Project

General

Profile

« Previous | Next » 

Revision 4333

Added by daigle over 16 years ago

Add test cases for eml 2.1.0 documents

View differences:

test/edu/ucsb/nceas/metacattest/AccessControlTest.java
51 51
/**
52 52
 * A JUnit test for testing Access Control in Metacat
53 53
 */
54
public class AccessControlTest
55
    extends MCTestCase {
54
public class AccessControlTest extends MCTestCase {
56 55

  
57
    private static String metacatUrl;
58
    private static String username;
56
	private static String metacatUrl;
57
	private static String username;
59 58
	private static String password;
60 59
	private static String anotheruser;
61 60
	private static String anotherpassword;
62 61
	static {
63 62
		try {
64
		    metacatUrl = PropertyService.getProperty("test.metacatUrl");
63
			metacatUrl = PropertyService.getProperty("test.metacatUrl");
65 64
			username = PropertyService.getProperty("test.mcUser");
66 65
			password = PropertyService.getProperty("test.mcPassword");
67 66
			anotheruser = PropertyService.getProperty("test.mcAnotherUser");
68 67
			anotherpassword = PropertyService.getProperty("test.mcAnotherPassword");
69 68
		} catch (PropertyNotFoundException pnfe) {
70
			System.err.println("Could not get property in static block: " 
69
			System.err.println("Could not get property in static block: "
71 70
					+ pnfe.getMessage());
72 71
		}
73 72
	}
74 73

  
75
    private String prefix = "test";
76
    private String newdocid = null;
77
    private String testdocument = "";
78
    private String onlineDocid;
79
    private String onlinetestdatafile1 = "test/onlineDataFile1";
80
    private String onlinetestdatafile2 = "test/onlineDataFile2";
81
    private static final String ALLOWFIRST = "allowFirst";
82
    private static final String DENYFIRST = "denyFirst";
74
	private String prefix = "test";
75
	private String newdocid = null;
76
	private String testdocument = "";
77
	private String onlineDocid;
78
	private String onlinetestdatafile1 = "test/onlineDataFile1";
79
	private String onlinetestdatafile2 = "test/onlineDataFile2";
80
	private static final String ALLOWFIRST = "allowFirst";
81
	private static final String DENYFIRST = "denyFirst";
82
	private static String EML2_0_0 = "EML2_0_0";
83
	private static String EML2_0_1 = "EML2_0_1";
84
	private static String EML2_1_0 = "EML2_1_0";
83 85

  
84
    private Metacat m;
86
	private Metacat m;
85 87

  
86
    private boolean SUCCESS = true;
87
    private boolean FAILURE = false;
88
	private boolean SUCCESS = true;
89
	private boolean FAILURE = false;
88 90

  
89
    /**
90
     * These variables are for eml-2.0.1 only. For other eml versions,
91
     * this function might have to modified
92
     */
91
	/**
92
	 * These variables are for eml-2.0.1 only. For other eml versions, this
93
	 * function might have to modified
94
	 */
93 95

  
94
    private String testEml_201_Header =
95
        "<?xml version=\"1.0\"?><eml:eml" +
96
        " xmlns:eml=\"eml://ecoinformatics.org/eml-2.0.1\"" +
97
        " xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\"" +
98
        " packageId=\"eml.1.1\" system=\"knb\"" +
99
        " xsi:schemaLocation=\"eml://ecoinformatics.org/eml-2.0.1 eml.xsd\"" +
100
        " scope=\"system\">";
96
	private String testEml_210_Header = "<?xml version=\"1.0\"?><eml:eml"
97
			+ " xmlns:eml=\"eml://ecoinformatics.org/eml-2.1.0\""
98
			+ " xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\""
99
			+ " packageId=\"eml.1.1\" system=\"knb\""
100
			+ " xsi:schemaLocation=\"eml://ecoinformatics.org/eml-2.1.0 eml.xsd\""
101
			+ " scope=\"system\">";
101 102

  
102
    private String testEml_200_Header =
103
    "<?xml version=\"1.0\"?><eml:eml" +
104
    " xmlns:eml=\"eml://ecoinformatics.org/eml-2.0.0\"" +
105
    " xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\"" +
106
    " packageId=\"eml.1.1\" system=\"knb\"" +
107
    " xsi:schemaLocation=\"eml://ecoinformatics.org/eml-2.0.0 eml.xsd\"" +
108
    " scope=\"system\">";
103
	private String testEml_201_Header = "<?xml version=\"1.0\"?><eml:eml"
104
			+ " xmlns:eml=\"eml://ecoinformatics.org/eml-2.0.1\""
105
			+ " xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\""
106
			+ " packageId=\"eml.1.1\" system=\"knb\""
107
			+ " xsi:schemaLocation=\"eml://ecoinformatics.org/eml-2.0.1 eml.xsd\""
108
			+ " scope=\"system\">";
109 109

  
110
    private String testEmlCreatorBlock =
111
        "<creator scope=\"document\">                                       " +
112
        " <individualName>                                                  " +
113
        "    <surName>Smith</surName>                                       " +
114
        " </individualName>                                                 " +
115
        "</creator>                                                         ";
110
	private String testEml_200_Header = "<?xml version=\"1.0\"?><eml:eml"
111
			+ " xmlns:eml=\"eml://ecoinformatics.org/eml-2.0.0\""
112
			+ " xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\""
113
			+ " packageId=\"eml.1.1\" system=\"knb\""
114
			+ " xsi:schemaLocation=\"eml://ecoinformatics.org/eml-2.0.0 eml.xsd\""
115
			+ " scope=\"system\">";
116 116

  
117
    private String testEmlContactBlock =
118
        "<contact scope=\"document\">                                       " +
119
        " <individualName>                                                  " +
120
        "    <surName>Jackson</surName>                                     " +
121
        " </individualName>                                                 " +
122
        "</contact>                                                         ";
117
	private String testEmlCreatorBlock = "<creator scope=\"document\">                                       "
118
			+ " <individualName>                                                  "
119
			+ "    <surName>Smith</surName>                                       "
120
			+ " </individualName>                                                 "
121
			+ "</creator>                                                         ";
123 122

  
124
    private String testEmlInlineBlock1 =
125
        "<inline>                                                           " +
126
        "  <admin>                                                          " +
127
        "    <contact>                                                      " +
128
        "      <name>Operator</name>                                        " +
129
        "      <institution>PSI</institution>                               " +
130
        "    </contact>                                                     " +
131
        "  </admin>                                                         " +
132
        "</inline>                                                          ";
123
	private String testEmlContactBlock = "<contact scope=\"document\">                                       "
124
			+ " <individualName>                                                  "
125
			+ "    <surName>Jackson</surName>                                     "
126
			+ " </individualName>                                                 "
127
			+ "</contact>                                                         ";
133 128

  
134
    private String testEmlInlineBlock2 =
135
        "<inline>                                                           " +
136
        "  <instrument>                                                     " +
137
        "    <instName>LCQ</instName>                                       " +
138
        "    <source type=\"ESI\"></source>                                 " +
139
        "    <detector type=\"EM\"></detector>                              " +
140
        "  </instrument>                                                    " +
141
        "</inline>                                                          ";
129
	private String testEmlInlineBlock1 = "<inline>                                                           "
130
			+ "  <admin>                                                          "
131
			+ "    <contact>                                                      "
132
			+ "      <name>Operator</name>                                        "
133
			+ "      <institution>PSI</institution>                               "
134
			+ "    </contact>                                                     "
135
			+ "  </admin>                                                         "
136
			+ "</inline>                                                          ";
142 137

  
143
    /*
144
     * Retrus an access block base on params passed and the defaul perm order - allow first
145
     */
146
    private String getAccessBlock(String principal, boolean grantAccess,
147
                              boolean read, boolean write,
148
                           boolean changePermission, boolean all)
149
    {
150
    	return getAccessBlock(principal,  grantAccess,
151
                read, write,
152
                changePermission, all, ALLOWFIRST);
153
    }
154
    /**
155
     * This function returns an access block based on the params passed
156
     */
157
    private String getAccessBlock(String principal, boolean grantAccess,
158
                                  boolean read, boolean write,
159
                                  boolean changePermission, boolean all, String permOrder) {
160
        String accessBlock = "<access " +
161
            "authSystem=\"ldap://ldap.ecoinformatics.org:389/dc=ecoinformatics,dc=org\"" +
162
            " order=\""+
163
            permOrder +"\""+
164
            " scope=\"document\""  +
165
            ">";
138
	private String testEmlInlineBlock2 = "<inline>                                                           "
139
			+ "  <instrument>                                                     "
140
			+ "    <instName>LCQ</instName>                                       "
141
			+ "    <source type=\"ESI\"></source>                                 "
142
			+ "    <detector type=\"EM\"></detector>                              "
143
			+ "  </instrument>                                                    "
144
			+ "</inline>                                                          ";
166 145

  
167
        accessBlock += generateOneAccessRule(principal,  grantAccess,
168
                                  read, write, changePermission, all);
169
        accessBlock += "</access>";
146
	/*
147
	 * Retrus an access block base on params passed and the defaul perm order -
148
	 * allow first
149
	 */
150
	private String getAccessBlock(String principal, boolean grantAccess, boolean read,
151
			boolean write, boolean changePermission, boolean all) {
152
		return getAccessBlock(principal, grantAccess, read, write, changePermission, all,
153
				ALLOWFIRST);
154
	}
170 155

  
171
        return accessBlock;
156
	/**
157
	 * This function returns an access block based on the params passed
158
	 */
159
	private String getAccessBlock(String principal, boolean grantAccess, boolean read,
160
			boolean write, boolean changePermission, boolean all, String permOrder) {
161
		String accessBlock = "<access "
162
				+ "authSystem=\"ldap://ldap.ecoinformatics.org:389/dc=ecoinformatics,dc=org\""
163
				+ " order=\"" + permOrder + "\"" + " scope=\"document\"" + ">";
172 164

  
173
    }
174
    
175
    /*
176
     * Gets eml access block base on given acccess rules and perm order
177
     */
178
    private String  getAccessBlock(Vector accessRules, String permOrder)
179
    {
180
    	String accessBlock = "<access " +
181
        "authSystem=\"ldap://ldap.ecoinformatics.org:389/dc=ecoinformatics,dc=org\"" +
182
        " order=\""+
183
        permOrder +"\""+
184
        " scope=\"document\""  +
185
        ">";
186
    	// adding rules
187
    	if (accessRules != null  && !accessRules.isEmpty())
188
    	{
189
    		for (int i=0; i<accessRules.size(); i++)
190
    		{
191
    			String rule = (String)accessRules.elementAt(i);
192
    			accessBlock += rule;
193
    			
194
    		}		
195
    	}
196
    	accessBlock += "</access>";
197
    	return accessBlock;
198
    }
199
    
200
    /*
201
     * Generates a access rule for given parameter. Note this xml portion doesn't include
202
     * <access></access> 
203
     */
204
    private String generateOneAccessRule(String principal, boolean grantAccess,
205
            boolean read, boolean write, boolean changePermission, boolean all)
206
    {
207
    	 String accessBlock = "";
165
		accessBlock += generateOneAccessRule(principal, grantAccess, read, write,
166
				changePermission, all);
167
		accessBlock += "</access>";
208 168

  
209
	     if (grantAccess) {
210
	         accessBlock = "<allow>";
211
	     }
212
	     else {
213
	         accessBlock = "<deny>";
214
	     }
215
	
216
	     accessBlock = accessBlock + "<principal>" + principal + "</principal>";
217
	
218
	     if (all) {
219
	         accessBlock += "<permission>all</permission>";
220
	     }
221
	     else {
222
	         if (read) {
223
	             accessBlock += "<permission>read</permission>";
224
	         }
225
	         if (write) {
226
	             accessBlock += "<permission>write</permission>";
227
	         }
228
	         if (changePermission) {
229
	             accessBlock += "<permission>changePermission</permission>";
230
	         }
231
	     }
232
	
233
	     if (grantAccess) {
234
	         accessBlock += "</allow>";
235
	     }
236
	     else {
237
	         accessBlock += "</deny>";
238
	     }
239
	     return accessBlock;
169
		return accessBlock;
240 170

  
241
    }
171
	}
242 172

  
243
    /**
244
     * This function returns a valid eml document with no access rules
245
     * This function is for eml-2.0.1 only. For other eml versions,
246
     * this function might have to modified
247
     */
248
    private String getTestEmlDoc(String title, String inlineData1,
249
                                 String inlineData2, String onlineUrl1,
250
                                 String onlineUrl2, String docAccessBlock,
251
                                 String inlineAccessBlock1,
252
                                 String inlineAccessBlock2,
253
                                 String onlineAccessBlock1,
254
                                 String onlineAccessBlock2) {
173
	/*
174
	 * Gets eml access block base on given acccess rules and perm order
175
	 */
176
	private String getAccessBlock(Vector accessRules, String permOrder) {
177
		String accessBlock = "<access "
178
				+ "authSystem=\"ldap://ldap.ecoinformatics.org:389/dc=ecoinformatics,dc=org\""
179
				+ " order=\"" + permOrder + "\"" + " scope=\"document\"" + ">";
180
		// adding rules
181
		if (accessRules != null && !accessRules.isEmpty()) {
182
			for (int i = 0; i < accessRules.size(); i++) {
183
				String rule = (String) accessRules.elementAt(i);
184
				accessBlock += rule;
255 185

  
256
    	debug("getTestEmlDoc(): title=" + title + " inlineData1=" + inlineData1  + 
257
    			" inlineData2=" + inlineData2 + " onlineUrl1=" + onlineUrl1 + 
258
    			 " onlineUrl2=" + onlineUrl2 + " docAccessBlock=" + docAccessBlock + 
259
    			 " inlineAccessBlock1=" + inlineAccessBlock1 + 
260
    			 " inlineAccessBlock2=" + inlineAccessBlock2 + 
261
    			 " onlineAccessBlock1=" + onlineAccessBlock1 + 
262
    			 " onlineAccessBlock2=" + onlineAccessBlock2 );
263
        String testDocument = "";
264
        testDocument = testDocument + testEml_201_Header +
265
            "<dataset scope=\"document\"><title>" + title + "</title>" +
266
            testEmlCreatorBlock;
186
			}
187
		}
188
		accessBlock += "</access>";
189
		return accessBlock;
190
	}
267 191

  
268
        if (inlineData1 != null) {
269
            testDocument = testDocument
270
                + "<distribution scope=\"document\" id=\"inlineEntity1\">"
271
                + inlineData1 + "</distribution>";
272
        }
273
        if (inlineData2 != null) {
274
            testDocument = testDocument
275
                + "<distribution scope=\"document\" id=\"inlineEntity2\">"
276
                + inlineData2 + "</distribution>";
277
        }
278
        if (onlineUrl1 != null) {
279
            testDocument = testDocument
280
                + "<distribution scope=\"document\" id=\"onlineEntity1\">"
281
                + "<online><url function=\"download\">"
282
                + onlineUrl1 + "</url></online></distribution>";
283
        }
284
        if (onlineUrl2 != null) {
285
            testDocument = testDocument +
286
                "<distribution scope=\"document\" id=\"onlineEntity2\">"
287
                + "<online><url function=\"download\">"
288
                + onlineUrl2 + "</url></online></distribution>";
289
        }
290
        testDocument += testEmlContactBlock;
192
	/*
193
	 * Generates a access rule for given parameter. Note this xml portion
194
	 * doesn't include <access></access>
195
	 */
196
	private String generateOneAccessRule(String principal, boolean grantAccess,
197
			boolean read, boolean write, boolean changePermission, boolean all) {
198
		String accessBlock = "";
291 199

  
292
        if (docAccessBlock != null) {
293
            testDocument += docAccessBlock;
294
        }
200
		if (grantAccess) {
201
			accessBlock = "<allow>";
202
		} else {
203
			accessBlock = "<deny>";
204
		}
295 205

  
296
        testDocument += "</dataset>";
206
		accessBlock = accessBlock + "<principal>" + principal + "</principal>";
297 207

  
298
        if (inlineAccessBlock1 != null) {
299
            testDocument += "<additionalMetadata>";
300
            testDocument += "<describes>inlineEntity1</describes>";
301
            testDocument += inlineAccessBlock1;
302
            testDocument += "</additionalMetadata>";
303
        }
208
		if (all) {
209
			accessBlock += "<permission>all</permission>";
210
		} else {
211
			if (read) {
212
				accessBlock += "<permission>read</permission>";
213
			}
214
			if (write) {
215
				accessBlock += "<permission>write</permission>";
216
			}
217
			if (changePermission) {
218
				accessBlock += "<permission>changePermission</permission>";
219
			}
220
		}
304 221

  
305
        if (inlineAccessBlock2 != null) {
306
            testDocument += "<additionalMetadata>";
307
            testDocument += "<describes>inlineEntity2</describes>";
308
            testDocument += inlineAccessBlock2;
309
            testDocument += "</additionalMetadata>";
310
        }
222
		if (grantAccess) {
223
			accessBlock += "</allow>";
224
		} else {
225
			accessBlock += "</deny>";
226
		}
227
		return accessBlock;
311 228

  
312
        if (onlineAccessBlock1 != null) {
313
            testDocument += "<additionalMetadata>";
314
            testDocument += "<describes>onlineEntity1</describes>";
315
            testDocument += onlineAccessBlock1;
316
            testDocument += "</additionalMetadata>";
317
        }
229
	}
318 230

  
319
        if (onlineAccessBlock2 != null) {
320
            testDocument += "<additionalMetadata>";
321
            testDocument += "<describes>onlineEntity2</describes>";
322
            testDocument += onlineAccessBlock2;
323
            testDocument += "</additionalMetadata>";
324
        }
231
	/**
232
	 * This function returns a valid eml document with no access rules This
233
	 * function is for eml-2.0.1 only. For other eml versions, this function
234
	 * might have to modified
235
	 */
236
	private String getTestEmlDoc(String title, String emlVersion, String inlineData1,
237
			String inlineData2, String onlineUrl1, String onlineUrl2,
238
			String docAccessBlock, String inlineAccessBlock1, String inlineAccessBlock2,
239
			String onlineAccessBlock1, String onlineAccessBlock2) {
325 240

  
326
        testDocument += "</eml:eml>";
241
		debug("getTestEmlDoc(): title=" + title + " inlineData1=" + inlineData1
242
				+ " inlineData2=" + inlineData2 + " onlineUrl1=" + onlineUrl1
243
				+ " onlineUrl2=" + onlineUrl2 + " docAccessBlock=" + docAccessBlock
244
				+ " inlineAccessBlock1=" + inlineAccessBlock1 + " inlineAccessBlock2="
245
				+ inlineAccessBlock2 + " onlineAccessBlock1=" + onlineAccessBlock1
246
				+ " onlineAccessBlock2=" + onlineAccessBlock2);
247
		String testDocument = "";
248
		String header;
249
		if (emlVersion == EML2_0_0) {
250
			header = testEml_200_Header;
251
		} else if (emlVersion == EML2_0_1) {
252
			header = testEml_201_Header;
253
		} else {
254
			header = testEml_210_Header;
255
		}
256
		testDocument = testDocument + header + "<dataset scope=\"document\"><title>"
257
				+ title + "</title>" + testEmlCreatorBlock;
327 258

  
328
        //System.out.println("Returning following document" + testDocument);
329
        return testDocument;
330
    }
259
		if (inlineData1 != null) {
260
			testDocument = testDocument
261
					+ "<distribution scope=\"document\" id=\"inlineEntity1\">"
262
					+ inlineData1 + "</distribution>";
263
		}
264
		if (inlineData2 != null) {
265
			testDocument = testDocument
266
					+ "<distribution scope=\"document\" id=\"inlineEntity2\">"
267
					+ inlineData2 + "</distribution>";
268
		}
269
		if (onlineUrl1 != null) {
270
			testDocument = testDocument
271
					+ "<distribution scope=\"document\" id=\"onlineEntity1\">"
272
					+ "<online><url function=\"download\">" + onlineUrl1
273
					+ "</url></online></distribution>";
274
		}
275
		if (onlineUrl2 != null) {
276
			testDocument = testDocument
277
					+ "<distribution scope=\"document\" id=\"onlineEntity2\">"
278
					+ "<online><url function=\"download\">" + onlineUrl2
279
					+ "</url></online></distribution>";
280
		}
281
		testDocument += testEmlContactBlock;
331 282

  
332
    /**
333
     * Constructor to build the test
334
     *
335
     * @param name the name of the test method
336
     */
337
    public AccessControlTest(String name) {
338
        super(name);
339
        newdocid = generateDocid();
340
    }
283
		if (docAccessBlock != null) {
284
			testDocument += docAccessBlock;
285
		}
341 286

  
342
    /**
343
     * Establish a testing framework by initializing appropriate objects
344
     */
345
    public void setUp() {
346
        try {
347
            debug("Test Metacat: " + metacatUrl);
348
            m = MetacatFactory.createMetacatConnection(metacatUrl);
349
        }
350
        catch (MetacatInaccessibleException mie) {
351
            System.err.println("Metacat is: " + metacatUrl);
352
            fail("Metacat connection failed." + mie.getMessage());
353
        }
354
    }
287
		testDocument += "</dataset>";
355 288

  
356
    /**
357
     * Release any objects after tests are complete
358
     */
359
    public void tearDown() {
360
    }
289
		if (inlineAccessBlock1 != null) {
290
			testDocument += "<additionalMetadata>";
291
			testDocument += "<describes>inlineEntity1</describes>";
292
			testDocument += inlineAccessBlock1;
293
			testDocument += "</additionalMetadata>";
294
		}
361 295

  
362
    /**
363
     * Create a suite of tests to be run together
364
     */
365
    public static Test suite() {
366
        TestSuite suite = new TestSuite();
367
        suite.addTest(new AccessControlTest("initialize"));
368
        // Test basic functions
369
        suite.addTest(new AccessControlTest("documentTest"));
370
        suite.addTest(new AccessControlTest("AccessControlTestForPublic"));
371
        suite.addTest(new AccessControlTest("testAllowFirst"));
372
        suite.addTest(new AccessControlTest("testDenyFirst"));
296
		if (inlineAccessBlock2 != null) {
297
			testDocument += "<additionalMetadata>";
298
			testDocument += "<describes>inlineEntity2</describes>";
299
			testDocument += inlineAccessBlock2;
300
			testDocument += "</additionalMetadata>";
301
		}
373 302

  
374
        return suite;
375
    }
303
		if (onlineAccessBlock1 != null) {
304
			testDocument += "<additionalMetadata>";
305
			testDocument += "<describes>onlineEntity1</describes>";
306
			testDocument += onlineAccessBlock1;
307
			testDocument += "</additionalMetadata>";
308
		}
376 309

  
377
    /**
378
     * Run an initial test that always passes to check that the test
379
     * harness is working.
380
     */
381
    public void initialize() {
382
        assertTrue(1 == 1);
383
    }
384
    
385
    
386
    /**
387
     * Tests when permission order is allowFirst, the combination of allow and deny rules  affect 
388
     * user to read, update and delete a document. Here are test cases
389
     *1.An user inserts a document with access  rules (allowFirst) - allow READ rule for another user,
390
     *   deny  READ rule for public. 
391
     *      Another user reads this document - failure
392
     *      Another user updates this document(except access part) -failure
393
     *      Another user updates this document(access part) -failure
394
     *      Another user deletes this document - failure
395
     *2. The user updates this documents with access rules (allowFirst) - allow READ and WRITE rule for another user,
396
     *    deny READ and WRITE rule for public. 
397
     *       Another user reads this document - failure
398
     *       Another user updates this document(except access part) -failure
399
     *       Another user updates this document(access part) -failure
400
     *       Another user deletes this document - failure
401
     *3. The user updates this documents with access rules (allowFirst) - allow ALL rule for another user,
402
     *     deny ALL rule for public. 
403
     *         Another user reads this document - failure
404
     *         Another user updates this document(except access part) -failure
405
     *         Another user updates this document(access part) -failure
406
     *         Another user deletes this document - failure
407
     *4. The user updates this documents with access rules (allowFirst) - allow READ and WRITE rule for another user,
408
     *    deny  WRITE rule for public. 
409
     *       Another user reads this document - success
410
     *       Another user updates this document(except access part) -failure
411
     *       Another user updates this document(access part) -failure
412
     *       Another user deletes this document - failure
413
     *5. The user updates this documents with access rules (allowFirst) - allow READ and WRITE rule for another user,
414
     *    deny READ rule for public. 
415
     *       Another user reads this document - failure
416
     *       Another user updates this document(except access part) - success
417
     *       Another user updates this document(access part) -failure
418
     *       Another user deletes this document - failure
419
     *6. The user updates this documents with access rules (allowFirst) - allow READ rule for another user,
420
     *     deny READ rule for a group (which another user is in the group)
421
     *         Another user reads this document - failure
422
     *         Another user updates this document(except access part) -failure
423
     *         Another user updates this document(access part) -failure
424
     *         Another user deletes this document - failure
425
     *7. The user updates this documents with access rules (allowFirst) - allow READ and WRITE rule for another user,
426
     *      deny READ and WRITE rule for a group (which another user is in the group)
427
     *         Another user reads this document - failure
428
     *         Another user updates this document(except access part) -failure
429
     *         Another user updates this document(access part) -failure
430
     *         Another user deletes this document - failure
431
     *8. The user updates this documents with access rules (allowFirst) - allow ALL rule for another user,
432
     *     deny ALL rule for a group (which another user is in the group)
433
     *          Another user reads this document - failure
434
     *          Another user updates this document(except access part) -failure
435
     *          Another user updates this document(access part) -failure
436
     *          Another user deletes this document - failure
437
     *9. The user updates this documents with access rules (allowFirst) - allow READ and WRITE rule for another user,
438
     *     deny WRITE rule for a group (which another user is in the group)
439
     *          Another user reads this document - success
440
     *          Another user updates this document(except access part) -failure
441
     *          Another user updates this document(access part) -failure
442
     *          Another user deletes this document - failure
443
     *10. The user updates this documents with access rules (allowFirst) - allow READ and WRITE rule for another user,
444
     *     deny READ rule for a group (which another user is in the group)
445
     *          Another user reads this document - failure
446
     *          Another user updates this document(except access part) - success
447
     *          Another user updates this document(access part) -failure
448
     *          Another user deletes this document - failure
449
     */
450
    public void testAllowFirst()
451
    {
452
    	try {
453
    		debug("\nRunning: testAllowFirst test");
454
	    	newdocid = generateDocid();	        
455
	        //====1 inserts a document with access  rules (allowFirst) - allow READ rule for another user,
456
	        // deny  READ rule for public.
457
	        String accessRule1 = generateOneAccessRule(anotheruser, true,
458
                    true, false, false, false);
459
	        String accessRule2 = generateOneAccessRule("public", false,
460
                    true, false, false, false);
461
	        Vector accessRules = new Vector();
462
	        accessRules.add(accessRule1);
463
	        accessRules.add(accessRule2);
464
	        String access = getAccessBlock(accessRules, ALLOWFIRST);
465
	        debug("Test 1: the access part is " + access);
466
	        testdocument = getTestEmlDoc("Testing user can not read, write and delete a document",
467
                    null, null, null,
468
                    null, access ,
469
                    null, null, null, null);
470
	        // login
471
	        debug("logging in as: username=" + username + " password=" + password);
472
	        m.login(username, password);
473
	        insertDocid(newdocid + ".1", testdocument, SUCCESS, false);
474
	        debug("logging out");
475
	        m.logout();
476
	        //login as another user
477
	        debug("logging in as: anotheruser=" + anotheruser + " anotherpassword=" + anotherpassword);
478
	        m.login(anotheruser, anotherpassword);
479
	        //fails to read this document
480
	        readDocidWhichEqualsDoc(newdocid + ".1", testdocument, FAILURE, true);
481
	        //fails to update this document
482
            updateDocid(newdocid + ".2", testdocument, FAILURE, true);
483
            //fails to update access part
484
            testdocument = getTestEmlDoc("Testing user can not read, write and delete a document",
485
                    null, null, null,
486
                    null,  getAccessBlock(anotheruser, true,
487
                            true, false, false, false),
488
                    null, null, null, null);
489
            updateDocid(newdocid + ".2", testdocument, FAILURE, true);
490
            //fails to delete the document
491
            deleteDocid(newdocid + ".1", FAILURE, true);
492
            //logout
493
	        debug("logging out");
494
            m.logout();
495
            
496
            //====2 inserts a document with access  rules (allowFirst) - allow READ and WRITE rule for another user,
497
	        // deny  READ and WRITE rule for public.
498
	        accessRule1 = generateOneAccessRule(anotheruser, true,
499
                    true, true, false, false);
500
	        accessRule2 = generateOneAccessRule("public", false,
501
                    true, true, false, false);
502
	        accessRules = new Vector();
503
	        accessRules.add(accessRule1);
504
	        accessRules.add(accessRule2);
505
	        access = getAccessBlock(accessRules, ALLOWFIRST);
506
	        debug("Test 2: the access part is " + access);
507
	        testdocument = getTestEmlDoc("Testing user can not read, write and delete a document",
508
                    null, null, null,
509
                    null, access ,
510
                    null, null, null, null);
511
	        // login
512
	        debug("logging in as: username=" + username + " password=" + password);
513
	        m.login(username, password);
514
	        updateDocid(newdocid + ".2", testdocument, SUCCESS, false);
515
	        debug("logging out");
516
	        m.logout();
517
	        //login as another user
518
	        debug("logging in as: anotheruser=" + anotheruser + " anotherpassword=" + anotherpassword);
519
	        m.login(anotheruser, anotherpassword);
520
	        //fails to read this document
521
	        readDocidWhichEqualsDoc(newdocid + ".2", testdocument, FAILURE, true);
522
	        //fails to update this document
523
            updateDocid(newdocid + ".3", testdocument, FAILURE, true);
524
            //fails to update access part
525
            testdocument = getTestEmlDoc("Testing user can not read, write and delete a document",
526
                    null, null, null,
527
                    null,  getAccessBlock(anotheruser, true,
528
                            true, false, false, false),
529
                    null, null, null, null);
530
            updateDocid(newdocid + ".3", testdocument, FAILURE, true);
531
            //fails to delete the document
532
            deleteDocid(newdocid + ".2", FAILURE, true);
533
            //logout
534
	        debug("logging out");
535
            m.logout();
536
            
537
             //====3 inserts a document with access  rules (allowFirst) - allow ALL rule for another user,
538
	        // deny  ALL rule for public.
539
	        accessRule1 = generateOneAccessRule(anotheruser, true,
540
                    true, true, true, true);
541
	        accessRule2 = generateOneAccessRule("public", false,
542
                    true, true, true, true);
543
	        accessRules = new Vector();
544
	        accessRules.add(accessRule1);
545
	        accessRules.add(accessRule2);
546
	        access = getAccessBlock(accessRules, ALLOWFIRST);
547
	        debug("Test 3; the access part is " + access);
548
	        testdocument = getTestEmlDoc("Testing user can not read, write and delete a document",
549
                    null, null, null,
550
                    null, access ,
551
                    null, null, null, null);
552
	        // login
553
	        debug("logging in as: username=" + username + " password=" + password);
554
	        m.login(username, password);
555
	        updateDocid(newdocid + ".3", testdocument, SUCCESS, false);
556
	        debug("logging out");
557
	        m.logout();
558
	        //login as another user
559
	        debug("logging in as: anotheruser=" + anotheruser + " anotherpassword=" + anotherpassword);
560
	        m.login(anotheruser, anotherpassword);
561
	        //fails to read this document
562
	        readDocidWhichEqualsDoc(newdocid + ".3", testdocument, FAILURE, true);
563
	        //fails to update this document
564
            updateDocid(newdocid + ".4", testdocument, FAILURE, true);
565
            //fails to update access part
566
            testdocument = getTestEmlDoc("Testing user can not read, write and delete a document",
567
                    null, null, null,
568
                    null,  getAccessBlock(anotheruser, true,
569
                            true, false, false, false),
570
                    null, null, null, null);
571
            updateDocid(newdocid + ".4", testdocument, FAILURE, true);
572
            //fails to delete the document
573
            deleteDocid(newdocid + ".3", FAILURE, true);
574
            //logout
575
	        debug("logging out");
576
            m.logout();
577
            
578
            
579
            
580
            
581
            
582
             //  ====4 The user updates this documents with access rules (allowFirst) - allow READ and WRITE 
583
            //rule for another user, deny  WRITE rule for public. 
584
	        accessRule1 = generateOneAccessRule(anotheruser, true,
585
                    true, true, false, false);
586
	        accessRule2 = generateOneAccessRule("public", false, false, true, false, false);
587
	        accessRules = new Vector();
588
	        accessRules.add(accessRule1);
589
	        accessRules.add(accessRule2);
590
	        access = getAccessBlock(accessRules, ALLOWFIRST);
591
	        debug("Test 4: the access part is " + access);
592
	        testdocument = getTestEmlDoc("Testing user can not read, write and delete a document",
593
                    null, null, null,
594
                    null, access ,
595
                    null, null, null, null);
596
	        // login
597
	        debug("logging in as: username=" + username + " password=" + password);
598
	        m.login(username, password);
599
	        updateDocid(newdocid + ".4", testdocument, SUCCESS, false);
600
	        m.logout();
601
	        debug("logging out");
602
	        //login as another user
603
	        debug("logging in as: anotheruser=" + anotheruser + " anotherpassword=" + anotherpassword);
604
	        m.login(anotheruser, anotherpassword);
605
	        //fails to read this document
606
	        readDocidWhichEqualsDoc(newdocid + ".4", testdocument, SUCCESS, false);
607
	        //fails to update this document
608
            updateDocid(newdocid + ".5", testdocument, FAILURE, true);
609
            //fails to update access part
610
            testdocument = getTestEmlDoc("Testing user can not read, write and delete a document",
611
                    null, null, null,
612
                    null,  getAccessBlock(anotheruser, true,
613
                            true, false, false, false),
614
                    null, null, null, null);
615
            updateDocid(newdocid + ".5", testdocument, FAILURE, true);
616
            //fails to delete the document
617
            deleteDocid(newdocid + ".4", FAILURE, true);
618
            //logout
619
            m.logout();
620
	        
621
            
622
            //  ====5. The user updates this documents with access rules (allowFirst) - allow READ and WRITE
623
            //rule for another user, deny READ rule for public. 
624
	        accessRule1 = generateOneAccessRule(anotheruser, true,
625
                    true, true, false, false);
626
	        accessRule2 = generateOneAccessRule("public", false, true, false, false, false);
627
	        accessRules = new Vector();
628
	        accessRules.add(accessRule1);
629
	        accessRules.add(accessRule2);
630
	        access = getAccessBlock(accessRules, ALLOWFIRST);
631
	        debug("Test 5: the access part is " + access);
632
	        testdocument = getTestEmlDoc("Testing user can not read, write and delete a document",
633
                    null, null, null,
634
                    null, access ,
635
                    null, null, null, null);
636
	        // login
637
	        debug("logging in as: username=" + username + " password=" + password);
638
	        m.login(username, password);
639
	        updateDocid(newdocid + ".5", testdocument, SUCCESS, false);
640
	        debug("logging out");
641
	        m.logout();
642
	        //login as another user
643
	        debug("logging in as: anotheruser=" + anotheruser + " anotherpassword=" + anotherpassword);
644
	        m.login(anotheruser, anotherpassword);
645
	        //fails to read this document
646
	        readDocidWhichEqualsDoc(newdocid + ".5", testdocument, FAILURE, true);
647
	        //fails to update this document
648
            updateDocid(newdocid + ".6", testdocument, SUCCESS, false);
649
            //fails to update access part
650
            testdocument = getTestEmlDoc("Testing user can not read, write and delete a document",
651
                    null, null, null,
652
                    null,  getAccessBlock(anotheruser, true,
653
                            true, false, false, false),
654
                    null, null, null, null);
655
            updateDocid(newdocid + ".7", testdocument, FAILURE, true);
656
            //fails to delete the document
657
            deleteDocid(newdocid + ".6", FAILURE, true);
658
            //logout
659
	        debug("logging out");
660
            m.logout();
661
            
662
            
663
            
664
             //   ====6 inserts a document with access  rules (allowFirst) - allow READ rule for another user,
665
	        // deny  READ rule for a group (cn=knb-usr,o=nceas,dc=ecoinformatics,dc=org and another user is 
666
            // in this group).
667
	        accessRule1 = generateOneAccessRule(anotheruser, true,
668
                    true, false, false, false);
669
	        accessRule2 = generateOneAccessRule("cn=knb-usr,o=nceas,dc=ecoinformatics,dc=org", false,
670
                   true, false, false, false);
671
	        accessRules = new Vector();
672
	        accessRules.add(accessRule1);
673
	        accessRules.add(accessRule2);
674
	        access = getAccessBlock(accessRules, ALLOWFIRST);
675
	        debug("Test 6: the access part is " + access);
676
	        testdocument = getTestEmlDoc("Testing user can not read, write and delete a document",
677
                    null, null, null,
678
                    null, access ,
679
                    null, null, null, null);
680
	        // login
681
	        debug("logging in as: username=" + username + " password=" + password);
682
	        m.login(username, password);
683
	        updateDocid(newdocid + ".7", testdocument, SUCCESS, false);
684
	        debug("logging out");
685
	        m.logout();
686
	        //login as another user
687
	        debug("logging in as: anotheruser=" + anotheruser + " anotherpassword=" + anotherpassword);
688
	        m.login(anotheruser, anotherpassword);
689
	        //fails to read this document
690
	        readDocidWhichEqualsDoc(newdocid + ".7", testdocument, FAILURE, true);
691
	        //fails to update this document
692
            updateDocid(newdocid + ".8", testdocument, FAILURE, true);
693
            //fails to update access part
694
            testdocument = getTestEmlDoc("Testing user can not read, write and delete a document",
695
                    null, null, null,
696
                    null,  getAccessBlock(anotheruser, true,
697
                            true, false, false, false),
698
                    null, null, null, null);
699
            updateDocid(newdocid + ".8", testdocument, FAILURE, true);
700
            //fails to delete the document
701
            deleteDocid(newdocid + ".7", FAILURE, true);
702
            //logout
703
	        debug("logging out");
704
            m.logout();
705
            
706
            //====7 inserts a document with access  rules (allowFirst) - allow READ and WRITE rule for another 
707
            //user, deny  READ and WRITE rule for a group (cn=knb-usr,o=nceas,dc=ecoinformatics,dc=org and
708
            // the other user is in this group)
709
	        accessRule1 = generateOneAccessRule(anotheruser, true,
710
                    true, true, false, false);
711
	        accessRule2 = generateOneAccessRule("cn=knb-usr,o=nceas,dc=ecoinformatics,dc=org", false,
712
                    true, true, false, false);
713
	        accessRules = new Vector();
714
	        accessRules.add(accessRule1);
715
	        accessRules.add(accessRule2);
716
	        access = getAccessBlock(accessRules, ALLOWFIRST);
717
	        debug("Test 7: the access part is "+access);
718
	        testdocument = getTestEmlDoc("Testing user can not read, write and delete a document",
719
                    null, null, null,
720
                    null, access ,
721
                    null, null, null, null);
722
	        // login
723
	        debug("logging in as: username=" + username + " password=" + password);
724
	        m.login(username, password);
725
	        updateDocid(newdocid + ".8", testdocument, SUCCESS, false);
726
	        debug("logging out");
727
	        m.logout();
728
	        //login as another user
729
	        debug("logging in as: anotheruser=" + anotheruser + " anotherpassword=" + anotherpassword);
730
	        m.login(anotheruser, anotherpassword);
731
	        //fails to read this document
732
	        readDocidWhichEqualsDoc(newdocid + ".8", testdocument, FAILURE, true);
733
	        //fails to update this document
734
            updateDocid(newdocid + ".9", testdocument, FAILURE, true);
735
            //fails to update access part
736
            testdocument = getTestEmlDoc("Testing user can not read, write and delete a document",
737
                    null, null, null,
738
                    null,  getAccessBlock(anotheruser, true,
739
                            true, false, false, false),
740
                    null, null, null, null);
741
            updateDocid(newdocid + ".9", testdocument, FAILURE, true);
742
            //fails to delete the document
743
            deleteDocid(newdocid + ".8", FAILURE, true);
744
            //logout
745
	        debug("logging out");
746
            m.logout();
747
            
748
             //====8 inserts a document with access  rules (allowFirst) - allow ALL rule for another user,
749
	        // deny  ALL rule for a group (cn=knb-usr,o=nceas,dc=ecoinformatics,dc=org and the other user
750
            // is in this group)
751
	        accessRule1 = generateOneAccessRule(anotheruser, true,
752
                    true, true, true, true);
753
	        accessRule2 = generateOneAccessRule("cn=knb-usr,o=nceas,dc=ecoinformatics,dc=org", false,
754
                    true, true, true, true);
755
	        accessRules = new Vector();
756
	        accessRules.add(accessRule1);
757
	        accessRules.add(accessRule2);
758
	        access = getAccessBlock(accessRules, ALLOWFIRST);
759
	        debug("Test 8: the access part is " + access);
760
	        testdocument = getTestEmlDoc("Testing user can not read, write and delete a document",
761
                    null, null, null,
762
                    null, access ,
763
                    null, null, null, null);
764
	        // login
765
	        debug("logging in as: username=" + username + " password=" + password);
766
	        m.login(username, password);
767
	        updateDocid(newdocid + ".9", testdocument, SUCCESS, false);
768
	        debug("logging out");
769
	        m.logout();
770
	        //login as another user
771
	        debug("logging in as: anotheruser=" + anotheruser + " anotherpassword=" + anotherpassword);
772
	        m.login(anotheruser, anotherpassword);
773
	        //fails to read this document
774
	        readDocidWhichEqualsDoc(newdocid + ".9", testdocument, FAILURE, true);
775
	        //fails to update this document
776
            updateDocid(newdocid + ".10", testdocument, FAILURE, true);
777
            //fails to update access part
778
            testdocument = getTestEmlDoc("Testing user can not read, write and delete a document",
779
                    null, null, null,
780
                    null,  getAccessBlock(anotheruser, true,
781
                            true, false, false, false),
782
                    null, null, null, null);
783
            updateDocid(newdocid + ".10", testdocument, FAILURE, true);
784
            //fails to delete the document
785
            deleteDocid(newdocid + ".9", FAILURE, true);
786
            //logout
787
	        debug("logging out");
788
            m.logout();
789
            
790
            
791
            
792
            
793
            
794
             //  ====9 The user updates this documents with access rules (allowFirst) - allow READ and WRITE 
795
            //rule for another user, deny  WRITE rule for a group (cn=knb-usr,o=nceas,dc=ecoinformatics,dc=org
796
            // and another user is in this group). 
797
	        accessRule1 = generateOneAccessRule(anotheruser, true,
798
                    true, true, false, false);
799
	        accessRule2 = generateOneAccessRule("cn=knb-usr,o=nceas,dc=ecoinformatics,dc=org", false, false, true, false, false);
800
	        accessRules = new Vector();
801
	        accessRules.add(accessRule1);
802
	        accessRules.add(accessRule2);
803
	        access = getAccessBlock(accessRules, ALLOWFIRST);
804
	        debug("Test 9: the access part is " + access);
805
	        testdocument = getTestEmlDoc("Testing user can not read, write and delete a document",
806
                    null, null, null,
807
                    null, access ,
808
                    null, null, null, null);
809
	        // login
810
	        debug("logging in as: username=" + username + " password=" + password);
811
	        m.login(username, password);
812
	        updateDocid(newdocid + ".10", testdocument, SUCCESS, false);
813
	        debug("logging out");
814
	        m.logout();
815
	        //login as another user
816
	        debug("logging in as: anotheruser=" + anotheruser + " anotherpassword=" + anotherpassword);
817
	        m.login(anotheruser, anotherpassword);
818
	        //succeed to read this document
819
	        readDocidWhichEqualsDoc(newdocid + ".10", testdocument, SUCCESS, false);
820
	        //fails to update this document
821
            updateDocid(newdocid + ".11", testdocument, FAILURE, true);
822
            //fails to update access part
823
            testdocument = getTestEmlDoc("Testing user can not read, write and delete a document",
824
                    null, null, null,
825
                    null,  getAccessBlock(anotheruser, true,
826
                            true, false, false, false),
827
                    null, null, null, null);
828
            updateDocid(newdocid + ".11", testdocument, FAILURE, true);
829
            //fails to delete the document
830
            deleteDocid(newdocid + ".10", FAILURE, true);
831
            //logout
832
	        debug("logging out");
833
            m.logout();
834
	        
835
            
836
            //  ====10. The user updates this documents with access rules (allowFirst) - allow READ and WRITE
837
            //rule for another user, deny READ rule for a group(cn=knb-usr,o=nceas,dc=ecoinformatics,dc=org and
838
            //another user is in this group). 
839
	        accessRule1 = generateOneAccessRule(anotheruser, true,
840
                    true, true, false, false);
841
	        accessRule2 = generateOneAccessRule("cn=knb-usr,o=nceas,dc=ecoinformatics,dc=org", false,
842
                    true, false, false, false);
843
	        accessRules = new Vector();
844
	        accessRules.add(accessRule1);
845
	        accessRules.add(accessRule2);
846
	        access = getAccessBlock(accessRules, ALLOWFIRST);
847
	        debug("Test 10: the access part is " + access);
848
	        testdocument = getTestEmlDoc("Testing user can not read, write and delete a document",
849
                    null, null, null,
850
                    null, access ,
851
                    null, null, null, null);
852
	        // login
853
	        debug("logging in as: username=" + username + " password=" + password);
854
	        m.login(username, password);
855
	        updateDocid(newdocid + ".11", testdocument, SUCCESS, false);
856
	        debug("logging out");
857
	        m.logout();
858
	        //login as another user
859
	        debug("logging in as: anotheruser=" + anotheruser + " anotherpassword=" + anotherpassword);
860
	        m.login(anotheruser, anotherpassword);
861
	        //fails to read this document
862
	        readDocidWhichEqualsDoc(newdocid + ".11", testdocument, FAILURE, true);
863
	        //succeed to update this document
864
            updateDocid(newdocid + ".12", testdocument, SUCCESS, false);
865
            //fails to update access part
866
            testdocument = getTestEmlDoc("Testing user can not read, write and delete a document",
867
                    null, null, null,
868
                    null,  getAccessBlock(anotheruser, true,
869
                            true, false, false, false),
870
                    null, null, null, null);
871
            updateDocid(newdocid + ".13", testdocument, FAILURE, true);
872
            //fails to delete the document
873
            deleteDocid(newdocid + ".12", FAILURE, true);
874
            //logout
875
	        debug("logging out");
876
            m.logout();
877
	    }
878
	    catch (MetacatAuthException mae) {
879
	        fail("Authorization failed:\n" + mae.getMessage());
880
	    }
881
	    catch (MetacatInaccessibleException mie) {
882
	        fail("Metacat Inaccessible:\n" + mie.getMessage());
883
	    }
884
	    catch (Exception e) {
885
	        fail("General exception:\n" + e.getMessage());
886
	    }
887
    }
888
    
889
    /**
890
     * Tests when permission order is denyFirst, the combination of allow and deny rules  affect 
891
     * user to read, update and delete a document. Here are test cases
892
     *1.An user inserts a document with access  rules (denyFirst) - allow READ rule for another user,
893
     *   deny  READ rule for public. 
894
     *      Another user reads this document - success
895
     *      Another user updates this document(except access part) -failure
896
     *      Another user updates this document(access part) -failure
897
     *      Another user deletes this document - failure
898
     *2. The user updates this documents with access rules (denyFirst) - allow READ and WRITE rule for another user,
899
     *    deny READ and WRITE rule for public. 
900
     *       Another user reads this document - success
901
     *       Another user updates this document(except access part) -success
902
     *       Another user updates this document(access part) -failure
903
     *       Another user deletes this document - failure
904
     *3. The user updates this documents with access rules (denyFirst) - allow ALL rule for another user,
905
     *     deny ALL rule for public. 
906
     *         Another user reads this document - success
907
     *         Another user updates this document(except access part) -success
908
     *         Another user updates this document(access part) -success
909
     *         Another user deletes this document - success
910
     *4. The user updates this documents with access rules (denyFirst) - allow READ and WRITE rule for another user,
911
     *    deny  WRITE rule for public. 
912
     *       Another user reads this document - success
913
     *       Another user updates this document(except access part) -success
914
     *       Another user updates this document(access part) -failure
915
     *       Another user deletes this document - failure
916
     *5. The user updates this documents with access rules (denyFirst) - allow READ and WRITE rule for another user,
917
     *    deny READ rule for public. 
918
     *       Another user reads this document - success
919
     *       Another user updates this document(except access part) - success
920
     *       Another user updates this document(access part) -failure
921
     *       Another user deletes this document - failure
922
     *6. The user updates this documents with access rules (denyFirst) - allow READ rule for another user,
923
     *     deny READ rule for a group (which another user is in the group)
924
     *         Another user reads this document - success
925
     *         Another user updates this document(except access part) -failure
926
     *         Another user updates this document(access part) -failure
927
     *         Another user deletes this document - failure
928
     *7. The user updates this documents with access rules (denyFirst) - allow READ and WRITE rule for another user,
929
     *      deny READ and WRITE rule for a group (which another user is in the group)
930
     *         Another user reads this document - success
931
     *         Another user updates this document(except access part) - success
932
     *         Another user updates this document(access part) -failure
933
     *         Another user deletes this document - failure
934
     *8. The user updates this documents with access rules (denyFirst) - allow ALL rule for another user,
935
     *     deny ALL rule for a group (which another user is in the group)
936
     *          Another user reads this document - success
937
     *          Another user updates this document(except access part) - success
938
     *          Another user updates this document(access part) - success
939
     *          Another user deletes this document - success
940
     *9. The user updates this documents with access rules (denyFirst) - allow READ and WRITE rule for another user,
941
     *     deny WRITE rule for a group (which another user is in the group)
942
     *          Another user reads this document - success
943
     *          Another user updates this document(except access part) - success
944
     *          Another user updates this document(access part) - failure
945
     *          Another user deletes this document - failure
946
     *10. The user updates this documents with access rules (denyFirst) - allow READ and WRITE rule for another user,
947
     *     deny READ rule for a group (which another user is in the group)
948
     *          Another user reads this document - success
949
     *          Another user updates this document(except access part) - success
950
     *          Another user updates this document(access part) -failure
951
     *          Another user deletes this document - failure
952
     */
953
    public void testDenyFirst()
954
    {
955
    	debug("\nRunning: testDenyFirst()");
956
    	try {
957
	    	newdocid = generateDocid();	        
958
	        //====1 inserts a document with access  rules (denyFirst) - allow READ rule for another user,
959
	        // deny  READ rule for public.
960
	        String accessRule1 = generateOneAccessRule(anotheruser, true,
961
                    true, false, false, false);
962
	        String accessRule2 = generateOneAccessRule("public", false,
963
                    true, false, false, false);
964
	        Vector accessRules = new Vector();
965
	        accessRules.add(accessRule1);
966
	        accessRules.add(accessRule2);
967
	        String access = getAccessBlock(accessRules, DENYFIRST);
968
	        debug("Test 1: the access part is " + access);
969
	        testdocument = getTestEmlDoc("Testing user can not read, write and delete a document",
970
                    null, null, null,
971
                    null, access ,
972
                    null, null, null, null);
973
	        // login
974
	        debug("logging in as: username=" + username + " password=" + password);
975
	        m.login(username, password);
976
	        insertDocid(newdocid + ".1", testdocument, SUCCESS, false);
977
	        debug("logging out");
978
	        m.logout();
979
	        //login as another user
980
	        debug("logging in as: anotheruser=" + anotheruser + " anotherpassword=" + anotherpassword);
981
	        m.login(anotheruser, anotherpassword);
982
	        //succeeds to read this document
983
	        readDocidWhichEqualsDoc(newdocid + ".1", testdocument, SUCCESS, false);
984
	        //fails to update this document
985
            updateDocid(newdocid + ".2", testdocument, FAILURE, true);
986
            //fails to update access part
987
            testdocument = getTestEmlDoc("Testing user can not read, write and delete a document",
988
                    null, null, null,
989
                    null,  getAccessBlock(anotheruser, true,
990
                            true, false, false, false),
991
                    null, null, null, null);
992
            updateDocid(newdocid + ".2", testdocument, FAILURE, true);
993
            //fails to delete the document
994
            deleteDocid(newdocid + ".1", FAILURE, true);
995
            //logout
996
	        debug("logging out");
997
            m.logout();
998
            
999
            //====2 inserts a document with access  rules (denyFirst) - allow READ and WRITE rule for another user,
1000
	        // deny  READ and WRITE rule for public.
1001
	        accessRule1 = generateOneAccessRule(anotheruser, true,
1002
                    true, true, false, false);
1003
	        accessRule2 = generateOneAccessRule("public", false,
1004
                    true, true, false, false);
1005
	        accessRules = new Vector();
1006
	        accessRules.add(accessRule1);
1007
	        accessRules.add(accessRule2);
1008
	        access = getAccessBlock(accessRules, DENYFIRST);
1009
	        debug("Test 2: the access part is " + access);
1010
	        testdocument = getTestEmlDoc("Testing user can not read, write and delete a document",
1011
                    null, null, null,
1012
                    null, access ,
1013
                    null, null, null, null);
1014
	        // login
1015
	        debug("logging in as: username=" + username + " password=" + password);
1016
	        m.login(username, password);
1017
	        updateDocid(newdocid + ".2", testdocument, SUCCESS, false);
1018
	        debug("logging out");
1019
	        m.logout();
1020
	        //login as another user
1021
	        debug("logging in as: anotheruser=" + anotheruser + " anotherpassword=" + anotherpassword);
1022
	        m.login(anotheruser, anotherpassword);
1023
	        //succeeds to read this document
1024
	        readDocidWhichEqualsDoc(newdocid + ".2", testdocument, SUCCESS, false);
1025
	        //succeeds to update this document
1026
            updateDocid(newdocid + ".3", testdocument, SUCCESS, false);
1027
            //fails to update access part
1028
            testdocument = getTestEmlDoc("Testing user can not read, write and delete a document",
1029
                    null, null, null,
1030
                    null,  getAccessBlock(anotheruser, true,
1031
                            true, false, false, false),
1032
                    null, null, null, null);
1033
            updateDocid(newdocid + ".4", testdocument, FAILURE, true);
1034
            //fails to delete the document
1035
            deleteDocid(newdocid + ".3", FAILURE, true);
1036
            //logout
1037
	        debug("logging out");
1038
            m.logout();
1039
            
1040
             //====3 inserts a document with access  rules (denyFirst) - allow ALL rule for another user,
1041
	        // deny  ALL rule for public.
1042
	        accessRule1 = generateOneAccessRule(anotheruser, true,
1043
                    true, true, true, true);
1044
	        accessRule2 = generateOneAccessRule("public", false,
1045
                    true, true, true, true);
1046
	        accessRules = new Vector();
1047
	        accessRules.add(accessRule1);
1048
	        accessRules.add(accessRule2);
1049
	        access = getAccessBlock(accessRules, DENYFIRST);
1050
	        debug("Test 3: the access part is " + access);
1051
	        testdocument = getTestEmlDoc("Testing user can not read, write and delete a document",
1052
                    null, null, null,
1053
                    null, access ,
1054
                    null, null, null, null);
1055
	        // login
1056
	        debug("logging in as: username=" + username + " password=" + password);
1057
	        m.login(username, password);
1058
	        updateDocid(newdocid + ".4", testdocument, SUCCESS, false);
1059
	        debug("logging out");
1060
	        m.logout();
1061
	        //login as another user
1062
	        debug("logging in as: anotheruser=" + anotheruser + " anotherpassword=" + anotherpassword);
1063
	        m.login(anotheruser, anotherpassword);
1064
	        //succeeds to read this document
1065
	        readDocidWhichEqualsDoc(newdocid + ".4", testdocument, SUCCESS, false);
1066
	        //succeeds to update this document
1067
            updateDocid(newdocid + ".5", testdocument, SUCCESS, false);
1068
            //succeed to update access part
1069
            testdocument = getTestEmlDoc("Testing user can not read, write and delete a document",
1070
                    null, null, null,
1071
                    null,  getAccessBlock(anotheruser, true, true, true, true, true),
1072
                    null, null, null, null);
1073
            updateDocid(newdocid + ".6", testdocument, SUCCESS, false);
1074
            //succeeds to delete the document
1075
            deleteDocid(newdocid + ".6", SUCCESS, false);
1076
            //logout
1077
	        debug("logging out");
1078
            m.logout();
1079
            
1080
            
1081
            
1082
            
1083
            newdocid = generateDocid();
1084
             //  ====4 The user updates this documents with access rules (denyFirst) - allow READ and WRITE 
1085
            //rule for another user, deny  WRITE rule for public. 
1086
	        accessRule1 = generateOneAccessRule(anotheruser, true,
1087
                    true, true, false, false);
1088
	        accessRule2 = generateOneAccessRule("public", false, false, true, false, false);
1089
	        accessRules = new Vector();
1090
	        accessRules.add(accessRule1);
1091
	        accessRules.add(accessRule2);
1092
	        access = getAccessBlock(accessRules, DENYFIRST);
1093
	        debug("Test 4: the access part is " + access);
1094
	        testdocument = getTestEmlDoc("Testing user can not read, write and delete a document",
1095
                    null, null, null,
1096
                    null, access ,
1097
                    null, null, null, null);
1098
	        // login
1099
	        debug("logging in as: username=" + username + " password=" + password);
1100
	        m.login(username, password);
1101
	        insertDocid(newdocid + ".1", testdocument, SUCCESS, false);
1102
	        debug("logging out");
1103
	        m.logout();
1104
	        //login as another user
1105
	        debug("logging in as: anotheruser=" + anotheruser + " anotherpassword=" + anotherpassword);
1106
	        m.login(anotheruser, anotherpassword);
1107
	        //succeeds to read this document
1108
	        readDocidWhichEqualsDoc(newdocid + ".1", testdocument, SUCCESS, false);
1109
	        //succeeds to update this document
1110
            updateDocid(newdocid + ".2", testdocument, SUCCESS, false);
1111
            //fails to update access part
1112
            testdocument = getTestEmlDoc("Testing user can not read, write and delete a document",
1113
                    null, null, null,
1114
                    null,  getAccessBlock(anotheruser, true,
1115
                            true, false, false, false),
1116
                    null, null, null, null);
1117
            updateDocid(newdocid + ".3", testdocument, FAILURE, true);
1118
            //fails to delete the document
1119
            deleteDocid(newdocid + ".2", FAILURE, true);
1120
            //logout
1121
	        debug("logging out");
1122
            m.logout();
1123
	        
1124
            
1125
            //  ====5. The user updates this documents with access rules (allowFirst) - allow READ and WRITE
1126
            //rule for another user, deny READ rule for public. 
1127
	        accessRule1 = generateOneAccessRule(anotheruser, true,
1128
                    true, true, false, false);
1129
	        accessRule2 = generateOneAccessRule("public", false, true, false, false, false);
1130
	        accessRules = new Vector();
1131
	        accessRules.add(accessRule1);
1132
	        accessRules.add(accessRule2);
1133
	        access = getAccessBlock(accessRules, DENYFIRST);
1134
	        debug("Test 5: the access part is "+access);
1135
	        testdocument = getTestEmlDoc("Testing user can not read, write and delete a document",
1136
                    null, null, null,
1137
                    null, access ,
1138
                    null, null, null, null);
1139
	        // login
1140
	        debug("logging in as: username=" + username + " password=" + password);
1141
	        m.login(username, password);
1142
	        updateDocid(newdocid + ".10", testdocument, SUCCESS, false);
1143
	        debug("logging out");
1144
	        m.logout();
1145
	        //login as another user
1146
	        debug("logging in as: anotheruser=" + anotheruser + " anotherpassword=" + anotherpassword);
1147
	        m.login(anotheruser, anotherpassword);
1148
	        //succeeds to read this document
1149
	        readDocidWhichEqualsDoc(newdocid + ".10", testdocument, SUCCESS, false);
1150
	        //succeed to update this document
1151
            updateDocid(newdocid + ".11", testdocument, SUCCESS, false);
1152
            //fails to update access part
1153
            testdocument = getTestEmlDoc("Testing user can not read, write and delete a document",
1154
                    null, null, null,
1155
                    null,  getAccessBlock(anotheruser, true,
1156
                            true, false, false, false),
1157
                    null, null, null, null);
1158
            updateDocid(newdocid + ".12", testdocument, FAILURE, true);
1159
            //fails to delete the document
1160
            deleteDocid(newdocid + ".12", FAILURE, true);
1161
            //logout
1162
	        debug("logging out");
1163
            m.logout();
1164
            
1165
            
1166
            
1167
             //   ====6 inserts a document with access  rules (denyFirst) - allow READ rule for another user,
1168
	        // deny  READ rule for a group (cn=knb-usr,o=nceas,dc=ecoinformatics,dc=org and another user is 
1169
            // in this group).
1170
	        accessRule1 = generateOneAccessRule(anotheruser, true,
1171
                    true, false, false, false);
1172
	        accessRule2 = generateOneAccessRule("cn=knb-usr,o=nceas,dc=ecoinformatics,dc=org", false,
1173
                   true, false, false, false);
1174
	        accessRules = new Vector();
1175
	        accessRules.add(accessRule1);
1176
	        accessRules.add(accessRule2);
1177
	        access = getAccessBlock(accessRules, DENYFIRST);
1178
	        debug("Test 6: the access part is "+access);
1179
	        testdocument = getTestEmlDoc("Testing user can not read, write and delete a document",
1180
                    null, null, null,
1181
                    null, access ,
1182
                    null, null, null, null);
1183
	        // login
1184
	        debug("logging in as: username=" + username + " password=" + password);
1185
	        m.login(username, password);
1186
	        updateDocid(newdocid + ".13", testdocument, SUCCESS, false);
1187
	        debug("logging out");
1188
	        m.logout();
1189
	        //login as another user
1190
	        debug("logging in as: anotheruser=" + anotheruser + " anotherpassword=" + anotherpassword);
1191
	        m.login(anotheruser, anotherpassword);
1192
	        //succeeds to read this document
1193
	        readDocidWhichEqualsDoc(newdocid + ".13", testdocument, SUCCESS, false);
1194
	        //fails to update this document
1195
            updateDocid(newdocid + ".14", testdocument, FAILURE, true);
1196
            //fails to update access part
1197
            testdocument = getTestEmlDoc("Testing user can not read, write and delete a document",
1198
                    null, null, null,
1199
                    null,  getAccessBlock(anotheruser, true,
1200
                            true, false, false, false),
1201
                    null, null, null, null);
1202
            updateDocid(newdocid + ".14", testdocument, FAILURE, true);
1203
            //fails to delete the document
1204
            deleteDocid(newdocid + ".13", FAILURE, true);
1205
            //logout
1206
	        debug("logging out");
1207
            m.logout();
1208
            
1209
            //====7 inserts a document with access  rules (allowFirst) - allow READ and WRITE rule for another 
1210
            //user, deny  READ and WRITE rule for a group (cn=knb-usr,o=nceas,dc=ecoinformatics,dc=org and
1211
            // the other user is in this group)
1212
	        accessRule1 = generateOneAccessRule(anotheruser, true,
1213
                    true, true, false, false);
1214
	        accessRule2 = generateOneAccessRule("cn=knb-usr,o=nceas,dc=ecoinformatics,dc=org", false,
1215
                    true, true, false, false);
1216
	        accessRules = new Vector();
1217
	        accessRules.add(accessRule1);
1218
	        accessRules.add(accessRule2);
1219
	        access = getAccessBlock(accessRules, DENYFIRST);
1220
	        debug("Test 7: the access part is " + access);
1221
	        testdocument = getTestEmlDoc("Testing user can not read, write and delete a document",
1222
                    null, null, null,
1223
                    null, access ,
1224
                    null, null, null, null);
1225
	        // login
1226
	        debug("logging in as: username=" + username + " password=" + password);
1227
	        m.login(username, password);
1228
	        updateDocid(newdocid + ".14", testdocument, SUCCESS, false);
1229
	        debug("logging out");
1230
	        m.logout();
1231
	        //login as another user
1232
	        debug("logging in as: anotheruser=" + anotheruser + " anotherpassword=" + anotherpassword);
1233
	        m.login(anotheruser, anotherpassword);
1234
	        //succeeds to read this document
1235
	        readDocidWhichEqualsDoc(newdocid + ".14", testdocument, SUCCESS, false);
1236
	        //succeeds to update this document
1237
            updateDocid(newdocid + ".15", testdocument, SUCCESS, false);
1238
            //fails to update access part
1239
            testdocument = getTestEmlDoc("Testing user can not read, write and delete a document",
1240
                    null, null, null,
1241
                    null,  getAccessBlock(anotheruser, true,
1242
                            true, false, false, false),
1243
                    null, null, null, null);
1244
            updateDocid(newdocid + ".16", testdocument, FAILURE, true);
1245
            //fails to delete the document
1246
            deleteDocid(newdocid + ".15", FAILURE, true);
1247
            //logout
1248
	        debug("logging out");
1249
            m.logout();
1250
            
1251
             //====8 inserts a document with access  rules (denyFirst) - allow ALL rule for another user,
1252
	        // deny  ALL rule for a group (cn=knb-usr,o=nceas,dc=ecoinformatics,dc=org and the other user
1253
            // is in this group)
1254
	        accessRule1 = generateOneAccessRule(anotheruser, true,
1255
                    true, true, true, true);
1256
	        accessRule2 = generateOneAccessRule("cn=knb-usr,o=nceas,dc=ecoinformatics,dc=org", false,
1257
                    true, true, true, true);
1258
	        accessRules = new Vector();
1259
	        accessRules.add(accessRule1);
1260
	        accessRules.add(accessRule2);
1261
	        access = getAccessBlock(accessRules, DENYFIRST);
1262
	        debug("Test 8: the access part is "+access);
1263
	        testdocument = getTestEmlDoc("Testing user can not read, write and delete a document",
1264
                    null, null, null,
1265
                    null, access ,
1266
                    null, null, null, null);
1267
	        // login
1268
	        debug("logging in as: username=" + username + " password=" + password);
1269
	        m.login(username, password);
1270
	        updateDocid(newdocid + ".16", testdocument, SUCCESS, false);
1271
	        debug("logging out");
1272
	        m.logout();
1273
	        //login as another user
1274
	        debug("logging in as: anotheruser=" + anotheruser + " anotherpassword=" + anotherpassword);
1275
	        m.login(anotheruser, anotherpassword);
1276
	        //succeeds to read this document
1277
	        readDocidWhichEqualsDoc(newdocid + ".16", testdocument, SUCCESS, false);
1278
	        //succeeds to update this document
1279
            updateDocid(newdocid + ".17", testdocument, SUCCESS, false);
1280
            //succeeds to update access part
1281
            testdocument = getTestEmlDoc("Testing user can not read, write and delete a document",
1282
                    null, null, null,
1283
                    null,  getAccessBlock(anotheruser, true,
1284
                            true, true, true, true),
1285
                    null, null, null, null);
1286
            updateDocid(newdocid + ".18", testdocument, SUCCESS, false);
1287
            //succeeds to delete the document
1288
            deleteDocid(newdocid + ".18", SUCCESS, false);
1289
            //logout
1290
	        debug("logging out");
1291
            m.logout();
1292
            
1293
            
1294
            
1295
            
1296
            newdocid = generateDocid();
1297
             //  ====9 The user updates this documents with access rules (denyFirst) - allow READ and WRITE 
1298
            //rule for another user, deny  WRITE rule for a group (cn=knb-usr,o=nceas,dc=ecoinformatics,dc=org
1299
            // and another user is in this group). 
1300
	        accessRule1 = generateOneAccessRule(anotheruser, true,
1301
                    true, true, false, false);
1302
	        accessRule2 = generateOneAccessRule("cn=knb-usr,o=nceas,dc=ecoinformatics,dc=org", false, false, true, false, false);
1303
	        accessRules = new Vector();
1304
	        accessRules.add(accessRule1);
1305
	        accessRules.add(accessRule2);
1306
	        access = getAccessBlock(accessRules, DENYFIRST);
1307
	        debug("Test 9: the access part is " + access);
1308
	        testdocument = getTestEmlDoc("Testing user can not read, write and delete a document",
1309
                    null, null, null,
1310
                    null, access ,
1311
                    null, null, null, null);
1312
	        // login
1313
	        debug("logging in as: username=" + username + " password=" + password);
1314
	        m.login(username, password);
1315
	        insertDocid(newdocid + ".1", testdocument, SUCCESS, false);
1316
	        debug("logging out");
1317
	        m.logout();
1318
	        //login as another user
1319
	        debug("logging in as: anotheruser=" + anotheruser + " anotherpassword=" + anotherpassword);
1320
	        m.login(anotheruser, anotherpassword);
1321
	        //succeed to read this document
1322
	        readDocidWhichEqualsDoc(newdocid + ".1", testdocument, SUCCESS, false);
1323
	        //succeeds to update this document
1324
            updateDocid(newdocid + ".20", testdocument, SUCCESS, false);
1325
            //fails to update access part
1326
            testdocument = getTestEmlDoc("Testing user can not read, write and delete a document",
1327
                    null, null, null,
1328
                    null,  getAccessBlock(anotheruser, true,
1329
                            true, false, false, false),
1330
                    null, null, null, null);
1331
            updateDocid(newdocid + ".21", testdocument, FAILURE, true);
1332
            //fails to delete the document
1333
            deleteDocid(newdocid + ".20", FAILURE, true);
1334
            //logout
1335
	        debug("logging out");
1336
            m.logout();
1337
	        
... This diff was truncated because it exceeds the maximum size that can be displayed.

Also available in: Unified diff