From 9374bddceb66154d2fc1ded639a397e9ea5e5cfe Mon Sep 17 00:00:00 2001
From: Luke Taylor <luke.taylor@springsource.com>
Date: Wed, 16 Sep 2009 19:20:07 +0000
Subject: [PATCH] Added test class for AccessControlListTag.

---
 .../acls/domain/DefaultPermissionFactory.java | 17 +++-
 .../taglibs/authz/AccessControlListTag.java   | 21 ++---
 .../authz/AccessControlListTagTests.java      | 93 +++++++++++++++++++
 3 files changed, 115 insertions(+), 16 deletions(-)
 create mode 100644 taglibs/src/test/java/org/springframework/security/taglibs/authz/AccessControlListTagTests.java

diff --git a/acl/src/main/java/org/springframework/security/acls/domain/DefaultPermissionFactory.java b/acl/src/main/java/org/springframework/security/acls/domain/DefaultPermissionFactory.java
index cbaaa34b28..f98f09ba82 100644
--- a/acl/src/main/java/org/springframework/security/acls/domain/DefaultPermissionFactory.java
+++ b/acl/src/main/java/org/springframework/security/acls/domain/DefaultPermissionFactory.java
@@ -97,7 +97,7 @@ public class DefaultPermissionFactory implements PermissionFactory {
     public Permission buildFromMask(int mask) {
         if (registeredPermissionsByInteger.containsKey(Integer.valueOf(mask))) {
             // The requested mask has an exact match against a statically-defined Permission, so return it
-            return (Permission) registeredPermissionsByInteger.get(new Integer(mask));
+            return registeredPermissionsByInteger.get(new Integer(mask));
         }
 
         // To get this far, we have to use a CumulativePermission
@@ -107,8 +107,11 @@ public class DefaultPermissionFactory implements PermissionFactory {
             int permissionToCheck = 1 << i;
 
             if ((mask & permissionToCheck) == permissionToCheck) {
-                Permission p = (Permission) registeredPermissionsByInteger.get(Integer.valueOf(permissionToCheck));
-                Assert.state(p != null, "Mask " + permissionToCheck + " does not have a corresponding static Permission");
+                Permission p = registeredPermissionsByInteger.get(Integer.valueOf(permissionToCheck));
+
+                if (p == null) {
+                    throw new IllegalStateException("Mask '" + permissionToCheck + "' does not have a corresponding static Permission");
+                }
                 permission.set(p);
             }
         }
@@ -131,9 +134,13 @@ public class DefaultPermissionFactory implements PermissionFactory {
 //    }
 
     public Permission buildFromName(String name) {
-        Assert.isTrue(registeredPermissionsByName.containsKey(name), "Unknown permission '" + name + "'");
+        Permission p = registeredPermissionsByName.get(name);
 
-        return (Permission) registeredPermissionsByName.get(name);
+        if (p == null) {
+            throw new IllegalArgumentException("Unknown permission '" + name + "'");
+        }
+
+        return p;
     }
 
     public List<Permission> buildFromNames(List<String> names) {
diff --git a/taglibs/src/main/java/org/springframework/security/taglibs/authz/AccessControlListTag.java b/taglibs/src/main/java/org/springframework/security/taglibs/authz/AccessControlListTag.java
index f72ca162a0..e94ae9bd55 100644
--- a/taglibs/src/main/java/org/springframework/security/taglibs/authz/AccessControlListTag.java
+++ b/taglibs/src/main/java/org/springframework/security/taglibs/authz/AccessControlListTag.java
@@ -92,13 +92,7 @@ public class AccessControlListTag extends TagSupport {
         final String evaledPermissionsString = ExpressionEvaluationUtils.evaluateString("hasPermission", hasPermission,
                 pageContext);
 
-        List<Permission> requiredPermissions = null;
-
-        try {
-            requiredPermissions = parsePermissionsString(evaledPermissionsString);
-        } catch (NumberFormatException nfe) {
-            throw new JspException(nfe);
-        }
+        List<Permission> requiredPermissions = parsePermissionsString(evaledPermissionsString);
 
         Object resolvedDomainObject = null;
 
@@ -212,14 +206,19 @@ public class AccessControlListTag extends TagSupport {
                     + "application context - you must have only have one!");
     }
 
-    private List<Permission> parsePermissionsString(String integersString) throws NumberFormatException {
+    private List<Permission> parsePermissionsString(String permissionsString) throws NumberFormatException {
         final Set<Permission> permissions = new HashSet<Permission>();
         final StringTokenizer tokenizer;
-        tokenizer = new StringTokenizer(integersString, ",", false);
+        tokenizer = new StringTokenizer(permissionsString, ",", false);
 
         while (tokenizer.hasMoreTokens()) {
-            String integer = tokenizer.nextToken();
-            permissions.add(permissionFactory.buildFromMask(new Integer(integer)));
+            String permission = tokenizer.nextToken();
+            try {
+                permissions.add(permissionFactory.buildFromMask(Integer.valueOf(permission)));
+            } catch (NumberFormatException nfe) {
+                // Not an integer mask. Try using a name
+                permissions.add(permissionFactory.buildFromName(permission));
+            }
         }
 
         return new ArrayList<Permission>(permissions);
diff --git a/taglibs/src/test/java/org/springframework/security/taglibs/authz/AccessControlListTagTests.java b/taglibs/src/test/java/org/springframework/security/taglibs/authz/AccessControlListTagTests.java
new file mode 100644
index 0000000000..8e7dd508dc
--- /dev/null
+++ b/taglibs/src/test/java/org/springframework/security/taglibs/authz/AccessControlListTagTests.java
@@ -0,0 +1,93 @@
+package org.springframework.security.taglibs.authz;
+
+import static org.junit.Assert.assertEquals;
+import static org.mockito.Matchers.*;
+import static org.mockito.Mockito.*;
+
+import java.util.HashMap;
+import java.util.Map;
+
+import javax.servlet.jsp.tagext.Tag;
+
+import org.junit.After;
+import org.junit.Before;
+import org.junit.Test;
+import org.springframework.mock.web.MockHttpServletRequest;
+import org.springframework.mock.web.MockHttpServletResponse;
+import org.springframework.mock.web.MockPageContext;
+import org.springframework.mock.web.MockServletContext;
+import org.springframework.security.acls.AclPermissionEvaluator;
+import org.springframework.security.acls.model.Acl;
+import org.springframework.security.acls.model.AclService;
+import org.springframework.security.acls.model.ObjectIdentity;
+import org.springframework.security.acls.model.ObjectIdentityRetrievalStrategy;
+import org.springframework.security.acls.model.SidRetrievalStrategy;
+import org.springframework.security.authentication.TestingAuthenticationToken;
+import org.springframework.security.core.context.SecurityContextHolder;
+import org.springframework.web.context.WebApplicationContext;
+
+/**
+ *
+ * @author Luke Taylor
+ * @version $Id$
+ * @since 3.0
+ */
+@SuppressWarnings("unchecked")
+public class AccessControlListTagTests {
+    AccessControlListTag tag;
+    Acl acl;
+
+    @Before
+    public void setup() {
+        SecurityContextHolder.getContext().setAuthentication(new TestingAuthenticationToken("bob","bobspass","A"));
+        tag = new AccessControlListTag();
+        WebApplicationContext ctx = mock(WebApplicationContext.class);
+
+        AclService service = mock(AclService.class);
+        AclPermissionEvaluator pe = new AclPermissionEvaluator(service);
+        ObjectIdentity oid = mock(ObjectIdentity.class);
+        ObjectIdentityRetrievalStrategy oidStrategy = mock(ObjectIdentityRetrievalStrategy.class);
+        when(oidStrategy.getObjectIdentity(anyObject())).thenReturn(oid);
+        pe.setObjectIdentityRetrievalStrategy(oidStrategy);
+        pe.setSidRetrievalStrategy(mock(SidRetrievalStrategy.class));
+        acl = mock(Acl.class);
+
+        when(service.readAclById(any(ObjectIdentity.class), anyList())).thenReturn(acl);
+        Map beanMap = new HashMap();
+        beanMap.put("service", service);
+        when(ctx.getBeansOfType(AclService.class)).thenReturn(beanMap);
+        beanMap = new HashMap();
+        beanMap.put("oidStrategy", oidStrategy);
+        when(ctx.getBeansOfType(ObjectIdentityRetrievalStrategy.class)).thenReturn(beanMap);
+
+        MockServletContext servletCtx = new MockServletContext();
+        servletCtx.setAttribute(WebApplicationContext.ROOT_WEB_APPLICATION_CONTEXT_ATTRIBUTE, ctx);
+        tag.setPageContext(new MockPageContext(servletCtx, new MockHttpServletRequest(), new MockHttpServletResponse()));
+    }
+
+    @After
+    public void clearContext() {
+        SecurityContextHolder.clearContext();
+    }
+
+    @Test
+    public void bodyIsEvaluatedIfAclGrantsAccess() throws Exception {
+        when(acl.isGranted(anyList(), anyList(), eq(false))).thenReturn(true);
+
+        tag.setDomainObject(new Object());
+        tag.setHasPermission("READ");
+
+        assertEquals(Tag.EVAL_BODY_INCLUDE, tag.doStartTag());
+    }
+
+    @Test
+    public void bodyIsSkippedIfAclDeniesAccess() throws Exception {
+        when(acl.isGranted(anyList(), anyList(), eq(false))).thenReturn(false);
+
+        tag.setDomainObject(new Object());
+        tag.setHasPermission("READ");
+
+        assertEquals(Tag.SKIP_BODY, tag.doStartTag());
+    }
+
+}