I have extended appfuse roles. In the role table I have added a varcahar(3)
specifying the sort of the role; currently I have "sys" for system roles
(only to be added or removed by an system admin) and "usr" for user roles,
that the user can add or remove himself.
This is a nice feature; depending on the roles the user assignes to himself,
the menus rendered are dynamic. It works fine when I test it in the life
webapp, but it fails on SecurityAdviceTest. This is the code for testing if
a user tries to add / remove a system role:
// get the list of roles the user currently has
Set<Role> currentRoles = new HashSet<Role>();
for (GrantedAuthority role : roles) {
currentRoles.add((Role) role);
}
Boolean modifySystemRole = false;
// determine the list of roles the user tries to add or remove
if (user.getRoles() != null) {
// check the list of roles the user wants to add
for (Object o : user.getRoles()) { <-- THIS LOOP CAUSES THE
ERROR
Role role = (Role) o;
// check if the user tries to add a system role - this is
forbidden
if (role.getSort().equalsIgnoreCase("sys") &&
!currentRoles.contains(role)) {
modifySystemRole = true;
}
}
// check the list of roles the user wants to remove
for (Object o : currentRoles) { <-- THIS LOOP ALSO CAUSES THE
ERROR
Role role = (Role) o;
// check if the user tries to remove a system role - this is
forbidden
if (role.getSort().equalsIgnoreCase("sys") &&
!user.getRoles().contains(role)) {
modifySystemRole = true;
}
}
}
// regular users aren't allowed to change system roles
if (modifySystemRole) {
log.warn("Access Denied: '" + currentUser.getUsername() + "'
tried to change system role(s)!");
throw new AccessDeniedException(ACCESS_DENIED);
}
As mentioned, this works fine in the life webapp. But the SecurityAdviceTest
fails on 4 methods, the first one being:
@Test
public void testUpdateUserProfile() throws Exception {
UserManager userManager = makeInterceptedTarget();
final User user = new User("user");
user.setId(1L);
user.getRoles().add(new Role(Constants.USER_ROLE));
context.checking(new Expectations() {
{
one(userDao).saveUser(with(same(user)));
}
});
userManager.saveUser(user); <-- THIS LINE PRODUCES A NULL POINTER
EXCEPTION
}
I have a feeling, the problem could be with the currentRoles set, but I am
unable to attach the debugger to the webtests run, so I can not trace it.
Please help me solve this. I think letting the user add / remove non
critical roles and have his menu's rendered dynamically is a very nice
addition to standard appfuse behavior. Once it works, I would like to add it
as a proposed improvement to JIRA.
--
View this message in context:
http://www.nabble.com/extension-of-appfuse-roles-not-testing-correctly-tp25491920s2369p25491920.html
Sent from the AppFuse - User mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@appfuse.dev.java.net
For additional commands, e-mail: users-h...@appfuse.dev.java.net
