You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@rave.apache.org by ca...@apache.org on 2011/11/02 20:39:00 UTC
svn commit: r1196777 - in
/incubator/rave/trunk/rave-components/rave-core/src:
main/java/org/apache/rave/portal/security/impl/RavePermissionEvaluator.java
test/java/org/apache/rave/portal/security/impl/RavePermissionEvaluatorTest.java
Author: carlucci
Date: Wed Nov 2 19:38:59 2011
New Revision: 1196777
URL: http://svn.apache.org/viewvc?rev=1196777&view=rev
Log:
RAVE-331: error when trying to upload a duplicate gadget url to widget store
RavePermissionEvalator#hasPermission has been modified to check for a null domain object to prevent NPE
Modified:
incubator/rave/trunk/rave-components/rave-core/src/main/java/org/apache/rave/portal/security/impl/RavePermissionEvaluator.java
incubator/rave/trunk/rave-components/rave-core/src/test/java/org/apache/rave/portal/security/impl/RavePermissionEvaluatorTest.java
Modified: incubator/rave/trunk/rave-components/rave-core/src/main/java/org/apache/rave/portal/security/impl/RavePermissionEvaluator.java
URL: http://svn.apache.org/viewvc/incubator/rave/trunk/rave-components/rave-core/src/main/java/org/apache/rave/portal/security/impl/RavePermissionEvaluator.java?rev=1196777&r1=1196776&r2=1196777&view=diff
==============================================================================
--- incubator/rave/trunk/rave-components/rave-core/src/main/java/org/apache/rave/portal/security/impl/RavePermissionEvaluator.java (original)
+++ incubator/rave/trunk/rave-components/rave-core/src/main/java/org/apache/rave/portal/security/impl/RavePermissionEvaluator.java Wed Nov 2 19:38:59 2011
@@ -83,8 +83,11 @@ public class RavePermissionEvaluator imp
*/
@Override
public boolean hasPermission(Authentication authentication, Object targetDomainObject, Object permissionString) {
+ if (targetDomainObject == null) {
+ return false;
+ }
// find the appropriate ModelPermissionEvaluator from the map based on
- // the targetDomainObject's class and invoke the hasPermission function
+ // the targetDomainObject's class and invoke the hasPermission function
return getEvaluator(targetDomainObject.getClass().getName()).hasPermission(authentication, targetDomainObject,
getPermission(targetDomainObject, (String) permissionString));
}
Modified: incubator/rave/trunk/rave-components/rave-core/src/test/java/org/apache/rave/portal/security/impl/RavePermissionEvaluatorTest.java
URL: http://svn.apache.org/viewvc/incubator/rave/trunk/rave-components/rave-core/src/test/java/org/apache/rave/portal/security/impl/RavePermissionEvaluatorTest.java?rev=1196777&r1=1196776&r2=1196777&view=diff
==============================================================================
--- incubator/rave/trunk/rave-components/rave-core/src/test/java/org/apache/rave/portal/security/impl/RavePermissionEvaluatorTest.java (original)
+++ incubator/rave/trunk/rave-components/rave-core/src/test/java/org/apache/rave/portal/security/impl/RavePermissionEvaluatorTest.java Wed Nov 2 19:38:59 2011
@@ -18,6 +18,7 @@
*/
package org.apache.rave.portal.security.impl;
+import org.apache.rave.persistence.BasicEntity;
import java.io.Serializable;
import java.util.ArrayList;
import java.util.List;
@@ -37,70 +38,113 @@ import static org.hamcrest.CoreMatchers.
public class RavePermissionEvaluatorTest {
private RavePermissionEvaluator ravePermissionEvaluator;
private Authentication authentication;
- private FooModel fooModel;
+ private BasicEntityModel basicEntityModel;
+ private NonBasicEntityModel nonBasicEntityModel;
- private String VALID_PERMISSION = "read";
- private Long VALID_FOO_ID = 4L;
+ private String READ_PERMISSION = "read";
+ private String CREATE_OR_UPDATE_PERMISSION = "create_or_update";
+ private Long VALID_BASIC_ENTITY_MODEL_ID = 4L;
@Before
public void setUp() {
List<ModelPermissionEvaluator> modelPermissionEvaluatorList = new ArrayList<ModelPermissionEvaluator>();
- modelPermissionEvaluatorList.add(new FooModelPermissionEvaluator());
+ modelPermissionEvaluatorList.add(new BasicEntityModelPermissionEvaluator());
+ modelPermissionEvaluatorList.add(new NonBasicEntityModelPermissionEvaluator());
ravePermissionEvaluator = new RavePermissionEvaluator(modelPermissionEvaluatorList);
authentication = createMock(Authentication.class);
- fooModel = new FooModel();
+ basicEntityModel = new BasicEntityModel(VALID_BASIC_ENTITY_MODEL_ID);
+ nonBasicEntityModel = new NonBasicEntityModel();
}
@Test
public void testLoadOrderOverride() {
- ModelPermissionEvaluator<FooModel> mockedOverriddenPermissionEvaluator = createMock(ModelPermissionEvaluator.class);
- expect(mockedOverriddenPermissionEvaluator.getType()).andReturn(FooModel.class);
+ ModelPermissionEvaluator<BasicEntityModel> mockedOverriddenPermissionEvaluator = createMock(ModelPermissionEvaluator.class);
+ expect(mockedOverriddenPermissionEvaluator.getType()).andReturn(BasicEntityModel.class);
expect(mockedOverriddenPermissionEvaluator.getLoadOrder()).andReturn(2);
- expect(mockedOverriddenPermissionEvaluator.hasPermission(authentication, fooModel, Permission.fromString(VALID_PERMISSION))).andReturn(true);
+ expect(mockedOverriddenPermissionEvaluator.hasPermission(authentication, basicEntityModel, Permission.fromString(READ_PERMISSION))).andReturn(true);
replay(mockedOverriddenPermissionEvaluator);
List<ModelPermissionEvaluator> modelPermissionEvaluatorList = new ArrayList<ModelPermissionEvaluator>();
// note we are adding the overide instance first to verify the Collections.sort works as expected
modelPermissionEvaluatorList.add(mockedOverriddenPermissionEvaluator);
- modelPermissionEvaluatorList.add(new FooModelPermissionEvaluator());
+ modelPermissionEvaluatorList.add(new BasicEntityModelPermissionEvaluator());
ravePermissionEvaluator = new RavePermissionEvaluator(modelPermissionEvaluatorList);
- assertThat(ravePermissionEvaluator.hasPermission(authentication, fooModel, VALID_PERMISSION), is(true));
+ assertThat(ravePermissionEvaluator.hasPermission(authentication, basicEntityModel, READ_PERMISSION), is(true));
verify(mockedOverriddenPermissionEvaluator);
}
@Test
- public void testHasPermission_3args() {
- assertThat(ravePermissionEvaluator.hasPermission(authentication, fooModel, VALID_PERMISSION), is(true));
+ public void testHasPermission_3args_read() {
+ assertThat(ravePermissionEvaluator.hasPermission(authentication, basicEntityModel, READ_PERMISSION), is(true));
+ }
+
+ @Test
+ public void testHasPermission_3args_createOrUpdate_nullEntityId() {
+ assertThat(ravePermissionEvaluator.hasPermission(authentication, new BasicEntityModel(), CREATE_OR_UPDATE_PERMISSION), is(true));
+ }
+
+ @Test
+ public void testHasPermission_3args_createOrUpdate_populatedEntityId() {
+ assertThat(ravePermissionEvaluator.hasPermission(authentication, basicEntityModel, CREATE_OR_UPDATE_PERMISSION), is(true));
+ }
+
+ @Test(expected=IllegalArgumentException.class)
+ public void testHasPermission_3args_createOrUpdate_nonBasicEntityModel() {
+ ravePermissionEvaluator.hasPermission(authentication, nonBasicEntityModel, CREATE_OR_UPDATE_PERMISSION);
+ }
+
+ @Test
+ public void testHasPermission_3args_nullModel() {
+ assertThat(ravePermissionEvaluator.hasPermission(authentication, null, READ_PERMISSION), is(false));
}
@Test(expected=IllegalArgumentException.class)
public void testHasPermission_3args_invalidEvaluator() {
List<String> list = new ArrayList<String>();
- assertThat(ravePermissionEvaluator.hasPermission(authentication, list, VALID_PERMISSION), is(true));
+ assertThat(ravePermissionEvaluator.hasPermission(authentication, list, READ_PERMISSION), is(true));
}
@Test
public void testHasPermission_4args() {
- assertThat(ravePermissionEvaluator.hasPermission(authentication, VALID_FOO_ID, FooModel.class.getName(), VALID_PERMISSION), is(true));
+ assertThat(ravePermissionEvaluator.hasPermission(authentication, VALID_BASIC_ENTITY_MODEL_ID, BasicEntityModel.class.getName(), READ_PERMISSION), is(true));
}
+
+ @Test(expected=IllegalArgumentException.class)
+ public void testHasPermission_4args_createOrUpdatePermission() {
+ ravePermissionEvaluator.hasPermission(authentication, VALID_BASIC_ENTITY_MODEL_ID, BasicEntityModel.class.getName(), CREATE_OR_UPDATE_PERMISSION);
+ }
- class FooModel {
- public FooModel() {
-
+ class BasicEntityModel implements BasicEntity {
+ private Long entityId;
+
+ public BasicEntityModel() { }
+
+ public BasicEntityModel(Long entityId) {
+ this.entityId = entityId;
+ }
+
+ @Override
+ public Long getEntityId() {
+ return entityId;
+ }
+
+ @Override
+ public void setEntityId(Long entityId) {
+ this.entityId = entityId;
}
}
- class FooModelPermissionEvaluator extends AbstractModelPermissionEvaluator<FooModel> {
+ class BasicEntityModelPermissionEvaluator extends AbstractModelPermissionEvaluator<BasicEntityModel> {
@Override
- public Class<FooModel> getType() {
- return FooModel.class;
+ public Class<BasicEntityModel> getType() {
+ return BasicEntityModel.class;
}
@Override
- public boolean hasPermission(Authentication authentication, FooModel foo, Permission permission) {
+ public boolean hasPermission(Authentication authentication, BasicEntityModel basicEntityModel, Permission permission) {
return true;
}
@@ -109,4 +153,25 @@ public class RavePermissionEvaluatorTest
return true;
}
}
+
+ class NonBasicEntityModel {
+ public NonBasicEntityModel() { }
+ }
+
+ class NonBasicEntityModelPermissionEvaluator extends AbstractModelPermissionEvaluator<NonBasicEntityModel> {
+ @Override
+ public Class<NonBasicEntityModel> getType() {
+ return NonBasicEntityModel.class;
+ }
+
+ @Override
+ public boolean hasPermission(Authentication authentication, NonBasicEntityModel nonBasicEntityModel, Permission permission) {
+ return true;
+ }
+
+ @Override
+ public boolean hasPermission(Authentication authentication, Serializable targetId, String targetType, Permission permission) {
+ return true;
+ }
+ }
}