summaryrefslogtreecommitdiff
path: root/src/test/java/dev/dnpm/security
diff options
context:
space:
mode:
authorPaul-Christian Volkmer2025-10-23 11:08:10 +0200
committerPaul-Christian Volkmer2025-10-23 11:09:54 +0200
commit84fb0d829832bf1628112376bba729422b169402 (patch)
tree4828674b77105877dccfcccb380da3f7c0f75987 /src/test/java/dev/dnpm/security
parent61e7dfcbe637f401f81ff853e9bd10c90b325acb (diff)
refactor: change package name
Diffstat (limited to 'src/test/java/dev/dnpm/security')
-rw-r--r--src/test/java/dev/dnpm/security/DelegatingDataBasedPermissionEvaluatorTest.java122
-rw-r--r--src/test/java/dev/dnpm/security/FormBasedPermissionEvaluatorTest.java112
-rw-r--r--src/test/java/dev/dnpm/security/FormBasedSecurityAspectsTest.java131
-rw-r--r--src/test/java/dev/dnpm/security/PersonPoolBasedPermissionEvaluatorTest.java160
-rw-r--r--src/test/java/dev/dnpm/security/PersonPoolBasedSecurityAspectsTest.java163
5 files changed, 0 insertions, 688 deletions
diff --git a/src/test/java/dev/dnpm/security/DelegatingDataBasedPermissionEvaluatorTest.java b/src/test/java/dev/dnpm/security/DelegatingDataBasedPermissionEvaluatorTest.java
deleted file mode 100644
index c1e71db..0000000
--- a/src/test/java/dev/dnpm/security/DelegatingDataBasedPermissionEvaluatorTest.java
+++ /dev/null
@@ -1,122 +0,0 @@
-package dev.dnpm.security;
-
-import de.itc.onkostar.api.IOnkostarApi;
-import de.itc.onkostar.api.Patient;
-import org.junit.jupiter.api.BeforeEach;
-import org.junit.jupiter.api.Test;
-import org.junit.jupiter.api.extension.ExtendWith;
-import org.mockito.Mock;
-import org.mockito.junit.jupiter.MockitoExtension;
-import org.springframework.security.core.Authentication;
-import org.springframework.security.core.GrantedAuthority;
-
-import java.util.Collection;
-import java.util.List;
-
-import static org.assertj.core.api.Assertions.assertThat;
-import static org.mockito.ArgumentMatchers.*;
-import static org.mockito.Mockito.when;
-
-@ExtendWith(MockitoExtension.class)
-class DelegatingDataBasedPermissionEvaluatorTest {
-
- private IOnkostarApi onkostarApi;
-
- private PersonPoolBasedPermissionEvaluator personPoolBasedPermissionEvaluator;
-
- private FormBasedPermissionEvaluator formBasedPermissionEvaluator;
-
- private DelegatingDataBasedPermissionEvaluator delegatingDataBasedPermissionEvaluator;
-
- @BeforeEach
- void setup(
- @Mock IOnkostarApi onkostarApi,
- @Mock PersonPoolBasedPermissionEvaluator personPoolBasedPermissionEvaluator,
- @Mock FormBasedPermissionEvaluator formBasedPermissionEvaluator
- ) {
- this.onkostarApi = onkostarApi;
- this.personPoolBasedPermissionEvaluator = personPoolBasedPermissionEvaluator;
- this.formBasedPermissionEvaluator = formBasedPermissionEvaluator;
-
- this.delegatingDataBasedPermissionEvaluator = new DelegatingDataBasedPermissionEvaluator(
- List.of(personPoolBasedPermissionEvaluator, formBasedPermissionEvaluator)
- );
- }
-
- @Test
- void testShouldGrantPermissionIfAllDelegatedPermissionEvaluatorsGrantsAccessByObject() {
- when(personPoolBasedPermissionEvaluator.hasPermission(any(), any(Patient.class), any(PermissionType.class))).thenReturn(true);
- when(formBasedPermissionEvaluator.hasPermission(any(), any(Patient.class), any(PermissionType.class))).thenReturn(true);
-
- var actual = delegatingDataBasedPermissionEvaluator.hasPermission(new DummyAuthentication(), new Patient(this.onkostarApi), PermissionType.READ);
-
- assertThat(actual).isTrue();
- }
-
- @Test
- void testShouldGrantPermissionIfAllDelegatedPermissionEvaluatorsGrantsAccessByIdAndType() {
- when(personPoolBasedPermissionEvaluator.hasPermission(any(), anyInt(), anyString(), any(PermissionType.class))).thenReturn(true);
- when(formBasedPermissionEvaluator.hasPermission(any(), anyInt(), anyString(), any(PermissionType.class))).thenReturn(true);
-
- var actual = delegatingDataBasedPermissionEvaluator.hasPermission(new DummyAuthentication(), 123, "Patient", PermissionType.READ);
-
- assertThat(actual).isTrue();
- }
-
- @Test
- void testShouldDenyPermissionIfAtLeastOneDelegatedPermissionEvaluatorsDeniesAccessByObject() {
- when(personPoolBasedPermissionEvaluator.hasPermission(any(), any(Patient.class), any(PermissionType.class))).thenReturn(true);
- when(formBasedPermissionEvaluator.hasPermission(any(), any(Patient.class), any(PermissionType.class))).thenReturn(false);
-
- var actual = delegatingDataBasedPermissionEvaluator.hasPermission(new DummyAuthentication(), new Patient(this.onkostarApi), PermissionType.READ);
-
- assertThat(actual).isFalse();
- }
-
- @Test
- void testShouldDenyPermissionIfAtLeastOneDelegatedPermissionEvaluatorsDeniesAccessByIdAndType() {
- when(personPoolBasedPermissionEvaluator.hasPermission(any(), anyInt(), anyString(), any(PermissionType.class))).thenReturn(false);
-
- var actual = delegatingDataBasedPermissionEvaluator.hasPermission(new DummyAuthentication(), 123, "Patient", PermissionType.READ);
-
- assertThat(actual).isFalse();
- }
-
-}
-
-class DummyAuthentication implements Authentication {
- @Override
- public String getName() {
- return "dummy";
- }
-
- @Override
- public Collection<? extends GrantedAuthority> getAuthorities() {
- return null;
- }
-
- @Override
- public Object getCredentials() {
- return null;
- }
-
- @Override
- public Object getDetails() {
- return null;
- }
-
- @Override
- public Object getPrincipal() {
- return null;
- }
-
- @Override
- public boolean isAuthenticated() {
- return false;
- }
-
- @Override
- public void setAuthenticated(boolean b) throws IllegalArgumentException {
-
- }
-} \ No newline at end of file
diff --git a/src/test/java/dev/dnpm/security/FormBasedPermissionEvaluatorTest.java b/src/test/java/dev/dnpm/security/FormBasedPermissionEvaluatorTest.java
deleted file mode 100644
index 2ce938f..0000000
--- a/src/test/java/dev/dnpm/security/FormBasedPermissionEvaluatorTest.java
+++ /dev/null
@@ -1,112 +0,0 @@
-package dev.dnpm.security;
-
-import de.itc.onkostar.api.IOnkostarApi;
-import de.itc.onkostar.api.Patient;
-import de.itc.onkostar.api.Procedure;
-import org.junit.jupiter.api.BeforeEach;
-import org.junit.jupiter.api.Test;
-import org.junit.jupiter.api.extension.ExtendWith;
-import org.mockito.Mock;
-import org.mockito.junit.jupiter.MockitoExtension;
-import org.springframework.security.core.Authentication;
-
-import java.util.List;
-
-import static org.assertj.core.api.Assertions.assertThat;
-import static org.mockito.ArgumentMatchers.any;
-import static org.mockito.ArgumentMatchers.anyInt;
-import static org.mockito.Mockito.doAnswer;
-import static org.mockito.Mockito.when;
-
-@ExtendWith(MockitoExtension.class)
-class FormBasedPermissionEvaluatorTest {
-
- private IOnkostarApi onkostarApi;
-
- private Authentication dummyAuthentication;
-
- private SecurityService securityService;
-
- private FormBasedPermissionEvaluator permissionEvaluator;
-
- @BeforeEach
- void setup(
- @Mock IOnkostarApi onkostarApi,
- @Mock SecurityService securityService,
- @Mock DummyAuthentication dummyAuthentication
- ) {
- this.onkostarApi = onkostarApi;
- this.dummyAuthentication = dummyAuthentication;
- this.securityService = securityService;
-
- this.permissionEvaluator = new FormBasedPermissionEvaluator(
- onkostarApi, securityService
- );
- }
-
- @Test
- void testShouldGrantPermissionByProcedure() {
- when(securityService.getFormNamesForPermission(any(Authentication.class), any(PermissionType.class))).thenReturn(List.of("OS.Form2", "OS.Form3", "OS.Form5"));
-
- var object = new Procedure(onkostarApi);
- object.setFormName("OS.Form2");
-
- var actual = permissionEvaluator.hasPermission(this.dummyAuthentication, object, PermissionType.READ);
- assertThat(actual).isTrue();
- }
-
- @Test
- void testShouldGrantPermissionByProcedureId() {
- when(securityService.getFormNamesForPermission(any(Authentication.class), any(PermissionType.class))).thenReturn(List.of("OS.Form2", "OS.Form3", "OS.Form5"));
-
- doAnswer(invocationOnMock -> {
- var object = new Procedure(onkostarApi);
- object.setFormName("OS.Form2");
- return object;
- }).when(onkostarApi).getProcedure(anyInt());
-
- var actual = permissionEvaluator.hasPermission(this.dummyAuthentication, 123, PersonPoolBasedPermissionEvaluator.PROCEDURE, PermissionType.READ);
- assertThat(actual).isTrue();
- }
-
- @Test
- void testShouldDenyPermissionByProcedure() {
- when(securityService.getFormNamesForPermission(any(Authentication.class), any(PermissionType.class))).thenReturn(List.of("OS.Form2", "OS.Form3", "OS.Form5"));
-
- var object = new Procedure(onkostarApi);
- object.setFormName("OS.Form1");
-
- var actual = permissionEvaluator.hasPermission(this.dummyAuthentication, object, PermissionType.READ);
- assertThat(actual).isFalse();
- }
-
- @Test
- void testShouldDenyPermissionByProcedureId() {
- when(securityService.getFormNamesForPermission(any(Authentication.class), any(PermissionType.class))).thenReturn(List.of("OS.Form2", "OS.Form3", "OS.Form5"));
-
- doAnswer(invocationOnMock -> {
- var object = new Procedure(onkostarApi);
- object.setFormName("OS.Form1");
- return object;
- }).when(onkostarApi).getProcedure(anyInt());
-
- var actual = permissionEvaluator.hasPermission(this.dummyAuthentication, 123, PersonPoolBasedPermissionEvaluator.PROCEDURE, PermissionType.READ);
- assertThat(actual).isFalse();
- }
-
- @Test
- void testShouldVoteForPermissionToPatient() {
- var object = new Patient(onkostarApi);
- object.setPersonPoolCode("Pool1");
-
- var actual = permissionEvaluator.hasPermission(this.dummyAuthentication, object, PermissionType.READ);
- assertThat(actual).isTrue();
- }
-
- @Test
- void testShouldVoteForPermissionToIdOfTypeProcedure() {
- var actual = permissionEvaluator.hasPermission(this.dummyAuthentication, 123, FormBasedPermissionEvaluator.PATIENT, PermissionType.READ);
- assertThat(actual).isTrue();
- }
-
-}
diff --git a/src/test/java/dev/dnpm/security/FormBasedSecurityAspectsTest.java b/src/test/java/dev/dnpm/security/FormBasedSecurityAspectsTest.java
deleted file mode 100644
index ee57688..0000000
--- a/src/test/java/dev/dnpm/security/FormBasedSecurityAspectsTest.java
+++ /dev/null
@@ -1,131 +0,0 @@
-package dev.dnpm.security;
-
-import de.itc.onkostar.api.IOnkostarApi;
-import de.itc.onkostar.api.Patient;
-import de.itc.onkostar.api.Procedure;
-import org.junit.jupiter.api.BeforeEach;
-import org.junit.jupiter.api.Test;
-import org.junit.jupiter.api.extension.ExtendWith;
-import org.mockito.Mock;
-import org.mockito.junit.jupiter.MockitoExtension;
-import org.springframework.aop.aspectj.annotation.AspectJProxyFactory;
-
-import static org.assertj.core.api.Assertions.assertThat;
-import static org.junit.jupiter.api.Assertions.assertThrows;
-import static org.mockito.Mockito.*;
-
-@ExtendWith(MockitoExtension.class)
-class FormBasedSecurityAspectsTest {
-
- private DummyClass dummyClass;
-
- private IOnkostarApi onkostarApi;
-
- private FormBasedPermissionEvaluator permissionEvaluator;
-
- @BeforeEach
- void setup(
- @Mock IOnkostarApi onkostarApi,
- @Mock FormBasedPermissionEvaluator permissionEvaluator
- ) {
- this.onkostarApi = onkostarApi;
- this.permissionEvaluator = permissionEvaluator;
-
- // Create proxied instance of DummyClass as done within Onkostar using Spring AOP
- var dummyClass = new DummyClass(onkostarApi);
- AspectJProxyFactory factory = new AspectJProxyFactory(dummyClass);
- FormBasedSecurityAspects securityAspects = new FormBasedSecurityAspects(this.permissionEvaluator);
- factory.addAspect(securityAspects);
- this.dummyClass = factory.getProxy();
- }
-
- @Test
- void testShouldAllowSecuredMethodCallWithPatientParam() {
- this.dummyClass.methodWithPatientParam(new Patient(onkostarApi));
- verify(onkostarApi, times(1)).savePatient(any(Patient.class));
- }
-
- @Test
- void testShouldPreventSecuredMethodCallWithProcedureParam() {
- when(this.permissionEvaluator.hasPermission(any(), any(Procedure.class), any(PermissionType.class)))
- .thenReturn(false);
-
- var exception = assertThrows(
- Exception.class,
- () -> this.dummyClass.methodWithProcedureParam(new Procedure(onkostarApi))
- );
- assertThat(exception).isExactlyInstanceOf(IllegalSecuredObjectAccessException.class);
- }
-
- @Test
- void testShouldAllowSecuredMethodCallWithProcedureParam() throws Exception {
- when(this.permissionEvaluator.hasPermission(any(), any(Procedure.class), any(PermissionType.class)))
- .thenReturn(true);
-
- this.dummyClass.methodWithProcedureParam(new Procedure(onkostarApi));
-
- verify(onkostarApi, times(1)).saveProcedure(any(Procedure.class), anyBoolean());
- }
-
- @Test
- void testShouldAllowSecuredMethodCallWithPatientReturnValue() {
- var actual = this.dummyClass.methodWithPatientReturnValue(1);
- assertThat(actual).isNotNull();
- }
-
- @Test
- void testShouldPreventSecuredMethodCallWithProcedureReturnValue() {
- when(this.permissionEvaluator.hasPermission(any(), any(Procedure.class), any(PermissionType.class)))
- .thenReturn(false);
-
- var exception = assertThrows(
- Exception.class,
- () -> this.dummyClass.methodWithProcedureReturnValue(1)
- );
- assertThat(exception).isExactlyInstanceOf(IllegalSecuredObjectAccessException.class);
- }
-
- @Test
- void testShouldAllowSecuredMethodCallWithProcedureReturnValue() {
- when(this.permissionEvaluator.hasPermission(any(), any(Procedure.class), any(PermissionType.class)))
- .thenReturn(true);
-
- var actual = this.dummyClass.methodWithProcedureReturnValue(1);
-
- assertThat(actual).isNotNull();
- }
-
- private static class DummyClass {
-
- private final IOnkostarApi onkostarApi;
-
- DummyClass(final IOnkostarApi onkostarApi) {
- this.onkostarApi = onkostarApi;
- }
-
- @FormSecured
- public void methodWithPatientParam(Patient patient) {
- this.onkostarApi.savePatient(patient);
- }
-
- @FormSecured
- public void methodWithProcedureParam(Procedure procedure) throws Exception {
- this.onkostarApi.saveProcedure(procedure, false);
- }
-
- @FormSecuredResult
- public Patient methodWithPatientReturnValue(int id) {
- var patient = new Patient(this.onkostarApi);
- patient.setId(id);
- return patient;
- }
-
- @FormSecuredResult
- public Procedure methodWithProcedureReturnValue(int id) {
- var procedure = new Procedure(this.onkostarApi);
- procedure.setId(id);
- return procedure;
- }
- }
-
-}
diff --git a/src/test/java/dev/dnpm/security/PersonPoolBasedPermissionEvaluatorTest.java b/src/test/java/dev/dnpm/security/PersonPoolBasedPermissionEvaluatorTest.java
deleted file mode 100644
index a5f39e3..0000000
--- a/src/test/java/dev/dnpm/security/PersonPoolBasedPermissionEvaluatorTest.java
+++ /dev/null
@@ -1,160 +0,0 @@
-package dev.dnpm.security;
-
-import de.itc.onkostar.api.IOnkostarApi;
-import de.itc.onkostar.api.Patient;
-import de.itc.onkostar.api.Procedure;
-import org.junit.jupiter.api.BeforeEach;
-import org.junit.jupiter.api.Test;
-import org.junit.jupiter.api.extension.ExtendWith;
-import org.mockito.Mock;
-import org.mockito.junit.jupiter.MockitoExtension;
-import org.springframework.security.core.Authentication;
-
-import java.util.List;
-
-import static org.assertj.core.api.Assertions.assertThat;
-import static org.mockito.ArgumentMatchers.any;
-import static org.mockito.ArgumentMatchers.anyInt;
-import static org.mockito.Mockito.doAnswer;
-import static org.mockito.Mockito.when;
-
-@ExtendWith(MockitoExtension.class)
-class PersonPoolBasedPermissionEvaluatorTest {
-
- private IOnkostarApi onkostarApi;
-
- private Authentication dummyAuthentication;
-
- private PersonPoolBasedPermissionEvaluator permissionEvaluator;
-
- @BeforeEach
- void setup(
- @Mock IOnkostarApi onkostarApi,
- @Mock SecurityService securityService,
- @Mock DummyAuthentication dummyAuthentication
- ) {
- this.onkostarApi = onkostarApi;
- this.dummyAuthentication = dummyAuthentication;
-
- this.permissionEvaluator = new PersonPoolBasedPermissionEvaluator(
- onkostarApi, securityService
- );
-
- when(securityService.getPersonPoolIdsForPermission(any(Authentication.class), any(PermissionType.class))).thenReturn(List.of("Pool2", "Pool3", "Pool5"));
- }
-
- @Test
- void testShouldGrantPermissionByPatientObject() {
- var object = new Patient(onkostarApi);
- object.setPersonPoolCode("Pool2");
-
- var actual = permissionEvaluator.hasPermission(this.dummyAuthentication, object, PermissionType.READ);
-
- assertThat(actual).isTrue();
- }
-
- @Test
- void testShouldGrantPermissionByPatientIdAndType() {
- doAnswer(invocationOnMock -> {
- var object = new Patient(onkostarApi);
- object.setPersonPoolCode("Pool2");
- return object;
- }).when(onkostarApi).getPatient(anyInt());
-
- var actual = permissionEvaluator.hasPermission(this.dummyAuthentication, 123, PersonPoolBasedPermissionEvaluator.PATIENT, PermissionType.READ);
-
- assertThat(actual).isTrue();
- }
-
- @Test
- void testShouldDenyPermissionByPatientObject() {
- var object = new Patient(onkostarApi);
- object.setPersonPoolCode("Pool1");
-
- var actual = permissionEvaluator.hasPermission(this.dummyAuthentication, object, PermissionType.READ);
-
- assertThat(actual).isFalse();
- }
-
- @Test
- void testShouldDenyPermissionByPatientIdAndType() {
- doAnswer(invocationOnMock -> {
- var object = new Patient(onkostarApi);
- object.setPersonPoolCode("Pool1");
- return object;
- }).when(onkostarApi).getPatient(anyInt());
-
- var actual = permissionEvaluator.hasPermission(this.dummyAuthentication, 123, PersonPoolBasedPermissionEvaluator.PATIENT, PermissionType.READ);
-
- assertThat(actual).isFalse();
- }
-
- @Test
- void testShouldGrantPermissionByProcedureObject() {
- var patient = new Patient(onkostarApi);
- patient.setId(1);
- patient.setPersonPoolCode("Pool2");
-
- var object = new Procedure(onkostarApi);
- object.setFormName("OS.Form1");
- object.setPatient(patient);
-
- var actual = permissionEvaluator.hasPermission(this.dummyAuthentication, object, PermissionType.READ);
-
- assertThat(actual).isTrue();
- }
-
- @Test
- void testShouldGrantPermissionByProcedureIdAndType() {
- doAnswer(invocationOnMock -> {
- var patient = new Patient(onkostarApi);
- patient.setId(1);
- patient.setPersonPoolCode("Pool2");
-
- var object = new Procedure(onkostarApi);
- object.setFormName("OS.Form1");
- object.setPatient(patient);
-
- return object;
- }).when(onkostarApi).getProcedure(anyInt());
-
- var actual = permissionEvaluator.hasPermission(this.dummyAuthentication, 456, PersonPoolBasedPermissionEvaluator.PROCEDURE, PermissionType.READ);
-
- assertThat(actual).isTrue();
- }
-
- @Test
- void testShouldDenyPermissionByProcedureObject() {
- var patient = new Patient(onkostarApi);
- patient.setId(1);
- patient.setPersonPoolCode("Pool1");
-
- var object = new Procedure(onkostarApi);
- object.setFormName("OS.Form1");
- object.setPatient(patient);
-
- var actual = permissionEvaluator.hasPermission(this.dummyAuthentication, object, PermissionType.READ);
-
- assertThat(actual).isFalse();
- }
-
- @Test
- void testShouldDenyPermissionByProcedureIdAndType() {
- doAnswer(invocationOnMock -> {
- var patient = new Patient(onkostarApi);
- patient.setId(1);
- patient.setPersonPoolCode("Pool1");
-
- var object = new Procedure(onkostarApi);
- object.setFormName("OS.Form1");
- object.setPatient(patient);
-
- return object;
- }).when(onkostarApi).getProcedure(anyInt());
-
- var actual = permissionEvaluator.hasPermission(this.dummyAuthentication, 123, PersonPoolBasedPermissionEvaluator.PROCEDURE, PermissionType.READ);
-
- assertThat(actual).isFalse();
- }
-
-} \ No newline at end of file
diff --git a/src/test/java/dev/dnpm/security/PersonPoolBasedSecurityAspectsTest.java b/src/test/java/dev/dnpm/security/PersonPoolBasedSecurityAspectsTest.java
deleted file mode 100644
index 333a8f3..0000000
--- a/src/test/java/dev/dnpm/security/PersonPoolBasedSecurityAspectsTest.java
+++ /dev/null
@@ -1,163 +0,0 @@
-package dev.dnpm.security;
-
-import de.itc.onkostar.api.IOnkostarApi;
-import de.itc.onkostar.api.Patient;
-import de.itc.onkostar.api.Procedure;
-import org.junit.jupiter.api.BeforeEach;
-import org.junit.jupiter.api.Test;
-import org.junit.jupiter.api.extension.ExtendWith;
-import org.mockito.Mock;
-import org.mockito.junit.jupiter.MockitoExtension;
-import org.springframework.aop.aspectj.annotation.AspectJProxyFactory;
-
-import static org.assertj.core.api.Assertions.assertThat;
-import static org.junit.jupiter.api.Assertions.assertThrows;
-import static org.mockito.Mockito.*;
-
-@ExtendWith(MockitoExtension.class)
-class PersonPoolBasedSecurityAspectsTest {
-
- private DummyClass dummyClass;
-
- private IOnkostarApi onkostarApi;
-
- private PersonPoolBasedPermissionEvaluator permissionEvaluator;
-
- @BeforeEach
- void setup(
- @Mock IOnkostarApi onkostarApi,
- @Mock PersonPoolBasedPermissionEvaluator permissionEvaluator
- ) {
- this.onkostarApi = onkostarApi;
- this.permissionEvaluator = permissionEvaluator;
-
- // Create proxied instance of DummyClass as done within Onkostar using Spring AOP
- var dummyClass = new DummyClass(onkostarApi);
- AspectJProxyFactory factory = new AspectJProxyFactory(dummyClass);
- PersonPoolBasedSecurityAspects securityAspects = new PersonPoolBasedSecurityAspects(this.permissionEvaluator);
- factory.addAspect(securityAspects);
- this.dummyClass = factory.getProxy();
- }
-
- @Test
- void testShouldPreventSecuredMethodCallWithPatientParam() {
- when(this.permissionEvaluator.hasPermission(any(), any(Patient.class), any(PermissionType.class)))
- .thenReturn(false);
-
- var exception = assertThrows(
- Exception.class,
- () -> this.dummyClass.methodWithPatientParam(new Patient(onkostarApi))
- );
- assertThat(exception).isExactlyInstanceOf(IllegalSecuredObjectAccessException.class);
- }
-
- @Test
- void testShouldAllowSecuredMethodCallWithPatientParam() {
- when(this.permissionEvaluator.hasPermission(any(), any(Patient.class), any(PermissionType.class)))
- .thenReturn(true);
-
- this.dummyClass.methodWithPatientParam(new Patient(onkostarApi));
-
- verify(onkostarApi, times(1)).savePatient(any(Patient.class));
- }
-
- @Test
- void testShouldPreventSecuredMethodCallWithProcedureParam() {
- when(this.permissionEvaluator.hasPermission(any(), any(Procedure.class), any(PermissionType.class)))
- .thenReturn(false);
-
- var exception = assertThrows(
- Exception.class,
- () -> this.dummyClass.methodWithProcedureParam(new Procedure(onkostarApi))
- );
- assertThat(exception).isExactlyInstanceOf(IllegalSecuredObjectAccessException.class);
- }
-
- @Test
- void testShouldAllowSecuredMethodCallWithProcedureParam() throws Exception {
- when(this.permissionEvaluator.hasPermission(any(), any(Procedure.class), any(PermissionType.class)))
- .thenReturn(true);
-
- this.dummyClass.methodWithProcedureParam(new Procedure(onkostarApi));
-
- verify(onkostarApi, times(1)).saveProcedure(any(Procedure.class), anyBoolean());
- }
-
- @Test
- void testShouldPreventSecuredMethodCallWithPatientReturnValue() {
- when(this.permissionEvaluator.hasPermission(any(), any(Patient.class), any(PermissionType.class)))
- .thenReturn(false);
-
- var exception = assertThrows(
- Exception.class,
- () -> this.dummyClass.methodWithPatientReturnValue(1)
- );
- assertThat(exception).isExactlyInstanceOf(IllegalSecuredObjectAccessException.class);
- }
-
- @Test
- void testShouldAllowSecuredMethodCallWithPatientReturnValue() {
- when(this.permissionEvaluator.hasPermission(any(), any(Patient.class), any(PermissionType.class)))
- .thenReturn(true);
-
- var actual = this.dummyClass.methodWithPatientReturnValue(1);
-
- assertThat(actual).isNotNull();
- }
-
- @Test
- void testShouldPreventSecuredMethodCallWithProcedureReturnValue() {
- when(this.permissionEvaluator.hasPermission(any(), any(Procedure.class), any(PermissionType.class)))
- .thenReturn(false);
-
- var exception = assertThrows(
- Exception.class,
- () -> this.dummyClass.methodWithProcedureReturnValue(1)
- );
- assertThat(exception).isExactlyInstanceOf(IllegalSecuredObjectAccessException.class);
- }
-
- @Test
- void testShouldAllowSecuredMethodCallWithProcedureReturnValue() {
- when(this.permissionEvaluator.hasPermission(any(), any(Procedure.class), any(PermissionType.class)))
- .thenReturn(true);
-
- var actual = this.dummyClass.methodWithProcedureReturnValue(1);
-
- assertThat(actual).isNotNull();
- }
-
- private static class DummyClass {
-
- private final IOnkostarApi onkostarApi;
-
- DummyClass(final IOnkostarApi onkostarApi) {
- this.onkostarApi = onkostarApi;
- }
-
- @PersonPoolSecured
- public void methodWithPatientParam(Patient patient) {
- this.onkostarApi.savePatient(patient);
- }
-
- @PersonPoolSecured
- public void methodWithProcedureParam(Procedure procedure) throws Exception {
- this.onkostarApi.saveProcedure(procedure, false);
- }
-
- @PersonPoolSecuredResult
- public Patient methodWithPatientReturnValue(int id) {
- var patient = new Patient(this.onkostarApi);
- patient.setId(id);
- return patient;
- }
-
- @PersonPoolSecuredResult
- public Procedure methodWithProcedureReturnValue(int id) {
- var procedure = new Procedure(this.onkostarApi);
- procedure.setId(id);
- return procedure;
- }
- }
-
-}
generated by cgit v1.2.3 (git 2.25.1) at 2026-06-01 16:42:23 +0000