Add tests for KEYCLOAK-15481

This commit is contained in:
vmuzikar 2020-09-10 10:50:58 +02:00 committed by Stan Silvert
parent 952e8fecee
commit cb5c893d87
2 changed files with 113 additions and 0 deletions

View file

@ -0,0 +1,74 @@
/*
* Copyright 2020 Red Hat, Inc. and/or its affiliates
* and other contributors as indicated by the @author tags.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.keycloak.testsuite.ui.account2;
import org.jboss.arquillian.graphene.page.Page;
import org.junit.Test;
import org.keycloak.admin.client.resource.RoleScopeResource;
import org.keycloak.testsuite.ui.account2.page.ForbiddenPage;
import org.keycloak.testsuite.ui.account2.page.PersonalInfoPage;
import org.keycloak.testsuite.ui.account2.page.SigningInPage;
import org.keycloak.testsuite.ui.account2.page.WelcomeScreen;
import java.util.stream.Collectors;
import static org.keycloak.models.AccountRoles.MANAGE_ACCOUNT;
import static org.keycloak.models.Constants.ACCOUNT_MANAGEMENT_CLIENT_ID;
/**
* @author Vaclav Muzikar <vmuzikar@redhat.com>
*/
public class PermissionsTest extends AbstractAccountTest {
@Page
private WelcomeScreen welcomeScreen;
@Page
private PersonalInfoPage personalInfoPage;
@Page
private SigningInPage signingInPage;
@Page
private ForbiddenPage forbiddenPage;
@Test
public void manageAccountRoleRequired() {
// remove the default role from test user
String accountClientId = testRealmResource().clients().findByClientId(ACCOUNT_MANAGEMENT_CLIENT_ID).get(0).getId();
RoleScopeResource roleScopes = testUserResource().roles().clientLevel(accountClientId);
roleScopes.remove(roleScopes.listAll().stream()
.filter(r -> MANAGE_ACCOUNT.equals(r.getName()))
.collect(Collectors.toList()));
welcomeScreen.header().clickLoginBtn();
loginToAccount();
welcomeScreen.assertCurrent(); // no forbidden at welcome screen yet
welcomeScreen.clickPersonalInfoLink();
forbiddenPage.assertCurrent();
signingInPage.navigateToUsingSidebar();
forbiddenPage.assertCurrent();
// still possible to sign out
forbiddenPage.header().clickLogoutBtn();
welcomeScreen.assertCurrent();
welcomeScreen.header().assertLoginBtnVisible(true);
welcomeScreen.header().assertLogoutBtnVisible(false);
}
}

View file

@ -0,0 +1,39 @@
/*
* Copyright 2019 Red Hat, Inc. and/or its affiliates
* and other contributors as indicated by the @author tags.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.keycloak.testsuite.ui.account2.page;
import org.openqa.selenium.WebElement;
import org.openqa.selenium.support.FindBy;
/**
* @author Vaclav Muzikar <vmuzikar@redhat.com>
*/
public class ForbiddenPage extends AbstractLoggedInPage {
@FindBy(tagName = "main")
private WebElement mainTag;
@Override
public String getPageId() {
return "forbidden";
}
@Override
public boolean isCurrent() {
return mainTag.getText().contains("You do not have access rights to this request.");
}
}