From 66db6ebacdcd338dfd3b2fc018984935d4e7e1ea Mon Sep 17 00:00:00 2001 From: Brutus5000 Date: Tue, 5 Dec 2017 21:04:19 +0100 Subject: [PATCH] fixes #184 add permissions to DomainBlacklist --- .../api/data/DomainBlacklistTest.java | 87 +++++++++++++++++++ .../sql/cleanDomainBlacklistData.sql | 1 + .../resources/sql/prepDomainBlacklistData.sql | 2 + .../api/data/domain/DomainBlacklist.java | 11 ++- src/main/resources/config/application.yml | 2 +- 5 files changed, 101 insertions(+), 2 deletions(-) create mode 100644 src/inttest/java/com/faforever/api/data/DomainBlacklistTest.java create mode 100644 src/inttest/resources/sql/cleanDomainBlacklistData.sql create mode 100644 src/inttest/resources/sql/prepDomainBlacklistData.sql diff --git a/src/inttest/java/com/faforever/api/data/DomainBlacklistTest.java b/src/inttest/java/com/faforever/api/data/DomainBlacklistTest.java new file mode 100644 index 000000000..d75d80e07 --- /dev/null +++ b/src/inttest/java/com/faforever/api/data/DomainBlacklistTest.java @@ -0,0 +1,87 @@ +package com.faforever.api.data; + +import com.faforever.api.AbstractIntegrationTest; +import org.junit.Test; +import org.springframework.security.test.context.support.WithUserDetails; +import org.springframework.test.context.jdbc.Sql; +import org.springframework.test.context.jdbc.Sql.ExecutionPhase; + +import static org.hamcrest.Matchers.hasSize; +import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.delete; +import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get; +import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.post; +import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.content; +import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.jsonPath; +import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status; + +@Sql(executionPhase = ExecutionPhase.BEFORE_TEST_METHOD, scripts = "classpath:sql/prepDefaultUser.sql") +@Sql(executionPhase = ExecutionPhase.BEFORE_TEST_METHOD, scripts = "classpath:sql/prepDomainBlacklistData.sql") +@Sql(executionPhase = ExecutionPhase.AFTER_TEST_METHOD, scripts = "classpath:sql/cleanDomainBlacklistData.sql") +public class DomainBlacklistTest extends AbstractIntegrationTest { + private static final String NEW_DOMAIN = "{\"data\":{\"type\":\"domainBlacklist\",\"id\":\"google.com\"}}"; + + @Test + @WithUserDetails(AUTH_USER) + public void emptyResultDomainBlacklistAsUser() throws Exception { + mockMvc.perform(get("/data/domainBlacklist")) + .andExpect(status().isOk()) + .andExpect(content().string("{\"data\":[]}")); + } + + @Test + @WithUserDetails(AUTH_USER) + public void cannotReadSpecificDomainBlacklistAsUser() throws Exception { + mockMvc.perform(get("/data/domainBlacklist/spam.org")) + .andExpect(status().isForbidden()); + } + + @Test + @WithUserDetails(AUTH_MODERATOR) + public void canReadDomainBlacklistAsModerator() throws Exception { + mockMvc.perform(get("/data/domainBlacklist")) + .andExpect(status().isOk()) + .andExpect(jsonPath("$.data", hasSize(1))); + } + + @Test + @WithUserDetails(AUTH_MODERATOR) + public void canReadSpecificDomainBlacklistAsModerator() throws Exception { + mockMvc.perform(get("/data/domainBlacklist/spam.org")) + .andExpect(status().isOk()); + } + + + @Test + @WithUserDetails(AUTH_USER) + public void cannotCreateDomainBlacklistAsUser() throws Exception { + mockMvc.perform( + post("/data/domainBlacklist") + .content(NEW_DOMAIN)) + .andExpect(status().isForbidden()); + } + + @Test + @WithUserDetails(AUTH_MODERATOR) + public void canCreateDomainBlacklistAsModerator() throws Exception { + mockMvc.perform( + post("/data/domainBlacklist") + .content(NEW_DOMAIN)) + .andExpect(status().isCreated()); + } + + @Test + @WithUserDetails(AUTH_USER) + public void cannotDeleteDomainBlacklistAsUser() throws Exception { + mockMvc.perform( + delete("/data/domainBlacklist/spam.org")) + .andExpect(status().isForbidden()); + } + + @Test + @WithUserDetails(AUTH_MODERATOR) + public void canDeleteDomainBlacklistAsModerator() throws Exception { + mockMvc.perform( + delete("/data/domainBlacklist/spam.org")) + .andExpect(status().isNoContent()); + } +} diff --git a/src/inttest/resources/sql/cleanDomainBlacklistData.sql b/src/inttest/resources/sql/cleanDomainBlacklistData.sql new file mode 100644 index 000000000..8afc07cb6 --- /dev/null +++ b/src/inttest/resources/sql/cleanDomainBlacklistData.sql @@ -0,0 +1 @@ +DELETE FROM email_domain_blacklist; diff --git a/src/inttest/resources/sql/prepDomainBlacklistData.sql b/src/inttest/resources/sql/prepDomainBlacklistData.sql new file mode 100644 index 000000000..d84931cae --- /dev/null +++ b/src/inttest/resources/sql/prepDomainBlacklistData.sql @@ -0,0 +1,2 @@ +DELETE FROM email_domain_blacklist; +INSERT INTO email_domain_blacklist VALUES ('spam.org'); diff --git a/src/main/java/com/faforever/api/data/domain/DomainBlacklist.java b/src/main/java/com/faforever/api/data/domain/DomainBlacklist.java index 437a0e520..df49c02c4 100644 --- a/src/main/java/com/faforever/api/data/domain/DomainBlacklist.java +++ b/src/main/java/com/faforever/api/data/domain/DomainBlacklist.java @@ -1,6 +1,11 @@ package com.faforever.api.data.domain; +import com.faforever.api.data.checks.permission.IsModerator; +import com.yahoo.elide.annotation.CreatePermission; +import com.yahoo.elide.annotation.DeletePermission; import com.yahoo.elide.annotation.Include; +import com.yahoo.elide.annotation.ReadPermission; +import com.yahoo.elide.annotation.UpdatePermission; import lombok.EqualsAndHashCode; import lombok.Setter; @@ -12,7 +17,11 @@ @Entity @Setter @Table(name = "email_domain_blacklist") -@Include(type = "domainBlacklist") +@Include(type = "domainBlacklist", rootLevel = true) +@ReadPermission(expression = IsModerator.EXPRESSION) +@UpdatePermission(expression = IsModerator.EXPRESSION) +@CreatePermission(expression = IsModerator.EXPRESSION) +@DeletePermission(expression = IsModerator.EXPRESSION) @EqualsAndHashCode public class DomainBlacklist { private String domain; diff --git a/src/main/resources/config/application.yml b/src/main/resources/config/application.yml index 2513ba20d..0a3e6357f 100644 --- a/src/main/resources/config/application.yml +++ b/src/main/resources/config/application.yml @@ -5,7 +5,7 @@ faf-api: challonge: key: ${CHALLONGE_KEY:} database: - schema-version: ${DATABASE_SCHEMA_VERSION:44} + schema-version: ${DATABASE_SCHEMA_VERSION:46} spring: application: