--- /dev/null
+set XX@NS <pass>
+set testid@aaf.att.com <pass>
+set testunused@aaf.att.com <pass>
+set testid_1@test.com <pass>
+set testid_2@test.com <pass>
+set bogus boguspass
+#delay 10
+set NFR 0
+as XX@NS
+# TC_Perm3.10.0.POS Print NS to prove ok
+ns list name com.test.TC_Perm3.@[user.name]
+** Expect 200 **
+
+List Namespaces by Name[com.test.TC_Perm3.@[THE_USER]]
+--------------------------------------------------------------------------------
+ *** Namespace Not Found ***
+
+# TC_Perm3.10.1.POS Create Namespace with User ID
+ns create com.test.TC_Perm3.@[user.name]_1 @[user.name] testid_1@test.com
+** Expect 201 **
+Created Namespace
+
+# TC_Perm3.10.2.POS Create Namespace with Different ID
+ns create com.test.TC_Perm3.@[user.name]_2 @[user.name] testid_2@test.com
+** Expect 201 **
+Created Namespace
+
+# TC_Perm3.10.3.POS Create Namespace in Different Company
+ns create com.att.TC_Perm3.@[user.name] @[user.name] testunused@aaf.att.com
+** Expect 201 **
+Created Namespace
+
+as testid_1@test.com
+# TC_Perm3.20.0.POS User1 Create a Perm
+perm create com.test.TC_Perm3.@[user.name]_1.dev.myPerm_a myInstance myAction
+** Expect 201 **
+Created Permission
+
+# TC_Perm3.20.5.NEG User1 should not be able to create Role in other group
+role create com.test.TC_Perm3.@[user.name]_2.dev.myRole_a
+** Expect 403 **
+Failed [SVC1403]: Forbidden - [testid_1@test.com] may not write Role [com.test.TC_Perm3.@[THE_USER]_2.dev.myRole_a]
+
+# TC_Perm3.20.6.POS User2 should be able to create Role in own group
+as testid_2@test.com
+role create com.test.TC_Perm3.@[user.name]_2.dev.myRole_a
+** Expect 201 **
+Created Role
+
+# TC_Perm3.20.7.NEG User2 should not be able to grant Perm to own Role
+perm grant com.test.TC_Perm3.@[user.name]_1.dev.myPerm_a myInstance myAction com.test.TC_Perm3.@[user.name]_2.dev.myRole_a
+** Expect 403 **
+Failed [SVC1403]: Forbidden - [testid_2@test.com] may not write Perm [com.test.TC_Perm3.@[THE_USER]_1.dev.myPerm_a|myInstance|myAction]
+
+# TC_Perm3.20.8.NEG User2 cannot create Role in NS 2
+as testid_2@test.com
+perm grant com.test.TC_Perm3.@[user.name]_1.dev.myPerm_a myInstance myAction com.test.TC_Perm3.@[user.name]_2.dev.myRole_a
+** Expect 403 **
+Failed [SVC1403]: Forbidden - [testid_2@test.com] may not write Perm [com.test.TC_Perm3.@[THE_USER]_1.dev.myPerm_a|myInstance|myAction]
+
+# TC_Perm3.20.9.POS Role created, but can't grant... has to be testid_1
+as testid_1@test.com
+perm grant com.test.TC_Perm3.@[user.name]_1.dev.myPerm_a myInstance myAction com.test.TC_Perm3.@[user.name]_2.dev.myRole_a
+** Expect 201 **
+Granted Permission [com.test.TC_Perm3.@[THE_USER]_1.dev.myPerm_a|myInstance|myAction] to Role [com.test.TC_Perm3.@[THE_USER]_2.dev.myRole_a]
+
+# TC_Perm3.30.0.POS User1 Create a Perm
+as testid_1@test.com
+perm create com.test.TC_Perm3.@[user.name]_1.dev.myPerm_b myInstance myAction
+** Expect 201 **
+Created Permission
+
+# TC_Perm3.30.5.NEG User1 should not be able to create Role in other group
+role create com.test.TC_Perm3.@[user.name]_2.dev.myRole_b
+** Expect 403 **
+Failed [SVC1403]: Forbidden - [testid_1@test.com] may not write Role [com.test.TC_Perm3.@[THE_USER]_2.dev.myRole_b]
+
+# TC_Perm3.30.6.POS User2 should be able to create Role in own group
+as testunused@aaf.att.com
+role create com.att.TC_Perm3.@[user.name].dev.myRole_b
+** Expect 201 **
+Created Role
+
+# TC_Perm3.30.7.NEG User2 should not be able to grant Perm to own Role
+perm grant com.test.TC_Perm3.@[user.name]_1.dev.myPerm_b myInstance myAction com.att.TC_Perm3.@[user.name].dev.myRole_b
+** Expect 403 **
+Failed [SVC1403]: Forbidden - [testunused@aaf.att.com] may not write Perm [com.test.TC_Perm3.@[THE_USER]_1.dev.myPerm_b|myInstance|myAction]
+
+# TC_Perm3.30.8.POS User should be able to grant cross company only Double Perm
+as testid_1@test.com
+perm grant com.test.TC_Perm3.@[user.name]_1.dev.myPerm_b myInstance myAction com.att.TC_Perm3.@[user.name].dev.myRole_b
+** Expect 403 **
+Failed [SVC1403]: Forbidden - [testid_1@test.com] may not write Role [com.att.TC_Perm3.@[THE_USER].dev.myRole_b]
+
+as testid_1@test.com
+# TC_Perm3.99.2.POS Namespace Admin can delete Namespace
+force ns delete com.test.TC_Perm3.@[user.name]_1
+** Expect 200,404 **
+Deleted Namespace
+
+# TC_Perm3.99.3.POS Print Namespaces
+ns list name com.test.TC_Perm3.@[user.name]_1
+** Expect 200,404 **
+
+List Namespaces by Name[com.test.TC_Perm3.@[THE_USER]_1]
+--------------------------------------------------------------------------------
+ *** Namespace Not Found ***
+
+as testid_2@test.com
+# TC_Perm3.99.4.POS Namespace Admin can delete Namespace
+force ns delete com.test.TC_Perm3.@[user.name]_2
+** Expect 200,404 **
+Deleted Namespace
+
+# TC_Perm3.99.5.POS Print Namespaces
+ns list name com.test.TC_Perm3.@[user.name]_2
+** Expect 200,404 **
+
+List Namespaces by Name[com.test.TC_Perm3.@[THE_USER]_2]
+--------------------------------------------------------------------------------
+ *** Namespace Not Found ***
+
+as testunused@aaf.att.com
+# TC_Perm3.99.6.POS Remove Namespace from other company
+force ns delete com.att.TC_Perm3.@[user.name]
+** Expect 200,404 **
+Deleted Namespace
+
+# TC_Perm3.99.7.POS Print Namespace from other company
+ns list name com.att.TC_Perm3.@[user.name]
+** Expect 200,404 **
+
+List Namespaces by Name[com.att.TC_Perm3.@[THE_USER]]
+--------------------------------------------------------------------------------
+ *** Namespace Not Found ***
+
Code Review / aaf / authz.git / blobdiff