/** * Checks if a Restriction gives permission for a specific (Default)ResourceType * No DefaultResourceType on Restriction means all ResourceTypes (including DefaultResourceTypes) are allowed * * @param restriction * @param resourceType */ private boolean hasPermissionForDefaultResourceType(RestrictionEntity restriction, ResourceTypeEntity resourceType) { // Default and non DefaultTypes are allowed if (resourceType == null || restriction.getResourceTypePermission().equals(ResourceTypePermission.ANY)) { return true; } // Only DefaultTypes are allowed if (restriction.getResourceTypePermission().equals(ResourceTypePermission.DEFAULT_ONLY) && DefaultResourceTypeDefinition.contains(resourceType.getName())) { return true; } // Only non DefaultTypes are allowed return restriction.getResourceTypePermission().equals(ResourceTypePermission.NON_DEFAULT_ONLY) && !DefaultResourceTypeDefinition.contains(resourceType.getName()); }
/** * Checks if restrictionEntityOne is more specific (grants less rights) than restrictionEntityTwo * * @param restrictionEntityOne * @param restrictionEntityTwo */ private boolean isMoreSpecificRestriction(RestrictionEntity restrictionEntityOne, RestrictionEntity restrictionEntityTwo) { // allow update of existing - do not compare with itself if (restrictionEntityOne.getId() != null && restrictionEntityOne.getId().equals(restrictionEntityTwo.getId())) { return false; } if (restrictionEntityOne.getAction().equals(Action.ALL) && !restrictionEntityTwo.getAction().equals(Action.ALL)) { return false; } if (restrictionEntityOne.getResourceGroup() == null && restrictionEntityTwo.getResourceGroup() != null) { return false; } if (restrictionEntityOne.getResourceType() == null && restrictionEntityTwo.getResourceType() != null) { return false; } if (restrictionEntityOne.getResourceTypePermission().equals(ResourceTypePermission.ANY) && !restrictionEntityTwo.getResourceTypePermission().equals(ResourceTypePermission.ANY)) { return false; } return true; }
@Test public void shouldPreserveRestrictionPropertiesIfPermissionIsNotOld() throws AMWException { // given ContextEntity envX = new ContextEntity(); envX.setName("X"); RestrictionEntity restriction = new RestrictionEntity(); when(permissionRepository.getRoleByName("existing")).thenReturn(new RoleEntity()); when(permissionRepository.getPermissionByName("good")).thenReturn(resourcePermission); when(contextLocator.getContextByName("X")).thenReturn(envX); // when permissionBoundary.validateRestriction("existing", null, "good", null, null, ResourceTypePermission.NON_DEFAULT_ONLY, "X", CREATE, restriction); // then assertThat(restriction.getResourceTypePermission(), is(ResourceTypePermission.NON_DEFAULT_ONLY)); assertThat(restriction.getAction(), is(CREATE)); assertThat(restriction.getContext(), is(envX)); assertNull(restriction.getResourceGroup()); assertNull(restriction.getResourceType()); }
@Test public void shouldResetRestrictionPropertiesIfPermissionIsOld() throws AMWException { // given PermissionEntity globalPerm = new PermissionEntity(); globalPerm.setValue("APP_TAB"); RestrictionEntity restriction = new RestrictionEntity(); when(permissionRepository.getRoleByName("existing")).thenReturn(new RoleEntity()); when(permissionRepository.getPermissionByName("good")).thenReturn(globalPerm); // when permissionBoundary.validateRestriction("existing", null, "good", 1, null, ResourceTypePermission.NON_DEFAULT_ONLY, "X", CREATE, restriction); // then assertThat(restriction.getResourceTypePermission(), is(ResourceTypePermission.ANY)); assertThat(restriction.getAction(), is(ALL)); assertNull(restriction.getContext()); assertNull(restriction.getResourceGroup()); assertNull(restriction.getResourceType()); }