diff --git a/alfred-api-integrationtests-client/alfresco/src/main/java/eu/xenit/alfred/api/tests/nonadmin/PermissionsTest.java b/alfred-api-integrationtests-client/alfresco/src/main/java/eu/xenit/alfred/api/tests/nonadmin/PermissionsTest.java index 33d0e888..7367002c 100644 --- a/alfred-api-integrationtests-client/alfresco/src/main/java/eu/xenit/alfred/api/tests/nonadmin/PermissionsTest.java +++ b/alfred-api-integrationtests-client/alfresco/src/main/java/eu/xenit/alfred/api/tests/nonadmin/PermissionsTest.java @@ -15,8 +15,10 @@ import org.alfresco.model.ContentModel; import org.alfresco.repo.security.authentication.AuthenticationException; import org.alfresco.repo.security.authentication.AuthenticationUtil; +import org.alfresco.repo.security.permissions.AccessDeniedException; import org.alfresco.service.cmr.model.FileExistsException; import org.alfresco.service.cmr.model.FileInfo; +import org.alfresco.service.cmr.repository.DuplicateChildNodeNameException; import org.alfresco.service.cmr.repository.NodeRef; import org.alfresco.service.cmr.repository.NodeService; import org.alfresco.service.cmr.security.AuthorityService; @@ -25,8 +27,10 @@ import org.alfresco.service.cmr.security.PermissionService; import org.alfresco.service.cmr.security.PersonService; import org.alfresco.service.namespace.QName; +import org.junit.After; import org.junit.AfterClass; import org.junit.Assert; +import org.junit.Before; import org.junit.BeforeClass; import org.junit.Test; import org.slf4j.Logger; @@ -66,8 +70,11 @@ public PermissionsTest() { alfPersonService = getBean("PersonService", PersonService.class); } - @BeforeClass - public void setupSuite() { + @Before + public void setup() { + // For some reason we cannot use @BeforeClass, since this triggers a + // org.junit.runners.model.InitializationError that cannot be further debugged. + AuthenticationUtil.setAdminUserAsFullyAuthenticatedUser(); try { createMainTestFolder(repository.getCompanyHome()); @@ -83,7 +90,6 @@ public void setupSuite() { FileInfo documentForbidden = createTestNode(folderForbidden.getNodeRef(), "ForbiddenDocument"); nodeForbidden = documentForbidden.getNodeRef(); alfNodeService.setProperty(nodeForbidden, PROP_QNAME_VERSION_LABEL, PROPERTY_VALUE); - } catch (FileExistsException e) { logger.warn("Test folder already created. Skipping (" + e.getMessage() + ")"); } @@ -96,19 +102,11 @@ public void setupSuite() { FileInfo documentAllowed = createTestNode(folderAllowed.getNodeRef(), "AllowedDocument"); nodeAllowed = documentAllowed.getNodeRef(); alfNodeService.setProperty(nodeAllowed, PROP_QNAME_VERSION_LABEL, PROPERTY_VALUE); - } catch (FileExistsException e) { logger.warn("Test folder already created. Skipping (" + e.getMessage() + ")"); } } - @AfterClass - public void tearDownSuite() { - AuthenticationUtil.setAdminUserAsFullyAuthenticatedUser(); - alfPersonService.deletePerson(USERNAME_NORIGHTS_JOS); - cleanUp(); - } - private void createUserAndGroupsWithLimitedRights() { try { alfAuthenticationService.createAuthentication(USERNAME_NORIGHTS_JOS, "foobar".toCharArray()); @@ -119,12 +117,17 @@ private void createUserAndGroupsWithLimitedRights() { userProperties.put(ContentModel.PROP_EMAIL, "nojosno@example.com"); alfAuthenticationService.getAuthenticationEnabled(USERNAME_NORIGHTS_JOS); alfPersonService.createPerson(userProperties); + logger.info("User " + USERNAME_NORIGHTS_JOS + " successfully created"); + } catch (AuthenticationException e) { + logger.warn("User already created. Skipping (" + e.getMessage() + ")"); + } + try { alfAuthorityService.createAuthority(AuthorityType.GROUP, GROUPNAME); alfAuthorityService.addAuthority(GROUPID, USERNAME_NORIGHTS_JOS); - } catch (AuthenticationException e) { - // User and groups were already created. Skip. - logger.warn("User and groups already created. Skipping (" + e.getMessage() + ")"); + logger.info("Group " + GROUPNAME + " successfully created"); + } catch (DuplicateChildNodeNameException e) { + logger.warn("Group already created. Skipping (" + e.getMessage() + ")"); } } @@ -150,10 +153,18 @@ public void testGetNodeMetadata() { // Switch to non-admin user AuthenticationUtil.setFullyAuthenticatedUser(USERNAME_NORIGHTS_JOS); + // Allowed case NodeMetadata result = apixNodeService.getMetadata(new eu.xenit.alfred.api.data.NodeRef(nodeAllowed.toString())); - logger.error("WIM: r:: " + result.getProperties()); //// REMOVEME Assert.assertFalse(result.getProperties().isEmpty()); + // Forbidden case + try { + apixNodeService.getMetadata(new eu.xenit.alfred.api.data.NodeRef(nodeForbidden.toString())); + Assert.fail("Expected AccessDeniedException"); + } + catch (AccessDeniedException e) { + } + logger.error("WIM: Your father would be proud, Fox"); // REMOVE ME }