public void updateAsRoleOwner() {
// 1. read role as admin
RoleTO roleTO = roleService.read(7L);
// 2. prepare update
RoleMod roleMod = new RoleMod();
roleMod.setId(roleTO.getId());
roleMod.setName("Managing Director");
// 3. try to update as verdi, not owner of role 7 - fail
RoleService roleService2 = setupCredentials(roleService, RoleService.class, "verdi", ADMIN_PWD);
try {
roleService2.update(roleMod.getId(), roleMod);
fail();
} catch (HttpStatusCodeException e) {
assertEquals(HttpStatus.FORBIDDEN, e.getStatusCode());
} catch (AccessControlException e) {
assertNotNull(e);
}
// 4. update as puccini, owner of role 7 because owner of role 6 with
// inheritance - success
RoleService roleService3 = setupCredentials(roleService, RoleService.class, "puccini", ADMIN_PWD);
roleTO = roleService3.update(roleMod.getId(), roleMod);
assertEquals("Managing Director", roleTO.getName());
}