1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19 package org.apache.syncope.fit.core;
20
21 import static org.junit.jupiter.api.Assertions.assertEquals;
22 import static org.junit.jupiter.api.Assertions.assertFalse;
23 import static org.junit.jupiter.api.Assertions.assertNotNull;
24 import static org.junit.jupiter.api.Assertions.assertTrue;
25 import static org.junit.jupiter.api.Assertions.fail;
26
27 import java.util.List;
28 import javax.ws.rs.core.Response;
29 import org.apache.syncope.common.lib.SyncopeClientException;
30 import org.apache.syncope.common.lib.SyncopeConstants;
31 import org.apache.syncope.common.lib.to.DynRealmTO;
32 import org.apache.syncope.common.lib.to.RoleTO;
33 import org.apache.syncope.common.lib.to.UserTO;
34 import org.apache.syncope.common.lib.types.AnyTypeKind;
35 import org.apache.syncope.common.lib.types.ClientExceptionType;
36 import org.apache.syncope.common.lib.types.FlowableEntitlement;
37 import org.apache.syncope.common.lib.types.IdRepoEntitlement;
38 import org.apache.syncope.common.rest.api.service.RoleService;
39 import org.apache.syncope.fit.AbstractITCase;
40 import org.junit.jupiter.api.Assertions;
41 import org.junit.jupiter.api.Test;
42
43 public class RoleITCase extends AbstractITCase {
44
45 public static RoleTO getSampleRoleTO(final String name) {
46 RoleTO role = new RoleTO();
47 role.setKey(name + getUUIDString());
48 role.getRealms().add("/even");
49 role.getEntitlements().add(IdRepoEntitlement.AUDIT_SET);
50
51 return role;
52 }
53
54 @Test
55 public void list() {
56 List<RoleTO> roleTOs = ROLE_SERVICE.list();
57 assertNotNull(roleTOs);
58 assertFalse(roleTOs.isEmpty());
59 roleTOs.forEach(Assertions::assertNotNull);
60 }
61
62 @Test
63 public void read() {
64 RoleTO roleTO = ROLE_SERVICE.read("Search for realm evenTwo");
65 assertNotNull(roleTO);
66 assertTrue(roleTO.getEntitlements().contains(IdRepoEntitlement.USER_READ));
67 }
68
69 @Test
70 public void create() {
71 RoleTO role = new RoleTO();
72 role.getRealms().add(SyncopeConstants.ROOT_REALM);
73 role.getRealms().add("/even/two");
74 role.getEntitlements().add(IdRepoEntitlement.AUDIT_SET);
75
76 try {
77 createRole(role);
78 fail("This should not happen");
79 } catch (SyncopeClientException e) {
80 assertEquals(ClientExceptionType.InvalidRole, e.getType());
81 }
82
83 role.setKey("new" + getUUIDString());
84 role = createRole(role);
85 assertNotNull(role);
86 }
87
88 @Test
89 public void createWithTilde() {
90 RoleTO role = new RoleTO();
91 role.getRealms().add(SyncopeConstants.ROOT_REALM);
92 role.getEntitlements().add(IdRepoEntitlement.AUDIT_SET);
93 role.setKey("new~" + getUUIDString());
94 role = createRole(role);
95 assertNotNull(role);
96 }
97
98 @Test
99 public void update() {
100 RoleTO role = getSampleRoleTO("update");
101 role = createRole(role);
102 assertNotNull(role);
103
104 assertFalse(role.getEntitlements().contains(FlowableEntitlement.WORKFLOW_TASK_LIST));
105 assertFalse(role.getRealms().contains("/even/two"));
106
107 role.getEntitlements().add(FlowableEntitlement.WORKFLOW_TASK_LIST);
108 role.getRealms().add("/even/two");
109
110 ROLE_SERVICE.update(role);
111
112 role = ROLE_SERVICE.read(role.getKey());
113 assertTrue(role.getEntitlements().contains(FlowableEntitlement.WORKFLOW_TASK_LIST));
114 assertTrue(role.getRealms().contains("/even/two"));
115 }
116
117 @Test
118 public void delete() {
119 RoleTO role = getSampleRoleTO("delete");
120 Response response = ROLE_SERVICE.create(role);
121
122 RoleTO actual = getObject(response.getLocation(), RoleService.class, RoleTO.class);
123 assertNotNull(actual);
124
125 ROLE_SERVICE.delete(actual.getKey());
126
127 try {
128 ROLE_SERVICE.read(actual.getKey());
129 fail("This should not happen");
130 } catch (SyncopeClientException e) {
131 assertEquals(ClientExceptionType.NotFound, e.getType());
132 }
133 }
134
135 @Test
136 public void dynMembership() {
137 UserTO bellini = USER_SERVICE.read("bellini");
138 assertTrue(bellini.getDynRoles().isEmpty());
139 assertTrue(bellini.getPrivileges().isEmpty());
140
141 RoleTO role = null;
142 try {
143 role = getSampleRoleTO("dynMembership");
144 role.getPrivileges().add("getMighty");
145 role.setDynMembershipCond("cool==true");
146 Response response = ROLE_SERVICE.create(role);
147 role = getObject(response.getLocation(), RoleService.class, RoleTO.class);
148 assertNotNull(role);
149
150 bellini = USER_SERVICE.read("bellini");
151 assertTrue(bellini.getDynRoles().contains(role.getKey()));
152 assertTrue(bellini.getPrivileges().contains("getMighty"));
153
154 role.setDynMembershipCond("cool==false");
155 ROLE_SERVICE.update(role);
156
157 bellini = USER_SERVICE.read("bellini");
158 assertTrue(bellini.getDynMemberships().isEmpty());
159 assertTrue(bellini.getPrivileges().isEmpty());
160 } finally {
161 if (role != null) {
162 ROLE_SERVICE.delete(role.getKey());
163 }
164 }
165 }
166
167 @Test
168 public void issueSYNCOPE1472() {
169 DynRealmTO dynRealmTO = new DynRealmTO();
170 dynRealmTO.setKey("dynRealm");
171 dynRealmTO.getDynMembershipConds().put(AnyTypeKind.USER.name(), "username=~rossini");
172 DYN_REALM_SERVICE.create(dynRealmTO);
173
174
175 RoleTO roleTO = ROLE_SERVICE.read("Other");
176 roleTO.getRealms().add("/odd");
177 roleTO.getDynRealms().add("dynRealm");
178 roleTO.getDynRealms().add("dynRealm");
179 ROLE_SERVICE.update(roleTO);
180
181
182 roleTO = ROLE_SERVICE.read("Other");
183 roleTO.getRealms().remove("/odd");
184 roleTO.getDynRealms().remove("dynRealm");
185 ROLE_SERVICE.update(roleTO);
186
187 roleTO = ROLE_SERVICE.read("Other");
188
189 assertFalse(roleTO.getRealms().contains("/odd"), "Should not contain removed realms");
190 assertFalse(roleTO.getDynRealms().contains("dynRealm"), "Should not contain removed dynamic realms");
191 }
192 }