From 2eb7bc918ce7f45b42c2e8801447db660b5d34d6 Mon Sep 17 00:00:00 2001
From: Roy Wetherall <roy.wetherall@alfresco.com>
Date: Mon, 17 Aug 2015 04:35:31 +0000
Subject: [PATCH] Extended permission service unit test

+review RM-166



git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/modules/recordsmanagement/DEV/ROYTEST@110191 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
---
 .../impl/ExtendedPermissionServiceImpl.java   |  16 ++-
 ...ExtendedPermissionServiceImplUnitTest.java | 125 ++++++++++++++++++
 2 files changed, 140 insertions(+), 1 deletion(-)
 create mode 100644 rm-server/unit-test/java/org/alfresco/repo/security/permissions/impl/ExtendedPermissionServiceImplUnitTest.java

diff --git a/rm-server/source/java/org/alfresco/repo/security/permissions/impl/ExtendedPermissionServiceImpl.java b/rm-server/source/java/org/alfresco/repo/security/permissions/impl/ExtendedPermissionServiceImpl.java
index 5cc2a0a552..dee2ee1e89 100644
--- a/rm-server/source/java/org/alfresco/repo/security/permissions/impl/ExtendedPermissionServiceImpl.java
+++ b/rm-server/source/java/org/alfresco/repo/security/permissions/impl/ExtendedPermissionServiceImpl.java
@@ -153,7 +153,7 @@ public class ExtendedPermissionServiceImpl extends PermissionServiceImpl
 		}
     	
     	// evaluate permission
-        result = super.hasPermission(nodeRef, perm);
+        result = hasPermissionImpl(nodeRef, perm);
         
         // permission post-processors
         List<PermissionPostProcessor> postProcessors = permissionProcessorRegistry.getPermissionPostProcessors();
@@ -165,6 +165,20 @@ public class ExtendedPermissionServiceImpl extends PermissionServiceImpl
         
         return result;
     }
+    
+    /**
+     * Implementation of hasPermission method call.
+     * <p>
+     * Separation also convenient for unit testing.
+     * 
+     * @param nodeRef	node reference
+     * @param perm		permission
+     * @return {@link AccessStatus}	access status result
+     */
+    protected AccessStatus hasPermissionImpl(NodeRef nodeRef, String perm)
+    {
+    	return super.hasPermission(nodeRef, perm);
+    }
 
     /**
      * @see org.alfresco.repo.security.permissions.impl.PermissionServiceImpl#canRead(java.lang.Long)
diff --git a/rm-server/unit-test/java/org/alfresco/repo/security/permissions/impl/ExtendedPermissionServiceImplUnitTest.java b/rm-server/unit-test/java/org/alfresco/repo/security/permissions/impl/ExtendedPermissionServiceImplUnitTest.java
new file mode 100644
index 0000000000..fb5807a659
--- /dev/null
+++ b/rm-server/unit-test/java/org/alfresco/repo/security/permissions/impl/ExtendedPermissionServiceImplUnitTest.java
@@ -0,0 +1,125 @@
+/*
+ * Copyright (C) 2005-2015 Alfresco Software Limited.
+ *
+ * This file is part of Alfresco
+ *
+ * Alfresco is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * Alfresco is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with Alfresco. If not, see <http://www.gnu.org/licenses/>.
+ */
+package org.alfresco.repo.security.permissions.impl;
+
+import static java.util.Arrays.asList;
+import static org.mockito.Mockito.verify;
+import static org.mockito.Mockito.never;
+import static org.mockito.Mockito.when;
+import static org.junit.Assert.assertEquals;
+
+import org.alfresco.module.org_alfresco_module_rm.test.util.AlfMock;
+import org.alfresco.module.org_alfresco_module_rm.test.util.BaseUnitTest;
+import org.alfresco.repo.security.permissions.processor.PermissionPostProcessor;
+import org.alfresco.repo.security.permissions.processor.PermissionPreProcessor;
+import org.alfresco.repo.security.permissions.processor.PermissionProcessorRegistry;
+import org.alfresco.service.cmr.repository.NodeRef;
+import org.alfresco.service.cmr.security.AccessStatus;
+import org.junit.Test;
+import org.mockito.InjectMocks;
+import org.mockito.Mock;
+import org.mockito.Spy;
+
+/**
+ * Extended permission service implementation unit test
+ * 
+ * @author Roy Wetherall
+ * @since 3.0.a
+ */
+public class ExtendedPermissionServiceImplUnitTest extends BaseUnitTest 
+{
+	private @InjectMocks @Spy ExtendedPermissionServiceImpl extendedPermissionServiceImpl = new ExtendedPermissionServiceImpl()
+	{
+		protected AccessStatus hasPermissionImpl(NodeRef nodeRef, String perm) { return AccessStatus.UNDETERMINED; };
+	};
+	
+	private @Mock PermissionProcessorRegistry mockedPermissionProcessorRegistry;
+	private @Mock PermissionPreProcessor mockedPermissionPreProcessor;
+	private @Mock PermissionPostProcessor mockedPermissionPostProcessor;
+	
+	/**
+	 * Given a permission pre-processor has been registered
+	 * And does not DENY
+	 * When hasPermission is called
+	 * Then the pre-processor is executed
+	 * And the ACL's are evaluated as normal
+	 */
+	@Test
+	public void preProcessorDoesNotDeny()
+	{
+		NodeRef nodeRef = generateCmContent("anyname");
+		String perm = AlfMock.generateText();
+		when(mockedPermissionProcessorRegistry.getPermissionPreProcessors())
+			.thenReturn(asList(mockedPermissionPreProcessor));
+		when(mockedPermissionPreProcessor.process(nodeRef, perm))
+		    .thenReturn(AccessStatus.UNDETERMINED);
+		
+		AccessStatus result = extendedPermissionServiceImpl.hasPermission(nodeRef, perm);
+
+		assertEquals(AccessStatus.UNDETERMINED, result);
+		verify(mockedPermissionPreProcessor).process(nodeRef, perm);
+		verify(extendedPermissionServiceImpl).hasPermissionImpl(nodeRef, perm);
+	}
+	
+	/**
+	 * Given a permission pre-processor has been registered
+	 * And DENY's
+	 * When hasPermission is called
+	 * Then the pre-processor is executed
+	 * And the remaining permission evaluations do not take place
+	 */
+	@Test
+	public void preProcessorDenys()
+	{
+		NodeRef nodeRef = generateCmContent("anyname");
+		String perm = AlfMock.generateText();
+		when(mockedPermissionProcessorRegistry.getPermissionPreProcessors())
+			.thenReturn(asList(mockedPermissionPreProcessor));
+		when(mockedPermissionPreProcessor.process(nodeRef, perm))
+		    .thenReturn(AccessStatus.DENIED);
+		
+		AccessStatus result = extendedPermissionServiceImpl.hasPermission(nodeRef, perm);
+
+		assertEquals(AccessStatus.DENIED, result);
+		verify(mockedPermissionPreProcessor).process(nodeRef, perm);
+		verify(extendedPermissionServiceImpl, never()).hasPermissionImpl(nodeRef, perm);
+	}
+
+	/**
+	 * Given a permission post-processor has been registered
+	 * When hasPermission is called
+	 * Then the permission post-processor is called
+	 */
+	@Test
+	public void postProcessorRegistered()
+	{
+		NodeRef nodeRef = generateCmContent("anyname");
+		String perm = AlfMock.generateText();
+		when(mockedPermissionProcessorRegistry.getPermissionPostProcessors())
+			.thenReturn(asList(mockedPermissionPostProcessor));
+		when(mockedPermissionPostProcessor.process(AccessStatus.UNDETERMINED, nodeRef, perm))
+	    	.thenReturn(AccessStatus.ALLOWED);
+	
+		AccessStatus result = extendedPermissionServiceImpl.hasPermission(nodeRef, perm);		
+
+		assertEquals(AccessStatus.ALLOWED, result);
+		verify(mockedPermissionPostProcessor).process(AccessStatus.UNDETERMINED, nodeRef, perm);
+		verify(extendedPermissionServiceImpl).hasPermissionImpl(nodeRef, perm);
+	}
+}