inteligr8/alfresco-community-repo
1
0
Fork 0
mirror of https://github.com/Alfresco/alfresco-community-repo.git synced 2025-08-14 17:58:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merged 5.2.0 (5.2.0) to HEAD (5.2)

Browse Source 
132997 mward: Merged mward/5.2.n-repo1544-update-self (5.2.1) to 5.2.N (5.2.1)
      132930 mward: REPO-1544: further tests (people can update themselves, except for 'enabled' flag)


git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@133374 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
This commit is contained in:
Alan Davis
2016-12-06 17:04:39 +00:00
parent 8c1fd3d00d
commit 709ffe2703
2 changed files with 69 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

80
source/test-java/org/alfresco/rest/api/tests/TestPeople.java
View File

@@ -776,14 +776,34 @@ public class TestPeople extends EnterpriseTestApi
people.update("people", personId, null, null, "{\n" + " \"firstName\": \"Updated firstName\"\n" + "}", null, "Expected 401 response when updating " + personId, 401);
}
// @Test
// public void testUpdatePersonNonSelfAndNonAdminDisallowed() throws PublicApiException
// {
// final String personId = account3PersonIt.next();
// publicApiClient.setRequestContext(new RequestContext(account3.getId(), personId));
//
// people.update("people", personId, null, null, "{\n" + " \"firstName\": \"Updated firstName\"\n" + "}", null, "Expected 403 response when updating " + personId, 403);
// }
@Test
public void testUpdatePersonNonSelfAndNonAdminDisallowed() throws PublicApiException
{
// TODO: this is bad, it seems that the test fixture isn't unique per test!?
final String personId = account1PersonIt.next();
final String personToUpdateId = account1PersonIt.next();
publicApiClient.setRequestContext(new RequestContext(account1.getId(), personId));
people.update(personToUpdateId, qjson("{ `firstName`:`Updated firstName` }"), 403);
// TODO: temp fix, set back to orig firstName
publicApiClient.setRequestContext(new RequestContext(account1.getId(), account1Admin, "admin"));
people.update(personToUpdateId, qjson("{ `firstName`:`Bob` }"), 200);
}
@Test
public void testUpdatePersonCanUpdateThemself() throws PublicApiException
{
final String personId = account1PersonIt.next();
publicApiClient.setRequestContext(new RequestContext(account1.getId(), personId));
Person updatedPerson = people.update(personId, qjson("{ `firstName`: `Updated firstName` }"), 200);
assertEquals("Updated firstName", updatedPerson.getFirstName());
// TODO: temp fix, set back to orig firstName
publicApiClient.setRequestContext(new RequestContext(account1.getId(), account1Admin, "admin"));
people.update(personId, qjson("{ `firstName`:`Bill` }"), 200);
}
@Test
public void testUpdatePersonNonexistentPerson() throws PublicApiException
@@ -928,24 +948,50 @@ public class TestPeople extends EnterpriseTestApi
@Test
public void testUpdatePersonEnabled() throws PublicApiException
{
// Non-admin user ID
final String personId = account3PersonIt.next();
publicApiClient.setRequestContext(new RequestContext(account3.getId(), account3Admin, "admin"));
Boolean enabled = false;
// Use admin user credentials
publicApiClient.setRequestContext(new RequestContext(account3.getId(), account3Admin, "admin"));
// Admin can toggle enabled flag: false
{
Boolean enabled = false;
Map<String, String> params = Collections.singletonMap("fields", "enabled");
Person updatedPerson = people.update(personId, qjson("{`enabled`:"+enabled+"}"), params, 200);
Map<String, String> params = new HashMap<>();
params.put("fields", "enabled");
assertEquals(enabled, updatedPerson.isEnabled());
}
HttpResponse response = people.update("people", personId, null, null, "{\n" + " \"enabled\": \"" + enabled + "\"\n" + "}", params,
"Expected 200 response when updating " + personId, 200);
// Admin can toggle enabled flag: true
{
Boolean enabled = true;
Map<String, String> params = Collections.singletonMap("fields", "enabled");
Person updatedPerson = people.update(personId, qjson("{`enabled`:"+enabled+"}"), params, 200);
Person updatedPerson = Person.parsePerson((JSONObject) response.getJsonResponse().get("entry"));
assertEquals(enabled, updatedPerson.isEnabled());
}
assertEquals(enabled, updatedPerson.isEnabled());
// Use non-admin user's own credentials
publicApiClient.setRequestContext(new RequestContext(account3.getId(), personId, "password"));
// Non-admin cannot set enabled flag
{
boolean origEnabled = people.getPerson(personId).isEnabled();
Boolean enabled = false;
// The test should change that we can't change this, otherwise it isn't effective
assertNotEquals(origEnabled, enabled);
Map<String, String> params = Collections.singletonMap("fields", "enabled");
people.update(personId, qjson("{`enabled`:"+enabled+"}"), params, 403);
Person me = people.getPerson(personId);
assertEquals("Enabled state shouldn't have changed, but did", origEnabled, me.isEnabled());
}
}
@Test
public void testUpdatePersonDisableAdminNotAllowed() throws PublicApiException
public void testUpdatePersonAdminCannotBeDisabled() throws PublicApiException
{
publicApiClient.setRequestContext(new RequestContext(account3.getId(), account3Admin, "admin"));

7
source/test-java/org/alfresco/rest/api/tests/client/PublicApiClient.java
View File

@@ -1103,7 +1103,12 @@ public class PublicApiClient
public Person update(String personId, String json, int expectedStatus) throws PublicApiException
{
HttpResponse response = update("people", personId, null, null, json, null, "Failed to update person", expectedStatus);
return update(personId, json, null, expectedStatus);
}
public Person update(String personId, String json, Map<String,String> params, int expectedStatus) throws PublicApiException
{
HttpResponse response = update("people", personId, null, null, json, params, "Failed to update person", expectedStatus);
if (response != null && response.getJsonResponse() != null)
{
JSONObject entry = (JSONObject) response.getJsonResponse().get("entry");