Add test

italiangrid · Nov 6, 2024 · bf90233 · bf90233
1 parent 0ff8c85
commit bf90233
Showing 1 changed file with 22 additions and 5 deletions.
diff --git a/...va/org/italiangrid/storm/webdav/test/authz/integration/AuthorizationIntegrationTests.java b/...va/org/italiangrid/storm/webdav/test/authz/integration/AuthorizationIntegrationTests.java
@@ -21,6 +21,7 @@
 import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.put;
 import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.request;
 import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
+import static org.italiangrid.storm.webdav.oauth.GrantedAuthoritiesMapperSupport.OAUTH_GROUP_CLAIM_NAMES;
 
 import java.net.URI;
 
@@ -127,11 +128,8 @@ void issuerChecksAreEnforcedForWlcgScopeBasedAuthz() throws Exception {
 
   @Test
   void getAccessAsJwtUserWithoutScopeLeadsToAccessDenied() throws Exception {
-    Jwt token = Jwt.withTokenValue("test")
-      .header("kid", "rsa1")
-      .issuer(WLCG_ISSUER)
-      .subject("123")
-      .build();
+    Jwt token =
+        Jwt.withTokenValue("test").header("kid", "rsa1").issuer(WLCG_ISSUER).subject("123").build();
 
     mvc.perform(get(SLASH_WLCG_SLASH_FILE).with(jwt().jwt(token)))
       .andExpect(status().isForbidden());
@@ -180,6 +178,25 @@ void getAccessAsJwtWithWriteCapabilityResultsInAccessDenied() throws Exception {
 
   }
 
+  @Test
+  void readWriteAccessAsJwtWithAllowedGroup() throws Exception {
+
+    for (String groupClaim : OAUTH_GROUP_CLAIM_NAMES) {
+      Jwt token = Jwt.withTokenValue("test")
+        .header("kid", "rsa1")
+        .issuer(EXAMPLE_ISSUER)
+        .claim(groupClaim, "/example/admins")
+        .build();
+
+      mvc.perform(get(SLASH_WLCG_SLASH_FILE).with(jwt().jwt(token).authorities(authConverter)))
+        .andExpect(status().isNotFound());
+
+      mvc.perform(put(SLASH_WLCG_SLASH_FILE).with(jwt().jwt(token).authorities(authConverter)))
+        .andExpect(status().isOk());
+    }
+
+  }
+
   @WithMockVOMSUser(vos = "wlcg", saReadPermissions = {"wlcg"})
   @Test
   void localVomsCopyRequiresWithReadPermissionsGetsAccessDenied() throws Exception {