Project

General

Profile

« Previous | Next » 

Revision 3584

Added by Jing Tao about 17 years ago

Add test cases to test combination of allow and deny rules. Modify the generate id method to make sure id is unique.

View differences:

test/edu/ucsb/nceas/metacattest/OnlineDataAccessTest.java
358 358
            deleteDocid(onlineDocid + ".2", FAILURE, true);
359 359

  
360 360
            // try to read the documents now
361
            readDocid(onlineDocid + ".1", FAILURE, false);
362
            readDocid(onlineDocid + ".2", FAILURE, false);
361
            readDocid(onlineDocid + ".1", FAILURE, true);
362
            readDocid(onlineDocid + ".2", FAILURE, true);
363 363

  
364 364
            m.logout();
365 365

  
......
1264 1264
        docid.append(calendar.get(Calendar.HOUR_OF_DAY));
1265 1265
        docid.append(calendar.get(Calendar.MINUTE));
1266 1266
        docid.append(calendar.get(Calendar.SECOND));
1267

  
1267
   	    //sometimes this number is not unique, so we append a random number
1268
    	int random = (new Double(Math.random()*100)).intValue();
1269
    	docid.append(random);
1270
        
1268 1271
        return docid.toString();
1269 1272
    }
1270 1273
}
test/edu/ucsb/nceas/metacattest/AccessControlTest.java
32 32
import java.util.GregorianCalendar;
33 33
import java.util.SimpleTimeZone;
34 34
import java.util.TimeZone;
35
import java.util.Vector;
35 36

  
36 37
import edu.ucsb.nceas.metacat.client.InsufficientKarmaException;
37 38
import edu.ucsb.nceas.metacat.client.Metacat;
......
62 63
    private String onlineDocid;
63 64
    private String onlinetestdatafile1 = "test/onlineDataFile1";
64 65
    private String onlinetestdatafile2 = "test/onlineDataFile2";
66
    private static final String ALLOWFIRST = "allowFirst";
67
    private static final String DENYFIRST = "denyFirst";
65 68

  
66 69
    private Metacat m;
67 70

  
......
122 125
        "  </instrument>                                                    " +
123 126
        "</inline>                                                          ";
124 127

  
128
    /*
129
     * Retrus an access block base on params passed and the defaul perm order - allow first
130
     */
131
    private String getAccessBlock(String principal, boolean grantAccess,
132
                              boolean read, boolean write,
133
                           boolean changePermission, boolean all)
134
    {
135
    	return getAccessBlock(principal,  grantAccess,
136
                read, write,
137
                changePermission, all, ALLOWFIRST);
138
    }
125 139
    /**
126 140
     * This function returns an access block based on the params passed
127 141
     */
128 142
    private String getAccessBlock(String principal, boolean grantAccess,
129 143
                                  boolean read, boolean write,
130
                                  boolean changePermission, boolean all) {
144
                                  boolean changePermission, boolean all, String permOrder) {
131 145
        String accessBlock = "<access " +
132 146
            "authSystem=\"ldap://ldap.ecoinformatics.org:389/dc=ecoinformatics,dc=org\"" +
133
            " order=\"allowFirst\" scope=\"document\">";
147
            " order=\""+
148
            permOrder +"\""+
149
            " scope=\"document\""  +
150
            ">";
134 151

  
135
        if (grantAccess) {
136
            accessBlock += "<allow>";
137
        }
138
        else {
139
            accessBlock += "<deny>";
140
        }
141

  
142
        accessBlock = accessBlock + "<principal>" + principal + "</principal>";
143

  
144
        if (all) {
145
            accessBlock += "<permission>all</permission>";
146
        }
147
        else {
148
            if (read) {
149
                accessBlock += "<permission>read</permission>";
150
            }
151
            if (write) {
152
                accessBlock += "<permission>write</permission>";
153
            }
154
            if (changePermission) {
155
                accessBlock += "<permission>changePermission</permission>";
156
            }
157
        }
158

  
159
        if (grantAccess) {
160
            accessBlock += "</allow>";
161
        }
162
        else {
163
            accessBlock += "</deny>";
164
        }
152
        accessBlock += generateOneAccessRule(principal,  grantAccess,
153
                                  read, write, changePermission, all);
165 154
        accessBlock += "</access>";
166 155

  
167 156
        return accessBlock;
168 157

  
169 158
    }
159
    
160
    /*
161
     * Gets eml access block base on given acccess rules and perm order
162
     */
163
    private String  getAccessBlock(Vector accessRules, String permOrder)
164
    {
165
    	String accessBlock = "<access " +
166
        "authSystem=\"ldap://ldap.ecoinformatics.org:389/dc=ecoinformatics,dc=org\"" +
167
        " order=\""+
168
        permOrder +"\""+
169
        " scope=\"document\""  +
170
        ">";
171
    	// adding rules
172
    	if (accessRules != null  && !accessRules.isEmpty())
173
    	{
174
    		for (int i=0; i<accessRules.size(); i++)
175
    		{
176
    			String rule = (String)accessRules.elementAt(i);
177
    			accessBlock += rule;
178
    			
179
    		}		
180
    	}
181
    	accessBlock += "</access>";
182
    	return accessBlock;
183
    }
184
    
185
    /*
186
     * Generates a access rule for given parameter. Note this xml portion doesn't include
187
     * <access></access> 
188
     */
189
    private String generateOneAccessRule(String principal, boolean grantAccess,
190
            boolean read, boolean write, boolean changePermission, boolean all)
191
    {
192
    	 String accessBlock = "";
170 193

  
194
	     if (grantAccess) {
195
	         accessBlock = "<allow>";
196
	     }
197
	     else {
198
	         accessBlock = "<deny>";
199
	     }
200
	
201
	     accessBlock = accessBlock + "<principal>" + principal + "</principal>";
202
	
203
	     if (all) {
204
	         accessBlock += "<permission>all</permission>";
205
	     }
206
	     else {
207
	         if (read) {
208
	             accessBlock += "<permission>read</permission>";
209
	         }
210
	         if (write) {
211
	             accessBlock += "<permission>write</permission>";
212
	         }
213
	         if (changePermission) {
214
	             accessBlock += "<permission>changePermission</permission>";
215
	         }
216
	     }
217
	
218
	     if (grantAccess) {
219
	         accessBlock += "</allow>";
220
	     }
221
	     else {
222
	         accessBlock += "</deny>";
223
	     }
224
	     return accessBlock;
225

  
226
    }
227

  
171 228
    /**
172 229
     * This function returns a valid eml document with no access rules
173 230
     * This function is for eml-2.0.1 only. For other eml versions,
......
289 346
        // Test basic functions
290 347
        suite.addTest(new AccessControlTest("documentTest"));
291 348
        suite.addTest(new AccessControlTest("AccessControlTestForPublic"));
349
        suite.addTest(new AccessControlTest("testAllowFirst"));
350
        suite.addTest(new AccessControlTest("testDenyFirst"));
292 351

  
293 352
        return suite;
294 353
    }
......
300 359
    public void initialize() {
301 360
        assertTrue(1 == 1);
302 361
    }
362
    
363
    
364
    /**
365
     * Tests when permission order is allowFirst, the combination of allow and deny rules  affect 
366
     * user to read, update and delete a document. Here are test cases
367
     *1.An user inserts a document with access  rules (allowFirst) - allow READ rule for another user,
368
     *   deny  READ rule for public. 
369
     *      Another user reads this document - failure
370
     *      Another user updates this document(except access part) -failure
371
     *      Another user updates this document(access part) -failure
372
     *      Another user deletes this document - failure
373
     *2. The user updates this documents with access rules (allowFirst) - allow READ and WRITE rule for another user,
374
     *    deny READ and WRITE rule for public. 
375
     *       Another user reads this document - failure
376
     *       Another user updates this document(except access part) -failure
377
     *       Another user updates this document(access part) -failure
378
     *       Another user deletes this document - failure
379
     *3. The user updates this documents with access rules (allowFirst) - allow ALL rule for another user,
380
     *     deny ALL rule for public. 
381
     *         Another user reads this document - failure
382
     *         Another user updates this document(except access part) -failure
383
     *         Another user updates this document(access part) -failure
384
     *         Another user deletes this document - failure
385
     *4. The user updates this documents with access rules (allowFirst) - allow READ and WRITE rule for another user,
386
     *    deny  WRITE rule for public. 
387
     *       Another user reads this document - success
388
     *       Another user updates this document(except access part) -failure
389
     *       Another user updates this document(access part) -failure
390
     *       Another user deletes this document - failure
391
     *5. The user updates this documents with access rules (allowFirst) - allow READ and WRITE rule for another user,
392
     *    deny READ rule for public. 
393
     *       Another user reads this document - failure
394
     *       Another user updates this document(except access part) - success
395
     *       Another user updates this document(access part) -failure
396
     *       Another user deletes this document - failure
397
     *6. The user updates this documents with access rules (allowFirst) - allow READ rule for another user,
398
     *     deny READ rule for a group (which another user is in the group)
399
     *         Another user reads this document - failure
400
     *         Another user updates this document(except access part) -failure
401
     *         Another user updates this document(access part) -failure
402
     *         Another user deletes this document - failure
403
     *7. The user updates this documents with access rules (allowFirst) - allow READ and WRITE rule for another user,
404
     *      deny READ and WRITE rule for a group (which another user is in the group)
405
     *         Another user reads this document - failure
406
     *         Another user updates this document(except access part) -failure
407
     *         Another user updates this document(access part) -failure
408
     *         Another user deletes this document - failure
409
     *8. The user updates this documents with access rules (allowFirst) - allow ALL rule for another user,
410
     *     deny ALL rule for a group (which another user is in the group)
411
     *          Another user reads this document - failure
412
     *          Another user updates this document(except access part) -failure
413
     *          Another user updates this document(access part) -failure
414
     *          Another user deletes this document - failure
415
     *9. The user updates this documents with access rules (allowFirst) - allow READ and WRITE rule for another user,
416
     *     deny WRITE rule for a group (which another user is in the group)
417
     *          Another user reads this document - success
418
     *          Another user updates this document(except access part) -failure
419
     *          Another user updates this document(access part) -failure
420
     *          Another user deletes this document - failure
421
     *10. The user updates this documents with access rules (allowFirst) - allow READ and WRITE rule for another user,
422
     *     deny READ rule for a group (which another user is in the group)
423
     *          Another user reads this document - failure
424
     *          Another user updates this document(except access part) - success
425
     *          Another user updates this document(access part) -failure
426
     *          Another user deletes this document - failure
427
     */
428
    public void testAllowFirst()
429
    {
430
    	try {
431
	    	newdocid = generateDocid();	        
432
	        //====1 inserts a document with access  rules (allowFirst) - allow READ rule for another user,
433
	        // deny  READ rule for public.
434
	        String accessRule1 = generateOneAccessRule(anotheruser, true,
435
                    true, false, false, false);
436
	        String accessRule2 = generateOneAccessRule("public", false,
437
                    true, false, false, false);
438
	        Vector accessRules = new Vector();
439
	        accessRules.add(accessRule1);
440
	        accessRules.add(accessRule2);
441
	        String access = getAccessBlock(accessRules, ALLOWFIRST);
442
	        System.out.println("the access part is "+access);
443
	        testdocument = getTestEmlDoc("Testing user can't not read, write and delete a document",
444
                    null, null, null,
445
                    null, access ,
446
                    null, null, null, null);
447
	        // login
448
	        m.login(username, password);
449
	        insertDocid(newdocid + ".1", testdocument, SUCCESS, false);
450
	        m.logout();
451
	        //login as another user
452
	        m.login(anotheruser, anotherpassword);
453
	        //fails to read this document
454
	        readDocidWhichEqualsDoc(newdocid + ".1", testdocument, FAILURE, true);
455
	        //fails to update this document
456
            updateDocid(newdocid + ".2", testdocument, FAILURE, true);
457
            //fails to update access part
458
            testdocument = getTestEmlDoc("Testing user can't not read, write and delete a document",
459
                    null, null, null,
460
                    null,  getAccessBlock(anotheruser, true,
461
                            true, false, false, false),
462
                    null, null, null, null);
463
            updateDocid(newdocid + ".2", testdocument, FAILURE, true);
464
            //fails to delete the document
465
            deleteDocid(newdocid + ".1", FAILURE, true);
466
            //logout
467
            m.logout();
468
            
469
            //====2 inserts a document with access  rules (allowFirst) - allow READ and WRITE rule for another user,
470
	        // deny  READ and WRITE rule for public.
471
	        accessRule1 = generateOneAccessRule(anotheruser, true,
472
                    true, true, false, false);
473
	        accessRule2 = generateOneAccessRule("public", false,
474
                    true, true, false, false);
475
	        accessRules = new Vector();
476
	        accessRules.add(accessRule1);
477
	        accessRules.add(accessRule2);
478
	        access = getAccessBlock(accessRules, ALLOWFIRST);
479
	        System.out.println("the access part is "+access);
480
	        testdocument = getTestEmlDoc("Testing user can't not read, write and delete a document",
481
                    null, null, null,
482
                    null, access ,
483
                    null, null, null, null);
484
	        // login
485
	        m.login(username, password);
486
	        updateDocid(newdocid + ".2", testdocument, SUCCESS, false);
487
	        m.logout();
488
	        //login as another user
489
	        m.login(anotheruser, anotherpassword);
490
	        //fails to read this document
491
	        readDocidWhichEqualsDoc(newdocid + ".2", testdocument, FAILURE, true);
492
	        //fails to update this document
493
            updateDocid(newdocid + ".3", testdocument, FAILURE, true);
494
            //fails to update access part
495
            testdocument = getTestEmlDoc("Testing user can't not read, write and delete a document",
496
                    null, null, null,
497
                    null,  getAccessBlock(anotheruser, true,
498
                            true, false, false, false),
499
                    null, null, null, null);
500
            updateDocid(newdocid + ".3", testdocument, FAILURE, true);
501
            //fails to delete the document
502
            deleteDocid(newdocid + ".2", FAILURE, true);
503
            //logout
504
            m.logout();
505
            
506
             //====3 inserts a document with access  rules (allowFirst) - allow ALL rule for another user,
507
	        // deny  ALL rule for public.
508
	        accessRule1 = generateOneAccessRule(anotheruser, true,
509
                    true, true, true, true);
510
	        accessRule2 = generateOneAccessRule("public", false,
511
                    true, true, true, true);
512
	        accessRules = new Vector();
513
	        accessRules.add(accessRule1);
514
	        accessRules.add(accessRule2);
515
	        access = getAccessBlock(accessRules, ALLOWFIRST);
516
	        System.out.println("the access part is "+access);
517
	        testdocument = getTestEmlDoc("Testing user can't not read, write and delete a document",
518
                    null, null, null,
519
                    null, access ,
520
                    null, null, null, null);
521
	        // login
522
	        m.login(username, password);
523
	        updateDocid(newdocid + ".3", testdocument, SUCCESS, false);
524
	        m.logout();
525
	        //login as another user
526
	        m.login(anotheruser, anotherpassword);
527
	        //fails to read this document
528
	        readDocidWhichEqualsDoc(newdocid + ".3", testdocument, FAILURE, true);
529
	        //fails to update this document
530
            updateDocid(newdocid + ".4", testdocument, FAILURE, true);
531
            //fails to update access part
532
            testdocument = getTestEmlDoc("Testing user can't not read, write and delete a document",
533
                    null, null, null,
534
                    null,  getAccessBlock(anotheruser, true,
535
                            true, false, false, false),
536
                    null, null, null, null);
537
            updateDocid(newdocid + ".4", testdocument, FAILURE, true);
538
            //fails to delete the document
539
            deleteDocid(newdocid + ".3", FAILURE, true);
540
            //logout
541
            m.logout();
542
            
543
            
544
            
545
            
546
            
547
             //  ====4 The user updates this documents with access rules (allowFirst) - allow READ and WRITE 
548
            //rule for another user, deny  WRITE rule for public. 
549
	        accessRule1 = generateOneAccessRule(anotheruser, true,
550
                    true, true, false, false);
551
	        accessRule2 = generateOneAccessRule("public", false, false, true, false, false);
552
	        accessRules = new Vector();
553
	        accessRules.add(accessRule1);
554
	        accessRules.add(accessRule2);
555
	        access = getAccessBlock(accessRules, ALLOWFIRST);
556
	        System.out.println("the access part is "+access);
557
	        testdocument = getTestEmlDoc("Testing user can't not read, write and delete a document",
558
                    null, null, null,
559
                    null, access ,
560
                    null, null, null, null);
561
	        // login
562
	        m.login(username, password);
563
	        updateDocid(newdocid + ".4", testdocument, SUCCESS, false);
564
	        m.logout();
565
	        //login as another user
566
	        m.login(anotheruser, anotherpassword);
567
	        //fails to read this document
568
	        readDocidWhichEqualsDoc(newdocid + ".4", testdocument, SUCCESS, false);
569
	        //fails to update this document
570
            updateDocid(newdocid + ".5", testdocument, FAILURE, true);
571
            //fails to update access part
572
            testdocument = getTestEmlDoc("Testing user can't not read, write and delete a document",
573
                    null, null, null,
574
                    null,  getAccessBlock(anotheruser, true,
575
                            true, false, false, false),
576
                    null, null, null, null);
577
            updateDocid(newdocid + ".5", testdocument, FAILURE, true);
578
            //fails to delete the document
579
            deleteDocid(newdocid + ".4", FAILURE, true);
580
            //logout
581
            m.logout();
582
	        
583
            
584
            //  ====5. The user updates this documents with access rules (allowFirst) - allow READ and WRITE
585
            //rule for another user, deny READ rule for public. 
586
	        accessRule1 = generateOneAccessRule(anotheruser, true,
587
                    true, true, false, false);
588
	        accessRule2 = generateOneAccessRule("public", false, true, false, false, false);
589
	        accessRules = new Vector();
590
	        accessRules.add(accessRule1);
591
	        accessRules.add(accessRule2);
592
	        access = getAccessBlock(accessRules, ALLOWFIRST);
593
	        System.out.println("the access part is "+access);
594
	        testdocument = getTestEmlDoc("Testing user can't not read, write and delete a document",
595
                    null, null, null,
596
                    null, access ,
597
                    null, null, null, null);
598
	        // login
599
	        m.login(username, password);
600
	        updateDocid(newdocid + ".5", testdocument, SUCCESS, false);
601
	        m.logout();
602
	        //login as another user
603
	        m.login(anotheruser, anotherpassword);
604
	        //fails to read this document
605
	        readDocidWhichEqualsDoc(newdocid + ".5", testdocument, FAILURE, true);
606
	        //fails to update this document
607
            updateDocid(newdocid + ".6", testdocument, SUCCESS, false);
608
            //fails to update access part
609
            testdocument = getTestEmlDoc("Testing user can't not read, write and delete a document",
610
                    null, null, null,
611
                    null,  getAccessBlock(anotheruser, true,
612
                            true, false, false, false),
613
                    null, null, null, null);
614
            updateDocid(newdocid + ".7", testdocument, FAILURE, true);
615
            //fails to delete the document
616
            deleteDocid(newdocid + ".6", FAILURE, true);
617
            //logout
618
            m.logout();
619
            
620
            
621
            
622
             //   ====6 inserts a document with access  rules (allowFirst) - allow READ rule for another user,
623
	        // deny  READ rule for a group (cn=knb-usr,o=nceas,dc=ecoinformatics,dc=org and another user is 
624
            // in this group).
625
	        accessRule1 = generateOneAccessRule(anotheruser, true,
626
                    true, false, false, false);
627
	        accessRule2 = generateOneAccessRule("cn=knb-usr,o=nceas,dc=ecoinformatics,dc=org", false,
628
                   true, false, false, false);
629
	        accessRules = new Vector();
630
	        accessRules.add(accessRule1);
631
	        accessRules.add(accessRule2);
632
	        access = getAccessBlock(accessRules, ALLOWFIRST);
633
	        System.out.println("the access part is "+access);
634
	        testdocument = getTestEmlDoc("Testing user can't not read, write and delete a document",
635
                    null, null, null,
636
                    null, access ,
637
                    null, null, null, null);
638
	        // login
639
	        m.login(username, password);
640
	        updateDocid(newdocid + ".7", testdocument, SUCCESS, false);
641
	        m.logout();
642
	        //login as another user
643
	        m.login(anotheruser, anotherpassword);
644
	        //fails to read this document
645
	        readDocidWhichEqualsDoc(newdocid + ".7", testdocument, FAILURE, true);
646
	        //fails to update this document
647
            updateDocid(newdocid + ".8", testdocument, FAILURE, true);
648
            //fails to update access part
649
            testdocument = getTestEmlDoc("Testing user can't not read, write and delete a document",
650
                    null, null, null,
651
                    null,  getAccessBlock(anotheruser, true,
652
                            true, false, false, false),
653
                    null, null, null, null);
654
            updateDocid(newdocid + ".8", testdocument, FAILURE, true);
655
            //fails to delete the document
656
            deleteDocid(newdocid + ".7", FAILURE, true);
657
            //logout
658
            m.logout();
659
            
660
            //====7 inserts a document with access  rules (allowFirst) - allow READ and WRITE rule for another 
661
            //user, deny  READ and WRITE rule for a group (cn=knb-usr,o=nceas,dc=ecoinformatics,dc=org and
662
            // the other user is in this group)
663
	        accessRule1 = generateOneAccessRule(anotheruser, true,
664
                    true, true, false, false);
665
	        accessRule2 = generateOneAccessRule("cn=knb-usr,o=nceas,dc=ecoinformatics,dc=org", false,
666
                    true, true, false, false);
667
	        accessRules = new Vector();
668
	        accessRules.add(accessRule1);
669
	        accessRules.add(accessRule2);
670
	        access = getAccessBlock(accessRules, ALLOWFIRST);
671
	        System.out.println("the access part is "+access);
672
	        testdocument = getTestEmlDoc("Testing user can't not read, write and delete a document",
673
                    null, null, null,
674
                    null, access ,
675
                    null, null, null, null);
676
	        // login
677
	        m.login(username, password);
678
	        updateDocid(newdocid + ".8", testdocument, SUCCESS, false);
679
	        m.logout();
680
	        //login as another user
681
	        m.login(anotheruser, anotherpassword);
682
	        //fails to read this document
683
	        readDocidWhichEqualsDoc(newdocid + ".8", testdocument, FAILURE, true);
684
	        //fails to update this document
685
            updateDocid(newdocid + ".9", testdocument, FAILURE, true);
686
            //fails to update access part
687
            testdocument = getTestEmlDoc("Testing user can't not read, write and delete a document",
688
                    null, null, null,
689
                    null,  getAccessBlock(anotheruser, true,
690
                            true, false, false, false),
691
                    null, null, null, null);
692
            updateDocid(newdocid + ".9", testdocument, FAILURE, true);
693
            //fails to delete the document
694
            deleteDocid(newdocid + ".8", FAILURE, true);
695
            //logout
696
            m.logout();
697
            
698
             //====8 inserts a document with access  rules (allowFirst) - allow ALL rule for another user,
699
	        // deny  ALL rule for a group (cn=knb-usr,o=nceas,dc=ecoinformatics,dc=org and the other user
700
            // is in this group)
701
	        accessRule1 = generateOneAccessRule(anotheruser, true,
702
                    true, true, true, true);
703
	        accessRule2 = generateOneAccessRule("cn=knb-usr,o=nceas,dc=ecoinformatics,dc=org", false,
704
                    true, true, true, true);
705
	        accessRules = new Vector();
706
	        accessRules.add(accessRule1);
707
	        accessRules.add(accessRule2);
708
	        access = getAccessBlock(accessRules, ALLOWFIRST);
709
	        System.out.println("the access part is "+access);
710
	        testdocument = getTestEmlDoc("Testing user can't not read, write and delete a document",
711
                    null, null, null,
712
                    null, access ,
713
                    null, null, null, null);
714
	        // login
715
	        m.login(username, password);
716
	        updateDocid(newdocid + ".9", testdocument, SUCCESS, false);
717
	        m.logout();
718
	        //login as another user
719
	        m.login(anotheruser, anotherpassword);
720
	        //fails to read this document
721
	        readDocidWhichEqualsDoc(newdocid + ".9", testdocument, FAILURE, true);
722
	        //fails to update this document
723
            updateDocid(newdocid + ".10", testdocument, FAILURE, true);
724
            //fails to update access part
725
            testdocument = getTestEmlDoc("Testing user can't not read, write and delete a document",
726
                    null, null, null,
727
                    null,  getAccessBlock(anotheruser, true,
728
                            true, false, false, false),
729
                    null, null, null, null);
730
            updateDocid(newdocid + ".10", testdocument, FAILURE, true);
731
            //fails to delete the document
732
            deleteDocid(newdocid + ".9", FAILURE, true);
733
            //logout
734
            m.logout();
735
            
736
            
737
            
738
            
739
            
740
             //  ====9 The user updates this documents with access rules (allowFirst) - allow READ and WRITE 
741
            //rule for another user, deny  WRITE rule for a group (cn=knb-usr,o=nceas,dc=ecoinformatics,dc=org
742
            // and another user is in this group). 
743
	        accessRule1 = generateOneAccessRule(anotheruser, true,
744
                    true, true, false, false);
745
	        accessRule2 = generateOneAccessRule("cn=knb-usr,o=nceas,dc=ecoinformatics,dc=org", false, false, true, false, false);
746
	        accessRules = new Vector();
747
	        accessRules.add(accessRule1);
748
	        accessRules.add(accessRule2);
749
	        access = getAccessBlock(accessRules, ALLOWFIRST);
750
	        System.out.println("the access part is "+access);
751
	        testdocument = getTestEmlDoc("Testing user can't not read, write and delete a document",
752
                    null, null, null,
753
                    null, access ,
754
                    null, null, null, null);
755
	        // login
756
	        m.login(username, password);
757
	        updateDocid(newdocid + ".10", testdocument, SUCCESS, false);
758
	        m.logout();
759
	        //login as another user
760
	        m.login(anotheruser, anotherpassword);
761
	        //succeed to read this document
762
	        readDocidWhichEqualsDoc(newdocid + ".10", testdocument, SUCCESS, false);
763
	        //fails to update this document
764
            updateDocid(newdocid + ".11", testdocument, FAILURE, true);
765
            //fails to update access part
766
            testdocument = getTestEmlDoc("Testing user can't not read, write and delete a document",
767
                    null, null, null,
768
                    null,  getAccessBlock(anotheruser, true,
769
                            true, false, false, false),
770
                    null, null, null, null);
771
            updateDocid(newdocid + ".11", testdocument, FAILURE, true);
772
            //fails to delete the document
773
            deleteDocid(newdocid + ".10", FAILURE, true);
774
            //logout
775
            m.logout();
776
	        
777
            
778
            //  ====10. The user updates this documents with access rules (allowFirst) - allow READ and WRITE
779
            //rule for another user, deny READ rule for a group(cn=knb-usr,o=nceas,dc=ecoinformatics,dc=org and
780
            //another user is in this group). 
781
	        accessRule1 = generateOneAccessRule(anotheruser, true,
782
                    true, true, false, false);
783
	        accessRule2 = generateOneAccessRule("cn=knb-usr,o=nceas,dc=ecoinformatics,dc=org", false,
784
                    true, false, false, false);
785
	        accessRules = new Vector();
786
	        accessRules.add(accessRule1);
787
	        accessRules.add(accessRule2);
788
	        access = getAccessBlock(accessRules, ALLOWFIRST);
789
	        System.out.println("the access part is "+access);
790
	        testdocument = getTestEmlDoc("Testing user can't not read, write and delete a document",
791
                    null, null, null,
792
                    null, access ,
793
                    null, null, null, null);
794
	        // login
795
	        m.login(username, password);
796
	        updateDocid(newdocid + ".11", testdocument, SUCCESS, false);
797
	        m.logout();
798
	        //login as another user
799
	        m.login(anotheruser, anotherpassword);
800
	        //fails to read this document
801
	        readDocidWhichEqualsDoc(newdocid + ".11", testdocument, FAILURE, true);
802
	        //succeed to update this document
803
            updateDocid(newdocid + ".12", testdocument, SUCCESS, false);
804
            //fails to update access part
805
            testdocument = getTestEmlDoc("Testing user can't not read, write and delete a document",
806
                    null, null, null,
807
                    null,  getAccessBlock(anotheruser, true,
808
                            true, false, false, false),
809
                    null, null, null, null);
810
            updateDocid(newdocid + ".13", testdocument, FAILURE, true);
811
            //fails to delete the document
812
            deleteDocid(newdocid + ".12", FAILURE, true);
813
            //logout
814
            m.logout();
815
	    }
816
	    catch (MetacatAuthException mae) {
817
	        fail("Authorization failed:\n" + mae.getMessage());
818
	    }
819
	    catch (MetacatInaccessibleException mie) {
820
	        fail("Metacat Inaccessible:\n" + mie.getMessage());
821
	    }
822
	    catch (Exception e) {
823
	        fail("General exception:\n" + e.getMessage());
824
	    }
825
    }
826
    
827
    /**
828
     * Tests when permission order is denyFirst, the combination of allow and deny rules  affect 
829
     * user to read, update and delete a document. Here are test cases
830
     *1.An user inserts a document with access  rules (denyFirst) - allow READ rule for another user,
831
     *   deny  READ rule for public. 
832
     *      Another user reads this document - success
833
     *      Another user updates this document(except access part) -failure
834
     *      Another user updates this document(access part) -failure
835
     *      Another user deletes this document - failure
836
     *2. The user updates this documents with access rules (denyFirst) - allow READ and WRITE rule for another user,
837
     *    deny READ and WRITE rule for public. 
838
     *       Another user reads this document - success
839
     *       Another user updates this document(except access part) -success
840
     *       Another user updates this document(access part) -failure
841
     *       Another user deletes this document - failure
842
     *3. The user updates this documents with access rules (denyFirst) - allow ALL rule for another user,
843
     *     deny ALL rule for public. 
844
     *         Another user reads this document - success
845
     *         Another user updates this document(except access part) -success
846
     *         Another user updates this document(access part) -success
847
     *         Another user deletes this document - success
848
     *4. The user updates this documents with access rules (denyFirst) - allow READ and WRITE rule for another user,
849
     *    deny  WRITE rule for public. 
850
     *       Another user reads this document - success
851
     *       Another user updates this document(except access part) -success
852
     *       Another user updates this document(access part) -failure
853
     *       Another user deletes this document - failure
854
     *5. The user updates this documents with access rules (denyFirst) - allow READ and WRITE rule for another user,
855
     *    deny READ rule for public. 
856
     *       Another user reads this document - success
857
     *       Another user updates this document(except access part) - success
858
     *       Another user updates this document(access part) -failure
859
     *       Another user deletes this document - failure
860
     *6. The user updates this documents with access rules (denyFirst) - allow READ rule for another user,
861
     *     deny READ rule for a group (which another user is in the group)
862
     *         Another user reads this document - success
863
     *         Another user updates this document(except access part) -failure
864
     *         Another user updates this document(access part) -failure
865
     *         Another user deletes this document - failure
866
     *7. The user updates this documents with access rules (denyFirst) - allow READ and WRITE rule for another user,
867
     *      deny READ and WRITE rule for a group (which another user is in the group)
868
     *         Another user reads this document - success
869
     *         Another user updates this document(except access part) - success
870
     *         Another user updates this document(access part) -failure
871
     *         Another user deletes this document - failure
872
     *8. The user updates this documents with access rules (denyFirst) - allow ALL rule for another user,
873
     *     deny ALL rule for a group (which another user is in the group)
874
     *          Another user reads this document - success
875
     *          Another user updates this document(except access part) - success
876
     *          Another user updates this document(access part) - success
877
     *          Another user deletes this document - success
878
     *9. The user updates this documents with access rules (denyFirst) - allow READ and WRITE rule for another user,
879
     *     deny WRITE rule for a group (which another user is in the group)
880
     *          Another user reads this document - success
881
     *          Another user updates this document(except access part) - success
882
     *          Another user updates this document(access part) - failure
883
     *          Another user deletes this document - failure
884
     *10. The user updates this documents with access rules (denyFirst) - allow READ and WRITE rule for another user,
885
     *     deny READ rule for a group (which another user is in the group)
886
     *          Another user reads this document - success
887
     *          Another user updates this document(except access part) - success
888
     *          Another user updates this document(access part) -failure
889
     *          Another user deletes this document - failure
890
     */
891
    public void testDenyFirst()
892
    {
893
    	try {
894
	    	newdocid = generateDocid();	        
895
	        //====1 inserts a document with access  rules (denyFirst) - allow READ rule for another user,
896
	        // deny  READ rule for public.
897
	        String accessRule1 = generateOneAccessRule(anotheruser, true,
898
                    true, false, false, false);
899
	        String accessRule2 = generateOneAccessRule("public", false,
900
                    true, false, false, false);
901
	        Vector accessRules = new Vector();
902
	        accessRules.add(accessRule1);
903
	        accessRules.add(accessRule2);
904
	        String access = getAccessBlock(accessRules, DENYFIRST);
905
	        System.out.println("the access part is "+access);
906
	        testdocument = getTestEmlDoc("Testing user can't not read, write and delete a document",
907
                    null, null, null,
908
                    null, access ,
909
                    null, null, null, null);
910
	        // login
911
	        m.login(username, password);
912
	        insertDocid(newdocid + ".1", testdocument, SUCCESS, false);
913
	        m.logout();
914
	        //login as another user
915
	        m.login(anotheruser, anotherpassword);
916
	        //succeeds to read this document
917
	        readDocidWhichEqualsDoc(newdocid + ".1", testdocument, SUCCESS, false);
918
	        //fails to update this document
919
            updateDocid(newdocid + ".2", testdocument, FAILURE, true);
920
            //fails to update access part
921
            testdocument = getTestEmlDoc("Testing user can't not read, write and delete a document",
922
                    null, null, null,
923
                    null,  getAccessBlock(anotheruser, true,
924
                            true, false, false, false),
925
                    null, null, null, null);
926
            updateDocid(newdocid + ".2", testdocument, FAILURE, true);
927
            //fails to delete the document
928
            deleteDocid(newdocid + ".1", FAILURE, true);
929
            //logout
930
            m.logout();
931
            
932
            //====2 inserts a document with access  rules (denyFirst) - allow READ and WRITE rule for another user,
933
	        // deny  READ and WRITE rule for public.
934
	        accessRule1 = generateOneAccessRule(anotheruser, true,
935
                    true, true, false, false);
936
	        accessRule2 = generateOneAccessRule("public", false,
937
                    true, true, false, false);
938
	        accessRules = new Vector();
939
	        accessRules.add(accessRule1);
940
	        accessRules.add(accessRule2);
941
	        access = getAccessBlock(accessRules, DENYFIRST);
942
	        System.out.println("the access part is "+access);
943
	        testdocument = getTestEmlDoc("Testing user can't not read, write and delete a document",
944
                    null, null, null,
945
                    null, access ,
946
                    null, null, null, null);
947
	        // login
948
	        m.login(username, password);
949
	        updateDocid(newdocid + ".2", testdocument, SUCCESS, false);
950
	        m.logout();
951
	        //login as another user
952
	        m.login(anotheruser, anotherpassword);
953
	        //succeeds to read this document
954
	        readDocidWhichEqualsDoc(newdocid + ".2", testdocument, SUCCESS, false);
955
	        //succeeds to update this document
956
            updateDocid(newdocid + ".3", testdocument, SUCCESS, false);
957
            //fails to update access part
958
            testdocument = getTestEmlDoc("Testing user can't not read, write and delete a document",
959
                    null, null, null,
960
                    null,  getAccessBlock(anotheruser, true,
961
                            true, false, false, false),
962
                    null, null, null, null);
963
            updateDocid(newdocid + ".4", testdocument, FAILURE, true);
964
            //fails to delete the document
965
            deleteDocid(newdocid + ".3", FAILURE, true);
966
            //logout
967
            m.logout();
968
            
969
             //====3 inserts a document with access  rules (denyFirst) - allow ALL rule for another user,
970
	        // deny  ALL rule for public.
971
	        accessRule1 = generateOneAccessRule(anotheruser, true,
972
                    true, true, true, true);
973
	        accessRule2 = generateOneAccessRule("public", false,
974
                    true, true, true, true);
975
	        accessRules = new Vector();
976
	        accessRules.add(accessRule1);
977
	        accessRules.add(accessRule2);
978
	        access = getAccessBlock(accessRules, DENYFIRST);
979
	        System.out.println("the access part is "+access);
980
	        testdocument = getTestEmlDoc("Testing user can't not read, write and delete a document",
981
                    null, null, null,
982
                    null, access ,
983
                    null, null, null, null);
984
	        // login
985
	        m.login(username, password);
986
	        updateDocid(newdocid + ".4", testdocument, SUCCESS, false);
987
	        m.logout();
988
	        //login as another user
989
	        m.login(anotheruser, anotherpassword);
990
	        //succeeds to read this document
991
	        readDocidWhichEqualsDoc(newdocid + ".4", testdocument, SUCCESS, false);
992
	        //succeeds to update this document
993
            updateDocid(newdocid + ".5", testdocument, SUCCESS, false);
994
            //succeed to update access part
995
            testdocument = getTestEmlDoc("Testing user can't not read, write and delete a document",
996
                    null, null, null,
997
                    null,  getAccessBlock(anotheruser, true, true, true, true, true),
998
                    null, null, null, null);
999
            updateDocid(newdocid + ".6", testdocument, SUCCESS, false);
1000
            //succeeds to delete the document
1001
            deleteDocid(newdocid + ".6", SUCCESS, false);
1002
            //logout
1003
            m.logout();
1004
            
1005
            
1006
            
1007
            
1008
            newdocid = generateDocid();
1009
             //  ====4 The user updates this documents with access rules (denyFirst) - allow READ and WRITE 
1010
            //rule for another user, deny  WRITE rule for public. 
1011
	        accessRule1 = generateOneAccessRule(anotheruser, true,
1012
                    true, true, false, false);
1013
	        accessRule2 = generateOneAccessRule("public", false, false, true, false, false);
1014
	        accessRules = new Vector();
1015
	        accessRules.add(accessRule1);
1016
	        accessRules.add(accessRule2);
1017
	        access = getAccessBlock(accessRules, DENYFIRST);
1018
	        System.out.println("the access part is "+access);
1019
	        testdocument = getTestEmlDoc("Testing user can't not read, write and delete a document",
1020
                    null, null, null,
1021
                    null, access ,
1022
                    null, null, null, null);
1023
	        // login
1024
	        m.login(username, password);
1025
	        insertDocid(newdocid + ".1", testdocument, SUCCESS, false);
1026
	        m.logout();
1027
	        //login as another user
1028
	        m.login(anotheruser, anotherpassword);
1029
	        //succeeds to read this document
1030
	        readDocidWhichEqualsDoc(newdocid + ".1", testdocument, SUCCESS, false);
1031
	        //succeeds to update this document
1032
            updateDocid(newdocid + ".2", testdocument, SUCCESS, false);
1033
            //fails to update access part
1034
            testdocument = getTestEmlDoc("Testing user can't not read, write and delete a document",
1035
                    null, null, null,
1036
                    null,  getAccessBlock(anotheruser, true,
1037
                            true, false, false, false),
1038
                    null, null, null, null);
1039
            updateDocid(newdocid + ".3", testdocument, FAILURE, true);
1040
            //fails to delete the document
1041
            deleteDocid(newdocid + ".2", FAILURE, true);
1042
            //logout
1043
            m.logout();
1044
	        
1045
            
1046
            //  ====5. The user updates this documents with access rules (allowFirst) - allow READ and WRITE
1047
            //rule for another user, deny READ rule for public. 
1048
	        accessRule1 = generateOneAccessRule(anotheruser, true,
1049
                    true, true, false, false);
1050
	        accessRule2 = generateOneAccessRule("public", false, true, false, false, false);
1051
	        accessRules = new Vector();
1052
	        accessRules.add(accessRule1);
1053
	        accessRules.add(accessRule2);
1054
	        access = getAccessBlock(accessRules, DENYFIRST);
1055
	        System.out.println("the access part is "+access);
1056
	        testdocument = getTestEmlDoc("Testing user can't not read, write and delete a document",
1057
                    null, null, null,
1058
                    null, access ,
1059
                    null, null, null, null);
1060
	        // login
1061
	        m.login(username, password);
1062
	        updateDocid(newdocid + ".10", testdocument, SUCCESS, false);
1063
	        m.logout();
1064
	        //login as another user
1065
	        m.login(anotheruser, anotherpassword);
1066
	        //succeeds to read this document
1067
	        readDocidWhichEqualsDoc(newdocid + ".10", testdocument, SUCCESS, false);
1068
	        //succeed to update this document
1069
            updateDocid(newdocid + ".11", testdocument, SUCCESS, false);
1070
            //fails to update access part
1071
            testdocument = getTestEmlDoc("Testing user can't not read, write and delete a document",
1072
                    null, null, null,
1073
                    null,  getAccessBlock(anotheruser, true,
1074
                            true, false, false, false),
1075
                    null, null, null, null);
1076
            updateDocid(newdocid + ".12", testdocument, FAILURE, true);
1077
            //fails to delete the document
1078
            deleteDocid(newdocid + ".12", FAILURE, true);
1079
            //logout
1080
            m.logout();
1081
            
1082
            
1083
            
1084
             //   ====6 inserts a document with access  rules (denyFirst) - allow READ rule for another user,
1085
	        // deny  READ rule for a group (cn=knb-usr,o=nceas,dc=ecoinformatics,dc=org and another user is 
1086
            // in this group).
1087
	        accessRule1 = generateOneAccessRule(anotheruser, true,
1088
                    true, false, false, false);
1089
	        accessRule2 = generateOneAccessRule("cn=knb-usr,o=nceas,dc=ecoinformatics,dc=org", false,
1090
                   true, false, false, false);
1091
	        accessRules = new Vector();
1092
	        accessRules.add(accessRule1);
1093
	        accessRules.add(accessRule2);
1094
	        access = getAccessBlock(accessRules, DENYFIRST);
1095
	        System.out.println("the access part is "+access);
1096
	        testdocument = getTestEmlDoc("Testing user can't not read, write and delete a document",
1097
                    null, null, null,
1098
                    null, access ,
1099
                    null, null, null, null);
1100
	        // login
1101
	        m.login(username, password);
1102
	        updateDocid(newdocid + ".13", testdocument, SUCCESS, false);
1103
	        m.logout();
1104
	        //login as another user
1105
	        m.login(anotheruser, anotherpassword);
1106
	        //succeeds to read this document
1107
	        readDocidWhichEqualsDoc(newdocid + ".13", testdocument, SUCCESS, false);
1108
	        //fails to update this document
1109
            updateDocid(newdocid + ".14", testdocument, FAILURE, true);
1110
            //fails to update access part
1111
            testdocument = getTestEmlDoc("Testing user can't not read, write and delete a document",
1112
                    null, null, null,
1113
                    null,  getAccessBlock(anotheruser, true,
1114
                            true, false, false, false),
1115
                    null, null, null, null);
1116
            updateDocid(newdocid + ".14", testdocument, FAILURE, true);
1117
            //fails to delete the document
1118
            deleteDocid(newdocid + ".13", FAILURE, true);
1119
            //logout
1120
            m.logout();
1121
            
1122
            //====7 inserts a document with access  rules (allowFirst) - allow READ and WRITE rule for another 
1123
            //user, deny  READ and WRITE rule for a group (cn=knb-usr,o=nceas,dc=ecoinformatics,dc=org and
1124
            // the other user is in this group)
1125
	        accessRule1 = generateOneAccessRule(anotheruser, true,
1126
                    true, true, false, false);
1127
	        accessRule2 = generateOneAccessRule("cn=knb-usr,o=nceas,dc=ecoinformatics,dc=org", false,
1128
                    true, true, false, false);
1129
	        accessRules = new Vector();
1130
	        accessRules.add(accessRule1);
1131
	        accessRules.add(accessRule2);
1132
	        access = getAccessBlock(accessRules, DENYFIRST);
1133
	        System.out.println("the access part is "+access);
1134
	        testdocument = getTestEmlDoc("Testing user can't not read, write and delete a document",
1135
                    null, null, null,
1136
                    null, access ,
1137
                    null, null, null, null);
1138
	        // login
1139
	        m.login(username, password);
1140
	        updateDocid(newdocid + ".14", testdocument, SUCCESS, false);
1141
	        m.logout();
1142
	        //login as another user
1143
	        m.login(anotheruser, anotherpassword);
1144
	        //succeeds to read this document
1145
	        readDocidWhichEqualsDoc(newdocid + ".14", testdocument, SUCCESS, false);
1146
	        //succeeds to update this document
1147
            updateDocid(newdocid + ".15", testdocument, SUCCESS, false);
1148
            //fails to update access part
1149
            testdocument = getTestEmlDoc("Testing user can't not read, write and delete a document",
1150
                    null, null, null,
1151
                    null,  getAccessBlock(anotheruser, true,
1152
                            true, false, false, false),
1153
                    null, null, null, null);
1154
            updateDocid(newdocid + ".16", testdocument, FAILURE, true);
1155
            //fails to delete the document
1156
            deleteDocid(newdocid + ".15", FAILURE, true);
1157
            //logout
1158
            m.logout();
1159
            
1160
             //====8 inserts a document with access  rules (denyFirst) - allow ALL rule for another user,
1161
	        // deny  ALL rule for a group (cn=knb-usr,o=nceas,dc=ecoinformatics,dc=org and the other user
1162
            // is in this group)
1163
	        accessRule1 = generateOneAccessRule(anotheruser, true,
1164
                    true, true, true, true);
1165
	        accessRule2 = generateOneAccessRule("cn=knb-usr,o=nceas,dc=ecoinformatics,dc=org", false,
1166
                    true, true, true, true);
1167
	        accessRules = new Vector();
1168
	        accessRules.add(accessRule1);
1169
	        accessRules.add(accessRule2);
1170
	        access = getAccessBlock(accessRules, DENYFIRST);
1171
	        System.out.println("the access part is "+access);
1172
	        testdocument = getTestEmlDoc("Testing user can't not read, write and delete a document",
1173
                    null, null, null,
1174
                    null, access ,
1175
                    null, null, null, null);
1176
	        // login
1177
	        m.login(username, password);
1178
	        updateDocid(newdocid + ".16", testdocument, SUCCESS, false);
1179
	        m.logout();
1180
	        //login as another user
1181
	        m.login(anotheruser, anotherpassword);
1182
	        //succeeds to read this document
1183
	        readDocidWhichEqualsDoc(newdocid + ".16", testdocument, SUCCESS, false);
1184
	        //succeeds to update this document
1185
            updateDocid(newdocid + ".17", testdocument, SUCCESS, false);
1186
            //succeeds to update access part
1187
            testdocument = getTestEmlDoc("Testing user can't not read, write and delete a document",
1188
                    null, null, null,
1189
                    null,  getAccessBlock(anotheruser, true,
1190
                            true, true, true, true),
1191
                    null, null, null, null);
1192
            updateDocid(newdocid + ".18", testdocument, SUCCESS, false);
1193
            //succeeds to delete the document
1194
            deleteDocid(newdocid + ".18", SUCCESS, false);
1195
            //logout
1196
            m.logout();
1197
            
1198
            
1199
            
1200
            
1201
            newdocid = generateDocid();
1202
             //  ====9 The user updates this documents with access rules (denyFirst) - allow READ and WRITE 
1203
            //rule for another user, deny  WRITE rule for a group (cn=knb-usr,o=nceas,dc=ecoinformatics,dc=org
1204
            // and another user is in this group). 
1205
	        accessRule1 = generateOneAccessRule(anotheruser, true,
1206
                    true, true, false, false);
1207
	        accessRule2 = generateOneAccessRule("cn=knb-usr,o=nceas,dc=ecoinformatics,dc=org", false, false, true, false, false);
1208
	        accessRules = new Vector();
1209
	        accessRules.add(accessRule1);
1210
	        accessRules.add(accessRule2);
1211
	        access = getAccessBlock(accessRules, DENYFIRST);
1212
	        System.out.println("the access part is "+access);
1213
	        testdocument = getTestEmlDoc("Testing user can't not read, write and delete a document",
1214
                    null, null, null,
1215
                    null, access ,
1216
                    null, null, null, null);
1217
	        // login
1218
	        m.login(username, password);
1219
	        insertDocid(newdocid + ".1", testdocument, SUCCESS, false);
1220
	        m.logout();
1221
	        //login as another user
1222
	        m.login(anotheruser, anotherpassword);
1223
	        //succeed to read this document
1224
	        readDocidWhichEqualsDoc(newdocid + ".1", testdocument, SUCCESS, false);
1225
	        //succeeds to update this document
1226
            updateDocid(newdocid + ".20", testdocument, SUCCESS, false);
1227
            //fails to update access part
1228
            testdocument = getTestEmlDoc("Testing user can't not read, write and delete a document",
1229
                    null, null, null,
1230
                    null,  getAccessBlock(anotheruser, true,
1231
                            true, false, false, false),
1232
                    null, null, null, null);
1233
            updateDocid(newdocid + ".21", testdocument, FAILURE, true);
1234
            //fails to delete the document
1235
            deleteDocid(newdocid + ".20", FAILURE, true);
1236
            //logout
1237
            m.logout();
1238
	        
1239
            
1240
            //  ====10. The user updates this documents with access rules (denyFirst) - allow READ and WRITE
1241
            //rule for another user, deny READ rule for a group(cn=knb-usr,o=nceas,dc=ecoinformatics,dc=org and
1242
            //another user is in this group). 
1243
	        accessRule1 = generateOneAccessRule(anotheruser, true,
1244
                    true, true, false, false);
1245
	        accessRule2 = generateOneAccessRule("cn=knb-usr,o=nceas,dc=ecoinformatics,dc=org", false,
1246
                    true, false, false, false);
1247
	        accessRules = new Vector();
1248
	        accessRules.add(accessRule1);
1249
	        accessRules.add(accessRule2);
1250
	        access = getAccessBlock(accessRules, DENYFIRST);
1251
	        System.out.println("the access part is "+access);
1252
	        testdocument = getTestEmlDoc("Testing user can't not read, write and delete a document",
1253
                    null, null, null,
1254
                    null, access ,
1255
                    null, null, null, null);
1256
	        // login
1257
	        m.login(username, password);
1258
	        updateDocid(newdocid + ".21", testdocument, SUCCESS, false);
1259
	        m.logout();
1260
	        //login as another user
1261
	        m.login(anotheruser, anotherpassword);
1262
	        //succeeds to read this document
1263
	        readDocidWhichEqualsDoc(newdocid + ".21", testdocument, SUCCESS, false);
1264
	        //succeeds to update this document
1265
            updateDocid(newdocid + ".22", testdocument, SUCCESS, false);
1266
            //fails to update access part
1267
            testdocument = getTestEmlDoc("Testing user can't not read, write and delete a document",
1268
                    null, null, null,
1269
                    null,  getAccessBlock(anotheruser, true,
1270
                            true, false, false, false),
1271
                    null, null, null, null);
1272
            updateDocid(newdocid + ".23", testdocument, FAILURE, true);
1273
            //fails to delete the document
1274
            deleteDocid(newdocid + ".22", FAILURE, true);
1275
            //logout
1276
            m.logout();
1277
	    }
1278
	    catch (MetacatAuthException mae) {
1279
	        fail("Authorization failed:\n" + mae.getMessage());
1280
	    }
1281
	    catch (MetacatInaccessibleException mie) {
1282
	        fail("Metacat Inaccessible:\n" + mie.getMessage());
1283
	    }
1284
	    catch (Exception e) {
1285
	        fail("General exception:\n" + e.getMessage());
1286
	    }
1287
    }
303 1288

  
304 1289
    /** *********
305 1290
     * Test the case when no access is specified and owner is logged in
......
902 1887
    private void deleteDocid(String docid, boolean result,
903 1888
                             boolean expextedKarmaFailure) {
904 1889
        try {
1890
        	Thread.sleep(5000);
905 1891
            String response = m.delete(docid);
906 1892
            if (result) {
907 1893
                assertTrue(response.indexOf("<success>") != -1);
test/edu/ucsb/nceas/metacattest/NonAsciiCharacterTest.java
584 584
        docid.append(calendar.get(Calendar.HOUR_OF_DAY));
585 585
        docid.append(calendar.get(Calendar.MINUTE));
586 586
        docid.append(calendar.get(Calendar.SECOND));
587

  
587
   	    //sometimes this number is not unique, so we append a random number
588
    	int random = (new Double(Math.random()*100)).intValue();
589
    	docid.append(random);
588 590
        return docid.toString();
589 591
    }
590 592
}

Also available in: Unified diff