Merge "Fix sql injection vulnerability"

[portal.git] / ecomp-portal-BE-common / src / test / java / org / onap / portalapp / portal / service / AdminRolesServiceImplTest.java

diff --git a/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/service/AdminRolesServiceImplTest.java b/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/service/AdminRolesServiceImplTest.java
index 74fb5da..f14d3fd 100644 (file)
--- a/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/service/AdminRolesServiceImplTest.java
+++ b/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/service/AdminRolesServiceImplTest.java
@@ -4,6 +4,8 @@
  * ===================================================================
  * Copyright (C) 2017 AT&T Intellectual Property. All rights reserved.
  * ===================================================================
+ * Modifications Copyright (c) 2019 Samsung
+ * ===================================================================
  *
  * Unless otherwise specified, all software contained herein is licensed
  * under the Apache License, Version 2.0 (the "License");
@@ -93,6 +95,9 @@ public class AdminRolesServiceImplTest {
        @Mock
        DataAccessService dataAccessService = new DataAccessServiceImpl();
 
+    @Mock
+    ExternalAccessRolesService externalAccessRolesService;
+
        @Mock
        EPAppCommonServiceImpl epAppCommonServiceImpl = new EPAppCommonServiceImpl();
 
@@ -370,6 +375,25 @@ public class AdminRolesServiceImplTest {
                assertFalse(actual);
        }
 
+    @Test
+    public void isAccountAdminUserNull() {
+        boolean actual = adminRolesServiceImpl.isAccountAdmin(null);
+        assertFalse(actual);
+    }
+
+    @Test
+    public void isRoleAdminTest() {
+        EPUser user = mockUser.mockEPUser();
+        List<String> roles = new ArrayList<>();
+        roles.add("approver\\|");
+        Mockito.when(dataAccessService.executeNamedQuery(
+            Matchers.eq("getRoleFunctionsOfUserforAlltheApplications"), Matchers.any(), Matchers.any()))
+                .thenReturn(roles);
+        Mockito.when(externalAccessRolesService.getFunctionCodeType(Matchers.anyString())).thenReturn("approver");
+        boolean actual = adminRolesServiceImpl.isRoleAdmin(user);
+        assertTrue(actual);
+    }
+
        @Test
        public void isUserTest() {
                EPUser user = mockUser.mockEPUser();
@@ -432,8 +456,11 @@ public class AdminRolesServiceImplTest {
                epUserApp.setUserId(1l);
                userApps.add(epUserApp);
                user.setUserApps(userApps);
-               Mockito.when((EPUser) dataAccessService.getDomainObject(Matchers.any(), Matchers.anyLong(), Matchers.anyMap()))
-                               .thenReturn(user);
+               List<Integer> userAdminApps =  new ArrayList<>();
+               userAdminApps.add(1);
+               userAdminApps.add(2);
+               Mockito.when(dataAccessService.executeNamedQuery(Matchers.anyString(), Matchers.anyMap(), Matchers.anyMap()))
+                               .thenReturn(userAdminApps);
                boolean actual = adminRolesServiceImpl.isAccountAdminOfApplication(user, app);
                assertTrue(actual);
        }