package ca.intelliware.ihtsdo.mlds.service; import org.junit.Before; import org.junit.Test; import org.junit.runner.RunWith; import org.mockito.Mock; import org.mockito.Mockito; import org.mockito.runners.MockitoJUnitRunner; import ca.intelliware.ihtsdo.mlds.domain.Affiliate; import ca.intelliware.ihtsdo.mlds.domain.CommercialUsage; import ca.intelliware.ihtsdo.mlds.domain.CommercialUsageCountry; import ca.intelliware.ihtsdo.mlds.domain.CommercialUsageEntry; import ca.intelliware.ihtsdo.mlds.repository.CommercialUsageCountryRepository; import ca.intelliware.ihtsdo.mlds.repository.CommercialUsageEntryRepository; import ca.intelliware.ihtsdo.mlds.repository.CommercialUsageRepository; import ca.intelliware.ihtsdo.mlds.security.ihtsdo.CurrentSecurityContext; import ca.intelliware.ihtsdo.mlds.security.ihtsdo.SecurityContextSetup; import ca.intelliware.ihtsdo.mlds.service.CommercialUsageAuthorizationChecker; @RunWith(MockitoJUnitRunner.class) public class CommercialUsageAuthorizationCheckerTest { @Mock private CommercialUsageRepository commercialUsageRepository; @Mock private CommercialUsageEntryRepository commercialUsageEntryRepository; @Mock private CommercialUsageCountryRepository commercialUsageCountryRepository; @Mock private CurrentSecurityContext currentSecurityContext; SecurityContextSetup securityContextSetup = new SecurityContextSetup(); private CommercialUsageAuthorizationChecker authorizationChecker; private static final long COMMERCIAL_USAGE_ID = 1L; private static final long COMMERCIAL_USAGE_ENTRY_ID = 2L; private static final long COMMERCIAL_USAGE_COUNTRY_ID = 3L; @Before public void setup() { authorizationChecker = new CommercialUsageAuthorizationChecker(); authorizationChecker.commercialUsageRepository = commercialUsageRepository; authorizationChecker.commercialUsageEntryRepository = commercialUsageEntryRepository; authorizationChecker.commercialUsageCountRepository = commercialUsageCountryRepository; authorizationChecker.setCurrentSecurityContext(new CurrentSecurityContext()); } ///////////////////////////////////////////////////////////////////////////// // Usage Reports @Test public void adminCanAccessUsageReports() { securityContextSetup.asAdmin(); authorizationChecker.checkCanAccessUsageReport(COMMERCIAL_USAGE_ID); } @Test public void staffCanAccessUsageReports() { securityContextSetup.asIHTSDOStaff(); authorizationChecker.checkCanAccessUsageReport(COMMERCIAL_USAGE_ID); } @Test public void affiliateUserCanAccessOwnUsageReports() { withCommercialUsageForAffiliate(affiliateOfCurrentUser()); securityContextSetup.asAffiliateUser(); authorizationChecker.checkCanAccessUsageReport(COMMERCIAL_USAGE_ID); } @Test(expected=IllegalStateException.class) public void affiliateUserNotCanAccessAnotherUsageReports() { withCommercialUsageForAffiliate(affiliateOfAnotherUser()); securityContextSetup.asAffiliateUser(); authorizationChecker.checkCanAccessUsageReport(COMMERCIAL_USAGE_ID); } ///////////////////////////////////////////////////////////////////////////// // Usage Entry @Test public void adminCanAccessUsageEntry() { securityContextSetup.asAdmin(); authorizationChecker.checkCanAccessCommercialUsageEntry(COMMERCIAL_USAGE_ID, COMMERCIAL_USAGE_ENTRY_ID); } @Test public void staffCanAccessUsageEntry() { securityContextSetup.asIHTSDOStaff(); authorizationChecker.checkCanAccessCommercialUsageEntry(COMMERCIAL_USAGE_ID, COMMERCIAL_USAGE_ENTRY_ID); } @Test public void affiliateUserCanAccessOwnUsageEntry() { withCommercialEntryForAffiliate(affiliateOfCurrentUser()); securityContextSetup.asAffiliateUser(); authorizationChecker.checkCanAccessCommercialUsageEntry(COMMERCIAL_USAGE_ID, COMMERCIAL_USAGE_ENTRY_ID); } @Test(expected=IllegalStateException.class) public void affiliateUserNotCanAccessAnotherUsageEntry() { withCommercialEntryForAffiliate(affiliateOfAnotherUser()); securityContextSetup.asAffiliateUser(); authorizationChecker.checkCanAccessCommercialUsageEntry(COMMERCIAL_USAGE_ID, COMMERCIAL_USAGE_ENTRY_ID); } ///////////////////////////////////////////////////////////////////////////// // Usage Count @Test public void adminCanAccessUsageCount() { securityContextSetup.asAdmin(); authorizationChecker.checkCanAccessCommercialUsageCount(COMMERCIAL_USAGE_ID, COMMERCIAL_USAGE_COUNTRY_ID); } @Test public void staffCanAccessUsageCount() { securityContextSetup.asIHTSDOStaff(); authorizationChecker.checkCanAccessCommercialUsageCount(COMMERCIAL_USAGE_ID, COMMERCIAL_USAGE_COUNTRY_ID); } @Test public void affiliateUserCanAccessOwnUsageCount() { withCommercialCountForAffiliate(affiliateOfCurrentUser()); securityContextSetup.asAffiliateUser(); authorizationChecker.checkCanAccessCommercialUsageCount(COMMERCIAL_USAGE_ID, COMMERCIAL_USAGE_COUNTRY_ID); } @Test(expected=IllegalStateException.class) public void affiliateUserNotCanAccessAnotherUsagecount() { withCommercialCountForAffiliate(affiliateOfAnotherUser()); securityContextSetup.asAffiliateUser(); authorizationChecker.checkCanAccessCommercialUsageCount(COMMERCIAL_USAGE_ID, COMMERCIAL_USAGE_COUNTRY_ID); } ////////////////////////////////////////////////////////////////////////////// private CommercialUsageCountry withCommercialCountForAffiliate(Affiliate affiliate) { CommercialUsage commercialUsage = withCommercialUsageForAffiliate(affiliate); CommercialUsageCountry commercialUsageCountry = new CommercialUsageCountry(COMMERCIAL_USAGE_COUNTRY_ID, commercialUsage); Mockito.when(commercialUsageCountryRepository.findOne(COMMERCIAL_USAGE_COUNTRY_ID)).thenReturn(commercialUsageCountry); return commercialUsageCountry; } private CommercialUsageEntry withCommercialEntryForAffiliate(Affiliate affiliate) { CommercialUsage commercialUsage = withCommercialUsageForAffiliate(affiliate); CommercialUsageEntry commercialUsageEntry = new CommercialUsageEntry(COMMERCIAL_USAGE_ENTRY_ID, commercialUsage); Mockito.when(commercialUsageEntryRepository.findOne(COMMERCIAL_USAGE_ENTRY_ID)).thenReturn(commercialUsageEntry); return commercialUsageEntry; } private CommercialUsage withCommercialUsageForAffiliate(Affiliate affiliate) { CommercialUsage commercialUsage = new CommercialUsage(COMMERCIAL_USAGE_ID, affiliate); Mockito.when(commercialUsageRepository.findOne(COMMERCIAL_USAGE_ID)).thenReturn(commercialUsage); return commercialUsage; } private Affiliate affiliateOfCurrentUser() { Affiliate affiliate = new Affiliate(); affiliate.setCreator(SecurityContextSetup.USERNAME); return affiliate; } private Affiliate affiliateOfAnotherUser() { Affiliate affiliate = new Affiliate(); affiliate.setCreator("OTHER-USER"); return affiliate; } }