/** * '$RCSfile$' * Copyright: 2004 Regents of the University of California and the * National Center for Ecological Analysis and Synthesis * Purpose: To test the Access Controls in metacat by JUnit * * '$Author: cjones $' * '$Date: 2016-05-18 16:01:29 +0000 (Wed, 18 May 2016) $' * '$Revision: 9780 $' * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA */ package edu.ucsb.nceas.metacattest; import java.util.Vector; import edu.ucsb.nceas.MCTestCase; import edu.ucsb.nceas.metacat.client.MetacatAuthException; import edu.ucsb.nceas.metacat.client.MetacatException; import edu.ucsb.nceas.metacat.client.MetacatInaccessibleException; import junit.framework.Test; import junit.framework.TestSuite; // import java.io.File; /** * A JUnit test for testing Access Control in Metacat */ public class AccessControlTest extends MCTestCase { private String newdocid = null; private String onlineDocid; private String onlinetestdatafile1 = "test/onlineDataFile1"; /** * Constructor to build the test * * @param name * the name of the test method */ public AccessControlTest(String name) { super(name); newdocid = generateDocumentId(); } /** * Establish a testing framework by initializing appropriate objects */ public void setUp() throws Exception { metacatConnectionNeeded = true; super.setUp(); } /** * Release any objects after tests are complete */ public void tearDown() { } /** * Create a suite of tests to be run together */ public static Test suite() { TestSuite suite = new TestSuite(); suite.addTest(new AccessControlTest("initialize")); // Test basic functions suite.addTest(new AccessControlTest("document201Test")); suite.addTest(new AccessControlTest("document210Test")); suite.addTest(new AccessControlTest("AccessControlTest201ForPublic")); suite.addTest(new AccessControlTest("AccessControlTest210ForPublic")); suite.addTest(new AccessControlTest("test201AllowFirst")); suite.addTest(new AccessControlTest("test201DenyFirst")); suite.addTest(new AccessControlTest("test210AllowFirst")); suite.addTest(new AccessControlTest("test210DenyFirst")); return suite; } /** * Run an initial test that always passes to check that the test harness is * working. */ public void initialize() { assertTrue(1 == 1); } /** * Tests a version 2.0.1 EML document when permission order is allowFirst, * the combination of allow and deny rules affect user to read, update and * delete a document. Here are test cases 1.An user inserts a document with * access rules (allowFirst) - allow READ rule for another user, deny READ * rule for public. Another user reads this document - failure Another user * updates this document(except access part) -failure Another user updates * this document(access part) -failure Another user deletes this document - * failure 2. The user updates this documents with access rules (allowFirst) - * allow READ and WRITE rule for another user, deny READ and WRITE rule for * public. Another user reads this document - failure Another user updates * this document(except access part) -failure Another user updates this * document(access part) -failure Another user deletes this document - * failure 3. The user updates this documents with access rules (allowFirst) - * allow ALL rule for another user, deny ALL rule for public. Another user * reads this document - failure Another user updates this document(except * access part) -failure Another user updates this document(access part) * -failure Another user deletes this document - failure 4. The user updates * this documents with access rules (allowFirst) - allow READ and WRITE rule * for another user, deny WRITE rule for public. Another user reads this * document - success Another user updates this document(except access part) * -failure Another user updates this document(access part) -failure Another * user deletes this document - failure 5. The user updates this documents * with access rules (allowFirst) - allow READ and WRITE rule for another * user, deny READ rule for public. Another user reads this document - * failure Another user updates this document(except access part) - success * Another user updates this document(access part) -failure Another user * deletes this document - failure 6. The user updates this documents with * access rules (allowFirst) - allow READ rule for another user, deny READ * rule for a group (which another user is in the group) Another user reads * this document - failure Another user updates this document(except access * part) -failure Another user updates this document(access part) -failure * Another user deletes this document - failure 7. The user updates this * documents with access rules (allowFirst) - allow READ and WRITE rule for * another user, deny READ and WRITE rule for a group (which another user is * in the group) Another user reads this document - failure Another user * updates this document(except access part) -failure Another user updates * this document(access part) -failure Another user deletes this document - * failure 8. The user updates this documents with access rules (allowFirst) - * allow ALL rule for another user, deny ALL rule for a group (which another * user is in the group) Another user reads this document - failure Another * user updates this document(except access part) -failure Another user * updates this document(access part) -failure Another user deletes this * document - failure 9. The user updates this documents with access rules * (allowFirst) - allow READ and WRITE rule for another user, deny WRITE * rule for a group (which another user is in the group) Another user reads * this document - success Another user updates this document(except access * part) -failure Another user updates this document(access part) -failure * Another user deletes this document - failure 10. The user updates this * documents with access rules (allowFirst) - allow READ and WRITE rule for * another user, deny READ rule for a group (which another user is in the * group) Another user reads this document - failure Another user updates * this document(except access part) - success Another user updates this * document(access part) -failure Another user deletes this document - * failure */ public void test201AllowFirst() { try { debug("\nRunning: test201AllowFirst test"); String emlVersion = EML2_0_1; newdocid = generateDocumentId(); // ====1 inserts a document with access rules (allowFirst) - allow // READ rule for another user, // deny READ rule for public. String accessRule1 = generateOneAccessRule(anotheruser, true, true, false, false, false); String accessRule2 = generateOneAccessRule("public", false, true, false, false, false); Vector accessRules = new Vector(); accessRules.add(accessRule1); accessRules.add(accessRule2); String access = getAccessBlock(accessRules, ALLOWFIRST); debug("Test 1: the access part is " + access); testdocument = getTestEmlDoc( "Testing user can not read, write and delete a document", emlVersion, null, null, null, null, access, null, null, null, null); // login debug("logging in as: username=" + username + " password=" + password); m.login(username, password); insertDocumentId(newdocid + ".1", testdocument, SUCCESS, false); debug("logging out"); m.logout(); // login as another user debug("logging in as: anotheruser=" + anotheruser + " anotherpassword=" + anotherpassword); m.login(anotheruser, anotherpassword); // fails to read this document readDocumentIdWhichEqualsDoc(newdocid + ".1", testdocument, FAILURE, true); // fails to update this document updateDocumentId(newdocid + ".2", testdocument, FAILURE, true); // fails to update access part testdocument = getTestEmlDoc( "Testing user can not read, write and delete a document", emlVersion, null, null, null, null, getAccessBlock(anotheruser, true, true, false, false, false), null, null, null, null); updateDocumentId(newdocid + ".2", testdocument, FAILURE, true); // fails to delete the document deleteDocumentId(newdocid + ".1", FAILURE, true); // logout debug("logging out"); m.logout(); // ====2 inserts a document with access rules (allowFirst) - allow // READ and WRITE rule for another user, // deny READ and WRITE rule for public. accessRule1 = generateOneAccessRule(anotheruser, true, true, true, false, false); accessRule2 = generateOneAccessRule("public", false, true, true, false, false); accessRules = new Vector(); accessRules.add(accessRule1); accessRules.add(accessRule2); access = getAccessBlock(accessRules, ALLOWFIRST); debug("Test 2: the access part is " + access); testdocument = getTestEmlDoc( "Testing user can not read, write and delete a document", emlVersion, null, null, null, null, access, null, null, null, null); // login debug("logging in as: username=" + username + " password=" + password); m.login(username, password); updateDocumentId(newdocid + ".2", testdocument, SUCCESS, false); debug("logging out"); m.logout(); // login as another user debug("logging in as: anotheruser=" + anotheruser + " anotherpassword=" + anotherpassword); m.login(anotheruser, anotherpassword); // fails to read this document readDocumentIdWhichEqualsDoc(newdocid + ".2", testdocument, FAILURE, true); // fails to update this document updateDocumentId(newdocid + ".3", testdocument, FAILURE, true); // fails to update access part testdocument = getTestEmlDoc( "Testing user can not read, write and delete a document", emlVersion, null, null, null, null, getAccessBlock(anotheruser, true, true, false, false, false), null, null, null, null); updateDocumentId(newdocid + ".3", testdocument, FAILURE, true); // fails to delete the document deleteDocumentId(newdocid + ".2", FAILURE, true); // logout debug("logging out"); m.logout(); // ====3 inserts a document with access rules (allowFirst) - allow // ALL rule for another user, // deny ALL rule for public. accessRule1 = generateOneAccessRule(anotheruser, true, true, true, true, true); accessRule2 = generateOneAccessRule("public", false, true, true, true, true); accessRules = new Vector(); accessRules.add(accessRule1); accessRules.add(accessRule2); access = getAccessBlock(accessRules, ALLOWFIRST); debug("Test 3; the access part is " + access); testdocument = getTestEmlDoc( "Testing user can not read, write and delete a document", emlVersion, null, null, null, null, access, null, null, null, null); // login debug("logging in as: username=" + username + " password=" + password); m.login(username, password); updateDocumentId(newdocid + ".3", testdocument, SUCCESS, false); debug("logging out"); m.logout(); // login as another user debug("logging in as: anotheruser=" + anotheruser + " anotherpassword=" + anotherpassword); m.login(anotheruser, anotherpassword); // fails to read this document readDocumentIdWhichEqualsDoc(newdocid + ".3", testdocument, FAILURE, true); // fails to update this document updateDocumentId(newdocid + ".4", testdocument, FAILURE, true); // fails to update access part testdocument = getTestEmlDoc( "Testing user can not read, write and delete a document", emlVersion, null, null, null, null, getAccessBlock(anotheruser, true, true, false, false, false), null, null, null, null); updateDocumentId(newdocid + ".4", testdocument, FAILURE, true); // fails to delete the document deleteDocumentId(newdocid + ".3", FAILURE, true); // logout debug("logging out"); m.logout(); // ====4 The user updates this documents with access rules // (allowFirst) - allow READ and WRITE // rule for another user, deny WRITE rule for public. accessRule1 = generateOneAccessRule(anotheruser, true, true, true, false, false); accessRule2 = generateOneAccessRule("public", false, false, true, false, false); accessRules = new Vector(); accessRules.add(accessRule1); accessRules.add(accessRule2); access = getAccessBlock(accessRules, ALLOWFIRST); debug("Test 4: the access part is " + access); testdocument = getTestEmlDoc( "Testing user can not read, write and delete a document", emlVersion, null, null, null, null, access, null, null, null, null); // login debug("logging in as: username=" + username + " password=" + password); m.login(username, password); updateDocumentId(newdocid + ".4", testdocument, SUCCESS, false); m.logout(); debug("logging out"); // login as another user debug("logging in as: anotheruser=" + anotheruser + " anotherpassword=" + anotherpassword); m.login(anotheruser, anotherpassword); // fails to read this document readDocumentIdWhichEqualsDoc(newdocid + ".4", testdocument, SUCCESS, false); // fails to update this document updateDocumentId(newdocid + ".5", testdocument, FAILURE, true); // fails to update access part testdocument = getTestEmlDoc( "Testing user can not read, write and delete a document", emlVersion, null, null, null, null, getAccessBlock(anotheruser, true, true, false, false, false), null, null, null, null); updateDocumentId(newdocid + ".5", testdocument, FAILURE, true); // fails to delete the document deleteDocumentId(newdocid + ".4", FAILURE, true); // logout m.logout(); // ====5. The user updates this documents with access rules // (allowFirst) - allow READ and WRITE // rule for another user, deny READ rule for public. accessRule1 = generateOneAccessRule(anotheruser, true, true, true, false, false); accessRule2 = generateOneAccessRule("public", false, true, false, false, false); accessRules = new Vector(); accessRules.add(accessRule1); accessRules.add(accessRule2); access = getAccessBlock(accessRules, ALLOWFIRST); debug("Test 5: the access part is " + access); testdocument = getTestEmlDoc( "Testing user can not read, write and delete a document", emlVersion, null, null, null, null, access, null, null, null, null); // login debug("logging in as: username=" + username + " password=" + password); m.login(username, password); updateDocumentId(newdocid + ".5", testdocument, SUCCESS, false); debug("logging out"); m.logout(); // login as another user debug("logging in as: anotheruser=" + anotheruser + " anotherpassword=" + anotherpassword); m.login(anotheruser, anotherpassword); // fails to read this document readDocumentIdWhichEqualsDoc(newdocid + ".5", testdocument, FAILURE, true); // fails to update this document updateDocumentId(newdocid + ".6", testdocument, SUCCESS, false); // fails to update access part testdocument = getTestEmlDoc( "Testing user can not read, write and delete a document", emlVersion, null, null, null, null, getAccessBlock(anotheruser, true, true, false, false, false), null, null, null, null); updateDocumentId(newdocid + ".7", testdocument, FAILURE, true); // fails to delete the document deleteDocumentId(newdocid + ".6", FAILURE, true); // logout debug("logging out"); m.logout(); // ====6 inserts a document with access rules (allowFirst) - allow // READ rule for another user, // deny READ rule for a group // (cn=knb-usr,o=nceas,dc=ecoinformatics,dc=org and another user is // in this group). accessRule1 = generateOneAccessRule(anotheruser, true, true, false, false, false); accessRule2 = generateOneAccessRule( "cn=knb-usr,o=nceas,dc=ecoinformatics,dc=org", false, true, false, false, false); accessRules = new Vector(); accessRules.add(accessRule1); accessRules.add(accessRule2); access = getAccessBlock(accessRules, ALLOWFIRST); debug("Test 6: the access part is " + access); testdocument = getTestEmlDoc( "Testing user can not read, write and delete a document", emlVersion, null, null, null, null, access, null, null, null, null); // login debug("logging in as: username=" + username + " password=" + password); m.login(username, password); updateDocumentId(newdocid + ".7", testdocument, SUCCESS, false); debug("logging out"); m.logout(); // login as another user debug("logging in as: anotheruser=" + anotheruser + " anotherpassword=" + anotherpassword); m.login(anotheruser, anotherpassword); // fails to read this document readDocumentIdWhichEqualsDoc(newdocid + ".7", testdocument, FAILURE, true); // fails to update this document updateDocumentId(newdocid + ".8", testdocument, FAILURE, true); // fails to update access part testdocument = getTestEmlDoc( "Testing user can not read, write and delete a document", emlVersion, null, null, null, null, getAccessBlock(anotheruser, true, true, false, false, false), null, null, null, null); updateDocumentId(newdocid + ".8", testdocument, FAILURE, true); // fails to delete the document deleteDocumentId(newdocid + ".7", FAILURE, true); // logout debug("logging out"); m.logout(); // ====7 inserts a document with access rules (allowFirst) - allow // READ and WRITE rule for another // user, deny READ and WRITE rule for a group // (cn=knb-usr,o=nceas,dc=ecoinformatics,dc=org and // the other user is in this group) accessRule1 = generateOneAccessRule(anotheruser, true, true, true, false, false); accessRule2 = generateOneAccessRule( "cn=knb-usr,o=nceas,dc=ecoinformatics,dc=org", false, true, true, false, false); accessRules = new Vector(); accessRules.add(accessRule1); accessRules.add(accessRule2); access = getAccessBlock(accessRules, ALLOWFIRST); debug("Test 7: the access part is " + access); testdocument = getTestEmlDoc( "Testing user can not read, write and delete a document", emlVersion, null, null, null, null, access, null, null, null, null); // login debug("logging in as: username=" + username + " password=" + password); m.login(username, password); updateDocumentId(newdocid + ".8", testdocument, SUCCESS, false); debug("logging out"); m.logout(); // login as another user debug("logging in as: anotheruser=" + anotheruser + " anotherpassword=" + anotherpassword); m.login(anotheruser, anotherpassword); // fails to read this document readDocumentIdWhichEqualsDoc(newdocid + ".8", testdocument, FAILURE, true); // fails to update this document updateDocumentId(newdocid + ".9", testdocument, FAILURE, true); // fails to update access part testdocument = getTestEmlDoc( "Testing user can not read, write and delete a document", emlVersion, null, null, null, null, getAccessBlock(anotheruser, true, true, false, false, false), null, null, null, null); updateDocumentId(newdocid + ".9", testdocument, FAILURE, true); // fails to delete the document deleteDocumentId(newdocid + ".8", FAILURE, true); // logout debug("logging out"); m.logout(); // ====8 inserts a document with access rules (allowFirst) - allow // ALL rule for another user, // deny ALL rule for a group // (cn=knb-usr,o=nceas,dc=ecoinformatics,dc=org and the other user // is in this group) accessRule1 = generateOneAccessRule(anotheruser, true, true, true, true, true); accessRule2 = generateOneAccessRule( "cn=knb-usr,o=nceas,dc=ecoinformatics,dc=org", false, true, true, true, true); accessRules = new Vector(); accessRules.add(accessRule1); accessRules.add(accessRule2); access = getAccessBlock(accessRules, ALLOWFIRST); debug("Test 8: the access part is " + access); testdocument = getTestEmlDoc( "Testing user can not read, write and delete a document", emlVersion, null, null, null, null, access, null, null, null, null); // login debug("logging in as: username=" + username + " password=" + password); m.login(username, password); updateDocumentId(newdocid + ".9", testdocument, SUCCESS, false); debug("logging out"); m.logout(); // login as another user debug("logging in as: anotheruser=" + anotheruser + " anotherpassword=" + anotherpassword); m.login(anotheruser, anotherpassword); // fails to read this document readDocumentIdWhichEqualsDoc(newdocid + ".9", testdocument, FAILURE, true); // fails to update this document updateDocumentId(newdocid + ".10", testdocument, FAILURE, true); // fails to update access part testdocument = getTestEmlDoc( "Testing user can not read, write and delete a document", emlVersion, null, null, null, null, getAccessBlock(anotheruser, true, true, false, false, false), null, null, null, null); updateDocumentId(newdocid + ".10", testdocument, FAILURE, true); // fails to delete the document deleteDocumentId(newdocid + ".9", FAILURE, true); // logout debug("logging out"); m.logout(); // ====9 The user updates this documents with access rules // (allowFirst) - allow READ and WRITE // rule for another user, deny WRITE rule for a group // (cn=knb-usr,o=nceas,dc=ecoinformatics,dc=org // and another user is in this group). accessRule1 = generateOneAccessRule(anotheruser, true, true, true, false, false); accessRule2 = generateOneAccessRule( "cn=knb-usr,o=nceas,dc=ecoinformatics,dc=org", false, false, true, false, false); accessRules = new Vector(); accessRules.add(accessRule1); accessRules.add(accessRule2); access = getAccessBlock(accessRules, ALLOWFIRST); debug("Test 9: the access part is " + access); testdocument = getTestEmlDoc( "Testing user can not read, write and delete a document", emlVersion, null, null, null, null, access, null, null, null, null); // login debug("logging in as: username=" + username + " password=" + password); m.login(username, password); updateDocumentId(newdocid + ".10", testdocument, SUCCESS, false); debug("logging out"); m.logout(); // login as another user debug("logging in as: anotheruser=" + anotheruser + " anotherpassword=" + anotherpassword); m.login(anotheruser, anotherpassword); // succeed to read this document readDocumentIdWhichEqualsDoc(newdocid + ".10", testdocument, SUCCESS, false); // fails to update this document updateDocumentId(newdocid + ".11", testdocument, FAILURE, true); // fails to update access part testdocument = getTestEmlDoc( "Testing user can not read, write and delete a document", emlVersion, null, null, null, null, getAccessBlock(anotheruser, true, true, false, false, false), null, null, null, null); updateDocumentId(newdocid + ".11", testdocument, FAILURE, true); // fails to delete the document deleteDocumentId(newdocid + ".10", FAILURE, true); // logout debug("logging out"); m.logout(); // ====10. The user updates this documents with access rules // (allowFirst) - allow READ and WRITE // rule for another user, deny READ rule for a // group(cn=knb-usr,o=nceas,dc=ecoinformatics,dc=org and // another user is in this group). accessRule1 = generateOneAccessRule(anotheruser, true, true, true, false, false); accessRule2 = generateOneAccessRule( "cn=knb-usr,o=nceas,dc=ecoinformatics,dc=org", false, true, false, false, false); accessRules = new Vector(); accessRules.add(accessRule1); accessRules.add(accessRule2); access = getAccessBlock(accessRules, ALLOWFIRST); debug("Test 10: the access part is " + access); testdocument = getTestEmlDoc( "Testing user can not read, write and delete a document", emlVersion, null, null, null, null, access, null, null, null, null); // login debug("logging in as: username=" + username + " password=" + password); m.login(username, password); updateDocumentId(newdocid + ".11", testdocument, SUCCESS, false); debug("logging out"); m.logout(); // login as another user debug("logging in as: anotheruser=" + anotheruser + " anotherpassword=" + anotherpassword); m.login(anotheruser, anotherpassword); // fails to read this document readDocumentIdWhichEqualsDoc(newdocid + ".11", testdocument, FAILURE, true); // succeed to update this document updateDocumentId(newdocid + ".12", testdocument, SUCCESS, false); // fails to update access part testdocument = getTestEmlDoc( "Testing user can not read, write and delete a document", emlVersion, null, null, null, null, getAccessBlock(anotheruser, true, true, false, false, false), null, null, null, null); updateDocumentId(newdocid + ".13", testdocument, FAILURE, true); // fails to delete the document deleteDocumentId(newdocid + ".12", FAILURE, true); // logout debug("logging out"); m.logout(); } catch (MetacatAuthException mae) { fail("Authorization failed:\n" + mae.getMessage()); } catch (MetacatInaccessibleException mie) { fail("Metacat Inaccessible:\n" + mie.getMessage()); } catch (Exception e) { fail("General exception:\n" + e.getMessage()); } } /** * Tests a version 2.1.0 EML document when permission order is allowFirst, * the combination of allow and deny rules affect user to read, update and * delete a document. Here are test cases 1.An user inserts a document with * access rules (allowFirst) - allow READ rule for another user, deny READ * rule for public. Another user reads this document - failure Another user * updates this document(except access part) -failure Another user updates * this document(access part) -failure Another user deletes this document - * failure 2. The user updates this documents with access rules (allowFirst) - * allow READ and WRITE rule for another user, deny READ and WRITE rule for * public. Another user reads this document - failure Another user updates * this document(except access part) -failure Another user updates this * document(access part) -failure Another user deletes this document - * failure 3. The user updates this documents with access rules (allowFirst) - * allow ALL rule for another user, deny ALL rule for public. Another user * reads this document - failure Another user updates this document(except * access part) -failure Another user updates this document(access part) * -failure Another user deletes this document - failure 4. The user updates * this documents with access rules (allowFirst) - allow READ and WRITE rule * for another user, deny WRITE rule for public. Another user reads this * document - success Another user updates this document(except access part) * -failure Another user updates this document(access part) -failure Another * user deletes this document - failure 5. The user updates this documents * with access rules (allowFirst) - allow READ and WRITE rule for another * user, deny READ rule for public. Another user reads this document - * failure Another user updates this document(except access part) - success * Another user updates this document(access part) -failure Another user * deletes this document - failure 6. The user updates this documents with * access rules (allowFirst) - allow READ rule for another user, deny READ * rule for a group (which another user is in the group) Another user reads * this document - failure Another user updates this document(except access * part) -failure Another user updates this document(access part) -failure * Another user deletes this document - failure 7. The user updates this * documents with access rules (allowFirst) - allow READ and WRITE rule for * another user, deny READ and WRITE rule for a group (which another user is * in the group) Another user reads this document - failure Another user * updates this document(except access part) -failure Another user updates * this document(access part) -failure Another user deletes this document - * failure 8. The user updates this documents with access rules (allowFirst) - * allow ALL rule for another user, deny ALL rule for a group (which another * user is in the group) Another user reads this document - failure Another * user updates this document(except access part) -failure Another user * updates this document(access part) -failure Another user deletes this * document - failure 9. The user updates this documents with access rules * (allowFirst) - allow READ and WRITE rule for another user, deny WRITE * rule for a group (which another user is in the group) Another user reads * this document - success Another user updates this document(except access * part) -failure Another user updates this document(access part) -failure * Another user deletes this document - failure 10. The user updates this * documents with access rules (allowFirst) - allow READ and WRITE rule for * another user, deny READ rule for a group (which another user is in the * group) Another user reads this document - failure Another user updates * this document(except access part) - success Another user updates this * document(access part) -failure Another user deletes this document - * failure */ public void test210AllowFirst() { try { debug("\nRunning: test210AllowFirst test"); String emlVersion = EML2_1_0; newdocid = generateDocumentId(); // ====1 inserts a document with access rules (allowFirst) - allow // READ rule for another user, // deny READ rule for public. String accessRule1 = generateOneAccessRule(anotheruser, true, true, false, false, false); String accessRule2 = generateOneAccessRule("public", false, true, false, false, false); Vector accessRules = new Vector(); accessRules.add(accessRule1); accessRules.add(accessRule2); String access = getAccessBlock(accessRules, ALLOWFIRST); debug("Test 1: the access part is " + access); testdocument = getTestEmlDoc( "Testing user can not read, write and delete a document", emlVersion, null, null, null, null, access, null, null, null, null); // login debug("logging in as: username=" + username + " password=" + password); m.login(username, password); insertDocumentId(newdocid + ".1", testdocument, SUCCESS, false); debug("logging out"); m.logout(); // login as another user debug("logging in as: anotheruser=" + anotheruser + " anotherpassword=" + anotherpassword); m.login(anotheruser, anotherpassword); // fails to read this document readDocumentIdWhichEqualsDoc(newdocid + ".1", testdocument, FAILURE, true); // fails to update this document updateDocumentId(newdocid + ".2", testdocument, FAILURE, true); // fails to update access part testdocument = getTestEmlDoc( "Testing user can not read, write and delete a document", emlVersion, null, null, null, null, getAccessBlock(anotheruser, true, true, false, false, false), null, null, null, null); updateDocumentId(newdocid + ".2", testdocument, FAILURE, true); // fails to delete the document deleteDocumentId(newdocid + ".1", FAILURE, true); // logout debug("logging out"); m.logout(); // ====2 inserts a document with access rules (allowFirst) - allow // READ and WRITE rule for another user, // deny READ and WRITE rule for public. accessRule1 = generateOneAccessRule(anotheruser, true, true, true, false, false); accessRule2 = generateOneAccessRule("public", false, true, true, false, false); accessRules = new Vector(); accessRules.add(accessRule1); accessRules.add(accessRule2); access = getAccessBlock(accessRules, ALLOWFIRST); debug("Test 2: the access part is " + access); testdocument = getTestEmlDoc( "Testing user can not read, write and delete a document", emlVersion, null, null, null, null, access, null, null, null, null); // login debug("logging in as: username=" + username + " password=" + password); m.login(username, password); updateDocumentId(newdocid + ".2", testdocument, SUCCESS, false); debug("logging out"); m.logout(); // login as another user debug("logging in as: anotheruser=" + anotheruser + " anotherpassword=" + anotherpassword); m.login(anotheruser, anotherpassword); // fails to read this document readDocumentIdWhichEqualsDoc(newdocid + ".2", testdocument, FAILURE, true); // fails to update this document updateDocumentId(newdocid + ".3", testdocument, FAILURE, true); // fails to update access part testdocument = getTestEmlDoc( "Testing user can not read, write and delete a document", emlVersion, null, null, null, null, getAccessBlock(anotheruser, true, true, false, false, false), null, null, null, null); updateDocumentId(newdocid + ".3", testdocument, FAILURE, true); // fails to delete the document deleteDocumentId(newdocid + ".2", FAILURE, true); // logout debug("logging out"); m.logout(); // ====3 inserts a document with access rules (allowFirst) - allow // ALL rule for another user, // deny ALL rule for public. accessRule1 = generateOneAccessRule(anotheruser, true, true, true, true, true); accessRule2 = generateOneAccessRule("public", false, true, true, true, true); accessRules = new Vector(); accessRules.add(accessRule1); accessRules.add(accessRule2); access = getAccessBlock(accessRules, ALLOWFIRST); debug("Test 3; the access part is " + access); testdocument = getTestEmlDoc( "Testing user can not read, write and delete a document", emlVersion, null, null, null, null, access, null, null, null, null); // login debug("logging in as: username=" + username + " password=" + password); m.login(username, password); updateDocumentId(newdocid + ".3", testdocument, SUCCESS, false); debug("logging out"); m.logout(); // login as another user debug("logging in as: anotheruser=" + anotheruser + " anotherpassword=" + anotherpassword); m.login(anotheruser, anotherpassword); // fails to read this document readDocumentIdWhichEqualsDoc(newdocid + ".3", testdocument, FAILURE, true); // fails to update this document updateDocumentId(newdocid + ".4", testdocument, FAILURE, true); // fails to update access part testdocument = getTestEmlDoc( "Testing user can not read, write and delete a document", emlVersion, null, null, null, null, getAccessBlock(anotheruser, true, true, false, false, false), null, null, null, null); updateDocumentId(newdocid + ".4", testdocument, FAILURE, true); // fails to delete the document deleteDocumentId(newdocid + ".3", FAILURE, true); // logout debug("logging out"); m.logout(); // ====4 The user updates this documents with access rules // (allowFirst) - allow READ and WRITE // rule for another user, deny WRITE rule for public. accessRule1 = generateOneAccessRule(anotheruser, true, true, true, false, false); accessRule2 = generateOneAccessRule("public", false, false, true, false, false); accessRules = new Vector(); accessRules.add(accessRule1); accessRules.add(accessRule2); access = getAccessBlock(accessRules, ALLOWFIRST); debug("Test 4: the access part is " + access); testdocument = getTestEmlDoc( "Testing user can not read, write and delete a document", emlVersion, null, null, null, null, access, null, null, null, null); // login debug("logging in as: username=" + username + " password=" + password); m.login(username, password); updateDocumentId(newdocid + ".4", testdocument, SUCCESS, false); m.logout(); debug("logging out"); // login as another user debug("logging in as: anotheruser=" + anotheruser + " anotherpassword=" + anotherpassword); m.login(anotheruser, anotherpassword); // fails to read this document readDocumentIdWhichEqualsDoc(newdocid + ".4", testdocument, SUCCESS, false); // fails to update this document updateDocumentId(newdocid + ".5", testdocument, FAILURE, true); // fails to update access part testdocument = getTestEmlDoc( "Testing user can not read, write and delete a document", emlVersion, null, null, null, null, getAccessBlock(anotheruser, true, true, false, false, false), null, null, null, null); updateDocumentId(newdocid + ".5", testdocument, FAILURE, true); // fails to delete the document deleteDocumentId(newdocid + ".4", FAILURE, true); // logout m.logout(); // ====5. The user updates this documents with access rules // (allowFirst) - allow READ and WRITE // rule for another user, deny READ rule for public. accessRule1 = generateOneAccessRule(anotheruser, true, true, true, false, false); accessRule2 = generateOneAccessRule("public", false, true, false, false, false); accessRules = new Vector(); accessRules.add(accessRule1); accessRules.add(accessRule2); access = getAccessBlock(accessRules, ALLOWFIRST); debug("Test 5: the access part is " + access); testdocument = getTestEmlDoc( "Testing user can not read, write and delete a document", emlVersion, null, null, null, null, access, null, null, null, null); // login debug("logging in as: username=" + username + " password=" + password); m.login(username, password); updateDocumentId(newdocid + ".5", testdocument, SUCCESS, false); debug("logging out"); m.logout(); // login as another user debug("logging in as: anotheruser=" + anotheruser + " anotherpassword=" + anotherpassword); m.login(anotheruser, anotherpassword); // fails to read this document readDocumentIdWhichEqualsDoc(newdocid + ".5", testdocument, FAILURE, true); // fails to update this document updateDocumentId(newdocid + ".6", testdocument, SUCCESS, false); // fails to update access part testdocument = getTestEmlDoc( "Testing user can not read, write and delete a document", emlVersion, null, null, null, null, getAccessBlock(anotheruser, true, true, false, false, false), null, null, null, null); updateDocumentId(newdocid + ".7", testdocument, FAILURE, true); // fails to delete the document deleteDocumentId(newdocid + ".6", FAILURE, true); // logout debug("logging out"); m.logout(); // ====6 inserts a document with access rules (allowFirst) - allow // READ rule for another user, // deny READ rule for a group // (cn=knb-usr,o=nceas,dc=ecoinformatics,dc=org and another user is // in this group). accessRule1 = generateOneAccessRule(anotheruser, true, true, false, false, false); accessRule2 = generateOneAccessRule( "cn=knb-usr,o=nceas,dc=ecoinformatics,dc=org", false, true, false, false, false); accessRules = new Vector(); accessRules.add(accessRule1); accessRules.add(accessRule2); access = getAccessBlock(accessRules, ALLOWFIRST); debug("Test 6: the access part is " + access); testdocument = getTestEmlDoc( "Testing user can not read, write and delete a document", emlVersion, null, null, null, null, access, null, null, null, null); // login debug("logging in as: username=" + username + " password=" + password); m.login(username, password); updateDocumentId(newdocid + ".7", testdocument, SUCCESS, false); debug("logging out"); m.logout(); // login as another user debug("logging in as: anotheruser=" + anotheruser + " anotherpassword=" + anotherpassword); m.login(anotheruser, anotherpassword); // fails to read this document readDocumentIdWhichEqualsDoc(newdocid + ".7", testdocument, FAILURE, true); // fails to update this document updateDocumentId(newdocid + ".8", testdocument, FAILURE, true); // fails to update access part testdocument = getTestEmlDoc( "Testing user can not read, write and delete a document", emlVersion, null, null, null, null, getAccessBlock(anotheruser, true, true, false, false, false), null, null, null, null); updateDocumentId(newdocid + ".8", testdocument, FAILURE, true); // fails to delete the document deleteDocumentId(newdocid + ".7", FAILURE, true); // logout debug("logging out"); m.logout(); // ====7 inserts a document with access rules (allowFirst) - allow // READ and WRITE rule for another // user, deny READ and WRITE rule for a group // (cn=knb-usr,o=nceas,dc=ecoinformatics,dc=org and // the other user is in this group) accessRule1 = generateOneAccessRule(anotheruser, true, true, true, false, false); accessRule2 = generateOneAccessRule( "cn=knb-usr,o=nceas,dc=ecoinformatics,dc=org", false, true, true, false, false); accessRules = new Vector(); accessRules.add(accessRule1); accessRules.add(accessRule2); access = getAccessBlock(accessRules, ALLOWFIRST); debug("Test 7: the access part is " + access); testdocument = getTestEmlDoc( "Testing user can not read, write and delete a document", emlVersion, null, null, null, null, access, null, null, null, null); // login debug("logging in as: username=" + username + " password=" + password); m.login(username, password); updateDocumentId(newdocid + ".8", testdocument, SUCCESS, false); debug("logging out"); m.logout(); // login as another user debug("logging in as: anotheruser=" + anotheruser + " anotherpassword=" + anotherpassword); m.login(anotheruser, anotherpassword); // fails to read this document readDocumentIdWhichEqualsDoc(newdocid + ".8", testdocument, FAILURE, true); // fails to update this document updateDocumentId(newdocid + ".9", testdocument, FAILURE, true); // fails to update access part testdocument = getTestEmlDoc( "Testing user can not read, write and delete a document", emlVersion, null, null, null, null, getAccessBlock(anotheruser, true, true, false, false, false), null, null, null, null); updateDocumentId(newdocid + ".9", testdocument, FAILURE, true); // fails to delete the document deleteDocumentId(newdocid + ".8", FAILURE, true); // logout debug("logging out"); m.logout(); // ====8 inserts a document with access rules (allowFirst) - allow // ALL rule for another user, // deny ALL rule for a group // (cn=knb-usr,o=nceas,dc=ecoinformatics,dc=org and the other user // is in this group) accessRule1 = generateOneAccessRule(anotheruser, true, true, true, true, true); accessRule2 = generateOneAccessRule( "cn=knb-usr,o=nceas,dc=ecoinformatics,dc=org", false, true, true, true, true); accessRules = new Vector(); accessRules.add(accessRule1); accessRules.add(accessRule2); access = getAccessBlock(accessRules, ALLOWFIRST); debug("Test 8: the access part is " + access); testdocument = getTestEmlDoc( "Testing user can not read, write and delete a document", emlVersion, null, null, null, null, access, null, null, null, null); // login debug("logging in as: username=" + username + " password=" + password); m.login(username, password); updateDocumentId(newdocid + ".9", testdocument, SUCCESS, false); debug("logging out"); m.logout(); // login as another user debug("logging in as: anotheruser=" + anotheruser + " anotherpassword=" + anotherpassword); m.login(anotheruser, anotherpassword); // fails to read this document readDocumentIdWhichEqualsDoc(newdocid + ".9", testdocument, FAILURE, true); // fails to update this document updateDocumentId(newdocid + ".10", testdocument, FAILURE, true); // fails to update access part testdocument = getTestEmlDoc( "Testing user can not read, write and delete a document", emlVersion, null, null, null, null, getAccessBlock(anotheruser, true, true, false, false, false), null, null, null, null); updateDocumentId(newdocid + ".10", testdocument, FAILURE, true); // fails to delete the document deleteDocumentId(newdocid + ".9", FAILURE, true); // logout debug("logging out"); m.logout(); // ====9 The user updates this documents with access rules // (allowFirst) - allow READ and WRITE // rule for another user, deny WRITE rule for a group // (cn=knb-usr,o=nceas,dc=ecoinformatics,dc=org // and another user is in this group). accessRule1 = generateOneAccessRule(anotheruser, true, true, true, false, false); accessRule2 = generateOneAccessRule( "cn=knb-usr,o=nceas,dc=ecoinformatics,dc=org", false, false, true, false, false); accessRules = new Vector(); accessRules.add(accessRule1); accessRules.add(accessRule2); access = getAccessBlock(accessRules, ALLOWFIRST); debug("Test 9: the access part is " + access); testdocument = getTestEmlDoc( "Testing user can not read, write and delete a document", emlVersion, null, null, null, null, access, null, null, null, null); // login debug("logging in as: username=" + username + " password=" + password); m.login(username, password); updateDocumentId(newdocid + ".10", testdocument, SUCCESS, false); debug("logging out"); m.logout(); // login as another user debug("logging in as: anotheruser=" + anotheruser + " anotherpassword=" + anotherpassword); m.login(anotheruser, anotherpassword); // succeed to read this document readDocumentIdWhichEqualsDoc(newdocid + ".10", testdocument, SUCCESS, false); // fails to update this document updateDocumentId(newdocid + ".11", testdocument, FAILURE, true); // fails to update access part testdocument = getTestEmlDoc( "Testing user can not read, write and delete a document", emlVersion, null, null, null, null, getAccessBlock(anotheruser, true, true, false, false, false), null, null, null, null); updateDocumentId(newdocid + ".11", testdocument, FAILURE, true); // fails to delete the document deleteDocumentId(newdocid + ".10", FAILURE, true); // logout debug("logging out"); m.logout(); // ====10. The user updates this documents with access rules // (allowFirst) - allow READ and WRITE // rule for another user, deny READ rule for a // group(cn=knb-usr,o=nceas,dc=ecoinformatics,dc=org and // another user is in this group). accessRule1 = generateOneAccessRule(anotheruser, true, true, true, false, false); accessRule2 = generateOneAccessRule( "cn=knb-usr,o=nceas,dc=ecoinformatics,dc=org", false, true, false, false, false); accessRules = new Vector(); accessRules.add(accessRule1); accessRules.add(accessRule2); access = getAccessBlock(accessRules, ALLOWFIRST); debug("Test 10: the access part is " + access); testdocument = getTestEmlDoc( "Testing user can not read, write and delete a document", emlVersion, null, null, null, null, access, null, null, null, null); // login debug("logging in as: username=" + username + " password=" + password); m.login(username, password); updateDocumentId(newdocid + ".11", testdocument, SUCCESS, false); debug("logging out"); m.logout(); // login as another user debug("logging in as: anotheruser=" + anotheruser + " anotherpassword=" + anotherpassword); m.login(anotheruser, anotherpassword); // fails to read this document readDocumentIdWhichEqualsDoc(newdocid + ".11", testdocument, FAILURE, true); // succeed to update this document updateDocumentId(newdocid + ".12", testdocument, SUCCESS, false); // fails to update access part testdocument = getTestEmlDoc( "Testing user can not read, write and delete a document", emlVersion, null, null, null, null, getAccessBlock(anotheruser, true, true, false, false, false), null, null, null, null); updateDocumentId(newdocid + ".13", testdocument, FAILURE, true); // fails to delete the document deleteDocumentId(newdocid + ".12", FAILURE, true); // logout debug("logging out"); m.logout(); } catch (MetacatAuthException mae) { fail("Authorization failed:\n" + mae.getMessage()); } catch (MetacatInaccessibleException mie) { fail("Metacat Inaccessible:\n" + mie.getMessage()); } catch (Exception e) { fail("General exception:\n" + e.getMessage()); } } /** * NOTE: as of Metacat 2.0.0, denyFirst permOrder is not supported. * Access rules with denyFirst are ignored and only the document owner * has access to the object (default). * * Tests Tests a version 2.0.1 EML document when permission order is * denyFirst, the combination of allow and deny rules affect user to read, * update and delete a document. Here are test cases 1.An user inserts a * document with access rules (denyFirst) - allow READ rule for another * user, deny READ rule for public. Another user reads this document - * success Another user updates this document(except access part) -failure * Another user updates this document(access part) -failure Another user * deletes this document - failure 2. The user updates this documents with * access rules (denyFirst) - allow READ and WRITE rule for another user, * deny READ and WRITE rule for public. Another user reads this document - * success Another user updates this document(except access part) -success * Another user updates this document(access part) -failure Another user * deletes this document - failure 3. The user updates this documents with * access rules (denyFirst) - allow ALL rule for another user, deny ALL rule * for public. Another user reads this document - success Another user * updates this document(except access part) -success Another user updates * this document(access part) -success Another user deletes this document - * success 4. The user updates this documents with access rules (denyFirst) - * allow READ and WRITE rule for another user, deny WRITE rule for public. * Another user reads this document - success Another user updates this * document(except access part) -success Another user updates this * document(access part) -failure Another user deletes this document - * failure 5. The user updates this documents with access rules (denyFirst) - * allow READ and WRITE rule for another user, deny READ rule for public. * Another user reads this document - success Another user updates this * document(except access part) - success Another user updates this * document(access part) -failure Another user deletes this document - * failure 6. The user updates this documents with access rules (denyFirst) - * allow READ rule for another user, deny READ rule for a group (which * another user is in the group) Another user reads this document - success * Another user updates this document(except access part) -failure Another * user updates this document(access part) -failure Another user deletes * this document - failure 7. The user updates this documents with access * rules (denyFirst) - allow READ and WRITE rule for another user, deny READ * and WRITE rule for a group (which another user is in the group) Another * user reads this document - success Another user updates this * document(except access part) - success Another user updates this * document(access part) -failure Another user deletes this document - * failure 8. The user updates this documents with access rules (denyFirst) - * allow ALL rule for another user, deny ALL rule for a group (which another * user is in the group) Another user reads this document - success Another * user updates this document(except access part) - success Another user * updates this document(access part) - success Another user deletes this * document - success 9. The user updates this documents with access rules * (denyFirst) - allow READ and WRITE rule for another user, deny WRITE rule * for a group (which another user is in the group) Another user reads this * document - success Another user updates this document(except access part) - * success Another user updates this document(access part) - failure Another * user deletes this document - failure 10. The user updates this documents * with access rules (denyFirst) - allow READ and WRITE rule for another * user, deny READ rule for a group (which another user is in the group) * Another user reads this document - success Another user updates this * document(except access part) - success Another user updates this * document(access part) -failure Another user deletes this document - * failure */ public void test201DenyFirst() { debug("\nRunning: test201DenyFirstIgnore()"); String emlVersion = EML2_0_1; try { newdocid = generateDocumentId(); // ====1 inserts a document with access rules (denyFirst) - allow // READ rule for another user, // deny READ rule for public. // all are ignored String accessRule1 = generateOneAccessRule(anotheruser, true, true, false, false, false); String accessRule2 = generateOneAccessRule("public", false, true, false, false, false); Vector accessRules = new Vector(); accessRules.add(accessRule1); accessRules.add(accessRule2); String access = getAccessBlock(accessRules, DENYFIRST); debug("Test 1: the access part is " + access); testdocument = getTestEmlDoc( "Testing user can not read, write and delete a document", emlVersion, null, null, null, null, access, null, null, null, null); // login debug("logging in as: username=" + username + " password=" + password); m.login(username, password); insertDocumentId(newdocid + ".1", testdocument, SUCCESS, false); debug("logging out"); m.logout(); // login as another user debug("logging in as: anotheruser=" + anotheruser + " anotherpassword=" + anotherpassword); m.login(anotheruser, anotherpassword); // fails to read this document readDocumentIdWhichEqualsDoc(newdocid + ".1", testdocument, FAILURE, true); // fails to update this document updateDocumentId(newdocid + ".2", testdocument, FAILURE, true); // fails to update access part testdocument = getTestEmlDoc( "Testing user can not read, write and delete a document", emlVersion, null, null, null, null, getAccessBlock(anotheruser, true, true, false, false, false), null, null, null, null); updateDocumentId(newdocid + ".2", testdocument, FAILURE, true); // fails to delete the document deleteDocumentId(newdocid + ".1", FAILURE, true); // logout debug("logging out"); m.logout(); // ====2 inserts a document with access rules (denyFirst) - allow // READ and WRITE rule for another user, // deny READ and WRITE rule for public. accessRule1 = generateOneAccessRule(anotheruser, true, true, true, false, false); accessRule2 = generateOneAccessRule("public", false, true, true, false, false); accessRules = new Vector(); accessRules.add(accessRule1); accessRules.add(accessRule2); access = getAccessBlock(accessRules, DENYFIRST); debug("Test 2: the access part is " + access); testdocument = getTestEmlDoc( "Testing user can not read, write and delete a document", emlVersion, null, null, null, null, access, null, null, null, null); // login debug("logging in as: username=" + username + " password=" + password); m.login(username, password); updateDocumentId(newdocid + ".2", testdocument, SUCCESS, false); debug("logging out"); m.logout(); // login as another user debug("logging in as: anotheruser=" + anotheruser + " anotherpassword=" + anotherpassword); m.login(anotheruser, anotherpassword); // fails to read this document readDocumentIdWhichEqualsDoc(newdocid + ".2", testdocument, FAILURE, true); // fails to update this document updateDocumentId(newdocid + ".3", testdocument, FAILURE, true); // fails to update access part testdocument = getTestEmlDoc( "Testing user can not read, write and delete a document", emlVersion, null, null, null, null, getAccessBlock(anotheruser, true, true, false, false, false), null, null, null, null); updateDocumentId(newdocid + ".4", testdocument, FAILURE, true); // fails to delete the document deleteDocumentId(newdocid + ".3", FAILURE, true); // logout debug("logging out"); m.logout(); // ====3 inserts a document with access rules (denyFirst) - allow // ALL rule for another user, // deny ALL rule for public. accessRule1 = generateOneAccessRule(anotheruser, true, true, true, true, true); accessRule2 = generateOneAccessRule("public", false, true, true, true, true); accessRules = new Vector(); accessRules.add(accessRule1); accessRules.add(accessRule2); access = getAccessBlock(accessRules, DENYFIRST); debug("Test 3: the access part is " + access); testdocument = getTestEmlDoc( "Testing user can not read, write and delete a document", emlVersion, null, null, null, null, access, null, null, null, null); // login debug("logging in as: username=" + username + " password=" + password); m.login(username, password); updateDocumentId(newdocid + ".4", testdocument, SUCCESS, false); debug("logging out"); m.logout(); // login as another user debug("logging in as: anotheruser=" + anotheruser + " anotherpassword=" + anotherpassword); m.login(anotheruser, anotherpassword); // fails to read this document readDocumentIdWhichEqualsDoc(newdocid + ".4", testdocument, FAILURE, true); // fails to update this document updateDocumentId(newdocid + ".5", testdocument, FAILURE, true); // fails to update access part testdocument = getTestEmlDoc( "Testing user can not read, write and delete a document", emlVersion, null, null, null, null, getAccessBlock(anotheruser, true, true, true, true, true), null, null, null, null); updateDocumentId(newdocid + ".6", testdocument, FAILURE, true); // fails to delete the document deleteDocumentId(newdocid + ".6", FAILURE, true); // logout debug("logging out"); m.logout(); newdocid = generateDocumentId(); // ====4 The user updates this documents with access rules // (denyFirst) - allow READ and WRITE // rule for another user, deny WRITE rule for public. accessRule1 = generateOneAccessRule(anotheruser, true, true, true, false, false); accessRule2 = generateOneAccessRule("public", false, false, true, false, false); accessRules = new Vector(); accessRules.add(accessRule1); accessRules.add(accessRule2); access = getAccessBlock(accessRules, DENYFIRST); debug("Test 4: the access part is " + access); testdocument = getTestEmlDoc( "Testing user can not read, write and delete a document", emlVersion, null, null, null, null, access, null, null, null, null); // login debug("logging in as: username=" + username + " password=" + password); m.login(username, password); insertDocumentId(newdocid + ".1", testdocument, SUCCESS, false); debug("logging out"); m.logout(); // login as another user debug("logging in as: anotheruser=" + anotheruser + " anotherpassword=" + anotherpassword); m.login(anotheruser, anotherpassword); // fails to read this document readDocumentIdWhichEqualsDoc(newdocid + ".1", testdocument, FAILURE, true); // fails to update this document updateDocumentId(newdocid + ".2", testdocument, FAILURE, true); // fails to update access part testdocument = getTestEmlDoc( "Testing user can not read, write and delete a document", emlVersion, null, null, null, null, getAccessBlock(anotheruser, true, true, false, false, false), null, null, null, null); updateDocumentId(newdocid + ".3", testdocument, FAILURE, true); // fails to delete the document deleteDocumentId(newdocid + ".2", FAILURE, true); // logout debug("logging out"); m.logout(); // ====5. The user updates this documents with access rules // (allowFirst) - allow READ and WRITE // rule for another user, deny READ rule for public. accessRule1 = generateOneAccessRule(anotheruser, true, true, true, false, false); accessRule2 = generateOneAccessRule("public", false, true, false, false, false); accessRules = new Vector(); accessRules.add(accessRule1); accessRules.add(accessRule2); access = getAccessBlock(accessRules, DENYFIRST); debug("Test 5: the access part is " + access); testdocument = getTestEmlDoc( "Testing user can not read, write and delete a document", emlVersion, null, null, null, null, access, null, null, null, null); // login debug("logging in as: username=" + username + " password=" + password); m.login(username, password); updateDocumentId(newdocid + ".10", testdocument, SUCCESS, false); debug("logging out"); m.logout(); // login as another user debug("logging in as: anotheruser=" + anotheruser + " anotherpassword=" + anotherpassword); m.login(anotheruser, anotherpassword); // fails to read this document readDocumentIdWhichEqualsDoc(newdocid + ".10", testdocument, FAILURE, true); // fails to update this document updateDocumentId(newdocid + ".11", testdocument, FAILURE, true); // fails to update access part testdocument = getTestEmlDoc( "Testing user can not read, write and delete a document", emlVersion, null, null, null, null, getAccessBlock(anotheruser, true, true, false, false, false), null, null, null, null); updateDocumentId(newdocid + ".12", testdocument, FAILURE, true); // fails to delete the document deleteDocumentId(newdocid + ".12", FAILURE, true); // logout debug("logging out"); m.logout(); // ====6 inserts a document with access rules (denyFirst) - allow // READ rule for another user, // deny READ rule for a group // (cn=knb-usr,o=nceas,dc=ecoinformatics,dc=org and another user is // in this group). accessRule1 = generateOneAccessRule(anotheruser, true, true, false, false, false); accessRule2 = generateOneAccessRule( "cn=knb-usr,o=nceas,dc=ecoinformatics,dc=org", false, true, false, false, false); accessRules = new Vector(); accessRules.add(accessRule1); accessRules.add(accessRule2); access = getAccessBlock(accessRules, DENYFIRST); debug("Test 6: the access part is " + access); testdocument = getTestEmlDoc( "Testing user can not read, write and delete a document", emlVersion, null, null, null, null, access, null, null, null, null); // login debug("logging in as: username=" + username + " password=" + password); m.login(username, password); updateDocumentId(newdocid + ".13", testdocument, SUCCESS, false); debug("logging out"); m.logout(); // login as another user debug("logging in as: anotheruser=" + anotheruser + " anotherpassword=" + anotherpassword); m.login(anotheruser, anotherpassword); // fails to read this document readDocumentIdWhichEqualsDoc(newdocid + ".13", testdocument, FAILURE, true); // fails to update this document updateDocumentId(newdocid + ".14", testdocument, FAILURE, true); // fails to update access part testdocument = getTestEmlDoc( "Testing user can not read, write and delete a document", emlVersion, null, null, null, null, getAccessBlock(anotheruser, true, true, false, false, false), null, null, null, null); updateDocumentId(newdocid + ".14", testdocument, FAILURE, true); // fails to delete the document deleteDocumentId(newdocid + ".13", FAILURE, true); // logout debug("logging out"); m.logout(); // ====7 inserts a document with access rules (allowFirst) - allow // READ and WRITE rule for another // user, deny READ and WRITE rule for a group // (cn=knb-usr,o=nceas,dc=ecoinformatics,dc=org and // the other user is in this group) accessRule1 = generateOneAccessRule(anotheruser, true, true, true, false, false); accessRule2 = generateOneAccessRule( "cn=knb-usr,o=nceas,dc=ecoinformatics,dc=org", false, true, true, false, false); accessRules = new Vector(); accessRules.add(accessRule1); accessRules.add(accessRule2); access = getAccessBlock(accessRules, DENYFIRST); debug("Test 7: the access part is " + access); testdocument = getTestEmlDoc( "Testing user can not read, write and delete a document", emlVersion, null, null, null, null, access, null, null, null, null); // login debug("logging in as: username=" + username + " password=" + password); m.login(username, password); updateDocumentId(newdocid + ".14", testdocument, SUCCESS, false); debug("logging out"); m.logout(); // login as another user debug("logging in as: anotheruser=" + anotheruser + " anotherpassword=" + anotherpassword); m.login(anotheruser, anotherpassword); // fails to read this document readDocumentIdWhichEqualsDoc(newdocid + ".14", testdocument, FAILURE, true); // fails to update this document updateDocumentId(newdocid + ".15", testdocument, FAILURE, true); // fails to update access part testdocument = getTestEmlDoc( "Testing user can not read, write and delete a document", emlVersion, null, null, null, null, getAccessBlock(anotheruser, true, true, false, false, false), null, null, null, null); updateDocumentId(newdocid + ".16", testdocument, FAILURE, true); // fails to delete the document deleteDocumentId(newdocid + ".15", FAILURE, true); // logout debug("logging out"); m.logout(); // ====8 inserts a document with access rules (denyFirst) - allow // ALL rule for another user, // deny ALL rule for a group // (cn=knb-usr,o=nceas,dc=ecoinformatics,dc=org and the other user // is in this group) accessRule1 = generateOneAccessRule(anotheruser, true, true, true, true, true); accessRule2 = generateOneAccessRule( "cn=knb-usr,o=nceas,dc=ecoinformatics,dc=org", false, true, true, true, true); accessRules = new Vector(); accessRules.add(accessRule1); accessRules.add(accessRule2); access = getAccessBlock(accessRules, DENYFIRST); debug("Test 8: the access part is " + access); testdocument = getTestEmlDoc( "Testing user can not read, write and delete a document", emlVersion, null, null, null, null, access, null, null, null, null); // login debug("logging in as: username=" + username + " password=" + password); m.login(username, password); updateDocumentId(newdocid + ".16", testdocument, SUCCESS, false); debug("logging out"); m.logout(); // login as another user debug("logging in as: anotheruser=" + anotheruser + " anotherpassword=" + anotherpassword); m.login(anotheruser, anotherpassword); // fails to read this document readDocumentIdWhichEqualsDoc(newdocid + ".16", testdocument, FAILURE, true); // fails to update this document updateDocumentId(newdocid + ".17", testdocument, FAILURE, true); // fails to update access part testdocument = getTestEmlDoc( "Testing user can not read, write and delete a document", emlVersion, null, null, null, null, getAccessBlock(anotheruser, true, true, true, true, true), null, null, null, null); updateDocumentId(newdocid + ".18", testdocument, FAILURE, true); // fails to delete the document deleteDocumentId(newdocid + ".18", FAILURE, true); // logout debug("logging out"); m.logout(); newdocid = generateDocumentId(); // ====9 The user updates this documents with access rules // (denyFirst) - allow READ and WRITE // rule for another user, deny WRITE rule for a group // (cn=knb-usr,o=nceas,dc=ecoinformatics,dc=org // and another user is in this group). accessRule1 = generateOneAccessRule(anotheruser, true, true, true, false, false); accessRule2 = generateOneAccessRule( "cn=knb-usr,o=nceas,dc=ecoinformatics,dc=org", false, false, true, false, false); accessRules = new Vector(); accessRules.add(accessRule1); accessRules.add(accessRule2); access = getAccessBlock(accessRules, DENYFIRST); debug("Test 9: the access part is " + access); testdocument = getTestEmlDoc( "Testing user can not read, write and delete a document", emlVersion, null, null, null, null, access, null, null, null, null); // login debug("logging in as: username=" + username + " password=" + password); m.login(username, password); insertDocumentId(newdocid + ".1", testdocument, SUCCESS, false); debug("logging out"); m.logout(); // login as another user debug("logging in as: anotheruser=" + anotheruser + " anotherpassword=" + anotherpassword); m.login(anotheruser, anotherpassword); // fails to read this document readDocumentIdWhichEqualsDoc(newdocid + ".1", testdocument, FAILURE, true); // fails to update this document updateDocumentId(newdocid + ".20", testdocument, FAILURE, true); // fails to update access part testdocument = getTestEmlDoc( "Testing user can not read, write and delete a document", emlVersion, null, null, null, null, getAccessBlock(anotheruser, true, true, false, false, false), null, null, null, null); updateDocumentId(newdocid + ".21", testdocument, FAILURE, true); // fails to delete the document deleteDocumentId(newdocid + ".20", FAILURE, true); // logout debug("logging out"); m.logout(); // ====10. The user updates this documents with access rules // (denyFirst) - allow READ and WRITE // rule for another user, deny READ rule for a // group(cn=knb-usr,o=nceas,dc=ecoinformatics,dc=org and // another user is in this group). accessRule1 = generateOneAccessRule(anotheruser, true, true, true, false, false); accessRule2 = generateOneAccessRule( "cn=knb-usr,o=nceas,dc=ecoinformatics,dc=org", false, true, false, false, false); accessRules = new Vector(); accessRules.add(accessRule1); accessRules.add(accessRule2); access = getAccessBlock(accessRules, DENYFIRST); debug("Test 10: the access part is " + access); testdocument = getTestEmlDoc( "Testing user can not read, write and delete a document", emlVersion, null, null, null, null, access, null, null, null, null); // login debug("logging in as: username=" + username + " password=" + password); m.login(username, password); updateDocumentId(newdocid + ".21", testdocument, SUCCESS, false); debug("logging out"); m.logout(); // login as another user debug("logging in as: anotheruser=" + anotheruser + " anotherpassword=" + anotherpassword); m.login(anotheruser, anotherpassword); // fails to read this document readDocumentIdWhichEqualsDoc(newdocid + ".21", testdocument, FAILURE, true); // fails to update this document updateDocumentId(newdocid + ".22", testdocument, FAILURE, true); // fails to update access part testdocument = getTestEmlDoc( "Testing user can not read, write and delete a document", emlVersion, null, null, null, null, getAccessBlock(anotheruser, true, true, false, false, false), null, null, null, null); updateDocumentId(newdocid + ".23", testdocument, FAILURE, true); // fails to delete the document deleteDocumentId(newdocid + ".22", FAILURE, true); // logout debug("logging out"); m.logout(); } catch (MetacatAuthException mae) { fail("Authorization failed:\n" + mae.getMessage()); } catch (MetacatInaccessibleException mie) { fail("Metacat Inaccessible:\n" + mie.getMessage()); } catch (Exception e) { fail("General exception:\n" + e.getMessage()); } } /** * NOTE: as of Metacat 2.0.0, denyFirst permOrder is not supported. * Access rules with denyFirst are ignored and only the document owner * has access to the object (default). * * Tests Tests a version 2.1.0 EML document when permission order is * denyFirst, the combination of allow and deny rules affect user to read, * update and delete a document. Here are test cases * * 1. A user inserts a document with access rules (denyFirst) - allow READ * rule for another user, deny READ rule for public. Another user reads this * document - success. Another user updates this document(except access part) * - failure. Another user updates this document(access part) -failure Another * user deletes this document - failure * * 2. The user updates this documents with access rules (denyFirst) - allow * READ and WRITE rule for another user, deny READ and WRITE rule for public. * Another user reads this document - success. Another user updates this * document(except access part) - success. Another user updates this * document(access part) -failure. Another user deletes this document - failure. * * 3. The user updates this documents with access rules (denyFirst) - allow * ALL rule for another user, deny ALL rule for public. Another user reads * this document - success. Another user updates this document(except access part) * - success. Another user updates this document(access part) - success. Another * user deletes this document - success. * * 4. The user updates this documents with access rules (denyFirst) - * allow READ and WRITE rule for another user, deny WRITE rule for public. * Another user reads this document - success. Another user updates this * document(except access part) - success. Another user updates this * document(access part) -failure. Another user deletes this document - * failure. * * 5. The user updates this documents with access rules (denyFirst) - * allow READ and WRITE rule for another user, deny READ rule for public. * Another user reads this document - success. Another user updates this * document(except access part) - success. Another user updates this * document(access part) - failure. Another user deletes this document - * failure. * * 6. The user updates this documents with access rules (denyFirst) - * allow READ rule for another user, deny READ rule for a group (which * another user is in the group). Another user reads this document - success. * Another user updates this document(except access part) - failure. Another * user updates this document(access part) -failure. Another user deletes * this document - failure. * * 7. The user updates this documents with access rules (denyFirst) - allow * READ and WRITE rule for another user, deny READ and WRITE rule for a * group (which another user is in the group). Another user reads this document * - success. Another user updates this document(except access part) - success. * Another user updates this document(access part) -failure. Another user deletes * this document - failure. * * 8. The user updates this documents with access rules (denyFirst) - * allow ALL rule for another user, deny ALL rule for a group (which another * user is in the group). Another user reads this document - success. Another * user updates this document(except access part) - success. Another user * updates this document(access part) - success. Another user deletes this * document - success. * * 9. The user updates this documents with access rules (denyFirst) - allow * READ and WRITE rule for another user, deny WRITE rule for a group (which * another user is in the group). Another user reads this document - success. * Another user updates this document(except access part) - success. Another * user updates this document(access part) - failure. Another user deletes * this document - failure. * * 10. The user updates this documents with access rules (denyFirst) - allow * READ and WRITE rule for another user, deny READ rule for a group (which * another user is in the group). Another user reads this document - success. * Another user updates this document(except access part) - success. Another * user updates this document(access part) -failure. Another user deletes * this document - failure. */ public void test210DenyFirst() { debug("\nRunning: test210DenyFirstIgnore()"); String emlVersion = EML2_1_0; try { newdocid = generateDocumentId(); // ====1 inserts a document with access rules (denyFirst) - allow // READ rule for another user, // deny READ rule for public. String accessRule1 = generateOneAccessRule(anotheruser, true, true, false, false, false); String accessRule2 = generateOneAccessRule("public", false, true, false, false, false); Vector accessRules = new Vector(); accessRules.add(accessRule1); accessRules.add(accessRule2); String access = getAccessBlock(accessRules, DENYFIRST); debug("Test 1: the access part is " + access); testdocument = getTestEmlDoc( "Testing user can not read, write and delete a document", emlVersion, null, null, null, null, access, null, null, null, null); // login debug("logging in as: username=" + username + " password=" + password); m.login(username, password); insertDocumentId(newdocid + ".1", testdocument, SUCCESS, false); debug("logging out"); m.logout(); // login as another user debug("logging in as: anotheruser=" + anotheruser + " anotherpassword=" + anotherpassword); m.login(anotheruser, anotherpassword); // fails to read this document readDocumentIdWhichEqualsDoc(newdocid + ".1", testdocument, FAILURE, true); // fails to update this document updateDocumentId(newdocid + ".2", testdocument, FAILURE, true); // fails to update access part testdocument = getTestEmlDoc( "Testing user can not read, write and delete a document", emlVersion, null, null, null, null, getAccessBlock(anotheruser, true, true, false, false, false), null, null, null, null); updateDocumentId(newdocid + ".2", testdocument, FAILURE, true); // fails to delete the document deleteDocumentId(newdocid + ".1", FAILURE, true); // logout debug("logging out"); m.logout(); // ====2 inserts a document with access rules (denyFirst) - allow // READ and WRITE rule for another user, // deny READ and WRITE rule for public. accessRule1 = generateOneAccessRule(anotheruser, true, true, true, false, false); accessRule2 = generateOneAccessRule("public", false, true, true, false, false); accessRules = new Vector(); accessRules.add(accessRule1); accessRules.add(accessRule2); access = getAccessBlock(accessRules, DENYFIRST); debug("Test 2: the access part is " + access); testdocument = getTestEmlDoc( "Testing user can not read, write and delete a document", emlVersion, null, null, null, null, access, null, null, null, null); // login debug("logging in as: username=" + username + " password=" + password); m.login(username, password); updateDocumentId(newdocid + ".2", testdocument, SUCCESS, false); debug("logging out"); m.logout(); // login as another user debug("logging in as: anotheruser=" + anotheruser + " anotherpassword=" + anotherpassword); m.login(anotheruser, anotherpassword); // fails to read this document readDocumentIdWhichEqualsDoc(newdocid + ".2", testdocument, FAILURE, true); // fails to update this document updateDocumentId(newdocid + ".3", testdocument, FAILURE, true); // fails to update access part testdocument = getTestEmlDoc( "Testing user can not read, write and delete a document", emlVersion, null, null, null, null, getAccessBlock(anotheruser, true, true, false, false, false), null, null, null, null); updateDocumentId(newdocid + ".4", testdocument, FAILURE, true); // fails to delete the document deleteDocumentId(newdocid + ".3", FAILURE, true); // logout debug("logging out"); m.logout(); // ====3 inserts a document with access rules (denyFirst) - allow // ALL rule for another user, // deny ALL rule for public. accessRule1 = generateOneAccessRule(anotheruser, true, true, true, true, true); accessRule2 = generateOneAccessRule("public", false, true, true, true, true); accessRules = new Vector(); accessRules.add(accessRule1); accessRules.add(accessRule2); access = getAccessBlock(accessRules, DENYFIRST); debug("Test 3: the access part is " + access); testdocument = getTestEmlDoc( "Testing user can not read, write and delete a document", emlVersion, null, null, null, null, access, null, null, null, null); // login debug("logging in as: username=" + username + " password=" + password); m.login(username, password); updateDocumentId(newdocid + ".4", testdocument, SUCCESS, false); debug("logging out"); m.logout(); // login as another user debug("logging in as: anotheruser=" + anotheruser + " anotherpassword=" + anotherpassword); m.login(anotheruser, anotherpassword); // fails to read this document readDocumentIdWhichEqualsDoc(newdocid + ".4", testdocument, FAILURE, true); // fails to update this document updateDocumentId(newdocid + ".5", testdocument, FAILURE, true); // fails to update access part testdocument = getTestEmlDoc( "Testing user can not read, write and delete a document", emlVersion, null, null, null, null, getAccessBlock(anotheruser, true, true, true, true, true), null, null, null, null); updateDocumentId(newdocid + ".6", testdocument, FAILURE, true); // fails to delete the document deleteDocumentId(newdocid + ".6", FAILURE, true); // logout debug("logging out"); m.logout(); newdocid = generateDocumentId(); // ====4 The user updates this documents with access rules // (denyFirst) - allow READ and WRITE // rule for another user, deny WRITE rule for public. accessRule1 = generateOneAccessRule(anotheruser, true, true, true, false, false); accessRule2 = generateOneAccessRule("public", false, false, true, false, false); accessRules = new Vector(); accessRules.add(accessRule1); accessRules.add(accessRule2); access = getAccessBlock(accessRules, DENYFIRST); debug("Test 4: the access part is " + access); testdocument = getTestEmlDoc( "Testing user can not read, write and delete a document", emlVersion, null, null, null, null, access, null, null, null, null); // login debug("logging in as: username=" + username + " password=" + password); m.login(username, password); insertDocumentId(newdocid + ".1", testdocument, SUCCESS, false); debug("logging out"); m.logout(); // login as another user debug("logging in as: anotheruser=" + anotheruser + " anotherpassword=" + anotherpassword); m.login(anotheruser, anotherpassword); // fails to read this document readDocumentIdWhichEqualsDoc(newdocid + ".1", testdocument, FAILURE, true); // fails to update this document updateDocumentId(newdocid + ".2", testdocument, FAILURE, true); // fails to update access part testdocument = getTestEmlDoc( "Testing user can not read, write and delete a document", emlVersion, null, null, null, null, getAccessBlock(anotheruser, true, true, false, false, false), null, null, null, null); updateDocumentId(newdocid + ".3", testdocument, FAILURE, true); // fails to delete the document deleteDocumentId(newdocid + ".2", FAILURE, true); // logout debug("logging out"); m.logout(); // ====5. The user updates this documents with access rules // (allowFirst) - allow READ and WRITE // rule for another user, deny READ rule for public. accessRule1 = generateOneAccessRule(anotheruser, true, true, true, false, false); accessRule2 = generateOneAccessRule("public", false, true, false, false, false); accessRules = new Vector(); accessRules.add(accessRule1); accessRules.add(accessRule2); access = getAccessBlock(accessRules, DENYFIRST); debug("Test 5: the access part is " + access); testdocument = getTestEmlDoc( "Testing user can not read, write and delete a document", emlVersion, null, null, null, null, access, null, null, null, null); // login debug("logging in as: username=" + username + " password=" + password); m.login(username, password); updateDocumentId(newdocid + ".10", testdocument, SUCCESS, false); debug("logging out"); m.logout(); // login as another user debug("logging in as: anotheruser=" + anotheruser + " anotherpassword=" + anotherpassword); m.login(anotheruser, anotherpassword); // fails to read this document readDocumentIdWhichEqualsDoc(newdocid + ".10", testdocument, FAILURE, true); // fails to update this document updateDocumentId(newdocid + ".11", testdocument, FAILURE, true); // fails to update access part testdocument = getTestEmlDoc( "Testing user can not read, write and delete a document", emlVersion, null, null, null, null, getAccessBlock(anotheruser, true, true, false, false, false), null, null, null, null); updateDocumentId(newdocid + ".12", testdocument, FAILURE, true); // fails to delete the document deleteDocumentId(newdocid + ".12", FAILURE, true); // logout debug("logging out"); m.logout(); // ====6 inserts a document with access rules (denyFirst) - allow // READ rule for another user, // deny READ rule for a group // (cn=knb-usr,o=nceas,dc=ecoinformatics,dc=org and another user is // in this group). accessRule1 = generateOneAccessRule(anotheruser, true, true, false, false, false); accessRule2 = generateOneAccessRule( "cn=knb-usr,o=nceas,dc=ecoinformatics,dc=org", false, true, false, false, false); accessRules = new Vector(); accessRules.add(accessRule1); accessRules.add(accessRule2); access = getAccessBlock(accessRules, DENYFIRST); debug("Test 6: the access part is " + access); testdocument = getTestEmlDoc( "Testing user can not read, write and delete a document", emlVersion, null, null, null, null, access, null, null, null, null); // login debug("logging in as: username=" + username + " password=" + password); m.login(username, password); updateDocumentId(newdocid + ".13", testdocument, SUCCESS, false); debug("logging out"); m.logout(); // login as another user debug("logging in as: anotheruser=" + anotheruser + " anotherpassword=" + anotherpassword); m.login(anotheruser, anotherpassword); // fails to read this document readDocumentIdWhichEqualsDoc(newdocid + ".13", testdocument, FAILURE, true); // fails to update this document updateDocumentId(newdocid + ".14", testdocument, FAILURE, true); // fails to update access part testdocument = getTestEmlDoc( "Testing user can not read, write and delete a document", emlVersion, null, null, null, null, getAccessBlock(anotheruser, true, true, false, false, false), null, null, null, null); updateDocumentId(newdocid + ".14", testdocument, FAILURE, true); // fails to delete the document deleteDocumentId(newdocid + ".13", FAILURE, true); // logout debug("logging out"); m.logout(); // ====7 inserts a document with access rules (allowFirst) - allow // READ and WRITE rule for another // user, deny READ and WRITE rule for a group // (cn=knb-usr,o=nceas,dc=ecoinformatics,dc=org and // the other user is in this group) accessRule1 = generateOneAccessRule(anotheruser, true, true, true, false, false); accessRule2 = generateOneAccessRule( "cn=knb-usr,o=nceas,dc=ecoinformatics,dc=org", false, true, true, false, false); accessRules = new Vector(); accessRules.add(accessRule1); accessRules.add(accessRule2); access = getAccessBlock(accessRules, DENYFIRST); debug("Test 7: the access part is " + access); testdocument = getTestEmlDoc( "Testing user can not read, write and delete a document", emlVersion, null, null, null, null, access, null, null, null, null); // login debug("logging in as: username=" + username + " password=" + password); m.login(username, password); updateDocumentId(newdocid + ".14", testdocument, SUCCESS, false); debug("logging out"); m.logout(); // login as another user debug("logging in as: anotheruser=" + anotheruser + " anotherpassword=" + anotherpassword); m.login(anotheruser, anotherpassword); // fails to read this document readDocumentIdWhichEqualsDoc(newdocid + ".14", testdocument, FAILURE, true); // fails to update this document updateDocumentId(newdocid + ".15", testdocument, FAILURE, true); // fails to update access part testdocument = getTestEmlDoc( "Testing user can not read, write and delete a document", emlVersion, null, null, null, null, getAccessBlock(anotheruser, true, true, false, false, false), null, null, null, null); updateDocumentId(newdocid + ".16", testdocument, FAILURE, true); // fails to delete the document deleteDocumentId(newdocid + ".15", FAILURE, true); // logout debug("logging out"); m.logout(); // ====8 inserts a document with access rules (denyFirst) - allow // ALL rule for another user, // deny ALL rule for a group // (cn=knb-usr,o=nceas,dc=ecoinformatics,dc=org and the other user // is in this group) accessRule1 = generateOneAccessRule(anotheruser, true, true, true, true, true); accessRule2 = generateOneAccessRule( "cn=knb-usr,o=nceas,dc=ecoinformatics,dc=org", false, true, true, true, true); accessRules = new Vector(); accessRules.add(accessRule1); accessRules.add(accessRule2); access = getAccessBlock(accessRules, DENYFIRST); debug("Test 8: the access part is " + access); testdocument = getTestEmlDoc( "Testing user can not read, write and delete a document", emlVersion, null, null, null, null, access, null, null, null, null); // login debug("logging in as: username=" + username + " password=" + password); m.login(username, password); updateDocumentId(newdocid + ".16", testdocument, SUCCESS, false); debug("logging out"); m.logout(); // login as another user debug("logging in as: anotheruser=" + anotheruser + " anotherpassword=" + anotherpassword); m.login(anotheruser, anotherpassword); // fails to read this document readDocumentIdWhichEqualsDoc(newdocid + ".16", testdocument, FAILURE, true); // fails to update this document updateDocumentId(newdocid + ".17", testdocument, FAILURE, true); // fails to update access part testdocument = getTestEmlDoc( "Testing user can not read, write and delete a document", emlVersion, null, null, null, null, getAccessBlock(anotheruser, true, true, true, true, true), null, null, null, null); updateDocumentId(newdocid + ".18", testdocument, FAILURE, true); // fails to delete the document deleteDocumentId(newdocid + ".18", FAILURE, true); // logout debug("logging out"); m.logout(); newdocid = generateDocumentId(); // ====9 The user updates this documents with access rules // (denyFirst) - allow READ and WRITE // rule for another user, deny WRITE rule for a group // (cn=knb-usr,o=nceas,dc=ecoinformatics,dc=org // and another user is in this group). accessRule1 = generateOneAccessRule(anotheruser, true, true, true, false, false); accessRule2 = generateOneAccessRule( "cn=knb-usr,o=nceas,dc=ecoinformatics,dc=org", false, false, true, false, false); accessRules = new Vector(); accessRules.add(accessRule1); accessRules.add(accessRule2); access = getAccessBlock(accessRules, DENYFIRST); debug("Test 9: the access part is " + access); testdocument = getTestEmlDoc( "Testing user can not read, write and delete a document", emlVersion, null, null, null, null, access, null, null, null, null); // login debug("logging in as: username=" + username + " password=" + password); m.login(username, password); insertDocumentId(newdocid + ".1", testdocument, SUCCESS, false); debug("logging out"); m.logout(); // login as another user debug("logging in as: anotheruser=" + anotheruser + " anotherpassword=" + anotherpassword); m.login(anotheruser, anotherpassword); // fails to read this document readDocumentIdWhichEqualsDoc(newdocid + ".1", testdocument, FAILURE, true); // fails to update this document updateDocumentId(newdocid + ".20", testdocument, FAILURE, true); // fails to update access part testdocument = getTestEmlDoc( "Testing user can not read, write and delete a document", emlVersion, null, null, null, null, getAccessBlock(anotheruser, true, true, false, false, false), null, null, null, null); updateDocumentId(newdocid + ".21", testdocument, FAILURE, true); // fails to delete the document deleteDocumentId(newdocid + ".20", FAILURE, true); // logout debug("logging out"); m.logout(); // ====10. The user updates this documents with access rules // (denyFirst) - allow READ and WRITE // rule for another user, deny READ rule for a // group(cn=knb-usr,o=nceas,dc=ecoinformatics,dc=org and // another user is in this group). accessRule1 = generateOneAccessRule(anotheruser, true, true, true, false, false); accessRule2 = generateOneAccessRule( "cn=knb-usr,o=nceas,dc=ecoinformatics,dc=org", false, true, false, false, false); accessRules = new Vector(); accessRules.add(accessRule1); accessRules.add(accessRule2); access = getAccessBlock(accessRules, DENYFIRST); debug("Test 10: the access part is " + access); testdocument = getTestEmlDoc( "Testing user can not read, write and delete a document", emlVersion, null, null, null, null, access, null, null, null, null); // login debug("logging in as: username=" + username + " password=" + password); m.login(username, password); updateDocumentId(newdocid + ".21", testdocument, SUCCESS, false); debug("logging out"); m.logout(); // login as another user debug("logging in as: anotheruser=" + anotheruser + " anotherpassword=" + anotherpassword); m.login(anotheruser, anotherpassword); // fails to read this document readDocumentIdWhichEqualsDoc(newdocid + ".21", testdocument, FAILURE, true); // fails to update this document updateDocumentId(newdocid + ".22", testdocument, FAILURE, true); // fails to update access part testdocument = getTestEmlDoc( "Testing user can not read, write and delete a document", emlVersion, null, null, null, null, getAccessBlock(anotheruser, true, true, false, false, false), null, null, null, null); updateDocumentId(newdocid + ".23", testdocument, FAILURE, true); // fails to delete the document deleteDocumentId(newdocid + ".22", FAILURE, true); // logout debug("logging out"); m.logout(); } catch (MetacatAuthException mae) { fail("Authorization failed:\n" + mae.getMessage()); } catch (MetacatInaccessibleException mie) { fail("Metacat Inaccessible:\n" + mie.getMessage()); } catch (Exception e) { fail("General exception:\n" + e.getMessage()); } } /*************************************************************************** * Test the case when no access is specified and owner is logged in No * online or inline data is involved * * 1) a user inserts a document and is able to read it, update it, set * permissions on it and delete it. * * 2) another user is not able to do anything with the document when no access * is specified for that user -> test what all the other user can do when * read only, write only and change permissions only permissions are * specified * */ public void document201Test() { try { debug("\ndocument201Test() : Starting"); String emlVersion = EML2_0_1; newdocid = generateDocumentId(); // login debug("logging in as: username=" + username + " password=" + password); m.login(username, password); // insert a 2.0.0 document testdocument = testEml_200_Header + "submitting eml200" + testEmlCreatorBlock + testEmlContactBlock + ""; insertDocumentId(newdocid + ".1", testdocument, SUCCESS, false); // read the document readDocumentIdWhichEqualsDoc(newdocid, testdocument, SUCCESS, false); // update it with 2.0.1 document testdocument = getTestEmlDoc("Updating eml200 with eml201", emlVersion, null, null, null, null, null, null, null, null, null); updateDocumentId(newdocid + ".2", testdocument, SUCCESS, false); readDocumentIdWhichEqualsDoc(newdocid, testdocument, SUCCESS, false); debug("logging out"); m.logout(); newdocid = generateDocumentId(); // login debug("logging in as: username=" + username + " password=" + password); m.login(username, password); // insert a document testdocument = getTestEmlDoc("Testing insert", emlVersion, null, null, null, null, null, null, null, null, null); insertDocumentId(newdocid + ".1", testdocument, SUCCESS, false); // read the document readDocumentIdWhichEqualsDoc(newdocid, testdocument, SUCCESS, false); // update the document testdocument = getTestEmlDoc("Testing update", emlVersion, null, null, null, null, null, null, null, null, null); Thread.sleep(10000); updateDocumentId(newdocid + ".2", testdocument, SUCCESS, false); readDocumentIdWhichEqualsDoc(newdocid, testdocument, SUCCESS, false); // /////////////////////////// // check what the another user can do debug("logging out"); m.logout(); debug("logging in as: anotheruser=" + anotheruser + " anotherpassword=" + anotherpassword); m.login(anotheruser, anotherpassword); // check if the user mentioned is able to read/update/delete the // document readDocumentIdWhichEqualsDoc(newdocid + ".2", testdocument, FAILURE, true); updateDocumentId(newdocid + ".3", testdocument, FAILURE, true); deleteDocumentId(newdocid + ".2", FAILURE, true); // /////////////////////////// // update the document access control - read only debug("logging out"); m.logout(); debug("logging in as: username=" + username + " password=" + password); m.login(username, password); testdocument = getTestEmlDoc("Testing update access block", emlVersion, null, null, null, null, getAccessBlock(anotheruser, true, true, false, false, false), null, null, null, null); updateDocumentId(newdocid + ".3", testdocument, SUCCESS, false); readDocumentIdWhichEqualsDoc(newdocid + ".3", testdocument, SUCCESS, false); // check if the user mentioned is able to read the document debug("logging out"); m.logout(); debug("logging in as: anotheruser=" + anotheruser + " anotherpassword=" + anotherpassword); m.login(anotheruser, anotherpassword); debug(testdocument); readDocumentIdWhichEqualsDoc(newdocid + ".3", testdocument, SUCCESS, false); // should not be able to update the document testdocument = getTestEmlDoc("Testing update from another user", emlVersion, null, null, null, null, getAccessBlock(anotheruser, true, true, false, false, false), null, null, null, null); updateDocumentId(newdocid + ".4", testdocument, FAILURE, true); // or the permissions testdocument = getTestEmlDoc("Testing update access block", emlVersion, null, null, null, null, getAccessBlock(anotheruser, true, false, false, false, true), null, null, null, null); updateDocumentId(newdocid + ".4", testdocument, FAILURE, true); // or delete the document deleteDocumentId(newdocid + ".3", FAILURE, true); debug("logging out"); m.logout(); debug("logging in as: username=" + username + " password=" + password); m.login(username, password); // ///////////////////////////////// // update the document access control - write only testdocument = getTestEmlDoc("Testing update access block", emlVersion, null, null, null, null, getAccessBlock(anotheruser, true, false, true, false, false), null, null, null, null); updateDocumentId(newdocid + ".4", testdocument, SUCCESS, false); readDocumentIdWhichEqualsDoc(newdocid + ".4", testdocument, SUCCESS, false); // System.out.println(testdocument); // check if the user mentioned is able to read the document debug("logging out"); m.logout(); debug("logging in as: anotheruser=" + anotheruser + " anotherpassword=" + anotherpassword); m.login(anotheruser, anotherpassword); readDocumentIdWhichEqualsDoc(newdocid + ".4", testdocument, FAILURE, true); // should be able to update the document // System.out.println(testdocument); updateDocumentId(newdocid + ".5", testdocument, SUCCESS, false); // but not the permissions testdocument = getTestEmlDoc("Testing update access block", emlVersion, null, null, null, null, getAccessBlock(anotheruser, true, false, true, false, true), null, null, null, null); updateDocumentId(newdocid + ".6", testdocument, FAILURE, true); // try to delete the document deleteDocumentId(newdocid + ".5", FAILURE, true); // deleteDocumentId(newdocid + ".4", FAILURE, true); debug("logging out"); m.logout(); debug("logging in as: username=" + username + " password=" + password); m.login(username, password); // /////////////////////////////// // update the document access control - change permissions only testdocument = getTestEmlDoc("Testing update access block", emlVersion, null, null, null, null, getAccessBlock(anotheruser, true, false, false, true, false), null, null, null, null); updateDocumentId(newdocid + ".6", testdocument, SUCCESS, false); readDocumentIdWhichEqualsDoc(newdocid + ".6", testdocument, SUCCESS, false); // check if the user mentioned is able to read the document debug("logging out"); m.logout(); debug("logging in as: anotheruser=" + anotheruser + " anotherpassword=" + anotherpassword); m.login(anotheruser, anotherpassword); readDocumentIdWhichEqualsDoc(newdocid + ".6", testdocument, SUCCESS, false); // should also be able to update the document testdocument = getTestEmlDoc("Testing update from another user", emlVersion, null, null, null, null, getAccessBlock(anotheruser, true, false, false, true, false), null, null, null, null); updateDocumentId(newdocid + ".7", testdocument, SUCCESS, false); // and can chg the permissions testdocument = getTestEmlDoc("Testing update access block", emlVersion, null, null, null, null, getAccessBlock(anotheruser, true, false, false, false, true), null, null, null, null); // ERRRRRRRROR // updateDocumentId(newdocid + ".7", testdocument, SUCCESS, false); // try to delete the document // deleteDocumentId(newdocid + ".7", FAILURE, true); //deleteDocumentId(newdocid + ".7", SUCCESS, false); debug("logging out"); m.logout(); debug("logging in as: username=" + username + " password=" + password); m.login(username, password); // /////////////////////////////// // update the document access control - read & write testdocument = getTestEmlDoc("Testing update access block", emlVersion, null, null, null, null, getAccessBlock(anotheruser, true, true, true, false, false), null, null, null, null); updateDocumentId(newdocid + ".8", testdocument, SUCCESS, false); readDocumentIdWhichEqualsDoc(newdocid + ".8", testdocument, SUCCESS, false); // check if the user mentioned is able to read the document debug("logging out"); m.logout(); debug("logging in as: anotheruser=" + anotheruser + " anotherpassword=" + anotherpassword); m.login(anotheruser, anotherpassword); readDocumentIdWhichEqualsDoc(newdocid + ".8", testdocument, SUCCESS, false); // should be able to update the document updateDocumentId(newdocid + ".9", testdocument, SUCCESS, false); // but cant chg the permissions testdocument = getTestEmlDoc("Testing update access block", emlVersion, null, null, null, null, getAccessBlock(anotheruser, true, false, false, false, true), null, null, null, null); updateDocumentId(newdocid + ".10", testdocument, FAILURE, true); // try to delete the document deleteDocumentId(newdocid + ".9", FAILURE, true); debug("logging out"); m.logout(); debug("logging in as: username=" + username + " password=" + password); m.login(username, password); // /////////////////////////////// // update the document access control - read & change permissions testdocument = getTestEmlDoc("Testing update access block", emlVersion, null, null, null, null, getAccessBlock(anotheruser, true, true, false, true, false), null, null, null, null); updateDocumentId(newdocid + ".10", testdocument, SUCCESS, false); readDocumentIdWhichEqualsDoc(newdocid + ".10", testdocument, SUCCESS, false); // check if the user mentioned is able to read the document debug("logging out"); m.logout(); debug("logging in as: anotheruser=" + anotheruser + " anotherpassword=" + anotherpassword); m.login(anotheruser, anotherpassword); readDocumentIdWhichEqualsDoc(newdocid + ".10", testdocument, SUCCESS, false); // should also be able to update the document testdocument = getTestEmlDoc("Testing update from another user", emlVersion, null, null, null, null, getAccessBlock(anotheruser, true, false, false, true, false), null, null, null, null); updateDocumentId(newdocid + ".11", testdocument, SUCCESS, false); // and can chg the permissions testdocument = getTestEmlDoc("Testing update access block", emlVersion, null, null, null, null, getAccessBlock(anotheruser, true, false, false, false, true), null, null, null, null); // updateDocumentId(newdocid + ".11", testdocument, SUCCESS, false); // try to delete the document // deleteDocumentId(newdocid + ".11", FAILURE, true); //deleteDocumentId(newdocid + ".11", FAILURE, true); debug("logging out"); m.logout(); debug("logging in as: username=" + username + " password=" + password); m.login(username, password); // /////////////////////////////// // update the document access control - read & change permissions testdocument = getTestEmlDoc("Testing update access block", emlVersion, null, null, null, null, getAccessBlock(anotheruser, true, true, false, true, false), null, null, null, null); updateDocumentId(newdocid + ".12", testdocument, SUCCESS, false); readDocumentIdWhichEqualsDoc(newdocid + ".12", testdocument, SUCCESS, false); // check if the user mentioned is able to read the document debug("logging out"); m.logout(); debug("logging in as: anotheruser=" + anotheruser + " anotherpassword=" + anotherpassword); m.login(anotheruser, anotherpassword); readDocumentIdWhichEqualsDoc(newdocid + ".12", testdocument, SUCCESS, false); // should be able to update the document testdocument = getTestEmlDoc("Testing update from another user", emlVersion, null, null, null, null, getAccessBlock(anotheruser, true, false, false, true, false), null, null, null, null); updateDocumentId(newdocid + ".13", testdocument, SUCCESS, false); // and can chg the permissions testdocument = getTestEmlDoc("Testing update from another user", emlVersion, null, null, null, null, getAccessBlock(anotheruser, true, false, false, false, true), null, null, null, null); // ERRRRRRRRRRRRRRRR // updateDocumentId(newdocid + ".12", testdocument, SUCCESS, false); // try to delete the document // deleteDocumentId(newdocid + ".13", FAILURE, true); //deleteDocumentId(newdocid + ".13", SUCCESS, false); debug("logging out"); m.logout(); debug("logging in as: username=" + username + " password=" + password); m.login(username, password); // /////////////////////////////// // update the document access control - R, W, CP testdocument = getTestEmlDoc("Testing update access block", emlVersion, null, null, null, null, getAccessBlock(anotheruser, true, true, true, true, false), null, null, null, null); updateDocumentId(newdocid + ".14", testdocument, SUCCESS, false); readDocumentIdWhichEqualsDoc(newdocid + ".14", testdocument, SUCCESS, false); // check if the user mentioned is able to read the document debug("logging out"); m.logout(); debug("logging in as: anotheruser=" + anotheruser + " anotherpassword=" + anotherpassword); m.login(anotheruser, anotherpassword); readDocumentIdWhichEqualsDoc(newdocid + ".14", testdocument, SUCCESS, false); // should be able to update the document testdocument = getTestEmlDoc("Testing update from another user", emlVersion, null, null, null, null, getAccessBlock(anotheruser, true, false, false, false, true), null, null, null, null); updateDocumentId(newdocid + ".15", testdocument, SUCCESS, false); readDocumentIdWhichEqualsDoc(newdocid + ".15", testdocument, SUCCESS, false); // and can chg the permissions testdocument = getTestEmlDoc("Testing update from another user", emlVersion, null, null, null, null, getAccessBlock(anotheruser, true, true, false, false, false), null, null, null, null); updateDocumentId(newdocid + ".16", testdocument, SUCCESS, false); readDocumentIdWhichEqualsDoc(newdocid + ".16", testdocument, SUCCESS, false); // try to delete the document //deleteDocumentId(newdocid + ".16", FAILURE, true); debug("logging out"); m.logout(); debug("logging in as: username=" + username + " password=" + password); m.login(username, password); // /////////////////////////////// // update the document access control - all testdocument = getTestEmlDoc("Testing update access block", emlVersion, null, null, null, null, getAccessBlock(anotheruser, true, false, false, false, true), null, null, null, null); updateDocumentId(newdocid + ".17", testdocument, SUCCESS, false); readDocumentIdWhichEqualsDoc(newdocid + ".17", testdocument, SUCCESS, false); // check if the user mentioned is able to read the document debug("logging out"); m.logout(); debug("logging in as: anotheruser=" + anotheruser + " anotherpassword=" + anotherpassword); m.login(anotheruser, anotherpassword); readDocumentIdWhichEqualsDoc(newdocid + ".17", testdocument, SUCCESS, false); // should be able to update the document testdocument = getTestEmlDoc("Testing update from another user", emlVersion, null, null, null, null, getAccessBlock(anotheruser, true, false, false, false, true), null, null, null, null); updateDocumentId(newdocid + ".18", testdocument, SUCCESS, false); readDocumentIdWhichEqualsDoc(newdocid + ".18", testdocument, SUCCESS, false); // and can chg the permissions testdocument = getTestEmlDoc("Testing update from another user", emlVersion, null, null, null, null, getAccessBlock(anotheruser, true, true, false, false, false), null, null, null, null); updateDocumentId(newdocid + ".19", testdocument, SUCCESS, false); readDocumentIdWhichEqualsDoc(newdocid + ".19", testdocument, SUCCESS, false); // try to delete the document deleteDocumentId(newdocid + ".19", FAILURE, true); debug("logging out"); m.logout(); // delete the document debug("logging in as: username=" + username + " password=" + password); m.login(username, password); deleteDocumentId(newdocid + ".19", SUCCESS, false); debug("logging out"); m.logout(); } catch (MetacatAuthException mae) { fail("Authorization failed:\n" + mae.getMessage()); } catch (MetacatInaccessibleException mie) { fail("Metacat Inaccessible:\n" + mie.getMessage()); } catch (Exception e) { fail("General exception:\n" + e.getMessage()); } } /*************************************************************************** * Test the case when no access is specified and owner is logged in No * online or inline data is involved -> an user inserts a document and is * able to read it, update it, set permissions on it and delete it -> * another user is not able to do anything with the document when no access * is specified for that user -> test what all the other user can do when * read only, write only and change permissions only permissions are * specified * */ public void document210Test() { try { debug("\nRunning: document210Test()"); String emlVersion = EML2_1_0; newdocid = generateDocumentId(); // login debug("logging in as: username=" + username + " password=" + password); m.login(username, password); // insert a 2.0.0 document testdocument = testEml_200_Header + "submitting eml200" + testEmlCreatorBlock + testEmlContactBlock + ""; insertDocumentId(newdocid + ".1", testdocument, SUCCESS, false); // read the document readDocumentIdWhichEqualsDoc(newdocid, testdocument, SUCCESS, false); // update it with 2.0.1 document testdocument = getTestEmlDoc("Updating eml200 with eml201", EML2_0_1, null, null, null, null, null, null, null, null, null); updateDocumentId(newdocid + ".2", testdocument, SUCCESS, false); readDocumentIdWhichEqualsDoc(newdocid, testdocument, SUCCESS, false); // update it with 2.1.0 document testdocument = getTestEmlDoc("Updating eml201 with eml210", emlVersion, null, null, null, null, null, null, null, null, null); updateDocumentId(newdocid + ".3", testdocument, SUCCESS, false); readDocumentIdWhichEqualsDoc(newdocid, testdocument, SUCCESS, false); debug("logging out"); m.logout(); newdocid = generateDocumentId(); // login debug("logging in as: username=" + username + " password=" + password); m.login(username, password); // insert a document testdocument = getTestEmlDoc("Testing insert", emlVersion, null, null, null, null, null, null, null, null, null); insertDocumentId(newdocid + ".1", testdocument, SUCCESS, false); // read the document readDocumentIdWhichEqualsDoc(newdocid, testdocument, SUCCESS, false); // update the document testdocument = getTestEmlDoc("Testing update", emlVersion, null, null, null, null, null, null, null, null, null); Thread.sleep(10000); updateDocumentId(newdocid + ".2", testdocument, SUCCESS, false); readDocumentIdWhichEqualsDoc(newdocid, testdocument, SUCCESS, false); // /////////////////////////// // check what the another user can do debug("logging out"); m.logout(); debug("logging in as: anotheruser=" + anotheruser + " anotherpassword=" + anotherpassword); m.login(anotheruser, anotherpassword); // check if the user mentioned is able to read/update/delete the // document readDocumentIdWhichEqualsDoc(newdocid + ".2", testdocument, FAILURE, true); updateDocumentId(newdocid + ".3", testdocument, FAILURE, true); deleteDocumentId(newdocid + ".2", FAILURE, true); // /////////////////////////// // update the document access control - read only debug("logging out"); m.logout(); debug("logging in as: username=" + username + " password=" + password); m.login(username, password); testdocument = getTestEmlDoc("Testing update access block", emlVersion, null, null, null, null, getAccessBlock(anotheruser, true, true, false, false, false), null, null, null, null); updateDocumentId(newdocid + ".3", testdocument, SUCCESS, false); readDocumentIdWhichEqualsDoc(newdocid + ".3", testdocument, SUCCESS, false); // check if the user mentioned is able to read the document debug("logging out"); m.logout(); debug("logging in as: anotheruser=" + anotheruser + " anotherpassword=" + anotherpassword); m.login(anotheruser, anotherpassword); debug(testdocument); readDocumentIdWhichEqualsDoc(newdocid + ".3", testdocument, SUCCESS, false); // should not be able to update the document testdocument = getTestEmlDoc("Testing update from another user", emlVersion, null, null, null, null, getAccessBlock(anotheruser, true, true, false, false, false), null, null, null, null); updateDocumentId(newdocid + ".4", testdocument, FAILURE, true); // or the permissions testdocument = getTestEmlDoc("Testing update access block", emlVersion, null, null, null, null, getAccessBlock(anotheruser, true, false, false, false, true), null, null, null, null); updateDocumentId(newdocid + ".4", testdocument, FAILURE, true); // or delete the document deleteDocumentId(newdocid + ".3", FAILURE, true); debug("logging out"); m.logout(); debug("logging in as: username=" + username + " password=" + password); m.login(username, password); // ///////////////////////////////// // update the document access control - write only testdocument = getTestEmlDoc("Testing update access block", emlVersion, null, null, null, null, getAccessBlock(anotheruser, true, false, true, false, false), null, null, null, null); updateDocumentId(newdocid + ".4", testdocument, SUCCESS, false); readDocumentIdWhichEqualsDoc(newdocid + ".4", testdocument, SUCCESS, false); // System.out.println(testdocument); // check if the user mentioned is able to read the document debug("logging out"); m.logout(); debug("logging in as: anotheruser=" + anotheruser + " anotherpassword=" + anotherpassword); m.login(anotheruser, anotherpassword); readDocumentIdWhichEqualsDoc(newdocid + ".4", testdocument, FAILURE, true); // should be able to update the document // System.out.println(testdocument); updateDocumentId(newdocid + ".5", testdocument, SUCCESS, false); // but not the permissions testdocument = getTestEmlDoc("Testing update access block", emlVersion, null, null, null, null, getAccessBlock(anotheruser, true, false, true, false, true), null, null, null, null); updateDocumentId(newdocid + ".6", testdocument, FAILURE, true); // try to delete the document deleteDocumentId(newdocid + ".5", FAILURE, true); // deleteDocumentId(newdocid + ".4", FAILURE, true); debug("logging out"); m.logout(); debug("logging in as: username=" + username + " password=" + password); m.login(username, password); // /////////////////////////////// // update the document access control - change permissions only testdocument = getTestEmlDoc("Testing update access block", emlVersion, null, null, null, null, getAccessBlock(anotheruser, true, false, false, true, false), null, null, null, null); updateDocumentId(newdocid + ".6", testdocument, SUCCESS, false); readDocumentIdWhichEqualsDoc(newdocid + ".6", testdocument, SUCCESS, false); // check if the user mentioned is able to read the document debug("logging out"); m.logout(); debug("logging in as: anotheruser=" + anotheruser + " anotherpassword=" + anotherpassword); m.login(anotheruser, anotherpassword); readDocumentIdWhichEqualsDoc(newdocid + ".6", testdocument, SUCCESS, false); // should also be able to update the document testdocument = getTestEmlDoc("Testing update from another user", emlVersion, null, null, null, null, getAccessBlock(anotheruser, true, false, false, true, false), null, null, null, null); updateDocumentId(newdocid + ".7", testdocument, SUCCESS, false); // and can chg the permissions, of course testdocument = getTestEmlDoc("Testing update access block", emlVersion, null, null, null, null, getAccessBlock(anotheruser, true, false, false, false, true), null, null, null, null); // ERRRRRRRROR // updateDocumentId(newdocid + ".7", testdocument, SUCCESS, false); // we don't want to delete the document yet try to delete the document // deleteDocumentId(newdocid + ".7", FAILURE, true); //deleteDocumentId(newdocid + ".6", FAILURE, true); debug("logging out"); m.logout(); debug("logging in as: username=" + username + " password=" + password); m.login(username, password); // /////////////////////////////// // update the document access control - read & write testdocument = getTestEmlDoc("Testing update access block", emlVersion, null, null, null, null, getAccessBlock(anotheruser, true, true, true, false, false), null, null, null, null); updateDocumentId(newdocid + ".8", testdocument, SUCCESS, false); readDocumentIdWhichEqualsDoc(newdocid + ".8", testdocument, SUCCESS, false); // check if the user mentioned is able to read the document debug("logging out"); m.logout(); debug("logging in as: anotheruser=" + anotheruser + " anotherpassword=" + anotherpassword); m.login(anotheruser, anotherpassword); readDocumentIdWhichEqualsDoc(newdocid + ".8", testdocument, SUCCESS, false); // should be able to update the document updateDocumentId(newdocid + ".9", testdocument, SUCCESS, false); // but cant chg the permissions testdocument = getTestEmlDoc("Testing update access block", emlVersion, null, null, null, null, getAccessBlock(anotheruser, true, false, false, false, true), null, null, null, null); updateDocumentId(newdocid + ".10", testdocument, FAILURE, true); // try to delete the document deleteDocumentId(newdocid + ".9", FAILURE, true); debug("logging out"); m.logout(); debug("logging in as: username=" + username + " password=" + password); m.login(username, password); // /////////////////////////////// // update the document access control - read & change permissions testdocument = getTestEmlDoc("Testing update access block", emlVersion, null, null, null, null, getAccessBlock(anotheruser, true, true, false, true, false), null, null, null, null); updateDocumentId(newdocid + ".10", testdocument, SUCCESS, false); readDocumentIdWhichEqualsDoc(newdocid + ".10", testdocument, SUCCESS, false); // check if the user mentioned is able to read the document debug("logging out"); m.logout(); debug("logging in as: anotheruser=" + anotheruser + " anotherpassword=" + anotherpassword); m.login(anotheruser, anotherpassword); readDocumentIdWhichEqualsDoc(newdocid + ".10", testdocument, SUCCESS, false); // should also be able to update the document testdocument = getTestEmlDoc("Testing update from another user", emlVersion, null, null, null, null, getAccessBlock(anotheruser, true, false, false, true, false), null, null, null, null); updateDocumentId(newdocid + ".11", testdocument, SUCCESS, false); // and can chg the permissions testdocument = getTestEmlDoc("Testing update access block", emlVersion, null, null, null, null, getAccessBlock(anotheruser, true, false, false, false, true), null, null, null, null); // updateDocumentId(newdocid + ".12", testdocument, SUCCESS, false); // try to delete the document // deleteDocumentId(newdocid + ".12", FAILURE, true); //deleteDocumentId(newdocid + ".12", SUCCESS, false); debug("logging out"); m.logout(); debug("logging in as: username=" + username + " password=" + password); m.login(username, password); // /////////////////////////////// // update the document access control - read & change permissions testdocument = getTestEmlDoc("Testing update access block", emlVersion, null, null, null, null, getAccessBlock(anotheruser, true, true, false, true, false), null, null, null, null); updateDocumentId(newdocid + ".12", testdocument, SUCCESS, false); readDocumentIdWhichEqualsDoc(newdocid + ".12", testdocument, SUCCESS, false); // check if the user mentioned is able to read the document debug("logging out"); m.logout(); debug("logging in as: anotheruser=" + anotheruser + " anotherpassword=" + anotherpassword); m.login(anotheruser, anotherpassword); readDocumentIdWhichEqualsDoc(newdocid + ".12", testdocument, SUCCESS, false); // should also be able to update the document testdocument = getTestEmlDoc("Testing update from another user", emlVersion, null, null, null, null, getAccessBlock(anotheruser, true, false, false, true, false), null, null, null, null); updateDocumentId(newdocid + ".13", testdocument, SUCCESS, false); // and can chg the permissions testdocument = getTestEmlDoc("Testing update from another user", emlVersion, null, null, null, null, getAccessBlock(anotheruser, true, false, false, false, true), null, null, null, null); // updateDocumentId(newdocid + ".14", testdocument, SUCCESS, false); // try to delete the document // deleteDocumentId(newdocid + ".13", FAILURE, true); //deleteDocumentId(newdocid + ".14", SUCCESS, false); debug("logging out"); m.logout(); debug("logging in as: username=" + username + " password=" + password); m.login(username, password); // /////////////////////////////// // update the document access control - R, W, CP testdocument = getTestEmlDoc("Testing update access block", emlVersion, null, null, null, null, getAccessBlock(anotheruser, true, true, true, true, false), null, null, null, null); updateDocumentId(newdocid + ".15", testdocument, SUCCESS, false); readDocumentIdWhichEqualsDoc(newdocid + ".15", testdocument, SUCCESS, false); // check if the user mentioned is able to read the document debug("logging out"); m.logout(); debug("logging in as: anotheruser=" + anotheruser + " anotherpassword=" + anotherpassword); m.login(anotheruser, anotherpassword); readDocumentIdWhichEqualsDoc(newdocid + ".15", testdocument, SUCCESS, false); // should be able to update the document testdocument = getTestEmlDoc("Testing update from another user", emlVersion, null, null, null, null, getAccessBlock(anotheruser, true, false, false, false, true), null, null, null, null); updateDocumentId(newdocid + ".16", testdocument, SUCCESS, false); readDocumentIdWhichEqualsDoc(newdocid + ".16", testdocument, SUCCESS, false); // and can chg the permissions testdocument = getTestEmlDoc("Testing update from another user", emlVersion, null, null, null, null, getAccessBlock(anotheruser, true, true, false, false, false), null, null, null, null); updateDocumentId(newdocid + ".17", testdocument, SUCCESS, false); readDocumentIdWhichEqualsDoc(newdocid + ".17", testdocument, SUCCESS, false); // try to delete the document //deleteDocumentId(newdocid + ".17", SUCCESS, false); debug("logging out"); m.logout(); debug("logging in as: username=" + username + " password=" + password); m.login(username, password); // /////////////////////////////// // update the document access control - all testdocument = getTestEmlDoc("Testing update access block", emlVersion, null, null, null, null, getAccessBlock(anotheruser, true, false, false, false, true), null, null, null, null); updateDocumentId(newdocid + ".18", testdocument, SUCCESS, false); readDocumentIdWhichEqualsDoc(newdocid + ".18", testdocument, SUCCESS, false); // check if the user mentioned is able to read the document debug("logging out"); m.logout(); debug("logging in as: anotheruser=" + anotheruser + " anotherpassword=" + anotherpassword); m.login(anotheruser, anotherpassword); readDocumentIdWhichEqualsDoc(newdocid + ".18", testdocument, SUCCESS, false); // should be able to update the document testdocument = getTestEmlDoc("Testing update from another user", emlVersion, null, null, null, null, getAccessBlock(anotheruser, true, false, false, false, true), null, null, null, null); updateDocumentId(newdocid + ".19", testdocument, SUCCESS, false); readDocumentIdWhichEqualsDoc(newdocid + ".19", testdocument, SUCCESS, false); // and can chg the permissions testdocument = getTestEmlDoc("Testing update from another user", emlVersion, null, null, null, null, getAccessBlock(anotheruser, true, true, false, false, false), null, null, null, null); updateDocumentId(newdocid + ".20", testdocument, SUCCESS, false); readDocumentIdWhichEqualsDoc(newdocid + ".20", testdocument, SUCCESS, false); // try to delete the document deleteDocumentId(newdocid + ".20", FAILURE, true); debug("logging out"); m.logout(); // delete the document debug("logging in as: username=" + username + " password=" + password); m.login(username, password); deleteDocumentId(newdocid + ".20", SUCCESS, false); debug("logging out"); m.logout(); } catch (MetacatAuthException mae) { fail("Authorization failed:\n" + mae.getMessage()); } catch (MetacatInaccessibleException mie) { fail("Metacat Inaccessible:\n" + mie.getMessage()); } catch (Exception e) { fail("General exception:\n" + e.getMessage()); } } /*************************************************************************** * Test the case when no access is specified and public is logged in for eml * version 2.0.1 docuements. Cases being checked: 1. public tries to read * the document - Failure. 2. public tries to update the document - Failure. * 3. public tries to update the inline data - Failure. 4. public tries to * update the online data file - Failure. 5. public tries to update the * access rules for the document - Failure. 6. public tries to update the * access rules for the inline data - Failure. 7. public tries to update the * access rules for the online data - Failure. 8. public tries to delete the * document - Failure. */ public void AccessControlTest201ForPublic() { try { debug("\nRunning: AccessControlTest201ForPublic()"); String emlVersion = EML2_0_1; String accessBlock = getAccessBlock(anotheruser, true, true, false, false, false); newdocid = generateDocumentId(); // login debug("logging in as: username=" + username + " password=" + password); m.login(username, password); onlineDocid = generateDocumentId(); uploadDocumentId(onlineDocid + ".1", onlinetestdatafile1, SUCCESS, false); testdocument = getTestEmlDoc("Testing insert", emlVersion, testEmlInlineBlock1, null, "ecogrid://knb/" + onlineDocid + ".1", null, null, null, null, null, null); // insert a document - get the docid insertDocumentId(newdocid + ".1", testdocument, SUCCESS, false); readDocumentIdWhichEqualsDoc(newdocid + ".1", testdocument, SUCCESS, false); // logoutand login as other user debug("logging out"); m.logout(); // read the document readDocumentIdWhichEqualsDoc(newdocid + ".1", null, FAILURE, true); // update the document updateDocumentId(newdocid + ".2", testdocument, FAILURE, false); // update the inline data testdocument = getTestEmlDoc("Testing insert", emlVersion, testEmlInlineBlock2, null, "ecogrid://knb/" + onlineDocid + ".1", null, null, null, null, null, null); updateDocumentId(newdocid + ".2", testdocument, FAILURE, false); // update the online data uploadDocumentId(onlineDocid + ".2", onlinetestdatafile1, FAILURE, false); // update the document access control testdocument = getTestEmlDoc("Testing insert", emlVersion, testEmlInlineBlock1, null, "ecogrid://knb/" + onlineDocid + ".1", null, accessBlock, null, null, null, null); updateDocumentId(newdocid + ".2", testdocument, FAILURE, false); // update the document access control for inline data testdocument = getTestEmlDoc("Testing insert", emlVersion, testEmlInlineBlock1, null, "ecogrid://knb/" + onlineDocid + ".1", null, null, accessBlock, null, null, null); updateDocumentId(newdocid + ".2", testdocument, FAILURE, false); // update the document access control for online data testdocument = getTestEmlDoc("Testing insert", emlVersion, testEmlInlineBlock1, null, "ecogrid://knb/" + onlineDocid + ".1", null, null, null, null, accessBlock, null); updateDocumentId(newdocid + ".2", testdocument, FAILURE, false); // delete the document deleteDocumentId(newdocid + ".2", FAILURE, true); debug("logging out"); m.logout(); } catch (MetacatAuthException mae) { fail("Authorization failed:\n" + mae.getMessage()); } catch (MetacatInaccessibleException mie) { fail("Metacat Inaccessible:\n" + mie.getMessage()); } catch (MetacatException me) { fail("Metacat Error:\n" + me.getMessage()); } catch (Exception e) { fail("General exception:\n" + e.getMessage()); } } /*************************************************************************** * Test the case when no access is specified and public is logged in for eml * version 2.1.0 docuements. Cases being checked: 1. public tries to read * the document - Failure. 2. public tries to update the document - Failure. * 3. public tries to update the inline data - Failure. 4. public tries to * update the online data file - Failure. 5. public tries to update the * access rules for the document - Failure. 6. public tries to update the * access rules for the inline data - Failure. 7. public tries to update the * access rules for the online data - Failure. 8. public tries to delete the * document - Failure. */ public void AccessControlTest210ForPublic() { try { debug("\nRunning: AccessControlTest210ForPublic()"); String emlVersion = EML2_1_0; String accessBlock = getAccessBlock(anotheruser, true, true, false, false, false); newdocid = generateDocumentId(); // login debug("logging in as: username=" + username + " password=" + password); m.login(username, password); onlineDocid = generateDocumentId(); uploadDocumentId(onlineDocid + ".1", onlinetestdatafile1, SUCCESS, false); testdocument = getTestEmlDoc("Testing insert", emlVersion, testEmlInlineBlock1, null, "ecogrid://knb/" + onlineDocid + ".1", null, null, null, null, null, null); // insert a document - get the docid insertDocumentId(newdocid + ".1", testdocument, SUCCESS, false); readDocumentIdWhichEqualsDoc(newdocid + ".1", testdocument, SUCCESS, false); // logoutand login as other user debug("logging out"); m.logout(); // read the document readDocumentIdWhichEqualsDoc(newdocid + ".1", null, FAILURE, true); // update the document updateDocumentId(newdocid + ".2", testdocument, FAILURE, false); // update the inline data testdocument = getTestEmlDoc("Testing insert", emlVersion, testEmlInlineBlock2, null, "ecogrid://knb/" + onlineDocid + ".1", null, null, null, null, null, null); updateDocumentId(newdocid + ".2", testdocument, FAILURE, false); // update the online data uploadDocumentId(onlineDocid + ".2", onlinetestdatafile1, FAILURE, false); // update the document access control testdocument = getTestEmlDoc("Testing insert", emlVersion, testEmlInlineBlock1, null, "ecogrid://knb/" + onlineDocid + ".1", null, accessBlock, null, null, null, null); updateDocumentId(newdocid + ".2", testdocument, FAILURE, false); // update the document access control for inline data testdocument = getTestEmlDoc("Testing insert", emlVersion, testEmlInlineBlock1, null, "ecogrid://knb/" + onlineDocid + ".1", null, null, accessBlock, null, null, null); updateDocumentId(newdocid + ".2", testdocument, FAILURE, false); // update the document access control for online data testdocument = getTestEmlDoc("Testing insert", emlVersion, testEmlInlineBlock1, null, "ecogrid://knb/" + onlineDocid + ".1", null, null, null, null, accessBlock, null); updateDocumentId(newdocid + ".2", testdocument, FAILURE, false); // delete the document deleteDocumentId(newdocid + ".2", FAILURE, true); debug("logging out"); m.logout(); } catch (MetacatAuthException mae) { fail("Authorization failed:\n" + mae.getMessage()); } catch (MetacatInaccessibleException mie) { fail("Metacat Inaccessible:\n" + mie.getMessage()); } catch (MetacatException me) { fail("Metacat Error:\n" + me.getMessage()); } catch (Exception e) { fail("General exception:\n" + e.getMessage()); } } }