← Back to team overview

dhis2-devs team mailing list archive

[Branch ~dhis2-devs-core/dhis2/trunk] Rev 16630: more sharing tests, test for deletion, creation, usergroups, private objects, etc.

 

------------------------------------------------------------
revno: 16630
committer: Morten Olav Hansen <mortenoh@xxxxxxxxx>
branch nick: dhis2
timestamp: Fri 2014-09-05 11:49:59 +0700
message:
  more sharing tests, test for deletion, creation, usergroups, private objects, etc.
modified:
  dhis-2/dhis-services/dhis-service-core/src/test/java/org/hisp/dhis/common/SharingTest.java


--
lp:dhis2
https://code.launchpad.net/~dhis2-devs-core/dhis2/trunk

Your team DHIS 2 developers is subscribed to branch lp:dhis2.
To unsubscribe from this branch go to https://code.launchpad.net/~dhis2-devs-core/dhis2/trunk/+edit-subscription
=== modified file 'dhis-2/dhis-services/dhis-service-core/src/test/java/org/hisp/dhis/common/SharingTest.java'
--- dhis-2/dhis-services/dhis-service-core/src/test/java/org/hisp/dhis/common/SharingTest.java	2014-09-05 02:23:29 +0000
+++ dhis-2/dhis-services/dhis-service-core/src/test/java/org/hisp/dhis/common/SharingTest.java	2014-09-05 04:49:59 +0000
@@ -28,15 +28,23 @@
  * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
 
+import com.google.common.collect.Sets;
+import org.hibernate.SessionFactory;
 import org.hisp.dhis.DhisSpringTest;
 import org.hisp.dhis.acl.AccessStringHelper;
 import org.hisp.dhis.dataelement.DataElement;
 import org.hisp.dhis.hibernate.exception.CreateAccessDeniedException;
+import org.hisp.dhis.hibernate.exception.DeleteAccessDeniedException;
 import org.hisp.dhis.user.User;
+import org.hisp.dhis.user.UserGroup;
+import org.hisp.dhis.user.UserGroupAccess;
 import org.hisp.dhis.user.UserService;
 import org.junit.Test;
+import org.springframework.beans.factory.annotation.Autowired;
 
+import java.util.ArrayList;
 import java.util.Collection;
+import java.util.List;
 
 import static org.junit.Assert.*;
 
@@ -46,6 +54,9 @@
 public class SharingTest
     extends DhisSpringTest
 {
+    @Autowired
+    private SessionFactory sessionFactory;
+
     @Override
     protected void setUpTest() throws Exception
     {
@@ -109,6 +120,24 @@
         identifiableObjectManager.save( createDataElement( 'A' ) );
     }
 
+    @Test( expected = DeleteAccessDeniedException.class )
+    public void userDeniedDeleteObject()
+    {
+        createUserAndInjectSecurityContext( false, "F_DATAELEMENT_PUBLIC_ADD", "F_USER_ADD" );
+
+        User user = createUser( 'B' );
+        identifiableObjectManager.save( user );
+
+        DataElement dataElement = createDataElement( 'A' );
+        identifiableObjectManager.save( dataElement );
+
+        dataElement.setUser( user );
+        dataElement.setPublicAccess( AccessStringHelper.newInstance().build() );
+        sessionFactory.getCurrentSession().update( dataElement );
+
+        identifiableObjectManager.delete( dataElement );
+    }
+
     @Test
     public void objectsWithNoUser()
     {
@@ -121,4 +150,70 @@
 
         assertEquals( 4, all.size() );
     }
+
+    @Test
+    public void readPrivateObjects()
+    {
+        createUserAndInjectSecurityContext( false, "F_DATAELEMENT_PUBLIC_ADD", "F_USER_ADD" );
+
+        User user = createUser( 'B' );
+        identifiableObjectManager.save( user );
+
+        identifiableObjectManager.save( createDataElement( 'A' ) );
+        identifiableObjectManager.save( createDataElement( 'B' ) );
+        identifiableObjectManager.save( createDataElement( 'C' ) );
+        identifiableObjectManager.save( createDataElement( 'D' ) );
+
+        assertEquals( 4, identifiableObjectManager.getAll( DataElement.class ).size() );
+
+        List<DataElement> dataElements = new ArrayList<>( identifiableObjectManager.getAll( DataElement.class ) );
+
+        for ( DataElement dataElement : dataElements )
+        {
+            dataElement.setUser( user );
+            dataElement.setPublicAccess( AccessStringHelper.newInstance().build() );
+
+            sessionFactory.getCurrentSession().update( dataElement );
+        }
+
+        assertEquals( 0, identifiableObjectManager.getAll( DataElement.class ).size() );
+    }
+
+    @Test
+    public void readUserGroupSharedObjects()
+    {
+        User loginUser = createUserAndInjectSecurityContext( false, "F_DATAELEMENT_PUBLIC_ADD", "F_USER_ADD", "F_USERGROUP_PUBLIC_ADD" );
+
+        User user = createUser( 'B' );
+        identifiableObjectManager.save( user );
+
+        UserGroup userGroup = createUserGroup( 'A', Sets.newHashSet( loginUser ) );
+        identifiableObjectManager.save( userGroup );
+
+        identifiableObjectManager.save( createDataElement( 'A' ) );
+        identifiableObjectManager.save( createDataElement( 'B' ) );
+        identifiableObjectManager.save( createDataElement( 'C' ) );
+        identifiableObjectManager.save( createDataElement( 'D' ) );
+
+        assertEquals( 4, identifiableObjectManager.getAll( DataElement.class ).size() );
+
+        List<DataElement> dataElements = new ArrayList<>( identifiableObjectManager.getAll( DataElement.class ) );
+
+        for ( DataElement dataElement : dataElements )
+        {
+            dataElement.setUser( user );
+            dataElement.setPublicAccess( AccessStringHelper.newInstance().build() );
+
+            UserGroupAccess userGroupAccess = new UserGroupAccess();
+            userGroupAccess.setAccess( AccessStringHelper.newInstance().enable( AccessStringHelper.Permission.READ ).build() );
+            userGroupAccess.setUserGroup( userGroup );
+
+            sessionFactory.getCurrentSession().save( userGroupAccess );
+
+            dataElement.getUserGroupAccesses().add( userGroupAccess );
+            sessionFactory.getCurrentSession().update( dataElement );
+        }
+
+        assertEquals( 4, identifiableObjectManager.getAll( DataElement.class ).size() );
+    }
 }