Commit ef8e3561 authored by Piotr Gawron's avatar Piotr Gawron
Browse files

proper handling of accessing project data without defining projectId

parent 993d6795
Pipeline #13013 failed with stage
in 9 minutes and 33 seconds
......@@ -651,6 +651,10 @@ public class ProjectRestImpl extends BaseRestImpl {
}
public Map<String, Object> grantPrivilegesProject(String projectId, Map[] data) throws QueryException {
Project project = getProjectService().getProjectByProjectId(projectId);
if (project == null) {
throw new ObjectNotFoundException("Project with given id doesn't exist");
}
for (Map m : data) {
PrivilegeType privilege = getPrivilegeType(m);
User user = getUser(m);
......@@ -672,6 +676,10 @@ public class ProjectRestImpl extends BaseRestImpl {
}
public Map<String, Object> revokePrivilegesProject(String projectId, Map[] data) throws QueryException {
Project project = getProjectService().getProjectByProjectId(projectId);
if (project == null) {
throw new ObjectNotFoundException("Project with given id doesn't exist");
}
for (Map m : data) {
PrivilegeType privilege = getPrivilegeType(m);
User user = getUser(m);
......
package lcsb.mapviewer.web;
import static org.junit.Assert.*;
import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get;
import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.patch;
import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.*;
import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
import org.apache.logging.log4j.LogManager;
......@@ -26,7 +25,7 @@ import lcsb.mapviewer.model.security.PrivilegeType;
import lcsb.mapviewer.model.user.User;
import lcsb.mapviewer.persist.dao.ProjectDao;
import lcsb.mapviewer.services.interfaces.IUserService;
@RunWith(SpringJUnit4ClassRunner.class)
@Transactional
@Rollback
......@@ -57,8 +56,7 @@ public class ProjectControllerIntegrationTest extends ControllerIntegrationTest
@Test
public void testGetAllProjectsAsAdmin() throws Exception {
MockHttpSession session = createSession(ADMIN_LOGIN, ADMIN_PASSWORD);
Project project = new Project(TEST_PROJECT);
projectDao.add(project);
createProject(TEST_PROJECT);
RequestBuilder request = get("/projects/")
.contentType(MediaType.APPLICATION_FORM_URLENCODED)
......@@ -77,8 +75,7 @@ public class ProjectControllerIntegrationTest extends ControllerIntegrationTest
@Test
public void testGetLimitedProjectsAsCurator() throws Exception {
Project project = new Project(TEST_PROJECT);
projectDao.add(project);
Project project = createProject(TEST_PROJECT);
userService.grantUserPrivilege(curator, PrivilegeType.READ_PROJECT, project.getProjectId());
Project project2 = new Project("test_project2");
......@@ -120,8 +117,7 @@ public class ProjectControllerIntegrationTest extends ControllerIntegrationTest
@Test
public void testGetLogsForProject() throws Exception {
Project project = new Project(TEST_PROJECT);
projectDao.add(project);
Project project = createProject(TEST_PROJECT);
userService.grantUserPrivilege(curator, PrivilegeType.READ_PROJECT, project.getProjectId());
......@@ -136,8 +132,7 @@ public class ProjectControllerIntegrationTest extends ControllerIntegrationTest
@Test
public void testGrantPrivilege() throws Exception {
Project project = new Project(TEST_PROJECT);
projectDao.add(project);
createProject(TEST_PROJECT);
MockHttpSession session = createSession(ADMIN_LOGIN, ADMIN_PASSWORD);
......@@ -158,8 +153,7 @@ public class ProjectControllerIntegrationTest extends ControllerIntegrationTest
@Test
public void testRevokePrivilege() throws Exception {
Project project = new Project(TEST_PROJECT);
projectDao.add(project);
Project project = createProject(TEST_PROJECT);
userService.grantUserPrivilege(curator, PrivilegeType.READ_PROJECT, project.getProjectId());
MockHttpSession session = createSession(ADMIN_LOGIN, ADMIN_PASSWORD);
......@@ -179,4 +173,139 @@ public class ProjectControllerIntegrationTest extends ControllerIntegrationTest
assertFalse(curator.getPrivileges().contains(new Privilege(PrivilegeType.READ_PROJECT, TEST_PROJECT)));
}
@Test
public void testGetNonExistingProject() throws Exception {
MockHttpSession session = createSession(ADMIN_LOGIN, ADMIN_PASSWORD);
RequestBuilder request = get("/projects/*/")
.contentType(MediaType.APPLICATION_FORM_URLENCODED)
.session(session);
mockMvc.perform(request)
.andExpect(status().isNotFound());
}
@Test
public void testUpdateProject() throws Exception {
MockHttpSession session = createSession(ADMIN_LOGIN, ADMIN_PASSWORD);
Project project = createProject(TEST_PROJECT);
String content = "{\"project\":{\"version\":\"xxx\"}}";
RequestBuilder request = patch("/projects/" + TEST_PROJECT + "/")
.contentType(MediaType.APPLICATION_FORM_URLENCODED)
.content(content)
.session(session);
mockMvc.perform(request)
.andExpect(status().is2xxSuccessful());
assertEquals("xxx", project.getVersion());
}
@Test
public void testUpdateProjectWithUndefinedProjectId() throws Exception {
MockHttpSession session = createSession(ADMIN_LOGIN, ADMIN_PASSWORD);
String content = "{\"project\":{\"version\":\"xxx\"}}";
RequestBuilder request = patch("/projects/*/")
.contentType(MediaType.APPLICATION_FORM_URLENCODED)
.content(content)
.session(session);
mockMvc.perform(request)
.andExpect(status().isNotFound());
}
@Test
public void testGrantPrivilegeForUndefinedProject() throws Exception {
MockHttpSession session = createSession(ADMIN_LOGIN, ADMIN_PASSWORD);
String body = "[{"
+ "\"privilegeType\":\"" + PrivilegeType.READ_PROJECT + "\", "
+ "\"login\":\"" + CURATOR_LOGIN + "\""
+ "}]";
RequestBuilder request = patch("/projects/*:grantPrivileges")
.content(body)
.session(session);
mockMvc.perform(request)
.andExpect(status().isNotFound());
}
@Test
public void testRevokePrivilegeForUndefinedProject() throws Exception {
MockHttpSession session = createSession(ADMIN_LOGIN, ADMIN_PASSWORD);
String body = "[{"
+ "\"privilegeType\":\"" + PrivilegeType.READ_PROJECT + "\", "
+ "\"login\":\"" + CURATOR_LOGIN + "\""
+ "}]";
RequestBuilder request = patch("/projects/*:revokePrivileges")
.content(body)
.session(session);
mockMvc.perform(request)
.andExpect(status().isNotFound());
}
@Test
public void testRemoveProjectForUndefinedProjectId() throws Exception {
MockHttpSession session = createSession(ADMIN_LOGIN, ADMIN_PASSWORD);
RequestBuilder request = delete("/projects/*/")
.session(session);
mockMvc.perform(request)
.andExpect(status().isNotFound());
}
@Test
public void testGetStatisticsForUndefinedProjectId() throws Exception {
MockHttpSession session = createSession(ADMIN_LOGIN, ADMIN_PASSWORD);
RequestBuilder request = get("/projects/*/statistics")
.session(session);
mockMvc.perform(request)
.andExpect(status().isNotFound());
}
@Test
public void testDownloadSourceForUndefinedProjectId() throws Exception {
MockHttpSession session = createSession(ADMIN_LOGIN, ADMIN_PASSWORD);
RequestBuilder request = get("/projects/*:downloadSource")
.session(session);
mockMvc.perform(request)
.andExpect(status().isNotFound());
}
@Test
public void testGetLogsForUndefinedProjectId() throws Exception {
MockHttpSession session = createSession(ADMIN_LOGIN, ADMIN_PASSWORD);
RequestBuilder request = get("/projects/*/logs/")
.session(session);
mockMvc.perform(request)
.andExpect(status().isNotFound());
}
@Test
public void testGetSubmapConnectionsForUndefinedProjectId() throws Exception {
MockHttpSession session = createSession(ADMIN_LOGIN, ADMIN_PASSWORD);
RequestBuilder request = get("/projects/*/submapConnections/")
.session(session);
mockMvc.perform(request)
.andExpect(status().isNotFound());
}
}
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment