syncope-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ilgro...@apache.org
Subject svn commit: r1308872 - in /incubator/syncope/trunk: client/src/main/java/org/syncope/client/util/ console/ console/src/test/java/org/syncope/console/ core/src/main/java/org/syncope/core/persistence/dao/ core/src/main/java/org/syncope/core/persistence/d...
Date Tue, 03 Apr 2012 12:47:28 GMT
Author: ilgrosso
Date: Tue Apr  3 12:47:28 2012
New Revision: 1308872

URL: http://svn.apache.org/viewvc?rev=1308872&view=rev
Log:
[SYNCOPE-48] Implemented correct role entitlement inheritance: needed to fix some minor related
things as well

Modified:
    incubator/syncope/trunk/client/src/main/java/org/syncope/client/util/ConnConfPropUtils.java
    incubator/syncope/trunk/console/pom.xml
    incubator/syncope/trunk/console/src/test/java/org/syncope/console/EditProfileTestITCase.java
    incubator/syncope/trunk/console/src/test/java/org/syncope/console/ResourceTestITCase.java
    incubator/syncope/trunk/core/src/main/java/org/syncope/core/persistence/dao/RoleDAO.java
    incubator/syncope/trunk/core/src/main/java/org/syncope/core/persistence/dao/impl/RoleDAOImpl.java
    incubator/syncope/trunk/core/src/main/java/org/syncope/core/security/SyncopeUserDetailsService.java
    incubator/syncope/trunk/core/src/test/java/org/syncope/core/rest/AuthenticationTestITCase.java
    incubator/syncope/trunk/core/src/test/java/org/syncope/core/rest/UserRequestTestITCase.java

Modified: incubator/syncope/trunk/client/src/main/java/org/syncope/client/util/ConnConfPropUtils.java
URL: http://svn.apache.org/viewvc/incubator/syncope/trunk/client/src/main/java/org/syncope/client/util/ConnConfPropUtils.java?rev=1308872&r1=1308871&r2=1308872&view=diff
==============================================================================
--- incubator/syncope/trunk/client/src/main/java/org/syncope/client/util/ConnConfPropUtils.java
(original)
+++ incubator/syncope/trunk/client/src/main/java/org/syncope/client/util/ConnConfPropUtils.java
Tue Apr  3 12:47:28 2012
@@ -38,8 +38,11 @@ public final class ConnConfPropUtils {
     public static Set<ConnConfProperty> joinConnInstanceProperties(
             final Map<String, ConnConfProperty> connectorProp, final Map<String,
ConnConfProperty> resourceProp) {
 
-        connectorProp.putAll(resourceProp);
-        return new HashSet<ConnConfProperty>(connectorProp.values());
+        Set<ConnConfProperty> result = new HashSet<ConnConfProperty>();
+        result.addAll(connectorProp.values());
+        result.addAll(resourceProp.values());
+
+        return result;
     }
 
     public static Map<String, ConnConfProperty> getConnConfPropertyMap(final Set<ConnConfProperty>
properties) {

Modified: incubator/syncope/trunk/console/pom.xml
URL: http://svn.apache.org/viewvc/incubator/syncope/trunk/console/pom.xml?rev=1308872&r1=1308871&r2=1308872&view=diff
==============================================================================
--- incubator/syncope/trunk/console/pom.xml (original)
+++ incubator/syncope/trunk/console/pom.xml Tue Apr  3 12:47:28 2012
@@ -190,7 +190,7 @@ under the License.
     <plugins>
 
       <plugin>
-        <groupId>org.codehaus.groovy.maven</groupId>
+        <groupId>org.codehaus.gmaven</groupId>
         <artifactId>gmaven-plugin</artifactId>
         <inherited>true</inherited>
         <executions>

Modified: incubator/syncope/trunk/console/src/test/java/org/syncope/console/EditProfileTestITCase.java
URL: http://svn.apache.org/viewvc/incubator/syncope/trunk/console/src/test/java/org/syncope/console/EditProfileTestITCase.java?rev=1308872&r1=1308871&r2=1308872&view=diff
==============================================================================
--- incubator/syncope/trunk/console/src/test/java/org/syncope/console/EditProfileTestITCase.java
(original)
+++ incubator/syncope/trunk/console/src/test/java/org/syncope/console/EditProfileTestITCase.java
Tue Apr  3 12:47:28 2012
@@ -38,8 +38,7 @@ public class EditProfileTestITCase exten
 
         selenium.click("//div/span/span/a");
 
-        selenium
-                .waitForCondition("selenium.isElementPresent(" + "\"//span[contains(text(),'Attributes')]\");",
"30000");
+        selenium.waitForCondition("selenium.isElementPresent(\"//span[contains(text(),'Attributes')]\");",
"30000");
 
         selenium.click("css=a.w_close");
 
@@ -61,14 +60,13 @@ public class EditProfileTestITCase exten
         selenium.click("name=:submit");
         selenium.waitForPageToLoad("30000");
 
-        selenium.click("css=img[alt=\"Users\"]");
+        selenium.click("css=img[alt=\"Schema\"]");
         selenium.waitForPageToLoad("30000");
 
         selenium.click("id=username");
         selenium.click("//span[@id='editProfile']/a");
 
-        selenium
-                .waitForCondition("selenium.isElementPresent(" + "\"//span[contains(text(),'Attributes')]\");",
"30000");
+        selenium.waitForCondition("selenium.isElementPresent(\"//span[contains(text(),'Attributes')]\");",
"30000");
 
         assertTrue(selenium.isElementPresent("//input[@value='user1']"));
 

Modified: incubator/syncope/trunk/console/src/test/java/org/syncope/console/ResourceTestITCase.java
URL: http://svn.apache.org/viewvc/incubator/syncope/trunk/console/src/test/java/org/syncope/console/ResourceTestITCase.java?rev=1308872&r1=1308871&r2=1308872&view=diff
==============================================================================
--- incubator/syncope/trunk/console/src/test/java/org/syncope/console/ResourceTestITCase.java
(original)
+++ incubator/syncope/trunk/console/src/test/java/org/syncope/console/ResourceTestITCase.java
Tue Apr  3 12:47:28 2012
@@ -97,8 +97,7 @@ public class ResourceTestITCase extends 
 
         selenium.waitForCondition("selenium.isElementPresent(\"//div[@id='tabs']\");", "30000");
 
-        selenium
-                .click("//*[@id=\"users-contain\"]//" + "*[span=\"ws-target-resource-delete\"]/../td[4]/span/span[7]/a");
+        selenium.click("//*[@id=\"users-contain\"]//*[span=\"ws-target-resource-delete\"]/../td[4]/span/span[7]/a");
 
         selenium.waitForCondition("selenium.isElementPresent("
                 + "\"//form/div[2]/div/span/div/div/div/label[text()='Name']\");", "30000");

Modified: incubator/syncope/trunk/core/src/main/java/org/syncope/core/persistence/dao/RoleDAO.java
URL: http://svn.apache.org/viewvc/incubator/syncope/trunk/core/src/main/java/org/syncope/core/persistence/dao/RoleDAO.java?rev=1308872&r1=1308871&r2=1308872&view=diff
==============================================================================
--- incubator/syncope/trunk/core/src/main/java/org/syncope/core/persistence/dao/RoleDAO.java
(original)
+++ incubator/syncope/trunk/core/src/main/java/org/syncope/core/persistence/dao/RoleDAO.java
Tue Apr  3 12:47:28 2012
@@ -19,6 +19,7 @@
 package org.syncope.core.persistence.dao;
 
 import java.util.List;
+import java.util.Set;
 import org.syncope.core.persistence.beans.Entitlement;
 import org.syncope.core.persistence.beans.ExternalResource;
 import org.syncope.core.persistence.beans.membership.Membership;
@@ -39,6 +40,8 @@ public interface RoleDAO extends DAO {
 
     List<SyncopeRole> findChildren(Long roleId);
 
+    Set<SyncopeRole> findAncestors(SyncopeRole role);
+
     List<SyncopeRole> findAll();
 
     List<Membership> findMemberships(SyncopeRole role);

Modified: incubator/syncope/trunk/core/src/main/java/org/syncope/core/persistence/dao/impl/RoleDAOImpl.java
URL: http://svn.apache.org/viewvc/incubator/syncope/trunk/core/src/main/java/org/syncope/core/persistence/dao/impl/RoleDAOImpl.java?rev=1308872&r1=1308871&r2=1308872&view=diff
==============================================================================
--- incubator/syncope/trunk/core/src/main/java/org/syncope/core/persistence/dao/impl/RoleDAOImpl.java
(original)
+++ incubator/syncope/trunk/core/src/main/java/org/syncope/core/persistence/dao/impl/RoleDAOImpl.java
Tue Apr  3 12:47:28 2012
@@ -18,7 +18,9 @@
  */
 package org.syncope.core.persistence.dao.impl;
 
+import java.util.HashSet;
 import java.util.List;
+import java.util.Set;
 import javax.persistence.NoResultException;
 import javax.persistence.Query;
 import javax.persistence.TypedQuery;
@@ -105,6 +107,20 @@ public class RoleDAOImpl extends Abstrac
         return query.getResultList();
     }
 
+    private void findAncestors(final Set<SyncopeRole> result, final SyncopeRole role)
{
+        if (role.getParent() != null && !result.contains(role.getParent())) {
+            result.add(role.getParent());
+            findAncestors(result, role.getParent());
+        }
+    }
+
+    @Override
+    public Set<SyncopeRole> findAncestors(final SyncopeRole role) {
+        Set<SyncopeRole> result = new HashSet<SyncopeRole>();
+        findAncestors(result, role);
+        return result;
+    }
+
     @Override
     public List<SyncopeRole> findAll() {
         Query query = entityManager.createQuery("SELECT e FROM SyncopeRole e");

Modified: incubator/syncope/trunk/core/src/main/java/org/syncope/core/security/SyncopeUserDetailsService.java
URL: http://svn.apache.org/viewvc/incubator/syncope/trunk/core/src/main/java/org/syncope/core/security/SyncopeUserDetailsService.java?rev=1308872&r1=1308871&r2=1308872&view=diff
==============================================================================
--- incubator/syncope/trunk/core/src/main/java/org/syncope/core/security/SyncopeUserDetailsService.java
(original)
+++ incubator/syncope/trunk/core/src/main/java/org/syncope/core/security/SyncopeUserDetailsService.java
Tue Apr  3 12:47:28 2012
@@ -72,11 +72,10 @@ public class SyncopeUserDetailsService i
                 throw new UsernameNotFoundException("Could not find any user with id " +
username);
             }
 
-            // Give entitlements based on roles owned by user,
-            // considering role inheritance as well
+            // Give entitlements based on roles owned by user, and their ancestors
             Set<SyncopeRole> roles = new HashSet<SyncopeRole>(user.getRoles());
-            for (Long roleId : user.getRoleIds()) {
-                roles.addAll(roleDAO.findChildren(roleId));
+            for (SyncopeRole role : user.getRoles()) {
+                roles.addAll(roleDAO.findAncestors(role));
             }
             for (SyncopeRole role : roles) {
                 for (Entitlement entitlement : role.getEntitlements()) {

Modified: incubator/syncope/trunk/core/src/test/java/org/syncope/core/rest/AuthenticationTestITCase.java
URL: http://svn.apache.org/viewvc/incubator/syncope/trunk/core/src/test/java/org/syncope/core/rest/AuthenticationTestITCase.java?rev=1308872&r1=1308871&r2=1308872&view=diff
==============================================================================
--- incubator/syncope/trunk/core/src/test/java/org/syncope/core/rest/AuthenticationTestITCase.java
(original)
+++ incubator/syncope/trunk/core/src/test/java/org/syncope/core/rest/AuthenticationTestITCase.java
Tue Apr  3 12:47:28 2012
@@ -99,8 +99,8 @@ public class AuthenticationTestITCase ex
         assertNotNull(schemaTO);
 
         // 4. read the schema created above (as user) - success
-        PreemptiveAuthHttpRequestFactory requestFactory = ((PreemptiveAuthHttpRequestFactory)
restTemplate
-                .getRequestFactory());
+        PreemptiveAuthHttpRequestFactory requestFactory = ((PreemptiveAuthHttpRequestFactory)
restTemplate.
+                getRequestFactory());
         ((DefaultHttpClient) requestFactory.getHttpClient()).getCredentialsProvider().setCredentials(
                 requestFactory.getAuthScope(), new UsernamePasswordCredentials(userTO.getUsername(),
"password123"));
 
@@ -142,8 +142,8 @@ public class AuthenticationTestITCase ex
         userTO = restTemplate.postForObject(BASE_URL + "user/create", userTO, UserTO.class);
         assertNotNull(userTO);
 
-        PreemptiveAuthHttpRequestFactory requestFactory = ((PreemptiveAuthHttpRequestFactory)
restTemplate
-                .getRequestFactory());
+        PreemptiveAuthHttpRequestFactory requestFactory = ((PreemptiveAuthHttpRequestFactory)
restTemplate.
+                getRequestFactory());
         ((DefaultHttpClient) requestFactory.getHttpClient()).getCredentialsProvider().setCredentials(
                 requestFactory.getAuthScope(), new UsernamePasswordCredentials(userTO.getUsername(),
"password123"));
 
@@ -181,8 +181,8 @@ public class AuthenticationTestITCase ex
         userTO = restTemplate.postForObject(BASE_URL + "user/create", userTO, UserTO.class);
         assertNotNull(userTO);
 
-        PreemptiveAuthHttpRequestFactory requestFactory = ((PreemptiveAuthHttpRequestFactory)
restTemplate
-                .getRequestFactory());
+        PreemptiveAuthHttpRequestFactory requestFactory = ((PreemptiveAuthHttpRequestFactory)
restTemplate.
+                getRequestFactory());
         ((DefaultHttpClient) requestFactory.getHttpClient()).getCredentialsProvider().setCredentials(
                 requestFactory.getAuthScope(), new UsernamePasswordCredentials(userTO.getUsername(),
"password123"));
 
@@ -231,13 +231,13 @@ public class AuthenticationTestITCase ex
         userTO = restTemplate.postForObject(BASE_URL + "user/create", userTO, UserTO.class);
         assertNotNull(userTO);
 
-        PreemptiveAuthHttpRequestFactory requestFactory = ((PreemptiveAuthHttpRequestFactory)
restTemplate
-                .getRequestFactory());
+        PreemptiveAuthHttpRequestFactory requestFactory = ((PreemptiveAuthHttpRequestFactory)
restTemplate.
+                getRequestFactory());
         ((DefaultHttpClient) requestFactory.getHttpClient()).getCredentialsProvider().setCredentials(
                 requestFactory.getAuthScope(), new UsernamePasswordCredentials(userTO.getUsername(),
"password123"));
 
-        UserTO readUserTO = restTemplate.getForObject(BASE_URL + "user/read/{userId}.json",
UserTO.class, userTO
-                .getId());
+        UserTO readUserTO =
+                restTemplate.getForObject(BASE_URL + "user/read/{userId}.json", UserTO.class,
userTO.getId());
 
         assertNotNull(readUserTO);
         assertNotNull(readUserTO.getFailedLogins());
@@ -299,8 +299,8 @@ public class AuthenticationTestITCase ex
         userTO = restTemplate.postForObject(BASE_URL + "user/create", userTO, UserTO.class);
         assertNotNull(userTO);
 
-        PreemptiveAuthHttpRequestFactory requestFactory = ((PreemptiveAuthHttpRequestFactory)
restTemplate
-                .getRequestFactory());
+        PreemptiveAuthHttpRequestFactory requestFactory = ((PreemptiveAuthHttpRequestFactory)
restTemplate.
+                getRequestFactory());
         ((DefaultHttpClient) requestFactory.getHttpClient()).getCredentialsProvider().setCredentials(
                 requestFactory.getAuthScope(), new UsernamePasswordCredentials(userTO.getUsername(),
"password123"));
 
@@ -407,4 +407,52 @@ public class AuthenticationTestITCase ex
         assertNotNull(userTO);
         assertEquals(Integer.valueOf(0), userTO.getFailedLogins());
     }
+
+    @Test
+    public void issueSYNCOPE48() {
+        // Parent role, able to create users with role 1
+        RoleTO parentRole = new RoleTO();
+        parentRole.setName("parentAdminRole");
+        parentRole.addEntitlement("USER_CREATE");
+        parentRole.addEntitlement("ROLE_1");
+        parentRole.setParent(1L);
+
+        parentRole = restTemplate.postForObject(BASE_URL + "role/create", parentRole, RoleTO.class);
+        assertNotNull(parentRole);
+
+        // Child role, with no entitlements
+        RoleTO childRole = new RoleTO();
+        childRole.setName("childAdminRole");
+        childRole.setParent(parentRole.getId());
+
+        childRole = restTemplate.postForObject(BASE_URL + "role/create", childRole, RoleTO.class);
+        assertNotNull(childRole);
+
+        // User with child role, created by admin
+        UserTO role1Admin = UserTestITCase.getSampleTO("syncope48admin@apache.org");
+        role1Admin.setPassword("password");
+        MembershipTO membershipTO = new MembershipTO();
+        membershipTO.setRoleId(childRole.getId());
+        role1Admin.addMembership(membershipTO);
+
+        role1Admin = restTemplate.postForObject(BASE_URL + "user/create", role1Admin, UserTO.class);
+        assertNotNull(role1Admin);
+
+        PreemptiveAuthHttpRequestFactory requestFactory = ((PreemptiveAuthHttpRequestFactory)
restTemplate.
+                getRequestFactory());
+        ((DefaultHttpClient) requestFactory.getHttpClient()).getCredentialsProvider().setCredentials(
+                requestFactory.getAuthScope(), new UsernamePasswordCredentials(role1Admin.getUsername(),
"password"));
+
+        // User with role 1, created by user with child role created above
+        UserTO role1User = UserTestITCase.getSampleTO("syncope48user@apache.org");
+        membershipTO = new MembershipTO();
+        membershipTO.setRoleId(1L);
+        role1User.addMembership(membershipTO);
+
+        role1User = restTemplate.postForObject(BASE_URL + "user/create", role1User, UserTO.class);
+        assertNotNull(role1User);
+
+        // reset admin credentials for restTemplate
+        super.setupRestTemplate();
+    }
 }

Modified: incubator/syncope/trunk/core/src/test/java/org/syncope/core/rest/UserRequestTestITCase.java
URL: http://svn.apache.org/viewvc/incubator/syncope/trunk/core/src/test/java/org/syncope/core/rest/UserRequestTestITCase.java?rev=1308872&r1=1308871&r2=1308872&view=diff
==============================================================================
--- incubator/syncope/trunk/core/src/test/java/org/syncope/core/rest/UserRequestTestITCase.java
(original)
+++ incubator/syncope/trunk/core/src/test/java/org/syncope/core/rest/UserRequestTestITCase.java
Tue Apr  3 12:47:28 2012
@@ -26,6 +26,7 @@ import org.apache.http.auth.UsernamePass
 import org.apache.http.impl.client.DefaultHttpClient;
 import org.junit.Test;
 import org.springframework.http.HttpStatus;
+import org.springframework.web.client.HttpClientErrorException;
 import org.springframework.web.client.HttpStatusCodeException;
 import org.syncope.client.http.PreemptiveAuthHttpRequestFactory;
 import org.syncope.client.mod.UserMod;
@@ -42,19 +43,17 @@ public class UserRequestTestITCase exten
 
     @Test
     public void selfRead() {
-        PreemptiveAuthHttpRequestFactory requestFactory = ((PreemptiveAuthHttpRequestFactory)
restTemplate
-                .getRequestFactory());
+        PreemptiveAuthHttpRequestFactory requestFactory = ((PreemptiveAuthHttpRequestFactory)
restTemplate.
+                getRequestFactory());
         ((DefaultHttpClient) requestFactory.getHttpClient()).getCredentialsProvider().setCredentials(
                 requestFactory.getAuthScope(), new UsernamePasswordCredentials("user1", "password"));
 
-        SyncopeClientException exception = null;
         try {
             restTemplate.getForObject(BASE_URL + "user/read/{userId}.json", UserTO.class,
1);
             fail();
-        } catch (SyncopeClientCompositeErrorException e) {
-            exception = e.getException(SyncopeClientExceptionType.UnauthorizedRole);
+        } catch (HttpClientErrorException e) {
+            assertEquals(HttpStatus.FORBIDDEN, e.getStatusCode());
         }
-        assertNotNull(exception);
 
         UserTO userTO = restTemplate.getForObject(BASE_URL + "user/request/read/self", UserTO.class);
         assertEquals("user1", userTO.getUsername());
@@ -103,8 +102,8 @@ public class UserRequestTestITCase exten
         attrCond.setSchema("userId");
         attrCond.setExpression("selfcreate@syncope-idm.org");
 
-        final List<UserTO> matchingUsers = Arrays.asList(restTemplate.postForObject(BASE_URL
+ "user/search", NodeCond
-                .getLeafCond(attrCond), UserTO[].class));
+        final List<UserTO> matchingUsers = Arrays.asList(restTemplate.postForObject(BASE_URL
+ "user/search", NodeCond.
+                getLeafCond(attrCond), UserTO[].class));
         assertTrue(matchingUsers.isEmpty());
 
         // 7. actually create user
@@ -136,8 +135,8 @@ public class UserRequestTestITCase exten
         assertNotNull(exception);
 
         // 3. auth as user just created
-        PreemptiveAuthHttpRequestFactory requestFactory = ((PreemptiveAuthHttpRequestFactory)
restTemplate
-                .getRequestFactory());
+        PreemptiveAuthHttpRequestFactory requestFactory = ((PreemptiveAuthHttpRequestFactory)
restTemplate.
+                getRequestFactory());
         ((DefaultHttpClient) requestFactory.getHttpClient()).getCredentialsProvider().setCredentials(
                 requestFactory.getAuthScope(), new UsernamePasswordCredentials(userTO.getUsername(),
initialPassword));
 
@@ -194,8 +193,8 @@ public class UserRequestTestITCase exten
         assertNotNull(exception);
 
         // 3. auth as user just created
-        PreemptiveAuthHttpRequestFactory requestFactory = ((PreemptiveAuthHttpRequestFactory)
restTemplate
-                .getRequestFactory());
+        PreemptiveAuthHttpRequestFactory requestFactory = ((PreemptiveAuthHttpRequestFactory)
restTemplate.
+                getRequestFactory());
         ((DefaultHttpClient) requestFactory.getHttpClient()).getCredentialsProvider().setCredentials(
                 requestFactory.getAuthScope(), new UsernamePasswordCredentials(userTO.getUsername(),
initialPassword));
 



Mime
View raw message