Added unit tests for changes to permission executor

elide-core/src/main/java/com/yahoo/elide/core/VerifyFieldAccessFilterExpressionVisitor.java

@@ -91,12 +91,16 @@ private ExpressionResult evaluateUserChecks(Path path) {
         ExpressionResult result = ExpressionResult.PASS;
 
         for (Path.PathElement element : path.getPathElements()) {
-            result = executor.checkUserPermissions(
-                    element.getType(),
-                    ReadPermission.class,
-                    element.getFieldName());
+            try {
+                result = executor.checkUserPermissions(
+                        element.getType(),
+                        ReadPermission.class,
+                        element.getFieldName());
+            } catch (ForbiddenAccessException e) {
+                return ExpressionResult.FAIL;
+            }
 
-            if (result == ExpressionResult.DEFERRED || result == ExpressionResult.FAIL) {
+            if (result == ExpressionResult.DEFERRED) {
                 return result;
             }
         }

elide-core/src/test/java/com/yahoo/elide/security/PermissionExecutorTest.java

@@ -5,6 +5,7 @@
  */
 package com.yahoo.elide.security;
 
+import static org.junit.jupiter.api.Assertions.assertEquals;
 import static org.junit.jupiter.api.Assertions.assertThrows;
 
 import com.yahoo.elide.ElideSettings;
@@ -21,6 +22,7 @@
 import com.yahoo.elide.security.checks.OperationCheck;
 import com.yahoo.elide.security.checks.UserCheck;
 
+import com.yahoo.elide.security.permissions.ExpressionResult;
 import example.TestCheckMappings;
 
 import org.junit.jupiter.api.Test;
@@ -413,6 +415,40 @@ public void testUserCheckCache() {
         requestScope.getPermissionExecutor().checkPermission(ReadPermission.class, resource, cspec);
     }
 
+    @Test
+    public void testUserCheckOnFieldSuccess() {
+        PersistentResource resource = newResource(OpenBean.class);
+        RequestScope requestScope = resource.getRequestScope();
+        ExpressionResult result = requestScope.getPermissionExecutor().checkUserPermissions(OpenBean.class,
+                ReadPermission.class,
+                "open");
+
+        assertEquals(ExpressionResult.PASS, result);
+    }
+
+    @Test
+    public void testUserCheckOnFieldFailure() {
+        PersistentResource resource = newResource(SampleBean.class);
+        RequestScope requestScope = resource.getRequestScope();
+        assertThrows(
+                ForbiddenAccessException.class,
+                () -> requestScope.getPermissionExecutor().checkUserPermissions(SampleBean.class,
+                ReadPermission.class,
+                "cannotSeeMe"));
+    }
+
+    @Test
+    public void testUserCheckOnFieldDeferred() {
+        PersistentResource resource = newResource(SampleBean.class);
+        RequestScope requestScope = resource.getRequestScope();
+
+        ExpressionResult result = requestScope.getPermissionExecutor().checkUserPermissions(SampleBean.class,
+                ReadPermission.class,
+                "allVisible");
+
+        assertEquals(ExpressionResult.DEFERRED, result);
+    }
+
     public <T> PersistentResource<T> newResource(T obj, Class<T> cls) {
         EntityDictionary dictionary = new EntityDictionary(TestCheckMappings.MAPPINGS);
         dictionary.bindEntity(cls);