You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@rave.apache.org by ca...@apache.org on 2011/10/31 16:07:40 UTC
svn commit: r1195508 - in /incubator/rave/trunk/rave-components:
rave-core/src/main/java/org/apache/rave/portal/security/
rave-core/src/main/java/org/apache/rave/portal/security/impl/
rave-core/src/main/java/org/apache/rave/portal/service/ rave-core/sr...
Author: carlucci
Date: Mon Oct 31 15:07:40 2011
New Revision: 1195508
URL: http://svn.apache.org/viewvc?rev=1195508&view=rev
Log:
RAVE-315: WidgetRating ModelPermissionEvaluator and Service Annotations
Applying patch supplied by Venkat Mahadevan
Added:
incubator/rave/trunk/rave-components/rave-core/src/main/java/org/apache/rave/portal/security/impl/DefaultWidgetRatingPermissionEvaluator.java
incubator/rave/trunk/rave-components/rave-core/src/test/java/org/apache/rave/portal/security/impl/DefaultWidgetRatingPermissionEvaluatorTest.java
Modified:
incubator/rave/trunk/rave-components/rave-core/src/main/java/org/apache/rave/portal/security/ModelPermissionEvaluator.java
incubator/rave/trunk/rave-components/rave-core/src/main/java/org/apache/rave/portal/security/impl/RavePermissionEvaluator.java
incubator/rave/trunk/rave-components/rave-core/src/main/java/org/apache/rave/portal/service/WidgetRatingService.java
incubator/rave/trunk/rave-components/rave-core/src/main/java/org/apache/rave/portal/service/impl/DefaultWidgetRatingService.java
incubator/rave/trunk/rave-components/rave-core/src/test/java/org/apache/rave/portal/service/impl/DefaultWidgetRatingServiceTest.java
incubator/rave/trunk/rave-components/rave-web/src/main/java/org/apache/rave/portal/web/api/rest/WidgetApi.java
incubator/rave/trunk/rave-components/rave-web/src/test/java/org/apache/rave/portal/web/api/rest/WidgetApiTest.java
Modified: incubator/rave/trunk/rave-components/rave-core/src/main/java/org/apache/rave/portal/security/ModelPermissionEvaluator.java
URL: http://svn.apache.org/viewvc/incubator/rave/trunk/rave-components/rave-core/src/main/java/org/apache/rave/portal/security/ModelPermissionEvaluator.java?rev=1195508&r1=1195507&r2=1195508&view=diff
==============================================================================
--- incubator/rave/trunk/rave-components/rave-core/src/main/java/org/apache/rave/portal/security/ModelPermissionEvaluator.java (original)
+++ incubator/rave/trunk/rave-components/rave-core/src/main/java/org/apache/rave/portal/security/ModelPermissionEvaluator.java Mon Oct 31 15:07:40 2011
@@ -1,57 +1,59 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-package org.apache.rave.portal.security;
-
-import java.io.Serializable;
-import org.springframework.security.core.Authentication;
-
-/**
- *
- * @author carlucci
- */
-public interface ModelPermissionEvaluator<T> {
-
- /**
- * An enum representing all of the possible permissions a user can
- * have on a Model object
- */
- public static enum Permission {
- ADMINISTER,
- CREATE,
- DELETE,
- READ,
- UPDATE;
-
- /**
- * Returns the equivalent Permission enum from the supplied string
- *
- * @param value string representing the enum to return
- * @return the enum value
- */
- public static Permission fromString(String value) {
- return Permission.valueOf(value.toUpperCase());
- }
- }
-
- Class<T> getType();
- boolean hasPermission(Authentication authentication, T targetDomainObject, Permission permission);
- boolean hasPermission(Authentication authentication, Serializable targetId, String targetType, Permission permission);
- int getLoadOrder();
-}
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.rave.portal.security;
+
+import org.springframework.security.core.Authentication;
+
+import java.io.Serializable;
+
+/**
+ *
+ * @author carlucci
+ */
+public interface ModelPermissionEvaluator<T> {
+
+ /**
+ * An enum representing all of the possible permissions a user can
+ * have on a Model object
+ */
+ public static enum Permission {
+ ADMINISTER,
+ CREATE,
+ DELETE,
+ READ,
+ UPDATE,
+ CREATE_OR_UPDATE;
+
+ /**
+ * Returns the equivalent Permission enum from the supplied string
+ *
+ * @param value string representing the enum to return
+ * @return the enum value
+ */
+ public static Permission fromString(String value) {
+ return Permission.valueOf(value.toUpperCase());
+ }
+ }
+
+ Class<T> getType();
+ boolean hasPermission(Authentication authentication, T targetDomainObject, Permission permission);
+ boolean hasPermission(Authentication authentication, Serializable targetId, String targetType, Permission permission);
+ int getLoadOrder();
+}
Added: incubator/rave/trunk/rave-components/rave-core/src/main/java/org/apache/rave/portal/security/impl/DefaultWidgetRatingPermissionEvaluator.java
URL: http://svn.apache.org/viewvc/incubator/rave/trunk/rave-components/rave-core/src/main/java/org/apache/rave/portal/security/impl/DefaultWidgetRatingPermissionEvaluator.java?rev=1195508&view=auto
==============================================================================
--- incubator/rave/trunk/rave-components/rave-core/src/main/java/org/apache/rave/portal/security/impl/DefaultWidgetRatingPermissionEvaluator.java (added)
+++ incubator/rave/trunk/rave-components/rave-core/src/main/java/org/apache/rave/portal/security/impl/DefaultWidgetRatingPermissionEvaluator.java Mon Oct 31 15:07:40 2011
@@ -0,0 +1,156 @@
+package org.apache.rave.portal.security.impl;
+
+import org.apache.rave.portal.model.User;
+import org.apache.rave.portal.model.WidgetRating;
+import org.apache.rave.portal.repository.WidgetRatingRepository;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.core.Authentication;
+import org.springframework.stereotype.Component;
+
+import java.io.Serializable;
+import java.util.ArrayList;
+import java.util.List;
+
+@Component
+public class DefaultWidgetRatingPermissionEvaluator extends AbstractModelPermissionEvaluator<WidgetRating> {
+ private Logger log = LoggerFactory.getLogger(getClass());
+ private WidgetRatingRepository widgetRatingRepository;
+
+ @Autowired
+ public DefaultWidgetRatingPermissionEvaluator(WidgetRatingRepository widgetRatingRepository) {
+ this.widgetRatingRepository = widgetRatingRepository;
+ }
+
+ @Override
+ public Class<WidgetRating> getType() {
+ return WidgetRating.class;
+ }
+
+ /**
+ * Checks to see if the Authentication object has the supplied Permission
+ * on the supplied WidgetRating object. This method invokes the private hasPermission
+ * function with the trustedDomainObject parameter set to false since we don't
+ * know if the model being passed in was modified in any way from the
+ * actual entity in the database.
+ *
+ * @param authentication the current Authentication object
+ * @param widgetRating the WidgetRating model object
+ * @param permission the Permission to check
+ * @return true if the Authentication has the proper permission, false otherwise
+ */
+ @Override
+ public boolean hasPermission(Authentication authentication, WidgetRating widgetRating, Permission permission) {
+ return hasPermission(authentication, widgetRating, permission, false);
+ }
+
+ /**
+ * Checks to see if the Authentication object has the supplied Permission
+ * for the Entity represented by the targetId(entityId) and targetType(model class name).
+ * This method invokes the private hasPermission function with the
+ * trustedDomainObject parameter set to true since we must pull the entity
+ * from the database and are guaranteed a trusted domain object,
+ * before performing our permission checks.
+ *
+ * @param authentication the current Authentication object
+ * @param targetId the entityId of the model to check, or a RaveSecurityContext object
+ * @param targetType the class of the model to check
+ * @param permission the Permission to check
+ * @return true if the Authentication has the proper permission, false otherwise
+ */
+ @Override
+ public boolean hasPermission(Authentication authentication, Serializable targetId, String targetType, Permission permission) {
+ boolean hasPermission = false;
+ if (targetId instanceof RaveSecurityContext) {
+ hasPermission = verifyRaveSecurityContext(authentication, (RaveSecurityContext) targetId);
+ } else {
+ hasPermission = hasPermission(authentication, widgetRatingRepository.get((Long) targetId), permission, true);
+ }
+ return hasPermission;
+ }
+
+ private boolean hasPermission(Authentication authentication, WidgetRating widgetRating, Permission permission, boolean trustedDomainObject) {
+ // this is our container of trusted widgetRating objects that can be re-used
+ // in this method so that the same trusted widgetRating object doesn't have to
+ // be looked up in the repository multiple times
+ List<WidgetRating> trustedWidgetRatingContainer = new ArrayList<WidgetRating>();
+
+ // first execute the AbstractModelPermissionEvaluator's hasPermission function
+ // to see if it allows permission via it's "higher authority" logic
+ if (super.hasPermission(authentication, widgetRating, permission)) {
+ return true;
+ }
+
+ // perform the security logic depending on the Permission type
+ boolean hasPermission = false;
+
+ switch (permission) {
+ case ADMINISTER:
+ // if you are here, you are not an administrator, so you can't administer WidgetRating
+ break;
+ case CREATE:
+ case DELETE:
+ case READ:
+ case UPDATE:
+ // anyone can create, delete, read, or update a widgetRating that they own
+ hasPermission = isWidgetRatingOwner(authentication, widgetRating, trustedWidgetRatingContainer, trustedDomainObject);
+ break;
+ default:
+ log.warn("unknown permission: " + permission);
+ break;
+ }
+
+ return hasPermission;
+ }
+
+ // returns a trusted WidgetRating object, either from the WidgetRatingRepository, or the
+ // cached container list
+ private WidgetRating getTrustedWidgetRating(long widgetRatingId, List<WidgetRating> trustedWidgetRatingContainer) {
+ WidgetRating widgetRating = null;
+ if (trustedWidgetRatingContainer.isEmpty()) {
+ widgetRating = widgetRatingRepository.get(widgetRatingId);
+ trustedWidgetRatingContainer.add(widgetRating);
+ } else {
+ widgetRating = trustedWidgetRatingContainer.get(0);
+ }
+ return widgetRating;
+ }
+
+ // checks to see if the Authentication object principal is the owner of the supplied widgetRating object
+ // if trustedDomainObject is false, pull the entity from the database first to ensure
+ // the model object is trusted and hasn't been modified
+ private boolean isWidgetRatingOwner(Authentication authentication, WidgetRating widgetRating, List<WidgetRating> trustedWidgetRatingContainer, boolean trustedDomainObject) {
+ WidgetRating trustedWidgetRating = null;
+ if (trustedDomainObject) {
+ trustedWidgetRating = widgetRating;
+ } else {
+ trustedWidgetRating = getTrustedWidgetRating(widgetRating.getEntityId(), trustedWidgetRatingContainer);
+ }
+ return isWidgetRatingOwnerById(authentication, trustedWidgetRating.getUserId());
+ }
+
+ private boolean isWidgetRatingOwnerByUsername(Authentication authentication, String username) {
+ return ((User)authentication.getPrincipal()).getUsername().equals(username);
+ }
+
+ private boolean isWidgetRatingOwnerById(Authentication authentication, Long userId) {
+ return ((User)authentication.getPrincipal()).getEntityId().equals(userId);
+ }
+
+ private boolean verifyRaveSecurityContext(Authentication authentication, RaveSecurityContext raveSecurityContext) {
+ Class<?> clazz = null;
+ try {
+ clazz = Class.forName(raveSecurityContext.getType());
+ } catch (ClassNotFoundException ex) {
+ throw new IllegalArgumentException("unknown class specified in RaveSecurityContext: ", ex);
+ }
+
+ // perform the permissions check based on the class supplied to the RaveSecurityContext object
+ if (User.class == clazz) {
+ return isWidgetRatingOwnerById(authentication, (Long) raveSecurityContext.getId());
+ } else {
+ throw new IllegalArgumentException("unknown RaveSecurityContext type: " + raveSecurityContext.getType());
+ }
+ }
+}
Modified: incubator/rave/trunk/rave-components/rave-core/src/main/java/org/apache/rave/portal/security/impl/RavePermissionEvaluator.java
URL: http://svn.apache.org/viewvc/incubator/rave/trunk/rave-components/rave-core/src/main/java/org/apache/rave/portal/security/impl/RavePermissionEvaluator.java?rev=1195508&r1=1195507&r2=1195508&view=diff
==============================================================================
--- incubator/rave/trunk/rave-components/rave-core/src/main/java/org/apache/rave/portal/security/impl/RavePermissionEvaluator.java (original)
+++ incubator/rave/trunk/rave-components/rave-core/src/main/java/org/apache/rave/portal/security/impl/RavePermissionEvaluator.java Mon Oct 31 15:07:40 2011
@@ -1,119 +1,139 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-package org.apache.rave.portal.security.impl;
-
-import java.io.Serializable;
-import java.util.Collections;
-import java.util.Comparator;
-import java.util.HashMap;
-import java.util.List;
-import java.util.Map;
-import org.apache.rave.portal.security.ModelPermissionEvaluator;
-import org.apache.rave.portal.security.ModelPermissionEvaluator.Permission;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.security.access.PermissionEvaluator;
-import org.springframework.security.core.Authentication;
-import org.springframework.stereotype.Component;
-
-/**
- * Custom PermissionEvaluator for Rave that stores a map of ModelPermissionEvaluators
- * each of which is responsible for handling Domain Object Security for the Rave Model
- * objects
- *
- * @author carlucci
- */
-@Component
-public class RavePermissionEvaluator implements PermissionEvaluator {
- private Map<String, ModelPermissionEvaluator> modelPermissionEvaluatorMap;
-
- /**
- * Constructor which will take in a component-scanned list of all ModelPermissionEvaluator
- * classes found by Spring component scanner. The constructor builds the
- * internal Map by using the Model type (Model Class) as the key, thus ensuring
- * only one ModelPermissionEvaluator class exists for each Model object. The
- * constructor first sorts the injected list of ModelPermissionEvaluator objects
- * by the loadOrder field to allow overrides of the default ModelPermissionEvaluators.
- *
- * @param modelPermissionEvaluatorList autowired injected list of all ModelPermissionEvaluator classes found
- * by the component scanner
- */
- @Autowired
- public RavePermissionEvaluator(List<ModelPermissionEvaluator> modelPermissionEvaluatorList) {
- // order all of the component scanned ModelPermissionEvaluators by their loadOrder value
- // to allow overrides of the default ModelPermissionEvaluator implementations, since
- // we are storing them all in a map the higher order implementations will replace the
- // default lower ordered ones
- Collections.sort(modelPermissionEvaluatorList, new Comparator<ModelPermissionEvaluator>(){
- @Override
- public int compare(ModelPermissionEvaluator o1, ModelPermissionEvaluator o2) {
- return new Integer(o1.getLoadOrder()).compareTo(new Integer(o2.getLoadOrder()));
- }
- });
-
- // build the map using the model type/class as the key
- modelPermissionEvaluatorMap = new HashMap<String, ModelPermissionEvaluator>();
- for (ModelPermissionEvaluator mpe : modelPermissionEvaluatorList) {
- modelPermissionEvaluatorMap.put(mpe.getType().getName(), mpe);
- }
- }
-
- /**
- * Checks to see if the Authentication object has the supplied permission
- * on the supplied domain object
- *
- * @param authentication the Authentication object
- * @param targetDomainObject the domain object needing permission check
- * @param permission the permission to check
- * @return true if passes the permission check, false otherwise
- */
- @Override
- public boolean hasPermission(Authentication authentication, Object targetDomainObject, Object permission) {
- // find the appropriate ModelPermissionEvaluator from the map based on
- // the targetDomainObject's class and invoke the hasPermission function
- return getEvaluator(targetDomainObject.getClass().getName()).hasPermission(authentication, targetDomainObject, Permission.fromString((String)permission));
- }
-
- /**
- * Checks to see if the Authentication object has the supplied permission
- * on the supplied targetType (model class name) and targetId (entityId).
- * This method can be used when a permission check is needed and the method
- * does not currently have the domain object, only its entityId
- *
- * @param authentication the Authentication object
- * @param targetId the entityId of the targetType class
- * @param targetType the class name of the domain object
- * @param permission permission the permission to check
- * @return true if passes the permission check, false otherwise
- */
- @Override
- public boolean hasPermission(Authentication authentication, Serializable targetId, String targetType, Object permission) {
- // find the appropriate ModelPermissionEvaluator from the map based on
- // the targetType and invoke the hasPermission function
- return getEvaluator(targetType).hasPermission(authentication, targetId, targetType, Permission.fromString((String)permission));
- }
-
- private ModelPermissionEvaluator getEvaluator(String targetType) throws IllegalArgumentException {
- ModelPermissionEvaluator mpe = modelPermissionEvaluatorMap.get(targetType);
- if (mpe == null) {
- throw new IllegalArgumentException("ModelPermissionEvaluator not found for type " + targetType);
- }
- return mpe;
- }
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.rave.portal.security.impl;
+
+import org.apache.rave.persistence.BasicEntity;
+import org.apache.rave.portal.security.ModelPermissionEvaluator;
+import org.apache.rave.portal.security.ModelPermissionEvaluator.Permission;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.access.PermissionEvaluator;
+import org.springframework.security.core.Authentication;
+import org.springframework.stereotype.Component;
+
+import java.io.Serializable;
+import java.util.*;
+
+/**
+ * Custom PermissionEvaluator for Rave that stores a map of ModelPermissionEvaluators
+ * each of which is responsible for handling Domain Object Security for the Rave Model
+ * objects
+ *
+ * @author carlucci
+ */
+@Component
+public class RavePermissionEvaluator implements PermissionEvaluator {
+ private Map<String, ModelPermissionEvaluator> modelPermissionEvaluatorMap;
+
+ /**
+ * Constructor which will take in a component-scanned list of all ModelPermissionEvaluator
+ * classes found by Spring component scanner. The constructor builds the
+ * internal Map by using the Model type (Model Class) as the key, thus ensuring
+ * only one ModelPermissionEvaluator class exists for each Model object. The
+ * constructor first sorts the injected list of ModelPermissionEvaluator objects
+ * by the loadOrder field to allow overrides of the default ModelPermissionEvaluators.
+ *
+ * @param modelPermissionEvaluatorList autowired injected list of all ModelPermissionEvaluator classes found
+ * by the component scanner
+ */
+ @Autowired
+ public RavePermissionEvaluator(List<ModelPermissionEvaluator> modelPermissionEvaluatorList) {
+ // order all of the component scanned ModelPermissionEvaluators by their loadOrder value
+ // to allow overrides of the default ModelPermissionEvaluator implementations, since
+ // we are storing them all in a map the higher order implementations will replace the
+ // default lower ordered ones
+ Collections.sort(modelPermissionEvaluatorList, new Comparator<ModelPermissionEvaluator>(){
+ @Override
+ public int compare(ModelPermissionEvaluator o1, ModelPermissionEvaluator o2) {
+ return new Integer(o1.getLoadOrder()).compareTo(new Integer(o2.getLoadOrder()));
+ }
+ });
+
+ // build the map using the model type/class as the key
+ modelPermissionEvaluatorMap = new HashMap<String, ModelPermissionEvaluator>();
+ for (ModelPermissionEvaluator mpe : modelPermissionEvaluatorList) {
+ modelPermissionEvaluatorMap.put(mpe.getType().getName(), mpe);
+ }
+ }
+
+ /**
+ * Checks to see if the Authentication object has the supplied permission
+ * on the supplied domain object
+ *
+ * @param authentication the Authentication object
+ * @param targetDomainObject the domain object needing permission check
+ * @param permissionString the permission to check
+ * @return true if passes the permission check, false otherwise
+ */
+ @Override
+ public boolean hasPermission(Authentication authentication, Object targetDomainObject, Object permissionString) {
+ // find the appropriate ModelPermissionEvaluator from the map based on
+ // the targetDomainObject's class and invoke the hasPermission function
+ return getEvaluator(targetDomainObject.getClass().getName()).hasPermission(authentication, targetDomainObject,
+ getPermission(targetDomainObject, (String) permissionString));
+ }
+
+ /**
+ * Checks to see if the Authentication object has the supplied permission
+ * on the supplied targetType (model class name) and targetId (entityId).
+ * This method can be used when a permission check is needed and the method
+ * does not currently have the domain object, only its entityId
+ *
+ * @param authentication the Authentication object
+ * @param targetId the entityId of the targetType class
+ * @param targetType the class name of the domain object
+ * @param permissionString permission the permission to check
+ * @return true if passes the permission check, false otherwise
+ */
+ @Override
+ public boolean hasPermission(Authentication authentication, Serializable targetId, String targetType, Object permissionString) {
+ // find the appropriate ModelPermissionEvaluator from the map based on
+ // the targetType and invoke the hasPermission function
+ Permission permission = Permission.fromString((String) permissionString);
+ if (permission == Permission.CREATE_OR_UPDATE) {
+ throw new IllegalArgumentException("CREATE_OR_UPDATE not supported in this context.");
+ }
+ return getEvaluator(targetType).hasPermission(authentication, targetId, targetType, permission);
+ }
+
+ private ModelPermissionEvaluator getEvaluator(String targetType) throws IllegalArgumentException {
+ ModelPermissionEvaluator mpe = modelPermissionEvaluatorMap.get(targetType);
+ if (mpe == null) {
+ throw new IllegalArgumentException("ModelPermissionEvaluator not found for type " + targetType);
+ }
+ return mpe;
+ }
+
+ private Permission getPermission(Object targetDomainObject, String permissionString) {
+ Permission permission = Permission.fromString((String) permissionString);
+ if (permission.equals(Permission.CREATE_OR_UPDATE)) {
+ if (targetDomainObject instanceof BasicEntity) {
+ Long id = ((BasicEntity) targetDomainObject).getEntityId();
+ if (id == null) {
+ permission = Permission.CREATE;
+ } else {
+ permission = Permission.UPDATE;
+ }
+ } else {
+ throw new IllegalArgumentException("CREATE_OR_UPDATE is currently only supported for BasicEntity types");
+ }
+ }
+ return permission;
+ }
}
\ No newline at end of file
Modified: incubator/rave/trunk/rave-components/rave-core/src/main/java/org/apache/rave/portal/service/WidgetRatingService.java
URL: http://svn.apache.org/viewvc/incubator/rave/trunk/rave-components/rave-core/src/main/java/org/apache/rave/portal/service/WidgetRatingService.java?rev=1195508&r1=1195507&r2=1195508&view=diff
==============================================================================
--- incubator/rave/trunk/rave-components/rave-core/src/main/java/org/apache/rave/portal/service/WidgetRatingService.java (original)
+++ incubator/rave/trunk/rave-components/rave-core/src/main/java/org/apache/rave/portal/service/WidgetRatingService.java Mon Oct 31 15:07:40 2011
@@ -1,61 +1,59 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-package org.apache.rave.portal.service;
-
-import org.apache.rave.portal.model.WidgetRating;
-
-/**
- * Interface for {@link org.apache.rave.portal.model.WidgetRating}
- */
-public interface WidgetRatingService {
-
- /**
- * Gets a {@link WidgetRating} for the widgetId and userId
- *
- * @param widgetId unique identifier for a Widget
- * @param userId unique identifier for a User
- * @return WidgetRating or {@link null} if there is no such combination
- */
- WidgetRating getByWidgetIdAndUserId(Long widgetId, Long userId);
-
- /**
- * Updates the score of a {@link WidgetRating}
- *
- * @param widgetRating WidgetRating
- * @param score value of the rating
- */
- void updateScore(WidgetRating widgetRating, Integer score);
-
- /**
- * Saves a {@link WidgetRating} for a widget
- *
- * @param rating WidgetRating
- */
- void saveWidgetRating(WidgetRating rating);
-
- /**
- * Removes the rating of a widget
- *
- * @param widgetId unique identifier of a {@link org.apache.rave.portal.model.Widget}
- * @param userId unique identifier of a {@link org.apache.rave.portal.model.User}
- */
- void removeWidgetRating(long widgetId, long userId);
-
-}
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.rave.portal.service;
+
+import org.apache.rave.portal.model.WidgetRating;
+import org.springframework.security.access.prepost.PreAuthorize;
+
+/**
+ * Interface for {@link org.apache.rave.portal.model.WidgetRating}
+ */
+public interface WidgetRatingService {
+
+ /**
+ * Gets a {@link WidgetRating} for the widgetId and userId
+ *
+ * @param widgetId unique identifier for a Widget
+ * @param userId unique identifier for a User
+ * @return WidgetRating or {@link null} if there is no such combination
+ */
+ @PreAuthorize("hasPermission(new org.apache.rave.portal.security.impl.RaveSecurityContext(#userId, 'org.apache.rave.portal.model.User'), 'org.apache.rave.portal.model.WidgetRating', 'read')")
+ WidgetRating getByWidgetIdAndUserId(Long widgetId, Long userId);
+
+ /**
+ * Saves a {@link WidgetRating} for a widget
+ *
+ * @param widgetId unique identifier of a {@link org.apache.rave.portal.model.Widget}
+ * @param score value of the rating
+ * @param userId unique identifier of a {@link org.apache.rave.portal.model.User}
+ */
+ @PreAuthorize("hasPermission(new org.apache.rave.portal.security.impl.RaveSecurityContext(#userId, 'org.apache.rave.portal.model.User'), 'org.apache.rave.portal.model.WidgetRating', 'create')")
+ void saveWidgetRating(Long widgetId, Integer score, Long userId);
+
+ /**
+ * Removes the rating of a widget
+ *
+ * @param widgetId unique identifier of a {@link org.apache.rave.portal.model.Widget}
+ * @param userId unique identifier of a {@link org.apache.rave.portal.model.User}
+ */
+ @PreAuthorize("hasPermission(new org.apache.rave.portal.security.impl.RaveSecurityContext(#userId, 'org.apache.rave.portal.model.User'), 'org.apache.rave.portal.model.WidgetRating', 'delete')")
+ void removeWidgetRating(Long widgetId, Long userId);
+
+}
Modified: incubator/rave/trunk/rave-components/rave-core/src/main/java/org/apache/rave/portal/service/impl/DefaultWidgetRatingService.java
URL: http://svn.apache.org/viewvc/incubator/rave/trunk/rave-components/rave-core/src/main/java/org/apache/rave/portal/service/impl/DefaultWidgetRatingService.java?rev=1195508&r1=1195507&r2=1195508&view=diff
==============================================================================
--- incubator/rave/trunk/rave-components/rave-core/src/main/java/org/apache/rave/portal/service/impl/DefaultWidgetRatingService.java (original)
+++ incubator/rave/trunk/rave-components/rave-core/src/main/java/org/apache/rave/portal/service/impl/DefaultWidgetRatingService.java Mon Oct 31 15:07:40 2011
@@ -1,70 +1,71 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-package org.apache.rave.portal.service.impl;
-
-import org.apache.rave.portal.model.WidgetRating;
-import org.apache.rave.portal.repository.WidgetRatingRepository;
-import org.apache.rave.portal.service.WidgetRatingService;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.stereotype.Service;
-
-/**
- * Default implementation for {@link org.apache.rave.portal.service.WidgetRatingService}
- */
-@Service
-public class DefaultWidgetRatingService implements WidgetRatingService {
-
- private final WidgetRatingRepository repository;
-
- @Autowired
- public DefaultWidgetRatingService(WidgetRatingRepository repository) {
- this.repository = repository;
- }
-
- @Override
- public WidgetRating getByWidgetIdAndUserId(Long widgetId, Long userId) {
- return repository.getByWidgetIdAndUserId(widgetId, userId);
- }
-
- @Override
- public void updateScore(WidgetRating widgetRating, Integer score) {
- widgetRating.setScore(score);
- repository.save(widgetRating);
- }
-
- @Override
- public void saveWidgetRating(WidgetRating rating) {
- WidgetRating existingRating = getByWidgetIdAndUserId(rating.getWidgetId(), rating.getUserId());
- if (existingRating == null) {
- repository.save(rating);
- } else {
- updateScore(existingRating, rating.getScore());
- }
- }
-
- @Override
- public void removeWidgetRating(long widgetId, long userId) {
- WidgetRating widgetRating = repository.getByWidgetIdAndUserId(widgetId, userId);
- if (widgetRating == null) {
- return;
- }
- repository.delete(widgetRating);
- }
-}
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.rave.portal.service.impl;
+
+import org.apache.rave.portal.model.WidgetRating;
+import org.apache.rave.portal.repository.WidgetRatingRepository;
+import org.apache.rave.portal.service.WidgetRatingService;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Service;
+import org.springframework.transaction.annotation.Transactional;
+
+/**
+ * Default implementation for {@link org.apache.rave.portal.service.WidgetRatingService}
+ */
+@Service
+public class DefaultWidgetRatingService implements WidgetRatingService {
+
+ private final WidgetRatingRepository repository;
+
+ @Autowired
+ public DefaultWidgetRatingService(WidgetRatingRepository repository) {
+ this.repository = repository;
+ }
+
+ @Override
+ public WidgetRating getByWidgetIdAndUserId(Long widgetId, Long userId) {
+ return repository.getByWidgetIdAndUserId(widgetId, userId);
+ }
+
+ @Override
+ @Transactional
+ public void saveWidgetRating(Long widgetId, Integer score, Long userId) {
+ WidgetRating rating = getByWidgetIdAndUserId(widgetId, userId);
+ if (rating == null) {
+ rating = new WidgetRating();
+ rating.setScore(score);
+ rating.setUserId(userId);
+ rating.setWidgetId(widgetId);
+ } else {
+ rating.setScore(score);
+ }
+ repository.save(rating);
+ }
+
+ @Override
+ @Transactional
+ public void removeWidgetRating(Long widgetId, Long userId) {
+ WidgetRating widgetRating = repository.getByWidgetIdAndUserId(widgetId, userId);
+ if (widgetRating == null) {
+ return;
+ }
+ repository.delete(widgetRating);
+ }
+}
Added: incubator/rave/trunk/rave-components/rave-core/src/test/java/org/apache/rave/portal/security/impl/DefaultWidgetRatingPermissionEvaluatorTest.java
URL: http://svn.apache.org/viewvc/incubator/rave/trunk/rave-components/rave-core/src/test/java/org/apache/rave/portal/security/impl/DefaultWidgetRatingPermissionEvaluatorTest.java?rev=1195508&view=auto
==============================================================================
--- incubator/rave/trunk/rave-components/rave-core/src/test/java/org/apache/rave/portal/security/impl/DefaultWidgetRatingPermissionEvaluatorTest.java (added)
+++ incubator/rave/trunk/rave-components/rave-core/src/test/java/org/apache/rave/portal/security/impl/DefaultWidgetRatingPermissionEvaluatorTest.java Mon Oct 31 15:07:40 2011
@@ -0,0 +1,314 @@
+package org.apache.rave.portal.security.impl;
+
+import org.apache.rave.portal.model.User;
+import org.apache.rave.portal.model.WidgetRating;
+import org.apache.rave.portal.repository.WidgetRatingRepository;
+import org.apache.rave.portal.security.ModelPermissionEvaluator;
+import org.apache.rave.portal.security.util.AuthenticationUtils;
+import org.junit.Before;
+import org.junit.Test;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.GrantedAuthority;
+import org.springframework.security.core.authority.GrantedAuthorityImpl;
+
+import java.util.ArrayList;
+import java.util.List;
+
+import static org.easymock.EasyMock.*;
+import static org.hamcrest.CoreMatchers.is;
+import static org.junit.Assert.assertThat;
+
+
+public class DefaultWidgetRatingPermissionEvaluatorTest {
+ private DefaultWidgetRatingPermissionEvaluator defaultWidgetRatingPermissionEvaluator;
+ private WidgetRatingRepository mockWidgetRatingRepository;
+ private Authentication mockAuthentication;
+ private List<GrantedAuthority> grantedAuthoritiesList;
+ private WidgetRating widgetRating;
+ private User user, user2;
+
+ private final Long VALID_USER_ID = 99L;
+ private final Long VALID_USER_ID2 = 100L;
+ private final String VALID_USERNAME = "john.doe";
+ private final String VALID_USERNAME2 = "jane.doe";
+ private final Long VALID_WIDGET_ID = 1L;
+ private final Long VALID_WIDGET_RATING_ID = 1L;
+
+ @Before
+ public void setUp() {
+ mockWidgetRatingRepository = createMock(WidgetRatingRepository.class);
+ defaultWidgetRatingPermissionEvaluator = new DefaultWidgetRatingPermissionEvaluator(mockWidgetRatingRepository);
+
+ widgetRating = new WidgetRating();
+ widgetRating.setUserId(VALID_USER_ID);
+ widgetRating.setWidgetId(VALID_WIDGET_ID);
+ widgetRating.setEntityId(VALID_WIDGET_ID);
+
+ user = new User();
+ user.setUsername(VALID_USERNAME);
+ user.setEntityId(VALID_USER_ID);
+ user2 = new User();
+ user2.setEntityId(VALID_USER_ID2);
+ user2.setUsername(VALID_USERNAME2);
+
+ mockAuthentication = createMock(Authentication.class);
+ grantedAuthoritiesList = new ArrayList<GrantedAuthority>();
+ grantedAuthoritiesList.add(new GrantedAuthorityImpl("ROLE_USER"));
+
+ }
+
+ @Test
+ public void testGetType() throws ClassNotFoundException {
+ assertThat(defaultWidgetRatingPermissionEvaluator.getType().getName(), is(WidgetRating.class.getName()));
+ }
+
+ @Test
+ public void testHasPermission_3args_administer() {
+ expect(mockAuthentication.getAuthorities()).andReturn(grantedAuthoritiesList);
+ replay(mockAuthentication);
+ assertThat(defaultWidgetRatingPermissionEvaluator.hasPermission(mockAuthentication, widgetRating, ModelPermissionEvaluator.Permission.ADMINISTER), is(false));
+ verify(mockAuthentication);
+ }
+
+ // -------------------
+ @Test
+ public void testHasPermission_3args_administer_hasAdminRole() {
+ grantedAuthoritiesList.add(new GrantedAuthorityImpl(AuthenticationUtils.ROLE_ADMIN));
+ expect(mockAuthentication.getAuthorities()).andReturn(grantedAuthoritiesList);
+ replay(mockAuthentication);
+ assertThat(defaultWidgetRatingPermissionEvaluator.hasPermission(mockAuthentication, widgetRating, ModelPermissionEvaluator.Permission.ADMINISTER), is(true));
+ verify(mockAuthentication);
+ }
+
+ @Test
+ public void testHasPermission_3args_create_isWidgetRatingOwner() {
+ expect(mockAuthentication.getAuthorities()).andReturn(grantedAuthoritiesList);
+ expect(mockAuthentication.getPrincipal()).andReturn(user);
+ expect(mockWidgetRatingRepository.get(VALID_WIDGET_ID)).andReturn(widgetRating);
+ replay(mockAuthentication);
+ replay(mockWidgetRatingRepository);
+ assertThat(defaultWidgetRatingPermissionEvaluator.hasPermission(mockAuthentication, widgetRating, ModelPermissionEvaluator.Permission.CREATE), is(true));
+ verify(mockAuthentication);
+ verify(mockWidgetRatingRepository);
+ }
+
+ @Test
+ public void testHasPermission_3args_create_isNotWidgetRatingOwner() {
+ expect(mockAuthentication.getAuthorities()).andReturn(grantedAuthoritiesList);
+ expect(mockAuthentication.getPrincipal()).andReturn(user2);
+ expect(mockWidgetRatingRepository.get(VALID_WIDGET_ID)).andReturn(widgetRating);
+ replay(mockAuthentication);
+ replay(mockWidgetRatingRepository);
+ assertThat(defaultWidgetRatingPermissionEvaluator.hasPermission(mockAuthentication, widgetRating, ModelPermissionEvaluator.Permission.CREATE), is(false));
+ verify(mockAuthentication);
+ verify(mockWidgetRatingRepository);
+ }
+
+ @Test
+ public void testHasPermission_3args_delete_isWidgetRatingOwner() {
+ expect(mockAuthentication.getAuthorities()).andReturn(grantedAuthoritiesList);
+ expect(mockAuthentication.getPrincipal()).andReturn(user);
+ expect(mockWidgetRatingRepository.get(VALID_WIDGET_ID)).andReturn(widgetRating);
+ replay(mockAuthentication);
+ replay(mockWidgetRatingRepository);
+ assertThat(defaultWidgetRatingPermissionEvaluator.hasPermission(mockAuthentication, widgetRating, ModelPermissionEvaluator.Permission.DELETE), is(true));
+ verify(mockAuthentication);
+ verify(mockWidgetRatingRepository);
+ }
+
+ @Test
+ public void testHasPermission_3args_delete_isNotWidgetRatingOwner() {
+ expect(mockAuthentication.getAuthorities()).andReturn(grantedAuthoritiesList);
+ expect(mockAuthentication.getPrincipal()).andReturn(user2);
+ expect(mockWidgetRatingRepository.get(VALID_WIDGET_ID)).andReturn(widgetRating);
+ replay(mockAuthentication);
+ replay(mockWidgetRatingRepository);
+ assertThat(defaultWidgetRatingPermissionEvaluator.hasPermission(mockAuthentication, widgetRating, ModelPermissionEvaluator.Permission.DELETE), is(false));
+ verify(mockAuthentication);
+ verify(mockWidgetRatingRepository);
+ }
+
+ @Test
+ public void testHasPermission_3args_update_isWidgetRatingOwner() {
+ expect(mockAuthentication.getAuthorities()).andReturn(grantedAuthoritiesList);
+ expect(mockAuthentication.getPrincipal()).andReturn(user);
+ expect(mockWidgetRatingRepository.get(VALID_WIDGET_ID)).andReturn(widgetRating);
+ replay(mockAuthentication);
+ replay(mockWidgetRatingRepository);
+ assertThat(defaultWidgetRatingPermissionEvaluator.hasPermission(mockAuthentication, widgetRating, ModelPermissionEvaluator.Permission.UPDATE), is(true));
+ verify(mockAuthentication);
+ verify(mockWidgetRatingRepository);
+ }
+
+ @Test
+ public void testHasPermission_3args_update_isNotWidgetRatingOwner() {
+ expect(mockAuthentication.getAuthorities()).andReturn(grantedAuthoritiesList);
+ expect(mockAuthentication.getPrincipal()).andReturn(user2);
+ expect(mockWidgetRatingRepository.get(VALID_WIDGET_ID)).andReturn(widgetRating);
+ replay(mockAuthentication);
+ replay(mockWidgetRatingRepository);
+ assertThat(defaultWidgetRatingPermissionEvaluator.hasPermission(mockAuthentication, widgetRating, ModelPermissionEvaluator.Permission.UPDATE), is(false));
+ verify(mockAuthentication);
+ verify(mockWidgetRatingRepository);
+ }
+
+ @Test
+ public void testHasPermission_3args_read_isWidgetRatingOwner() {
+ expect(mockAuthentication.getAuthorities()).andReturn(grantedAuthoritiesList);
+ expect(mockAuthentication.getPrincipal()).andReturn(user);
+ expect(mockWidgetRatingRepository.get(VALID_WIDGET_ID)).andReturn(widgetRating);
+ replay(mockAuthentication);
+ replay(mockWidgetRatingRepository);
+ assertThat(defaultWidgetRatingPermissionEvaluator.hasPermission(mockAuthentication, widgetRating, ModelPermissionEvaluator.Permission.READ), is(true));
+ verify(mockAuthentication);
+ verify(mockWidgetRatingRepository);
+ }
+
+ @Test
+ public void testHasPermission_3args_read_isNotWidgetRatingOwner() {
+ expect(mockAuthentication.getAuthorities()).andReturn(grantedAuthoritiesList);
+ expect(mockAuthentication.getPrincipal()).andReturn(user2);
+ expect(mockWidgetRatingRepository.get(VALID_WIDGET_ID)).andReturn(widgetRating);
+ replay(mockAuthentication);
+ replay(mockWidgetRatingRepository);
+ assertThat(defaultWidgetRatingPermissionEvaluator.hasPermission(mockAuthentication, widgetRating, ModelPermissionEvaluator.Permission.READ), is(false));
+ verify(mockAuthentication);
+ verify(mockWidgetRatingRepository);
+ }
+
+ @Test
+ public void testHasPermission_4args_administer() {
+ expect(mockAuthentication.getAuthorities()).andReturn(grantedAuthoritiesList);
+ replay(mockAuthentication);
+ assertThat(defaultWidgetRatingPermissionEvaluator.hasPermission(mockAuthentication, VALID_WIDGET_RATING_ID, WidgetRating.class.getName(), ModelPermissionEvaluator.Permission.ADMINISTER), is(false));
+ verify(mockAuthentication);
+ }
+
+ @Test
+ public void testHasPermission_4args_create_isWidgetRatingOwner() {
+ expect(mockAuthentication.getAuthorities()).andReturn(grantedAuthoritiesList);
+ expect(mockAuthentication.getPrincipal()).andReturn(user);
+ expect(mockWidgetRatingRepository.get(VALID_WIDGET_RATING_ID)).andReturn(widgetRating);
+ replay(mockAuthentication);
+ replay(mockWidgetRatingRepository);
+ assertThat(defaultWidgetRatingPermissionEvaluator.hasPermission(mockAuthentication, VALID_WIDGET_RATING_ID, WidgetRating.class.getName(), ModelPermissionEvaluator.Permission.CREATE), is(true));
+ verify(mockAuthentication);
+ verify(mockWidgetRatingRepository);
+ }
+
+ @Test
+ public void testHasPermission_4args_create_isNotWidgetRatingOwner() {
+ expect(mockAuthentication.getAuthorities()).andReturn(grantedAuthoritiesList);
+ expect(mockAuthentication.getPrincipal()).andReturn(user2);
+ expect(mockWidgetRatingRepository.get(VALID_WIDGET_RATING_ID)).andReturn(widgetRating);
+ replay(mockAuthentication);
+ replay(mockWidgetRatingRepository);
+ assertThat(defaultWidgetRatingPermissionEvaluator.hasPermission(mockAuthentication, VALID_WIDGET_RATING_ID, WidgetRating.class.getName(), ModelPermissionEvaluator.Permission.CREATE), is(false));
+ verify(mockAuthentication);
+ verify(mockWidgetRatingRepository);
+ }
+
+ @Test
+ public void testHasPermission_4args_delete_isWidgetRatingOwner() {
+ expect(mockAuthentication.getAuthorities()).andReturn(grantedAuthoritiesList);
+ expect(mockAuthentication.getPrincipal()).andReturn(user);
+ expect(mockWidgetRatingRepository.get(VALID_WIDGET_RATING_ID)).andReturn(widgetRating);
+ replay(mockAuthentication);
+ replay(mockWidgetRatingRepository);
+ assertThat(defaultWidgetRatingPermissionEvaluator.hasPermission(mockAuthentication, VALID_WIDGET_RATING_ID, WidgetRating.class.getName(), ModelPermissionEvaluator.Permission.DELETE), is(true));
+ verify(mockAuthentication);
+ verify(mockWidgetRatingRepository);
+ }
+
+ @Test
+ public void testHasPermission_4args_delete_isNotWidgetRatingOwner() {
+ expect(mockAuthentication.getAuthorities()).andReturn(grantedAuthoritiesList);
+ expect(mockAuthentication.getPrincipal()).andReturn(user2);
+ expect(mockWidgetRatingRepository.get(VALID_WIDGET_RATING_ID)).andReturn(widgetRating);
+ replay(mockAuthentication);
+ replay(mockWidgetRatingRepository);
+ assertThat(defaultWidgetRatingPermissionEvaluator.hasPermission(mockAuthentication, VALID_WIDGET_RATING_ID, WidgetRating.class.getName(), ModelPermissionEvaluator.Permission.DELETE), is(false));
+ verify(mockAuthentication);
+ verify(mockWidgetRatingRepository);
+ }
+
+ @Test
+ public void testHasPermission_4args_read_isWidgetRatingOwner() {
+ expect(mockAuthentication.getAuthorities()).andReturn(grantedAuthoritiesList);
+ expect(mockAuthentication.getPrincipal()).andReturn(user);
+ expect(mockWidgetRatingRepository.get(VALID_WIDGET_RATING_ID)).andReturn(widgetRating);
+ replay(mockAuthentication);
+ replay(mockWidgetRatingRepository);
+ assertThat(defaultWidgetRatingPermissionEvaluator.hasPermission(mockAuthentication, VALID_WIDGET_RATING_ID, WidgetRating.class.getName(), ModelPermissionEvaluator.Permission.READ), is(true));
+ verify(mockAuthentication);
+ verify(mockWidgetRatingRepository);
+ }
+
+ @Test
+ public void testHasPermission_4args_read_isNotWidgetRatingOwner() {
+ expect(mockAuthentication.getAuthorities()).andReturn(grantedAuthoritiesList);
+ expect(mockAuthentication.getPrincipal()).andReturn(user2);
+ expect(mockWidgetRatingRepository.get(VALID_WIDGET_RATING_ID)).andReturn(widgetRating);
+ replay(mockAuthentication);
+ replay(mockWidgetRatingRepository);
+ assertThat(defaultWidgetRatingPermissionEvaluator.hasPermission(mockAuthentication, VALID_WIDGET_RATING_ID, WidgetRating.class.getName(), ModelPermissionEvaluator.Permission.READ), is(false));
+ verify(mockAuthentication);
+ verify(mockWidgetRatingRepository);
+ }
+
+ @Test
+ public void testHasPermission_4args_update_isWidgetRatingOwner() {
+ expect(mockAuthentication.getAuthorities()).andReturn(grantedAuthoritiesList);
+ expect(mockAuthentication.getPrincipal()).andReturn(user);
+ expect(mockWidgetRatingRepository.get(VALID_WIDGET_RATING_ID)).andReturn(widgetRating);
+ replay(mockAuthentication);
+ replay(mockWidgetRatingRepository);
+ assertThat(defaultWidgetRatingPermissionEvaluator.hasPermission(mockAuthentication, VALID_WIDGET_RATING_ID, WidgetRating.class.getName(), ModelPermissionEvaluator.Permission.UPDATE), is(true));
+ verify(mockAuthentication);
+ verify(mockWidgetRatingRepository);
+ }
+
+ @Test
+ public void testHasPermission_4args_update_isNotWidgetRatingOwner() {
+ expect(mockAuthentication.getAuthorities()).andReturn(grantedAuthoritiesList);
+ expect(mockAuthentication.getPrincipal()).andReturn(user2);
+ expect(mockWidgetRatingRepository.get(VALID_WIDGET_RATING_ID)).andReturn(widgetRating);
+ replay(mockAuthentication);
+ replay(mockWidgetRatingRepository);
+ assertThat(defaultWidgetRatingPermissionEvaluator.hasPermission(mockAuthentication, VALID_WIDGET_RATING_ID, WidgetRating.class.getName(), ModelPermissionEvaluator.Permission.UPDATE), is(false));
+ verify(mockAuthentication);
+ verify(mockWidgetRatingRepository);
+ }
+
+ @Test
+ public void testHasPermission_4args_update_isWidgetRatingOwner_withRaveSecurityContextObject() {
+ RaveSecurityContext raveSecurityContext = new RaveSecurityContext(VALID_USER_ID, "org.apache.rave.portal.model.User");
+
+ expect(mockAuthentication.getPrincipal()).andReturn(user);
+ replay(mockAuthentication);
+ assertThat(defaultWidgetRatingPermissionEvaluator.hasPermission(mockAuthentication, raveSecurityContext, WidgetRating.class.getName(), ModelPermissionEvaluator.Permission.UPDATE), is(true));
+ verify(mockAuthentication);
+ }
+
+ @Test(expected=IllegalArgumentException.class)
+ public void testHasPermission_4args_update_isWidgetRatingOwner_withInvalidRaveSecurityContextType() {
+ RaveSecurityContext raveSecurityContext = new RaveSecurityContext(VALID_USER_ID, "java.lang.String");
+
+ expect(mockAuthentication.getPrincipal()).andReturn(user);
+ replay(mockAuthentication);
+ defaultWidgetRatingPermissionEvaluator.hasPermission(mockAuthentication, raveSecurityContext, WidgetRating.class.getName(), ModelPermissionEvaluator.Permission.UPDATE);
+ verify(mockAuthentication);
+ }
+
+ @Test(expected=IllegalArgumentException.class)
+ public void testHasPermission_4args_update_isWidgetRatingOwner_withUnknownRaveSecurityContextType() {
+ RaveSecurityContext raveSecurityContext = new RaveSecurityContext(VALID_USER_ID, "foo.bar.DummyClass");
+
+ expect(mockAuthentication.getPrincipal()).andReturn(user);
+ replay(mockAuthentication);
+ defaultWidgetRatingPermissionEvaluator.hasPermission(mockAuthentication, raveSecurityContext, WidgetRating.class.getName(), ModelPermissionEvaluator.Permission.UPDATE);
+ verify(mockAuthentication);
+ }
+
+
+}
Modified: incubator/rave/trunk/rave-components/rave-core/src/test/java/org/apache/rave/portal/service/impl/DefaultWidgetRatingServiceTest.java
URL: http://svn.apache.org/viewvc/incubator/rave/trunk/rave-components/rave-core/src/test/java/org/apache/rave/portal/service/impl/DefaultWidgetRatingServiceTest.java?rev=1195508&r1=1195507&r2=1195508&view=diff
==============================================================================
--- incubator/rave/trunk/rave-components/rave-core/src/test/java/org/apache/rave/portal/service/impl/DefaultWidgetRatingServiceTest.java (original)
+++ incubator/rave/trunk/rave-components/rave-core/src/test/java/org/apache/rave/portal/service/impl/DefaultWidgetRatingServiceTest.java Mon Oct 31 15:07:40 2011
@@ -1,125 +1,104 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-package org.apache.rave.portal.service.impl;
-
-import org.apache.rave.portal.model.WidgetRating;
-import org.apache.rave.portal.repository.WidgetRatingRepository;
-import org.apache.rave.portal.service.WidgetRatingService;
-import org.junit.Before;
-import org.junit.Test;
-
-import static junit.framework.Assert.assertEquals;
-import static org.easymock.EasyMock.createMock;
-import static org.easymock.EasyMock.expect;
-import static org.easymock.EasyMock.expectLastCall;
-import static org.easymock.EasyMock.replay;
-import static org.easymock.EasyMock.verify;
-
-/**
- * Test for {@link org.apache.rave.portal.service.impl.DefaultWidgetRatingService}
- */
-public class DefaultWidgetRatingServiceTest {
-
- private WidgetRatingService service;
- private WidgetRatingRepository repository;
-
- @Before
- public void setUp() throws Exception {
- repository = createMock(WidgetRatingRepository.class);
- service = new DefaultWidgetRatingService(repository);
- }
-
- @Test
- public void testGetByWidgetIdAndUserId() {
- WidgetRating widgetRating = new WidgetRating(1L, 2L, 3L, 5);
- expect(repository.getByWidgetIdAndUserId(2L, 3L)).andReturn(widgetRating);
- replay(repository);
- final WidgetRating rating = service.getByWidgetIdAndUserId(2L, 3L);
- assertEquals("Score is 5", Integer.valueOf(5), rating.getScore());
- }
-
- @Test
- public void updateScore() {
- WidgetRating widgetRating = createMock(WidgetRating.class);
- widgetRating.setScore(10);
-
- expectLastCall().once();
- expect(repository.save(widgetRating)).andReturn(widgetRating);
- replay(repository, widgetRating);
- service.updateScore(widgetRating, 10);
-
- verify(repository, widgetRating);
- }
-
- @Test
- public void saveWidgetRating_new() {
- WidgetRating newRating = new WidgetRating();
- newRating.setWidgetId(2L);
- newRating.setUserId(1L);
- newRating.setScore(10);
-
- expect(repository.getByWidgetIdAndUserId(2L, 1L)).andReturn(null);
- expect(repository.save(newRating)).andReturn(newRating);
- replay(repository);
-
- service.saveWidgetRating(newRating);
- verify(repository);
- }
-
- @Test
- public void saveWidgetRating_existing() {
- WidgetRating existingRating = new WidgetRating(1L, 1L, 1L, 5);
- WidgetRating newRating = new WidgetRating();
- newRating.setWidgetId(1L);
- newRating.setUserId(1L);
- newRating.setScore(10);
-
- expect(repository.getByWidgetIdAndUserId(1L, 1L)).andReturn(existingRating);
- expect(repository.save(existingRating)).andReturn(existingRating);
- replay(repository);
-
- service.saveWidgetRating(newRating);
- verify(repository);
-
- assertEquals("Updated score", Integer.valueOf(10), existingRating.getScore());
- }
-
- @Test
- public void removeWidgetRating_existingRating() {
- final WidgetRating widgetRating = new WidgetRating(1L, 1L, 1L, 5);
-
- expect(repository.getByWidgetIdAndUserId(1L, 1L)).andReturn(widgetRating);
- repository.delete(widgetRating);
- expectLastCall();
- replay(repository);
-
- service.removeWidgetRating(1L, 1L);
- }
-
- @Test
- public void removeWidgetRating_notExisting() {
-
- expect(repository.getByWidgetIdAndUserId(1L, 2L)).andReturn(null);
- expectLastCall();
- replay(repository);
-
- service.removeWidgetRating(1L, 2L);
- }
-}
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.rave.portal.service.impl;
+
+import org.apache.rave.portal.model.WidgetRating;
+import org.apache.rave.portal.repository.WidgetRatingRepository;
+import org.apache.rave.portal.service.WidgetRatingService;
+import org.junit.Before;
+import org.junit.Test;
+
+import static junit.framework.Assert.assertEquals;
+import static org.easymock.EasyMock.*;
+
+/**
+ * Test for {@link org.apache.rave.portal.service.impl.DefaultWidgetRatingService}
+ */
+public class DefaultWidgetRatingServiceTest {
+
+ private WidgetRatingService service;
+ private WidgetRatingRepository repository;
+
+ @Before
+ public void setUp() throws Exception {
+ repository = createMock(WidgetRatingRepository.class);
+ service = new DefaultWidgetRatingService(repository);
+ }
+
+ @Test
+ public void testGetByWidgetIdAndUserId() {
+ WidgetRating widgetRating = new WidgetRating(1L, 2L, 3L, 5);
+ expect(repository.getByWidgetIdAndUserId(2L, 3L)).andReturn(widgetRating);
+ replay(repository);
+ final WidgetRating rating = service.getByWidgetIdAndUserId(2L, 3L);
+ assertEquals("Score is 5", Integer.valueOf(5), rating.getScore());
+ }
+
+ @Test
+ public void saveWidgetRating_new() {
+ WidgetRating newRating = new WidgetRating();
+ newRating.setWidgetId(2L);
+ newRating.setUserId(1L);
+ newRating.setScore(10);
+
+ expect(repository.getByWidgetIdAndUserId(2L, 1L)).andReturn(null);
+ expect(repository.save(newRating)).andReturn(newRating);
+ replay(repository);
+
+ service.saveWidgetRating(2L, 10, 1L);
+ verify(repository);
+ }
+
+ @Test
+ public void saveWidgetRating_existing() {
+ WidgetRating existingRating = new WidgetRating(1L, 1L, 1L, 5);
+
+ expect(repository.getByWidgetIdAndUserId(1L, 1L)).andReturn(existingRating);
+ expect(repository.save(existingRating)).andReturn(existingRating);
+ replay(repository);
+
+ service.saveWidgetRating(1L, 10, 1L);
+ verify(repository);
+
+ assertEquals("Updated score", Integer.valueOf(10), existingRating.getScore());
+ }
+
+ @Test
+ public void removeWidgetRating_existingRating() {
+ final WidgetRating widgetRating = new WidgetRating(1L, 1L, 1L, 5);
+
+ expect(repository.getByWidgetIdAndUserId(1L, 1L)).andReturn(widgetRating);
+ repository.delete(widgetRating);
+ expectLastCall();
+ replay(repository);
+
+ service.removeWidgetRating(1L, 1L);
+ }
+
+ @Test
+ public void removeWidgetRating_notExisting() {
+
+ expect(repository.getByWidgetIdAndUserId(1L, 2L)).andReturn(null);
+ expectLastCall();
+ replay(repository);
+
+ service.removeWidgetRating(1L, 2L);
+ }
+}
Modified: incubator/rave/trunk/rave-components/rave-web/src/main/java/org/apache/rave/portal/web/api/rest/WidgetApi.java
URL: http://svn.apache.org/viewvc/incubator/rave/trunk/rave-components/rave-web/src/main/java/org/apache/rave/portal/web/api/rest/WidgetApi.java?rev=1195508&r1=1195507&r2=1195508&view=diff
==============================================================================
--- incubator/rave/trunk/rave-components/rave-web/src/main/java/org/apache/rave/portal/web/api/rest/WidgetApi.java (original)
+++ incubator/rave/trunk/rave-components/rave-web/src/main/java/org/apache/rave/portal/web/api/rest/WidgetApi.java Mon Oct 31 15:07:40 2011
@@ -19,7 +19,6 @@
package org.apache.rave.portal.web.api.rest;
-import org.apache.rave.portal.model.WidgetRating;
import org.apache.rave.portal.service.UserService;
import org.apache.rave.portal.service.WidgetRatingService;
import org.slf4j.Logger;
@@ -73,14 +72,9 @@ public class WidgetApi extends AbstractR
@RequestParam(value = "score") Integer score,
HttpServletResponse response) {
logger.debug("POST WidgetRating received for /api/rest/widgets/{} score: {}", widgetId, score);
-
- WidgetRating widgetRating = new WidgetRating();
- widgetRating.setScore(score);
- widgetRating.setUserId(userService.getAuthenticatedUser().getEntityId());
- widgetRating.setWidgetId(widgetId);
- widgetRatingService.saveWidgetRating(widgetRating);
+ widgetRatingService.saveWidgetRating(widgetId, score, userService.getAuthenticatedUser().getEntityId());
// send a 204 back for success since there is no content being returned
response.setStatus(HttpStatus.NO_CONTENT.value());
}
-}
\ No newline at end of file
+}
Modified: incubator/rave/trunk/rave-components/rave-web/src/test/java/org/apache/rave/portal/web/api/rest/WidgetApiTest.java
URL: http://svn.apache.org/viewvc/incubator/rave/trunk/rave-components/rave-web/src/test/java/org/apache/rave/portal/web/api/rest/WidgetApiTest.java?rev=1195508&r1=1195507&r2=1195508&view=diff
==============================================================================
--- incubator/rave/trunk/rave-components/rave-web/src/test/java/org/apache/rave/portal/web/api/rest/WidgetApiTest.java (original)
+++ incubator/rave/trunk/rave-components/rave-web/src/test/java/org/apache/rave/portal/web/api/rest/WidgetApiTest.java Mon Oct 31 15:07:40 2011
@@ -20,7 +20,6 @@
package org.apache.rave.portal.web.api.rest;
import org.apache.rave.portal.model.User;
-import org.apache.rave.portal.model.WidgetRating;
import org.apache.rave.portal.service.UserService;
import org.apache.rave.portal.service.WidgetRatingService;
import org.junit.Before;
@@ -28,11 +27,7 @@ import org.junit.Test;
import org.springframework.http.HttpStatus;
import org.springframework.mock.web.MockHttpServletResponse;
-import static org.easymock.EasyMock.createMock;
-import static org.easymock.EasyMock.expect;
-import static org.easymock.EasyMock.expectLastCall;
-import static org.easymock.EasyMock.replay;
-import static org.easymock.EasyMock.verify;
+import static org.easymock.EasyMock.*;
public class WidgetApiTest {
private WidgetApi widgetApi;
@@ -74,11 +69,7 @@ public class WidgetApiTest {
@Test
public void updateWidgetRating() {
- WidgetRating widgetRating = new WidgetRating();
- widgetRating.setScore(5);
- widgetRating.setUserId(2L);
- widgetRating.setWidgetId(1L);
- widgetRatingService.saveWidgetRating(widgetRating);
+ widgetRatingService.saveWidgetRating(1L, 5, 2L);
expectLastCall();
replay(widgetRatingService);
@@ -95,4 +86,4 @@ public class WidgetApiTest {
verify(widgetRatingService, userService);
verify(response);
}
-}
\ No newline at end of file
+}