+
+ @Test
+ public void testNonAssurerSeeOnlyOwn() throws IOException, GigiApiException {
+ User u2 = User.getById(createAssuranceUser("testworker", "testname", createUniqueName() + "@testdom.com", TEST_PASSWORD));
+ Organisation o1 = new Organisation("name21", "DE", "sder", "Rostov", "email", u);
+ Organisation o2 = new Organisation("name12", "DE", "sder", "Rostov", "email", u);
+ o1.addAdmin(u2, u, false);
+ String session2 = login(u2.getEmail(), TEST_PASSWORD);
+
+ URLConnection uc = get(session2, ViewOrgPage.DEFAULT_PATH);
+ assertEquals(403, ((HttpURLConnection) uc).getResponseCode());
+
+ uc = get(session2, MyDetails.PATH);
+ String content = IOUtils.readURL(uc);
+ assertThat(content, containsString("name21"));
+ assertThat(content, not(containsString("name12")));
+ uc = get(session2, ViewOrgPage.DEFAULT_PATH + "/" + o1.getId());
+ assertEquals(403, ((HttpURLConnection) uc).getResponseCode());
+ uc = get(session2, ViewOrgPage.DEFAULT_PATH + "/" + o2.getId());
+ assertEquals(403, ((HttpURLConnection) uc).getResponseCode());
+
+ uc = get(ViewOrgPage.DEFAULT_PATH);
+ content = IOUtils.readURL(uc);
+ assertThat(content, containsString("name21"));
+ assertThat(content, containsString("name12"));
+ uc = get(ViewOrgPage.DEFAULT_PATH + "/" + o1.getId());
+ assertEquals(200, ((HttpURLConnection) uc).getResponseCode());
+ uc = get(ViewOrgPage.DEFAULT_PATH + "/" + o2.getId());
+ assertEquals(200, ((HttpURLConnection) uc).getResponseCode());
+ o1.delete();
+ o2.delete();
+ }
+
+ @Test
+ public void testAffiliationRights() throws IOException, GigiApiException {
+ User u2 = User.getById(createAssuranceUser("testworker", "testname", createUniqueName() + "@testdom.com", TEST_PASSWORD));
+ User u3 = User.getById(createAssuranceUser("testmaster", "testname", createUniqueName() + "@testdom.com", TEST_PASSWORD));
+ User u4_dummy = User.getById(createVerifiedUser("testmaster", "testname", createUniqueName() + "@testdom.com", TEST_PASSWORD));
+ Organisation o1 = new Organisation("name21", "DE", "sder", "Rostov", "email", u);
+ o1.addAdmin(u3, u, true);
+ try {
+ // must fail because u4 is no assurer
+ o1.addAdmin(u4_dummy, u3, false);
+ fail("No exception!");
+ } catch (GigiApiException e) {
+ }
+ o1.addAdmin(u2, u3, false);
+ try {
+ // must fail because u2 may not add admins
+ o1.addAdmin(u3, u2, false);
+ fail("No exception!");
+ } catch (GigiApiException e) {
+ }
+ try {
+ // must fail because u4 is no assurer
+ o1.addAdmin(u4_dummy, u, false);
+ fail("No exception!");
+ } catch (GigiApiException e) {
+ }
+ o1.removeAdmin(u2, u3);
+ o1.removeAdmin(u3, u3);
+ assertEquals(0, o1.getAllAdmins().size());
+ o1.delete();
+ }