Index: kernel-impl/src/test/java/org/sakaiproject/site/impl/test/SiteServiceTest.java =================================================================== --- kernel-impl/src/test/java/org/sakaiproject/site/impl/test/SiteServiceTest.java (revision 87840) +++ kernel-impl/src/test/java/org/sakaiproject/site/impl/test/SiteServiceTest.java (working copy) @@ -1,6 +1,5 @@ package org.sakaiproject.site.impl.test; -import java.sql.SQLException; import java.util.Set; import java.util.TreeSet; @@ -10,7 +9,12 @@ import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; +import org.sakaiproject.authz.api.Role; +import org.sakaiproject.authz.api.SecurityService; +import org.sakaiproject.authz.impl.SakaiSecurity; +import org.sakaiproject.component.cover.ComponentManager; import org.sakaiproject.exception.IdInvalidException; +import org.sakaiproject.exception.IdUnusedException; import org.sakaiproject.exception.IdUsedException; import org.sakaiproject.exception.PermissionException; import org.sakaiproject.site.api.Site; @@ -18,6 +22,11 @@ import org.sakaiproject.test.SakaiKernelTestBase; import org.sakaiproject.tool.api.Session; import org.sakaiproject.tool.api.SessionManager; +import org.sakaiproject.user.api.UserAlreadyDefinedException; +import org.sakaiproject.user.api.UserDirectoryService; +import org.sakaiproject.user.api.UserEdit; +import org.sakaiproject.user.api.UserIdInvalidException; +import org.sakaiproject.user.api.UserPermissionException; public class SiteServiceTest extends SakaiKernelTestBase { private static final Log log = LogFactory.getLog(SiteServiceTest.class); @@ -43,10 +52,7 @@ public void testNullSiteId() { SiteService siteService = org.sakaiproject.site.cover.SiteService.getInstance(); - SessionManager sessionManager = org.sakaiproject.tool.cover.SessionManager.getInstance(); - Session session = sessionManager.getCurrentSession(); - session.setUserEid("admin"); - session.setUserId("admin"); + workAsAdmin(); try { @@ -65,7 +71,18 @@ } + private void workAsAdmin() { + workAsUser("admin", "admin"); + } + + private void workAsUser(String eid, String id) { + SessionManager sessionManager = org.sakaiproject.tool.cover.SessionManager.getInstance(); + Session session = sessionManager.getCurrentSession(); + session.setUserEid(eid); + session.setUserId(id); + } + public void testNonExistentSiteId() { /* * See KNL-512 sending a realm ID that doesn't exit to @@ -74,10 +91,7 @@ */ SiteService siteService = org.sakaiproject.site.cover.SiteService.getInstance(); - SessionManager sessionManager = org.sakaiproject.tool.cover.SessionManager.getInstance(); - Session session = sessionManager.getCurrentSession(); - session.setUserEid("admin"); - session.setUserId("admin"); + workAsAdmin(); Set siteSet = new TreeSet(); siteSet.add("nosuchSite"); @@ -88,6 +102,50 @@ e.printStackTrace(); fail(); } + } + /** + * Check that when a site is unpublished a user roleswapped user can still access the site when switching to a role which can't access the unpublished site. + */ + public void testRoleSwapSiteVisit() throws IdUnusedException, PermissionException, IdInvalidException, IdUsedException, UserIdInvalidException, UserAlreadyDefinedException, UserPermissionException { + + SiteService siteService = (SiteService) ComponentManager.get(SiteService.class); + + SecurityService securityService = (SecurityService) ComponentManager.get(SecurityService.class); + workAsAdmin(); + + // Create another user. + UserDirectoryService userService = (UserDirectoryService)ComponentManager.get(UserDirectoryService.class); + UserEdit accessUser = userService.addUser("access", "access"); + userService.commitEdit(accessUser); + UserEdit maintainUser = userService.addUser("maintain", "maintain"); + userService.commitEdit(maintainUser); + + Site site = siteService.addSite("roleSwapSiteVisit", "test"); + site.addMember("access", "access", true, false); + site.addMember("maintain", "maintain", true, false); + site.setPublished(false); // This is the default, but we this is what we are wanting to test. + Role maintain = site.getRole("maintain"); + maintain.allowFunction(SiteService.SITE_ROLE_SWAP); + siteService.save(site); + + workAsUser("maintain", "maintain"); + // Check maintainer has same access through allowAccess as getSiteVisit. + assertTrue(siteService.allowAccessSite("roleSwapSiteVisit")); + try { + siteService.getSiteVisit("roleSwapSiteVisit"); + } catch (PermissionException pe) { + fail("Should have been able to get the site fine."); + } + + assertTrue(securityService.setUserEffectiveRole(site.getReference(), "access")); + // Check accessor as well + assertTrue(siteService.allowAccessSite("roleSwapSiteVisit")); + try { + siteService.getSiteVisit("roleSwapSiteVisit"); + } catch (PermissionException pe) { + fail("Should have been able to get the site fine."); + } + } }