Update Tests and Formatting

This commit is contained in:
Josh Cummings
2024-04-18 12:18:18 -06:00
parent c73ce7587d
commit ff551021ba
5 changed files with 28 additions and 26 deletions

View File

@@ -26,8 +26,10 @@ import org.springframework.security.authorization.method.HandleAuthorizationDeni
@Target(ElementType.METHOD)
@Retention(RetentionPolicy.RUNTIME)
@PreAuthorize(value = "hasAuthority('{value}:read')")
@PreAuthorize("hasAuthority('{value}:read')")
@HandleAuthorizationDenied(handlerClass = Null.class)
public @interface AuthorizeRead {
String value();
}

View File

@@ -49,17 +49,16 @@ public class DataApplication {
@Bean
public UserDetailsService userDetailsService() {
return new InMemoryUserDetailsManager(
User.withDefaultPasswordEncoder()
.username("rob")
.password("password")
.authorities("message:read", "user:read")
.build(),
User.withDefaultPasswordEncoder()
.username("luke")
.password("password")
.authorities("message:read")
.build()
);
User.withDefaultPasswordEncoder()
.username("rob")
.password("password")
.authorities("message:read", "user:read")
.build(),
User.withDefaultPasswordEncoder()
.username("luke")
.password("password")
.authorities("message:read")
.build());
}
public static void main(String[] args) {

View File

@@ -24,6 +24,7 @@ import org.springframework.web.bind.annotation.RestController;
@RestController
public class MessageController {
private final MessageRepository messages;
public MessageController(MessageRepository messages) {

View File

@@ -24,8 +24,10 @@ import org.springframework.stereotype.Component;
@Component
public class Null implements MethodAuthorizationDeniedHandler {
@Override
public Object handleDeniedInvocation(MethodInvocation methodInvocation, AuthorizationResult authorizationResult) {
return null;
}
}

View File

@@ -22,12 +22,9 @@ import org.junit.jupiter.api.Test;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.test.context.SpringBootTest;
import org.springframework.security.access.AccessDeniedException;
import org.springframework.security.test.context.support.WithMockUser;
import static org.assertj.core.api.Assertions.assertThat;
import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
import static org.assertj.core.api.Assertions.assertThatNoException;
/**
* @author Rob Winch
@@ -44,43 +41,44 @@ public class DataApplicationTests {
List<Message> messages = this.repository.findAll();
assertThat(messages).hasSize(3);
for (Message message : messages) {
assertThatExceptionOfType(AccessDeniedException.class).isThrownBy(message::getSummary);
assertThatExceptionOfType(AccessDeniedException.class).isThrownBy(message::getText);
assertThat(message.getSummary()).isNull();
assertThat(message.getText()).isNull();
}
}
@Test
@WithMockUser(username="rob", authorities="message:read")
@WithMockUser(username = "rob", authorities = "message:read")
void findAllOnlyToCurrentUserCanReadMessage() {
List<Message> messages = this.repository.findAll();
assertThat(messages).hasSize(3);
for (Message message : messages) {
assertThatNoException().isThrownBy(message::getSummary);
assertThatNoException().isThrownBy(message::getText);
assertThat(message.getSummary()).isNotNull();
assertThat(message.getText()).isNotNull();
}
}
@Test
@WithMockUser(username="rob", authorities="message:read")
@WithMockUser(username = "rob", authorities = "message:read")
void findAllOnlyToCurrentUserCantReadUserDetails() {
List<Message> messages = this.repository.findAll();
assertThat(messages).hasSize(3);
for (Message message : messages) {
User user = message.getTo();
assertThatExceptionOfType(AccessDeniedException.class).isThrownBy(user::getFirstName);
assertThatExceptionOfType(AccessDeniedException.class).isThrownBy(user::getLastName);
assertThat(user.getFirstName()).isNull();
assertThat(user.getLastName()).isNull();
}
}
@Test
@WithMockUser(username="rob", authorities={ "message:read", "user:read" })
@WithMockUser(username = "rob", authorities = { "message:read", "user:read" })
void findAllOnlyToCurrentUserCanReadUserDetails() {
List<Message> messages = this.repository.findAll();
assertThat(messages).hasSize(3);
for (Message message : messages) {
User user = message.getTo();
assertThatNoException().isThrownBy(user::getFirstName);
assertThatNoException().isThrownBy(user::getLastName);
assertThat(user.getFirstName()).isNotNull();
assertThat(user.getLastName()).isNotNull();
}
}
}