From 72b63e2deee9e6f2fcda11fe178fbcfc0491bb5d Mon Sep 17 00:00:00 2001
From: Piotr Gawron <piotr.gawron@uni.lu>
Date: Wed, 9 Aug 2017 12:31:20 +0200
Subject: [PATCH] privilege checking for not admin fixed

---
 .../api/projects/ProjectRestImplTest.java      | 18 ++++++++++++++++++
 .../services/impl/ProjectService.java          |  2 +-
 .../services/impl/ProjectServiceTest.java      | 13 +++++++++++++
 3 files changed, 32 insertions(+), 1 deletion(-)

diff --git a/rest-api/src/test/java/lcsb/mapviewer/api/projects/ProjectRestImplTest.java b/rest-api/src/test/java/lcsb/mapviewer/api/projects/ProjectRestImplTest.java
index 24bee74b7b..b22b43fefb 100644
--- a/rest-api/src/test/java/lcsb/mapviewer/api/projects/ProjectRestImplTest.java
+++ b/rest-api/src/test/java/lcsb/mapviewer/api/projects/ProjectRestImplTest.java
@@ -7,6 +7,8 @@ import static org.mockito.Matchers.any;
 import static org.mockito.Matchers.anyString;
 import static org.mockito.Mockito.times;
 
+import java.util.ArrayList;
+import java.util.List;
 import java.util.Map;
 
 import org.apache.log4j.Logger;
@@ -159,6 +161,19 @@ public class ProjectRestImplTest extends RestTestFunctions {
 		}
 	}
 
+	@Test
+	public void testGetProjects() throws Exception {
+		try {
+			ProjectRestImpl projectRest = createMockProjectRest("testFiles/model/sample.xml");
+			List<ProjectMetaData> result = projectRest.getProjects(token.getId());
+			Gson gson = new Gson();
+			assertNotNull(gson.toJson(result));
+		} catch (Exception e) {
+			e.printStackTrace();
+			throw e;
+		}
+	}
+
 	@Test
 	public void testGetStatistics() throws Exception {
 		try {
@@ -208,6 +223,9 @@ public class ProjectRestImplTest extends RestTestFunctions {
 
 		IProjectService projectServiceMock = Mockito.mock(IProjectService.class);
 		Mockito.when(projectServiceMock.getProjectByProjectId(anyString(), any())).thenReturn(project);
+		List<Project> projects = new ArrayList<>();
+		projects.add(project);
+		Mockito.when(projectServiceMock.getAllProjects(any())).thenReturn(projects);
 		_projectRestImpl.setProjectService(projectServiceMock);
 
 		return _projectRestImpl;
diff --git a/service/src/main/java/lcsb/mapviewer/services/impl/ProjectService.java b/service/src/main/java/lcsb/mapviewer/services/impl/ProjectService.java
index 604b1f3da3..cb14525022 100644
--- a/service/src/main/java/lcsb/mapviewer/services/impl/ProjectService.java
+++ b/service/src/main/java/lcsb/mapviewer/services/impl/ProjectService.java
@@ -291,7 +291,7 @@ public class ProjectService implements IProjectService {
 		}
 		List<Project> result = new ArrayList<>();
 		for (Project project : projects) {
-			if (userService.userHasPrivilege(token, PrivilegeType.VIEW_PROJECT, result)) {
+			if (userService.userHasPrivilege(token, PrivilegeType.VIEW_PROJECT, project)) {
 				result.add(project);
 			}
 		}
diff --git a/service/src/test/java/lcsb/mapviewer/services/impl/ProjectServiceTest.java b/service/src/test/java/lcsb/mapviewer/services/impl/ProjectServiceTest.java
index f2d08ea6cc..21ccc3f302 100644
--- a/service/src/test/java/lcsb/mapviewer/services/impl/ProjectServiceTest.java
+++ b/service/src/test/java/lcsb/mapviewer/services/impl/ProjectServiceTest.java
@@ -82,6 +82,19 @@ public class ProjectServiceTest extends ServiceTestFunctions {
 	public void tearDown() throws Exception {
 	}
 
+	@Test
+	public void testGetProjectWithoutAccessToEverything() {
+		try {
+			createUser();
+			AuthenticationToken token = userService.login(user.getLogin(), "passwd");
+			List<Project> projects = projectService.getAllProjects(token);
+			assertNotNull(projects);
+		} catch (Exception e) {
+			e.printStackTrace();
+			throw e;
+		}
+	}
+
 	@Test
 	public void test() {
 		try {
-- 
GitLab