From 6958f10bd981d80d5fad6331f3903577bdb65b04 Mon Sep 17 00:00:00 2001 From: ffleandro Date: Fri, 3 Jul 2020 17:40:25 -0300 Subject: [PATCH] ENG-683 Page Configuration Permissions (#914) * ENG-683 Fixed permissions for categories, groups, languages and page templates; * ENG-683 added test coverage * ENG-683 fixed more permissions and added test coverage * ENG-683 fixed tests; Co-authored-by: Filipe Leandro --- .../page/PageAuthorizationService.java | 6 ++ .../aps/system/services/page/PageService.java | 19 ++-- .../web/category/CategoryController.java | 10 +-- .../entando/web/group/GroupController.java | 2 +- .../web/language/LanguageController.java | 2 +- .../web/page/PageConfigurationController.java | 14 +-- .../entando/web/page/PageController.java | 11 ++- .../web/pagemodel/PageModelController.java | 2 +- .../entando/web/widget/WidgetController.java | 4 +- .../CategoryControllerIntegrationTest.java | 12 ++- .../web/category/CategoryControllerTest.java | 10 ++- .../page/PageControllerIntegrationTest.java | 87 +++++++++++++------ .../entando/web/page/PageControllerTest.java | 13 ++- .../WidgetControllerIntegrationTest.java | 26 ++++-- .../web/widget/WidgetControllerTest.java | 10 ++- 15 files changed, 151 insertions(+), 77 deletions(-) diff --git a/engine/src/main/java/org/entando/entando/aps/system/services/page/PageAuthorizationService.java b/engine/src/main/java/org/entando/entando/aps/system/services/page/PageAuthorizationService.java index 812e14df4..97c2ea080 100644 --- a/engine/src/main/java/org/entando/entando/aps/system/services/page/PageAuthorizationService.java +++ b/engine/src/main/java/org/entando/entando/aps/system/services/page/PageAuthorizationService.java @@ -13,6 +13,8 @@ */ package org.entando.entando.aps.system.services.page; +import static org.entando.entando.aps.system.services.page.PageService.ERRCODE_PAGE_NOT_FOUND; + import java.util.ArrayList; import java.util.List; import java.util.Optional; @@ -23,6 +25,7 @@ import com.agiletec.aps.system.services.page.IPage; import com.agiletec.aps.system.services.page.IPageManager; import com.agiletec.aps.system.services.user.UserDetails; +import org.entando.entando.aps.system.exception.ResourceNotFoundException; import org.entando.entando.aps.system.services.auth.AbstractAuthorizationService; import org.entando.entando.aps.system.services.page.model.PageDto; import org.springframework.beans.factory.annotation.Autowired; @@ -63,6 +66,9 @@ public boolean isAuth(UserDetails user, PageDto pageDto) { @Override public boolean isAuth(UserDetails user, String pageCode) { IPage page = this.getPageManager().getDraftPage(pageCode); + if (page == null) { + throw new ResourceNotFoundException(ERRCODE_PAGE_NOT_FOUND, "page", pageCode); + } return this.isAuth(user, page); } diff --git a/engine/src/main/java/org/entando/entando/aps/system/services/page/PageService.java b/engine/src/main/java/org/entando/entando/aps/system/services/page/PageService.java index 8bff27243..8325b72c5 100644 --- a/engine/src/main/java/org/entando/entando/aps/system/services/page/PageService.java +++ b/engine/src/main/java/org/entando/entando/aps/system/services/page/PageService.java @@ -91,16 +91,15 @@ public class PageService implements IPageService, GroupServiceUtilizer, private final Logger logger = LoggerFactory.getLogger(getClass()); - private static final String ERRCODE_PAGE_NOT_FOUND = "1"; - private static final String ERRCODE_PAGEMODEL_NOT_FOUND = "1"; - private static final String ERRCODE_GROUP_NOT_FOUND = "2"; - private static final String ERRCODE_PARENT_NOT_FOUND = "3"; - private static final String ERRCODE_PAGE_ONLY_DRAFT = "3"; - private static final String ERRCODE_FRAME_INVALID = "2"; - private static final String ERRCODE_WIDGET_INVALID = "4"; - private static final String ERRCODE_STATUS_INVALID = "3"; - - private static final String ERRCODE_PAGE_REFERENCES = "5"; + public static final String ERRCODE_PAGE_NOT_FOUND = "1"; + public static final String ERRCODE_PAGEMODEL_NOT_FOUND = "1"; + public static final String ERRCODE_GROUP_NOT_FOUND = "2"; + public static final String ERRCODE_PARENT_NOT_FOUND = "3"; + public static final String ERRCODE_PAGE_ONLY_DRAFT = "3"; + public static final String ERRCODE_FRAME_INVALID = "2"; + public static final String ERRCODE_WIDGET_INVALID = "4"; + public static final String ERRCODE_STATUS_INVALID = "3"; + public static final String ERRCODE_PAGE_REFERENCES = "5"; @Autowired private IPageManager pageManager; diff --git a/engine/src/main/java/org/entando/entando/web/category/CategoryController.java b/engine/src/main/java/org/entando/entando/web/category/CategoryController.java index 20c3cb1cc..e291dd235 100644 --- a/engine/src/main/java/org/entando/entando/web/category/CategoryController.java +++ b/engine/src/main/java/org/entando/entando/web/category/CategoryController.java @@ -79,7 +79,7 @@ public ResponseEntity, Map>> getC return new ResponseEntity<>(new RestResponse<>(result, metadata), HttpStatus.OK); } - @RestAccessControl(permission = Permission.ENTER_BACKEND) + @RestAccessControl(permission = Permission.MANAGE_CATEGORIES) @RequestMapping(value = "/{categoryCode}", method = RequestMethod.GET, produces = MediaType.APPLICATION_JSON_VALUE) public ResponseEntity> getCategory(@PathVariable String categoryCode) { logger.debug("getting category {}", categoryCode); @@ -87,7 +87,7 @@ public ResponseEntity> getCategory(@PathVariable return new ResponseEntity<>(new SimpleRestResponse<>(category), HttpStatus.OK); } - @RestAccessControl(permission = Permission.SUPERUSER) + @RestAccessControl(permission = Permission.MANAGE_CATEGORIES) @RequestMapping(value = "/{categoryCode}/references/{holder}", method = RequestMethod.GET, produces = MediaType.APPLICATION_JSON_VALUE) public ResponseEntity> getCategoryReferences(@PathVariable String categoryCode, @PathVariable String holder, RestListRequest requestList) { logger.debug("getting category references - {}", categoryCode); @@ -95,7 +95,7 @@ public ResponseEntity> getCategoryReferences(@PathVariable return new ResponseEntity<>(new PagedRestResponse<>(result), HttpStatus.OK); } - @RestAccessControl(permission = Permission.SUPERUSER) + @RestAccessControl(permission = Permission.MANAGE_CATEGORIES) @RequestMapping(method = RequestMethod.POST, produces = MediaType.APPLICATION_JSON_VALUE) public ResponseEntity> addCategory(@Valid @RequestBody CategoryDto categoryRequest, BindingResult bindingResult) throws ApsSystemException { //field validations @@ -109,7 +109,7 @@ public ResponseEntity> addCategory(@Valid @Reque return new ResponseEntity<>(new SimpleRestResponse<>(category), HttpStatus.OK); } - @RestAccessControl(permission = Permission.SUPERUSER) + @RestAccessControl(permission = Permission.MANAGE_CATEGORIES) @RequestMapping(value = "/{categoryCode}", method = RequestMethod.PUT, produces = MediaType.APPLICATION_JSON_VALUE) public ResponseEntity>> updateCategory(@PathVariable String categoryCode, @Valid @RequestBody CategoryDto categoryRequest, BindingResult bindingResult) { logger.debug("updating category {} with request {}", categoryCode, categoryRequest); @@ -126,7 +126,7 @@ public ResponseEntity>> updateCate return new ResponseEntity<>(new RestResponse<>(category, metadata), HttpStatus.OK); } - @RestAccessControl(permission = Permission.SUPERUSER) + @RestAccessControl(permission = Permission.MANAGE_CATEGORIES) @RequestMapping(value = "/{categoryCode}", method = RequestMethod.DELETE, produces = MediaType.APPLICATION_JSON_VALUE) public ResponseEntity>> deleteCategory(@PathVariable String categoryCode) throws ApsSystemException { logger.debug("Deleting category -> " + categoryCode); diff --git a/engine/src/main/java/org/entando/entando/web/group/GroupController.java b/engine/src/main/java/org/entando/entando/web/group/GroupController.java index 9b4057986..35510ff50 100644 --- a/engine/src/main/java/org/entando/entando/web/group/GroupController.java +++ b/engine/src/main/java/org/entando/entando/web/group/GroupController.java @@ -70,7 +70,7 @@ public void setGroupValidator(GroupValidator groupValidator) { this.groupValidator = groupValidator; } - @RestAccessControl(permission = Permission.SUPERUSER) + @RestAccessControl(permission = Permission.MANAGE_PAGES) @RequestMapping(method = RequestMethod.GET, produces = MediaType.APPLICATION_JSON_VALUE) public ResponseEntity> getGroups(RestListRequest requestList) throws JsonProcessingException { this.getGroupValidator().validateRestListRequest(requestList, GroupDto.class); diff --git a/engine/src/main/java/org/entando/entando/web/language/LanguageController.java b/engine/src/main/java/org/entando/entando/web/language/LanguageController.java index 02282852d..f67472741 100644 --- a/engine/src/main/java/org/entando/entando/web/language/LanguageController.java +++ b/engine/src/main/java/org/entando/entando/web/language/LanguageController.java @@ -65,7 +65,7 @@ public void setLanguageValidator(LanguageValidator languageValidator) { this.languageValidator = languageValidator; } - @RestAccessControl(permission = Permission.SUPERUSER) + @RestAccessControl(permission = Permission.MANAGE_PAGES) @RequestMapping(method = RequestMethod.GET, produces = MediaType.APPLICATION_JSON_VALUE) public ResponseEntity> getLanguages(RestListRequest requestList) { logger.trace("loading languages list"); diff --git a/engine/src/main/java/org/entando/entando/web/page/PageConfigurationController.java b/engine/src/main/java/org/entando/entando/web/page/PageConfigurationController.java index b4274f160..9b5677feb 100644 --- a/engine/src/main/java/org/entando/entando/web/page/PageConfigurationController.java +++ b/engine/src/main/java/org/entando/entando/web/page/PageConfigurationController.java @@ -62,7 +62,7 @@ public void setPageService(IPageService pageService) { this.pageService = pageService; } - @RestAccessControl(permission = Permission.SUPERUSER) + @RestAccessControl(permission = Permission.MANAGE_PAGES) @RequestMapping(value = "/pages/{pageCode}/configuration", method = RequestMethod.GET, produces = MediaType.APPLICATION_JSON_VALUE) public ResponseEntity> getPageConfiguration(@PathVariable String pageCode, @RequestParam(value = "status", required = false, defaultValue = IPageService.STATUS_DRAFT) String status) { logger.debug("requested {} configuration", pageCode); @@ -72,7 +72,7 @@ public ResponseEntity> getPageConfigurat return new ResponseEntity<>(new RestResponse<>(pageConfiguration, metadata), HttpStatus.OK); } - @RestAccessControl(permission = Permission.SUPERUSER) + @RestAccessControl(permission = Permission.MANAGE_PAGES) @RequestMapping(value = "/pages/{pageCode}/widgets", method = RequestMethod.GET, produces = MediaType.APPLICATION_JSON_VALUE) public ResponseEntity, Map>> getPageWidgets(@PathVariable String pageCode, @RequestParam(value = "status", required = false, defaultValue = IPageService.STATUS_DRAFT) String status) { logger.debug("requested {} widgets detail", pageCode); @@ -87,7 +87,7 @@ public ResponseEntity, Map>> getPageWi return new ResponseEntity<>(new RestResponse<>(widgetConfigDtos, metadata), HttpStatus.OK); } - @RestAccessControl(permission = Permission.SUPERUSER) + @RestAccessControl(permission = Permission.MANAGE_PAGES) @RequestMapping(value = "/pages/{pageCode}/widgets/{frameId}", method = RequestMethod.GET, produces = MediaType.APPLICATION_JSON_VALUE) public ResponseEntity> getPageWidget(@PathVariable String pageCode, @PathVariable String frameId, @@ -110,7 +110,7 @@ public ResponseEntity> getPageWidget(@ } @ActivityStreamAuditable - @RestAccessControl(permission = Permission.SUPERUSER) + @RestAccessControl(permission = Permission.MANAGE_PAGES) @RequestMapping(value = "/pages/{pageCode}/widgets/{frameId}", method = RequestMethod.PUT, produces = MediaType.APPLICATION_JSON_VALUE) public ResponseEntity> updatePageWidget( @PathVariable String pageCode, @@ -131,7 +131,7 @@ public ResponseEntity> updatePageWidge } @ActivityStreamAuditable - @RestAccessControl(permission = Permission.SUPERUSER) + @RestAccessControl(permission = Permission.MANAGE_PAGES) @RequestMapping(value = "/pages/{pageCode}/widgets/{frameId}", method = RequestMethod.DELETE, produces = MediaType.APPLICATION_JSON_VALUE) public ResponseEntity> deletePageWidget(@PathVariable String pageCode, @PathVariable String frameId) { logger.debug("removing widget configuration in page {} and frame {}", pageCode, frameId); @@ -149,7 +149,7 @@ public ResponseEntity> deletePageWidget(@PathVariable Str } @ActivityStreamAuditable - @RestAccessControl(permission = Permission.SUPERUSER) + @RestAccessControl(permission = Permission.MANAGE_PAGES) @RequestMapping(value = "/pages/{pageCode}/configuration/restore", method = RequestMethod.PUT, produces = MediaType.APPLICATION_JSON_VALUE) public ResponseEntity> updatePageConfiguration(@PathVariable String pageCode) { logger.debug("restore configuration on page {}", pageCode); @@ -159,7 +159,7 @@ public ResponseEntity> updatePageConfigu } @ActivityStreamAuditable - @RestAccessControl(permission = Permission.SUPERUSER) + @RestAccessControl(permission = Permission.MANAGE_PAGES) @RequestMapping(value = "/pages/{pageCode}/configuration/defaultWidgets", method = RequestMethod.PUT, produces = MediaType.APPLICATION_JSON_VALUE) public ResponseEntity> applyDefaultWidgetsPageConfiguration(@PathVariable String pageCode) { logger.debug("applying default widgets on page {}", pageCode); diff --git a/engine/src/main/java/org/entando/entando/web/page/PageController.java b/engine/src/main/java/org/entando/entando/web/page/PageController.java index 23e7d0e10..ba1862e54 100644 --- a/engine/src/main/java/org/entando/entando/web/page/PageController.java +++ b/engine/src/main/java/org/entando/entando/web/page/PageController.java @@ -220,7 +220,7 @@ public ResponseEntity>> updatePage(@Mo @ActivityStreamAuditable - @RestAccessControl(permission = Permission.SUPERUSER) + @RestAccessControl(permission = Permission.MANAGE_PAGES) @RequestMapping(value = "/pages/{pageCode}/status", method = RequestMethod.PUT, produces = MediaType.APPLICATION_JSON_VALUE) public ResponseEntity>> updatePageStatus( @ModelAttribute("user") UserDetails user, @PathVariable String pageCode, @@ -292,14 +292,17 @@ public ResponseEntity> deletePage(@ModelAttribute("user") @RequestMapping(value = "/pages/{pageCode}/position", method = RequestMethod.PUT, produces = MediaType.APPLICATION_JSON_VALUE) public ResponseEntity> movePage(@ModelAttribute("user") UserDetails user, @PathVariable String pageCode, @Valid @RequestBody PagePositionRequest pageRequest, BindingResult bindingResult) { logger.debug("changing position for page {} with request {}", pageCode, pageRequest); - if (!this.getAuthorizationService().isAuth(user, pageCode)) { - return new ResponseEntity<>(new SimpleRestResponse<>(new PageDto()), HttpStatus.UNAUTHORIZED); - } + //field validations if (bindingResult.hasErrors()) { throw new ValidationGenericException(bindingResult); } this.getPageValidator().validateMovePage(pageCode, bindingResult, pageRequest); + + if (!this.getAuthorizationService().isAuth(user, pageCode)) { + return new ResponseEntity<>(new SimpleRestResponse<>(new PageDto()), HttpStatus.UNAUTHORIZED); + } + PageDto page = this.getPageService().movePage(pageCode, pageRequest); return new ResponseEntity<>(new SimpleRestResponse<>(page), HttpStatus.OK); } diff --git a/engine/src/main/java/org/entando/entando/web/pagemodel/PageModelController.java b/engine/src/main/java/org/entando/entando/web/pagemodel/PageModelController.java index 179a0d0b6..2297b3b16 100644 --- a/engine/src/main/java/org/entando/entando/web/pagemodel/PageModelController.java +++ b/engine/src/main/java/org/entando/entando/web/pagemodel/PageModelController.java @@ -58,7 +58,7 @@ public PageModelController(IPageModelService pageModelService, PageModelValidato @ApiResponse(code = 200, message = "OK"), @ApiResponse(code = 400, message = "Bad Request") }) - @RestAccessControl(permission = Permission.SUPERUSER) + @RestAccessControl(permission = Permission.MANAGE_PAGES) @GetMapping public ResponseEntity> getPageModels( RestListRequest requestList, @RequestParam Map requestParams) { diff --git a/engine/src/main/java/org/entando/entando/web/widget/WidgetController.java b/engine/src/main/java/org/entando/entando/web/widget/WidgetController.java index 7968a399b..454eefb55 100644 --- a/engine/src/main/java/org/entando/entando/web/widget/WidgetController.java +++ b/engine/src/main/java/org/entando/entando/web/widget/WidgetController.java @@ -52,7 +52,7 @@ public class WidgetController { @Autowired private WidgetValidator widgetValidator; - @RestAccessControl(permission = Permission.SUPERUSER) + @RestAccessControl(permission = Permission.MANAGE_PAGES) @RequestMapping(value = "/widgets/{widgetCode}", method = RequestMethod.GET, produces = MediaType.APPLICATION_JSON_VALUE) public ResponseEntity> getWidget(@PathVariable String widgetCode) { logger.trace("getWidget by code {}", widgetCode); @@ -115,7 +115,7 @@ public ResponseEntity> updateWidget(@PathVariable return new ResponseEntity<>(new SimpleRestResponse<>(widgetDto), HttpStatus.OK); } - @RestAccessControl(permission = Permission.SUPERUSER) + @RestAccessControl(permission = Permission.MANAGE_PAGES) @RequestMapping(value = "/widgets", method = RequestMethod.POST, produces = MediaType.APPLICATION_JSON_VALUE, name = "widget") public ResponseEntity> addWidget(@Valid @RequestBody WidgetRequest widgetRequest, BindingResult bindingResult) throws ApsSystemException { logger.trace("add widget. body {}: ", widgetRequest); diff --git a/engine/src/test/java/org/entando/entando/web/category/CategoryControllerIntegrationTest.java b/engine/src/test/java/org/entando/entando/web/category/CategoryControllerIntegrationTest.java index 3698ed25d..a2866711f 100644 --- a/engine/src/test/java/org/entando/entando/web/category/CategoryControllerIntegrationTest.java +++ b/engine/src/test/java/org/entando/entando/web/category/CategoryControllerIntegrationTest.java @@ -61,7 +61,9 @@ public class CategoryControllerIntegrationTest extends AbstractControllerIntegra @Test public void testGetCategories() throws Exception { - UserDetails user = new OAuth2TestUtils.UserBuilder("jack_bauer", "0x24").grantedToRoleAdmin().build(); + UserDetails user = new OAuth2TestUtils.UserBuilder("jack_bauer", "0x24") + .withAuthorization(Group.FREE_GROUP_NAME, "manageCategories", Permission.MANAGE_CATEGORIES) + .build(); String accessToken = mockOAuthInterceptor(user); ResultActions result = mockMvc .perform(get("/categories") @@ -72,7 +74,9 @@ public void testGetCategories() throws Exception { @Test public void testGetValidCategoryTree() throws Exception { - UserDetails user = new OAuth2TestUtils.UserBuilder("jack_bauer", "0x24").grantedToRoleAdmin().build(); + UserDetails user = new OAuth2TestUtils.UserBuilder("jack_bauer", "0x24") + .withAuthorization(Group.FREE_GROUP_NAME, "manageCategories", Permission.MANAGE_CATEGORIES) + .build(); String accessToken = mockOAuthInterceptor(user); ResultActions result = mockMvc .perform(get("/categories") @@ -285,9 +289,9 @@ public void testGetPermissionsWithoutPermission() throws Exception { } @Test - public void testGetPermissionsWithEnterBackEndPermission() throws Exception { + public void testGetPermissionsManageCategoriesPermission() throws Exception { UserDetails user = new OAuth2TestUtils.UserBuilder("normal_user", "0x24") - .withAuthorization(Group.FREE_GROUP_NAME, "admin", Permission.ENTER_BACKEND).build(); + .withAuthorization(Group.FREE_GROUP_NAME, "admin", Permission.MANAGE_CATEGORIES).build(); String accessToken = mockOAuthInterceptor(user); this.executeGet("cat1", accessToken, status().isOk()); } diff --git a/engine/src/test/java/org/entando/entando/web/category/CategoryControllerTest.java b/engine/src/test/java/org/entando/entando/web/category/CategoryControllerTest.java index 834ca27e3..8f7b48e04 100644 --- a/engine/src/test/java/org/entando/entando/web/category/CategoryControllerTest.java +++ b/engine/src/test/java/org/entando/entando/web/category/CategoryControllerTest.java @@ -14,6 +14,8 @@ package org.entando.entando.web.category; import com.agiletec.aps.system.services.category.CategoryManager; +import com.agiletec.aps.system.services.group.Group; +import com.agiletec.aps.system.services.role.Permission; import com.agiletec.aps.system.services.user.UserDetails; import org.entando.entando.aps.system.services.category.CategoryService; import org.entando.entando.web.AbstractControllerTest; @@ -55,7 +57,9 @@ public void setUp() throws Exception { @Test public void testGetTreeOk() throws Exception { - UserDetails user = new OAuth2TestUtils.UserBuilder("jack_bauer", "0x24").grantedToRoleAdmin().build(); + UserDetails user = new OAuth2TestUtils.UserBuilder("jack_bauer", "0x24") + .withAuthorization(Group.FREE_GROUP_NAME, "manageCategories", Permission.MANAGE_CATEGORIES) + .build(); String accessToken = mockOAuthInterceptor(user); ResultActions result = mockMvc .perform(get("/categories") @@ -71,7 +75,9 @@ public void testGetTreeOk() throws Exception { @Test public void testGetCategory() throws Exception { - UserDetails user = new OAuth2TestUtils.UserBuilder("jack_bauer", "0x24").grantedToRoleAdmin().build(); + UserDetails user = new OAuth2TestUtils.UserBuilder("jack_bauer", "0x24") + .withAuthorization(Group.FREE_GROUP_NAME, "manageCategories", Permission.MANAGE_CATEGORIES) + .build(); String accessToken = mockOAuthInterceptor(user); ResultActions result = mockMvc .perform(get("/categories/{code}", "home") diff --git a/engine/src/test/java/org/entando/entando/web/page/PageControllerIntegrationTest.java b/engine/src/test/java/org/entando/entando/web/page/PageControllerIntegrationTest.java index 8b5231286..29a4657cc 100644 --- a/engine/src/test/java/org/entando/entando/web/page/PageControllerIntegrationTest.java +++ b/engine/src/test/java/org/entando/entando/web/page/PageControllerIntegrationTest.java @@ -92,7 +92,9 @@ public class PageControllerIntegrationTest extends AbstractControllerIntegration @Test public void testPageTree() throws Throwable { - UserDetails user = new OAuth2TestUtils.UserBuilder("jack_bauer", "0x24").grantedToRoleAdmin().build(); + UserDetails user = new OAuth2TestUtils.UserBuilder("jack_bauer", "0x24") + .grantedToRoleAdmin() + .build(); String accessToken = mockOAuthInterceptor(user); String newPageCode = "test_page"; try { @@ -149,10 +151,24 @@ public void testPageTree() throws Throwable { this.pageManager.deletePage(newPageCode); } } + + @Test + public void testPageTreeWithManagePagesPermission() throws Throwable { + UserDetails user = new OAuth2TestUtils.UserBuilder("jack_bauer", "0x24") + .withAuthorization(Group.FREE_GROUP_NAME, "managePages", Permission.MANAGE_PAGES) + .build(); + String accessToken = mockOAuthInterceptor(user); + mockMvc.perform(get("/pages") + .header("Authorization", "Bearer " + accessToken)) + .andExpect(status().isOk()) + .andExpect(jsonPath("$.payload.size()", is(4))); + } @Test public void testPageSearch() throws Exception { - UserDetails user = new OAuth2TestUtils.UserBuilder("jack_bauer", "0x24").grantedToRoleAdmin().build(); + UserDetails user = new OAuth2TestUtils.UserBuilder("jack_bauer", "0x24") + .withAuthorization(Group.FREE_GROUP_NAME, "managePages", Permission.MANAGE_PAGES) + .build(); String accessToken = mockOAuthInterceptor(user); ResultActions result = mockMvc .perform(get("/pages/search") @@ -166,7 +182,9 @@ public void testPageSearch() throws Exception { @Test public void testGetPage_1() throws Exception { - UserDetails user = new OAuth2TestUtils.UserBuilder("jack_bauer", "0x24").grantedToRoleAdmin().build(); + UserDetails user = new OAuth2TestUtils.UserBuilder("jack_bauer", "0x24") + .withAuthorization(Group.FREE_GROUP_NAME, "managePages", Permission.MANAGE_PAGES) + .build(); String accessToken = mockOAuthInterceptor(user); ResultActions result = mockMvc .perform(get("/pages/{code}", "pagina_11") @@ -178,7 +196,9 @@ public void testGetPage_1() throws Exception { @Test public void testGetPage_2() throws Throwable { - UserDetails user = new OAuth2TestUtils.UserBuilder("jack_bauer", "0x24").grantedToRoleAdmin().build(); + UserDetails user = new OAuth2TestUtils.UserBuilder("jack_bauer", "0x24") + .withAuthorization(Group.FREE_GROUP_NAME, "managePages", Permission.MANAGE_PAGES) + .build(); String accessToken = mockOAuthInterceptor(user); String newPageCode = "test_page"; try { @@ -250,7 +270,9 @@ public void testGetPageUsage() throws Exception { @Test public void testPatchPage() throws Exception { - UserDetails user = new OAuth2TestUtils.UserBuilder("jack_bauer", "0x24").grantedToRoleAdmin().build(); + UserDetails user = new OAuth2TestUtils.UserBuilder("jack_bauer", "0x24") + .grantedToRoleAdmin() + .build(); String accessToken = mockOAuthInterceptor(user); String newPageCode = "test_page"; try { @@ -309,7 +331,9 @@ public void testPatchPage() throws Exception { @Test public void testPageSearchFreeOnlinePages() throws Exception { - UserDetails user = new OAuth2TestUtils.UserBuilder("jack_bauer", "0x24").grantedToRoleAdmin().build(); + UserDetails user = new OAuth2TestUtils.UserBuilder("jack_bauer", "0x24") + .withAuthorization(Group.FREE_GROUP_NAME, "managePages", Permission.MANAGE_PAGES) + .build(); String accessToken = mockOAuthInterceptor(user); ResultActions result = mockMvc .perform(get("/pages/search/group/free") @@ -321,8 +345,9 @@ public void testPageSearchFreeOnlinePages() throws Exception { @Test public void testMove() throws Throwable { - - UserDetails user = new OAuth2TestUtils.UserBuilder("jack_bauer", "0x24").grantedToRoleAdmin().build(); + UserDetails user = new OAuth2TestUtils.UserBuilder("jack_bauer", "0x24") + .withAuthorization(Group.FREE_GROUP_NAME, "managePages", Permission.MANAGE_PAGES) + .build(); String accessToken = mockOAuthInterceptor(user); try { PagePositionRequest request; @@ -500,7 +525,9 @@ public void testMove() throws Throwable { @Test public void testAddPublishUnpublishDelete() throws Exception { - UserDetails user = new OAuth2TestUtils.UserBuilder("jack_bauer", "0x24").grantedToRoleAdmin().build(); + UserDetails user = new OAuth2TestUtils.UserBuilder("jack_bauer", "0x24") + .withAuthorization(Group.FREE_GROUP_NAME, "managePages", Permission.MANAGE_PAGES) + .build(); String accessToken = mockOAuthInterceptor(user); String code = "testAddDelete"; try { @@ -617,7 +644,9 @@ public void testAddPublishUnpublishDelete() throws Exception { @Test public void testMovePage() throws Exception { - UserDetails user = new OAuth2TestUtils.UserBuilder("jack_bauer", "0x24").grantedToRoleAdmin().build(); + UserDetails user = new OAuth2TestUtils.UserBuilder("jack_bauer", "0x24") + .grantedToRoleAdmin() + .build(); String accessToken = mockOAuthInterceptor(user); String codeParent = "testToMoveParent"; String codeChild = "testToMoveChild"; @@ -696,7 +725,9 @@ public void testMovePage() throws Exception { @Test public void testPageStatus() throws Exception { - UserDetails user = new OAuth2TestUtils.UserBuilder("jack_bauer", "0x24").grantedToRoleAdmin().build(); + UserDetails user = new OAuth2TestUtils.UserBuilder("jack_bauer", "0x24") + .grantedToRoleAdmin() + .build(); String accessToken = mockOAuthInterceptor(user); String codeParent = "testStatusParent"; String codeChild = "testStatusChild"; @@ -784,7 +815,9 @@ public void testPageStatus() throws Exception { @Test public void testUpdatePageModel() throws Exception { - UserDetails user = new OAuth2TestUtils.UserBuilder("jack_bauer", "0x24").grantedToRoleAdmin().build(); + UserDetails user = new OAuth2TestUtils.UserBuilder("jack_bauer", "0x24") + .withAuthorization(Group.FREE_GROUP_NAME, "managePages", Permission.MANAGE_PAGES) + .build(); String accessToken = mockOAuthInterceptor(user); String pageCode = "testUpdateModelPage"; try { @@ -820,7 +853,9 @@ public void testUpdatePageModel() throws Exception { @Test public void testRecreatePage() throws Exception { - UserDetails user = new OAuth2TestUtils.UserBuilder("jack_bauer", "0x24").grantedToRoleAdmin().build(); + UserDetails user = new OAuth2TestUtils.UserBuilder("jack_bauer", "0x24") + .grantedToRoleAdmin() + .build(); String accessToken = mockOAuthInterceptor(user); String pageCode = "testUpdateModelPage"; try { @@ -926,7 +961,9 @@ public void testRecreatePage() throws Exception { @Test public void testListViewPages() throws Throwable { - UserDetails user = new OAuth2TestUtils.UserBuilder("jack_bauer", "0x24").grantedToRoleAdmin().build(); + UserDetails user = new OAuth2TestUtils.UserBuilder("jack_bauer", "0x24") + .withAuthorization(Group.FREE_GROUP_NAME, "managePages", Permission.MANAGE_PAGES) + .build(); String accessToken = mockOAuthInterceptor(user); String newPageCode1 = "view_page_1"; @@ -960,7 +997,9 @@ public void testListViewPages() throws Throwable { @Test public void testPutOnPageWithChildren() throws Exception { - UserDetails user = new OAuth2TestUtils.UserBuilder("jack_bauer", "0x24").grantedToRoleAdmin().build(); + UserDetails user = new OAuth2TestUtils.UserBuilder("jack_bauer", "0x24") + .withAuthorization(Group.FREE_GROUP_NAME, "managePages", Permission.MANAGE_PAGES) + .build(); String accessToken = mockOAuthInterceptor(user); String parentPageCode = "pageWithChildren"; String childrenPageCode = "childrenPage"; @@ -1035,7 +1074,9 @@ public void testPageAddUpdateDelete() throws Exception { widgetRequest.setCode(widgetCode); widgetRequest.setConfig(new HashMap<>()); - UserDetails user = new OAuth2TestUtils.UserBuilder("jack_bauer", "0x24").grantedToRoleAdmin().build(); + UserDetails user = new OAuth2TestUtils.UserBuilder("jack_bauer", "0x24") + .withAuthorization(Group.FREE_GROUP_NAME, "managePages", Permission.MANAGE_PAGES) + .build(); String accessToken = mockOAuthInterceptor(user); try { @@ -1071,17 +1112,7 @@ public void testPageAddUpdateDelete() throws Exception { } @Test - public void testGetPageWithAdminPermission() throws Exception { - UserDetails user = new OAuth2TestUtils.UserBuilder("jack_bauer", "0x24").grantedToRoleAdmin().build(); - String accessToken = mockOAuthInterceptor(user); - ResultActions result = mockMvc - .perform(get("/pages/{code}", "pagina_11") - .header("Authorization", "Bearer " + accessToken)); - result.andExpect(status().isOk()); - } - - @Test - public void testGetPageWithoutAdminPermission() throws Exception { + public void testGetPageWithoutPermission() throws Exception { UserDetails user = new OAuth2TestUtils.UserBuilder("normal_user", "0x24").build(); String accessToken = mockOAuthInterceptor(user); ResultActions result = mockMvc @@ -1091,7 +1122,7 @@ public void testGetPageWithoutAdminPermission() throws Exception { } @Test - public void testGetPageWithManagePagesPermission() throws Exception { + public void testGetPageTreeWithManagePagesPermission() throws Exception { UserDetails user = new OAuth2TestUtils.UserBuilder("normal_user", "0x24") .withAuthorization(Group.FREE_GROUP_NAME, "admin", Permission.MANAGE_PAGES).build(); String accessToken = mockOAuthInterceptor(user); diff --git a/engine/src/test/java/org/entando/entando/web/page/PageControllerTest.java b/engine/src/test/java/org/entando/entando/web/page/PageControllerTest.java index 354a4b271..3afe83bd9 100644 --- a/engine/src/test/java/org/entando/entando/web/page/PageControllerTest.java +++ b/engine/src/test/java/org/entando/entando/web/page/PageControllerTest.java @@ -13,6 +13,7 @@ */ package org.entando.entando.web.page; +import com.agiletec.aps.system.services.role.Permission; import java.io.IOException; import java.util.List; @@ -93,7 +94,9 @@ public void setUp() throws Exception { @Test public void shouldLoadAPageTree() throws Exception { - UserDetails user = new OAuth2TestUtils.UserBuilder("jack_bauer", "0x24").grantedToRoleAdmin().build(); + UserDetails user = new OAuth2TestUtils.UserBuilder("jack_bauer", "0x24") + .withAuthorization(Group.FREE_GROUP_NAME, "managePages", Permission.MANAGE_PAGES) + .build(); String accessToken = mockOAuthInterceptor(user); String mockJsonResult = "[\n" @@ -440,7 +443,9 @@ public void shouldValidateMovePageGroupMismatch() throws ApsSystemException, Exc @Test public void shouldValidateMoveFreePageUnderReservedPage() throws Exception { - UserDetails user = new OAuth2TestUtils.UserBuilder("jack_bauer", "0x24").grantedToRoleAdmin().build(); + UserDetails user = new OAuth2TestUtils.UserBuilder("jack_bauer", "0x24") + .withAuthorization(Group.FREE_GROUP_NAME, "managePages", Permission.MANAGE_PAGES) + .build(); String accessToken = mockOAuthInterceptor(user); PagePositionRequest request = new PagePositionRequest(); @@ -475,7 +480,9 @@ public void shouldValidateMoveFreePageUnderReservedPage() throws Exception { @Test public void shouldValidateMovePageStatusMismatch() throws ApsSystemException, Exception { - UserDetails user = new OAuth2TestUtils.UserBuilder("jack_bauer", "0x24").grantedToRoleAdmin().build(); + UserDetails user = new OAuth2TestUtils.UserBuilder("jack_bauer", "0x24") + .withAuthorization(Group.FREE_GROUP_NAME, "managePages", Permission.MANAGE_PAGES) + .build(); String accessToken = mockOAuthInterceptor(user); PagePositionRequest request = new PagePositionRequest(); diff --git a/engine/src/test/java/org/entando/entando/web/widget/WidgetControllerIntegrationTest.java b/engine/src/test/java/org/entando/entando/web/widget/WidgetControllerIntegrationTest.java index 5af6b3abb..28dd30376 100644 --- a/engine/src/test/java/org/entando/entando/web/widget/WidgetControllerIntegrationTest.java +++ b/engine/src/test/java/org/entando/entando/web/widget/WidgetControllerIntegrationTest.java @@ -58,8 +58,10 @@ public class WidgetControllerIntegrationTest extends AbstractControllerIntegrati private ObjectMapper mapper = new ObjectMapper(); @Test - public void testGetCategories() throws Exception { - UserDetails user = new OAuth2TestUtils.UserBuilder("jack_bauer", "0x24").grantedToRoleAdmin().build(); + public void testGetWidgets() throws Exception { + UserDetails user = new OAuth2TestUtils.UserBuilder("jack_bauer", "0x24") + .withAuthorization(Group.FREE_GROUP_NAME, "managePages", Permission.MANAGE_PAGES) + .build(); String accessToken = mockOAuthInterceptor(user); ResultActions result = mockMvc .perform(get("/widgets") @@ -70,7 +72,9 @@ public void testGetCategories() throws Exception { @Test public void testGetWidget_1() throws Exception { - UserDetails user = new OAuth2TestUtils.UserBuilder("jack_bauer", "0x24").grantedToRoleAdmin().build(); + UserDetails user = new OAuth2TestUtils.UserBuilder("jack_bauer", "0x24") + .withAuthorization(Group.FREE_GROUP_NAME, "managePages", Permission.MANAGE_PAGES) + .build(); String accessToken = mockOAuthInterceptor(user); // @formatter:off ResultActions result = this.executeWidgetGet("1", accessToken, status().isNotFound()); @@ -80,7 +84,9 @@ public void testGetWidget_1() throws Exception { @Test public void testGetWidget_2() throws Exception { - UserDetails user = new OAuth2TestUtils.UserBuilder("jack_bauer", "0x24").grantedToRoleAdmin().build(); + UserDetails user = new OAuth2TestUtils.UserBuilder("jack_bauer", "0x24") + .withAuthorization(Group.FREE_GROUP_NAME, "managePages", Permission.MANAGE_PAGES) + .build(); String accessToken = mockOAuthInterceptor(user); // @formatter:off ResultActions result = this.executeWidgetGet("login_form", accessToken, status().isOk()); @@ -119,7 +125,9 @@ public void testGetWidgetInfo() throws Exception { @Test public void testGetWidgetList_1() throws Exception { - UserDetails user = new OAuth2TestUtils.UserBuilder("jack_bauer", "0x24").grantedToRoleAdmin().build(); + UserDetails user = new OAuth2TestUtils.UserBuilder("jack_bauer", "0x24") + .withAuthorization(Group.FREE_GROUP_NAME, "managePages", Permission.MANAGE_PAGES) + .build(); String accessToken = mockOAuthInterceptor(user); // @formatter:off ResultActions result = mockMvc.perform( @@ -135,7 +143,9 @@ public void testGetWidgetList_1() throws Exception { @Test public void testGetWidgetList_2() throws Exception { - UserDetails user = new OAuth2TestUtils.UserBuilder("jack_bauer", "0x24").grantedToRoleAdmin().build(); + UserDetails user = new OAuth2TestUtils.UserBuilder("jack_bauer", "0x24") + .withAuthorization(Group.FREE_GROUP_NAME, "managePages", Permission.MANAGE_PAGES) + .build(); String accessToken = mockOAuthInterceptor(user); // @formatter:off ResultActions result = mockMvc.perform( @@ -153,7 +163,9 @@ public void testGetWidgetList_2() throws Exception { @Test public void testGetWidgetList_3() throws Exception { - UserDetails user = new OAuth2TestUtils.UserBuilder("jack_bauer", "0x24").grantedToRoleAdmin().build(); + UserDetails user = new OAuth2TestUtils.UserBuilder("jack_bauer", "0x24") + .withAuthorization(Group.FREE_GROUP_NAME, "managePages", Permission.MANAGE_PAGES) + .build(); String accessToken = mockOAuthInterceptor(user); // @formatter:off ResultActions result = mockMvc.perform( diff --git a/engine/src/test/java/org/entando/entando/web/widget/WidgetControllerTest.java b/engine/src/test/java/org/entando/entando/web/widget/WidgetControllerTest.java index f0135fce9..76fc97e72 100644 --- a/engine/src/test/java/org/entando/entando/web/widget/WidgetControllerTest.java +++ b/engine/src/test/java/org/entando/entando/web/widget/WidgetControllerTest.java @@ -13,6 +13,7 @@ */ package org.entando.entando.web.widget; +import com.agiletec.aps.system.services.role.Permission; import java.util.HashMap; import java.util.Map; @@ -66,7 +67,10 @@ public void setUp() throws Exception { @Test public void testGetWidget() throws Exception { - UserDetails user = new OAuth2TestUtils.UserBuilder("jack_bauer", "0x24").grantedToRoleAdmin().build(); + UserDetails user = new OAuth2TestUtils.UserBuilder("jack_bauer", "0x24") + .withAuthorization(Group.FREE_GROUP_NAME, "managePages", Permission.MANAGE_PAGES) + .build(); + String accessToken = mockOAuthInterceptor(user); // @formatter:off ResultActions result = mockMvc.perform( @@ -92,7 +96,9 @@ public void testGetWidgetInfo() throws Exception { @Test public void testGetWidgetList() throws Exception { - UserDetails user = new OAuth2TestUtils.UserBuilder("jack_bauer", "0x24").grantedToRoleAdmin().build(); + UserDetails user = new OAuth2TestUtils.UserBuilder("jack_bauer", "0x24") + .withAuthorization(Group.FREE_GROUP_NAME, "managePages", Permission.MANAGE_PAGES) + .build(); String accessToken = mockOAuthInterceptor(user); PagedMetadata pagedDto = new PagedMetadata<>(); when(widgetService.getWidgets(any())).thenReturn(pagedDto);