Source Code of org.internna.iwebmvc.dao.OwnedByFilteringDAOTest

/*
 * Copyright 2002-2007 the original author or authors.
 *
 * Licensed under the Apache license, Version 2.0 (the "License")
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *      http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
package org.internna.iwebmvc.dao;

import mock.MockUserManager;
import mock.OwnedEntity;
import org.internna.iwebmvc.model.UUID;
import org.internna.iwebmvc.model.security.RoleImpl;
import org.internna.iwebmvc.model.security.UserImpl;
import org.internna.iwebmvc.utils.CollectionUtils;
import org.junit.Before;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.test.context.ContextConfiguration;
import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
import org.springframework.test.context.transaction.AfterTransaction;
import org.springframework.test.context.transaction.BeforeTransaction;
import org.springframework.test.context.transaction.TransactionConfiguration;
import org.springframework.transaction.annotation.Transactional;
import static org.junit.Assert.*;

/**
 *
 * @author Jose Noheda
 */
@Transactional
@RunWith(SpringJUnit4ClassRunner.class)
@ContextConfiguration(locations = {"/dao.xml"})
@TransactionConfiguration(defaultRollback = true)
public class OwnedByFilteringDAOTest {

    @Autowired private DAO dao;
    @Autowired private SecurityDAO securityDAO;
    @Autowired private MockUserManager userManager;

    private UUID oneID, twoID, fiveID;

    @BeforeTransaction
    public void verifyInitialDatabaseState() {
        assertNull(securityDAO.findUser("john"));
    }

    @AfterTransaction
    public void verifyFinalDatabaseState() {
        assertNull(securityDAO.findUser("john"));
    }

    @Before
    public void init() throws Exception {
        userManager.setName("john");
        securityDAO.createAuthority("registered_user");
        UserImpl john = new UserImpl();
        john.setUsername("john");
        john.setPassword("john");
        john.setName("John Smith");
        john.addRole((RoleImpl) securityDAO.findAuthority("registered_user"));
        securityDAO.createUser(john);
        assertNotNull(securityDAO.findUser("john"));
        UserImpl mary = new UserImpl();
        mary.setUsername("mary");
        mary.setPassword("mary");
        mary.setName("Mary Poppins");
        mary.addRole((RoleImpl) securityDAO.findAuthority("registered_user"));
        securityDAO.createUser(mary);
        assertNotNull(securityDAO.findUser("mary"));
        UserImpl viewer = new UserImpl();
        viewer.setUsername("viewer");
        viewer.setPassword("viewer");
        viewer.setName("viewer");
        viewer.addRole((RoleImpl) securityDAO.findAuthority("registered_user"));
        securityDAO.createUser(viewer);
        assertNotNull(securityDAO.findUser("viewer"));
        OwnedEntity one = new OwnedEntity();
        one.setName("one");
        dao.create(one);
        oneID = one.getId();
        OwnedEntity two = new OwnedEntity();
        two.setName("two");
        two.addOwner(mary);
        two.addViewer(viewer);
        dao.create(two);
        twoID = two.getId();
        OwnedEntity three = new OwnedEntity();
        three.setName("three");
        three.addOwner(mary);
        dao.create(three);
        OwnedEntity four = new OwnedEntity();
        four.setName("four");
        dao.create(four);
        OwnedEntity five = new OwnedEntity();
        five.setName("five");
        five.addOwner(mary);
        dao.create(five);
        fiveID = five.getId();
    }

    @Test
    public void testIsAllowed() {
        OwnedEntity entity = new OwnedEntity();
        entity.setId(new UUID("00aa00aa00aa00aa00aa00aa00aa00aa"));
        entity.addOwner((UserImpl) securityDAO.findUser("mary"));
        assertNull("john is disallowed on entities created by mary", dao.update(entity));
        assertNotNull("john is allowed on his entities", dao.update(dao.first(OwnedEntity.class)));
        userManager.setName("viewer");
        assertNull("viewers can't update anything", dao.update(dao.first(OwnedEntity.class)));
    }

    @Test
    public void testCreate() {
        assertTrue("Owner is automatically injected in entities", CollectionUtils.isNotEmpty(dao.first(OwnedEntity.class).getOwners()));
    }

    @Test
    public void testMerge() {
        OwnedEntity e = dao.first(OwnedEntity.class);
        e.addOwner((UserImpl) securityDAO.findUser("mary"));
        OwnedEntity both = (OwnedEntity) dao.update(e);
        assertTrue("Owner collection is merged correctly", both.getOwners().size() == 2);
        assertTrue("Viewers collection is merged correctly", both.getViewers().size() == 2);
    }

    @Test
    public void testFind() {
        assertNull("mary's objects are not loaded", dao.find(OwnedEntity.class, twoID));
        assertNotNull("john's objects are loaded", dao.find(OwnedEntity.class, oneID));
        userManager.setName("viewer");
        assertNull("an non authorized viewer cannot see entities", dao.find(OwnedEntity.class, oneID));
        assertNotNull("an authorized viewer can see entities if authorized", dao.find(OwnedEntity.class, twoID));
    }

    @Test
    public void testFindAll() {
        assertTrue("mary is filtered from a findAll except public viewing", dao.find(OwnedEntity.class, 0, 100).size() == 2);
        userManager.setName("viewer");
        assertTrue("the viewer is allowed once plus the public entity", dao.find(OwnedEntity.class, 0, 100).size() == 1);
    }

    @Test
    public void testFindAllWithPublic() {
        assertTrue("Users are there", securityDAO.findUsers(null, null, null, 0, 100).size() == 3);
        userManager.setName("mary");
        OwnedEntity e = dao.find(OwnedEntity.class, fiveID);
        e.setPublicView(true);
        dao.update(e);
        assertTrue("Users have not been deleted", securityDAO.findUsers(null, null, null, 0, 100).size() == 3);
        assertTrue("No viewers for public entities", CollectionUtils.isEmpty(dao.find(OwnedEntity.class, fiveID).getViewers()));
        assertTrue("mary see hers", dao.find(OwnedEntity.class, 0, 100).size() == 3);
        userManager.setName("john");
        assertTrue("mary is filtered from a findAll except public viewing", dao.find(OwnedEntity.class, 0, 100).size() == 3);
        userManager.setName("viewer");
        assertTrue("the viewer is allowed once plus the public entity", dao.find(OwnedEntity.class, 0, 100).size() == 2);
        userManager.setName("mary");
        e = dao.find(OwnedEntity.class, fiveID);
        e.setPublicView(false);
        assertTrue("Users have not been deleted", securityDAO.findUsers(null, null, null, 0, 100).size() == 3);
        dao.update(e);
        e = dao.find(OwnedEntity.class, fiveID);
        assertTrue("Viewers are just owners", e.getViewers().size() == e.getOwners().size());
        assertTrue("mary see hers", dao.find(OwnedEntity.class, 0, 100).size() == 3);
        userManager.setName("john");
        assertTrue("mary is filtered from a findAll except public viewing", dao.find(OwnedEntity.class, 0, 100).size() == 2);
        userManager.setName("viewer");
        assertTrue("the viewer is allowed once plus the public entity", dao.find(OwnedEntity.class, 0, 100).size() == 1);
    }

}