diff --git a/src/gui/core/plugin/mapsui/pom.xml b/src/gui/core/plugin/mapsui/pom.xml
index 25da350d..89556826 100644
--- a/src/gui/core/plugin/mapsui/pom.xml
+++ b/src/gui/core/plugin/mapsui/pom.xml
@@ -11,7 +11,7 @@
org.geoserver.geofence
geofence-gui-plugin
- 3.5-SNAPSHOT
+ 3.5.1
org.geoserver.geofence
diff --git a/src/gui/core/plugin/pom.xml b/src/gui/core/plugin/pom.xml
index d90f77af..39def81e 100644
--- a/src/gui/core/plugin/pom.xml
+++ b/src/gui/core/plugin/pom.xml
@@ -14,7 +14,7 @@
org.geoserver.geofence
geofence-gui-core
- 3.5-SNAPSHOT
+ 3.5.1
org.geoserver.geofence
diff --git a/src/gui/core/plugin/userui/pom.xml b/src/gui/core/plugin/userui/pom.xml
index c9d14ed5..f4fd79bd 100644
--- a/src/gui/core/plugin/userui/pom.xml
+++ b/src/gui/core/plugin/userui/pom.xml
@@ -11,7 +11,7 @@
org.geoserver.geofence
geofence-gui-plugin
- 3.5-SNAPSHOT
+ 3.5.1
org.geoserver.geofence
diff --git a/src/gui/core/pom.xml b/src/gui/core/pom.xml
index aed90667..bcd57fb3 100644
--- a/src/gui/core/pom.xml
+++ b/src/gui/core/pom.xml
@@ -13,7 +13,7 @@
org.geoserver.geofence
geofence-gui-root
- 3.5-SNAPSHOT
+ 3.5.1
org.geoserver.geofence
diff --git a/src/gui/core/resources/pom.xml b/src/gui/core/resources/pom.xml
index 34d6bb3d..d8fa54f1 100644
--- a/src/gui/core/resources/pom.xml
+++ b/src/gui/core/resources/pom.xml
@@ -13,7 +13,7 @@
org.geoserver.geofence
geofence-gui-core
- 3.5-SNAPSHOT
+ 3.5.1
org.geoserver.geofence
diff --git a/src/gui/pom.xml b/src/gui/pom.xml
index 4df1cfc8..b35f3a33 100644
--- a/src/gui/pom.xml
+++ b/src/gui/pom.xml
@@ -11,19 +11,19 @@
org.geoserver.geofence
geofence
- 3.5-SNAPSHOT
+ 3.5.1
org.geoserver.geofence
geofence-gui-root
- 3.5-SNAPSHOT
+ 3.5.1
pom
GeoFence - GUI
geofence-gui
- 3.5-SNAPSHOT
+ 3.5.1
21.4
0.4-SNAPSHOT
@@ -59,16 +59,16 @@
geosolutions
GeoSolutions Repository
- http://maven.geo-solutions.it
+ https://maven.geo-solutions.it
gwt-maven
- http://gwt-maven.googlecode.com/svn/trunk/mavenrepo
+ https://gwt-maven.googlecode.com/svn/trunk/mavenrepo
maven-restlet
Restlet Maven Repository
- http://maven.restlet.org
+ https://maven.restlet.org
false
diff --git a/src/gui/web/pom.xml b/src/gui/web/pom.xml
index 7915df72..7d92a092 100644
--- a/src/gui/web/pom.xml
+++ b/src/gui/web/pom.xml
@@ -11,7 +11,7 @@
org.geoserver.geofence
geofence-gui-root
- 3.5-SNAPSHOT
+ 3.5.1
org.geoserver.geofence
diff --git a/src/pom.xml b/src/pom.xml
index 19cbf4cb..cf893ccc 100644
--- a/src/pom.xml
+++ b/src/pom.xml
@@ -10,11 +10,11 @@
org.geoserver.geofence
geofence
- 3.5-SNAPSHOT
+ 3.5.1
pom
- 3.5-SNAPSHOT
+ 3.5.1
3.6.9.Final
1.1.0
1.1.3.2
@@ -50,7 +50,6 @@
Alessio Fabiani
GeoSolutions
- architect
developer
+2
@@ -101,7 +100,7 @@
geosolutions
GeoSolutions Repository
- http://maven.geo-solutions.it/
+ https://maven.geo-solutions.it/
true
diff --git a/src/samples/csv2geofence/pom.xml b/src/samples/csv2geofence/pom.xml
index da6eac9c..d200a16f 100644
--- a/src/samples/csv2geofence/pom.xml
+++ b/src/samples/csv2geofence/pom.xml
@@ -12,7 +12,7 @@
org.geoserver.geofence.sample
csv2geofence
- 3.5-SNAPSHOT
+ 3.5.1
jar
csv2geofence
diff --git a/src/services/core/model-external/pom.xml b/src/services/core/model-external/pom.xml
index 75af74d4..7810fff4 100644
--- a/src/services/core/model-external/pom.xml
+++ b/src/services/core/model-external/pom.xml
@@ -14,7 +14,7 @@
org.geoserver.geofence
geofence-core
- 3.5-SNAPSHOT
+ 3.5.1
org.geoserver.geofence
diff --git a/src/services/core/model/pom.xml b/src/services/core/model/pom.xml
index e92dbfc3..e396b504 100644
--- a/src/services/core/model/pom.xml
+++ b/src/services/core/model/pom.xml
@@ -14,7 +14,7 @@
org.geoserver.geofence
geofence-core
- 3.5-SNAPSHOT
+ 3.5.1
org.geoserver.geofence
diff --git a/src/services/core/persistence-pg-test/pom.xml b/src/services/core/persistence-pg-test/pom.xml
index de3f423d..1c6bc2c5 100644
--- a/src/services/core/persistence-pg-test/pom.xml
+++ b/src/services/core/persistence-pg-test/pom.xml
@@ -12,7 +12,7 @@
org.geoserver.geofence
geofence-core
- 3.5-SNAPSHOT
+ 3.5.1
org.geoserver.geofence
diff --git a/src/services/core/persistence/pom.xml b/src/services/core/persistence/pom.xml
index ef4642db..bcef67e3 100644
--- a/src/services/core/persistence/pom.xml
+++ b/src/services/core/persistence/pom.xml
@@ -12,7 +12,7 @@
org.geoserver.geofence
geofence-core
- 3.5-SNAPSHOT
+ 3.5.1
org.geoserver.geofence
diff --git a/src/services/core/pom.xml b/src/services/core/pom.xml
index 6e099f52..8be0011f 100644
--- a/src/services/core/pom.xml
+++ b/src/services/core/pom.xml
@@ -14,7 +14,7 @@
org.geoserver.geofence
geofence-root
- 3.5-SNAPSHOT
+ 3.5.1
org.geoserver.geofence
diff --git a/src/services/core/services-api/pom.xml b/src/services/core/services-api/pom.xml
index 5f169682..37147e89 100644
--- a/src/services/core/services-api/pom.xml
+++ b/src/services/core/services-api/pom.xml
@@ -14,7 +14,7 @@
org.geoserver.geofence
geofence-core
- 3.5-SNAPSHOT
+ 3.5.1
org.geoserver.geofence
diff --git a/src/services/core/services-api/src/main/java/org/geoserver/geofence/services/dto/RuleFilter.java b/src/services/core/services-api/src/main/java/org/geoserver/geofence/services/dto/RuleFilter.java
index dbdaa738..ac46dccd 100644
--- a/src/services/core/services-api/src/main/java/org/geoserver/geofence/services/dto/RuleFilter.java
+++ b/src/services/core/services-api/src/main/java/org/geoserver/geofence/services/dto/RuleFilter.java
@@ -8,6 +8,10 @@
import org.geoserver.geofence.core.model.Rule;
import java.io.Serializable;
+import java.util.Arrays;
+import java.util.HashSet;
+import java.util.Set;
+import java.util.stream.Collectors;
/**
@@ -25,7 +29,7 @@
*/
public class RuleFilter implements Serializable, Cloneable {
- private static final long serialVersionUID = 5629211135629700042L;
+ private static final long serialVersionUID = 5629211135629700043L;
public enum FilterType {
@@ -159,6 +163,7 @@ public RuleFilter setUser(SpecialFilterType type) {
public RuleFilter setRole(String name) {
if(name == null)
throw new NullPointerException();
+ name = sortNames(name); // force ordering to preserve hashing
role.setText(name);
return this;
}
@@ -276,6 +281,17 @@ public TextFilter getWorkspace() {
// return this;
// }
+
+ private String sortNames(String s) {
+ if(s.contains(",")) {
+ s = Arrays.asList(s.split(",")).stream()
+ .map(n -> n.trim())
+ .sorted()
+ .collect(Collectors.joining(","));
+ }
+ return s;
+ }
+
@Override
public boolean equals(Object obj) {
if (obj == null) {
diff --git a/src/services/core/services-api/src/test/java/org/geoserver/geofence/services/util/RuleFilterTest.java b/src/services/core/services-api/src/test/java/org/geoserver/geofence/services/util/RuleFilterTest.java
new file mode 100644
index 00000000..d8249120
--- /dev/null
+++ b/src/services/core/services-api/src/test/java/org/geoserver/geofence/services/util/RuleFilterTest.java
@@ -0,0 +1,30 @@
+package org.geoserver.geofence.services.util;
+
+import org.geoserver.geofence.services.dto.RuleFilter;
+import static org.junit.Assert.*;
+import org.junit.Test;
+
+/**
+ *
+ */
+public class RuleFilterTest {
+ @Test
+ public void testRole() {
+ RuleFilter f = new RuleFilter();
+ f.setRole("pippo");
+ assertEquals("pippo", f.getRole().getText());
+
+ f.setRole("a,b");
+ assertEquals("a,b", f.getRole().getText());
+
+ f.setRole("b,a");
+ assertEquals("a,b", f.getRole().getText());
+
+ f.setRole("a, b");
+ assertEquals("a,b", f.getRole().getText());
+
+ f.setRole(" b , a ");
+ assertEquals("a,b", f.getRole().getText());
+ }
+
+}
diff --git a/src/services/core/services-impl/pom.xml b/src/services/core/services-impl/pom.xml
index c5244f83..0c04001a 100644
--- a/src/services/core/services-impl/pom.xml
+++ b/src/services/core/services-impl/pom.xml
@@ -12,7 +12,7 @@
org.geoserver.geofence
geofence-core
- 3.5-SNAPSHOT
+ 3.5.1
org.geoserver.geofence
diff --git a/src/services/core/services-impl/src/main/java/org/geoserver/geofence/services/RuleReaderServiceImpl.java b/src/services/core/services-impl/src/main/java/org/geoserver/geofence/services/RuleReaderServiceImpl.java
index 8c5c4571..f5ac39af 100644
--- a/src/services/core/services-impl/src/main/java/org/geoserver/geofence/services/RuleReaderServiceImpl.java
+++ b/src/services/core/services-impl/src/main/java/org/geoserver/geofence/services/RuleReaderServiceImpl.java
@@ -21,7 +21,6 @@
import org.geoserver.geofence.services.dto.AccessInfo;
import org.geoserver.geofence.services.dto.AuthUser;
import org.geoserver.geofence.services.dto.RuleFilter;
-import org.geoserver.geofence.services.dto.RuleFilter.FilterType;
import org.geoserver.geofence.services.dto.RuleFilter.IdNameFilter;
import org.geoserver.geofence.services.dto.RuleFilter.SpecialFilterType;
import org.geoserver.geofence.services.dto.RuleFilter.TextFilter;
@@ -33,9 +32,6 @@
import org.opengis.referencing.crs.CoordinateReferenceSystem;
import org.opengis.referencing.operation.MathTransform;
import org.opengis.referencing.operation.TransformException;
-import org.springframework.security.core.Authentication;
-import org.springframework.security.core.GrantedAuthority;
-import org.springframework.security.core.context.SecurityContextHolder;
import java.util.*;
import java.util.Map.Entry;
@@ -364,14 +360,19 @@ private String validateUsername(TextFilter filter) {
}
}
- private String validateRolename(TextFilter filter) {
+ private List validateRolenames(TextFilter filter) {
switch(filter.getType()) {
case NAMEVALUE:
- String name = filter.getText();
- if(StringUtils.isBlank(name) )
- throw new BadRequestServiceEx("Blank role name");
- return name.trim();
+ String names = filter.getText();
+ List roles = new ArrayList<>();
+ for(String name : names.split(",")) {
+ if(StringUtils.isBlank(name) )
+ throw new BadRequestServiceEx("Blank role name");
+ roles.add(name.trim());
+ }
+ return roles;
+
case DEFAULT:
case ANY:
return null;
@@ -533,7 +534,7 @@ protected static CatalogMode getLarger(CatalogMode m1, CatalogMode m2) {
* username assigned and rolename:ANY -> should consider all the roles the user belongs to
* username:ANY and rolename assigned -> should consider all the users belonging to the given role
*
- *
+ * @param filter a RuleFilter for rule selection. side effect May be changed by the method
* @return a Map having role names as keys, and the list of matching Rules as values. The NULL key holds the rules for the DEFAULT group.
*/
protected Map> getRules(RuleFilter filter) throws BadRequestServiceEx {
@@ -547,7 +548,8 @@ protected Map> getRules(RuleFilter filter) throws BadRequestS
Map> ret = new HashMap<>();
if(finalRoleFilter.isEmpty()) {
- List found = getRuleAux(filter, filter.getRole());
+ TextFilter roleFilter = new TextFilter(filter.getRole().getType(), filter.getRole().isIncludeDefault());
+ List found = getRuleAux(filter, roleFilter);
ret.put(null, found);
} else {
for (String role : finalRoleFilter) {
@@ -593,65 +595,45 @@ protected Set validateUserRoles(RuleFilter filter) throws BadRequestServ
String username = validateUsername(filter.getUser());
// rolename can be null if the group filter asks for ANY or DEFAULT
- String rolename = validateRolename(filter.getRole());
+ List requestedRoles = validateRolenames(filter.getRole()); // CSV rolenames
- // filtering by both user and role is pointless
- if(username != null && rolename != null) {
- throw new BadRequestServiceEx("You can filter either by user or role");
- }
-
- Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
- Collection authorities;
- if (authentication == null) {
- authorities = new HashSet<>();
- } else {
- authorities = authentication.getAuthorities();
- }
Set finalRoleFilter = new HashSet<>();
// If both user and group are defined in filter
- // if user doensn't belong to group, no rule is returned
+ // if user doesn't belong to group, no rule is returned
// otherwise assigned or default rules are searched for
- if(username != null) {
- Set assignedRoles = userResolver.getRoles(username);
- if (authorities != null) {
- for (GrantedAuthority authority : authorities) {
- assignedRoles.add(authority.getAuthority());
- }
- }
- if(rolename != null) {
- if( assignedRoles.contains(rolename)) {
- finalRoleFilter = Collections.singleton(rolename);
+
+ switch(filter.getRole().getType()) {
+ case NAMEVALUE:
+ if(username != null) {
+ Set resolvedRoles = userResolver.getRoles(username);
+ for(String role: requestedRoles) {
+ if(resolvedRoles.contains(role)) {
+ finalRoleFilter.add(role);
+ } else {
+ LOGGER.warn("User does not belong to role [User:"+filter.getUser()+"] [Role:"+role+"] [ResolvedRoles:"+resolvedRoles+"]");
+ }
+ }
} else {
- LOGGER.warn("User does not belong to role [User:"+filter.getUser()+"] [Role:"+filter.getRole()+"] [Roles:"+assignedRoles+"]");
- return null;
+ finalRoleFilter.addAll(requestedRoles);
}
- } else {
- // User set and found, role (ANY, DEFAULT or notfound):
+ break;
- if(filter.getRole().getType() == FilterType.ANY) {
- if( ! assignedRoles.isEmpty()) {
- finalRoleFilter = assignedRoles;
+ case ANY:
+ if(username != null) {
+ Set resolvedRoles = userResolver.getRoles(username);
+ if( ! resolvedRoles.isEmpty()) {
+ finalRoleFilter = resolvedRoles;
} else {
filter.setRole(SpecialFilterType.DEFAULT);
}
} else {
- // role is DEFAULT or not found:
- // if role filter request DEFAULT -> ok, apply the filter
- // if role does not exists, just apply the filter, even if probably no rule will match
+ // no changes, use requested filtering
}
- }
- } else {
- // user is null: then either:
- // 1) no filter on user was requested (ANY or DEFAULT)
- // 2) user has not been found
- if(rolename != null) {
- finalRoleFilter.add(rolename);
- } else if(filter.getUser().getType() != FilterType.ANY) {
- filter.setRole(SpecialFilterType.DEFAULT);
- } else {
- // group is ANY, DEFAULT or not found:
- // no grouping, use requested filtering
- }
+ break;
+
+ case DEFAULT:
+ // no changes
+ break;
}
return finalRoleFilter;
diff --git a/src/services/core/services-impl/src/test/java/org/geoserver/geofence/services/RuleReaderServiceImplTest.java b/src/services/core/services-impl/src/test/java/org/geoserver/geofence/services/RuleReaderServiceImplTest.java
index fc976187..8713acbb 100644
--- a/src/services/core/services-impl/src/test/java/org/geoserver/geofence/services/RuleReaderServiceImplTest.java
+++ b/src/services/core/services-impl/src/test/java/org/geoserver/geofence/services/RuleReaderServiceImplTest.java
@@ -6,12 +6,7 @@
package org.geoserver.geofence.services;
import org.geoserver.geofence.core.model.*;
-import org.locationtech.jts.geom.Geometry;
-import org.geoserver.geofence.core.model.enums.CatalogMode;
import org.geoserver.geofence.core.model.enums.*;
-import org.locationtech.jts.geom.MultiPolygon;
-import org.locationtech.jts.io.ParseException;
-import org.locationtech.jts.io.WKTReader;
import org.geoserver.geofence.services.dto.AccessInfo;
import org.geoserver.geofence.services.dto.RuleFilter;
import org.geoserver.geofence.services.dto.RuleFilter.SpecialFilterType;
@@ -22,6 +17,8 @@
import java.util.Arrays;
import java.util.HashSet;
import java.util.List;
+import java.util.Set;
+import java.util.stream.Collectors;
import org.junit.AfterClass;
import org.junit.BeforeClass;
@@ -391,17 +388,6 @@ public void testGroupOrder02() {
assertEquals(GrantType.DENY, ruleReaderService.getAccessInfo(filterU2).getGrant());
}
- protected MultiPolygon buildMultiPolygon(String multip) {
- try {
- WKTReader reader = new WKTReader();
- MultiPolygon mp = (MultiPolygon) reader.read(multip);
- mp.setSRID(4326);
- return mp;
- } catch (ParseException ex) {
- throw new RuntimeException("Unexpected exception: " + ex.getMessage(), ex);
- }
- }
-
@Test
public void testAttrib() throws NotFoundServiceEx {
assertEquals(0, ruleAdminService.getCountAll());
@@ -736,442 +722,112 @@ public void testAdminRules() {
}
@Test
- public void testRuleLimitsAllowedAreaSRIDIsPreserved() throws NotFoundServiceEx, ParseException {
- // test that the original SRID is present in the allowedArea wkt representation,
- // when retrieving it from the AccessInfo object
- Long id =null;
- Long id2=null;
- try {
- {
- Rule r1 = new Rule(10, null, null, null, null, "s1", "r1", "w1", "l1", GrantType.LIMIT);
- ruleAdminService.insert(r1);
- id = r1.getId();
- }
-
- {
- Rule r2 = new Rule(11, null, null, null, null, "s1", "r1", "w1", "l1", GrantType.ALLOW);
- id2 = ruleAdminService.insert(r2);
- }
-
- // save limits and check it has been saved
- {
- RuleLimits limits = new RuleLimits();
- String wkt = "MULTIPOLYGON(((0.0016139656066815888 -0.0006386457758059581,0.0019599705696027314 -0.0006386457758059581,0.0019599705696027314 -0.0008854090051601674,0.0016139656066815888 -0.0008854090051601674,0.0016139656066815888 -0.0006386457758059581)))";
- Geometry allowedArea = new WKTReader().read(wkt);
- allowedArea.setSRID(3857);
- limits.setAllowedArea((MultiPolygon) allowedArea);
- ruleAdminService.setLimits(id, limits);
- }
-
- {
- RuleFilter filter = new RuleFilter(SpecialFilterType.ANY, true);
- filter.setWorkspace("w1");
- filter.setService("s1");
- filter.setRequest("r1");
- filter.setLayer("l1");
- AccessInfo accessInfo = ruleReaderService.getAccessInfo(filter);
- String[] wktAr = accessInfo.getAreaWkt().split(";");
- assertEquals("SRID=3857", wktAr[0]);
-
- }
- } finally {
-
- if(id!=null)
- ruleAdminService.delete(id);
- if (id2!=null)
- ruleAdminService.delete(id2);
-
- }
- }
-
-
- @Test
- public void testRuleLimitsAllowedAreaReprojectionWithDifferentSrid() throws NotFoundServiceEx, ParseException {
- // test that the original SRID is present in the allowedArea wkt representation,
- // when retrieving it from the AccessInfo object
- Long id = null;
- Long id2 = null;
- Long id3 = null;
- try {
- {
- Rule r1 = new Rule(999, null, null, null, null, "s1", "r1", "w1", "l1", GrantType.ALLOW);
- ruleAdminService.insert(r1);
- id = r1.getId();
- }
-
- {
- Rule r2 = new Rule(11, null, null, null, null, "s1", "r1", "w1", "l1", GrantType.LIMIT);
- id2 = ruleAdminService.insert(r2);
- }
-
- // save limits and check it has been saved
- {
- RuleLimits limits = new RuleLimits();
- String wkt = "MultiPolygon (((1680529.71478682174347341 4849746.00902365241199732, 1682436.7076464940328151 4849731.7422441728413105, 1682446.21883281995542347 4849208.62699576932936907, 1680524.95919364970177412 4849279.96089325752109289, 1680529.71478682174347341 4849746.00902365241199732)))";
- Geometry allowedArea = new WKTReader().read(wkt);
- allowedArea.setSRID(3003);
- limits.setAllowedArea((MultiPolygon) allowedArea);
- ruleAdminService.setLimits(id2, limits);
- }
-
- {
- Rule r3 = new Rule(12, null, null, null, null, "s1", "r1", "w1", "l1", GrantType.LIMIT);
- id3 = ruleAdminService.insert(r3);
- }
-
- // save limits and check it has been saved
- {
- RuleLimits limits = new RuleLimits();
- String wkt = "MultiPolygon (((680588.67850254673976451 4850060.34823693986982107, 681482.71827003755606711 4850469.32878803834319115, 682633.56349697941914201 4849499.20374245755374432, 680588.67850254673976451 4850060.34823693986982107)))";
- Geometry allowedArea = new WKTReader().read(wkt);
- allowedArea.setSRID(23032);
- limits.setAllowedArea((MultiPolygon) allowedArea);
- ruleAdminService.setLimits(id3, limits);
- }
-
- {
- RuleFilter filter = new RuleFilter(SpecialFilterType.ANY, true);
- filter.setWorkspace("w1");
- filter.setService("s1");
- filter.setRequest("r1");
- filter.setLayer("l1");
- AccessInfo accessInfo = ruleReaderService.getAccessInfo(filter);
- String[] wktAr = accessInfo.getAreaWkt().split(";");
- assertEquals("SRID=3003", wktAr[0]);
-
- }
- } finally {
-
- if (id != null)
- ruleAdminService.delete(id);
- if (id2 != null)
- ruleAdminService.delete(id2);
- if (id3 != null)
- ruleAdminService.delete(id3);
-
- }
- }
-
- public void testRuleSpatialFilterTypeClipSameGroup() throws ParseException {
-
- // test that when we have two rules referring to the same group
- // one having a filter type Intersects and the other one having filter type Clip
- // the result is a clip area obtained by the intersection of the two.
-
- UserGroup g1 = createRole("group11");
- UserGroup g2 = createRole("group12");
- GSUser user = createUser("auth11",g1,g2);
-
- ruleAdminService.insert(new Rule(9999, null, null, null, null, "s11", "r11", "w11", "l11", GrantType.ALLOW));
- long id=ruleAdminService.insert(new Rule(10, user.getName(), "group11", null, null, "s11", "r11", "w11", "l11", GrantType.LIMIT));
- RuleLimits limits = new RuleLimits();
- limits.setSpatialFilterType(SpatialFilterType.CLIP);
- limits.setCatalogMode(CatalogMode.HIDE);
- String areaWKT= "MultiPolygon (((-1.93327272727272859 5.5959090909090925, 2.22727272727272707 5.67609090909091041, 2.00454545454545441 4.07245454545454599, -1.92436363636363761 4.54463636363636425, -1.92436363636363761 4.54463636363636425, -1.93327272727272859 5.5959090909090925)))";
- MultiPolygon area=(MultiPolygon)new WKTReader().read(areaWKT);
- limits.setAllowedArea(area);
- ruleAdminService.setLimits(id, limits);
-
-
- long id2=ruleAdminService.insert(new Rule(11, user.getName(), "group12", null, null, "s11", "r11", "w11", "l11", GrantType.LIMIT));
- RuleLimits limits2 = new RuleLimits();
- limits2.setSpatialFilterType(SpatialFilterType.INTERSECT);
- limits2.setCatalogMode(CatalogMode.HIDE);
- String areaWKT2="MultiPolygon (((-1.78181818181818308 5.95227272727272894, -0.16927272727272813 5.4711818181818197, 1.97781818181818148 3.81409090909090986, 1.93327272727272748 2.05009090909090919, -2.6638181818181832 2.64700000000000069, -1.78181818181818308 5.95227272727272894)))";
- MultiPolygon area2=(MultiPolygon)new WKTReader().read(areaWKT2);
- limits2.setAllowedArea(area2);
- ruleAdminService.setLimits(id2, limits2);
- RuleFilter filter = new RuleFilter(SpecialFilterType.ANY, true);
- filter.setWorkspace("w11");
- filter.setLayer("l11");
-
- AccessInfo accessInfo = ruleReaderService.getAccessInfo(filter);
- assertEquals(GrantType.ALLOW, accessInfo.getGrant());
- assertFalse(accessInfo.getAdminRights());
-
- // area in same group, the result should an itersection of the
- // two allowed area as a clip geometry.
-
- Geometry testArea=area.intersection(area2);
- testArea.normalize();
- assertNull(accessInfo.getAreaWkt());
- assertNotNull(accessInfo.getClipAreaWkt());
-
- Geometry resultArea= (new WKTReader().read(accessInfo.getClipAreaWkt()));
- resultArea.normalize();
- assertTrue(testArea.equalsExact(resultArea,10.0E-15));
- }
+ public void testMultiRoles() {
+ RuleFilter filter;
- @Test
- public void testRuleSpatialFilterTypeIntersectsSameGroup() throws ParseException {
-
- // test that when we have two rules referring to the same group
- // both having a filter type Intersects
- // the result is an intersect area obtained by the intersection of the two.
-
- UserGroup g1 = createRole("group13");
- UserGroup g2 = createRole("group14");
- GSUser user = createUser("auth12",g1,g2);
-
- ruleAdminService.insert(new Rule(9999, null, null, null, null, "s11", "r11", "w11", "l11", GrantType.ALLOW));
- long id=ruleAdminService.insert(new Rule(13, user.getName(), "group13", null, null, "s11", "r11", "w11", "l11", GrantType.LIMIT));
- RuleLimits limits = new RuleLimits();
- limits.setSpatialFilterType(SpatialFilterType.INTERSECT);
- limits.setCatalogMode(CatalogMode.HIDE);
- String areaWKT= "MultiPolygon (((-1.93327272727272859 5.5959090909090925, 2.22727272727272707 5.67609090909091041, 2.00454545454545441 4.07245454545454599, -1.92436363636363761 4.54463636363636425, -1.92436363636363761 4.54463636363636425, -1.93327272727272859 5.5959090909090925)))";
- MultiPolygon area=(MultiPolygon)new WKTReader().read(areaWKT);
- limits.setAllowedArea(area);
- ruleAdminService.setLimits(id, limits);
-
-
- long id2=ruleAdminService.insert(new Rule(14, user.getName(), "group14", null, null, "s11", "r11", "w11", "l11", GrantType.LIMIT));
- RuleLimits limits2 = new RuleLimits();
- limits2.setSpatialFilterType(SpatialFilterType.INTERSECT);
- limits2.setCatalogMode(CatalogMode.HIDE);
- String areaWKT2="MultiPolygon (((-1.78181818181818308 5.95227272727272894, -0.16927272727272813 5.4711818181818197, 1.97781818181818148 3.81409090909090986, 1.93327272727272748 2.05009090909090919, -2.6638181818181832 2.64700000000000069, -1.78181818181818308 5.95227272727272894)))";
- MultiPolygon area2=(MultiPolygon)new WKTReader().read(areaWKT2);
- limits2.setAllowedArea(area2);
- ruleAdminService.setLimits(id2, limits2);
- RuleFilter filter = new RuleFilter(SpecialFilterType.ANY, true);
- filter.setWorkspace("w11");
- filter.setLayer("l11");
+ filter = new RuleFilter(RuleFilter.SpecialFilterType.ANY);
+ assertEquals(0, ruleAdminService.count(filter));
- AccessInfo accessInfo = ruleReaderService.getAccessInfo(filter);
- assertEquals(GrantType.ALLOW, accessInfo.getGrant());
- assertFalse(accessInfo.getAdminRights());
+ UserGroup p1 = createRole("p1");
+ UserGroup p2 = createRole("p2");
+ UserGroup p3 = createRole("p3");
- // area in same group, the result should an itersection of the
- // two allowed area as an intersects geometry.
+ String u1 = "TestUser1";
+ String u2 = "TestUser2";
+ String u3 = "TestUser3";
- Geometry testArea=area.intersection(area2);
- testArea.normalize();
- assertNull(accessInfo.getClipAreaWkt());
- assertNotNull(accessInfo.getAreaWkt());
+ GSUser user1 = new GSUser();
+ user1.setName(u1);
+ user1.getGroups().add(p1);
- Geometry resultArea= (new WKTReader().read(accessInfo.getAreaWkt()));
- resultArea.normalize();
- assertTrue(testArea.equalsExact(resultArea,10.0E-15));
- }
+ GSUser user2 = new GSUser();
+ user2.setName(u2);
+ user2.getGroups().add(p2);
+ GSUser user12 = new GSUser();
+ user12.setName(u3);
+ user12.getGroups().add(p1);
+ user12.getGroups().add(p2);
- @Test
- public void testRuleSpatialFilterTypeEnlargeAccess() throws ParseException {
- // test the access enalargement behaviour with the SpatialFilterType.
- // the user belongs to two groups. One with an allowedArea of type intersects,
- // the other one with an allowed area of type clip. They should be returned
- // separately in the final rule.
-
- UserGroup g1 = createRole("group22");
- UserGroup g2 = createRole("group23");
- GSUser user = createUser("auth22", g1,g2);
-
- ruleAdminService.insert(new Rule(999, null, null, null, null, "s22", "r22", "w22", "l22", GrantType.ALLOW));
-
- long id=ruleAdminService.insert(new Rule(15, null, "group22", null, null, "s22", "r22", "w22", "l22", GrantType.LIMIT));
- RuleLimits limits = new RuleLimits();
- limits.setSpatialFilterType(SpatialFilterType.INTERSECT);
- limits.setCatalogMode(CatalogMode.HIDE);
- String areaWKT= "MultiPolygon (((-1.93327272727272859 5.5959090909090925, 2.22727272727272707 5.67609090909091041, 2.00454545454545441 4.07245454545454599, -1.92436363636363761 4.54463636363636425, -1.92436363636363761 4.54463636363636425, -1.93327272727272859 5.5959090909090925)))";
- MultiPolygon area=(MultiPolygon)new WKTReader().read(areaWKT);
- limits.setAllowedArea(area);
- ruleAdminService.setLimits(id, limits);
-
-
- long id2=ruleAdminService.insert(new Rule(16,null, "group23", null, null, "s22", "r22", "w22", "l22", GrantType.LIMIT));
- RuleLimits limits2 = new RuleLimits();
- limits2.setSpatialFilterType(SpatialFilterType.CLIP);
- limits2.setCatalogMode(CatalogMode.HIDE);
- String areaWKT2="MultiPolygon (((-1.78181818181818308 5.95227272727272894, -0.16927272727272813 5.4711818181818197, 1.97781818181818148 3.81409090909090986, 1.93327272727272748 2.05009090909090919, -2.6638181818181832 2.64700000000000069, -1.78181818181818308 5.95227272727272894)))";
- MultiPolygon area2=(MultiPolygon)new WKTReader().read(areaWKT2);
- limits2.setAllowedArea(area2);
- ruleAdminService.setLimits(id2, limits2);
- RuleFilter filter = new RuleFilter(SpecialFilterType.ANY, true);
- filter.setWorkspace("w22");
- filter.setLayer("l22");
- filter.setUser(user.getName());
- AccessInfo accessInfo = ruleReaderService.getAccessInfo(filter);
- assertEquals(GrantType.ALLOW, accessInfo.getGrant());
- assertFalse(accessInfo.getAdminRights());
+ userAdminService.insert(user1);
+ userAdminService.insert(user2);
+ userAdminService.insert(user12);
+
+ ruleAdminService.insert(new Rule(10, u1, "p1", null, null, "s1", "r1", "w1", "l1", GrantType.ALLOW));
+ ruleAdminService.insert(new Rule(20, u2, "p2", null, null, "s1", "r2", "w2", "l2", GrantType.ALLOW));
+ ruleAdminService.insert(new Rule(30, u1, null, null, null, null, null, null, null, GrantType.ALLOW));
+ ruleAdminService.insert(new Rule(40, u2, null, null, null, null, null, null, null, GrantType.ALLOW));
+ ruleAdminService.insert(new Rule(50, u3, null, null, null, null, null, null, null, GrantType.ALLOW));
+ ruleAdminService.insert(new Rule(51, u3, "p1", null, null, null, null, null, null, GrantType.ALLOW));
+ ruleAdminService.insert(new Rule(52, u3, "p2", null, null, null, null, null, null, GrantType.ALLOW));
+ ruleAdminService.insert(new Rule(60, null,"p1", null, null, null, null, null, null, GrantType.ALLOW));
+ ruleAdminService.insert(new Rule(70, null,"p2", null, null, null, null, null, null, GrantType.ALLOW));
+ ruleAdminService.insert(new Rule(80, null,"p3", null, null, null, null, null, null, GrantType.ALLOW));
+ ruleAdminService.insert(new Rule(901, u1, "p2", null, null, null, null, null, null, GrantType.ALLOW));
+ ruleAdminService.insert(new Rule(902, u2, "p1", null, null, null, null, null, null, GrantType.ALLOW));
+ ruleAdminService.insert(new Rule(999, null, null, null, null, null, null, null, null, GrantType.ALLOW));
- // we got a user in two groups one with an intersect spatialFilterType
- // and the other with a clip spatialFilterType. The two area should haven
- // been kept separated
- assertNotNull(accessInfo.getAreaWkt());
- assertNotNull(accessInfo.getClipAreaWkt());
-
- // the intersects should be equal to the originally defined
- // allowed area
- Geometry intersects= new WKTReader().read(accessInfo.getAreaWkt());
- intersects.normalize();
- assertTrue(intersects.equalsExact(area, 10.0E-15));
-
- Geometry clip=new WKTReader().read(accessInfo.getClipAreaWkt());
- clip.normalize();
- area2.normalize();
- assertTrue(clip.equalsExact(area2,10.0E-15));
+
+ assertRules(createFilter("*", "*"), new Integer[]{10,20,30,40,50,51,52,60,70,80,901,902,999});
+ assertRules(createFilter("*", null), new Integer[]{30,40,50,999});
+ assertRules(createFilter("*", "NO"), new Integer[]{30,40,50,999});
+ assertRules(createFilter("*", "p1"), new Integer[]{10,30,40,50,51,60,902,999});
+ assertRules(createFilter("*", "p1,NO"), new Integer[]{10,30,40,50,51,60,902,999});
+ assertRules(createFilter("*", "p1,p2"), new Integer[]{10,20,30,40,50,51,52,60,70,901,902,999});
+ assertRules(createFilter("*", "p1,p2,NO"), new Integer[]{10,20,30,40,50,51,52,60,70,901,902,999});
+
+ assertRules(createFilter(null, "*"), new Integer[]{60,70,80,999});
+ assertRules(createFilter(null, null), new Integer[]{999});
+ assertRules(createFilter(null, "NO"), new Integer[]{999});
+ assertRules(createFilter(null, "p1"), new Integer[]{60,999});
+ assertRules(createFilter(null, "p1,NO"), new Integer[]{60,999});
+ assertRules(createFilter(null, "p1,p2"), new Integer[]{60,70,999});
+ assertRules(createFilter(null, "p1,p2,NO"), new Integer[]{60,70,999});
+
+ assertRules(createFilter("NO", "*"), new Integer[]{999});
+ assertRules(createFilter("NO", null), new Integer[]{999});
+ assertRules(createFilter("NO", "NO"), new Integer[]{999});
+ assertRules(createFilter("NO","p1"), new Integer[]{999});
+ assertRules(createFilter("NO","p1,NO"), new Integer[]{999});
+ assertRules(createFilter("NO","p1,p2"), new Integer[]{999});
+ assertRules(createFilter("NO","p1,p2,NO"), new Integer[]{999});
+
+ assertRules(createFilter(u1, "*"), new Integer[]{10,30,60,999});
+ assertRules(createFilter(u1, null), new Integer[]{30,999});
+ assertRules(createFilter(u1, "NO"), new Integer[]{30,999});
+ assertRules(createFilter(u1, "p1"), new Integer[]{10,30,60,999});
+ assertRules(createFilter(u1, "p1,NO"), new Integer[]{10,30,60,999});
+ assertRules(createFilter(u1, "p1,p2"), new Integer[]{10,30,60,999});
+ assertRules(createFilter(u1, "p1,p2,NO"), new Integer[]{10,30,60,999});
+
+ assertRules(createFilter(u3, "*"), new Integer[]{50,51,52,60,70,999});
+ assertRules(createFilter(u3, null), new Integer[]{50,999});
+ assertRules(createFilter(u3, "NO"), new Integer[]{50,999});
+ assertRules(createFilter(u3, "p1"), new Integer[]{50,51,60,999});
+ assertRules(createFilter(u3, "p2"), new Integer[]{50,52,70,999});
+ assertRules(createFilter(u3, "p1,NO"), new Integer[]{50,51,60,999});
+ assertRules(createFilter(u3, "p1,p2"), new Integer[]{50,51,52,60,70,999});
+ assertRules(createFilter(u3, "p1,p2,p3"), new Integer[]{50,51,52,60,70,999});
+ assertRules(createFilter(u3, "p1,p2,NO"), new Integer[]{50,51,52,60,70,999});
}
-
- @Test
- public void testRuleSpatialFilterTypeFourRules() throws ParseException {
- // the user belongs to two groups and there are two rules for each group:
- // INTERSECTS and CLIP for the first, and CLIP CLIP for the second.
- // The expected result is only one allowedArea of type clip
- // obtained by the intersection of the firs two, united with the intersection of the second two.
- // the first INTERSECTS is resolve as CLIP because during constraint resolution the more restrictive
- // type is chosen.
-
- UserGroup g1 = createRole("group31");
- UserGroup g2 = createRole("group32");
- GSUser user = createUser("auth33", g1,g2);
-
- WKTReader reader = new WKTReader();
-
- ruleAdminService.insert(new Rule(999, null, null, null, null, "s22", "r22", "w22", "l22", GrantType.ALLOW));
-
- long id=ruleAdminService.insert(new Rule(17, null, "group31", null, null, "s22", "r22", "w22", "l22", GrantType.LIMIT));
- RuleLimits limits = new RuleLimits();
- limits.setSpatialFilterType(SpatialFilterType.INTERSECT);
- limits.setCatalogMode(CatalogMode.HIDE);
- String areaWKT= "MultiPolygon (((-1.93327272727272859 5.5959090909090925, 2.22727272727272707 5.67609090909091041, 2.00454545454545441 4.07245454545454599, -1.92436363636363761 4.54463636363636425, -1.92436363636363761 4.54463636363636425, -1.93327272727272859 5.5959090909090925)))";
- MultiPolygon area=(MultiPolygon)reader.read(areaWKT);
- limits.setAllowedArea(area);
- ruleAdminService.setLimits(id, limits);
-
- long id2=ruleAdminService.insert(new Rule(18,null, "group31", null, null, "s22", "r22", "w22", "l22", GrantType.LIMIT));
- RuleLimits limits2 = new RuleLimits();
- limits2.setSpatialFilterType(SpatialFilterType.CLIP);
- limits2.setCatalogMode(CatalogMode.HIDE);
- String areaWKT2="MultiPolygon (((-1.46109090909091011 5.68500000000000139, -0.68600000000000083 5.7651818181818193, -0.73945454545454625 2.00554545454545519, -1.54127272727272846 1.9610000000000003, -1.46109090909091011 5.68500000000000139)))";
- MultiPolygon area2=(MultiPolygon)reader.read(areaWKT2);
- limits2.setAllowedArea(area2);
- ruleAdminService.setLimits(id2, limits2);
-
- long id3=ruleAdminService.insert(new Rule(19,null, "group32", null, null, "s22", "r22", "w22", "l22", GrantType.LIMIT));
- RuleLimits limits3 = new RuleLimits();
- limits3.setSpatialFilterType(SpatialFilterType.CLIP);
- limits3.setCatalogMode(CatalogMode.HIDE);
- String areaWKT3="MultiPolygon (((-1.78181818181818308 5.95227272727272894, -0.16927272727272813 5.4711818181818197, 1.97781818181818148 3.81409090909090986, 1.93327272727272748 2.05009090909090919, -2.6638181818181832 2.64700000000000069, -1.78181818181818308 5.95227272727272894)))";
- MultiPolygon area3=(MultiPolygon)reader.read(areaWKT3);
- limits3.setAllowedArea(area3);
- ruleAdminService.setLimits(id3, limits3);
-
-
- long id4=ruleAdminService.insert(new Rule(20,null, "group32", null, null, "s22", "r22", "w22", "l22", GrantType.LIMIT));
- RuleLimits limits4 = new RuleLimits();
- limits4.setSpatialFilterType(SpatialFilterType.CLIP);
- limits4.setCatalogMode(CatalogMode.HIDE);
- String areaWKT4="MultiPolygon (((-1.30963636363636482 5.96118181818181991, 1.78181818181818175 4.84754545454545571, -0.90872727272727349 2.26390909090909132, -1.30963636363636482 5.96118181818181991)))";
- MultiPolygon area4=(MultiPolygon)reader.read(areaWKT4);
- limits4.setAllowedArea(area4);
- ruleAdminService.setLimits(id4, limits4);
-
-
- RuleFilter filter = new RuleFilter(SpecialFilterType.ANY, true);
- filter.setWorkspace("w22");
- filter.setLayer("l22");
- filter.setUser(user.getName());
- AccessInfo accessInfo = ruleReaderService.getAccessInfo(filter);
- assertEquals(GrantType.ALLOW, accessInfo.getGrant());
- assertFalse(accessInfo.getAdminRights());
- // we should have only the clip geometry
- assertNull(accessInfo.getAreaWkt());
- assertNotNull(accessInfo.getClipAreaWkt());
-
- // the intersects should be equal to the originally defined
- // allowed area
-
- Geometry expectedResult=area.intersection(area2).union(area3.intersection(area4));
- expectedResult.normalize();
- Geometry clip=reader.read(accessInfo.getClipAreaWkt());
- clip.normalize();
- assertTrue(clip.equalsExact(expectedResult,10.0E-15));
+
+ private RuleFilter createFilter(String userName, String groupName) {
+ return new RuleFilter(userName, groupName, "*", "*", "*", "*", "*", "*");
}
-
-
- @Test
- public void testRuleSpatialFilterTypeFourRules2() throws ParseException {
- // the user belongs to two groups and there are two rules for each group:
- // CLIP and CLIP for the first, and INTERSECTS INTERSECTS for the second.
- // The expected result are two allowedArea the first of type clip and second of type intersects.
-
- UserGroup g1 = createRole("group41");
- UserGroup g2 = createRole("group42");
- GSUser user = createUser("auth44", g1,g2);
-
- WKTReader reader = new WKTReader();
-
- ruleAdminService.insert(new Rule(999, null, null, null, null, "s22", "r22", "w22", "l22", GrantType.ALLOW));
-
- long id=ruleAdminService.insert(new Rule(21, null, "group41", null, null, "s22", "r22", "w22", "l22", GrantType.LIMIT));
- RuleLimits limits = new RuleLimits();
- limits.setSpatialFilterType(SpatialFilterType.CLIP);
- limits.setCatalogMode(CatalogMode.HIDE);
- String areaWKT= "MultiPolygon (((-1.93327272727272859 5.5959090909090925, 2.22727272727272707 5.67609090909091041, 2.00454545454545441 4.07245454545454599, -1.92436363636363761 4.54463636363636425, -1.92436363636363761 4.54463636363636425, -1.93327272727272859 5.5959090909090925)))";
- MultiPolygon area=(MultiPolygon)reader.read(areaWKT);
- limits.setAllowedArea(area);
- ruleAdminService.setLimits(id, limits);
-
- long id2=ruleAdminService.insert(new Rule(22,null, "group41", null, null, "s22", "r22", "w22", "l22", GrantType.LIMIT));
- RuleLimits limits2 = new RuleLimits();
- limits2.setSpatialFilterType(SpatialFilterType.CLIP);
- limits2.setCatalogMode(CatalogMode.HIDE);
- String areaWKT2="MultiPolygon (((-1.46109090909091011 5.68500000000000139, -0.68600000000000083 5.7651818181818193, -0.73945454545454625 2.00554545454545519, -1.54127272727272846 1.9610000000000003, -1.46109090909091011 5.68500000000000139)))";
- MultiPolygon area2=(MultiPolygon)reader.read(areaWKT2);
- limits2.setAllowedArea(area2);
- ruleAdminService.setLimits(id2, limits2);
-
- long id3=ruleAdminService.insert(new Rule(23,null, "group42", null, null, "s22", "r22", "w22", "l22", GrantType.LIMIT));
- RuleLimits limits3 = new RuleLimits();
- limits3.setSpatialFilterType(SpatialFilterType.INTERSECT);
- limits3.setCatalogMode(CatalogMode.HIDE);
- String areaWKT3="MultiPolygon (((-1.78181818181818308 5.95227272727272894, -0.16927272727272813 5.4711818181818197, 1.97781818181818148 3.81409090909090986, 1.93327272727272748 2.05009090909090919, -2.6638181818181832 2.64700000000000069, -1.78181818181818308 5.95227272727272894)))";
- MultiPolygon area3=(MultiPolygon)reader.read(areaWKT3);
- limits3.setAllowedArea(area3);
- ruleAdminService.setLimits(id3, limits3);
-
-
- long id4=ruleAdminService.insert(new Rule(24,null, "group42", null, null, "s22", "r22", "w22", "l22", GrantType.LIMIT));
- RuleLimits limits4 = new RuleLimits();
- limits4.setSpatialFilterType(SpatialFilterType.INTERSECT);
- limits4.setCatalogMode(CatalogMode.HIDE);
- String areaWKT4="MultiPolygon (((-1.30963636363636482 5.96118181818181991, 1.78181818181818175 4.84754545454545571, -0.90872727272727349 2.26390909090909132, -1.30963636363636482 5.96118181818181991)))";
- MultiPolygon area4=(MultiPolygon)reader.read(areaWKT4);
- limits4.setAllowedArea(area4);
- ruleAdminService.setLimits(id4, limits4);
-
-
- RuleFilter filter = new RuleFilter(SpecialFilterType.ANY, true);
- filter.setWorkspace("w22");
- filter.setLayer("l22");
- filter.setUser(user.getName());
- AccessInfo accessInfo = ruleReaderService.getAccessInfo(filter);
- assertEquals(GrantType.ALLOW, accessInfo.getGrant());
- assertFalse(accessInfo.getAdminRights());
-
- // we should have both
- assertNotNull(accessInfo.getAreaWkt());
- assertNotNull(accessInfo.getClipAreaWkt());
-
- // the intersects should be equal to the originally defined
- // allowed area
-
- Geometry expectedIntersects=area3.intersection(area4);
- expectedIntersects.normalize();
- Geometry intersects=reader.read(accessInfo.getAreaWkt());
- intersects.normalize();
- System.out.println(intersects.toString());
- System.out.println(expectedIntersects.toString());
- assertTrue(expectedIntersects.equalsExact(intersects,10.0E-15));
-
- Geometry clip=reader.read(accessInfo.getClipAreaWkt());
- clip.normalize();
- Geometry expectedClip=area2.intersection(area);
- expectedClip.normalize();
- assertTrue(expectedClip.equalsExact(clip,10.0E-15));
-
+
+ private void assertRules(RuleFilter filter, Integer[] expectedPriorities) {
+ RuleFilter origFilter = filter.clone();
+ List rules = ruleReaderService.getMatchingRules(filter);
+
+ Set pri = rules.stream()
+ .map(r -> r.getPriority())
+ .collect(Collectors.toSet());
+ Set exp = Arrays.asList(expectedPriorities).stream()
+ .map(i -> i.longValue())
+ .collect(Collectors.toSet());
+ assertEquals("Bad rule set selected for filter " + origFilter, exp, pri);
}
-
-
+
}
diff --git a/src/services/core/services-impl/src/test/java/org/geoserver/geofence/services/RuleReaderServiceImpl_GeomTest.java b/src/services/core/services-impl/src/test/java/org/geoserver/geofence/services/RuleReaderServiceImpl_GeomTest.java
new file mode 100644
index 00000000..580f0a33
--- /dev/null
+++ b/src/services/core/services-impl/src/test/java/org/geoserver/geofence/services/RuleReaderServiceImpl_GeomTest.java
@@ -0,0 +1,456 @@
+package org.geoserver.geofence.services;
+
+import static junit.framework.TestCase.assertEquals;
+import static junit.framework.TestCase.assertFalse;
+import static junit.framework.TestCase.assertNotNull;
+import static junit.framework.TestCase.assertNull;
+import static junit.framework.TestCase.assertTrue;
+import org.geoserver.geofence.core.model.GSUser;
+import org.geoserver.geofence.core.model.Rule;
+import org.geoserver.geofence.core.model.RuleLimits;
+import org.geoserver.geofence.core.model.UserGroup;
+import org.geoserver.geofence.core.model.enums.CatalogMode;
+import org.geoserver.geofence.core.model.enums.GrantType;
+import org.geoserver.geofence.core.model.enums.SpatialFilterType;
+import static org.geoserver.geofence.services.ServiceTestBase.ruleAdminService;
+import static org.geoserver.geofence.services.ServiceTestBase.ruleReaderService;
+import org.geoserver.geofence.services.dto.AccessInfo;
+import org.geoserver.geofence.services.dto.RuleFilter;
+import org.geoserver.geofence.services.exception.NotFoundServiceEx;
+import org.junit.Test;
+import org.locationtech.jts.geom.Geometry;
+import org.locationtech.jts.geom.MultiPolygon;
+import org.locationtech.jts.io.ParseException;
+import org.locationtech.jts.io.WKTReader;
+
+/**
+ *
+ */
+public class RuleReaderServiceImpl_GeomTest extends ServiceTestBase {
+
+ @Test
+ public void testRuleLimitsAllowedAreaSRIDIsPreserved() throws NotFoundServiceEx, ParseException {
+ // test that the original SRID is present in the allowedArea wkt representation,
+ // when retrieving it from the AccessInfo object
+ Long id = null;
+ Long id2 = null;
+ try {
+ {
+ Rule r1 = new Rule(10, null, null, null, null, "s1", "r1", "w1", "l1", GrantType.LIMIT);
+ ruleAdminService.insert(r1);
+ id = r1.getId();
+ }
+
+ {
+ Rule r2 = new Rule(11, null, null, null, null, "s1", "r1", "w1", "l1", GrantType.ALLOW);
+ id2 = ruleAdminService.insert(r2);
+ }
+
+ // save limits and check it has been saved
+ {
+ RuleLimits limits = new RuleLimits();
+ String wkt = "MULTIPOLYGON(((0.0016139656066815888 -0.0006386457758059581,0.0019599705696027314 -0.0006386457758059581,0.0019599705696027314 -0.0008854090051601674,0.0016139656066815888 -0.0008854090051601674,0.0016139656066815888 -0.0006386457758059581)))";
+ Geometry allowedArea = new WKTReader().read(wkt);
+ allowedArea.setSRID(3857);
+ limits.setAllowedArea((MultiPolygon) allowedArea);
+ ruleAdminService.setLimits(id, limits);
+ }
+
+ {
+ RuleFilter filter = new RuleFilter(RuleFilter.SpecialFilterType.ANY, true);
+ filter.setWorkspace("w1");
+ filter.setService("s1");
+ filter.setRequest("r1");
+ filter.setLayer("l1");
+ AccessInfo accessInfo = ruleReaderService.getAccessInfo(filter);
+ String[] wktAr = accessInfo.getAreaWkt().split(";");
+ assertEquals("SRID=3857", wktAr[0]);
+
+ }
+ } finally {
+
+ if (id != null) {
+ ruleAdminService.delete(id);
+ }
+ if (id2 != null) {
+ ruleAdminService.delete(id2);
+ }
+
+ }
+ }
+
+ @Test
+ public void testRuleLimitsAllowedAreaReprojectionWithDifferentSrid() throws NotFoundServiceEx, ParseException {
+ // test that the original SRID is present in the allowedArea wkt representation,
+ // when retrieving it from the AccessInfo object
+ Long id = null;
+ Long id2 = null;
+ Long id3 = null;
+ try {
+ {
+ Rule r1 = new Rule(999, null, null, null, null, "s1", "r1", "w1", "l1", GrantType.ALLOW);
+ ruleAdminService.insert(r1);
+ id = r1.getId();
+ }
+
+ {
+ Rule r2 = new Rule(11, null, null, null, null, "s1", "r1", "w1", "l1", GrantType.LIMIT);
+ id2 = ruleAdminService.insert(r2);
+ }
+
+ // save limits and check it has been saved
+ {
+ RuleLimits limits = new RuleLimits();
+ String wkt = "MultiPolygon (((1680529.71478682174347341 4849746.00902365241199732, 1682436.7076464940328151 4849731.7422441728413105, 1682446.21883281995542347 4849208.62699576932936907, 1680524.95919364970177412 4849279.96089325752109289, 1680529.71478682174347341 4849746.00902365241199732)))";
+ Geometry allowedArea = new WKTReader().read(wkt);
+ allowedArea.setSRID(3003);
+ limits.setAllowedArea((MultiPolygon) allowedArea);
+ ruleAdminService.setLimits(id2, limits);
+ }
+
+ {
+ Rule r3 = new Rule(12, null, null, null, null, "s1", "r1", "w1", "l1", GrantType.LIMIT);
+ id3 = ruleAdminService.insert(r3);
+ }
+
+ // save limits and check it has been saved
+ {
+ RuleLimits limits = new RuleLimits();
+ String wkt = "MultiPolygon (((680588.67850254673976451 4850060.34823693986982107, 681482.71827003755606711 4850469.32878803834319115, 682633.56349697941914201 4849499.20374245755374432, 680588.67850254673976451 4850060.34823693986982107)))";
+ Geometry allowedArea = new WKTReader().read(wkt);
+ allowedArea.setSRID(23032);
+ limits.setAllowedArea((MultiPolygon) allowedArea);
+ ruleAdminService.setLimits(id3, limits);
+ }
+
+ {
+ RuleFilter filter = new RuleFilter(RuleFilter.SpecialFilterType.ANY, true);
+ filter.setWorkspace("w1");
+ filter.setService("s1");
+ filter.setRequest("r1");
+ filter.setLayer("l1");
+ AccessInfo accessInfo = ruleReaderService.getAccessInfo(filter);
+ String[] wktAr = accessInfo.getAreaWkt().split(";");
+ assertEquals("SRID=3003", wktAr[0]);
+
+ }
+ } finally {
+
+ if (id != null) {
+ ruleAdminService.delete(id);
+ }
+ if (id2 != null) {
+ ruleAdminService.delete(id2);
+ }
+ if (id3 != null) {
+ ruleAdminService.delete(id3);
+ }
+
+ }
+ }
+
+ public void testRuleSpatialFilterTypeClipSameGroup() throws ParseException {
+
+ // test that when we have two rules referring to the same group
+ // one having a filter type Intersects and the other one having filter type Clip
+ // the result is a clip area obtained by the intersection of the two.
+ UserGroup g1 = createRole("group11");
+ UserGroup g2 = createRole("group12");
+ GSUser user = createUser("auth11", g1, g2);
+
+ ruleAdminService.insert(new Rule(9999, null, null, null, null, "s11", "r11", "w11", "l11", GrantType.ALLOW));
+ long id = ruleAdminService.insert(new Rule(10, user.getName(), "group11", null, null, "s11", "r11", "w11", "l11", GrantType.LIMIT));
+ RuleLimits limits = new RuleLimits();
+ limits.setSpatialFilterType(SpatialFilterType.CLIP);
+ limits.setCatalogMode(CatalogMode.HIDE);
+ String areaWKT = "MultiPolygon (((-1.93327272727272859 5.5959090909090925, 2.22727272727272707 5.67609090909091041, 2.00454545454545441 4.07245454545454599, -1.92436363636363761 4.54463636363636425, -1.92436363636363761 4.54463636363636425, -1.93327272727272859 5.5959090909090925)))";
+ MultiPolygon area = (MultiPolygon) new WKTReader().read(areaWKT);
+ limits.setAllowedArea(area);
+ ruleAdminService.setLimits(id, limits);
+
+ long id2 = ruleAdminService.insert(new Rule(11, user.getName(), "group12", null, null, "s11", "r11", "w11", "l11", GrantType.LIMIT));
+ RuleLimits limits2 = new RuleLimits();
+ limits2.setSpatialFilterType(SpatialFilterType.INTERSECT);
+ limits2.setCatalogMode(CatalogMode.HIDE);
+ String areaWKT2 = "MultiPolygon (((-1.78181818181818308 5.95227272727272894, -0.16927272727272813 5.4711818181818197, 1.97781818181818148 3.81409090909090986, 1.93327272727272748 2.05009090909090919, -2.6638181818181832 2.64700000000000069, -1.78181818181818308 5.95227272727272894)))";
+ MultiPolygon area2 = (MultiPolygon) new WKTReader().read(areaWKT2);
+ limits2.setAllowedArea(area2);
+ ruleAdminService.setLimits(id2, limits2);
+ RuleFilter filter = new RuleFilter(RuleFilter.SpecialFilterType.ANY, true);
+ filter.setWorkspace("w11");
+ filter.setLayer("l11");
+
+ AccessInfo accessInfo = ruleReaderService.getAccessInfo(filter);
+ assertEquals(GrantType.ALLOW, accessInfo.getGrant());
+ assertFalse(accessInfo.getAdminRights());
+
+ // area in same group, the result should an itersection of the
+ // two allowed area as a clip geometry.
+ Geometry testArea = area.intersection(area2);
+ testArea.normalize();
+ assertNull(accessInfo.getAreaWkt());
+ assertNotNull(accessInfo.getClipAreaWkt());
+
+ Geometry resultArea = (new WKTReader().read(accessInfo.getClipAreaWkt()));
+ resultArea.normalize();
+ assertTrue(testArea.equalsExact(resultArea, 10.0E-15));
+ }
+
+ @Test
+ public void testRuleSpatialFilterTypeIntersectsSameGroup() throws ParseException {
+
+ // test that when we have two rules referring to the same group
+ // both having a filter type Intersects
+ // the result is an intersect area obtained by the intersection of the two.
+ UserGroup g1 = createRole("group13");
+ UserGroup g2 = createRole("group14");
+ GSUser user = createUser("auth12", g1, g2);
+
+ ruleAdminService.insert(new Rule(9999, null, null, null, null, "s11", "r11", "w11", "l11", GrantType.ALLOW));
+ long id = ruleAdminService.insert(new Rule(13, user.getName(), "group13", null, null, "s11", "r11", "w11", "l11", GrantType.LIMIT));
+ RuleLimits limits = new RuleLimits();
+ limits.setSpatialFilterType(SpatialFilterType.INTERSECT);
+ limits.setCatalogMode(CatalogMode.HIDE);
+ String areaWKT = "MultiPolygon (((-1.93327272727272859 5.5959090909090925, 2.22727272727272707 5.67609090909091041, 2.00454545454545441 4.07245454545454599, -1.92436363636363761 4.54463636363636425, -1.92436363636363761 4.54463636363636425, -1.93327272727272859 5.5959090909090925)))";
+ MultiPolygon area = (MultiPolygon) new WKTReader().read(areaWKT);
+ limits.setAllowedArea(area);
+ ruleAdminService.setLimits(id, limits);
+
+ long id2 = ruleAdminService.insert(new Rule(14, user.getName(), "group14", null, null, "s11", "r11", "w11", "l11", GrantType.LIMIT));
+ RuleLimits limits2 = new RuleLimits();
+ limits2.setSpatialFilterType(SpatialFilterType.INTERSECT);
+ limits2.setCatalogMode(CatalogMode.HIDE);
+ String areaWKT2 = "MultiPolygon (((-1.78181818181818308 5.95227272727272894, -0.16927272727272813 5.4711818181818197, 1.97781818181818148 3.81409090909090986, 1.93327272727272748 2.05009090909090919, -2.6638181818181832 2.64700000000000069, -1.78181818181818308 5.95227272727272894)))";
+ MultiPolygon area2 = (MultiPolygon) new WKTReader().read(areaWKT2);
+ limits2.setAllowedArea(area2);
+ ruleAdminService.setLimits(id2, limits2);
+ RuleFilter filter = new RuleFilter(RuleFilter.SpecialFilterType.ANY, true);
+ filter.setWorkspace("w11");
+ filter.setLayer("l11");
+
+ AccessInfo accessInfo = ruleReaderService.getAccessInfo(filter);
+ assertEquals(GrantType.ALLOW, accessInfo.getGrant());
+ assertFalse(accessInfo.getAdminRights());
+
+ // area in same group, the result should an itersection of the
+ // two allowed area as an intersects geometry.
+ Geometry testArea = area.intersection(area2);
+ testArea.normalize();
+ assertNull(accessInfo.getClipAreaWkt());
+ assertNotNull(accessInfo.getAreaWkt());
+
+ Geometry resultArea = (new WKTReader().read(accessInfo.getAreaWkt()));
+ resultArea.normalize();
+ assertTrue(testArea.equalsExact(resultArea, 10.0E-15));
+ }
+
+ @Test
+ public void testRuleSpatialFilterTypeEnlargeAccess() throws ParseException {
+ // test the access enalargement behaviour with the SpatialFilterType.
+ // the user belongs to two groups. One with an allowedArea of type intersects,
+ // the other one with an allowed area of type clip. They should be returned
+ // separately in the final rule.
+
+ UserGroup g1 = createRole("group22");
+ UserGroup g2 = createRole("group23");
+ GSUser user = createUser("auth22", g1, g2);
+
+ ruleAdminService.insert(new Rule(999, null, null, null, null, "s22", "r22", "w22", "l22", GrantType.ALLOW));
+
+ long id = ruleAdminService.insert(new Rule(15, null, "group22", null, null, "s22", "r22", "w22", "l22", GrantType.LIMIT));
+ RuleLimits limits = new RuleLimits();
+ limits.setSpatialFilterType(SpatialFilterType.INTERSECT);
+ limits.setCatalogMode(CatalogMode.HIDE);
+ String areaWKT = "MultiPolygon (((-1.93327272727272859 5.5959090909090925, 2.22727272727272707 5.67609090909091041, 2.00454545454545441 4.07245454545454599, -1.92436363636363761 4.54463636363636425, -1.92436363636363761 4.54463636363636425, -1.93327272727272859 5.5959090909090925)))";
+ MultiPolygon area = (MultiPolygon) new WKTReader().read(areaWKT);
+ limits.setAllowedArea(area);
+ ruleAdminService.setLimits(id, limits);
+
+ long id2 = ruleAdminService.insert(new Rule(16, null, "group23", null, null, "s22", "r22", "w22", "l22", GrantType.LIMIT));
+ RuleLimits limits2 = new RuleLimits();
+ limits2.setSpatialFilterType(SpatialFilterType.CLIP);
+ limits2.setCatalogMode(CatalogMode.HIDE);
+ String areaWKT2 = "MultiPolygon (((-1.78181818181818308 5.95227272727272894, -0.16927272727272813 5.4711818181818197, 1.97781818181818148 3.81409090909090986, 1.93327272727272748 2.05009090909090919, -2.6638181818181832 2.64700000000000069, -1.78181818181818308 5.95227272727272894)))";
+ MultiPolygon area2 = (MultiPolygon) new WKTReader().read(areaWKT2);
+ limits2.setAllowedArea(area2);
+ ruleAdminService.setLimits(id2, limits2);
+ RuleFilter filter = new RuleFilter(RuleFilter.SpecialFilterType.ANY, true);
+ filter.setWorkspace("w22");
+ filter.setLayer("l22");
+ filter.setUser(user.getName());
+ AccessInfo accessInfo = ruleReaderService.getAccessInfo(filter);
+ assertEquals(GrantType.ALLOW, accessInfo.getGrant());
+ assertFalse(accessInfo.getAdminRights());
+
+ // we got a user in two groups one with an intersect spatialFilterType
+ // and the other with a clip spatialFilterType. The two area should haven
+ // been kept separated
+ assertNotNull(accessInfo.getAreaWkt());
+ assertNotNull(accessInfo.getClipAreaWkt());
+
+ // the intersects should be equal to the originally defined
+ // allowed area
+ Geometry intersects = new WKTReader().read(accessInfo.getAreaWkt());
+ intersects.normalize();
+ assertTrue(intersects.equalsExact(area, 10.0E-15));
+
+ Geometry clip = new WKTReader().read(accessInfo.getClipAreaWkt());
+ clip.normalize();
+ area2.normalize();
+ assertTrue(clip.equalsExact(area2, 10.0E-15));
+ }
+
+ @Test
+ public void testRuleSpatialFilterTypeFourRules() throws ParseException {
+ // the user belongs to two groups and there are two rules for each group:
+ // INTERSECTS and CLIP for the first, and CLIP CLIP for the second.
+ // The expected result is only one allowedArea of type clip
+ // obtained by the intersection of the firs two, united with the intersection of the second two.
+ // the first INTERSECTS is resolve as CLIP because during constraint resolution the more restrictive
+ // type is chosen.
+
+ UserGroup g1 = createRole("group31");
+ UserGroup g2 = createRole("group32");
+ GSUser user = createUser("auth33", g1, g2);
+
+ WKTReader reader = new WKTReader();
+
+ ruleAdminService.insert(new Rule(999, null, null, null, null, "s22", "r22", "w22", "l22", GrantType.ALLOW));
+
+ long id = ruleAdminService.insert(new Rule(17, null, "group31", null, null, "s22", "r22", "w22", "l22", GrantType.LIMIT));
+ RuleLimits limits = new RuleLimits();
+ limits.setSpatialFilterType(SpatialFilterType.INTERSECT);
+ limits.setCatalogMode(CatalogMode.HIDE);
+ String areaWKT = "MultiPolygon (((-1.93327272727272859 5.5959090909090925, 2.22727272727272707 5.67609090909091041, 2.00454545454545441 4.07245454545454599, -1.92436363636363761 4.54463636363636425, -1.92436363636363761 4.54463636363636425, -1.93327272727272859 5.5959090909090925)))";
+ MultiPolygon area = (MultiPolygon) reader.read(areaWKT);
+ limits.setAllowedArea(area);
+ ruleAdminService.setLimits(id, limits);
+
+ long id2 = ruleAdminService.insert(new Rule(18, null, "group31", null, null, "s22", "r22", "w22", "l22", GrantType.LIMIT));
+ RuleLimits limits2 = new RuleLimits();
+ limits2.setSpatialFilterType(SpatialFilterType.CLIP);
+ limits2.setCatalogMode(CatalogMode.HIDE);
+ String areaWKT2 = "MultiPolygon (((-1.46109090909091011 5.68500000000000139, -0.68600000000000083 5.7651818181818193, -0.73945454545454625 2.00554545454545519, -1.54127272727272846 1.9610000000000003, -1.46109090909091011 5.68500000000000139)))";
+ MultiPolygon area2 = (MultiPolygon) reader.read(areaWKT2);
+ limits2.setAllowedArea(area2);
+ ruleAdminService.setLimits(id2, limits2);
+
+ long id3 = ruleAdminService.insert(new Rule(19, null, "group32", null, null, "s22", "r22", "w22", "l22", GrantType.LIMIT));
+ RuleLimits limits3 = new RuleLimits();
+ limits3.setSpatialFilterType(SpatialFilterType.CLIP);
+ limits3.setCatalogMode(CatalogMode.HIDE);
+ String areaWKT3 = "MultiPolygon (((-1.78181818181818308 5.95227272727272894, -0.16927272727272813 5.4711818181818197, 1.97781818181818148 3.81409090909090986, 1.93327272727272748 2.05009090909090919, -2.6638181818181832 2.64700000000000069, -1.78181818181818308 5.95227272727272894)))";
+ MultiPolygon area3 = (MultiPolygon) reader.read(areaWKT3);
+ limits3.setAllowedArea(area3);
+ ruleAdminService.setLimits(id3, limits3);
+
+ long id4 = ruleAdminService.insert(new Rule(20, null, "group32", null, null, "s22", "r22", "w22", "l22", GrantType.LIMIT));
+ RuleLimits limits4 = new RuleLimits();
+ limits4.setSpatialFilterType(SpatialFilterType.CLIP);
+ limits4.setCatalogMode(CatalogMode.HIDE);
+ String areaWKT4 = "MultiPolygon (((-1.30963636363636482 5.96118181818181991, 1.78181818181818175 4.84754545454545571, -0.90872727272727349 2.26390909090909132, -1.30963636363636482 5.96118181818181991)))";
+ MultiPolygon area4 = (MultiPolygon) reader.read(areaWKT4);
+ limits4.setAllowedArea(area4);
+ ruleAdminService.setLimits(id4, limits4);
+
+ RuleFilter filter = new RuleFilter(RuleFilter.SpecialFilterType.ANY, true);
+ filter.setWorkspace("w22");
+ filter.setLayer("l22");
+ filter.setUser(user.getName());
+ AccessInfo accessInfo = ruleReaderService.getAccessInfo(filter);
+ assertEquals(GrantType.ALLOW, accessInfo.getGrant());
+ assertFalse(accessInfo.getAdminRights());
+ // we should have only the clip geometry
+ assertNull(accessInfo.getAreaWkt());
+ assertNotNull(accessInfo.getClipAreaWkt());
+
+ // the intersects should be equal to the originally defined
+ // allowed area
+ Geometry expectedResult = area.intersection(area2).union(area3.intersection(area4));
+ expectedResult.normalize();
+ Geometry clip = reader.read(accessInfo.getClipAreaWkt());
+ clip.normalize();
+ assertTrue(clip.equalsExact(expectedResult, 10.0E-15));
+ }
+
+ @Test
+ public void testRuleSpatialFilterTypeFourRules2() throws ParseException {
+ // the user belongs to two groups and there are two rules for each group:
+ // CLIP and CLIP for the first, and INTERSECTS INTERSECTS for the second.
+ // The expected result are two allowedArea the first of type clip and second of type intersects.
+
+ UserGroup g1 = createRole("group41");
+ UserGroup g2 = createRole("group42");
+ GSUser user = createUser("auth44", g1, g2);
+
+ WKTReader reader = new WKTReader();
+
+ ruleAdminService.insert(new Rule(999, null, null, null, null, "s22", "r22", "w22", "l22", GrantType.ALLOW));
+
+ long id = ruleAdminService.insert(new Rule(21, null, "group41", null, null, "s22", "r22", "w22", "l22", GrantType.LIMIT));
+ RuleLimits limits = new RuleLimits();
+ limits.setSpatialFilterType(SpatialFilterType.CLIP);
+ limits.setCatalogMode(CatalogMode.HIDE);
+ String areaWKT = "MultiPolygon (((-1.93327272727272859 5.5959090909090925, 2.22727272727272707 5.67609090909091041, 2.00454545454545441 4.07245454545454599, -1.92436363636363761 4.54463636363636425, -1.92436363636363761 4.54463636363636425, -1.93327272727272859 5.5959090909090925)))";
+ MultiPolygon area = (MultiPolygon) reader.read(areaWKT);
+ limits.setAllowedArea(area);
+ ruleAdminService.setLimits(id, limits);
+
+ long id2 = ruleAdminService.insert(new Rule(22, null, "group41", null, null, "s22", "r22", "w22", "l22", GrantType.LIMIT));
+ RuleLimits limits2 = new RuleLimits();
+ limits2.setSpatialFilterType(SpatialFilterType.CLIP);
+ limits2.setCatalogMode(CatalogMode.HIDE);
+ String areaWKT2 = "MultiPolygon (((-1.46109090909091011 5.68500000000000139, -0.68600000000000083 5.7651818181818193, -0.73945454545454625 2.00554545454545519, -1.54127272727272846 1.9610000000000003, -1.46109090909091011 5.68500000000000139)))";
+ MultiPolygon area2 = (MultiPolygon) reader.read(areaWKT2);
+ limits2.setAllowedArea(area2);
+ ruleAdminService.setLimits(id2, limits2);
+
+ long id3 = ruleAdminService.insert(new Rule(23, null, "group42", null, null, "s22", "r22", "w22", "l22", GrantType.LIMIT));
+ RuleLimits limits3 = new RuleLimits();
+ limits3.setSpatialFilterType(SpatialFilterType.INTERSECT);
+ limits3.setCatalogMode(CatalogMode.HIDE);
+ String areaWKT3 = "MultiPolygon (((-1.78181818181818308 5.95227272727272894, -0.16927272727272813 5.4711818181818197, 1.97781818181818148 3.81409090909090986, 1.93327272727272748 2.05009090909090919, -2.6638181818181832 2.64700000000000069, -1.78181818181818308 5.95227272727272894)))";
+ MultiPolygon area3 = (MultiPolygon) reader.read(areaWKT3);
+ limits3.setAllowedArea(area3);
+ ruleAdminService.setLimits(id3, limits3);
+
+ long id4 = ruleAdminService.insert(new Rule(24, null, "group42", null, null, "s22", "r22", "w22", "l22", GrantType.LIMIT));
+ RuleLimits limits4 = new RuleLimits();
+ limits4.setSpatialFilterType(SpatialFilterType.INTERSECT);
+ limits4.setCatalogMode(CatalogMode.HIDE);
+ String areaWKT4 = "MultiPolygon (((-1.30963636363636482 5.96118181818181991, 1.78181818181818175 4.84754545454545571, -0.90872727272727349 2.26390909090909132, -1.30963636363636482 5.96118181818181991)))";
+ MultiPolygon area4 = (MultiPolygon) reader.read(areaWKT4);
+ limits4.setAllowedArea(area4);
+ ruleAdminService.setLimits(id4, limits4);
+
+ RuleFilter filter = new RuleFilter(RuleFilter.SpecialFilterType.ANY, true);
+ filter.setWorkspace("w22");
+ filter.setLayer("l22");
+ filter.setUser(user.getName());
+ AccessInfo accessInfo = ruleReaderService.getAccessInfo(filter);
+ assertEquals(GrantType.ALLOW, accessInfo.getGrant());
+ assertFalse(accessInfo.getAdminRights());
+
+ // we should have both
+ assertNotNull(accessInfo.getAreaWkt());
+ assertNotNull(accessInfo.getClipAreaWkt());
+
+ // the intersects should be equal to the originally defined
+ // allowed area
+ Geometry expectedIntersects = area3.intersection(area4);
+ expectedIntersects.normalize();
+ Geometry intersects = reader.read(accessInfo.getAreaWkt());
+ intersects.normalize();
+ System.out.println(intersects.toString());
+ System.out.println(expectedIntersects.toString());
+ assertTrue(expectedIntersects.equalsExact(intersects, 10.0E-15));
+
+ Geometry clip = reader.read(accessInfo.getClipAreaWkt());
+ clip.normalize();
+ Geometry expectedClip = area2.intersection(area);
+ expectedClip.normalize();
+ assertTrue(expectedClip.equalsExact(clip, 10.0E-15));
+
+ }
+
+}
diff --git a/src/services/core/webtest/pom.xml b/src/services/core/webtest/pom.xml
index 2dbe3323..9f7e573b 100644
--- a/src/services/core/webtest/pom.xml
+++ b/src/services/core/webtest/pom.xml
@@ -11,7 +11,7 @@
org.geoserver.geofence
geofence-core
- 3.5-SNAPSHOT
+ 3.5.1
org.geoserver.geofence
@@ -247,8 +247,8 @@
maven-compiler-plugin
utf8
- 1.6
- 1.6
+ 1.8
+ 1.8
diff --git a/src/services/modules/generic-api/pom.xml b/src/services/modules/generic-api/pom.xml
index e0ebcf17..a3d9c55f 100644
--- a/src/services/modules/generic-api/pom.xml
+++ b/src/services/modules/generic-api/pom.xml
@@ -14,7 +14,7 @@
org.geoserver.geofence
geofence-modules
- 3.5-SNAPSHOT
+ 3.5.1
org.geoserver.geofence
@@ -55,8 +55,8 @@
org.apache.maven.plugins
maven-compiler-plugin
- 1.6
- 1.6
+ 1.8
+ 1.8
diff --git a/src/services/modules/ldap/pom.xml b/src/services/modules/ldap/pom.xml
index e688f759..ae6661df 100644
--- a/src/services/modules/ldap/pom.xml
+++ b/src/services/modules/ldap/pom.xml
@@ -12,7 +12,7 @@
org.geoserver.geofence
geofence-modules
- 3.5-SNAPSHOT
+ 3.5.1
org.geoserver.geofence
@@ -147,8 +147,8 @@
org.apache.maven.plugins
maven-compiler-plugin
- 1.7
- 1.7
+ 1.8
+ 1.8
diff --git a/src/services/modules/login/api/pom.xml b/src/services/modules/login/api/pom.xml
index d5ca263f..97cf2169 100644
--- a/src/services/modules/login/api/pom.xml
+++ b/src/services/modules/login/api/pom.xml
@@ -14,7 +14,7 @@
org.geoserver.geofence
geofence-login-parent
- 3.5-SNAPSHOT
+ 3.5.1
org.geoserver.geofence
@@ -59,8 +59,8 @@
org.apache.maven.plugins
maven-compiler-plugin
- 1.6
- 1.6
+ 1.8
+ 1.8
diff --git a/src/services/modules/login/impl/pom.xml b/src/services/modules/login/impl/pom.xml
index 88c30379..95207156 100644
--- a/src/services/modules/login/impl/pom.xml
+++ b/src/services/modules/login/impl/pom.xml
@@ -12,7 +12,7 @@
org.geoserver.geofence
geofence-login-parent
- 3.5-SNAPSHOT
+ 3.5.1
org.geoserver.geofence
@@ -95,8 +95,8 @@
org.apache.maven.plugins
maven-compiler-plugin
- 1.6
- 1.6
+ 1.8
+ 1.8
diff --git a/src/services/modules/login/pom.xml b/src/services/modules/login/pom.xml
index c6579227..0c49dccb 100644
--- a/src/services/modules/login/pom.xml
+++ b/src/services/modules/login/pom.xml
@@ -14,7 +14,7 @@
org.geoserver.geofence
geofence-modules
- 3.5-SNAPSHOT
+ 3.5.1
org.geoserver.geofence
diff --git a/src/services/modules/pom.xml b/src/services/modules/pom.xml
index 3eec5536..54d94c08 100644
--- a/src/services/modules/pom.xml
+++ b/src/services/modules/pom.xml
@@ -14,7 +14,7 @@
org.geoserver.geofence
geofence-root
- 3.5-SNAPSHOT
+ 3.5.1
org.geoserver.geofence
diff --git a/src/services/modules/rest/api/pom.xml b/src/services/modules/rest/api/pom.xml
index ee2b9a29..979c9699 100644
--- a/src/services/modules/rest/api/pom.xml
+++ b/src/services/modules/rest/api/pom.xml
@@ -12,7 +12,7 @@
org.geoserver.geofence
geofence-rest-root
- 3.5-SNAPSHOT
+ 3.5.1
org.geoserver.geofence
@@ -75,8 +75,8 @@
org.apache.maven.plugins
maven-compiler-plugin
- 1.6
- 1.6
+ 1.8
+ 1.8
diff --git a/src/services/modules/rest/client/pom.xml b/src/services/modules/rest/client/pom.xml
index 9af45603..48abfd04 100644
--- a/src/services/modules/rest/client/pom.xml
+++ b/src/services/modules/rest/client/pom.xml
@@ -12,7 +12,7 @@
org.geoserver.geofence
geofence-rest-root
- 3.5-SNAPSHOT
+ 3.5.1
org.geoserver.geofence
diff --git a/src/services/modules/rest/impl/pom.xml b/src/services/modules/rest/impl/pom.xml
index 286ea511..6680de5f 100644
--- a/src/services/modules/rest/impl/pom.xml
+++ b/src/services/modules/rest/impl/pom.xml
@@ -12,7 +12,7 @@
org.geoserver.geofence
geofence-rest-root
- 3.5-SNAPSHOT
+ 3.5.1
org.geoserver.geofence
@@ -153,8 +153,8 @@
org.apache.maven.plugins
maven-compiler-plugin
- 1.6
- 1.6
+ 1.8
+ 1.8
@@ -199,12 +199,12 @@
-
+
diff --git a/src/services/modules/rest/pom.xml b/src/services/modules/rest/pom.xml
index 480fff20..805105e8 100644
--- a/src/services/modules/rest/pom.xml
+++ b/src/services/modules/rest/pom.xml
@@ -14,7 +14,7 @@
org.geoserver.geofence
geofence-modules
- 3.5-SNAPSHOT
+ 3.5.1
org.geoserver.geofence
diff --git a/src/services/modules/rest/test/pom.xml b/src/services/modules/rest/test/pom.xml
index 0483bf64..f9e8163d 100644
--- a/src/services/modules/rest/test/pom.xml
+++ b/src/services/modules/rest/test/pom.xml
@@ -12,7 +12,7 @@
org.geoserver.geofence
geofence-rest-root
- 3.5-SNAPSHOT
+ 3.5.1
org.geoserver.geofence
@@ -279,8 +279,8 @@
maven-compiler-plugin
utf8
- 1.6
- 1.6
+ 1.8
+ 1.8
diff --git a/src/services/pom.xml b/src/services/pom.xml
index adb1c861..0563d432 100644
--- a/src/services/pom.xml
+++ b/src/services/pom.xml
@@ -11,12 +11,12 @@
org.geoserver.geofence
geofence
- 3.5-SNAPSHOT
+ 3.5.1
org.geoserver.geofence
geofence-root
- 3.5-SNAPSHOT
+ 3.5.1
pom
GeoFence - 0 Services
@@ -29,7 +29,7 @@
geofence
- 25-SNAPSHOT
+ 28-SNAPSHOT
3.1.5
5.3.0.4-fuse