Author: ymartel Date: 2012-06-13 12:23:07 +0200 (Wed, 13 Jun 2012) New Revision: 3463 Url: http://chorem.org/repositories/revision/pollen/3463 Log: refs #606 : add tests for security access with a normal poll as owner and as admin Modified: trunk/pollen-ui-struts2/src/test/java/org/chorem/pollen/ui/security/SecurityAccessSIT.java Modified: trunk/pollen-ui-struts2/src/test/java/org/chorem/pollen/ui/security/SecurityAccessSIT.java =================================================================== --- trunk/pollen-ui-struts2/src/test/java/org/chorem/pollen/ui/security/SecurityAccessSIT.java 2012-06-13 01:23:02 UTC (rev 3462) +++ trunk/pollen-ui-struts2/src/test/java/org/chorem/pollen/ui/security/SecurityAccessSIT.java 2012-06-13 10:23:07 UTC (rev 3463) @@ -36,13 +36,17 @@ * <li>Access to "admin pages" when not connected (KO)</li> * <li>Access to "admin pages" when not connected as admin (KO)</li> * <li>Access to "admin pages" when connected as admin (OK)</li> + * <li>Access to "poll page" with a good pollId (OK)</li> + * <li>Access to "poll page" with a bad pollId (KO)</li> + * <li>Access to "poll admin page" with a good tokenId (OK)</li> + * <li>Access to "poll admin page" with a bad tokenId (KO)</li> + * <li>Access to "poll moderation page" with a good tokenId (OK)</li> + * <li>Access to "poll moderation page" with a bad tokenId (KO)</li> * </ul> * <p/> * TODO ymartel 2012/06/12 * Should check those security access to : * <ul> - * <li>Access to "poll page" with a good pollId (OK)</li> - * <li>Access to "poll page" with a bad pollId (KO)</li> * <li>Access to "restricted poll page" with a good accountId (OK)</li> * <li>Access to "restricted poll page" with a bad accountId (KO)</li> * </ul> @@ -191,7 +195,7 @@ // Go on home page gotoUrl(fixtures.homeURL()); - // login as user + // login as admin connect("admin", "admin"); // try to access to admin polls list page, current url should be good one @@ -208,8 +212,9 @@ * <li>Try to access to normal poll with bad pollId (should be redirected)</li> * <li>Try to access to moderation page for normal poll with good pollId & good tokenId</li> * <li>Try to access to moderation page for normal poll with good pollId & bad tokenId (should be redirected)</li> - * <li>Try to access to admin page for normal poll with good pollId & good tokenId</li> - * <li>Try to access to admin page for normal poll with good pollId & bad tokenId (should be redirected)</li> + * <li>Try to access to modification page for normal poll with just a good pollId</li> + * <li>Try to access to modification page for normal poll with good pollId & good tokenId</li> + * <li>Try to access to modification page for normal poll with good pollId & bad tokenId (should be redirected)</li> * </ol> * <p/> * All the page should be accessed. @@ -246,4 +251,116 @@ gotoUrl(fixtures.modificationURL(PollUri.newPollUri(pollId, badCreatorId)), fixtures.poll_creator_requiredURL(), false); } + /** + * This test : + * <ol> + * <li>Login as Admin</li> + * <li>Try to access to normal poll with good pollId</li> + * <li>Try to access to normal poll with bad pollId (should be redirected)</li> + * <li>Try to access to moderation page for normal poll with good pollId & good tokenId</li> + * <li>Try to access to moderation page for normal poll with good pollId & bad tokenId (should be redirected)</li> + * <li>Try to access to admin page for normal poll with good pollId & good tokenId</li> + * <li>Try to access to admin page for normal poll with good pollId & bad tokenId (should be redirected)</li> + * </ol> + * <p/> + * All the page should be accessed. + * + * @throws Exception + */ + @Test + public void accessNormalPoolActionsAsAdmin() throws Exception { + + // Go on home page + gotoUrl(fixtures.homeURL()); + + // login as admin + connect("admin", "admin"); + + String pollId = fixtures.normalPollId(); + String badPollId = pollId + System.nanoTime(); + String creatorId = fixtures.normalPollCreatorId(); + String badCreatorId = creatorId + System.nanoTime(); + + // try to access to poll page, current url should be good one + String normalPollURL = fixtures.voteforURL(PollUri.newPollUri(pollId)); + gotoUrl(normalPollURL); + + // try to access to poll page with bad pollId, current url should be the poll_required one + gotoUrl(fixtures.voteforURL(PollUri.newPollUri(badPollId)), fixtures.poll_requiredURL(), false); + + // try to access to poll moderation page, current url should be good one + String moderationURL = fixtures.voteforURL(PollUri.newPollUri(pollId, creatorId)); + gotoUrl(moderationURL); + + // try to access to poll page with bad creatorId, current url should be the poll_required one + gotoUrl(fixtures.voteforURL(PollUri.newPollUri(pollId, badCreatorId)), fixtures.poll_access_requiredURL(), false); + + // try to access to poll modification page without creator Id, current url should be good one (admin access) + String simpleNormalPollAdminURL = fixtures.modificationURL(PollUri.newPollUri(pollId)); + gotoUrl(simpleNormalPollAdminURL); + + // try to access to poll modification page with creator Id, current url should be good one + String normalPollAdminURL = fixtures.modificationURL(PollUri.newPollUri(pollId, creatorId)); + gotoUrl(normalPollAdminURL); + + // try to access to poll modifcation page with bad creatorId, current url should be the poll_creator_required one, even if we are admin + gotoUrl(fixtures.modificationURL(PollUri.newPollUri(pollId, badCreatorId)), fixtures.poll_creator_requiredURL(), false); + } + + /** + * This test : + * <ol> + * <li>Login as "User" (owner of the poll)</li> + * <li>Try to access to normal poll with good pollId</li> + * <li>Try to access to normal poll with bad pollId (should be redirected)</li> + * <li>Try to access to moderation page for normal poll with good pollId & good tokenId</li> + * <li>Try to access to moderation page for normal poll with good pollId & bad tokenId (should be redirected)</li> + * <li>Try to access to admin page for normal poll with good pollId & good tokenId</li> + * <li>Try to access to admin page for normal poll with good pollId & bad tokenId (should be redirected)</li> + * </ol> + * <p/> + * All the page should be accessed. + * + * @throws Exception + */ + @Test + public void accessNormalPoolActionsAsOwner() throws Exception { + + // Go on home page + gotoUrl(fixtures.homeURL()); + + // login as user + connect("user", "user"); + + String pollId = fixtures.normalPollId(); + String badPollId = pollId + System.nanoTime(); + String creatorId = fixtures.normalPollCreatorId(); + String badCreatorId = creatorId + System.nanoTime(); + + // try to access to poll page, current url should be good one + String normalPollURL = fixtures.voteforURL(PollUri.newPollUri(pollId)); + gotoUrl(normalPollURL); + + // try to access to poll page with bad pollId, current url should be the poll_required one + gotoUrl(fixtures.voteforURL(PollUri.newPollUri(badPollId)), fixtures.poll_requiredURL(), false); + + // try to access to poll moderation page, current url should be good one + String moderationURL = fixtures.voteforURL(PollUri.newPollUri(pollId, creatorId)); + gotoUrl(moderationURL); + + // try to access to poll page with bad pollId, current url should be the poll_required one + gotoUrl(fixtures.voteforURL(PollUri.newPollUri(pollId, badCreatorId)), fixtures.poll_access_requiredURL(), false); + + // try to access to poll modification page without creator Id, current url should be good one (owner access) + String simpleNormalPollModificationURL = fixtures.modificationURL(PollUri.newPollUri(pollId)); + gotoUrl(simpleNormalPollModificationURL); + + // try to access to poll modification page with creator Id, current url should be good one + String normalPollModificationURL = fixtures.modificationURL(PollUri.newPollUri(pollId, creatorId)); + gotoUrl(normalPollModificationURL); + + // try to access to poll modifcation page with bad creatorId, current url should be the poll_creator_required one, even if we are owner + gotoUrl(fixtures.modificationURL(PollUri.newPollUri(pollId, badCreatorId)), fixtures.poll_creator_requiredURL(), false); + } + }