From b37254d005f3f28e3e5620f32ed37311f71472e2 Mon Sep 17 00:00:00 2001
From: Jeff Burke <Jeff.Burke@nrc-cnrc.gc.ca>
Date: Fri, 19 Sep 2014 12:29:32 -0700
Subject: [PATCH] s1651: updated searches and unit tests in group dao
---
projects/cadcAccessControl-Server/build.xml | 6 +-
.../nrc/cadc/ac/server/ldap/LdapGroupDAO.java | 263 +++++-------------
.../nrc/cadc/ac/server/ldap/LdapUserDAO.java | 4 +-
.../cadc/ac/server/ldap/LdapGroupDAOTest.java | 165 +++++++----
.../src/ca/nrc/cadc/ac/Role.java | 2 +-
5 files changed, 195 insertions(+), 245 deletions(-)
diff --git a/projects/cadcAccessControl-Server/build.xml b/projects/cadcAccessControl-Server/build.xml
index bad1d7b6..41e56c2e 100644
--- a/projects/cadcAccessControl-Server/build.xml
+++ b/projects/cadcAccessControl-Server/build.xml
@@ -141,10 +141,10 @@
<pathelement path="${build}/test/class"/>
<pathelement path="${testingJars}"/>
</classpath>
- <test name="ca.nrc.cadc.ac.server.ldap.LdapDAOTest" />
+ <!--<test name="ca.nrc.cadc.ac.server.ldap.LdapDAOTest" />-->
<test name="ca.nrc.cadc.ac.server.ldap.LdapGroupDAOTest" />
- <test name="ca.nrc.cadc.ac.server.web.GroupActionFactoryTest" />
- <test name="ca.nrc.cadc.ac.server.ldap.LdapUserDAOTest" />
+ <!--<test name="ca.nrc.cadc.ac.server.web.GroupActionFactoryTest" />-->
+ <!--<test name="ca.nrc.cadc.ac.server.ldap.LdapUserDAOTest" />-->
<formatter type="plain" usefile="false" />
</junit>
</target>
diff --git a/projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/ldap/LdapGroupDAO.java b/projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/ldap/LdapGroupDAO.java
index 10652c10..970da480 100755
--- a/projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/ldap/LdapGroupDAO.java
+++ b/projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/ldap/LdapGroupDAO.java
@@ -102,11 +102,11 @@ import com.unboundid.ldap.sdk.SearchResult;
import com.unboundid.ldap.sdk.SearchResultEntry;
import com.unboundid.ldap.sdk.SearchScope;
import com.unboundid.ldap.sdk.controls.ProxiedAuthorizationV2RequestControl;
+import java.util.HashSet;
public class LdapGroupDAO<T extends Principal> extends LdapDAO
{
private static final Logger logger = Logger.getLogger(LdapGroupDAO.class);
-
private LdapUserDAO<T> userPersist;
@@ -133,7 +133,7 @@ public class LdapGroupDAO<T extends Principal> extends LdapDAO
* @throws TransientException If an temporary, unexpected problem occurred.
* @throws UserNotFoundException If owner or a member not valid user.
*/
- public Group addGroup(Group group)
+ public Group addGroup(final Group group)
throws GroupAlreadyExistsException, TransientException,
UserNotFoundException, AccessControlException
{
@@ -250,8 +250,7 @@ public class LdapGroupDAO<T extends Principal> extends LdapDAO
throws AccessControlException, UserNotFoundException, LDAPException
{
Group inactiveGroup =
- getInactiveGroup(getGroupDN(group.getID()).toNormalizedString(),
- group.getID());
+ getInactiveGroup(getGroupDN(group.getID()), group.getID());
if (inactiveGroup == null)
{
@@ -264,9 +263,8 @@ public class LdapGroupDAO<T extends Principal> extends LdapDAO
"Inactive group not owned be requestor");
}
- Group inactiveAdminGroup = getInactiveGroup(
- getAdminGroupDN(group.getID()).toNormalizedString(),
- group.getID());
+ Group inactiveAdminGroup =
+ getInactiveGroup(getAdminGroupDN(group.getID()), group.getID());
if (inactiveAdminGroup == null)
{
@@ -284,7 +282,7 @@ public class LdapGroupDAO<T extends Principal> extends LdapDAO
return inactiveGroup;
}
- private Group getInactiveGroup(final String groupDN, final String groupID)
+ private Group getInactiveGroup(final DN groupDN, final String groupID)
throws UserNotFoundException, LDAPException
{
Filter filter = Filter.createANDFilter(
@@ -292,8 +290,8 @@ public class LdapGroupDAO<T extends Principal> extends LdapDAO
Filter.createEqualityFilter("nsaccountlock", "true"));
SearchRequest searchRequest =
- new SearchRequest(groupDN, SearchScope.SUB, filter,
- new String[] {"cn", "owner"});
+ new SearchRequest(groupDN.toNormalizedString(), SearchScope.SUB,
+ filter, new String[] {"cn", "owner"});
searchRequest.addControl(
new ProxiedAuthorizationV2RequestControl("dn:" +
@@ -390,7 +388,7 @@ public class LdapGroupDAO<T extends Principal> extends LdapDAO
}
private Group getAdminGroup(final DN groupDN, final String groupID,
- final boolean withMembers)
+ final boolean withMembers)
throws GroupNotFoundException, TransientException,
AccessControlException
{
@@ -400,7 +398,7 @@ public class LdapGroupDAO<T extends Principal> extends LdapDAO
}
private Group getGroup(final DN groupDN, final String groupID,
- final boolean withMembers, String[] attributes)
+ final boolean withMembers, final String[] attributes)
throws GroupNotFoundException, TransientException,
AccessControlException
{
@@ -479,7 +477,8 @@ public class LdapGroupDAO<T extends Principal> extends LdapDAO
else if (memberDN.isDescendantOf(config.getGroupsDN(),
false))
{
- ldapGroup.getGroupMembers().add(new Group(memberDN.getRDNString().replace("cn=", "")));
+ ldapGroup.getGroupMembers().add(new Group(
+ memberDN.getRDNString().replace("cn=", "")));
}
else
{
@@ -513,7 +512,7 @@ public class LdapGroupDAO<T extends Principal> extends LdapDAO
* @throws AccessControlException If the operation is not permitted.
* @throws UserNotFoundException If owner or group members not valid users.
*/
- public Group modifyGroup(Group group)
+ public Group modifyGroup(final Group group)
throws GroupNotFoundException, TransientException,
AccessControlException, UserNotFoundException
{
@@ -712,7 +711,7 @@ public class LdapGroupDAO<T extends Principal> extends LdapDAO
* @throws GroupNotFoundException If the group was not found.
* @throws TransientException If an temporary, unexpected problem occurred.
*/
- public void deleteGroup(String groupID)
+ public void deleteGroup(final String groupID)
throws GroupNotFoundException, TransientException,
AccessControlException
{
@@ -783,7 +782,8 @@ public class LdapGroupDAO<T extends Principal> extends LdapDAO
* @throws UserNotFoundException
* @throws GroupNotFoundException
*/
- public Collection<Group> getGroups(T userID, Role role, String groupID)
+ public Collection<Group> getGroups(final T userID, final Role role,
+ final String groupID)
throws TransientException, AccessControlException,
GroupNotFoundException, UserNotFoundException
{
@@ -809,15 +809,16 @@ public class LdapGroupDAO<T extends Principal> extends LdapDAO
{
return getMemberGroups(user, userDN, groupID);
}
- else if (role == Role.RW)
+ else if (role == Role.ADMIN)
{
return getAdminGroups(user, userDN, groupID);
}
throw new IllegalArgumentException("Unknown role " + role);
}
- protected Collection<Group> getOwnerGroups(User<T> user, DN userDN,
- String groupID)
+ protected Collection<Group> getOwnerGroups(final User<T> user,
+ final DN userDN,
+ final String groupID)
throws TransientException, AccessControlException,
GroupNotFoundException, UserNotFoundException
{
@@ -868,15 +869,17 @@ public class LdapGroupDAO<T extends Principal> extends LdapDAO
}
}
- protected Collection<Group> getMemberGroups(User<T> user, DN userDN,
- String groupID)
+ protected Collection<Group> getMemberGroups(final User<T> user,
+ final DN userDN,
+ final String groupID)
throws TransientException, AccessControlException,
GroupNotFoundException, UserNotFoundException
{
if (groupID != null)
{
+ String groupDN = getGroupDN(groupID).toNormalizedString();
Collection<Group> groups = new ArrayList<Group>();
- if (userPersist.isMember(user.getUserID(), groupID))
+ if (userPersist.isMember(user.getUserID(), groupDN))
{
groups.add(getGroup(groupID, false));
}
@@ -886,28 +889,34 @@ public class LdapGroupDAO<T extends Principal> extends LdapDAO
{
try
{
- Collection<Group> groups =
+ Collection<Group> memberGroups =
userPersist.getUserGroups(user.getUserID());
List<Filter> filters = new ArrayList<Filter>();
- for (Group group : groups)
+ for (Group group : memberGroups)
{
filters.add(Filter.createEqualityFilter("cn",
group.getID()));
}
Filter filter = Filter.createORFilter(filters);
- SearchRequest searchRequest = new SearchRequest(
- config.getAdminGroupsDN(), SearchScope.SUB, filter,
- "cn");
-
+ SearchRequest searchRequest =
+ new SearchRequest(config.getAdminGroupsDN(),
+ SearchScope.SUB, filter, "cn");
+
SearchResult results = getConnection().search(searchRequest);
for (SearchResultEntry result : results.getSearchEntries())
{
String groupName = result.getAttributeValue("cn");
-
+ for (Group group : memberGroups)
+ {
+ if (group.getID().equals(groupName))
+ {
+ memberGroups.remove(group);
+ }
+ }
}
- return groups;
+ return memberGroups;
}
catch (LDAPException e)
{
@@ -916,179 +925,57 @@ public class LdapGroupDAO<T extends Principal> extends LdapDAO
}
}
- protected Collection<Group> getAdminGroups(User<T> user, DN userDN,
- String groupID)
+ protected Collection<Group> getAdminGroups(final User<T> user,
+ final DN userDN,
+ final String groupID)
throws TransientException, AccessControlException,
GroupNotFoundException, UserNotFoundException
{
- try
+ if (groupID != null)
{
- Collection<Group> queryGroups = new ArrayList<Group>();
- if (groupID != null)
- {
- queryGroups.add(new Group(groupID, user));
- }
- else
+ String adminGroupDN = getAdminGroupDN(groupID).toNormalizedString();
+ Collection<Group> groups = new ArrayList<Group>();
+ if (userPersist.isMember(user.getUserID(), adminGroupDN))
{
- // List of Groups the user belongs to.
- queryGroups.addAll(getMemberGroups(user, userDN, groupID));
-
- // List of Groups the user owns;
- queryGroups.addAll(getOwnerGroups(user, userDN, groupID));
+ groups.add(getGroup(groupID, false));
}
-
- System.out.println("# groups: " + queryGroups.size());
-
- List<Filter> filters = new ArrayList<Filter>();
- for (Group member : queryGroups)
+ return groups;
+ }
+ else
+ {
+ try
{
-// // Require both groupRead and groupWrite
-// if (member.groupRead != null && member.groupWrite != null)
-// {
-// DN groupRead = getGroupDN(member.groupRead.getID());
-// String groupReadAci =
-// GROUP_READ_ACI.replace(ACTUAL_GROUP_TOKEN,
-// groupRead.toNormalizedString());
-// DN groupWrite = getGroupDN(member.groupRead.getID());
-// String groupWriteAci =
-// GROUP_WRITE_ACI.replace(ACTUAL_GROUP_TOKEN,
-// groupWrite.toNormalizedString());
-// System.out.println(groupReadAci);
-// System.out.println(groupWriteAci);
-//
-// Filter filter = Filter.createANDFilter(
-// Filter.createEqualityFilter("aci", groupReadAci),
-// Filter.createEqualityFilter("aci", groupWriteAci));
-// filters.add(filter);
-// }
- }
+ Collection<Group> memberGroups =
+ userPersist.getUserGroups(user.getUserID());
- Collection<Group> groups = new ArrayList<Group>();
- if (filters.isEmpty())
- {
- return groups;
- }
-
- Filter filter = Filter.createORFilter(filters);
- SearchRequest searchRequest = new SearchRequest(
- config.getGroupsDN(), SearchScope.SUB, filter,
- new String[] {"cn", "owner", "description",
- "modifytimestamp"});
+ List<Filter> filters = new ArrayList<Filter>();
+ for (Group group : memberGroups)
+ {
+ filters.add(Filter.createEqualityFilter("cn",
+ group.getID()));
+ }
- searchRequest.addControl(
- new ProxiedAuthorizationV2RequestControl("dn:" +
- getSubjectDN().toNormalizedString()));
-
- SearchResult results = getConnection().search(searchRequest);
- for (SearchResultEntry result : results.getSearchEntries())
- {
- String groupName = result.getAttributeValue("cn");
- DN ownerDN = result.getAttributeValueAsDN("owner");
- User<X500Principal> owner = userPersist.getMember(ownerDN);
+ Filter filter = Filter.createORFilter(filters);
+ SearchRequest searchRequest =
+ new SearchRequest(config.getAdminGroupsDN(),
+ SearchScope.SUB, filter, "cn");
- // Ignore existing illegal group names.
- try
+ SearchResult results = getConnection().search(searchRequest);
+ Collection<Group> adminGroups = new HashSet<Group>();
+ for (SearchResultEntry result : results.getSearchEntries())
{
- Group group = new Group(groupName, owner);
- group.description = result.getAttributeValue("description");
- group.lastModified =
- result.getAttributeValueAsDate("modifytimestamp");
- groups.add(group);
+ String groupName = result.getAttributeValue("cn");
+ adminGroups.add(getGroup(groupName, false));
}
- catch (IllegalArgumentException ignore) { }
+ return adminGroups;
+ }
+ catch (LDAPException e)
+ {
+ throw new TransientException(e.getDiagnosticMessage());
}
- return groups;
- }
- catch (LDAPException e)
- {
- // TODO check which LDAP exceptions are transient and which
- // ones are
- // access control
- throw new TransientException("Error getting groups", e);
}
}
-// protected Collection<Group> getRWGroups2(User<T> user, DN userDN,
-// String groupID)
-// throws TransientException, AccessControlException,
-// GroupNotFoundException, UserNotFoundException
-// {
-// try
-// {
-// Collection<Group> groups = new ArrayList<Group>();
-//
-// Collection<Group> queryGroups = new ArrayList<Group>();
-// if (groupID != null)
-// {
-// queryGroups.add(new Group(groupID, user));
-// }
-// else
-// {
-// // List of Groups the user belongs to.
-// queryGroups.addAll(getMemberGroups(user, userDN, groupID));
-//
-// // List of Groups the user owns;
-// queryGroups.addAll(getOwnerGroups(user, userDN, groupID));
-// }
-//
-// for (Group member : queryGroups)
-// {
-// // Require both groupRead and groupWrite
-// if (member.groupRead != null && member.groupWrite != null)
-// {
-// DN groupRead = getGroupDN(member.groupRead.getID());
-// String groupReadAci =
-// GROUP_READ_ACI.replace(ACTUAL_GROUP_TOKEN,
-// groupRead.toNormalizedString());
-// DN groupWrite = getGroupDN(member.groupWrite.getID());
-// String groupWriteAci =
-// GROUP_WRITE_ACI.replace(ACTUAL_GROUP_TOKEN,
-// groupWrite.toNormalizedString());
-//
-// Filter filter = Filter.createANDFilter(
-// Filter.createEqualityFilter("aci", groupReadAci),
-// Filter.createEqualityFilter("aci", groupWriteAci));
-//
-// SearchRequest searchRequest = new SearchRequest(
-// config.getGroupsDN(), SearchScope.SUB, filter,
-// new String[] {"cn", "owner", "description",
-// "modifytimestamp"});
-//
-// searchRequest.addControl(
-// new ProxiedAuthorizationV2RequestControl("dn:" +
-// getSubjectDN().toNormalizedString()));
-//
-// SearchResult results = getConnection().search(searchRequest);
-// for (SearchResultEntry result : results.getSearchEntries())
-// {
-// String groupName = result.getAttributeValue("cn");
-// DN ownerDN = result.getAttributeValueAsDN("owner");
-// User<X500Principal> owner = userPersist.getMember(ownerDN);
-//
-// // Ignore existing illegal group names.
-// try
-// {
-// Group group = new Group(groupName, owner);
-// group.description = result.getAttributeValue("description");
-// group.lastModified =
-// result.getAttributeValueAsDate("modifytimestamp");
-// groups.add(group);
-// }
-// catch (IllegalArgumentException ignore) { }
-// }
-// }
-// }
-// return groups;
-// }
-// catch (LDAPException e)
-// {
-// // TODO check which LDAP exceptions are transient and which
-// // ones are
-// // access control
-// throw new TransientException("Error getting groups", e);
-// }
-// }
-
/**
* Returns a group based on its LDAP DN. The returned group is bare
* (contains only group ID, description, modifytimestamp).
@@ -1099,7 +986,7 @@ public class LdapGroupDAO<T extends Principal> extends LdapDAO
* @throws ca.nrc.cadc.ac.GroupNotFoundException
* @throws ca.nrc.cadc.ac.UserNotFoundException
*/
-// protected Group getGroup(DN groupDN)
+// protected Group getGroup(final DN groupDN)
// throws LDAPException, GroupNotFoundException, UserNotFoundException
// {
// SearchResultEntry searchResult =
diff --git a/projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/ldap/LdapUserDAO.java b/projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/ldap/LdapUserDAO.java
index bb11f40a..90caef28 100755
--- a/projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/ldap/LdapUserDAO.java
+++ b/projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/ldap/LdapUserDAO.java
@@ -317,7 +317,7 @@ public class LdapUserDAO<T extends Principal> extends LdapDAO
}
}
- public boolean isMember(T userID, String groupID)
+ public boolean isMember(T userID, String groupDN)
throws UserNotFoundException, TransientException,
AccessControlException
{
@@ -335,7 +335,7 @@ public class LdapUserDAO<T extends Principal> extends LdapDAO
CompareRequest compareRequest =
new CompareRequest(userDN.toNormalizedString(),
- "memberOf", groupID);
+ "memberOf", groupDN);
compareRequest.addControl(
new ProxiedAuthorizationV2RequestControl("dn:" +
diff --git a/projects/cadcAccessControl-Server/test/src/ca/nrc/cadc/ac/server/ldap/LdapGroupDAOTest.java b/projects/cadcAccessControl-Server/test/src/ca/nrc/cadc/ac/server/ldap/LdapGroupDAOTest.java
index 1039a5d3..8a675ee5 100644
--- a/projects/cadcAccessControl-Server/test/src/ca/nrc/cadc/ac/server/ldap/LdapGroupDAOTest.java
+++ b/projects/cadcAccessControl-Server/test/src/ca/nrc/cadc/ac/server/ldap/LdapGroupDAOTest.java
@@ -60,6 +60,7 @@ import ca.nrc.cadc.ac.Role;
import ca.nrc.cadc.ac.User;
import ca.nrc.cadc.ac.UserNotFoundException;
import ca.nrc.cadc.util.Log4jInit;
+import static org.junit.Assert.assertNotNull;
public class LdapGroupDAOTest
{
@@ -77,19 +78,23 @@ public class LdapGroupDAOTest
static String daoTestDN1 = "cn=cadcdaotest1,ou=cadc,o=hia,c=ca";
static String daoTestDN2 = "cn=cadcdaotest2,ou=cadc,o=hia,c=ca";
+ static String daoTestDN3 = "cn=cadcdaotest3,ou=cadc,o=hia,c=ca";
static String unknownDN = "cn=foo,ou=cadc,o=hia,c=ca";
static X500Principal daoTestPrincipal1;
static X500Principal daoTestPrincipal2;
+ static X500Principal daoTestPrincipal3;
static X500Principal unknownPrincipal;
static X500Principal adminPrincipal;
static User<X500Principal> daoTestUser1;
static User<X500Principal> daoTestUser2;
+ static User<X500Principal> daoTestUser3;
static User<X500Principal> unknownUser;
static User<X500Principal> adminUser;
- static Subject authSubject;
+ static Subject daoTestUser1Subject;
+ static Subject daoTestUser2Subject;
static Subject anonSubject;
static LdapConfig config;
@@ -102,16 +107,21 @@ public class LdapGroupDAOTest
daoTestPrincipal1 = new X500Principal(daoTestDN1);
daoTestPrincipal2 = new X500Principal(daoTestDN2);
+ daoTestPrincipal3 = new X500Principal(daoTestDN3);
unknownPrincipal = new X500Principal(unknownDN);
adminPrincipal = new X500Principal(adminDN);
daoTestUser1 = new User<X500Principal>(daoTestPrincipal1);
daoTestUser2 = new User<X500Principal>(daoTestPrincipal2);
+ daoTestUser3 = new User<X500Principal>(daoTestPrincipal3);
unknownUser = new User<X500Principal>(unknownPrincipal);
adminUser = new User<X500Principal>(adminPrincipal);
- authSubject = new Subject();
- authSubject.getPrincipals().add(daoTestUser1.getUserID());
+ daoTestUser1Subject = new Subject();
+ daoTestUser1Subject.getPrincipals().add(daoTestUser1.getUserID());
+
+ daoTestUser2Subject = new Subject();
+ daoTestUser2Subject.getPrincipals().add(daoTestUser2.getUserID());
anonSubject = new Subject();
anonSubject.getPrincipals().add(unknownUser.getUserID());
@@ -130,11 +140,11 @@ public class LdapGroupDAOTest
return "CadcDaoTestGroup-" + System.currentTimeMillis();
}
- @Test
+// @Test
public void testOneGroup() throws Exception
{
// do everything as owner
- Subject.doAs(authSubject, new PrivilegedExceptionAction<Object>()
+ Subject.doAs(daoTestUser1Subject, new PrivilegedExceptionAction<Object>()
{
public Object run() throws Exception
{
@@ -213,24 +223,24 @@ public class LdapGroupDAOTest
});
}
- // TODO: add test passing in groupID
- @Test
+// @Test
public void testSearchOwnerGroups() throws Exception
{
- // do everything as owner
- Subject.doAs(authSubject, new PrivilegedExceptionAction<Object>()
+ Subject.doAs(daoTestUser1Subject, new PrivilegedExceptionAction<Object>()
{
public Object run() throws Exception
{
try
{
- Group testGroup = new Group(getGroupID(), daoTestUser1);
+ String groupID = getGroupID();
+ Group testGroup = new Group(groupID, daoTestUser1);
testGroup = getGroupDAO().addGroup(testGroup);
Collection<Group> groups =
- getGroupDAO().getGroups(daoTestUser1.getUserID(),
- Role.OWNER, null);
-
+ getGroupDAO().getGroups(daoTestUser1.getUserID(),
+ Role.OWNER, null);
+ assertNotNull(groups);
+
boolean found = false;
for (Group group : groups)
{
@@ -247,7 +257,14 @@ public class LdapGroupDAOTest
{
fail("Group for owner not found");
}
- getGroupDAO().deleteGroup(testGroup.getID());
+
+ groups = getGroupDAO().getGroups(daoTestUser1.getUserID(),
+ Role.OWNER, groupID);
+ assertNotNull(groups);
+ assertEquals(1, groups.size());
+ assertTrue(groups.iterator().next().equals(testGroup));
+
+ getGroupDAO().deleteGroup(groupID);
}
catch (Exception e)
{
@@ -259,41 +276,71 @@ public class LdapGroupDAOTest
}
// TODO: add test passing in groupID
-// @Test
+ @Test
public void testSearchMemberGroups() throws Exception
{
- // do everything as owner
- Subject.doAs(authSubject, new PrivilegedExceptionAction<Object>()
+ final String testGroup1ID = getGroupID();
+
+ final String testGroup2ID = getGroupID();
+
+
+ Subject.doAs(daoTestUser1Subject, new PrivilegedExceptionAction<Object>()
{
public Object run() throws Exception
{
try
{
- Group expectedGroup = new Group("CadcDaoTestGroup1");
+ Group testGroup1 = new Group(testGroup1ID, daoTestUser1);
+ testGroup1.getUserMembers().add(daoTestUser2);
+ testGroup1 = getGroupDAO().addGroup(testGroup1);
+
+ Group testGroup2 = new Group(testGroup2ID, daoTestUser1);
+ testGroup2.getUserMembers().add(daoTestUser2);
+ testGroup2 = getGroupDAO().addGroup(testGroup2);
+ }
+ catch (Exception e)
+ {
+ throw new Exception("Problems", e);
+ }
+ return null;
+ }
+ });
+
+ Subject.doAs(daoTestUser2Subject, new PrivilegedExceptionAction<Object>()
+ {
+ public Object run() throws Exception
+ {
+ try
+ {
Collection<Group> groups =
- getGroupDAO().getGroups(daoTestUser2.getUserID(),
- Role.MEMBER, null);
+ getGroupDAO().getGroups(daoTestUser2.getUserID(),
+ Role.MEMBER, null);
+
+ assertNotNull(groups);
+ assertTrue(groups.size() >= 2);
log.debug("# groups found: " + groups.size());
- boolean found = false;
+ boolean found1 = false;
+ boolean found2 = false;
for (Group group : groups)
{
- log.debug("found test group: " + group.getID());
- Set<Group> members = group.getGroupMembers();
-
- log.debug("#test group members: " + members.size());
- for (Group member : members)
+ if (group.getID().equals(testGroup1ID))
{
- if (member.equals(expectedGroup))
- {
- found = true;
- }
+ found1 = true;
+ }
+ if (group.getID().equals(testGroup2ID))
+ {
+ found2 = true;
}
}
- if (!found)
+ if (!found1)
+ {
+ fail("Test group 1 not found");
+ }
+ if (!found2)
{
- fail("Group member not found");
+ fail("Test group 2 not found");
}
}
catch (Exception e)
@@ -303,14 +350,31 @@ public class LdapGroupDAOTest
return null;
}
});
+
+ Subject.doAs(daoTestUser1Subject, new PrivilegedExceptionAction<Object>()
+ {
+ public Object run() throws Exception
+ {
+ try
+ {
+ getGroupDAO().deleteGroup(testGroup1ID);
+ getGroupDAO().deleteGroup(testGroup2ID);
+ }
+ catch (Exception e)
+ {
+ throw new Exception("Problems", e);
+ }
+ return null;
+ }
+ });
}
// TODO: add test passing in groupID
// @Test
- public void testSearchRWGroups() throws Exception
+ public void testSearchAdminGroups() throws Exception
{
// do everything as owner
- Subject.doAs(authSubject, new PrivilegedExceptionAction<Object>()
+ Subject.doAs(daoTestUser1Subject, new PrivilegedExceptionAction<Object>()
{
public Object run() throws Exception
{
@@ -320,7 +384,7 @@ public class LdapGroupDAOTest
Collection<Group> groups =
getGroupDAO().getGroups(daoTestUser2.getUserID(),
- Role.RW, null);
+ Role.ADMIN, null);
System.out.println("# groups found: " + groups.size());
boolean found = false;
@@ -353,7 +417,7 @@ public class LdapGroupDAOTest
});
}
- @Test
+// @Test
public void testAddGroupExceptions() throws Exception
{
Subject.doAs(anonSubject, new PrivilegedExceptionAction<Object>()
@@ -371,7 +435,7 @@ public class LdapGroupDAOTest
}
});
- Subject.doAs(authSubject, new PrivilegedExceptionAction<Object>()
+ Subject.doAs(daoTestUser1Subject, new PrivilegedExceptionAction<Object>()
{
public Object run() throws Exception
{
@@ -400,12 +464,12 @@ public class LdapGroupDAOTest
});
}
- @Test
+// @Test
public void testGetGroupExceptions() throws Exception
{
final String groupID = getGroupID();
- Subject.doAs(authSubject, new PrivilegedExceptionAction<Object>()
+ Subject.doAs(daoTestUser1Subject, new PrivilegedExceptionAction<Object>()
{
public Object run() throws Exception
{
@@ -437,7 +501,7 @@ public class LdapGroupDAOTest
}
});
- Subject.doAs(authSubject, new PrivilegedExceptionAction<Object>()
+ Subject.doAs(daoTestUser1Subject, new PrivilegedExceptionAction<Object>()
{
public Object run() throws Exception
{
@@ -447,12 +511,12 @@ public class LdapGroupDAOTest
});
}
- @Test
+// @Test
public void testModifyGroupExceptions() throws Exception
{
final String groupID = getGroupID();
- Subject.doAs(authSubject, new PrivilegedExceptionAction<Object>()
+ Subject.doAs(daoTestUser1Subject, new PrivilegedExceptionAction<Object>()
{
public Object run() throws Exception
{
@@ -493,7 +557,7 @@ public class LdapGroupDAOTest
}
});
- Subject.doAs(authSubject, new PrivilegedExceptionAction<Object>()
+ Subject.doAs(daoTestUser1Subject, new PrivilegedExceptionAction<Object>()
{
public Object run() throws Exception
{
@@ -503,12 +567,12 @@ public class LdapGroupDAOTest
});
}
- @Test
+// @Test
public void testDeleteGroupExceptions() throws Exception
{
final String groupID = getGroupID();
- Subject.doAs(authSubject, new PrivilegedExceptionAction<Object>()
+ Subject.doAs(daoTestUser1Subject, new PrivilegedExceptionAction<Object>()
{
public Object run() throws Exception
{
@@ -540,7 +604,7 @@ public class LdapGroupDAOTest
}
});
- Subject.doAs(authSubject, new PrivilegedExceptionAction<Object>()
+ Subject.doAs(daoTestUser1Subject, new PrivilegedExceptionAction<Object>()
{
public Object run() throws Exception
{
@@ -550,12 +614,12 @@ public class LdapGroupDAOTest
});
}
- @Test
+// @Test
public void testSearchGroupsExceptions() throws Exception
{
final String groupID = getGroupID();
- Subject.doAs(authSubject, new PrivilegedExceptionAction<Object>()
+ Subject.doAs(daoTestUser1Subject, new PrivilegedExceptionAction<Object>()
{
public Object run() throws Exception
{
@@ -598,7 +662,7 @@ public class LdapGroupDAOTest
}
});
- Subject.doAs(authSubject, new PrivilegedExceptionAction<Object>()
+ Subject.doAs(daoTestUser1Subject, new PrivilegedExceptionAction<Object>()
{
public Object run() throws Exception
{
@@ -619,8 +683,7 @@ public class LdapGroupDAOTest
assertEquals(gr1.description, gr2.description);
assertEquals(gr1.getOwner(), gr2.getOwner());
assertEquals(gr1.getGroupMembers(), gr2.getGroupMembers());
- assertEquals(gr1.getGroupMembers().size(), gr2.getGroupMembers()
- .size());
+ assertEquals(gr1.getGroupMembers().size(), gr2.getGroupMembers().size());
for (Group gr : gr1.getGroupMembers())
{
assertTrue(gr2.getGroupMembers().contains(gr));
diff --git a/projects/cadcAccessControl/src/ca/nrc/cadc/ac/Role.java b/projects/cadcAccessControl/src/ca/nrc/cadc/ac/Role.java
index ef9e04b4..3223ef4e 100644
--- a/projects/cadcAccessControl/src/ca/nrc/cadc/ac/Role.java
+++ b/projects/cadcAccessControl/src/ca/nrc/cadc/ac/Role.java
@@ -76,7 +76,7 @@ public enum Role
{
OWNER("owner"),
MEMBER("member"),
- RW("rw");
+ ADMIN("admin");
private final String value;
--
GitLab