inteligr8/alfresco-community-repo
1
0
Fork 0
mirror of https://github.com/Alfresco/alfresco-community-repo.git synced 2025-07-31 17:39:05 +00:00
Code Issues Packages Projects Releases Wiki Activity

RM-2123 Move clearance checking to SecurityClearanceService.

Browse Source 
Refactor ContentClassificationService#hasClearance so that it calls out to
SecurityClearanceService#isCurrentUserClearedForClassification. Restrict
isCurrentUserClearedForClassification so that it only applies to the current
authenticated user (we don't need to use it for anything else).  Also
extract classification level comparison to a new class.

+review RM-58

git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/modules/recordsmanagement/HEAD@104568 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
This commit is contained in:
Tom Page
2015-05-20 08:28:46 +00:00
parent 4d94c8b66b
commit 94c65b83e8
6 changed files with 169 additions and 150 deletions
Download Patch File Download Diff File Expand all files Collapse all files

45
rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/classification/ClassificationLevelComparator.java Normal file
View File

@@ -0,0 +1,45 @@
/*
* Copyright (C) 2005-2015 Alfresco Software Limited.
*
* This file is part of Alfresco
*
* Alfresco is free software: you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* Alfresco is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public License
* along with Alfresco. If not, see <http://www.gnu.org/licenses/>.
*/
package org.alfresco.module.org_alfresco_module_rm.classification;
import java.util.Comparator;
/**
* A class to compare classification levels.
*
* @author tpage
* @since 3.0
*/
public class ClassificationLevelComparator implements Comparator<ClassificationLevel>
{
private ClassificationLevelManager classificationLevelManager;
public ClassificationLevelComparator(ClassificationLevelManager classificationLevelManager)
{
this.classificationLevelManager = classificationLevelManager;
}
@Override
public int compare(ClassificationLevel oneLevel, ClassificationLevel otherLevel)
{
int oneIndex = classificationLevelManager.getClassificationLevels().indexOf(oneLevel);
int otherIndex = classificationLevelManager.getClassificationLevels().indexOf(otherLevel);
return oneIndex - otherIndex;
}
}

32
rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/classification/ContentClassificationServiceImpl.java
View File

@@ -24,7 +24,6 @@ import static org.alfresco.util.ParameterCheck.mandatory;
import java.io.Serializable;
import java.util.HashMap;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;
@@ -132,37 +131,8 @@ public class ContentClassificationServiceImpl extends ServiceBaseImpl implements
@Override
public boolean hasClearance(NodeRef nodeRef)
{
boolean result = false;
// Get the node's current classification
ClassificationLevel currentClassification = getCurrentClassification(nodeRef);
if (ClassificationLevelManager.UNCLASSIFIED.equals(currentClassification))
{
// since the node is not classified user has clearance
result = true;
}
else
{
// Get the user's security clearance
SecurityClearance securityClearance = securityClearanceService.getUserSecurityClearance();
if (!ClearanceLevelManager.NO_CLEARANCE.equals(securityClearance.getClearanceLevel()))
{
// get the users highest classification clearance
ClassificationLevel highestClassification = securityClearance.getClearanceLevel().getHighestClassificationLevel();
// if classification is less than or equal to highest classification then user has clearance
List<ClassificationLevel> allClassificationLevels = levelManager.getClassificationLevels();
int highestIndex = allClassificationLevels.indexOf(highestClassification);
int currentIndex = allClassificationLevels.indexOf(currentClassification);
if (highestIndex <= currentIndex)
{
// user has clearance
result = true;
}
}
}
return result;
return securityClearanceService.isCurrentUserClearedForClassification(currentClassification.getId());
}
}

13
rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/classification/SecurityClearanceService.java
View File

@@ -18,11 +18,11 @@
*/
package org.alfresco.module.org_alfresco_module_rm.classification;
import java.util.List;
import org.alfresco.query.PagingResults;
import org.alfresco.service.cmr.security.NoSuchPersonException;
import java.util.List;
/**
* This service offers access to users' security clearance levels.
*
@@ -48,6 +48,15 @@ public interface SecurityClearanceService
*/
PagingResults<SecurityClearance> getUsersSecurityClearance(UserQueryParams queryParams);
/**
* Check if a classification can be accessed by the current user.
*
* @param classificationId The classification level to look for.
* @return {@code true} if the user can access the classification level; {@code false} if the user doesn't have
* clearance, or the classification level doesn't exist.
*/
boolean isCurrentUserClearedForClassification(String classificationId);
/**
* Set the clearance level for a user.
*

55
rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/classification/SecurityClearanceServiceImpl.java
View File

@@ -25,7 +25,6 @@ import java.util.ArrayList;
import java.util.Collections;
import java.util.List;
import com.google.common.collect.ImmutableList;
import org.alfresco.module.org_alfresco_module_rm.classification.ClassificationServiceException.LevelIdNotFound;
import org.alfresco.module.org_alfresco_module_rm.util.ServiceBaseImpl;
import org.alfresco.query.PagingRequest;
@@ -49,22 +48,31 @@ public class SecurityClearanceServiceImpl extends ServiceBaseImpl implements Sec
private ClassificationLevelManager classificationLevelManager;
private PersonService personService;
private ClassificationServiceBootstrap classificationServiceBootstrap;
private ClassificationLevelComparator classificationLevelComparator;
public void setClearanceManager(ClearanceLevelManager clearanceManager) { this.clearanceManager = clearanceManager; }
public void setClassificationLevelManager(ClassificationLevelManager classificationLevelManager) { this.classificationLevelManager = classificationLevelManager; }
public void setPersonService(PersonService service) { this.personService = service; }
public void setClassificationServiceBootstrap(ClassificationServiceBootstrap classificationServiceBootstrap) { this.classificationServiceBootstrap = classificationServiceBootstrap; }
public void setClassificationLevelComparator(ClassificationLevelComparator classificationLevelComparator) { this.classificationLevelComparator = classificationLevelComparator; }
/** Store the references to the classification and clearance level managers in this class. */
public void init()
{
this.classificationLevelManager = classificationServiceBootstrap.getClassificationLevelManager();
this.clearanceManager = classificationServiceBootstrap.getClearanceLevelManager();
classificationLevelComparator = new ClassificationLevelComparator(classificationLevelManager);
}
@Override
public SecurityClearance getUserSecurityClearance()
{
if (authenticationUtil.isRunAsUserTheSystemUser())
{
return new SecurityClearance(null, clearanceManager.getMostSecureLevel());
}
final String currentUser = authenticationUtil.getFullyAuthenticatedUser();
ParameterCheck.mandatoryString("currentUser", currentUser);
@@ -79,11 +87,6 @@ public class SecurityClearanceServiceImpl extends ServiceBaseImpl implements Sec
*/
private SecurityClearance getUserSecurityClearance(final String userName)
{
if (authenticationUtil.isRunAsUserTheSystemUser())
{
return new SecurityClearance(null, clearanceManager.getMostSecureLevel());
}
final NodeRef personNode = personService.getPerson(userName, false);
final PersonInfo personInfo = personService.getPerson(personNode);
@@ -130,31 +133,26 @@ public class SecurityClearanceServiceImpl extends ServiceBaseImpl implements Sec
};
}
/**
* Check if a classification can be accessed by a user with a given clearance.
*
* @param clearance The clearance of the user.
* @param classificationId The classification level to look for.
* @return {@code true} if the user can access the classification level.
*/
protected boolean isClearedForClassification(SecurityClearance clearance, String classificationId)
@Override
public boolean isCurrentUserClearedForClassification(String classificationId)
{
ImmutableList<ClassificationLevel> classificationLevels = classificationLevelManager.getClassificationLevels();
// Get the current user's security clearance.
SecurityClearance securityClearance = getUserSecurityClearance();
String clearanceId = clearance.getClearanceLevel().getHighestClassificationLevel().getId();
for (ClassificationLevel classificationLevel : classificationLevels)
ClassificationLevel suppliedLevel;
try
{
if (classificationLevel.getId().equals(clearanceId))
{
return true;
}
else if (classificationLevel.getId().equals(classificationId))
{
return false;
}
suppliedLevel = classificationLevelManager.findLevelById(classificationId);
}
// Neither the clearance id nor the classification id were found - something's gone wrong.
throw new LevelIdNotFound(classificationId);
catch(LevelIdNotFound e)
{
// Return false to make "Level not found" indistinguishable from "Not cleared".
return false;
}
ClassificationLevel usersHighestLevel = securityClearance.getClearanceLevel().getHighestClassificationLevel();
int comparison = classificationLevelComparator.compare(usersHighestLevel, suppliedLevel);
return (comparison >= 0);
}
@Override
@@ -166,8 +164,7 @@ public class SecurityClearanceServiceImpl extends ServiceBaseImpl implements Sec
final NodeRef personNode = personService.getPerson(userName, false);
// Check the current user has clearance to see the specified level.
SecurityClearance userSecurityClearance = getUserSecurityClearance();
if (!isClearedForClassification(userSecurityClearance, clearanceId))
if (!isCurrentUserClearedForClassification(clearanceId))
{
throw new LevelIdNotFound(clearanceId);
}

58
rm-server/unit-test/java/org/alfresco/module/org_alfresco_module_rm/classification/ContentClassificationServiceImplUnitTest.java
View File

@@ -184,20 +184,6 @@ public class ContentClassificationServiceImplUnitTest implements ClassifiedConte
verifyNoMoreInteractions(mockNodeService, mockLevelManager);
}
/**
* Given that the node is unclassified
* When I ask if the current user has clearance
* Then true
*/
@Test public void clearedForUnclassifiedNode()
{
// Content is unclassified by default.
NodeRef nodeRef = generateNodeRef(mockNodeService);
assertTrue(contentClassificationServiceImpl.hasClearance(nodeRef));
}
/**
* Given that the node is classified
* And the user has no security clearance
@@ -223,11 +209,11 @@ public class ContentClassificationServiceImplUnitTest implements ClassifiedConte
/**
* Given that the node is classified
* And the user has clearance grater than the classification
* And the user has clearance greater or equal to the the classification
* When I ask if the user has clearance
* Then true
*/
@Test public void classifiedNodeUserClearanceGreater()
@Test public void classifiedNodeUserClearanceAtLeast()
{
// init classification levels
ClassificationLevel topSecret = new ClassificationLevel("TopSecret", generateText());
@@ -244,39 +230,7 @@ public class ContentClassificationServiceImplUnitTest implements ClassifiedConte
when(mockLevelManager.findLevelById(secretId)).thenReturn(secret);
// set users security clearance
ClearanceLevel topSecretClearance = new ClearanceLevel(topSecret, "Top Secret");
SecurityClearance clearance = new SecurityClearance(mock(PersonInfo.class), topSecretClearance);
when(mockSecurityClearanceService.getUserSecurityClearance()).thenReturn(clearance);
assertTrue(contentClassificationServiceImpl.hasClearance(nodeRef));
}
/**
* Given that the node is classified
* And the user has clearance equal to the the classification
* When I ask if the user has clearance
* Then true
*/
@Test public void classifiedNodeUserClearanceEqual()
{
// init classification levels
ClassificationLevel topSecret = new ClassificationLevel("TopSecret", generateText());
String secretId = "Secret";
ClassificationLevel secret = new ClassificationLevel(secretId, generateText());
ClassificationLevel confidential = new ClassificationLevel("Confidential", generateText());
List<ClassificationLevel> classificationLevels = Arrays.asList(topSecret, secret, confidential, ClassificationLevelManager.UNCLASSIFIED);
when(mockLevelManager.getClassificationLevels()).thenReturn(ImmutableList.copyOf(classificationLevels));
// set nodes classification
NodeRef nodeRef = generateNodeRef(mockNodeService);
when(mockNodeService.hasAspect(nodeRef, ASPECT_CLASSIFIED)).thenReturn(true);
when(mockNodeService.getProperty(nodeRef, PROP_CURRENT_CLASSIFICATION)).thenReturn(secretId);
when(mockLevelManager.findLevelById(secretId)).thenReturn(secret);
// set users security clearance
ClearanceLevel secretClearance = new ClearanceLevel(secret, "Secret");
SecurityClearance clearance = new SecurityClearance(mock(PersonInfo.class), secretClearance);
when(mockSecurityClearanceService.getUserSecurityClearance()).thenReturn(clearance);
when(mockSecurityClearanceService.isCurrentUserClearedForClassification("Secret")).thenReturn(true);
assertTrue(contentClassificationServiceImpl.hasClearance(nodeRef));
}
@@ -285,7 +239,7 @@ public class ContentClassificationServiceImplUnitTest implements ClassifiedConte
* Given that the node is classified
* And the user has clearance less than the classification
* When I ask if the user has clearance
* Then true
* Then false
*/
@Test public void classifiedNodeUserClearanceLess()
{
@@ -304,9 +258,7 @@ public class ContentClassificationServiceImplUnitTest implements ClassifiedConte
when(mockLevelManager.findLevelById(secretId)).thenReturn(secret);
// set users security clearance
ClearanceLevel confidentialClearance = new ClearanceLevel(confidential, "Confidential");
SecurityClearance clearance = new SecurityClearance(mock(PersonInfo.class), confidentialClearance);
when(mockSecurityClearanceService.getUserSecurityClearance()).thenReturn(clearance);
when(mockSecurityClearanceService.isCurrentUserClearedForClassification("Secret")).thenReturn(false);
assertFalse(contentClassificationServiceImpl.hasClearance(nodeRef));
}

116
rm-server/unit-test/java/org/alfresco/module/org_alfresco_module_rm/classification/SecurityClearanceServiceImplUnitTest.java
View File

@@ -22,14 +22,15 @@ import static org.alfresco.module.org_alfresco_module_rm.classification.model.Cl
import static org.alfresco.module.org_alfresco_module_rm.classification.model.ClassifiedContentModel.PROP_CLEARANCE_LEVEL;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertFalse;
import static org.junit.Assert.assertTrue;
import static org.mockito.Matchers.anyBoolean;
import static org.mockito.Matchers.eq;
import static org.mockito.Mockito.mock;
import static org.mockito.Mockito.verify;
import static org.mockito.Mockito.when;
import java.util.List;
import com.google.common.collect.ImmutableList;
import org.alfresco.module.org_alfresco_module_rm.classification.ClassificationServiceException.LevelIdNotFound;
import org.alfresco.module.org_alfresco_module_rm.test.util.MockAuthenticationUtilHelper;
import org.alfresco.module.org_alfresco_module_rm.util.AuthenticationUtil;
@@ -45,8 +46,6 @@ import org.mockito.InjectMocks;
import org.mockito.Mock;
import org.mockito.MockitoAnnotations;
import com.google.common.collect.ImmutableList;
/**
* Unit tests for {@link SecurityClearanceServiceImpl}.
*
@@ -58,13 +57,14 @@ public class SecurityClearanceServiceImplUnitTest
{
@InjectMocks private SecurityClearanceServiceImpl securityClearanceServiceImpl;
@Mock private AuthenticationUtil mockAuthenticationUtil;
@Mock private ClassificationLevelManager mockClassificationLevelManager;
@Mock private DictionaryService mockDictionaryService;
@Mock private NodeService mockNodeService;
@Mock private PersonService mockPersonService;
@Mock private ClassificationService mockClassificationService;
@Mock private ClearanceLevelManager mockClearanceLevelManager;
@Mock private AuthenticationUtil mockAuthenticationUtil;
@Mock private ClassificationLevelManager mockClassificationLevelManager;
@Mock private DictionaryService mockDictionaryService;
@Mock private NodeService mockNodeService;
@Mock private PersonService mockPersonService;
@Mock private ClassificationService mockClassificationService;
@Mock private ClearanceLevelManager mockClearanceLevelManager;
@Mock private ClassificationLevelComparator mockClassificationLevelComparator;
@Before public void setUp()
{
@@ -94,11 +94,11 @@ public class SecurityClearanceServiceImplUnitTest
@Test public void userWithNoClearanceGetsDefaultClearance()
{
final PersonInfo user1 = createMockPerson("user1", "User", "One", null);
MockAuthenticationUtilHelper.setup(mockAuthenticationUtil, user1.getUserName());
MockAuthenticationUtilHelper.setup(mockAuthenticationUtil, user1.getUserName());
when(mockClassificationService.getUnclassifiedClassificationLevel())
.thenReturn(ClassificationLevelManager.UNCLASSIFIED);
when(mockClearanceLevelManager.findLevelByClassificationLevelId(ClassificationLevelManager.UNCLASSIFIED_ID))
.thenReturn(ClearanceLevelManager.NO_CLEARANCE);
.thenReturn(ClearanceLevelManager.NO_CLEARANCE);
final SecurityClearance clearance = securityClearanceServiceImpl.getUserSecurityClearance();
@@ -109,12 +109,12 @@ public class SecurityClearanceServiceImplUnitTest
/** Check that a user can have their clearance set by an authorised user. */
@Test public void setUserSecurityClearance_setClearance()
{
// Create the clearance.
String topSecretId = "ClearanceId";
ClassificationLevel level = new ClassificationLevel(topSecretId, "TopSecretKey");
ClearanceLevel clearanceLevel = new ClearanceLevel(level, "TopSecretKey");
when(mockClearanceLevelManager.findLevelByClassificationLevelId(topSecretId)).thenReturn(clearanceLevel);
when(mockClassificationLevelManager.getClassificationLevels()).thenReturn(ImmutableList.of(level));
// Create the user who will have their clearance set.
String userName = "User 1";
NodeRef personNode = new NodeRef(StoreRef.STORE_REF_WORKSPACE_SPACESSTORE, userName);
PersonInfo personInfo = new PersonInfo(personNode, userName, "first", "last");
when(mockPersonService.getPerson(userName, false)).thenReturn(personNode);
when(mockPersonService.getPerson(personNode)).thenReturn(personInfo);
// Create the authorised user.
String authorisedUserName = "authorisedUser";
@@ -123,17 +123,20 @@ public class SecurityClearanceServiceImplUnitTest
PersonInfo authorisedPersonInfo = new PersonInfo(authorisedPersonNode, authorisedUserName, "first", "last");
when(mockPersonService.getPerson(authorisedUserName, false)).thenReturn(authorisedPersonNode);
when(mockPersonService.getPerson(authorisedPersonNode)).thenReturn(authorisedPersonInfo);
// The current user is not system.
when(mockAuthenticationUtil.isRunAsUserTheSystemUser()).thenReturn(false);
// Create the clearance level.
String topSecretId = "ClearanceId";
ClassificationLevel level = new ClassificationLevel(topSecretId, "TopSecretKey");
ClearanceLevel clearanceLevel = new ClearanceLevel(level, "TopSecretKey");
when(mockClearanceLevelManager.findLevelByClassificationLevelId(topSecretId)).thenReturn(clearanceLevel);
// The authorised user is cleared to use this clearance.
when(mockNodeService.hasAspect(authorisedPersonNode, ASPECT_SECURITY_CLEARANCE)).thenReturn(true);
when(mockNodeService.getProperty(authorisedPersonNode, PROP_CLEARANCE_LEVEL)).thenReturn(topSecretId);
// Create the user who will have their clearance set.
String userName = "User 1";
NodeRef personNode = new NodeRef(StoreRef.STORE_REF_WORKSPACE_SPACESSTORE, userName);
PersonInfo personInfo = new PersonInfo(personNode, userName, "first", "last");
when(mockPersonService.getPerson(userName, false)).thenReturn(personNode);
when(mockPersonService.getPerson(personNode)).thenReturn(personInfo);
// The authenticated user's clearance level is at least as secure as the level being used.
when(mockClassificationLevelComparator.compare(level, level)).thenReturn(0);
// Once the user's clearance has been set then the node service is queried about it.
when(mockNodeService.hasAspect(personNode, ASPECT_SECURITY_CLEARANCE)).thenReturn(true);
@@ -156,13 +159,11 @@ public class SecurityClearanceServiceImplUnitTest
// Create the "Top Secret" and "Confidential" clearances.
String topSecretId = "TopSecretClearanceId";
ClassificationLevel topSecret = new ClassificationLevel(topSecretId, "TopSecretKey");
ClearanceLevel topSecretClearance = new ClearanceLevel(topSecret, "TopSecretKey");
when(mockClearanceLevelManager.findLevelByClassificationLevelId(topSecretId)).thenReturn(topSecretClearance);
when(mockClassificationLevelManager.findLevelById(topSecretId)).thenReturn(topSecret);
String confidentialId = "ConfidentialClearanceId";
ClassificationLevel confidential = new ClassificationLevel(confidentialId, "ConfidentialKey");
ClearanceLevel confidentialClearance = new ClearanceLevel(confidential, "ConfidentialKey");
when(mockClearanceLevelManager.findLevelByClassificationLevelId(confidentialId)).thenReturn(confidentialClearance);
when(mockClassificationLevelManager.getClassificationLevels()).thenReturn(ImmutableList.of(topSecret, confidential));
// Create the user attempting to use the API with "Confidential" clearance.
String userName = "unauthorisedUser";
@@ -175,6 +176,8 @@ public class SecurityClearanceServiceImplUnitTest
// The authorised user is cleared to use this clearance.
when(mockNodeService.hasAspect(personNode, ASPECT_SECURITY_CLEARANCE)).thenReturn(true);
when(mockNodeService.getProperty(personNode, PROP_CLEARANCE_LEVEL)).thenReturn(confidentialId);
// The authenticated user's clearance level not high enough.
when(mockClassificationLevelComparator.compare(confidential, topSecret)).thenReturn(-1);
// Create the user who will have their clearance set.
String targetUserName = "Target User";
@@ -188,23 +191,66 @@ public class SecurityClearanceServiceImplUnitTest
}
/**
* Check that a user with no clearance is not cleared to use the "Secret" classification.
* Check that a user with "Secret" clearance is cleared to use the "Secret" classification.
*/
@Test public void isClearedForClassification()
@Test public void isCurrentUserClearedForClassification_hasClearance()
{
ClassificationLevel topSecret = new ClassificationLevel("1", "TopSecret");
ClassificationLevel secret = new ClassificationLevel("2", "Secret");
ImmutableList<ClassificationLevel> classificationLevels = ImmutableList.of(topSecret, secret);
when(mockClassificationLevelManager.getClassificationLevels()).thenReturn(classificationLevels);
when(mockClassificationLevelManager.findLevelById("2")).thenReturn(secret);
SecurityClearance clearance = new SecurityClearance(mock(PersonInfo.class), ClearanceLevelManager.NO_CLEARANCE);
createMockPerson("Cleared", "Cleared", "Cleared", "2");
when(mockAuthenticationUtil.getFullyAuthenticatedUser()).thenReturn("Uncleared");
when(mockClearanceLevelManager.findLevelByClassificationLevelId("2")).thenReturn(new ClearanceLevel(secret, "Secret"));
// The authenticated user's clearance level is high enough to view the classification.
when(mockClassificationLevelComparator.compare(secret, secret)).thenReturn(0);
// Call the method under test.
boolean result = securityClearanceServiceImpl.isClearedForClassification(clearance, "2");
boolean result = securityClearanceServiceImpl.isCurrentUserClearedForClassification("2");
assertTrue("A user with 'Secret' clearance should be able to access the 'Secret' classification.", result);
}
/**
* Check that a user with no clearance is not cleared to use the "Secret" classification.
*/
@Test public void isCurrentUserClearedForClassification_noClearance()
{
ClassificationLevel secret = new ClassificationLevel("2", "Secret");
when(mockClassificationLevelManager.findLevelById("2")).thenReturn(secret);
createMockPerson("Uncleared", "Uncleared", "Uncleared", ClassificationLevelManager.UNCLASSIFIED_ID);
when(mockAuthenticationUtil.getFullyAuthenticatedUser()).thenReturn("Uncleared");
when(mockClearanceLevelManager.findLevelByClassificationLevelId(ClassificationLevelManager.UNCLASSIFIED_ID)).thenReturn(ClearanceLevelManager.NO_CLEARANCE);
// The authenticated user's clearance level not high enough.
when(mockClassificationLevelComparator.compare(ClassificationLevelManager.UNCLASSIFIED, secret)).thenReturn(-1);
// Call the method under test.
boolean result = securityClearanceServiceImpl.isCurrentUserClearedForClassification("2");
assertFalse("A user with no clearance should not be able to access the 'Secret' classification.", result);
}
/**
* Check that a user with "Top Secret" clearance is not cleared to use a non-existent classification.
*/
@Test public void isCurrentUserClearedForClassification_classificationNotFound()
{
ClassificationLevel topSecret = new ClassificationLevel("1", "TopSecret");
createMockPerson("Uncleared", "Uncleared", "Uncleared", "1");
when(mockAuthenticationUtil.getFullyAuthenticatedUser()).thenReturn("Uncleared");
when(mockClearanceLevelManager.findLevelByClassificationLevelId("1")).thenReturn(new ClearanceLevel(topSecret, "TopSecret"));
// Set up the made up classification.
String madeUpId = "Made Up Id";
when(mockClassificationLevelManager.findLevelById(madeUpId)).thenThrow(new LevelIdNotFound(madeUpId));
// Call the method under test.
boolean result = securityClearanceServiceImpl.isCurrentUserClearedForClassification(madeUpId);
assertFalse("No one should be cleared to use a fictional classification.", result);
}
/**
* Check that all levels are returned
*/