more tests
This commit is contained in:
anhefti
parent
95669ec576
commit
6146f2e4ce
2 changed files with 86 additions and 22 deletions
|
|
@ -13,9 +13,16 @@ import java.util.List;
|
|||
import javax.servlet.http.HttpServletRequest;
|
||||
import javax.validation.Valid;
|
||||
|
||||
import org.mybatis.dynamic.sql.SqlTable;
|
||||
import org.springframework.http.MediaType;
|
||||
import org.springframework.security.access.AccessDeniedException;
|
||||
import org.springframework.util.MultiValueMap;
|
||||
import org.springframework.web.bind.annotation.PathVariable;
|
||||
import org.springframework.web.bind.annotation.RequestBody;
|
||||
import org.springframework.web.bind.annotation.RequestMapping;
|
||||
import org.springframework.web.bind.annotation.RequestMethod;
|
||||
import org.springframework.web.bind.annotation.RequestParam;
|
||||
|
||||
import ch.ethz.seb.sebserver.gbl.api.API;
|
||||
import ch.ethz.seb.sebserver.gbl.api.POSTMapper;
|
||||
import ch.ethz.seb.sebserver.gbl.api.authorization.PrivilegeType;
|
||||
import ch.ethz.seb.sebserver.gbl.model.Entity;
|
||||
|
|
@ -24,6 +31,7 @@ import ch.ethz.seb.sebserver.gbl.util.Result;
|
|||
import ch.ethz.seb.sebserver.webservice.servicelayer.PaginationService;
|
||||
import ch.ethz.seb.sebserver.webservice.servicelayer.authorization.AuthorizationService;
|
||||
import ch.ethz.seb.sebserver.webservice.servicelayer.authorization.PermissionDeniedException;
|
||||
import ch.ethz.seb.sebserver.webservice.servicelayer.authorization.UserService;
|
||||
import ch.ethz.seb.sebserver.webservice.servicelayer.bulkaction.BulkActionService;
|
||||
import ch.ethz.seb.sebserver.webservice.servicelayer.dao.EntityDAO;
|
||||
import ch.ethz.seb.sebserver.webservice.servicelayer.dao.UserActivityLogDAO;
|
||||
|
|
@ -51,43 +59,62 @@ public abstract class ReadonlyEntityController<T extends Entity, M extends Entit
|
|||
}
|
||||
|
||||
@Override
|
||||
public T savePut(@Valid final T modifyData) {
|
||||
throw new UnsupportedOperationException(ONLY_READ_ACCESS);
|
||||
@RequestMapping(
|
||||
method = RequestMethod.PUT,
|
||||
consumes = MediaType.APPLICATION_JSON_VALUE,
|
||||
produces = MediaType.APPLICATION_JSON_VALUE)
|
||||
public T savePut(@Valid @RequestBody final T modifyData) {
|
||||
throw new AccessDeniedException(ONLY_READ_ACCESS);
|
||||
}
|
||||
|
||||
@Override
|
||||
public T create(final MultiValueMap<String, String> allRequestParams, final Long institutionId,
|
||||
@RequestMapping(
|
||||
method = RequestMethod.POST,
|
||||
consumes = MediaType.APPLICATION_FORM_URLENCODED_VALUE,
|
||||
produces = MediaType.APPLICATION_JSON_VALUE)
|
||||
public T create(
|
||||
@RequestParam final MultiValueMap<String, String> allRequestParams,
|
||||
@RequestParam(
|
||||
name = API.PARAM_INSTITUTION_ID,
|
||||
required = true,
|
||||
defaultValue = UserService.USERS_INSTITUTION_AS_DEFAULT) final Long institutionId,
|
||||
final HttpServletRequest request) {
|
||||
throw new UnsupportedOperationException(ONLY_READ_ACCESS);
|
||||
|
||||
throw new AccessDeniedException(ONLY_READ_ACCESS);
|
||||
}
|
||||
|
||||
@Override
|
||||
@RequestMapping(
|
||||
path = API.MODEL_ID_VAR_PATH_SEGMENT,
|
||||
method = RequestMethod.DELETE,
|
||||
produces = MediaType.APPLICATION_JSON_VALUE)
|
||||
public EntityProcessingReport hardDelete(
|
||||
final String modelId,
|
||||
final boolean addIncludes,
|
||||
final List<String> includes) {
|
||||
throw new UnsupportedOperationException(ONLY_READ_ACCESS);
|
||||
@PathVariable final String modelId,
|
||||
@RequestParam(name = API.PARAM_BULK_ACTION_ADD_INCLUDES, defaultValue = "false") final boolean addIncludes,
|
||||
@RequestParam(name = API.PARAM_BULK_ACTION_INCLUDES, required = false) final List<String> includes) {
|
||||
throw new AccessDeniedException(ONLY_READ_ACCESS);
|
||||
}
|
||||
|
||||
@Override
|
||||
@RequestMapping(
|
||||
method = RequestMethod.DELETE,
|
||||
consumes = MediaType.APPLICATION_FORM_URLENCODED_VALUE,
|
||||
produces = MediaType.APPLICATION_JSON_VALUE)
|
||||
public EntityProcessingReport hardDeleteAll(
|
||||
final List<String> ids,
|
||||
final boolean addIncludes,
|
||||
final List<String> includes,
|
||||
final Long institutionId) {
|
||||
@RequestParam(name = API.PARAM_MODEL_ID_LIST) final List<String> ids,
|
||||
@RequestParam(name = API.PARAM_BULK_ACTION_ADD_INCLUDES, defaultValue = "false") final boolean addIncludes,
|
||||
@RequestParam(name = API.PARAM_BULK_ACTION_INCLUDES, required = false) final List<String> includes,
|
||||
@RequestParam(
|
||||
name = API.PARAM_INSTITUTION_ID,
|
||||
required = true,
|
||||
defaultValue = UserService.USERS_INSTITUTION_AS_DEFAULT) final Long institutionId) {
|
||||
|
||||
throw new UnsupportedOperationException(ONLY_READ_ACCESS);
|
||||
}
|
||||
|
||||
@Override
|
||||
protected SqlTable getSQLTableOfEntity() {
|
||||
// TODO Auto-generated method stub
|
||||
return null;
|
||||
throw new AccessDeniedException(ONLY_READ_ACCESS);
|
||||
}
|
||||
|
||||
@Override
|
||||
protected M createNew(final POSTMapper postParams) {
|
||||
throw new UnsupportedOperationException(ONLY_READ_ACCESS);
|
||||
throw new AccessDeniedException(ONLY_READ_ACCESS);
|
||||
}
|
||||
|
||||
@Override
|
||||
|
|
|
|||
|
|
@ -9,7 +9,7 @@
|
|||
package ch.ethz.seb.sebserver.webservice.integration.api.admin;
|
||||
|
||||
import static org.junit.Assert.*;
|
||||
import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get;
|
||||
import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.*;
|
||||
import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
|
||||
|
||||
import org.joda.time.DateTime;
|
||||
|
|
@ -17,6 +17,8 @@ import org.junit.Test;
|
|||
import org.springframework.http.HttpHeaders;
|
||||
import org.springframework.http.MediaType;
|
||||
import org.springframework.test.context.jdbc.Sql;
|
||||
import org.springframework.util.LinkedMultiValueMap;
|
||||
import org.springframework.util.MultiValueMap;
|
||||
|
||||
import com.fasterxml.jackson.core.type.TypeReference;
|
||||
|
||||
|
|
@ -307,4 +309,39 @@ public class UserActivityLogAPITest extends AdministrationAPIIntegrationTester {
|
|||
assertTrue(logs.content.isEmpty());
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testReadonly() throws Exception {
|
||||
final String token = getSebAdminAccess();
|
||||
this.mockMvc
|
||||
.perform(put(this.endpoint + API.USER_ACTIVITY_LOG_ENDPOINT)
|
||||
.header("Authorization", "Bearer " + token)
|
||||
.header(HttpHeaders.CONTENT_TYPE, MediaType.APPLICATION_JSON_VALUE)
|
||||
.content("{"
|
||||
+ " \"id\" : 3,"
|
||||
+ " \"userUuid\" : \"userUUID\","
|
||||
+ " \"username\" : \"username\","
|
||||
+ " \"timestamp\" : 123,"
|
||||
+ " \"activityType\" : \"EXPORT\","
|
||||
+ " \"entityType\" : \"USER\","
|
||||
+ " \"entityId\" : \"5\","
|
||||
+ " \"message\" : \"message\""
|
||||
+ "}"))
|
||||
.andExpect(status().isForbidden());
|
||||
|
||||
final MultiValueMap<String, String> multiValueMap = new LinkedMultiValueMap<>();
|
||||
multiValueMap.add("institutionId", "1");
|
||||
this.mockMvc
|
||||
.perform(post(this.endpoint + API.USER_ACTIVITY_LOG_ENDPOINT)
|
||||
.header("Authorization", "Bearer " + token)
|
||||
.contentType(MediaType.APPLICATION_FORM_URLENCODED)
|
||||
.params(multiValueMap))
|
||||
.andExpect(status().isForbidden());
|
||||
|
||||
this.mockMvc
|
||||
.perform(delete(this.endpoint + API.USER_ACTIVITY_LOG_ENDPOINT + "/12")
|
||||
.header("Authorization", "Bearer " + token))
|
||||
.andExpect(status().isForbidden());
|
||||
|
||||
}
|
||||
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in a new issue