACT_SUBMITTER, session.getUserPrincipal().getName() ), facts.get(2) );
+      assertEquals( new Fact( UserManager.PREFS_EMAIL, profile.getEmail() ), facts.get(3) );
+      assertEquals( profile, d.getWorkflow().getAttribute( UserManager.SAVED_PROFILE ) );
+      
+      // Approve the profile
+      d.decide( Outcome.DECISION_APPROVE );
+      
+      // Make sure the profile saved successfully
+      assertEquals( oldUserCount+1, m_db.getWikiNames().length );
+
+      // Now delete the profile; should be back to old count
+      m_db.deleteByLoginName( loginName );
+      assertEquals( oldUserCount, m_db.getWikiNames().length );
+  }
+  
+  public void testSetUserProfileWithDenial() throws Exception
+  {
+      setUpWithWorkflow();
+      
+      // First, count the number of users in the db now.
+      int oldUserCount = m_db.getWikiNames().length;
+      
+      // Create a new user with random name
+      WikiSession session = m_engine.guestSession();
+      String loginName = "TestUser" + String.valueOf( System.currentTimeMillis() );
+      UserProfile profile = new DefaultUserProfile();
+      profile.setEmail( "testuser@testville.com" );
+      profile.setLoginName( loginName );
+      profile.setFullname( "FullName"+loginName );
+      profile.setPassword( "password");
+      
+      // Because user profile saves require approvals, we will catch a Redirect
+      try 
+      {
+          m_mgr.setUserProfile( session, profile );
+          fail( "We should have caught a DecisionRequiredException caused by approval!" );
+      }
+      catch ( DecisionRequiredException e )
+      {
+      }
+      
+      // The user should NOT be saved yet
+      assertEquals( oldUserCount, m_db.getWikiNames().length );
+      
+      // Now, look in Admin's queue, and verify there's a pending Decision there
+      DecisionQueue dq = m_engine.getWorkflowManager().getDecisionQueue();
+      Collection decisions = dq.getActorDecisions( m_engine.adminSession() );
+      assertEquals( 1, decisions.size() );
+
+      // Verify that the Decision has all the facts and attributes we need
+      Decision d = (Decision)decisions.iterator().next();
+      List facts = d.getFacts();
+      assertEquals( new Fact( UserManager.PREFS_FULL_NAME, profile.getFullname() ), facts.get(0) );
+      assertEquals( new Fact( UserManager.PREFS_LOGIN_NAME, profile.getLoginName() ), facts.get(1) );
+      assertEquals( new Fact( UserManager.FACT_SUBMITTER, session.getUserPrincipal().getName() ), facts.get(2) );
+      assertEquals( new Fact( UserManager.PREFS_EMAIL, profile.getEmail() ), facts.get(3) );
+      assertEquals( profile, d.getWorkflow().getAttribute( UserManager.SAVED_PROFILE ) );
+      
+      // Approve the profile
+      d.decide( Outcome.DECISION_DENY );
+      
+      // Make sure the profile did NOT save
+      assertEquals( oldUserCount, m_db.getWikiNames().length );
+  }
+  
+  public void testSetCollidingUserProfile() throws Exception
+  {
+      // First, count the number of users in the db now.
+      int oldUserCount = m_db.getWikiNames().length;
+      
+      // Create a new user with random name
+      WikiSession session = m_engine.guestSession();
+      String loginName = "TestUser" + String.valueOf( System.currentTimeMillis() );
+      UserProfile profile = new DefaultUserProfile();
+      profile.setEmail( "testuser@testville.com" );
+      profile.setLoginName( loginName );
+      profile.setFullname( "FullName"+loginName );
+      profile.setPassword( "password");
+      
+      // Set the login name to collide with Janne's: should prohibit saving
+      profile.setLoginName( "janne" );
+      try 
+      {
+          m_mgr.setUserProfile( session, profile );
+          fail( "UserManager allowed saving of user with login name 'janne', but it shouldn't have." ); 
+      }
+      catch ( DuplicateUserException e )
+      {
+          // Good! That's what we expected; reset for next test
+          profile.setLoginName( loginName );
+      }
+            
+      // Set the login name to collide with Janne's: should prohibit saving
+      profile.setFullname( "Janne Jalkanen" );
+      try 
+      {
+          m_mgr.setUserProfile( session, profile );
+          fail( "UserManager allowed saving of user with login name 'janne', but it shouldn't have." ); 
+      }
+      catch ( DuplicateUserException e )
+      {
+          // Good! That's what we expected
+      }
+      
+      // There shouldn't have been any users added
+      assertEquals( oldUserCount, m_db.getWikiNames().length );
+  }
+  
+}

Propchange: incubator/jspwiki/branches/JSPWIKI_STRIPES_BRANCH/tests/com/ecyrd/jspwiki/auth/UserManagerTest.java
------------------------------------------------------------------------------
    svn:executable = *

Added: incubator/jspwiki/branches/JSPWIKI_STRIPES_BRANCH/tests/com/ecyrd/jspwiki/auth/Users.java
URL: http://svn.apache.org/viewvc/incubator/jspwiki/branches/JSPWIKI_STRIPES_BRANCH/tests/com/ecyrd/jspwiki/auth/Users.java?rev=627271&view=auto
==============================================================================
--- incubator/jspwiki/branches/JSPWIKI_STRIPES_BRANCH/tests/com/ecyrd/jspwiki/auth/Users.java (added)
+++ incubator/jspwiki/branches/JSPWIKI_STRIPES_BRANCH/tests/com/ecyrd/jspwiki/auth/Users.java Tue Feb 12 22:24:02 2008
@@ -0,0 +1,26 @@
+package com.ecyrd.jspwiki.auth;
+
+public class Users
+{
+
+    public static final String ADMIN = "admin";
+    public static final String ADMIN_PASS = "myP@5sw0rd";
+
+    public static final String ALICE = "Alice";
+    public static final String ALICE_PASS = "password";
+
+    public static final String BOB = "Bob";
+    public static final String BOB_PASS = "password";
+    
+    public static final String CHARLIE = "Charlie";
+    public static final String CHARLIE_PASS = "password";
+    
+    public static final String FRED = "Fred";
+    public static final String FRED_PASS = "password";
+    
+    public static final String BIFF = "Biff";
+    public static final String BIFF_PASS = "password";
+    
+    public static final String JANNE = "janne";
+    public static final String JANNE_PASS = "myP@5sw0rd";
+}

Added: incubator/jspwiki/branches/JSPWIKI_STRIPES_BRANCH/tests/com/ecyrd/jspwiki/auth/acl/AclEntryImplTest.java
URL: http://svn.apache.org/viewvc/incubator/jspwiki/branches/JSPWIKI_STRIPES_BRANCH/tests/com/ecyrd/jspwiki/auth/acl/AclEntryImplTest.java?rev=627271&view=auto
==============================================================================
--- incubator/jspwiki/branches/JSPWIKI_STRIPES_BRANCH/tests/com/ecyrd/jspwiki/auth/acl/AclEntryImplTest.java (added)
+++ incubator/jspwiki/branches/JSPWIKI_STRIPES_BRANCH/tests/com/ecyrd/jspwiki/auth/acl/AclEntryImplTest.java Tue Feb 12 22:24:02 2008
@@ -0,0 +1,113 @@
+/*
+    JSPWiki - a JSP-based WikiWiki clone.
+
+    Copyright (C) 2001-2007 Janne Jalkanen (Janne.Jalkanen@iki.fi)
+
+    This program is free software; you can redistribute it and/or modify
+    it under the terms of the GNU Lesser General Public License as published by
+    the Free Software Foundation; either version 2.1 of the License, or
+    (at your option) any later version.
+
+    This program is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+    GNU Lesser General Public License for more details.
+
+    You should have received a copy of the GNU Lesser General Public License
+    along with this program; if not, write to the Free Software
+    Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ */
+package com.ecyrd.jspwiki.auth.acl;
+
+import junit.framework.Test;
+import junit.framework.TestCase;
+import junit.framework.TestSuite;
+
+import com.ecyrd.jspwiki.auth.acl.AclEntryImpl;
+import com.ecyrd.jspwiki.auth.permissions.PagePermission;
+import com.ecyrd.jspwiki.auth.permissions.PermissionFactory;
+
+public class AclEntryImplTest
+    extends TestCase
+{
+    AclEntryImpl m_ae;
+
+    public AclEntryImplTest( String s )
+    {
+        super( s );
+    }
+
+    public void setUp()
+    {
+        m_ae = new AclEntryImpl();
+    }
+
+    public void tearDown()
+    {
+    }
+
+    public void testAddPermission()
+    {
+        m_ae.addPermission( PagePermission.VIEW );
+
+        assertTrue( "no permission", m_ae.checkPermission( PagePermission.VIEW ) );
+        assertFalse( "permission found", m_ae.checkPermission( PagePermission.EDIT ) );
+    }
+
+
+    public void testAddPermission2()
+    {
+        m_ae.addPermission( PagePermission.VIEW );
+        m_ae.addPermission( PagePermission.EDIT );
+
+        assertTrue( "no editpermission", m_ae.checkPermission( PagePermission.EDIT ) );
+        assertTrue( "no viewpermission", m_ae.checkPermission( PagePermission.VIEW ) );
+    }
+
+    public void testAddPermission3()
+    {
+        m_ae.addPermission( PagePermission.COMMENT );
+
+        assertFalse( "has edit permission", m_ae.checkPermission( PagePermission.EDIT ) );
+    }
+
+    public void testAddPermission4()
+    {
+        m_ae.addPermission( PagePermission.EDIT );
+
+        assertTrue( "has comment permission", m_ae.checkPermission( PagePermission.COMMENT ) );
+    }
+
+    public void testAddPermission5()
+    {
+        m_ae.addPermission( PagePermission.VIEW );
+
+        assertTrue( "has view all", m_ae.checkPermission( PagePermission.VIEW ) );
+        assertTrue( "has view on single page", m_ae.checkPermission( PermissionFactory.getPagePermission( "mywiki:SamplePage", "view" ) ) );
+    }
+
+    public void testRemovePermission()
+    {
+        m_ae.addPermission( PagePermission.VIEW );
+        m_ae.addPermission( PagePermission.EDIT );
+
+        assertTrue( "has edit permission", m_ae.checkPermission( PagePermission.EDIT ) );
+        assertTrue( "has view permission", m_ae.checkPermission( PagePermission.VIEW ) );
+
+        m_ae.removePermission( PagePermission.EDIT );
+
+        assertFalse( "no edit permission", m_ae.checkPermission( PagePermission.EDIT ) );
+        assertTrue( "has view permission", m_ae.checkPermission( PagePermission.VIEW ) );
+    }
+
+    public void testDefaults()
+    {
+        assertFalse( "elements", m_ae.permissions().hasMoreElements() );
+        assertNull( "principal", m_ae.getPrincipal() );
+    }
+
+    public static Test suite()
+    {
+        return new TestSuite( AclEntryImplTest.class );
+    }
+}

Added: incubator/jspwiki/branches/JSPWIKI_STRIPES_BRANCH/tests/com/ecyrd/jspwiki/auth/acl/AclImplTest.java
URL: http://svn.apache.org/viewvc/incubator/jspwiki/branches/JSPWIKI_STRIPES_BRANCH/tests/com/ecyrd/jspwiki/auth/acl/AclImplTest.java?rev=627271&view=auto
==============================================================================
--- incubator/jspwiki/branches/JSPWIKI_STRIPES_BRANCH/tests/com/ecyrd/jspwiki/auth/acl/AclImplTest.java (added)
+++ incubator/jspwiki/branches/JSPWIKI_STRIPES_BRANCH/tests/com/ecyrd/jspwiki/auth/acl/AclImplTest.java Tue Feb 12 22:24:02 2008
@@ -0,0 +1,239 @@
+/*
+    JSPWiki - a JSP-based WikiWiki clone.
+
+    Copyright (C) 2001-2007 Janne Jalkanen (Janne.Jalkanen@iki.fi)
+
+    This program is free software; you can redistribute it and/or modify
+    it under the terms of the GNU Lesser General Public License as published by
+    the Free Software Foundation; either version 2.1 of the License, or
+    (at your option) any later version.
+
+    This program is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+    GNU Lesser General Public License for more details.
+
+    You should have received a copy of the GNU Lesser General Public License
+    along with this program; if not, write to the Free Software
+    Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ */
+package com.ecyrd.jspwiki.auth.acl;
+
+import java.security.Principal;
+import java.util.HashMap;
+import java.util.Map;
+import java.util.Properties;
+
+import junit.framework.Test;
+import junit.framework.TestCase;
+import junit.framework.TestSuite;
+
+import com.ecyrd.jspwiki.TestEngine;
+import com.ecyrd.jspwiki.WikiEngine;
+import com.ecyrd.jspwiki.WikiSession;
+import com.ecyrd.jspwiki.WikiSessionTest;
+import com.ecyrd.jspwiki.auth.GroupPrincipal;
+import com.ecyrd.jspwiki.auth.WikiPrincipal;
+import com.ecyrd.jspwiki.auth.acl.AclEntry;
+import com.ecyrd.jspwiki.auth.acl.AclEntryImpl;
+import com.ecyrd.jspwiki.auth.acl.AclImpl;
+import com.ecyrd.jspwiki.auth.authorize.Group;
+import com.ecyrd.jspwiki.auth.authorize.GroupManager;
+import com.ecyrd.jspwiki.auth.permissions.PagePermission;
+
+public class AclImplTest extends TestCase
+{
+    private AclImpl      m_acl;
+
+    private AclImpl      m_aclGroup;
+
+    private Map<String,Group>          m_groups;
+
+    private GroupManager m_groupMgr;
+
+    private WikiSession  m_session;
+
+    public AclImplTest( String s )
+    {
+        super( s );
+    }
+
+    /**
+     * We setup the following rules: Alice = may view Bob = may view, may edit
+     * Charlie = may view Dave = may view, may comment groupAcl: FooGroup =
+     * Alice, Bob - may edit BarGroup = Bob, Charlie - may view
+     */
+    public void setUp() throws Exception
+    {
+        super.setUp();
+        Properties props = new Properties();
+        props.load( TestEngine.findTestProperties() );
+        TestEngine engine  = new TestEngine( props );
+        m_groupMgr = engine.getGroupManager();
+        m_session = WikiSessionTest.adminSession( engine );
+
+        m_acl = new AclImpl();
+        m_aclGroup = new AclImpl();
+        m_groups = new HashMap<String,Group>();
+        Principal uAlice = new WikiPrincipal( "Alice" );
+        Principal uBob = new WikiPrincipal( "Bob" );
+        Principal uCharlie = new WikiPrincipal( "Charlie" );
+        Principal uDave = new WikiPrincipal( "Dave" );
+
+        //  Alice can view
+        AclEntry ae = new AclEntryImpl();
+        ae.addPermission( PagePermission.VIEW );
+        ae.setPrincipal( uAlice );
+
+        //  Charlie can view
+        AclEntry ae2 = new AclEntryImpl();
+        ae2.addPermission( PagePermission.VIEW );
+        ae2.setPrincipal( uCharlie );
+
+        //  Bob can view and edit (and by implication, comment)
+        AclEntry ae3 = new AclEntryImpl();
+        ae3.addPermission( PagePermission.VIEW );
+        ae3.addPermission( PagePermission.EDIT );
+        ae3.setPrincipal( uBob );
+
+        // Dave can view and comment
+        AclEntry ae4 = new AclEntryImpl();
+        ae4.addPermission( PagePermission.VIEW );
+        ae4.addPermission( PagePermission.COMMENT );
+        ae4.setPrincipal( uDave );
+
+        // Create ACL with Alice, Bob, Charlie, Dave
+        m_acl.addEntry( ae );
+        m_acl.addEntry( ae2 );
+        m_acl.addEntry( ae3 );
+        m_acl.addEntry( ae4 );
+
+        // Foo group includes Alice and Bob
+        Group foo = m_groupMgr.parseGroup( "FooGroup", "", true );
+        m_groupMgr.setGroup( m_session, foo );
+        foo.add( uAlice );
+        foo.add( uBob );
+        AclEntry ag1 = new AclEntryImpl();
+        ag1.setPrincipal( foo.getPrincipal() );
+        ag1.addPermission( PagePermission.EDIT );
+        m_aclGroup.addEntry( ag1 );
+        m_groups.put( "FooGroup", foo );
+
+        // Bar group includes Bob and Charlie
+        Group bar = m_groupMgr.parseGroup( "BarGroup", "", true );
+        m_groupMgr.setGroup( m_session, bar );
+        bar.add( uBob );
+        bar.add( uCharlie );
+        AclEntry ag2 = new AclEntryImpl();
+        ag2.setPrincipal( bar.getPrincipal() );
+        ag2.addPermission( PagePermission.VIEW );
+        m_aclGroup.addEntry( ag2 );
+        m_groups.put( "BarGroup", bar );
+    }
+
+    public void tearDown() throws Exception
+    {
+        m_groupMgr.removeGroup( "FooGroup" );
+        m_groupMgr.removeGroup( "BarGroup" );
+    }
+
+    private boolean inArray( Object[] array, Object key )
+    {
+        for( int i = 0; i < array.length; i++ )
+        {
+            if ( array[i].equals( key ) )
+            {
+                return true;
+            }
+        }
+        return false;
+    }
+
+    private boolean inGroup( Object[] array, Principal key )
+    {
+        for( int i = 0; i < array.length; i++ )
+        {
+            if ( array[i] instanceof GroupPrincipal )
+            {
+                String groupName = ((GroupPrincipal)array[i]).getName();
+                Group group = m_groups.get( groupName );
+                if ( group != null && group.isMember( key ) )
+                {
+                    return true;
+                }
+            }
+        }
+        return false;
+    }
+
+    public void testAlice()
+    {
+        // Alice should be able to view but not edit or comment
+        Principal wup = new WikiPrincipal( "Alice" );
+        assertTrue( "view", inArray( m_acl.findPrincipals( PagePermission.VIEW ), wup ) );
+        assertFalse( "edit", inArray( m_acl.findPrincipals( PagePermission.EDIT ), wup ) );
+        assertFalse( "comment", inArray( m_acl.findPrincipals( PagePermission.COMMENT ), wup ) );
+    }
+
+    public void testBob()
+    {
+        // Bob should be able to view, edit, and comment but not delete
+        Principal wup = new WikiPrincipal( "Bob" );
+        assertTrue( "view", inArray( m_acl.findPrincipals( PagePermission.VIEW ), wup ) );
+        assertTrue( "edit", inArray( m_acl.findPrincipals( PagePermission.EDIT ), wup ) );
+        assertTrue( "comment", inArray( m_acl.findPrincipals( PagePermission.COMMENT ), wup ) );
+        assertFalse( "delete", inArray( m_acl.findPrincipals( PagePermission.DELETE ), wup ) );
+    }
+
+    public void testCharlie()
+    {
+        // Charlie should be able to view, but not edit, comment or delete
+        Principal wup = new WikiPrincipal( "Charlie" );
+        assertTrue( "view", inArray( m_acl.findPrincipals( PagePermission.VIEW ), wup ) );
+        assertFalse( "edit", inArray( m_acl.findPrincipals( PagePermission.EDIT ), wup ) );
+        assertFalse( "comment", inArray( m_acl.findPrincipals( PagePermission.COMMENT ), wup ) );
+        assertFalse( "delete", inArray( m_acl.findPrincipals( PagePermission.DELETE ), wup ) );
+    }
+
+    public void testDave()
+    {
+        // Dave should be able to view and comment but not edit or delete
+        Principal wup = new WikiPrincipal( "Dave" );
+        assertTrue( "view", inArray( m_acl.findPrincipals( PagePermission.VIEW ), wup ) );
+        assertFalse( "edit", inArray( m_acl.findPrincipals( PagePermission.EDIT ), wup ) );
+        assertTrue( "comment", inArray( m_acl.findPrincipals( PagePermission.COMMENT ), wup ) );
+        assertFalse( "delete", inArray( m_acl.findPrincipals( PagePermission.DELETE ), wup ) );
+    }
+
+    public void testGroups()
+    {
+        Principal wup = new WikiPrincipal( "Alice" );
+        assertTrue( "Alice view", inGroup( m_aclGroup.findPrincipals( PagePermission.VIEW ), wup ) );
+        assertTrue( "Alice edit", inGroup( m_aclGroup.findPrincipals( PagePermission.EDIT ), wup ) );
+        assertTrue( "Alice comment", inGroup( m_aclGroup.findPrincipals( PagePermission.COMMENT ), wup ) );
+        assertFalse( "Alice delete", inGroup( m_aclGroup.findPrincipals( PagePermission.DELETE ), wup ) );
+
+        wup = new WikiPrincipal( "Bob" );
+        assertTrue( "Bob view", inGroup( m_aclGroup.findPrincipals( PagePermission.VIEW ), wup ) );
+        assertTrue( "Bob edit", inGroup( m_aclGroup.findPrincipals( PagePermission.EDIT ), wup ) );
+        assertTrue( "Bob comment", inGroup( m_aclGroup.findPrincipals( PagePermission.COMMENT ), wup ) );
+        assertFalse( "Bob delete", inGroup( m_aclGroup.findPrincipals( PagePermission.DELETE ), wup ) );
+
+        wup = new WikiPrincipal( "Charlie" );
+        assertTrue( "Charlie view", inGroup( m_aclGroup.findPrincipals( PagePermission.VIEW ), wup ) );
+        assertFalse( "Charlie edit", inGroup( m_aclGroup.findPrincipals( PagePermission.EDIT ), wup ) );
+        assertFalse( "Charlie comment", inGroup( m_aclGroup.findPrincipals( PagePermission.COMMENT ), wup ) );
+        assertFalse( "Charlie delete", inGroup( m_aclGroup.findPrincipals( PagePermission.DELETE ), wup ) );
+
+        wup = new WikiPrincipal( "Dave" );
+        assertFalse( "Dave view", inGroup( m_aclGroup.findPrincipals( PagePermission.VIEW ), wup ) );
+        assertFalse( "Dave edit", inGroup( m_aclGroup.findPrincipals( PagePermission.EDIT ), wup ) );
+        assertFalse( "Dave comment", inGroup( m_aclGroup.findPrincipals( PagePermission.COMMENT ), wup ) );
+        assertFalse( "Dave delete", inGroup( m_aclGroup.findPrincipals( PagePermission.DELETE ), wup ) );
+    }
+
+    public static Test suite()
+    {
+        return new TestSuite( AclImplTest.class );
+    }
+}

Added: incubator/jspwiki/branches/JSPWIKI_STRIPES_BRANCH/tests/com/ecyrd/jspwiki/auth/acl/AllTests.java
URL: http://svn.apache.org/viewvc/incubator/jspwiki/branches/JSPWIKI_STRIPES_BRANCH/tests/com/ecyrd/jspwiki/auth/acl/AllTests.java?rev=627271&view=auto
==============================================================================
--- incubator/jspwiki/branches/JSPWIKI_STRIPES_BRANCH/tests/com/ecyrd/jspwiki/auth/acl/AllTests.java (added)
+++ incubator/jspwiki/branches/JSPWIKI_STRIPES_BRANCH/tests/com/ecyrd/jspwiki/auth/acl/AllTests.java Tue Feb 12 22:24:02 2008
@@ -0,0 +1,24 @@
+package com.ecyrd.jspwiki.auth.acl;
+
+import junit.framework.Test;
+import junit.framework.TestCase;
+import junit.framework.TestSuite;
+
+public class AllTests extends TestCase
+{
+    public AllTests( String s )
+    {
+        super( s );
+    }
+
+    public static Test suite()
+    {
+        TestSuite suite = new TestSuite("ACL tests");
+
+        suite.addTest( AclEntryImplTest.suite() );
+        suite.addTest( AclImplTest.suite() );
+        suite.addTest( DefaultAclManagerTest.suite() );
+
+        return suite;
+    }
+}



Mime
View raw message