Issue #24: Füge PermissionEvaluator zur Gesamtprüfung der Berechtigung hinzu

Dieser PermissionEvaluator delegiert die einzelnen Prüfungen an PermissionEvaluatoren welche `AbstractDelegatedPermissionEvaluator` erweitern. Nur, wenn all diese PermissionEvaluatoren die Berechtigung erfolgreich geprüft haben, gibt dieser PermissionEvaluator ein positives Prüfungsergebnis zurück.
author: Paul-Christian Volkmer 2023-04-10 13:09:54 +0200
committer: Paul-Christian Volkmer 2023-04-10 13:09:54 +0200
commit: 44396ff04a24088ac9fb2cab270036a9a983944f (patch)
tree: 7877cd16b315171d3c3b3c2fbb254694090bb062 /src/test
parent: 2495d851fcaa49ea61db2ce5c9a96f31b800014c (diff)
1 files changed, 122 insertions, 0 deletions
diff --git a/src/test/java/DNPM/security/DelegatingDataBasedPermissionEvaluatorTest.java b/src/test/java/DNPM/security/DelegatingDataBasedPermissionEvaluatorTest.java
new file mode 100644
index 0000000..1d8ecf8
--- /dev/null
+++ b/src/test/java/DNPM/security/DelegatingDataBasedPermissionEvaluatorTest.java
@@ -0,0 +1,122 @@
+package DNPM.security;
+
+import de.itc.onkostar.api.IOnkostarApi;
+import de.itc.onkostar.api.Patient;
+import org.junit.jupiter.api.BeforeEach;
+import org.junit.jupiter.api.Test;
+import org.junit.jupiter.api.extension.ExtendWith;
+import org.mockito.Mock;
+import org.mockito.junit.jupiter.MockitoExtension;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.GrantedAuthority;
+
+import java.util.Collection;
+import java.util.List;
+
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.mockito.ArgumentMatchers.*;
+import static org.mockito.Mockito.when;
+
+@ExtendWith(MockitoExtension.class)
+class DelegatingDataBasedPermissionEvaluatorTest {
+
+    private IOnkostarApi onkostarApi;
+
+    private PersonPoolBasedPermissionEvaluator personPoolBasedPermissionEvaluator;
+
+    private FormBasedPermissionEvaluator formBasedPermissionEvaluator;
+
+    private DelegatingDataBasedPermissionEvaluator delegatingDataBasedPermissionEvaluator;
+
+    @BeforeEach
+    void setup(
+            @Mock IOnkostarApi onkostarApi,
+            @Mock PersonPoolBasedPermissionEvaluator personPoolBasedPermissionEvaluator,
+            @Mock FormBasedPermissionEvaluator formBasedPermissionEvaluator
+            ) {
+        this.onkostarApi = onkostarApi;
+        this.personPoolBasedPermissionEvaluator = personPoolBasedPermissionEvaluator;
+        this.formBasedPermissionEvaluator = formBasedPermissionEvaluator;
+
+        this.delegatingDataBasedPermissionEvaluator = new DelegatingDataBasedPermissionEvaluator(
+                List.of(personPoolBasedPermissionEvaluator, formBasedPermissionEvaluator)
+        );
+    }
+
+    @Test
+    void testShouldGrantPermissionIfAllDelegatedPermissionEvaluatorsGrantsAccessByObject() {
+        when(personPoolBasedPermissionEvaluator.hasPermission(any(), any(Patient.class), any(PermissionType.class))).thenReturn(true);
+        when(formBasedPermissionEvaluator.hasPermission(any(), any(Patient.class), any(PermissionType.class))).thenReturn(true);
+
+        var actual = delegatingDataBasedPermissionEvaluator.hasPermission(new DummyAuthentication(), new Patient(this.onkostarApi), PermissionType.READ);
+
+        assertThat(actual).isTrue();
+    }
+
+    @Test
+    void testShouldGrantPermissionIfAllDelegatedPermissionEvaluatorsGrantsAccessByIdAndType() {
+        when(personPoolBasedPermissionEvaluator.hasPermission(any(), anyInt(), anyString(), any(PermissionType.class))).thenReturn(true);
+        when(formBasedPermissionEvaluator.hasPermission(any(), anyInt(), anyString(), any(PermissionType.class))).thenReturn(true);
+
+        var actual = delegatingDataBasedPermissionEvaluator.hasPermission(new DummyAuthentication(), 123, "Patient", PermissionType.READ);
+
+        assertThat(actual).isTrue();
+    }
+
+    @Test
+    void testShouldDenyPermissionIfAtLeastOneDelegatedPermissionEvaluatorsDeniesAccessByObject() {
+        when(personPoolBasedPermissionEvaluator.hasPermission(any(), any(Patient.class), any(PermissionType.class))).thenReturn(true);
+        when(formBasedPermissionEvaluator.hasPermission(any(), any(Patient.class), any(PermissionType.class))).thenReturn(false);
+
+        var actual = delegatingDataBasedPermissionEvaluator.hasPermission(new DummyAuthentication(), new Patient(this.onkostarApi), PermissionType.READ);
+
+        assertThat(actual).isFalse();
+    }
+
+    @Test
+    void testShouldDenyPermissionIfAtLeastOneDelegatedPermissionEvaluatorsDeniesAccessByIdAndType() {
+        when(personPoolBasedPermissionEvaluator.hasPermission(any(), anyInt(), anyString(), any(PermissionType.class))).thenReturn(false);
+
+        var actual = delegatingDataBasedPermissionEvaluator.hasPermission(new DummyAuthentication(), 123, "Patient", PermissionType.READ);
+
+        assertThat(actual).isFalse();
+    }
+
+}
+
+class DummyAuthentication implements Authentication {
+    @Override
+    public String getName() {
+        return "dummy";
+    }
+
+    @Override
+    public Collection<? extends GrantedAuthority> getAuthorities() {
+        return null;
+    }
+
+    @Override
+    public Object getCredentials() {
+        return null;
+    }
+
+    @Override
+    public Object getDetails() {
+        return null;
+    }
+
+    @Override
+    public Object getPrincipal() {
+        return null;
+    }
+
+    @Override
+    public boolean isAuthenticated() {
+        return false;
+    }
+
+    @Override
+    public void setAuthenticated(boolean b) throws IllegalArgumentException {
+
+    }
+}
+\ No newline at end of file
author	Paul-Christian Volkmer	2023-04-10 13:09:54 +0200
committer	Paul-Christian Volkmer	2023-04-10 13:09:54 +0200
commit	44396ff04a24088ac9fb2cab270036a9a983944f (patch)
tree	7877cd16b315171d3c3b3c2fbb254694090bb062 /src/test
parent	2495d851fcaa49ea61db2ce5c9a96f31b800014c (diff)