X-Git-Url: https://code.wpia.club/?p=gigi.git;a=blobdiff_plain;f=tests%2Forg%2Fcacert%2Fgigi%2Fpages%2Forga%2FTestOrgaManagement.java;h=45e25e698ff8ef6ced00695273622f55e576db0c;hp=90355a498940ac0180e044427ec8d857fdae411e;hb=08dd246cc6dbef3e83979622c9fd4fc10b749007;hpb=ed2a1041c12f9fcdba56472e1d938bb121166566

diff --git a/tests/org/cacert/gigi/pages/orga/TestOrgaManagement.java b/tests/org/cacert/gigi/pages/orga/TestOrgaManagement.java
index 90355a49..45e25e69 100644
--- a/tests/org/cacert/gigi/pages/orga/TestOrgaManagement.java
+++ b/tests/org/cacert/gigi/pages/orga/TestOrgaManagement.java
@@ -1,8 +1,12 @@
 package org.cacert.gigi.pages.orga;
 
+import static org.hamcrest.CoreMatchers.*;
 import static org.junit.Assert.*;
 
 import java.io.IOException;
+import java.net.HttpURLConnection;
+import java.net.URL;
+import java.net.URLConnection;
 import java.net.URLEncoder;
 import java.util.List;
 
@@ -10,6 +14,7 @@ import org.cacert.gigi.dbObjects.Group;
 import org.cacert.gigi.dbObjects.Organisation;
 import org.cacert.gigi.dbObjects.Organisation.Affiliation;
 import org.cacert.gigi.dbObjects.User;
+import org.cacert.gigi.testUtils.IOUtils;
 import org.cacert.gigi.testUtils.ManagedTest;
 import org.junit.Test;
 
@@ -63,4 +68,33 @@ public class TestOrgaManagement extends ManagedTest {
         orgs = Organisation.getOrganisations(0, 30);
         assertEquals("name1", orgs[0].getName());
     }
+
+    @Test
+    public void testNonAssurerSeeOnlyOwn() throws IOException {
+        User u2 = User.getById(createVerifiedUser("testworker", "testname", createUniqueName() + "@testdom.com", TEST_PASSWORD));
+        Organisation o1 = new Organisation("name21", "DE", "sder", "Rostov", u);
+        Organisation o2 = new Organisation("name12", "DE", "sder", "Rostov", u);
+        o1.addAdmin(u2, u2, false);
+        String session2 = login(u2.getEmail(), TEST_PASSWORD);
+
+        URLConnection uc = new URL("https://" + getServerName() + ViewOrgPage.DEFAULT_PATH).openConnection();
+        uc.addRequestProperty("Cookie", session2);
+        String content = IOUtils.readURL(uc);
+        assertThat(content, containsString("name21"));
+        assertThat(content, not(containsString("name12")));
+        uc = cookie(new URL("https://" + getServerName() + ViewOrgPage.DEFAULT_PATH + "/" + o1.getId()).openConnection(), session2);
+        assertEquals(200, ((HttpURLConnection) uc).getResponseCode());
+        uc = cookie(new URL("https://" + getServerName() + ViewOrgPage.DEFAULT_PATH + "/" + o2.getId()).openConnection(), session2);
+        assertEquals(404, ((HttpURLConnection) uc).getResponseCode());
+
+        uc = new URL("https://" + getServerName() + ViewOrgPage.DEFAULT_PATH).openConnection();
+        uc.addRequestProperty("Cookie", session);
+        content = IOUtils.readURL(uc);
+        assertThat(content, containsString("name21"));
+        assertThat(content, containsString("name12"));
+        uc = cookie(new URL("https://" + getServerName() + ViewOrgPage.DEFAULT_PATH + "/" + o1.getId()).openConnection(), session);
+        assertEquals(200, ((HttpURLConnection) uc).getResponseCode());
+        uc = cookie(new URL("https://" + getServerName() + ViewOrgPage.DEFAULT_PATH + "/" + o2.getId()).openConnection(), session);
+        assertEquals(200, ((HttpURLConnection) uc).getResponseCode());
+    }
 }