rave-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From carlu...@apache.org
Subject svn commit: r1189266 - in /incubator/rave/trunk/rave-components/rave-core/src: main/java/org/apache/rave/portal/security/impl/ main/java/org/apache/rave/portal/service/ main/java/org/apache/rave/portal/service/impl/ test/java/org/apache/rave/portal/sec...
Date Wed, 26 Oct 2011 15:22:04 GMT
Author: carlucci
Date: Wed Oct 26 15:22:03 2011
New Revision: 1189266

URL: http://svn.apache.org/viewvc?rev=1189266&view=rev
Log:
RAVE-307: RegionWidget ModelPermissionEvaluator and Service Annotations

Applied patch supplied by Venkat Mahadevan

Added:
    incubator/rave/trunk/rave-components/rave-core/src/main/java/org/apache/rave/portal/security/impl/DefaultRegionWidgetPermissionEvaluator.java
    incubator/rave/trunk/rave-components/rave-core/src/test/java/org/apache/rave/portal/security/impl/DefaultRegionWidgetPermissionEvaluatorTest.java
Modified:
    incubator/rave/trunk/rave-components/rave-core/src/main/java/org/apache/rave/portal/service/PageService.java
    incubator/rave/trunk/rave-components/rave-core/src/main/java/org/apache/rave/portal/service/RegionWidgetService.java
    incubator/rave/trunk/rave-components/rave-core/src/main/java/org/apache/rave/portal/service/impl/DefaultRegionWidgetService.java

Added: incubator/rave/trunk/rave-components/rave-core/src/main/java/org/apache/rave/portal/security/impl/DefaultRegionWidgetPermissionEvaluator.java
URL: http://svn.apache.org/viewvc/incubator/rave/trunk/rave-components/rave-core/src/main/java/org/apache/rave/portal/security/impl/DefaultRegionWidgetPermissionEvaluator.java?rev=1189266&view=auto
==============================================================================
--- incubator/rave/trunk/rave-components/rave-core/src/main/java/org/apache/rave/portal/security/impl/DefaultRegionWidgetPermissionEvaluator.java
(added)
+++ incubator/rave/trunk/rave-components/rave-core/src/main/java/org/apache/rave/portal/security/impl/DefaultRegionWidgetPermissionEvaluator.java
Wed Oct 26 15:22:03 2011
@@ -0,0 +1,178 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.rave.portal.security.impl;
+
+import org.apache.rave.portal.model.RegionWidget;
+import org.apache.rave.portal.model.User;
+import org.apache.rave.portal.repository.RegionWidgetRepository;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.core.Authentication;
+import org.springframework.stereotype.Component;
+
+import java.io.Serializable;
+import java.util.ArrayList;
+import java.util.List;
+
+@Component
+public class DefaultRegionWidgetPermissionEvaluator extends AbstractModelPermissionEvaluator<RegionWidget>
{
+    private Logger log = LoggerFactory.getLogger(getClass());
+    private RegionWidgetRepository regionWidgetRepository;
+
+    @Autowired
+    public DefaultRegionWidgetPermissionEvaluator(RegionWidgetRepository regionWidgetRepository)
{
+        this.regionWidgetRepository = regionWidgetRepository;
+    }
+
+    @Override
+    public Class<RegionWidget> getType() {
+        return RegionWidget.class;
+    }
+
+    /**
+     * Checks to see if the Authentication object has the supplied Permission
+     * on the supplied RegionWidget object.  This method invokes the private hasPermission
+     * function with the trustedDomainObject parameter set to false since we don't
+     * know if the model being passed in was modified in any way from the
+     * actual entity in the database.
+     *
+     * @param authentication the current Authentication object
+     * @param regionWidget   the RegionWidget model object
+     * @param permission     the Permission to check
+     * @return true if the Authentication has the proper permission, false otherwise
+     */
+    @Override
+    public boolean hasPermission(Authentication authentication, RegionWidget regionWidget,
Permission permission) {
+        return hasPermission(authentication, regionWidget, permission, false);
+    }
+
+    /**
+     * Checks to see if the Authentication object has the supplied Permission
+     * for the Entity represented by the targetId(entityId) and targetType(model class name).
+     * This method invokes the private hasPermission function with the
+     * trustedDomainObject parameter set to true since we must pull the entity
+     * from the database and are guaranteed a trusted domain object,
+     * before performing our permission checks.
+     *
+     * @param authentication the current Authentication object
+     * @param targetId       the entityId of the model to check, or a RaveSecurityContext
object
+     * @param targetType     the class of the model to check
+     * @param permission     the Permission to check
+     * @return true if the Authentication has the proper permission, false otherwise
+     */
+    @Override
+    public boolean hasPermission(Authentication authentication, Serializable targetId, String
targetType, Permission permission) {
+        boolean hasPermission = false;
+        if (targetId instanceof RaveSecurityContext) {
+            hasPermission = verifyRaveSecurityContext(authentication, (RaveSecurityContext)
targetId);
+        } else {
+            hasPermission = hasPermission(authentication, regionWidgetRepository.get((Long)
targetId), permission, true);
+        }
+        return hasPermission;
+    }
+
+    private boolean hasPermission(Authentication authentication, RegionWidget regionWidget,
Permission permission, boolean trustedDomainObject) {
+        // this is our container of trusted regionWidget objects that can be re-used
+        // in this method so that the same trusted regionWidget object doesn't have to
+        // be looked up in the repository multiple times
+        List<RegionWidget> trustedRegionWidgetContainer = new ArrayList<RegionWidget>();
+
+        // first execute the AbstractModelPermissionEvaluator's hasPermission function
+        // to see if it allows permission via it's "higher authority" logic
+        if (super.hasPermission(authentication, regionWidget, permission)) {
+            return true;
+        }
+
+        // perform the security logic depending on the Permission type
+        boolean hasPermission = false;
+
+        switch (permission) {
+            case ADMINISTER:
+                // if you are here, you are not an administrator, so you can't administer
RegionWidgets
+                break;
+            case CREATE:
+            case DELETE:
+            case READ:
+            case UPDATE:
+                // anyone can create, delete, read, or update a regionWidget that they own
+                hasPermission = isRegionWidgetOwner(authentication, regionWidget, trustedRegionWidgetContainer,
trustedDomainObject);
+                break;
+            default:
+                log.warn("unknown permission: " + permission);
+                break;
+        }
+
+        return hasPermission;
+    }
+
+    // returns a trusted RegionWidget object, either from the RegionWidgetRepository, or
the
+    // cached container list
+    private RegionWidget getTrustedRegionWidget(long regionWidgetId, List<RegionWidget>
trustedRegionWidgetContainer) {
+        RegionWidget regionWidget = null;
+        if (trustedRegionWidgetContainer.isEmpty()) {
+            regionWidget = regionWidgetRepository.get(regionWidgetId);
+            trustedRegionWidgetContainer.add(regionWidget);
+        } else {
+            regionWidget = trustedRegionWidgetContainer.get(0);
+        }
+        return regionWidget;
+    }
+
+    // checks to see if the Authentication object principal is the owner of the supplied
regionWidget object
+    // if trustedDomainObject is false, pull the entity from the database first to ensure
+    // the model object is trusted and hasn't been modified
+    private boolean isRegionWidgetOwner(Authentication authentication, RegionWidget regionWidget,
List<RegionWidget> trustedRegionWidgetContainer, boolean trustedDomainObject) {
+        RegionWidget trustedRegionWidget = null;
+        if (trustedDomainObject) {
+            trustedRegionWidget = regionWidget;
+        } else {
+            trustedRegionWidget = getTrustedRegionWidget(regionWidget.getEntityId(), trustedRegionWidgetContainer);
+        }
+        return isRegionWidgetOwnerByUsername(authentication, getUsernameFromRegionWidget(trustedRegionWidget));
+    }
+
+    private boolean isRegionWidgetOwnerByUsername(Authentication authentication, String username)
{
+        return ((User)authentication.getPrincipal()).getUsername().equals(username);
+    }
+
+    private boolean isRegionWidgetOwnerById(Authentication authentication, Long userId) {
+        return ((User)authentication.getPrincipal()).getEntityId().equals(userId);
+    }
+
+    private boolean verifyRaveSecurityContext(Authentication authentication, RaveSecurityContext
raveSecurityContext) {
+        Class<?> clazz = null;
+        try {
+           clazz = Class.forName(raveSecurityContext.getType());
+        } catch (ClassNotFoundException ex) {
+            throw new IllegalArgumentException("unknown class specified in RaveSecurityContext:
", ex);
+        }
+
+        // perform the permissions check based on the class supplied to the RaveSecurityContext
object
+        if (User.class == clazz) {
+            return isRegionWidgetOwnerById(authentication, (Long) raveSecurityContext.getId());
+        } else {
+            throw new IllegalArgumentException("unknown RaveSecurityContext type: " + raveSecurityContext.getType());
+        }
+    }
+    
+    private String getUsernameFromRegionWidget(RegionWidget regionWidget) {
+        return regionWidget.getRegion().getPage().getOwner().getUsername();
+    }
+}

Modified: incubator/rave/trunk/rave-components/rave-core/src/main/java/org/apache/rave/portal/service/PageService.java
URL: http://svn.apache.org/viewvc/incubator/rave/trunk/rave-components/rave-core/src/main/java/org/apache/rave/portal/service/PageService.java?rev=1189266&r1=1189265&r2=1189266&view=diff
==============================================================================
--- incubator/rave/trunk/rave-components/rave-core/src/main/java/org/apache/rave/portal/service/PageService.java
(original)
+++ incubator/rave/trunk/rave-components/rave-core/src/main/java/org/apache/rave/portal/service/PageService.java
Wed Oct 26 15:22:03 2011
@@ -118,7 +118,10 @@ public interface PageService {
      * @param toRegion the id of the Region to move the RegionWidget to
      * @param fromRegion the id of the Region where the RegionWidget currently resides
      * @return the updated RegionWidget
+     * 
+     * TODO: add a second hasPermission clause for toRegion once the RegionPermissionEvaluator
has been created
      */
+    @PreAuthorize("hasPermission(#regionWidgetId, 'org.apache.rave.portal.model.RegionWidget',
'update')")
     RegionWidget moveRegionWidget(long regionWidgetId, int newPosition, long toRegion, long
fromRegion);
 
     /**
@@ -128,15 +131,20 @@ public interface PageService {
      * @param toPageId the new page to move the regionWidgetTo
      * @return the updated RegionWidget object
      */
+    @PreAuthorize("hasPermission(#regionWidgetId, 'org.apache.rave.portal.model.RegionWidget',
'update') and " +
+                  "hasPermission(#toPageId, 'org.apache.rave.portal.model.Page', 'update')")
     RegionWidget moveRegionWidgetToPage(long regionWidgetId, long toPageId);    
     
     /**
      * Creates a new instance of a widget and adds it to the first position of the first
region on the page
-     * @param page_id the id of the page to add the widget to
-     * @param widget_id the {@link org.apache.rave.portal.model.Widget} id to add
+     * @param pageId the id of the page to add the widget to
+     * @param widgetId the {@link org.apache.rave.portal.model.Widget} id to add
      * @return a valid widget instance
+     * 
+     * TODO: add a second hasPermission clause for Widget once the WidgetPermissionEvaluator
has been created     
      */
-    RegionWidget addWidgetToPage(long page_id, long widget_id);
+    @PreAuthorize("hasPermission(#pageId, 'org.apache.rave.portal.model.Page', 'update')")

+    RegionWidget addWidgetToPage(long pageId, long widgetId);
 
     /**
      * Deletes the specified widget from the page.
@@ -144,6 +152,7 @@ public interface PageService {
      * @param regionWidgetId the id of the region widget to delete.\
      * @return the region from which the widget was deleted
      */
+    @PreAuthorize("hasPermission(#regionWidgetId, 'org.apache.rave.portal.model.RegionWidget',
'delete')")
     Region removeWidgetFromPage(long regionWidgetId);
 
     /**

Modified: incubator/rave/trunk/rave-components/rave-core/src/main/java/org/apache/rave/portal/service/RegionWidgetService.java
URL: http://svn.apache.org/viewvc/incubator/rave/trunk/rave-components/rave-core/src/main/java/org/apache/rave/portal/service/RegionWidgetService.java?rev=1189266&r1=1189265&r2=1189266&view=diff
==============================================================================
--- incubator/rave/trunk/rave-components/rave-core/src/main/java/org/apache/rave/portal/service/RegionWidgetService.java
(original)
+++ incubator/rave/trunk/rave-components/rave-core/src/main/java/org/apache/rave/portal/service/RegionWidgetService.java
Wed Oct 26 15:22:03 2011
@@ -21,6 +21,8 @@ package org.apache.rave.portal.service;
 
 import org.apache.rave.portal.model.RegionWidget;
 import org.apache.rave.portal.model.RegionWidgetPreference;
+import org.springframework.security.access.prepost.PostAuthorize;
+import org.springframework.security.access.prepost.PreAuthorize;
 
 import java.util.List;
 
@@ -31,6 +33,7 @@ public interface RegionWidgetService {
      * @param regionWidgetId The ID of the RegionWidget to fetch.
      * @return The RegionWidget or null if not found.
      */
+    @PostAuthorize("hasPermission(returnObject, 'read')")
     RegionWidget getRegionWidget(long regionWidgetId);
 
     /**
@@ -39,6 +42,7 @@ public interface RegionWidgetService {
      * @param regionWidget The RegionWidget to save.
      * @return The updated RegionWidget with all ID numbers populated.
      */
+    @PreAuthorize("hasPermission(#regionWidget.regionWidgetId, 'org.apache.rave.portal.model.RegionWidget',
'update')")
     RegionWidget saveRegionWidget(RegionWidget regionWidget);
 
     /**
@@ -48,6 +52,7 @@ public interface RegionWidgetService {
      * @param preferences    The collection of new RegionWidgetPreferences.
      * @return The updated RegionWidgetPreferences with all ID numbers populated.
      */
+    @PreAuthorize("hasPermission(#regionWidgetId, 'org.apache.rave.portal.model.RegionWidget',
'update')")
     List<RegionWidgetPreference> saveRegionWidgetPreferences(long regionWidgetId,
                                                              List<RegionWidgetPreference>
preferences);
 
@@ -59,6 +64,7 @@ public interface RegionWidgetService {
      * @param preference     The RegionWidgetPreference to save.
      * @return The updated RegionWidgetPreference with all ID numbers populated.
      */
+    @PreAuthorize("hasPermission(#regionWidgetId, 'org.apache.rave.portal.model.RegionWidget',
'update')")
     RegionWidgetPreference saveRegionWidgetPreference(long regionWidgetId, RegionWidgetPreference
preference);
     
     /**
@@ -68,5 +74,6 @@ public interface RegionWidgetService {
      * @param collapsed the collapsed state of the RegionWidget
      * @return The updated RegionWidget with the new collapsed value
      */
+    @PreAuthorize("hasPermission(#regionWidgetId, 'org.apache.rave.portal.model.RegionWidget',
'update')")
     RegionWidget saveRegionWidgetCollapsedState(long regionWidgetId, boolean collapsed);
 }
\ No newline at end of file

Modified: incubator/rave/trunk/rave-components/rave-core/src/main/java/org/apache/rave/portal/service/impl/DefaultRegionWidgetService.java
URL: http://svn.apache.org/viewvc/incubator/rave/trunk/rave-components/rave-core/src/main/java/org/apache/rave/portal/service/impl/DefaultRegionWidgetService.java?rev=1189266&r1=1189265&r2=1189266&view=diff
==============================================================================
--- incubator/rave/trunk/rave-components/rave-core/src/main/java/org/apache/rave/portal/service/impl/DefaultRegionWidgetService.java
(original)
+++ incubator/rave/trunk/rave-components/rave-core/src/main/java/org/apache/rave/portal/service/impl/DefaultRegionWidgetService.java
Wed Oct 26 15:22:03 2011
@@ -49,12 +49,14 @@ public class DefaultRegionWidgetService 
     }
 
     @Override
+    @Transactional
     public RegionWidget saveRegionWidget(RegionWidget regionWidget) {
         return regionWidgetRepository.save(regionWidget);
     }
 
     @Override
     @Synchronized(discriminator = "'RegionWidget'", id = "#regionWidgetId")
+    @Transactional
     public List<RegionWidgetPreference> saveRegionWidgetPreferences(long regionWidgetId,
                                                                     List<RegionWidgetPreference>
preferences) {
         RegionWidget regionWidget = this.getValidRegionWidget(regionWidgetId);
@@ -65,6 +67,7 @@ public class DefaultRegionWidgetService 
 
     @Override
     @Synchronized(discriminator = "'RegionWidget'", id = "#regionWidgetId")
+    @Transactional
     public RegionWidgetPreference saveRegionWidgetPreference(long regionWidgetId, RegionWidgetPreference
preference) {
         RegionWidget regionWidget = this.getValidRegionWidget(regionWidgetId);
         ModelUtils.normalizeRegionWidgetPreference(regionWidgetId, preference);

Added: incubator/rave/trunk/rave-components/rave-core/src/test/java/org/apache/rave/portal/security/impl/DefaultRegionWidgetPermissionEvaluatorTest.java
URL: http://svn.apache.org/viewvc/incubator/rave/trunk/rave-components/rave-core/src/test/java/org/apache/rave/portal/security/impl/DefaultRegionWidgetPermissionEvaluatorTest.java?rev=1189266&view=auto
==============================================================================
--- incubator/rave/trunk/rave-components/rave-core/src/test/java/org/apache/rave/portal/security/impl/DefaultRegionWidgetPermissionEvaluatorTest.java
(added)
+++ incubator/rave/trunk/rave-components/rave-core/src/test/java/org/apache/rave/portal/security/impl/DefaultRegionWidgetPermissionEvaluatorTest.java
Wed Oct 26 15:22:03 2011
@@ -0,0 +1,333 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.rave.portal.security.impl;
+
+import org.apache.rave.portal.model.Page;
+import org.apache.rave.portal.model.Region;
+import org.apache.rave.portal.model.RegionWidget;
+import org.apache.rave.portal.model.User;
+import org.apache.rave.portal.repository.RegionWidgetRepository;
+import org.apache.rave.portal.security.ModelPermissionEvaluator.Permission;
+import org.apache.rave.portal.security.util.AuthenticationUtils;
+import org.junit.Before;
+import org.junit.Test;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.GrantedAuthority;
+import org.springframework.security.core.authority.GrantedAuthorityImpl;
+
+import java.util.ArrayList;
+import java.util.List;
+
+import static org.easymock.EasyMock.*;
+import static org.hamcrest.CoreMatchers.is;
+import static org.junit.Assert.assertThat;
+
+public class DefaultRegionWidgetPermissionEvaluatorTest {
+    private DefaultRegionWidgetPermissionEvaluator defaultRegionWidgetPermissionEvaluator;
+    private RegionWidgetRepository mockRegionWidgetRepository;
+    private Authentication mockAuthentication;
+    private Page page;
+    private RegionWidget regionWidget;
+    private Region region;
+    private User user, user2;
+    private List<GrantedAuthority> grantedAuthoritiesList;
+
+    private final Long VALID_REGION_ID = 1L;
+    private final Long VALID_REGION_WIDGET_ID = 1L;
+    private final Long VALID_PAGE_ID = 3L;
+    private final Long VALID_USER_ID = 99L;
+    private final String VALID_USERNAME = "john.doe";
+    private final String VALID_USERNAME2 = "jane.doe";
+
+    @Before
+    public void setUp() {
+        mockRegionWidgetRepository = createMock(RegionWidgetRepository.class);
+        defaultRegionWidgetPermissionEvaluator = new DefaultRegionWidgetPermissionEvaluator(mockRegionWidgetRepository);
+        mockAuthentication = createMock(Authentication.class);
+
+        user = new User();
+        user.setUsername(VALID_USERNAME);
+        user.setEntityId(VALID_USER_ID);
+        user2 = new User();
+        user2.setUsername(VALID_USERNAME2);
+        page = new Page();
+        page.setEntityId(VALID_PAGE_ID);
+        page.setOwner(user);
+        region = new Region();
+        region.setEntityId(VALID_REGION_ID);
+        region.setPage(page);
+        regionWidget = new RegionWidget();
+        regionWidget.setEntityId(VALID_REGION_WIDGET_ID);
+        regionWidget.setRegion(region);
+        grantedAuthoritiesList = new ArrayList<GrantedAuthority>();
+        grantedAuthoritiesList.add(new GrantedAuthorityImpl("ROLE_USER"));
+    }
+
+    @Test
+    public void testGetType() throws ClassNotFoundException {
+        assertThat(defaultRegionWidgetPermissionEvaluator.getType().getName(), is(RegionWidget.class.getName()));
+    }
+
+    @Test
+    public void testHasPermission_3args_administer() {
+        expect(mockAuthentication.getAuthorities()).andReturn(grantedAuthoritiesList);
+        replay(mockAuthentication);
+        assertThat(defaultRegionWidgetPermissionEvaluator.hasPermission(mockAuthentication,
regionWidget, Permission.ADMINISTER), is(false));
+        verify(mockAuthentication);
+    }
+
+    @Test
+    public void testHasPermission_3args_administer_hasAdminRole() {
+        grantedAuthoritiesList.add(new GrantedAuthorityImpl(AuthenticationUtils.ROLE_ADMIN));
+        expect(mockAuthentication.getAuthorities()).andReturn(grantedAuthoritiesList);
+        replay(mockAuthentication);
+        assertThat(defaultRegionWidgetPermissionEvaluator.hasPermission(mockAuthentication,
regionWidget, Permission.ADMINISTER), is(true));
+        verify(mockAuthentication);
+    }
+
+    @Test
+    public void testHasPermission_3args_create_isRegionWidgetOwner() {
+        expect(mockAuthentication.getAuthorities()).andReturn(grantedAuthoritiesList);
+        expect(mockAuthentication.getPrincipal()).andReturn(user);
+        expect(mockRegionWidgetRepository.get(VALID_REGION_WIDGET_ID)).andReturn(regionWidget);
+        replay(mockAuthentication);
+        replay(mockRegionWidgetRepository);
+        assertThat(defaultRegionWidgetPermissionEvaluator.hasPermission(mockAuthentication,
regionWidget, Permission.CREATE), is(true));
+        verify(mockAuthentication);
+        verify(mockRegionWidgetRepository);
+    }
+
+    @Test
+    public void testHasPermission_3args_create_isNotRegionWidgetOwner() {
+        expect(mockAuthentication.getAuthorities()).andReturn(grantedAuthoritiesList);
+        expect(mockAuthentication.getPrincipal()).andReturn(user2);
+        expect(mockRegionWidgetRepository.get(VALID_REGION_WIDGET_ID)).andReturn(regionWidget);
+        replay(mockAuthentication);
+        replay(mockRegionWidgetRepository);
+        assertThat(defaultRegionWidgetPermissionEvaluator.hasPermission(mockAuthentication,
regionWidget, Permission.CREATE), is(false));
+        verify(mockAuthentication);
+        verify(mockRegionWidgetRepository);
+    }
+
+    @Test
+    public void testHasPermission_3args_delete_isRegionWidgetOwner() {
+        expect(mockAuthentication.getAuthorities()).andReturn(grantedAuthoritiesList);
+        expect(mockAuthentication.getPrincipal()).andReturn(user);
+        expect(mockRegionWidgetRepository.get(VALID_REGION_WIDGET_ID)).andReturn(regionWidget);
+        replay(mockAuthentication);
+        replay(mockRegionWidgetRepository);
+        assertThat(defaultRegionWidgetPermissionEvaluator.hasPermission(mockAuthentication,
regionWidget, Permission.DELETE), is(true));
+        verify(mockAuthentication);
+        verify(mockRegionWidgetRepository);
+    }
+
+    @Test
+    public void testHasPermission_3args_delete_isNotRegionWidgetOwner() {
+        expect(mockAuthentication.getAuthorities()).andReturn(grantedAuthoritiesList);
+        expect(mockAuthentication.getPrincipal()).andReturn(user2);
+        expect(mockRegionWidgetRepository.get(VALID_REGION_WIDGET_ID)).andReturn(regionWidget);
+        replay(mockAuthentication);
+        replay(mockRegionWidgetRepository);
+        assertThat(defaultRegionWidgetPermissionEvaluator.hasPermission(mockAuthentication,
regionWidget, Permission.DELETE), is(false));
+        verify(mockAuthentication);
+        verify(mockRegionWidgetRepository);
+    }
+
+    @Test
+    public void testHasPermission_3args_update_isRegionWidgetOwner() {
+        expect(mockAuthentication.getAuthorities()).andReturn(grantedAuthoritiesList);
+        expect(mockAuthentication.getPrincipal()).andReturn(user);
+        expect(mockRegionWidgetRepository.get(VALID_REGION_WIDGET_ID)).andReturn(regionWidget);
+        replay(mockAuthentication);
+        replay(mockRegionWidgetRepository);
+        assertThat(defaultRegionWidgetPermissionEvaluator.hasPermission(mockAuthentication,
regionWidget, Permission.UPDATE), is(true));
+        verify(mockAuthentication);
+        verify(mockRegionWidgetRepository);
+    }
+
+    @Test
+    public void testHasPermission_3args_update_isNotRegionWidgetOwner() {
+        expect(mockAuthentication.getAuthorities()).andReturn(grantedAuthoritiesList);
+        expect(mockAuthentication.getPrincipal()).andReturn(user2);
+        expect(mockRegionWidgetRepository.get(VALID_REGION_WIDGET_ID)).andReturn(regionWidget);
+        replay(mockAuthentication);
+        replay(mockRegionWidgetRepository);
+        assertThat(defaultRegionWidgetPermissionEvaluator.hasPermission(mockAuthentication,
regionWidget, Permission.UPDATE), is(false));
+        verify(mockAuthentication);
+        verify(mockRegionWidgetRepository);
+    }
+
+    @Test
+    public void testHasPermission_3args_read_isRegionWidgetOwner() {
+        expect(mockAuthentication.getAuthorities()).andReturn(grantedAuthoritiesList);
+        expect(mockAuthentication.getPrincipal()).andReturn(user);
+        expect(mockRegionWidgetRepository.get(VALID_REGION_WIDGET_ID)).andReturn(regionWidget);
+        replay(mockAuthentication);
+        replay(mockRegionWidgetRepository);
+        assertThat(defaultRegionWidgetPermissionEvaluator.hasPermission(mockAuthentication,
regionWidget, Permission.READ), is(true));
+        verify(mockAuthentication);
+        verify(mockRegionWidgetRepository);
+    }
+
+    @Test
+    public void testHasPermission_3args_read_isNotRegionWidgetOwner() {
+        expect(mockAuthentication.getAuthorities()).andReturn(grantedAuthoritiesList);
+        expect(mockAuthentication.getPrincipal()).andReturn(user2);
+        expect(mockRegionWidgetRepository.get(VALID_REGION_WIDGET_ID)).andReturn(regionWidget);
+        replay(mockAuthentication);
+        replay(mockRegionWidgetRepository);
+        assertThat(defaultRegionWidgetPermissionEvaluator.hasPermission(mockAuthentication,
regionWidget, Permission.READ), is(false));
+        verify(mockAuthentication);
+        verify(mockRegionWidgetRepository);
+    }
+
+    @Test
+    public void testHasPermission_4args_administer() {
+        expect(mockAuthentication.getAuthorities()).andReturn(grantedAuthoritiesList);
+        replay(mockAuthentication);
+        assertThat(defaultRegionWidgetPermissionEvaluator.hasPermission(mockAuthentication,
VALID_REGION_WIDGET_ID, RegionWidget.class.getName(), Permission.ADMINISTER), is(false));
+        verify(mockAuthentication);
+    }
+
+    @Test
+    public void testHasPermission_4args_create_isRegionWidgetOwner() {
+        expect(mockAuthentication.getAuthorities()).andReturn(grantedAuthoritiesList);
+        expect(mockAuthentication.getPrincipal()).andReturn(user);
+        expect(mockRegionWidgetRepository.get(VALID_REGION_WIDGET_ID)).andReturn(regionWidget);
+        replay(mockAuthentication);
+        replay(mockRegionWidgetRepository);
+        assertThat(defaultRegionWidgetPermissionEvaluator.hasPermission(mockAuthentication,
VALID_REGION_WIDGET_ID, RegionWidget.class.getName(), Permission.CREATE), is(true));
+        verify(mockAuthentication);
+        verify(mockRegionWidgetRepository);
+    }
+
+    @Test
+    public void testHasPermission_4args_create_isNotRegionWidgetOwner() {
+        expect(mockAuthentication.getAuthorities()).andReturn(grantedAuthoritiesList);
+        expect(mockAuthentication.getPrincipal()).andReturn(user2);
+        expect(mockRegionWidgetRepository.get(VALID_REGION_WIDGET_ID)).andReturn(regionWidget);
+        replay(mockAuthentication);
+        replay(mockRegionWidgetRepository);
+        assertThat(defaultRegionWidgetPermissionEvaluator.hasPermission(mockAuthentication,
VALID_REGION_WIDGET_ID, RegionWidget.class.getName(), Permission.CREATE), is(false));
+        verify(mockAuthentication);
+        verify(mockRegionWidgetRepository);
+    }
+
+    @Test
+    public void testHasPermission_4args_delete_isRegionWidgetOwner() {
+        expect(mockAuthentication.getAuthorities()).andReturn(grantedAuthoritiesList);
+        expect(mockAuthentication.getPrincipal()).andReturn(user);
+        expect(mockRegionWidgetRepository.get(VALID_REGION_WIDGET_ID)).andReturn(regionWidget);
+        replay(mockAuthentication);
+        replay(mockRegionWidgetRepository);
+        assertThat(defaultRegionWidgetPermissionEvaluator.hasPermission(mockAuthentication,
VALID_REGION_WIDGET_ID, RegionWidget.class.getName(), Permission.CREATE), is(true));
+        verify(mockAuthentication);
+        verify(mockRegionWidgetRepository);
+    }
+
+    @Test
+    public void testHasPermission_4args_delete_isNotRegionWidgetOwner() {
+        expect(mockAuthentication.getAuthorities()).andReturn(grantedAuthoritiesList);
+        expect(mockAuthentication.getPrincipal()).andReturn(user2);
+        expect(mockRegionWidgetRepository.get(VALID_REGION_WIDGET_ID)).andReturn(regionWidget);
+        replay(mockAuthentication);
+        replay(mockRegionWidgetRepository);
+        assertThat(defaultRegionWidgetPermissionEvaluator.hasPermission(mockAuthentication,
VALID_REGION_WIDGET_ID, RegionWidget.class.getName(), Permission.CREATE), is(false));
+        verify(mockAuthentication);
+        verify(mockRegionWidgetRepository);
+    }
+
+    @Test
+    public void testHasPermission_4args_read_isRegionWidgetOwner() {
+        expect(mockAuthentication.getAuthorities()).andReturn(grantedAuthoritiesList);
+        expect(mockAuthentication.getPrincipal()).andReturn(user);
+        expect(mockRegionWidgetRepository.get(VALID_REGION_WIDGET_ID)).andReturn(regionWidget);
+        replay(mockAuthentication);
+        replay(mockRegionWidgetRepository);
+        assertThat(defaultRegionWidgetPermissionEvaluator.hasPermission(mockAuthentication,
VALID_REGION_WIDGET_ID, RegionWidget.class.getName(), Permission.CREATE), is(true));
+        verify(mockAuthentication);
+        verify(mockRegionWidgetRepository);
+    }
+
+    @Test
+    public void testHasPermission_4args_read_isNotRegionWidgetOwner() {
+        expect(mockAuthentication.getAuthorities()).andReturn(grantedAuthoritiesList);
+        expect(mockAuthentication.getPrincipal()).andReturn(user2);
+        expect(mockRegionWidgetRepository.get(VALID_REGION_WIDGET_ID)).andReturn(regionWidget);
+        replay(mockAuthentication);
+        replay(mockRegionWidgetRepository);
+        assertThat(defaultRegionWidgetPermissionEvaluator.hasPermission(mockAuthentication,
VALID_REGION_WIDGET_ID, RegionWidget.class.getName(), Permission.CREATE), is(false));
+        verify(mockAuthentication);
+        verify(mockRegionWidgetRepository);
+    }
+
+    @Test
+    public void testHasPermission_4args_update_isRegionWidgetOwner() {
+        expect(mockAuthentication.getAuthorities()).andReturn(grantedAuthoritiesList);
+        expect(mockAuthentication.getPrincipal()).andReturn(user);
+        expect(mockRegionWidgetRepository.get(VALID_REGION_WIDGET_ID)).andReturn(regionWidget);
+        replay(mockAuthentication);
+        replay(mockRegionWidgetRepository);
+        assertThat(defaultRegionWidgetPermissionEvaluator.hasPermission(mockAuthentication,
VALID_REGION_WIDGET_ID, RegionWidget.class.getName(), Permission.CREATE), is(true));
+        verify(mockAuthentication);
+        verify(mockRegionWidgetRepository);
+    }
+
+    @Test
+    public void testHasPermission_4args_update_isNotRegionWidgetOwner() {
+        expect(mockAuthentication.getAuthorities()).andReturn(grantedAuthoritiesList);
+        expect(mockAuthentication.getPrincipal()).andReturn(user2);
+        expect(mockRegionWidgetRepository.get(VALID_REGION_WIDGET_ID)).andReturn(regionWidget);
+        replay(mockAuthentication);
+        replay(mockRegionWidgetRepository);
+        assertThat(defaultRegionWidgetPermissionEvaluator.hasPermission(mockAuthentication,
VALID_REGION_WIDGET_ID, RegionWidget.class.getName(), Permission.CREATE), is(false));
+        verify(mockAuthentication);
+        verify(mockRegionWidgetRepository);
+    }
+
+    @Test
+    public void testHasPermission_4args_update_isRegionWidgetOwner_withRaveSecurityContextObject()
{
+        RaveSecurityContext raveSecurityContext = new RaveSecurityContext(VALID_USER_ID,
"org.apache.rave.portal.model.User");
+
+        expect(mockAuthentication.getPrincipal()).andReturn(user);
+        replay(mockAuthentication);
+        assertThat(defaultRegionWidgetPermissionEvaluator.hasPermission(mockAuthentication,
raveSecurityContext, RegionWidget.class.getName(), Permission.UPDATE), is(true));
+        verify(mockAuthentication);
+    }
+
+    @Test(expected=IllegalArgumentException.class)
+    public void testHasPermission_4args_update_isRegionWidgetOwner_withInvalidRaveSecurityContextType()
{
+        RaveSecurityContext raveSecurityContext = new RaveSecurityContext(VALID_USER_ID,
"java.lang.String");
+
+        expect(mockAuthentication.getPrincipal()).andReturn(user);
+        replay(mockAuthentication);
+        defaultRegionWidgetPermissionEvaluator.hasPermission(mockAuthentication, raveSecurityContext,
RegionWidget.class.getName(), Permission.UPDATE);
+        verify(mockAuthentication);
+    }
+
+    @Test(expected=IllegalArgumentException.class)
+    public void testHasPermission_4args_update_isRegionWidgetOwner_withUnknownRaveSecurityContextType()
{
+        RaveSecurityContext raveSecurityContext = new RaveSecurityContext(VALID_USER_ID,
"foo.bar.DummyClass");
+
+        expect(mockAuthentication.getPrincipal()).andReturn(user);
+        replay(mockAuthentication);
+        defaultRegionWidgetPermissionEvaluator.hasPermission(mockAuthentication, raveSecurityContext,
RegionWidget.class.getName(), Permission.UPDATE);
+        verify(mockAuthentication);
+    }
+}



Mime
View raw message