Source Code of org.sonatype.nexus.testsuite.security.nxcm1985.NXCM1985UmbrellaContentClassIT

/*
 * Sonatype Nexus (TM) Open Source Version
 * Copyright (c) 2007-2014 Sonatype, Inc.
 * All rights reserved. Includes the third-party code listed at http://links.sonatype.com/products/nexus/oss/attributions.
 *
 * This program and the accompanying materials are made available under the terms of the Eclipse Public License Version 1.0,
 * which accompanies this distribution and is available at http://www.eclipse.org/legal/epl-v10.html.
 *
 * Sonatype Nexus (TM) Professional Version is available from Sonatype, Inc. "Sonatype" and "Sonatype Nexus" are trademarks
 * of Sonatype, Inc. Apache Maven is a trademark of the Apache Software Foundation. M2eclipse is a trademark of the
 * Eclipse Foundation. All other trademarks are the property of their respective owners.
 */
package org.sonatype.nexus.testsuite.security.nxcm1985;

import java.io.IOException;
import java.util.Arrays;
import java.util.HashSet;
import java.util.List;
import java.util.Set;

import org.sonatype.nexus.integrationtests.AbstractPrivilegeTest;
import org.sonatype.nexus.integrationtests.RequestFacade;
import org.sonatype.nexus.integrationtests.TestContainer;
import org.sonatype.nexus.proxy.registry.RootContentClass;
import org.sonatype.nexus.rest.model.PrivilegeResource;
import org.sonatype.nexus.rest.model.RepositoryTargetListResource;
import org.sonatype.nexus.security.targets.TargetPrivilegeDescriptor;
import org.sonatype.nexus.test.utils.GavUtil;
import org.sonatype.nexus.test.utils.PrivilegesMessageUtil;
import org.sonatype.nexus.test.utils.TargetMessageUtil;
import org.sonatype.security.rest.model.PrivilegeStatusResource;

import org.apache.maven.index.artifact.Gav;
import org.junit.Assert;
import org.junit.Test;
import org.restlet.data.MediaType;
import org.restlet.data.Method;
import org.restlet.data.Response;

import static org.sonatype.nexus.test.utils.GavUtil.getRelitiveArtifactPath;

/**
 * Test the privilege for CRUD operations.
 */
public class NXCM1985UmbrellaContentClassIT
    extends AbstractPrivilegeTest
{
  private Set<String> rootPrivIds = new HashSet<String>();

  @Test
  public void validatePrivs()
      throws Exception
  {
    createPrivs();

    resetTestUserPrivs(false);

    // create failure
    Gav gav = GavUtil.newGav("nxcm1985", "artifact", "1.0");
    int status =
        getDeployUtils().deployUsingGavWithRest(getTestRepositoryId(), gav, getTestFile("artifact.jar"));
    Assert.assertEquals("Status", status, 403);

    resetTestUserPrivs(true);

    // create success
    status = getDeployUtils().deployUsingGavWithRest(getTestRepositoryId(), gav, getTestFile("artifact.jar"));
    Assert.assertEquals("Status", status, 201);

    resetTestUserPrivs(false);

    // read failure
    String serviceURI =
        "content/repositories/" + this.getTestRepositoryId() + "/" + getRelitiveArtifactPath(gav);
    Response response = RequestFacade.sendMessage(serviceURI, Method.GET);
    Assert.assertEquals("Status", response.getStatus().getCode(), 403);

    resetTestUserPrivs(true);

    // read success
    response = RequestFacade.sendMessage(serviceURI, Method.GET);
    Assert.assertEquals("Status", response.getStatus().getCode(), 200);

    resetTestUserPrivs(false);

    // delete failure
    serviceURI = "content/repositories/" + this.getTestRepositoryId() + "/nxcm1985";
    response = RequestFacade.sendMessage(serviceURI, Method.DELETE);
    Assert.assertEquals("Status", response.getStatus().getCode(), 403);

    resetTestUserPrivs(true);

    // delete success
    response = RequestFacade.sendMessage(serviceURI, Method.DELETE);
    Assert.assertEquals("Status", response.getStatus().getCode(), 204);
  }

  private void resetTestUserPrivs(boolean addPrivs)
      throws Exception
  {
    super.resetTestUserPrivs();

    if (addPrivs) {
      addPrivilege(TEST_USER_NAME, "65", rootPrivIds.toArray(new String[0]));
    }

    TestContainer.getInstance().getTestContext().setUsername(TEST_USER_NAME);
    TestContainer.getInstance().getTestContext().setPassword(TEST_USER_PASSWORD);
  }

  private void createPrivs()
      throws IOException
  {
    TestContainer.getInstance().getTestContext().useAdminForRequests();

    List<RepositoryTargetListResource> targets = TargetMessageUtil.getList();

    String targetId = null;

    for (RepositoryTargetListResource target : targets) {
      if (target.getContentClass().equals(RootContentClass.ID)) {
        targetId = target.getId();
        break;
      }
    }

    if (targetId == null) {
      Assert.fail("Target not found!");
    }

    PrivilegesMessageUtil util = new PrivilegesMessageUtil(getXMLXStream(), MediaType.APPLICATION_XML);

    PrivilegeResource resource = new PrivilegeResource();

    resource.setType(TargetPrivilegeDescriptor.TYPE);
    resource.setRepositoryTargetId(targetId);
    resource.setName("nxcm1985root");
    resource.setDescription("nxcm1985root");
    resource.setMethod(Arrays.asList("create", "read", "update", "delete"));

    List<PrivilegeStatusResource> privs = util.createPrivileges(resource);

    for (PrivilegeStatusResource priv : privs) {
      rootPrivIds.add(priv.getId());
    }
  }
}