Tests to update Ban Permission

FAForever · Mar 9, 2017 · e1d62fe · e1d62fe
1 parent a308965
commit e1d62fe
Show file tree

Hide file tree

Showing 3 changed files with 132 additions and 1 deletion.
diff --git a/src/main/java/com/faforever/api/data/domain/BanType.java b/src/main/java/com/faforever/api/data/domain/BanType.java
@@ -1,5 +1,5 @@
 package com.faforever.api.data.domain;
 
 public enum BanType {
-  CHAT, GAME, GLOBAL
+  CHAT, GLOBAL
 }
diff --git a/src/main/java/com/faforever/api/data/domain/Player.java b/src/main/java/com/faforever/api/data/domain/Player.java
@@ -12,6 +12,7 @@
 import javax.persistence.Table;
 import javax.persistence.Transient;
 import java.util.List;
+import java.util.stream.Collectors;
 
 @Entity
 @Table(name = "login")
@@ -56,6 +57,16 @@ public List<BanInfo> getBans() {
     return this.bans;
   }
 
+  @Transient
+  public List<BanInfo> getActiveBans() {
+    return getBans().stream().filter(ban -> ban.getBanStatus() == BanStatusType.BANNED).collect(Collectors.toList());
+  }
+
+  @Transient
+  public boolean isGlobalBanned() {
+    return getActiveBans().stream().anyMatch(ban -> ban.getType() == BanType.GLOBAL);
+  }
+
   @OneToMany(mappedBy = "author")
   @UpdatePermission(any = {Role.ALL.class}) // Permission is managed by BanInfo class
   public List<BanInfo> getCreatedBans() {

diff --git a/src/test/java/com/faforever/api/data/JsonApiBanIntegrationTest.java b/src/test/java/com/faforever/api/data/JsonApiBanIntegrationTest.java
@@ -40,6 +40,7 @@
 
 import static org.junit.Assert.assertEquals;
 import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get;
+import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.patch;
 import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.post;
 import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.content;
 import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
@@ -234,4 +235,123 @@ public void createBanWithPermission() {
     assertEquals(1, banRepository.count());
     assertEquals(reason, banRepository.findAll().get(0).getReason());
   }
+
+  @Test
+  @SneakyThrows
+  public void updateBanWithPermission() {
+    String accessToken = createUserAndGetAccessToken("Dragonfire", "foo");
+    Role role = permissionService.createRole("TestRole",
+        permissionService.createPermission(HasBanRead.EXPRESSION),
+        permissionService.createPermission(HasBanUpdate.EXPRESSION));
+    permissionService.assignUserToRole(userRepository.findOneByLoginIgnoreCase(me.getLogin()), role);
+
+    String reason = "I want to ban him";
+    BanInfo ban = new BanInfo().setAuthor(me).setReason(reason).setPlayer(me).setType(BanType.GLOBAL);
+    banRepository.save(ban);
+
+
+    assertEquals(1, banRepository.count());
+    assertEquals(reason, banRepository.findAll().get(0).getReason());
+
+    String newReason = "This is a better";
+    String content = String.format("{\"data\":{\"type\":\"banInfo\",\"id\":\"%s\",\"attributes\":{\"reason\":\"%s\"}}}",
+        ban.getId(),
+        newReason);
+
+    ResultActions action = this.mvc.perform(patch("/data/banInfo/" + ban.getId())
+        .content(content)
+        .header("Authorization", accessToken));
+    action
+        .andExpect(content().string(""))
+        .andExpect(status().is(204));
+    assertEquals(1, banRepository.count());
+    assertEquals(newReason, banRepository.findAll().get(0).getReason());
+  }
+
+  @Test
+  @SneakyThrows
+  public void updateBanWithoutUpdatePermission() {
+    String accessToken = createUserAndGetAccessToken("Dragonfire", "foo");
+    Role role = permissionService.createRole("TestRole",
+        permissionService.createPermission(HasBanRead.EXPRESSION));
+    permissionService.assignUserToRole(userRepository.findOneByLoginIgnoreCase(me.getLogin()), role);
+
+    String reason = "I want to ban him";
+    BanInfo ban = new BanInfo().setAuthor(me).setReason(reason).setPlayer(me).setType(BanType.GLOBAL);
+    banRepository.save(ban);
+
+    assertEquals(1, banRepository.count());
+    assertEquals(reason, banRepository.findAll().get(0).getReason());
+
+    String newReason = "This is a better";
+    String content = String.format("{\"data\":{\"type\":\"banInfo\",\"id\":\"%s\",\"attributes\":{\"reason\":\"%s\"}}}",
+        ban.getId(),
+        newReason);
+
+    ResultActions action = this.mvc.perform(patch("/data/banInfo/" + ban.getId())
+        .content(content)
+        .header("Authorization", accessToken));
+    action
+        .andExpect(content().string("{\"errors\":[\"ForbiddenAccessException\"]}"))
+        .andExpect(status().is(403));
+    assertEquals(1, banRepository.count());
+    assertEquals(reason, banRepository.findAll().get(0).getReason());
+  }
+
+  @Test
+  @SneakyThrows
+  public void updateBanWithoutReadPermission() {
+    String accessToken = createUserAndGetAccessToken("Dragonfire", "foo");
+    Role role = permissionService.createRole("TestRole",
+        permissionService.createPermission(HasBanUpdate.EXPRESSION));
+    permissionService.assignUserToRole(userRepository.findOneByLoginIgnoreCase(me.getLogin()), role);
+
+    String reason = "I want to ban him";
+    BanInfo ban = new BanInfo().setAuthor(me).setReason(reason).setPlayer(me).setType(BanType.GLOBAL);
+    banRepository.save(ban);
+
+    assertEquals(1, banRepository.count());
+    assertEquals(reason, banRepository.findAll().get(0).getReason());
+
+    String newReason = "This is a better";
+    String content = String.format("{\"data\":{\"type\":\"banInfo\",\"id\":\"%s\",\"attributes\":{\"reason\":\"%s\"}}}",
+        ban.getId(),
+        newReason);
+
+    ResultActions action = this.mvc.perform(patch("/data/banInfo/" + ban.getId())
+        .content(content)
+        .header("Authorization", accessToken));
+    action
+        .andExpect(content().string("{\"errors\":[\"ForbiddenAccessException\"]}"))
+        .andExpect(status().is(403));
+    assertEquals(1, banRepository.count());
+    assertEquals(reason, banRepository.findAll().get(0).getReason());
+  }
+
+  @Test
+  @SneakyThrows
+  public void updateBanWithoutPermission() {
+    String accessToken = createUserAndGetAccessToken("Dragonfire", "foo");
+
+    String reason = "I want to ban him";
+    BanInfo ban = new BanInfo().setAuthor(me).setReason(reason).setPlayer(me).setType(BanType.GLOBAL);
+    banRepository.save(ban);
+
+    assertEquals(1, banRepository.count());
+    assertEquals(reason, banRepository.findAll().get(0).getReason());
+
+    String newReason = "This is a better";
+    String content = String.format("{\"data\":{\"type\":\"banInfo\",\"id\":\"%s\",\"attributes\":{\"reason\":\"%s\"}}}",
+        ban.getId(),
+        newReason);
+
+    ResultActions action = this.mvc.perform(patch("/data/banInfo/" + ban.getId())
+        .content(content)
+        .header("Authorization", accessToken));
+    action
+        .andExpect(content().string("{\"errors\":[\"ForbiddenAccessException\"]}"))
+        .andExpect(status().is(403));
+    assertEquals(1, banRepository.count());
+    assertEquals(reason, banRepository.findAll().get(0).getReason());
+  }
 }