org.springframework.security.acls.model.MutableAcl Java Examples

@Override
@Transactional
public void createPermission(Permission permission) {
  ObjectIdentity objectIdentity = permission.getObjectIdentity();
  checkTypeExists(objectIdentity.getType());
  entityHelper.checkEntityExists(objectIdentity);
  MutableAcl acl = (MutableAcl) mutableAclService.readAclById(objectIdentity);
  if (!getSuitablePermissionsForType(objectIdentity.getType())
      .contains(permission.getPermission())) {
    throw new PermissionNotSuitableException(
        permission.getPermission().name(), objectIdentity.getType());
  }
  Sid sid = permission.getSid();
  if (getPermissionResponses(acl, false, singleton(sid)).isEmpty()) {
    acl.insertAce(acl.getEntries().size(), permission.getPermission(), sid, true);
    mutableAclService.updateAcl(acl);
  } else {
    throw new DuplicatePermissionException(objectIdentity, sid);
  }
}
 

@Override
public MutableAcl createAcl(ObjectIdentity objectIdentity) throws AlreadyExistsException {
    Assert.notNull(objectIdentity, "Object Identity required");

    // Check this object identity hasn't already been persisted
    if (retrieveObjectIdentityPrimaryKey(objectIdentity) != null) {
        throw new AlreadyExistsException("Object identity '" + objectIdentity + "' already exists");
    }

    // Need to retrieve the current principal, in order to know who "owns" this ACL (can be changed later on)
    Authentication auth = SecurityContextHolder.getContext().getAuthentication();
    PrincipalSid sid = new PrincipalSid(auth);

    // Create the acl_object_identity row
    createObjectIdentity(objectIdentity, sid);

    // Retrieve the ACL via superclass (ensures cache registration, proper retrieval etc)
    Acl acl = readAclById(objectIdentity);
    Assert.isInstanceOf(MutableAcl.class, acl, "MutableAcl should be been returned");

    return (MutableAcl) acl;
}
 

/**
 * This implementation will simply delete all ACEs in the database and recreate them on each invocation of
 * this method. A more comprehensive implementation might use dirty state checking, or more likely use ORM
 * capabilities for create, update and delete operations of {@link MutableAcl}.
 */
@Override
public MutableAcl updateAcl(MutableAcl acl) throws NotFoundException {
    Assert.notNull(acl.getId(), "Object Identity doesn't provide an identifier");

    // Delete this ACL's ACEs in the acl_entry table
    aclDao.deleteEntries(retrieveObjectIdentityPrimaryKey(acl.getObjectIdentity()));

    // Create this ACL's ACEs in the acl_entry table
    createEntries(acl);

    // Change the mutable columns in acl_object_identity
    updateObjectIdentity(acl);

    // Clear the cache, including children
    clearCacheIncludingChildren(acl.getObjectIdentity());

    // Retrieve the ACL via superclass (ensures cache registration, proper retrieval etc)
    return (MutableAcl) readAclById(acl.getObjectIdentity());
}
 

/**
 * This implementation will simply delete all ACEs in the database and recreate them on each invocation of
 * this method. A more comprehensive implementation might use dirty state checking, or more likely use ORM
 * capabilities for create, update and delete operations of {@link MutableAcl}.
 */
@Override
public MutableAcl updateAcl(MutableAcl acl) throws NotFoundException {
    Assert.notNull(acl.getId(), "Object Identity doesn't provide an identifier");

    // Delete this ACL's ACEs in the acl_entry table
    aclDao.deleteEntries(retrieveObjectIdentityPrimaryKey(acl.getObjectIdentity()));

    // Create this ACL's ACEs in the acl_entry table
    createEntries(acl);

    // Change the mutable columns in acl_object_identity
    updateObjectIdentity(acl);

    // Clear the cache, including children
    clearCacheIncludingChildren(acl.getObjectIdentity());

    // Retrieve the ACL via superclass (ensures cache registration, proper retrieval etc)
    return (MutableAcl) readAclById(acl.getObjectIdentity());
}
 

@Test
void testAdd() {
  Package pack = mock(Package.class);
  Package parent = mock(Package.class);

  when(pack.getId()).thenReturn("1");
  when(parent.getId()).thenReturn("2");
  when(pack.getParent()).thenReturn(parent);

  MutableAcl acl = mock(MutableAcl.class);
  MutableAcl parentAcl = mock(MutableAcl.class);
  when(mutableAclService.createAcl(new PackageIdentity("1"))).thenReturn(acl);
  when(mutableAclService.readAclById(new PackageIdentity("2"))).thenReturn(parentAcl);

  when(userPermissionEvaluator.hasPermission(
          new PackageIdentity(parent.getId()), PackagePermission.ADD_PACKAGE))
      .thenReturn(true);

  repo.add(pack);

  verify(mutableAclService).createAcl(new PackageIdentity("1"));
  verify(mutableAclService).updateAcl(acl);
  verify(delegateRepository).add(pack);
}
 

@Override
public MutableAcl createAcl(ObjectIdentity objectIdentity) throws AlreadyExistsException {
    Assert.notNull(objectIdentity, "Object Identity required");

    // Check this object identity hasn't already been persisted
    if (retrieveObjectIdentityPrimaryKey(objectIdentity) != null) {
        throw new AlreadyExistsException("Object identity '" + objectIdentity + "' already exists");
    }

    // Need to retrieve the current principal, in order to know who "owns" this ACL (can be changed later on)
    Authentication auth = SecurityContextHolder.getContext().getAuthentication();
    PrincipalSid sid = new PrincipalSid(auth);

    // Create the acl_object_identity row
    createObjectIdentity(objectIdentity, sid);

    // Retrieve the ACL via superclass (ensures cache registration, proper retrieval etc)
    Acl acl = readAclById(objectIdentity);
    Assert.isInstanceOf(MutableAcl.class, acl, "MutableAcl should be been returned");

    return (MutableAcl) acl;
}
 

/**
 * This implementation will simply delete all ACEs in the database and recreate them on each invocation of
 * this method. A more comprehensive implementation might use dirty state checking, or more likely use ORM
 * capabilities for create, update and delete operations of {@link MutableAcl}.
 */
@Override
public MutableAcl updateAcl(MutableAcl acl) throws NotFoundException {
    Assert.notNull(acl.getId(), "Object Identity doesn't provide an identifier");

    // Delete this ACL's ACEs in the acl_entry table
    aclDao.deleteEntries(retrieveObjectIdentityPrimaryKey(acl.getObjectIdentity()));

    // Create this ACL's ACEs in the acl_entry table
    createEntries(acl);

    // Change the mutable columns in acl_object_identity
    updateObjectIdentity(acl);

    // Clear the cache, including children
    clearCacheIncludingChildren(acl.getObjectIdentity());

    // Retrieve the ACL via superclass (ensures cache registration, proper retrieval etc)
    return (MutableAcl) readAclById(acl.getObjectIdentity());
}
 

@Override
public MutableAcl createAcl(ObjectIdentity objectIdentity) throws AlreadyExistsException {
    Assert.notNull(objectIdentity, "Object Identity required");

    // Check this object identity hasn't already been persisted
    if (retrieveObjectIdentityPrimaryKey(objectIdentity) != null) {
        throw new AlreadyExistsException("Object identity '" + objectIdentity + "' already exists");
    }

    // Need to retrieve the current principal, in order to know who "owns" this ACL (can be changed later on)
    Authentication auth = SecurityContextHolder.getContext().getAuthentication();
    PrincipalSid sid = new PrincipalSid(auth);

    // Create the acl_object_identity row
    createObjectIdentity(objectIdentity, sid);

    // Retrieve the ACL via superclass (ensures cache registration, proper retrieval etc)
    Acl acl = readAclById(objectIdentity);
    Assert.isInstanceOf(MutableAcl.class, acl, "MutableAcl should be been returned");

    return (MutableAcl) acl;
}
 

@Transactional
@Override
public int createEvent(Event event) {

    int result = eventDao.createEvent(event);
    event.setId(result);

    // Add new ACL Entry:
    MutableAcl acl = aclService.createAcl(new ObjectIdentityImpl(event));
    PrincipalSid sid = new PrincipalSid(userContext.getCurrentUser().getEmail());
    acl.setOwner(sid);
    acl.insertAce(0,  BasePermission.READ, sid, true);
    aclService.updateAcl(acl);

    return result;
}
 

@Override
public void createAcl(Package pack) {
  PackageIdentity packageIdentity = new PackageIdentity(pack);
  MutableAcl acl;
  try {
    acl = mutableAclService.createAcl(packageIdentity);
  } catch (AlreadyExistsException e) {
    throw new EntityAlreadyExistsException(pack, e);
  }
  if (pack.getParent() != null) {
    ObjectIdentity parentIdentity = new PackageIdentity(pack.getParent());
    Acl parentAcl = mutableAclService.readAclById(parentIdentity);
    acl.setParent(parentAcl);
    mutableAclService.updateAcl(acl);
  }
}
 

@Override
public MutableAcl createAcl(ObjectIdentity objectIdentity) throws AlreadyExistsException {
    Assert.notNull(objectIdentity, "Object Identity required");

    // Check this object identity hasn't already been persisted
    if (retrieveObjectIdentityPrimaryKey(objectIdentity) != null) {
        throw new AlreadyExistsException("Object identity '" + objectIdentity + "' already exists");
    }

    // Need to retrieve the current principal, in order to know who "owns" this ACL (can be changed later on)
    Authentication auth = SecurityContextHolder.getContext().getAuthentication();
    PrincipalSid sid = new PrincipalSid(auth);

    // Create the acl_object_identity row
    createObjectIdentity(objectIdentity, sid);

    // Retrieve the ACL via superclass (ensures cache registration, proper retrieval etc)
    Acl acl = readAclById(objectIdentity);
    Assert.isInstanceOf(MutableAcl.class, acl, "MutableAcl should be been returned");

    return (MutableAcl) acl;
}
 

@WithMockUser(username = USERNAME)
@Test
void updateFromNullToNullPackage() {
  String entityTypeId = "entityTypeId";

  EntityType entityType = mock(EntityType.class);
  EntityType oldEntityType = mock(EntityType.class);
  MutableAcl acl = mock(MutableAcl.class);

  when(entityType.getId()).thenReturn(entityTypeId).getMock();
  doReturn(acl).when(mutableAclService).readAclById(new EntityTypeIdentity(entityTypeId));

  when(dataService.findOneById(
          EntityTypeMetadata.ENTITY_TYPE_META_DATA, entityType.getId(), EntityType.class))
      .thenReturn(oldEntityType);

  doReturn(true)
      .when(userPermissionEvaluator)
      .hasPermission(new EntityTypeIdentity(entityTypeId), UPDATE_METADATA);

  repo.update(entityType);
  verify(delegateRepository).update(entityType);
}
 

@Override
public MutableAcl createAcl(ObjectIdentity objectIdentity) throws AlreadyExistsException {
    Assert.notNull(objectIdentity, "Object Identity required");

    // Check this object identity hasn't already been persisted
    if (retrieveObjectIdentityPrimaryKey(objectIdentity) != null) {
        throw new AlreadyExistsException("Object identity '" + objectIdentity + "' already exists");
    }

    // Need to retrieve the current principal, in order to know who "owns" this ACL (can be changed later on)
    Authentication auth = SecurityContextHolder.getContext().getAuthentication();
    PrincipalSid sid = new PrincipalSid(auth);

    // Create the acl_object_identity row
    createObjectIdentity(objectIdentity, sid);

    // Retrieve the ACL via superclass (ensures cache registration, proper retrieval etc)
    Acl acl = readAclById(objectIdentity);
    Assert.isInstanceOf(MutableAcl.class, acl, "MutableAcl should be been returned");

    return (MutableAcl) acl;
}
 

/**
 * This implementation will simply delete all ACEs in the database and recreate them on each invocation of
 * this method. A more comprehensive implementation might use dirty state checking, or more likely use ORM
 * capabilities for create, update and delete operations of {@link MutableAcl}.
 */
@Override
public MutableAcl updateAcl(MutableAcl acl) throws NotFoundException {
    Assert.notNull(acl.getId(), "Object Identity doesn't provide an identifier");

    // Delete this ACL's ACEs in the acl_entry table
    aclDao.deleteEntries(retrieveObjectIdentityPrimaryKey(acl.getObjectIdentity()));

    // Create this ACL's ACEs in the acl_entry table
    createEntries(acl);

    // Change the mutable columns in acl_object_identity
    updateObjectIdentity(acl);

    // Clear the cache, including children
    clearCacheIncludingChildren(acl.getObjectIdentity());

    // Retrieve the ACL via superclass (ensures cache registration, proper retrieval etc)
    return (MutableAcl) readAclById(acl.getObjectIdentity());
}
 

@Override
@Transactional
public void updatePermission(Permission permission) {
  ObjectIdentity objectIdentity = permission.getObjectIdentity();
  checkTypeExists(objectIdentity.getType());
  entityHelper.checkEntityExists(objectIdentity);
  MutableAcl acl = (MutableAcl) mutableAclService.readAclById(objectIdentity);
  if (!getSuitablePermissionsForType(objectIdentity.getType())
      .contains(permission.getPermission())) {
    throw new PermissionNotSuitableException(
        permission.getPermission().name(), objectIdentity.getType());
  }
  Sid sid = permission.getSid();
  Set<LabelledPermission> current =
      getPermissionsForObject(objectIdentity, singleton(sid), false);
  if (current.isEmpty()) {
    throw new UnknownAceException(objectIdentity, sid, "update");
  }
  deleteAce(sid, acl);
  acl.insertAce(acl.getEntries().size(), permission.getPermission(), sid, true);
  mutableAclService.updateAcl(acl);
}
 

/**
 * Same as {@link JdbcMutableAclService#updateAcl(MutableAcl)} except that it clears all cache as
 * a workaround for https://github.com/spring-projects/spring-security/issues/3330.
 */
@Transactional
@Override
public MutableAcl updateAcl(MutableAcl acl) {
  Assert.notNull(acl.getId(), "Object Identity doesn't provide an identifier");

  // Delete this ACL's ACEs in the acl_entry table
  deleteEntries(retrieveObjectIdentityPrimaryKey(acl.getObjectIdentity()));

  // Create this ACL's ACEs in the acl_entry table
  createEntries(acl);

  // Change the mutable columns in acl_object_identity
  updateObjectIdentity(acl);

  // Clear all cache
  aclCache.clearCache();

  // Retrieve the ACL via superclass (ensures cache registration, proper retrieval
  // etc)
  return (MutableAcl) super.readAclById(acl.getObjectIdentity());
}
 

/**
 * Same as {@link JdbcMutableAclService#createAcl(ObjectIdentity)} except for duplicate key
 * checking which is handled by by the database for performance reasons.
 */
@Transactional
@Override
public MutableAcl createAcl(ObjectIdentity objectIdentity) {
  Assert.notNull(objectIdentity, "Object Identity required");

  // Need to retrieve the current principal, in order to know who "owns" this ACL
  // (can be changed later on)
  Sid sid = SidUtils.createSecurityContextSid();

  try {
    // Create the acl_object_identity row
    createObjectIdentity(objectIdentity, sid);
  } catch (DuplicateKeyException e) {
    throw new AlreadyExistsException("Object identity '" + objectIdentity + "' already exists");
  }
  // Retrieve the ACL via superclass (ensures cache registration, proper retrieval
  // etc)
  Acl acl = readAclById(objectIdentity);
  Assert.isInstanceOf(MutableAcl.class, acl, "MutableAcl should be been returned");

  return (MutableAcl) acl;
}
 

@Test
void testCreatePermission() {
  setSu();
  ObjectIdentity objectIdentity = new ObjectIdentityImpl("type", "identifier");
  Sid sid = new PrincipalSid("user");

  MutableAcl acl = mock(MutableAcl.class);
  when(acl.getOwner()).thenReturn(sid);
  when(mutableAclService.readAclById(objectIdentity)).thenReturn(acl);

  Permission permission = Permission.create(objectIdentity, sid, PermissionSet.WRITE);

  when(mutableAclClassService.getAclClassTypes()).thenReturn(singletonList("type"));

  permissionServiceDecorator.createPermission(permission);
  verify(permissionService).createPermission(permission);
  resetContext();
}
 

@Test
void testCreatePermissions() {
  setSu();
  ObjectIdentity objectIdentity = new ObjectIdentityImpl("type", "identifier");
  Sid sid = new PrincipalSid("user");

  MutableAcl acl = mock(MutableAcl.class);
  when(acl.getOwner()).thenReturn(sid);
  when(mutableAclService.readAclById(objectIdentity)).thenReturn(acl);
  when(mutableAclClassService.getAclClassTypes()).thenReturn(singletonList("type"));

  Permission permission = Permission.create(objectIdentity, sid, PermissionSet.WRITE);
  permissionServiceDecorator.createPermissions(Collections.singleton(permission));
  verify(permissionService).createPermissions(Collections.singleton(permission));
  resetContext();
}
 

@Test
void testUpdatePermission() {
  setUser();
  ObjectIdentity objectIdentity = new ObjectIdentityImpl("type", "identifier");
  Sid sid = new PrincipalSid("user");

  MutableAcl acl = mock(MutableAcl.class);
  when(acl.getOwner()).thenReturn(sid);
  when(mutableAclService.readAclById(objectIdentity)).thenReturn(acl);

  when(mutableAclClassService.getAclClassTypes()).thenReturn(singletonList("type"));

  Permission permission = Permission.create(objectIdentity, sid, PermissionSet.WRITE);
  permissionServiceDecorator.updatePermission(permission);
  verify(permissionService).updatePermission(permission);
  resetContext();
}
 

@WithMockUser(username = USERNAME)
@Test
void add() {
  String entityTypeId = "entityTypeId";
  EntityType entityType = mock(EntityType.class);
  Package pack = mock(Package.class);
  MutableAcl mutableAcl = mock(MutableAcl.class);
  Acl acl = mock(Acl.class);

  when(pack.getId()).thenReturn("test");
  when(entityType.getId()).thenReturn(entityTypeId);
  when(entityType.getPackage()).thenReturn(pack);
  when(userPermissionEvaluator.hasPermission(
          new PackageIdentity("test"), PackagePermission.ADD_ENTITY_TYPE))
      .thenReturn(true);
  when(mutableAclService.createAcl(new EntityTypeIdentity(entityType.getId())))
      .thenReturn(mutableAcl);
  when(mutableAclService.readAclById(new PackageIdentity("test"))).thenReturn(acl);

  repo.add(entityType);

  verify(delegateRepository).add(entityType);
  verify(mutableAclService).createAcl(new EntityTypeIdentity(entityTypeId));
}
 

/**
 * This implementation will simply delete all ACEs in the database and recreate them on each invocation of
 * this method. A more comprehensive implementation might use dirty state checking, or more likely use ORM
 * capabilities for create, update and delete operations of {@link MutableAcl}.
 */
@Override
public MutableAcl updateAcl(MutableAcl acl) throws NotFoundException {
    Assert.notNull(acl.getId(), "Object Identity doesn't provide an identifier");

    // Delete this ACL's ACEs in the acl_entry table
    aclDao.deleteEntries(retrieveObjectIdentityPrimaryKey(acl.getObjectIdentity()));

    // Create this ACL's ACEs in the acl_entry table
    createEntries(acl);

    // Change the mutable columns in acl_object_identity
    updateObjectIdentity(acl);

    // Clear the cache, including children
    clearCacheIncludingChildren(acl.getObjectIdentity());

    // Retrieve the ACL via superclass (ensures cache registration, proper retrieval etc)
    return (MutableAcl) readAclById(acl.getObjectIdentity());
}
 

@Test
void testGetUserPluginPermissions() {
  MutableAcl acl1 = mock(MutableAcl.class);
  MutableAcl acl2 = mock(MutableAcl.class);

  AccessControlEntry ace1 = mock(AccessControlEntry.class);

  when(ace1.getSid()).thenReturn(userSid);

  when(acl1.getEntries()).thenReturn(Collections.singletonList(ace1));
  when(acl2.getEntries()).thenReturn(Collections.emptyList());

  Map<ObjectIdentity, Acl> acls = new HashMap<>();
  acls.put(pluginIdentity1, acl1);
  acls.put(pluginIdentity2, acl2);
  when(mutableAclService.readAclsById(
          Arrays.asList(pluginIdentity1, pluginIdentity2), singletonList(userSid)))
      .thenReturn(acls);

  when(ace1.getPermission()).thenReturn(permissionRead);

  Permissions expected =
      Permissions.create(
          ImmutableSet.of("1", "2"), ImmutableMultimap.of(plugin1.getId(), "read"));
  assertEquals(expected, permissionManagerController.getUserPluginPermissions("Ipsum"));
}
 

@Test
void testGetUserPackagePermissions() {
  MutableAcl acl1 = mock(MutableAcl.class);
  MutableAcl acl2 = mock(MutableAcl.class);
  MutableAcl acl3 = mock(MutableAcl.class);

  AccessControlEntry ace1 = mock(AccessControlEntry.class);
  AccessControlEntry ace2 = mock(AccessControlEntry.class);

  when(ace1.getSid()).thenReturn(userSid);
  when(ace2.getSid()).thenReturn(userSid);

  when(acl1.getEntries()).thenReturn(Collections.singletonList(ace1));
  when(acl2.getEntries()).thenReturn(Collections.singletonList(ace2));
  when(acl3.getEntries()).thenReturn(Collections.emptyList());

  Map<ObjectIdentity, Acl> acls = new HashMap<>();
  acls.put(packageIdentity1, acl1);
  acls.put(packageIdentity2, acl2);
  acls.put(packageIdentity3, acl3);
  when(mutableAclService.readAclsById(
          Arrays.asList(packageIdentity1, packageIdentity2, packageIdentity3),
          singletonList(userSid)))
      .thenReturn(acls);

  when(ace1.getPermission()).thenReturn(permissionWritemeta);
  when(ace2.getPermission()).thenReturn(permissionCount);

  Permissions expected =
      Permissions.create(
          ImmutableSet.of("1", "2", "3"),
          ImmutableMultimap.of(package1.getId(), "writemeta", package2.getId(), "count"));

  assertEquals(expected, permissionManagerController.getUserPackagePermissions("Ipsum"));
}
 

@Test
void testSetPermission() {
  Sid role = new GrantedAuthoritySid("ROLE_role");
  MutableAcl acl = mock(MutableAcl.class);
  ObjectIdentity objectIdentity = mock(ObjectIdentity.class);
  when(acl.getObjectIdentity()).thenReturn(objectIdentity);
  doReturn(acl)
      .when(mutableAclService)
      .readAclById(new ObjectIdentityImpl("entity-typeId", "identifier"));
  when(acl.getObjectIdentity()).thenReturn(objectIdentity);

  AccessControlEntry ace1 = mock(AccessControlEntry.class);
  when(ace1.getSid()).thenReturn(role);
  when(ace1.getPermission()).thenReturn(COUNT);
  when(acl.getEntries()).thenReturn(singletonList(ace1));

  when(entityHelper.getLabelledObjectIdentity(acl.getObjectIdentity()))
      .thenReturn(
          LabelledObjectIdentity.create(
              "entity-typeId", "typeId", "typeLabel", "identifier", "identifierLabel"));

  when(userRoleTools.sortSids(singleton(role))).thenReturn(new LinkedList(singletonList(role)));
  when(mutableAclClassService.getAclClassTypes()).thenReturn(singletonList("entity-typeId"));

  permissionsApiService.updatePermission(
      Permission.create(new ObjectIdentityImpl("entity-typeId", "identifier"), role, WRITE));

  verify(acl).deleteAce(0);
  verify(acl).insertAce(1, WRITE, role, true);
  verify(mutableAclService, times(2)).updateAcl(acl);
}
 

@Override
public void createAcl(Entity entity) {
  MutableAcl acl;
  try {
    acl = mutableAclService.createAcl(new EntityIdentity(entity));
  } catch (AlreadyExistsException e) {
    throw new EntityAlreadyExistsException(entity, e);
  }
  Sid sid = SidUtils.createSecurityContextSid();
  acl.insertAce(acl.getEntries().size(), PermissionSet.WRITE, sid, true);
  mutableAclService.updateAcl(acl);
}
 

@Test
void testGetUserEntityClassPermissions() {
  MutableAcl acl1 = mock(MutableAcl.class);
  MutableAcl acl2 = mock(MutableAcl.class);
  MutableAcl acl3 = mock(MutableAcl.class);

  AccessControlEntry ace1 = mock(AccessControlEntry.class);
  AccessControlEntry ace2 = mock(AccessControlEntry.class);

  when(ace1.getSid()).thenReturn(userSid);
  when(ace2.getSid()).thenReturn(userSid);

  when(acl1.getEntries()).thenReturn(Collections.singletonList(ace1));
  when(acl2.getEntries()).thenReturn(Collections.singletonList(ace2));
  when(acl3.getEntries()).thenReturn(Collections.emptyList());

  Map<ObjectIdentity, Acl> acls = new HashMap<>();
  acls.put(entityIdentity1, acl1);
  acls.put(entityIdentity2, acl2);
  acls.put(entityIdentity3, acl3);
  when(mutableAclService.readAclsById(
          Arrays.asList(entityIdentity1, entityIdentity2, entityIdentity3),
          singletonList(userSid)))
      .thenReturn(acls);

  when(ace1.getPermission()).thenReturn(permissionWritemeta);
  when(ace2.getPermission()).thenReturn(permissionCount);

  Permissions expected =
      Permissions.create(
          ImmutableSet.of("1", "2", "3"),
          ImmutableMultimap.of(entityType1.getId(), "writemeta", entityType2.getId(), "count"));

  assertEquals(expected, permissionManagerController.getUserEntityClassPermissions("Ipsum"));
}
 

@Test
void testDeletePermission() {
  setSu();
  ObjectIdentity objectIdentity = new ObjectIdentityImpl("type", "identifier");
  Sid sid = new PrincipalSid("user");

  MutableAcl acl = mock(MutableAcl.class);
  when(acl.getOwner()).thenReturn(sid);
  when(mutableAclService.readAclById(objectIdentity)).thenReturn(acl);
  when(mutableAclClassService.getAclClassTypes()).thenReturn(singletonList("type"));
  permissionServiceDecorator.deletePermission(sid, objectIdentity);
  verify(permissionService).deletePermission(sid, objectIdentity);
  resetContext();
}
 

@Test
void testGetRolePluginPermissions() {
  MutableAcl acl1 = mock(MutableAcl.class);
  MutableAcl acl2 = mock(MutableAcl.class);

  AccessControlEntry ace1 = mock(AccessControlEntry.class);

  when(ace1.getSid()).thenReturn(roleSid);

  when(acl1.getEntries()).thenReturn(Collections.singletonList(ace1));
  when(acl2.getEntries()).thenReturn(Collections.emptyList());

  Map<ObjectIdentity, Acl> acls = new HashMap<>();
  acls.put(pluginIdentity1, acl1);
  acls.put(pluginIdentity2, acl2);
  when(mutableAclService.readAclsById(
          Arrays.asList(pluginIdentity1, pluginIdentity2), singletonList(roleSid)))
      .thenReturn(acls);

  when(ace1.getPermission()).thenReturn(permissionRead);

  Permissions expected =
      Permissions.create(
          ImmutableSet.of("1", "2"), ImmutableMultimap.of(entityType1.getId(), "read"));
  Permissions actual = permissionManagerController.getRolePluginPermissions("ONE");
  assertEquals(expected, actual);
}
 

@Test
void testGetRoleEntityTypePermissions() {
  MutableAcl acl1 = mock(MutableAcl.class);
  MutableAcl acl2 = mock(MutableAcl.class);
  MutableAcl acl3 = mock(MutableAcl.class);

  AccessControlEntry ace1 = mock(AccessControlEntry.class);
  AccessControlEntry ace2 = mock(AccessControlEntry.class);

  when(ace1.getSid()).thenReturn(roleSid);
  when(ace2.getSid()).thenReturn(roleSid);

  when(acl1.getEntries()).thenReturn(Collections.singletonList(ace1));
  when(acl2.getEntries()).thenReturn(Collections.singletonList(ace2));
  when(acl3.getEntries()).thenReturn(Collections.emptyList());

  Map<ObjectIdentity, Acl> acls = new HashMap<>();
  acls.put(entityIdentity1, acl1);
  acls.put(entityIdentity2, acl2);
  acls.put(entityIdentity3, acl3);
  when(mutableAclService.readAclsById(
          Arrays.asList(entityIdentity1, entityIdentity2, entityIdentity3),
          singletonList(roleSid)))
      .thenReturn(acls);

  when(ace1.getPermission()).thenReturn(permissionWrite);
  when(ace2.getPermission()).thenReturn(permissionRead);

  Permissions expected =
      Permissions.create(
          ImmutableSet.of("1", "2", "3"),
          ImmutableMultimap.of(entityType1.getId(), "write", entityType2.getId(), "read"));

  assertEquals(expected, permissionManagerController.getRoleEntityClassPermissions("ONE"));
}