View Javadoc
1   /*
2    * Copyright (c) 2002-2025, City of Paris
3    * All rights reserved.
4    *
5    * Redistribution and use in source and binary forms, with or without
6    * modification, are permitted provided that the following conditions
7    * are met:
8    *
9    *  1. Redistributions of source code must retain the above copyright notice
10   *     and the following disclaimer.
11   *
12   *  2. Redistributions in binary form must reproduce the above copyright notice
13   *     and the following disclaimer in the documentation and/or other materials
14   *     provided with the distribution.
15   *
16   *  3. Neither the name of 'Mairie de Paris' nor 'Lutece' nor the names of its
17   *     contributors may be used to endorse or promote products derived from
18   *     this software without specific prior written permission.
19   *
20   * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
21   * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22   * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23   * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDERS OR CONTRIBUTORS BE
24   * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
25   * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
26   * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
27   * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
28   * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
29   * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
30   * POSSIBILITY OF SUCH DAMAGE.
31   *
32   * License 1.0
33   */
34  package fr.paris.lutece.portal.web.user.attribute;
35  
36  import java.math.BigInteger;
37  import java.security.SecureRandom;
38  import java.util.ArrayList;
39  import java.util.HashMap;
40  import java.util.List;
41  import java.util.Locale;
42  import java.util.Map;
43  import java.util.Random;
44  
45  import org.springframework.mock.web.MockHttpServletRequest;
46  
47  import fr.paris.lutece.portal.business.user.AdminUser;
48  import fr.paris.lutece.portal.business.user.attribute.AttributeField;
49  import fr.paris.lutece.portal.business.user.attribute.AttributeType;
50  import fr.paris.lutece.portal.business.user.attribute.IAttribute;
51  import fr.paris.lutece.portal.service.admin.AccessDeniedException;
52  import fr.paris.lutece.portal.service.admin.PasswordResetException;
53  import fr.paris.lutece.portal.service.message.AdminMessage;
54  import fr.paris.lutece.portal.service.message.AdminMessageService;
55  import fr.paris.lutece.portal.service.security.SecurityTokenService;
56  import fr.paris.lutece.portal.service.user.attribute.AttributeService;
57  import fr.paris.lutece.portal.service.user.attribute.AttributeTypeService;
58  import fr.paris.lutece.portal.web.dashboard.AdminDashboardJspBean;
59  import fr.paris.lutece.test.LuteceTestCase;
60  import fr.paris.lutece.test.Utils;
61  
62  public class AttributeJspBeanTest extends LuteceTestCase
63  {
64      private Map<AttributeType, IAttribute> _attributes;
65  
66      @Override
67      protected void setUp( ) throws Exception
68      {
69          super.setUp( );
70          _attributes = new HashMap<>( );
71          List<AttributeType> types = AttributeTypeService.getInstance( ).getAttributeTypes( Locale.FRANCE );
72          for ( AttributeType type : types )
73          {
74              IAttribute attribute = (IAttribute) Class.forName( type.getClassName( ) ).newInstance( );
75              attribute.setTitle( getRandomName( ) );
76              attribute.setHelpMessage( attribute.getTitle( ) );
77              List<AttributeField> listAttributeFields = new ArrayList<>( );
78              AttributeField attributeField = new AttributeField( );
79              attributeField.setValue( attribute.getTitle( ) );
80              listAttributeFields.add( attributeField );
81              attribute.setListAttributeFields( listAttributeFields );
82              AttributeService.getInstance( ).createAttribute( attribute );
83              _attributes.put( type, attribute );
84          }
85      }
86  
87      @Override
88      protected void tearDown( ) throws Exception
89      {
90          for ( IAttribute attribute : _attributes.values( ) )
91          {
92              AttributeService.getInstance( ).removeAttribute( attribute.getIdAttribute( ) );
93          }
94          super.tearDown( );
95      }
96  
97      public void testGetCreateAttribute( ) throws PasswordResetException, AccessDeniedException
98      {
99          List<AttributeType> types = AttributeTypeService.getInstance( ).getAttributeTypes( Locale.FRANCE );
100         for ( AttributeType type : types )
101         {
102             testGetCreateAttribute( type );
103         }
104     }
105 
106     private void testGetCreateAttribute( AttributeType type ) throws PasswordResetException, AccessDeniedException
107     {
108         MockHttpServletRequest request = new MockHttpServletRequest( );
109         request.setParameter( "attribute_type_class_name", type.getClassName( ) );
110 
111         Utils.registerAdminUserWithRigth( request, new AdminUser( ), "CORE_USERS_MANAGEMENT" );
112         AttributeJspBean instance = new AttributeJspBean( );
113         instance.init( request, "CORE_USERS_MANAGEMENT" );
114 
115         assertNotNull( instance.getCreateAttribute( request ) );
116     }
117 
118     public void testDoCreateAttribute( )
119             throws PasswordResetException, AccessDeniedException, InstantiationException, IllegalAccessException, ClassNotFoundException
120     {
121         List<AttributeType> types = AttributeTypeService.getInstance( ).getAttributeTypes( Locale.FRANCE );
122         for ( AttributeType type : types )
123         {
124             testDoCreateAttribute( type );
125         }
126     }
127 
128     private void testDoCreateAttribute( AttributeType type )
129             throws PasswordResetException, AccessDeniedException, InstantiationException, IllegalAccessException, ClassNotFoundException
130     {
131         MockHttpServletRequest request = new MockHttpServletRequest( );
132         request.setParameter( "attribute_type_class_name", type.getClassName( ) );
133         String strTitle = getRandomName( );
134         request.setParameter( "title", strTitle );
135         request.setParameter( "width", "5" );
136         IAttribute attribute = (IAttribute) Class.forName( type.getClassName( ) ).newInstance( );
137         request.setParameter( SecurityTokenService.PARAMETER_TOKEN,
138                 SecurityTokenService.getInstance( ).getToken( request, attribute.getTemplateCreateAttribute( ) ) );
139 
140         Utils.registerAdminUserWithRigth( request, new AdminUser( ), "CORE_USERS_MANAGEMENT" );
141         AttributeJspBean instance = new AttributeJspBean( );
142         instance.init( request, "CORE_USERS_MANAGEMENT" );
143 
144         try
145         {
146             instance.doCreateAttribute( request );
147             assertTrue( "Did not find attribute of type " + type.getClassName( ), AttributeService.getInstance( ).getAllAttributesWithoutFields( Locale.FRANCE )
148                     .stream( ).anyMatch( a -> a.getTitle( ).equals( strTitle ) ) );
149         }
150         finally
151         {
152             AttributeService.getInstance( ).getAllAttributesWithoutFields( Locale.FRANCE ).stream( ).filter( a -> a.getTitle( ).equals( strTitle ) )
153                     .forEach( a -> AttributeService.getInstance( ).removeAttribute( a.getIdAttribute( ) ) );
154         }
155     }
156 
157     public void testDoCreateAttributeInvalidToken( )
158             throws PasswordResetException, AccessDeniedException, InstantiationException, IllegalAccessException, ClassNotFoundException
159     {
160         List<AttributeType> types = AttributeTypeService.getInstance( ).getAttributeTypes( Locale.FRANCE );
161         for ( AttributeType type : types )
162         {
163             testDoCreateAttributeInvalidToken( type );
164         }
165     }
166 
167     private void testDoCreateAttributeInvalidToken( AttributeType type )
168             throws PasswordResetException, AccessDeniedException, InstantiationException, IllegalAccessException, ClassNotFoundException
169     {
170         MockHttpServletRequest request = new MockHttpServletRequest( );
171         request.setParameter( "attribute_type_class_name", type.getClassName( ) );
172         String strTitle = getRandomName( );
173         request.setParameter( "title", strTitle );
174         request.setParameter( "width", "5" );
175         IAttribute attribute = (IAttribute) Class.forName( type.getClassName( ) ).newInstance( );
176         request.setParameter( SecurityTokenService.PARAMETER_TOKEN,
177                 SecurityTokenService.getInstance( ).getToken( request, attribute.getTemplateCreateAttribute( ) ) + "b" );
178 
179         Utils.registerAdminUserWithRigth( request, new AdminUser( ), "CORE_USERS_MANAGEMENT" );
180         AttributeJspBean instance = new AttributeJspBean( );
181         instance.init( request, "CORE_USERS_MANAGEMENT" );
182 
183         try
184         {
185             instance.doCreateAttribute( request );
186             fail( "Should have thrown" );
187         }
188         catch( AccessDeniedException e )
189         {
190             assertFalse( "Did find attribute of type " + type.getClassName( ), AttributeService.getInstance( ).getAllAttributesWithoutFields( Locale.FRANCE )
191                     .stream( ).anyMatch( a -> a.getTitle( ).equals( strTitle ) ) );
192         }
193         finally
194         {
195             AttributeService.getInstance( ).getAllAttributesWithoutFields( Locale.FRANCE ).stream( ).filter( a -> a.getTitle( ).equals( strTitle ) )
196                     .forEach( a -> AttributeService.getInstance( ).removeAttribute( a.getIdAttribute( ) ) );
197         }
198     }
199 
200     public void testDoCreateAttributeNoToken( )
201             throws PasswordResetException, AccessDeniedException, InstantiationException, IllegalAccessException, ClassNotFoundException
202     {
203         List<AttributeType> types = AttributeTypeService.getInstance( ).getAttributeTypes( Locale.FRANCE );
204         for ( AttributeType type : types )
205         {
206             testDoCreateAttributeNoToken( type );
207         }
208     }
209 
210     private void testDoCreateAttributeNoToken( AttributeType type )
211             throws PasswordResetException, AccessDeniedException, InstantiationException, IllegalAccessException, ClassNotFoundException
212     {
213         MockHttpServletRequest request = new MockHttpServletRequest( );
214         request.setParameter( "attribute_type_class_name", type.getClassName( ) );
215         String strTitle = getRandomName( );
216         request.setParameter( "title", strTitle );
217         request.setParameter( "width", "5" );
218 
219         Utils.registerAdminUserWithRigth( request, new AdminUser( ), "CORE_USERS_MANAGEMENT" );
220         AttributeJspBean instance = new AttributeJspBean( );
221         instance.init( request, "CORE_USERS_MANAGEMENT" );
222 
223         try
224         {
225             instance.doCreateAttribute( request );
226             fail( "Should have thrown" );
227         }
228         catch( AccessDeniedException e )
229         {
230             assertFalse( "Did find attribute of type " + type.getClassName( ), AttributeService.getInstance( ).getAllAttributesWithoutFields( Locale.FRANCE )
231                     .stream( ).anyMatch( a -> a.getTitle( ).equals( strTitle ) ) );
232         }
233         finally
234         {
235             AttributeService.getInstance( ).getAllAttributesWithoutFields( Locale.FRANCE ).stream( ).filter( a -> a.getTitle( ).equals( strTitle ) )
236                     .forEach( a -> AttributeService.getInstance( ).removeAttribute( a.getIdAttribute( ) ) );
237         }
238     }
239 
240     public void testGetModifyAttribute( ) throws PasswordResetException, AccessDeniedException
241     {
242         List<AttributeType> types = AttributeTypeService.getInstance( ).getAttributeTypes( Locale.FRANCE );
243         for ( AttributeType type : types )
244         {
245             testGetModifyAttribute( type );
246         }
247     }
248 
249     private void testGetModifyAttribute( AttributeType type ) throws PasswordResetException, AccessDeniedException
250     {
251         MockHttpServletRequest request = new MockHttpServletRequest( );
252         IAttribute attribute = _attributes.get( type );
253         assertNotNull( attribute );
254         request.setParameter( "id_attribute", Integer.toString( attribute.getIdAttribute( ) ) );
255 
256         Utils.registerAdminUserWithRigth( request, new AdminUser( ), "CORE_USERS_MANAGEMENT" );
257         AttributeJspBean instance = new AttributeJspBean( );
258         instance.init( request, "CORE_USERS_MANAGEMENT" );
259 
260         assertNotNull( instance.getModifyAttribute( request ) );
261     }
262 
263     public void testDoModifyAttribute( )
264             throws PasswordResetException, AccessDeniedException, InstantiationException, IllegalAccessException, ClassNotFoundException
265     {
266         List<AttributeType> types = AttributeTypeService.getInstance( ).getAttributeTypes( Locale.FRANCE );
267         for ( AttributeType type : types )
268         {
269             testDoModifyAttribute( type );
270         }
271     }
272 
273     private void testDoModifyAttribute( AttributeType type )
274             throws PasswordResetException, AccessDeniedException, InstantiationException, IllegalAccessException, ClassNotFoundException
275     {
276         MockHttpServletRequest request = new MockHttpServletRequest( );
277         IAttribute attribute = _attributes.get( type );
278         assertNotNull( attribute );
279         request.setParameter( "id_attribute", Integer.toString( attribute.getIdAttribute( ) ) );
280         String strTitle = getRandomName( );
281         request.setParameter( "title", strTitle );
282         request.setParameter( "width", "5" );
283 
284         request.setParameter( SecurityTokenService.PARAMETER_TOKEN,
285                 SecurityTokenService.getInstance( ).getToken( request, attribute.getTemplateModifyAttribute( ) ) );
286 
287         Utils.registerAdminUserWithRigth( request, new AdminUser( ), "CORE_USERS_MANAGEMENT" );
288         AttributeJspBean instance = new AttributeJspBean( );
289         instance.init( request, "CORE_USERS_MANAGEMENT" );
290 
291         instance.doModifyAttribute( request );
292         IAttribute stored = AttributeService.getInstance( ).getAttributeWithoutFields( attribute.getIdAttribute( ), Locale.FRANCE );
293         assertNotNull( stored );
294         assertEquals( strTitle, stored.getTitle( ) );
295     }
296 
297     public void testDoModifyAttributeInvalidToken( )
298             throws PasswordResetException, AccessDeniedException, InstantiationException, IllegalAccessException, ClassNotFoundException
299     {
300         List<AttributeType> types = AttributeTypeService.getInstance( ).getAttributeTypes( Locale.FRANCE );
301         for ( AttributeType type : types )
302         {
303             testDoModifyAttributeInvalidToken( type );
304         }
305     }
306 
307     private void testDoModifyAttributeInvalidToken( AttributeType type )
308             throws PasswordResetException, AccessDeniedException, InstantiationException, IllegalAccessException, ClassNotFoundException
309     {
310         MockHttpServletRequest request = new MockHttpServletRequest( );
311         IAttribute attribute = _attributes.get( type );
312         assertNotNull( attribute );
313         request.setParameter( "id_attribute", Integer.toString( attribute.getIdAttribute( ) ) );
314         String strTitle = getRandomName( );
315         request.setParameter( "title", strTitle );
316         request.setParameter( "width", "5" );
317 
318         request.setParameter( SecurityTokenService.PARAMETER_TOKEN,
319                 SecurityTokenService.getInstance( ).getToken( request, attribute.getTemplateModifyAttribute( ) ) + "b" );
320 
321         Utils.registerAdminUserWithRigth( request, new AdminUser( ), "CORE_USERS_MANAGEMENT" );
322         AttributeJspBean instance = new AttributeJspBean( );
323         instance.init( request, "CORE_USERS_MANAGEMENT" );
324 
325         try
326         {
327             instance.doModifyAttribute( request );
328             fail( "Should have thrown" );
329         }
330         catch( AccessDeniedException e )
331         {
332             IAttribute stored = AttributeService.getInstance( ).getAttributeWithoutFields( attribute.getIdAttribute( ), Locale.FRANCE );
333             assertNotNull( stored );
334             assertEquals( attribute.getTitle( ), stored.getTitle( ) );
335         }
336     }
337 
338     public void testDoModifyAttributeNoToken( )
339             throws PasswordResetException, AccessDeniedException, InstantiationException, IllegalAccessException, ClassNotFoundException
340     {
341         List<AttributeType> types = AttributeTypeService.getInstance( ).getAttributeTypes( Locale.FRANCE );
342         for ( AttributeType type : types )
343         {
344             testDoModifyAttributeNoToken( type );
345         }
346     }
347 
348     private void testDoModifyAttributeNoToken( AttributeType type )
349             throws PasswordResetException, AccessDeniedException, InstantiationException, IllegalAccessException, ClassNotFoundException
350     {
351         MockHttpServletRequest request = new MockHttpServletRequest( );
352         IAttribute attribute = _attributes.get( type );
353         assertNotNull( attribute );
354         request.setParameter( "id_attribute", Integer.toString( attribute.getIdAttribute( ) ) );
355         String strTitle = getRandomName( );
356         request.setParameter( "title", strTitle );
357         request.setParameter( "width", "5" );
358 
359         Utils.registerAdminUserWithRigth( request, new AdminUser( ), "CORE_USERS_MANAGEMENT" );
360         AttributeJspBean instance = new AttributeJspBean( );
361         instance.init( request, "CORE_USERS_MANAGEMENT" );
362 
363         try
364         {
365             instance.doModifyAttribute( request );
366             fail( "Should have thrown" );
367         }
368         catch( AccessDeniedException e )
369         {
370             IAttribute stored = AttributeService.getInstance( ).getAttributeWithoutFields( attribute.getIdAttribute( ), Locale.FRANCE );
371             assertNotNull( stored );
372             assertEquals( attribute.getTitle( ), stored.getTitle( ) );
373         }
374     }
375 
376     public void testDoConfirmRemoveAttribute( )
377     {
378         MockHttpServletRequest request = new MockHttpServletRequest( );
379         request.setParameter( "id_attribute",
380                 Integer.toString( _attributes.values( ).stream( ).findFirst( ).orElseThrow( IllegalStateException::new ).getIdAttribute( ) ) );
381 
382         AttributeJspBean instance = new AttributeJspBean( );
383         instance.doConfirmRemoveAttribute( request );
384 
385         AdminMessage message = AdminMessageService.getMessage( request );
386         assertNotNull( message );
387         assertTrue( message.getRequestParameters( ).containsKey( SecurityTokenService.PARAMETER_TOKEN ) );
388     }
389 
390     public void testDoRemoveAttribute( ) throws AccessDeniedException
391     {
392         MockHttpServletRequest request = new MockHttpServletRequest( );
393         int idAttribute = _attributes.values( ).stream( ).findFirst( ).orElseThrow( IllegalStateException::new ).getIdAttribute( );
394         request.setParameter( "id_attribute", Integer.toString( idAttribute ) );
395         request.setParameter( SecurityTokenService.PARAMETER_TOKEN,
396                 SecurityTokenService.getInstance( ).getToken( request, "jsp/admin/user/attribute/DoRemoveAttribute.jsp" ) );
397 
398         AttributeJspBean instance = new AttributeJspBean( );
399         instance.doRemoveAttribute( request );
400 
401         IAttribute stored = AttributeService.getInstance( ).getAttributeWithoutFields( idAttribute, Locale.FRANCE );
402         assertNull( stored );
403     }
404 
405     public void testDoRemoveAttributeInvalidToken( ) throws AccessDeniedException
406     {
407         MockHttpServletRequest request = new MockHttpServletRequest( );
408         int idAttribute = _attributes.values( ).stream( ).findFirst( ).orElseThrow( IllegalStateException::new ).getIdAttribute( );
409         request.setParameter( "id_attribute", Integer.toString( idAttribute ) );
410         request.setParameter( SecurityTokenService.PARAMETER_TOKEN,
411                 SecurityTokenService.getInstance( ).getToken( request, "jsp/admin/user/attribute/DoRemoveAttribute.jsp" ) + "b" );
412 
413         AttributeJspBean instance = new AttributeJspBean( );
414         try
415         {
416             instance.doRemoveAttribute( request );
417             fail( "Should have thrown" );
418         }
419         catch( AccessDeniedException e )
420         {
421             IAttribute stored = AttributeService.getInstance( ).getAttributeWithoutFields( idAttribute, Locale.FRANCE );
422             assertNotNull( stored );
423         }
424     }
425 
426     public void testDoRemoveAttributeNoToken( ) throws AccessDeniedException
427     {
428         MockHttpServletRequest request = new MockHttpServletRequest( );
429         int idAttribute = _attributes.values( ).stream( ).findFirst( ).orElseThrow( IllegalStateException::new ).getIdAttribute( );
430         request.setParameter( "id_attribute", Integer.toString( idAttribute ) );
431 
432         AttributeJspBean instance = new AttributeJspBean( );
433         try
434         {
435             instance.doRemoveAttribute( request );
436             fail( "Should have thrown" );
437         }
438         catch( AccessDeniedException e )
439         {
440             IAttribute stored = AttributeService.getInstance( ).getAttributeWithoutFields( idAttribute, Locale.FRANCE );
441             assertNotNull( stored );
442         }
443     }
444 
445     public void testDoMoveDownAttribute( ) throws PasswordResetException, AccessDeniedException
446     {
447         List<IAttribute> listAttributes = AttributeService.getInstance( ).getAllAttributesWithoutFields( Locale.FRANCE );
448         assertTrue( listAttributes.size( ) >= 2 );
449         int nIdAttribute = listAttributes.get( 0 ).getIdAttribute( );
450         int nPosition = listAttributes.get( 0 ).getPosition( );
451 
452         MockHttpServletRequest request = new MockHttpServletRequest( );
453 
454         Utils.registerAdminUserWithRigth( request, new AdminUser( ), "CORE_USERS_MANAGEMENT" );
455         AttributeJspBean instance = new AttributeJspBean( );
456         instance.init( request, "CORE_USERS_MANAGEMENT" );
457 
458         request.setParameter( "id_attribute", Integer.toString( nIdAttribute ) );
459         request.setParameter( SecurityTokenService.PARAMETER_TOKEN,
460                 SecurityTokenService.getInstance( ).getToken( request, AdminDashboardJspBean.TEMPLATE_MANAGE_DASHBOARDS ) );
461 
462         instance.doMoveDownAttribute( request );
463 
464         IAttribute stored = AttributeService.getInstance( ).getAttributeWithoutFields( nIdAttribute, Locale.FRANCE );
465         assertNotNull( stored );
466         assertEquals( nPosition + 1, stored.getPosition( ) );
467     }
468 
469     public void testDoMoveDownAttributeInvalidToken( ) throws PasswordResetException, AccessDeniedException
470     {
471         List<IAttribute> listAttributes = AttributeService.getInstance( ).getAllAttributesWithoutFields( Locale.FRANCE );
472         assertTrue( listAttributes.size( ) >= 2 );
473         int nIdAttribute = listAttributes.get( 0 ).getIdAttribute( );
474         int nPosition = listAttributes.get( 0 ).getPosition( );
475 
476         MockHttpServletRequest request = new MockHttpServletRequest( );
477 
478         Utils.registerAdminUserWithRigth( request, new AdminUser( ), "CORE_USERS_MANAGEMENT" );
479         AttributeJspBean instance = new AttributeJspBean( );
480         instance.init( request, "CORE_USERS_MANAGEMENT" );
481 
482         request.setParameter( "id_attribute", Integer.toString( nIdAttribute ) );
483         request.setParameter( SecurityTokenService.PARAMETER_TOKEN,
484                 SecurityTokenService.getInstance( ).getToken( request, "admin/user/attribute/manage_attributes.html" ) + "b" );
485 
486         try
487         {
488             instance.doMoveDownAttribute( request );
489             fail( "Should have thrown" );
490         }
491         catch( AccessDeniedException e )
492         {
493             IAttribute stored = AttributeService.getInstance( ).getAttributeWithoutFields( nIdAttribute, Locale.FRANCE );
494             assertNotNull( stored );
495             assertEquals( nPosition, stored.getPosition( ) );
496         }
497     }
498 
499     public void testDoMoveDownAttributeNoToken( ) throws PasswordResetException, AccessDeniedException
500     {
501         List<IAttribute> listAttributes = AttributeService.getInstance( ).getAllAttributesWithoutFields( Locale.FRANCE );
502         assertTrue( listAttributes.size( ) >= 2 );
503         int nIdAttribute = listAttributes.get( 0 ).getIdAttribute( );
504         int nPosition = listAttributes.get( 0 ).getPosition( );
505 
506         MockHttpServletRequest request = new MockHttpServletRequest( );
507 
508         Utils.registerAdminUserWithRigth( request, new AdminUser( ), "CORE_USERS_MANAGEMENT" );
509         AttributeJspBean instance = new AttributeJspBean( );
510         instance.init( request, "CORE_USERS_MANAGEMENT" );
511 
512         request.setParameter( "id_attribute", Integer.toString( nIdAttribute ) );
513 
514         try
515         {
516             instance.doMoveDownAttribute( request );
517             fail( "Should have thrown" );
518         }
519         catch( AccessDeniedException e )
520         {
521             IAttribute stored = AttributeService.getInstance( ).getAttributeWithoutFields( nIdAttribute, Locale.FRANCE );
522             assertNotNull( stored );
523             assertEquals( nPosition, stored.getPosition( ) );
524         }
525     }
526 
527     public void testDoMoveUpAttribute( ) throws PasswordResetException, AccessDeniedException
528     {
529         List<IAttribute> listAttributes = AttributeService.getInstance( ).getAllAttributesWithoutFields( Locale.FRANCE );
530         assertTrue( listAttributes.size( ) >= 2 );
531         int nIdAttribute = listAttributes.get( listAttributes.size( ) - 1 ).getIdAttribute( );
532         int nPosition = listAttributes.get( listAttributes.size( ) - 1 ).getPosition( );
533 
534         MockHttpServletRequest request = new MockHttpServletRequest( );
535 
536         Utils.registerAdminUserWithRigth( request, new AdminUser( ), "CORE_USERS_MANAGEMENT" );
537         AttributeJspBean instance = new AttributeJspBean( );
538         instance.init( request, "CORE_USERS_MANAGEMENT" );
539 
540         request.setParameter( "id_attribute", Integer.toString( nIdAttribute ) );
541         request.setParameter( SecurityTokenService.PARAMETER_TOKEN,
542                 SecurityTokenService.getInstance( ).getToken( request, AdminDashboardJspBean.TEMPLATE_MANAGE_DASHBOARDS ) );
543 
544         instance.doMoveUpAttribute( request );
545 
546         IAttribute stored = AttributeService.getInstance( ).getAttributeWithoutFields( nIdAttribute, Locale.FRANCE );
547         assertNotNull( stored );
548         assertEquals( nPosition - 1, stored.getPosition( ) );
549     }
550 
551     public void testDoMoveUpAttributeInvalidToken( ) throws PasswordResetException, AccessDeniedException
552     {
553         List<IAttribute> listAttributes = AttributeService.getInstance( ).getAllAttributesWithoutFields( Locale.FRANCE );
554         assertTrue( listAttributes.size( ) >= 2 );
555         int nIdAttribute = listAttributes.get( listAttributes.size( ) - 1 ).getIdAttribute( );
556         int nPosition = listAttributes.get( listAttributes.size( ) - 1 ).getPosition( );
557 
558         MockHttpServletRequest request = new MockHttpServletRequest( );
559 
560         Utils.registerAdminUserWithRigth( request, new AdminUser( ), "CORE_USERS_MANAGEMENT" );
561         AttributeJspBean instance = new AttributeJspBean( );
562         instance.init( request, "CORE_USERS_MANAGEMENT" );
563 
564         request.setParameter( "id_attribute", Integer.toString( nIdAttribute ) );
565         request.setParameter( SecurityTokenService.PARAMETER_TOKEN,
566                 SecurityTokenService.getInstance( ).getToken( request, "admin/user/attribute/manage_attributes.html" ) + "b" );
567 
568         try
569         {
570             instance.doMoveUpAttribute( request );
571             fail( "Should have thrown" );
572         }
573         catch( AccessDeniedException e )
574         {
575             IAttribute stored = AttributeService.getInstance( ).getAttributeWithoutFields( nIdAttribute, Locale.FRANCE );
576             assertNotNull( stored );
577             assertEquals( nPosition, stored.getPosition( ) );
578         }
579     }
580 
581     public void testDoMoveUpAttributeNoToken( ) throws PasswordResetException, AccessDeniedException
582     {
583         List<IAttribute> listAttributes = AttributeService.getInstance( ).getAllAttributesWithoutFields( Locale.FRANCE );
584         assertTrue( listAttributes.size( ) >= 2 );
585         int nIdAttribute = listAttributes.get( listAttributes.size( ) - 1 ).getIdAttribute( );
586         int nPosition = listAttributes.get( listAttributes.size( ) - 1 ).getPosition( );
587 
588         MockHttpServletRequest request = new MockHttpServletRequest( );
589 
590         Utils.registerAdminUserWithRigth( request, new AdminUser( ), "CORE_USERS_MANAGEMENT" );
591         AttributeJspBean instance = new AttributeJspBean( );
592         instance.init( request, "CORE_USERS_MANAGEMENT" );
593 
594         request.setParameter( "id_attribute", Integer.toString( nIdAttribute ) );
595 
596         try
597         {
598             instance.doMoveUpAttribute( request );
599             fail( "Should have thrown" );
600         }
601         catch( AccessDeniedException e )
602         {
603             IAttribute stored = AttributeService.getInstance( ).getAttributeWithoutFields( nIdAttribute, Locale.FRANCE );
604             assertNotNull( stored );
605             assertEquals( nPosition, stored.getPosition( ) );
606         }
607     }
608 
609     private String getRandomName( )
610     {
611         Random rand = new SecureRandom( );
612         BigInteger bigInt = new BigInteger( 128, rand );
613         return "junit" + bigInt.toString( 36 );
614     }
615 }