Allow viewing of one's own orgas.

[gigi.git] / tests / org / cacert / gigi / pages / orga / TestOrgaManagement.java

diff --git a/tests/org/cacert/gigi/pages/orga/TestOrgaManagement.java b/tests/org/cacert/gigi/pages/orga/TestOrgaManagement.java
index 90355a498940ac0180e044427ec8d857fdae411e..45e25e698ff8ef6ced00695273622f55e576db0c 100644 (file)
--- a/tests/org/cacert/gigi/pages/orga/TestOrgaManagement.java
+++ b/tests/org/cacert/gigi/pages/orga/TestOrgaManagement.java
@@ -1,8 +1,12 @@
 package org.cacert.gigi.pages.orga;
 
+import static org.hamcrest.CoreMatchers.*;
 import static org.junit.Assert.*;
 
 import java.io.IOException;
+import java.net.HttpURLConnection;
+import java.net.URL;
+import java.net.URLConnection;
 import java.net.URLEncoder;
 import java.util.List;
 
@@ -10,6 +14,7 @@ import org.cacert.gigi.dbObjects.Group;
 import org.cacert.gigi.dbObjects.Organisation;
 import org.cacert.gigi.dbObjects.Organisation.Affiliation;
 import org.cacert.gigi.dbObjects.User;
+import org.cacert.gigi.testUtils.IOUtils;
 import org.cacert.gigi.testUtils.ManagedTest;
 import org.junit.Test;
 
@@ -63,4 +68,33 @@ public class TestOrgaManagement extends ManagedTest {
         orgs = Organisation.getOrganisations(0, 30);
         assertEquals("name1", orgs[0].getName());
     }
+
+    @Test
+    public void testNonAssurerSeeOnlyOwn() throws IOException {
+        User u2 = User.getById(createVerifiedUser("testworker", "testname", createUniqueName() + "@testdom.com", TEST_PASSWORD));
+        Organisation o1 = new Organisation("name21", "DE", "sder", "Rostov", u);
+        Organisation o2 = new Organisation("name12", "DE", "sder", "Rostov", u);
+        o1.addAdmin(u2, u2, false);
+        String session2 = login(u2.getEmail(), TEST_PASSWORD);
+
+        URLConnection uc = new URL("https://" + getServerName() + ViewOrgPage.DEFAULT_PATH).openConnection();
+        uc.addRequestProperty("Cookie", session2);
+        String content = IOUtils.readURL(uc);
+        assertThat(content, containsString("name21"));
+        assertThat(content, not(containsString("name12")));
+        uc = cookie(new URL("https://" + getServerName() + ViewOrgPage.DEFAULT_PATH + "/" + o1.getId()).openConnection(), session2);
+        assertEquals(200, ((HttpURLConnection) uc).getResponseCode());
+        uc = cookie(new URL("https://" + getServerName() + ViewOrgPage.DEFAULT_PATH + "/" + o2.getId()).openConnection(), session2);
+        assertEquals(404, ((HttpURLConnection) uc).getResponseCode());
+
+        uc = new URL("https://" + getServerName() + ViewOrgPage.DEFAULT_PATH).openConnection();
+        uc.addRequestProperty("Cookie", session);
+        content = IOUtils.readURL(uc);
+        assertThat(content, containsString("name21"));
+        assertThat(content, containsString("name12"));
+        uc = cookie(new URL("https://" + getServerName() + ViewOrgPage.DEFAULT_PATH + "/" + o1.getId()).openConnection(), session);
+        assertEquals(200, ((HttpURLConnection) uc).getResponseCode());
+        uc = cookie(new URL("https://" + getServerName() + ViewOrgPage.DEFAULT_PATH + "/" + o2.getId()).openConnection(), session);
+        assertEquals(200, ((HttpURLConnection) uc).getResponseCode());
+    }
 }