All Downloads are FREE. Search and download functionalities are using the official Maven repository.

org.opencms.security.TestRoles Maven / Gradle / Ivy

Go to download

OpenCms is an enterprise-ready, easy to use website content management system based on Java and XML technology. Offering a complete set of features, OpenCms helps content managers worldwide to create and maintain beautiful websites fast and efficiently.

There is a newer version: 18.0
Show newest version
/*
 * This library is part of OpenCms -
 * the Open Source Content Management System
 *
 * Copyright (c) Alkacon Software GmbH & Co. KG (http://www.alkacon.com)
 *
 * This library is free software; you can redistribute it and/or
 * modify it under the terms of the GNU Lesser General Public
 * License as published by the Free Software Foundation; either
 * version 2.1 of the License, or (at your option) any later version.
 *
 * This library is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
 * Lesser General Public License for more details.
 *
 * For further information about Alkacon Software GmbH & Co. KG, please see the
 * company website: http://www.alkacon.com
 *
 * For further information about OpenCms, please see the
 * project website: http://www.opencms.org
 *
 * You should have received a copy of the GNU Lesser General Public
 * License along with this library; if not, write to the Free Software
 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
 */

package org.opencms.security;

import org.opencms.file.CmsGroup;
import org.opencms.file.CmsObject;
import org.opencms.file.CmsUser;
import org.opencms.i18n.CmsMessages;
import org.opencms.main.OpenCms;
import org.opencms.test.OpenCmsTestCase;
import org.opencms.test.OpenCmsTestProperties;

import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Locale;

import junit.extensions.TestSetup;
import junit.framework.Test;
import junit.framework.TestSuite;

/**
 * Tests the OpenCms system roles.

*/ @SuppressWarnings({"unchecked", "rawtypes"}) public class TestRoles extends OpenCmsTestCase { /** * Default JUnit constructor.

* * @param arg0 JUnit parameters */ public TestRoles(String arg0) { super(arg0); } /** * Test suite for this test class.

* Setup is done without importing vfs data. * * @return the test suite */ public static Test suite() { OpenCmsTestProperties.initialize(org.opencms.test.AllTests.TEST_PROPERTIES_PATH); TestSuite suite = new TestSuite(); suite.setName(TestRoles.class.getName()); suite.addTest(new TestRoles("testRoleExceptionMessages")); suite.addTest(new TestRoles("testRoleAssignments")); suite.addTest(new TestRoles("testSubRoles")); suite.addTest(new TestRoles("testVirtualRoleGroups")); suite.addTest(new TestRoles("testRoleDelegating")); suite.addTest(new TestRoles("testSpecialUserConfirmation")); TestSetup wrapper = new TestSetup(suite) { @Override protected void setUp() { setupOpenCms("simpletest", "/"); } @Override protected void tearDown() { removeOpenCms(); } }; return wrapper; } /** * Check the given message.

* * @param message the message to check */ private static void checkMessage(String message) { System.out.println(message); // check if a key could not be resolved assertFalse(message.indexOf(CmsMessages.UNKNOWN_KEY_EXTENSION) >= 0); // very simple check if message still containes unresolved '{n}' assertFalse(message.indexOf('{') >= 0); } /** * Tests role assignments.

* * @throws Exception if the test fails */ public void testRoleAssignments() throws Exception { echo("Testing role assignments"); CmsObject cms = getCmsObject(); CmsRoleManager roleMan = OpenCms.getRoleManager(); // check preconditions for admin, with some roles roleMan.checkRoleForResource(cms, CmsRole.ROOT_ADMIN, "/"); roleMan.checkRole(cms, CmsRole.ROOT_ADMIN); roleMan.checkRoleForResource(cms, CmsRole.DEVELOPER, "/"); roleMan.checkRole(cms, CmsRole.DEVELOPER.forOrgUnit("")); roleMan.checkRoleForResource(cms, CmsRole.WORKPLACE_MANAGER, "/"); roleMan.checkRole(cms, CmsRole.WORKPLACE_MANAGER); assertFalse(roleMan.getManageableGroups(cms, "", false).isEmpty()); assertFalse(roleMan.getManageableUsers(cms, "", false).isEmpty()); assertFalse(roleMan.getOrgUnitsForRole(cms, CmsRole.ADMINISTRATOR.forOrgUnit(""), false).isEmpty()); assertFalse( roleMan.getRolesOfUser( cms, cms.getRequestContext().getCurrentUser().getName(), "", true, false, false).isEmpty()); assertTrue( roleMan.getUsersOfRole(cms, CmsRole.ROOT_ADMIN, true, false).contains( cms.getRequestContext().getCurrentUser())); assertTrue(roleMan.getUsersOfRole(cms, CmsRole.ADMINISTRATOR.forOrgUnit(""), true, true).isEmpty()); assertEquals(1, roleMan.getUsersOfRole(cms, CmsRole.ADMINISTRATOR.forOrgUnit(""), true, false).size()); // check preconditions for test user, with some roles CmsUser user = cms.readUser("test1"); assertFalse(roleMan.hasRoleForResource(cms, user.getName(), CmsRole.ROOT_ADMIN, "/")); assertFalse(roleMan.hasRole(cms, user.getName(), CmsRole.ROOT_ADMIN)); assertFalse(roleMan.hasRoleForResource(cms, user.getName(), CmsRole.DEVELOPER, "/")); assertFalse(roleMan.hasRole(cms, user.getName(), CmsRole.DEVELOPER.forOrgUnit(""))); assertFalse(roleMan.hasRoleForResource(cms, user.getName(), CmsRole.WORKPLACE_MANAGER, "/")); assertFalse(roleMan.hasRole(cms, user.getName(), CmsRole.WORKPLACE_MANAGER)); assertEquals(5, roleMan.getRolesOfUser(cms, user.getName(), "", true, false, false).size()); assertFalse(roleMan.getUsersOfRole(cms, CmsRole.ROOT_ADMIN, true, false).contains(user)); assertTrue( roleMan.getUsersOfRole(cms, CmsRole.ROOT_ADMIN, true, false).contains( cms.getRequestContext().getCurrentUser())); assertTrue( roleMan.getUsersOfRole(cms, CmsRole.ADMINISTRATOR.forOrgUnit(""), true, false).contains( cms.getRequestContext().getCurrentUser())); // login as test user to check if it can create a user cms.loginUser(user.getName(), "test1"); try { cms.createUser("mytest", "mytest", "my test", null); fail("the user should not have account management permissions"); } catch (CmsRoleViolationException e) { // ok, ignore } assertTrue(roleMan.getManageableGroups(cms, "", false).isEmpty()); assertTrue(roleMan.getManageableUsers(cms, "", false).isEmpty()); assertTrue(roleMan.getOrgUnitsForRole(cms, CmsRole.ADMINISTRATOR.forOrgUnit(""), false).isEmpty()); // login back as admin cms = getCmsObject(); roleMan.addUserToRole(cms, CmsRole.ADMINISTRATOR, user.getName()); // login back as test user to check again cms.loginUser(user.getName(), "test1"); // now it should work cms.createUser("mytest", "mytest", "my test", null); // check post-conditions for test user, with some roles assertFalse(roleMan.hasRoleForResource(cms, user.getName(), CmsRole.ROOT_ADMIN, "/")); assertFalse(roleMan.hasRole(cms, user.getName(), CmsRole.ROOT_ADMIN)); assertTrue(roleMan.hasRoleForResource(cms, user.getName(), CmsRole.DEVELOPER, "/")); assertTrue(roleMan.hasRole(cms, user.getName(), CmsRole.DEVELOPER.forOrgUnit(""))); assertFalse(roleMan.hasRoleForResource(cms, user.getName(), CmsRole.WORKPLACE_MANAGER, "/")); assertFalse(roleMan.hasRole(cms, user.getName(), CmsRole.WORKPLACE_MANAGER)); assertFalse(roleMan.getManageableGroups(cms, "", false).isEmpty()); assertFalse(roleMan.getManageableUsers(cms, "", false).isEmpty()); assertFalse(roleMan.getOrgUnitsForRole(cms, CmsRole.ADMINISTRATOR.forOrgUnit(""), false).isEmpty()); assertFalse(roleMan.getRolesOfUser(cms, user.getName(), "", true, false, false).isEmpty()); assertTrue( roleMan.getUsersOfRole(cms, CmsRole.ADMINISTRATOR.forOrgUnit(""), true, false).contains( cms.getRequestContext().getCurrentUser())); assertTrue(roleMan.getUsersOfRole(cms, CmsRole.ACCOUNT_MANAGER.forOrgUnit(""), true, true).isEmpty()); assertTrue(roleMan.getUsersOfRole(cms, CmsRole.ROOT_ADMIN, true, false).contains(cms.readUser("Admin"))); assertFalse( roleMan.getUsersOfRole(cms, CmsRole.ROOT_ADMIN, true, false).contains( cms.getRequestContext().getCurrentUser())); } /** * Tests role delegating.

* * @throws Exception if the test fails */ public void testRoleDelegating() throws Exception { echo("Testing role delegating"); CmsObject cms = getCmsObject(); CmsRoleManager roleMan = OpenCms.getRoleManager(); CmsUser user = cms.createUser("testUser", "testUser", "testUser", null); roleMan.addUserToRole(cms, CmsRole.ACCOUNT_MANAGER.forOrgUnit(""), user.getName()); cms.loginUser(user.getName(), "testUser"); CmsUser u2 = cms.createUser("testUser2", "testUser2", "testUser2", null); try { roleMan.addUserToRole(cms, CmsRole.DEVELOPER.forOrgUnit(""), u2.getName()); fail("it should not be possible to delegate a role you do not have"); } catch (CmsRoleViolationException e) { // ok, ignore } roleMan.addUserToRole(cms, CmsRole.ACCOUNT_MANAGER.forOrgUnit(""), u2.getName()); } /** * Tests if all keys in the system roles exception messages can be resolved.

* * @throws Exception if the test fails */ public void testRoleExceptionMessages() throws Exception { echo("Testing role exception messages"); // check the system roles Iterator i = CmsRole.getSystemRoles().iterator(); while (i.hasNext()) { CmsRole role = (CmsRole)i.next(); checkMessage(role.getName(Locale.ENGLISH)); checkMessage(role.getDescription(Locale.ENGLISH)); } // check a user defined role String roleName = "MY_VERY_SPECIAL_ROLE"; CmsRole myRole = new CmsRole(roleName, null, OpenCms.getDefaultUsers().getGroupAdministrators(), true); checkMessage(myRole.getName(Locale.ENGLISH)); checkMessage(myRole.getDescription(Locale.ENGLISH)); } /** * Tests special user based role confirmation.

* * @throws Exception if the test fails */ public void testSpecialUserConfirmation() throws Exception { echo("Testing special user based role confirmation"); CmsObject cms = getCmsObject(); CmsRoleManager roleMan = OpenCms.getRoleManager(); // check standard: Workplace user has roles CATEGORY_EDITOR, GALLERY_EDITOR CmsUser user = cms.createUser("specUser", "specUser", "specUser", null); roleMan.addUserToRole(cms, CmsRole.WORKPLACE_USER, user.getName()); cms.loginUser(user.getName(), "specUser"); assertTrue(roleMan.hasRole(cms, CmsRole.CATEGORY_EDITOR)); assertTrue(roleMan.hasRole(cms, CmsRole.GALLERY_EDITOR)); // configure individual confirmation for CATEGORY_EDITOR OpenCms.setRuntimeProperty(CmsRole.CONFIRM_ROLE_PREFIX + "CATEGORY_EDITOR", "true"); OpenCms.getMemoryMonitor().clearCache(); // we know user has no individual confirmation by default assertFalse(roleMan.hasRole(cms, CmsRole.CATEGORY_EDITOR)); assertTrue(roleMan.hasRole(cms, CmsRole.GALLERY_EDITOR)); // configure individual confirmation for GALLERY_EDITOR OpenCms.setRuntimeProperty(CmsRole.CONFIRM_ROLE_PREFIX + "GALLERY_EDITOR", "true"); OpenCms.getMemoryMonitor().clearCache(); // we know user has no individual confirmation by default still assertFalse(roleMan.hasRole(cms, CmsRole.CATEGORY_EDITOR)); assertFalse(roleMan.hasRole(cms, CmsRole.GALLERY_EDITOR)); // now add individual confirmation for the user as CATEGORY_EDITOR user.setAdditionalInfo(CmsRole.CONFIRM_ROLE_PREFIX + "CATEGORY_EDITOR", "true"); cms.writeUser(user); OpenCms.getMemoryMonitor().clearCache(); // must login again otherwise additional info will not be updated cms.loginUser(user.getName(), "specUser"); // access to the CATEGORY_EDITOR must be available now assertTrue(roleMan.hasRole(cms, CmsRole.CATEGORY_EDITOR)); assertFalse(roleMan.hasRole(cms, CmsRole.GALLERY_EDITOR)); // now add individual confirmation for the user as GALLERY_EDITOR user.setAdditionalInfo(CmsRole.CONFIRM_ROLE_PREFIX + "GALLERY_EDITOR", "true"); cms.writeUser(user); OpenCms.getMemoryMonitor().clearCache(); cms.loginUser(user.getName(), "specUser"); // access to the GALLERY_EDITOR must be available now assertTrue(roleMan.hasRole(cms, CmsRole.CATEGORY_EDITOR)); assertTrue(roleMan.hasRole(cms, CmsRole.GALLERY_EDITOR)); // now test higher ranking user // here access must be available even if no individual confirmation is present cms.loginUser("Admin", "admin"); CmsUser devUser = cms.createUser("devUser", "devUser", "devUser", null); roleMan.addUserToRole(cms, CmsRole.DEVELOPER, devUser.getName()); cms.loginUser(devUser.getName(), "devUser"); assertTrue("true".equals(OpenCms.getRuntimeProperty(CmsRole.CONFIRM_ROLE_PREFIX + "CATEGORY_EDITOR"))); assertTrue(devUser.getAdditionalInfo(CmsRole.CONFIRM_ROLE_PREFIX + "CATEGORY_EDITOR") == null); assertTrue(roleMan.hasRole(cms, CmsRole.CATEGORY_EDITOR)); assertTrue("true".equals(OpenCms.getRuntimeProperty(CmsRole.CONFIRM_ROLE_PREFIX + "GALLERY_EDITOR"))); assertTrue(devUser.getAdditionalInfo(CmsRole.CONFIRM_ROLE_PREFIX + "GALLERY_EDITOR") == null); assertTrue(roleMan.hasRole(cms, CmsRole.GALLERY_EDITOR)); // now test lower ranking user GALLERY_EDITOR // if a user has _only_ CATEGORY_EDITOR / GALLERY_EDITOR but not WORKPLACE_USER he should get access // otherwise having the role CATEGORY_EDITOR / GALLERY_EDITOR would be pointless cms.loginUser("Admin", "admin"); CmsUser galUser = cms.createUser("galUser", "galUser", "galUser", null); roleMan.addUserToRole(cms, CmsRole.GALLERY_EDITOR, galUser.getName()); cms.loginUser(galUser.getName(), "galUser"); assertTrue("true".equals(OpenCms.getRuntimeProperty(CmsRole.CONFIRM_ROLE_PREFIX + "CATEGORY_EDITOR"))); assertTrue(galUser.getAdditionalInfo(CmsRole.CONFIRM_ROLE_PREFIX + "CATEGORY_EDITOR") == null); // the user is only GALLERY_EDITOR but not CATEGORY_EDITOR assertFalse(roleMan.hasRole(cms, CmsRole.CATEGORY_EDITOR)); assertTrue("true".equals(OpenCms.getRuntimeProperty(CmsRole.CONFIRM_ROLE_PREFIX + "GALLERY_EDITOR"))); assertTrue(galUser.getAdditionalInfo(CmsRole.CONFIRM_ROLE_PREFIX + "GALLERY_EDITOR") == null); // the user should have the CATEGORY_EDITOR role without individual confirmation assertTrue(roleMan.hasRole(cms, CmsRole.GALLERY_EDITOR)); // now test lower ranking user CATEGORY_EDITOR // if a user has _only_ CATEGORY_EDITOR / GALLERY_EDITOR but not WORKPLACE_USER he should get access // otherwise having the role CATEGORY_EDITOR / GALLERY_EDITOR would be pointless cms.loginUser("Admin", "admin"); CmsUser catUser = cms.createUser("catUser", "catUser", "catUser", null); roleMan.addUserToRole(cms, CmsRole.CATEGORY_EDITOR, catUser.getName()); cms.loginUser(catUser.getName(), "catUser"); assertTrue("true".equals(OpenCms.getRuntimeProperty(CmsRole.CONFIRM_ROLE_PREFIX + "CATEGORY_EDITOR"))); assertTrue(catUser.getAdditionalInfo(CmsRole.CONFIRM_ROLE_PREFIX + "CATEGORY_EDITOR") == null); // the user should have the CATEGORY_EDITOR role without individual confirmation assertTrue(roleMan.hasRole(cms, CmsRole.CATEGORY_EDITOR)); assertTrue("true".equals(OpenCms.getRuntimeProperty(CmsRole.CONFIRM_ROLE_PREFIX + "GALLERY_EDITOR"))); assertTrue(catUser.getAdditionalInfo(CmsRole.CONFIRM_ROLE_PREFIX + "GALLERY_EDITOR") == null); // the user is only CATEGORY_EDITOR but not GALLERY_EDITOR assertFalse(roleMan.hasRole(cms, CmsRole.GALLERY_EDITOR)); } /** * Tests subroles operations.

* * @throws Exception if the test fails */ public void testSubRoles() throws Exception { echo("Testing subroles operations"); CmsObject cms = getCmsObject(); CmsRoleManager roleMan = OpenCms.getRoleManager(); // check preconditions for admin List adminRoles = roleMan.getRolesOfUser( cms, cms.getRequestContext().getCurrentUser().getName(), "", false, true, false); assertEquals(1, adminRoles.size()); assertTrue(adminRoles.contains(CmsRole.ROOT_ADMIN)); // should do nothing roleMan.addUserToRole( cms, CmsRole.DEVELOPER.forOrgUnit(""), cms.getRequestContext().getCurrentUser().getName()); // check again adminRoles = roleMan.getRolesOfUser( cms, cms.getRequestContext().getCurrentUser().getName(), "", false, true, false); assertEquals(1, adminRoles.size()); assertTrue(adminRoles.contains(CmsRole.ROOT_ADMIN)); CmsUser user = cms.readUser("test2"); List roles = roleMan.getRolesOfUser(cms, user.getName(), "", true, true, false); assertEquals(1, roles.size()); assertTrue(roles.contains(CmsRole.WORKPLACE_USER.forOrgUnit(user.getOuFqn()))); roleMan.addUserToRole(cms, CmsRole.VFS_MANAGER.forOrgUnit(user.getOuFqn()), user.getName()); roles = roleMan.getRolesOfUser(cms, user.getName(), "", true, true, false); assertEquals(1, roles.size()); assertTrue(roles.contains(CmsRole.VFS_MANAGER.forOrgUnit(user.getOuFqn()))); roles = roleMan.getRolesOfUser(cms, user.getName(), "", true, false, false); List children = CmsRole.VFS_MANAGER.forOrgUnit("").getChildren(true); children.add(CmsRole.VFS_MANAGER.forOrgUnit("")); assertEquals(children.size(), roles.size()); Iterator it = roles.iterator(); while (it.hasNext()) { CmsRole role = (CmsRole)it.next(); assertTrue(children.contains(role)); } // now add a parent role roleMan.addUserToRole(cms, CmsRole.ADMINISTRATOR.forOrgUnit(user.getOuFqn()), user.getName()); // which should have removed the child role roles = roleMan.getRolesOfUser(cms, user.getName(), "", true, true, false); // wp user is child of administrator, so it will not be set automatically assertEquals(1, roles.size()); assertTrue(roles.contains(CmsRole.ADMINISTRATOR.forOrgUnit(user.getOuFqn()))); roles = roleMan.getRolesOfUser(cms, user.getName(), "", true, false, false); children = CmsRole.ADMINISTRATOR.forOrgUnit("").getChildren(true); children.add(CmsRole.ADMINISTRATOR.forOrgUnit("")); assertEquals(children.size(), roles.size()); it = roles.iterator(); while (it.hasNext()) { CmsRole role = (CmsRole)it.next(); assertTrue(children.contains(role)); } } /** * Tests virtual role groups.

* * @throws Exception if the test fails */ public void testVirtualRoleGroups() throws Exception { echo("Testing virtual role groups"); CmsObject cms = getCmsObject(); CmsGroup group = cms.createGroup("mytest", "vfs managers", CmsRole.VFS_MANAGER.getVirtualGroupFlags(), null); List roleUsers = OpenCms.getRoleManager().getUsersOfRole(cms, CmsRole.VFS_MANAGER.forOrgUnit(""), true, false); List groupUsers = cms.getUsersOfGroup(group.getName()); assertEquals(new HashSet(roleUsers), new HashSet(groupUsers)); // try out a child role OpenCms.getRoleManager().addUserToRole(cms, CmsRole.DEVELOPER.forOrgUnit(""), "Guest"); // nothing should change assertEquals(new HashSet(roleUsers), new HashSet(cms.getUsersOfGroup(group.getName()))); // try out a parent role OpenCms.getRoleManager().addUserToRole(cms, CmsRole.ADMINISTRATOR.forOrgUnit(""), "Guest"); assertEquals(groupUsers.size() + 1, cms.getUsersOfGroup(group.getName()).size()); assertTrue(cms.getUsersOfGroup(group.getName()).contains(cms.readUser("Guest"))); // everything should be as before OpenCms.getRoleManager().removeUserFromRole(cms, CmsRole.ADMINISTRATOR.forOrgUnit(""), "Guest"); groupUsers = cms.getUsersOfGroup(group.getName()); assertEquals(new HashSet(roleUsers), new HashSet(groupUsers)); // remove the virtual group cms.deleteGroup(group.getName()); assertFalse(OpenCms.getOrgUnitManager().getGroups(cms, "", true).contains(group)); // check the roles for the user assertTrue(OpenCms.getRoleManager().getRolesOfUser(cms, "Guest", "", true, true, true).isEmpty()); // try to add a role by adding a user to the group group = cms.createGroup("mytest", "vfs managers", CmsRole.VFS_MANAGER.getVirtualGroupFlags(), null); assertEquals(1, cms.getGroupsOfUser("Guest", false).size()); assertTrue(OpenCms.getRoleManager().getRolesOfUser(cms, "Guest", "", true, true, true).isEmpty()); cms.addUserToGroup("Guest", group.getName()); assertEquals(3, cms.getGroupsOfUser("Guest", false).size()); assertEquals(1, OpenCms.getRoleManager().getRolesOfUser(cms, "Guest", "", true, true, true).size()); cms.removeUserFromGroup("Guest", group.getName()); assertEquals(1, cms.getGroupsOfUser("Guest", false).size()); assertTrue(OpenCms.getRoleManager().getRolesOfUser(cms, "Guest", "", true, true, true).isEmpty()); } }





© 2015 - 2024 Weber Informatics LLC | Privacy Policy