From 44396ff04a24088ac9fb2cab270036a9a983944f Mon Sep 17 00:00:00 2001
From: Paul-Christian Volkmer
Date: Mon, 10 Apr 2023 13:09:54 +0200
Subject: Issue #24: Füge PermissionEvaluator zur Gesamtprüfung der
 Berechtigung hinzu

Dieser PermissionEvaluator delegiert die einzelnen Prüfungen an PermissionEvaluatoren
welche `AbstractDelegatedPermissionEvaluator` erweitern.

Nur, wenn all diese PermissionEvaluatoren die Berechtigung erfolgreich geprüft haben,
gibt dieser PermissionEvaluator ein positives Prüfungsergebnis zurück.
---
 ...DelegatingDataBasedPermissionEvaluatorTest.java | 122 +++++++++++++++++++++
 1 file changed, 122 insertions(+)
 create mode 100644 src/test/java/DNPM/security/DelegatingDataBasedPermissionEvaluatorTest.java

(limited to 'src/test/java/DNPM/security')

diff --git a/src/test/java/DNPM/security/DelegatingDataBasedPermissionEvaluatorTest.java b/src/test/java/DNPM/security/DelegatingDataBasedPermissionEvaluatorTest.java
new file mode 100644
index 0000000..1d8ecf8
--- /dev/null
+++ b/src/test/java/DNPM/security/DelegatingDataBasedPermissionEvaluatorTest.java
@@ -0,0 +1,122 @@
+package DNPM.security;
+
+import de.itc.onkostar.api.IOnkostarApi;
+import de.itc.onkostar.api.Patient;
+import org.junit.jupiter.api.BeforeEach;
+import org.junit.jupiter.api.Test;
+import org.junit.jupiter.api.extension.ExtendWith;
+import org.mockito.Mock;
+import org.mockito.junit.jupiter.MockitoExtension;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.GrantedAuthority;
+
+import java.util.Collection;
+import java.util.List;
+
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.mockito.ArgumentMatchers.*;
+import static org.mockito.Mockito.when;
+
+@ExtendWith(MockitoExtension.class)
+class DelegatingDataBasedPermissionEvaluatorTest {
+
+    private IOnkostarApi onkostarApi;
+
+    private PersonPoolBasedPermissionEvaluator personPoolBasedPermissionEvaluator;
+
+    private FormBasedPermissionEvaluator formBasedPermissionEvaluator;
+
+    private DelegatingDataBasedPermissionEvaluator delegatingDataBasedPermissionEvaluator;
+
+    @BeforeEach
+    void setup(
+            @Mock IOnkostarApi onkostarApi,
+            @Mock PersonPoolBasedPermissionEvaluator personPoolBasedPermissionEvaluator,
+            @Mock FormBasedPermissionEvaluator formBasedPermissionEvaluator
+            ) {
+        this.onkostarApi = onkostarApi;
+        this.personPoolBasedPermissionEvaluator = personPoolBasedPermissionEvaluator;
+        this.formBasedPermissionEvaluator = formBasedPermissionEvaluator;
+
+        this.delegatingDataBasedPermissionEvaluator = new DelegatingDataBasedPermissionEvaluator(
+                List.of(personPoolBasedPermissionEvaluator, formBasedPermissionEvaluator)
+        );
+    }
+
+    @Test
+    void testShouldGrantPermissionIfAllDelegatedPermissionEvaluatorsGrantsAccessByObject() {
+        when(personPoolBasedPermissionEvaluator.hasPermission(any(), any(Patient.class), any(PermissionType.class))).thenReturn(true);
+        when(formBasedPermissionEvaluator.hasPermission(any(), any(Patient.class), any(PermissionType.class))).thenReturn(true);
+
+        var actual = delegatingDataBasedPermissionEvaluator.hasPermission(new DummyAuthentication(), new Patient(this.onkostarApi), PermissionType.READ);
+
+        assertThat(actual).isTrue();
+    }
+
+    @Test
+    void testShouldGrantPermissionIfAllDelegatedPermissionEvaluatorsGrantsAccessByIdAndType() {
+        when(personPoolBasedPermissionEvaluator.hasPermission(any(), anyInt(), anyString(), any(PermissionType.class))).thenReturn(true);
+        when(formBasedPermissionEvaluator.hasPermission(any(), anyInt(), anyString(), any(PermissionType.class))).thenReturn(true);
+
+        var actual = delegatingDataBasedPermissionEvaluator.hasPermission(new DummyAuthentication(), 123, "Patient", PermissionType.READ);
+
+        assertThat(actual).isTrue();
+    }
+
+    @Test
+    void testShouldDenyPermissionIfAtLeastOneDelegatedPermissionEvaluatorsDeniesAccessByObject() {
+        when(personPoolBasedPermissionEvaluator.hasPermission(any(), any(Patient.class), any(PermissionType.class))).thenReturn(true);
+        when(formBasedPermissionEvaluator.hasPermission(any(), any(Patient.class), any(PermissionType.class))).thenReturn(false);
+
+        var actual = delegatingDataBasedPermissionEvaluator.hasPermission(new DummyAuthentication(), new Patient(this.onkostarApi), PermissionType.READ);
+
+        assertThat(actual).isFalse();
+    }
+
+    @Test
+    void testShouldDenyPermissionIfAtLeastOneDelegatedPermissionEvaluatorsDeniesAccessByIdAndType() {
+        when(personPoolBasedPermissionEvaluator.hasPermission(any(), anyInt(), anyString(), any(PermissionType.class))).thenReturn(false);
+
+        var actual = delegatingDataBasedPermissionEvaluator.hasPermission(new DummyAuthentication(), 123, "Patient", PermissionType.READ);
+
+        assertThat(actual).isFalse();
+    }
+
+}
+
+class DummyAuthentication implements Authentication {
+    @Override
+    public String getName() {
+        return "dummy";
+    }
+
+    @Override
+    public Collection<? extends GrantedAuthority> getAuthorities() {
+        return null;
+    }
+
+    @Override
+    public Object getCredentials() {
+        return null;
+    }
+
+    @Override
+    public Object getDetails() {
+        return null;
+    }
+
+    @Override
+    public Object getPrincipal() {
+        return null;
+    }
+
+    @Override
+    public boolean isAuthenticated() {
+        return false;
+    }
+
+    @Override
+    public void setAuthenticated(boolean b) throws IllegalArgumentException {
+
+    }
+}
\ No newline at end of file
-- 
cgit v1.2.3