11package org .finos .calm .resources ;
22
3+ import io .quarkus .security .identity .SecurityIdentity ;
34import io .quarkus .test .InjectMock ;
45import io .quarkus .test .junit .QuarkusTest ;
56import io .quarkus .test .security .TestSecurity ;
7+ import jakarta .enterprise .inject .Instance ;
68import org .finos .calm .domain .exception .NamespaceAlreadyExistsException ;
79import org .finos .calm .domain .namespaces .NamespaceInfo ;
10+ import org .finos .calm .security .CalmHubPermissionChecker ;
11+ import org .finos .calm .security .UserAccessValidator ;
812import org .finos .calm .store .NamespaceStore ;
913import org .junit .jupiter .api .Test ;
1014import org .junit .jupiter .api .extension .ExtendWith ;
15+ import org .mockito .Mock ;
1116import org .mockito .junit .jupiter .MockitoExtension ;
1217
18+ import java .security .Principal ;
1319import java .util .ArrayList ;
1420import java .util .Arrays ;
21+ import java .util .List ;
22+ import java .util .Set ;
1523
1624import static io .restassured .RestAssured .given ;
1725import static org .finos .calm .resources .ResourceValidationConstants .NAMESPACE_MESSAGE ;
1826import static org .hamcrest .Matchers .containsString ;
1927import static org .hamcrest .Matchers .equalTo ;
28+ import static org .junit .jupiter .api .Assertions .assertEquals ;
29+ import static org .junit .jupiter .api .Assertions .assertTrue ;
2030import static org .mockito .Mockito .*;
2131
2232@ TestSecurity (authorizationEnabled = false )
@@ -27,6 +37,32 @@ public class TestNamespaceResourceShould {
2737 @ InjectMock
2838 NamespaceStore namespaceStore ;
2939
40+ // Plain Mockito mocks for direct-instantiation filtering tests
41+ @ Mock
42+ private NamespaceStore mockNamespaceStore ;
43+ @ Mock
44+ private Instance <UserAccessValidator > mockValidatorInstance ;
45+ @ Mock
46+ private UserAccessValidator mockValidator ;
47+ @ Mock
48+ private SecurityIdentity mockIdentity ;
49+ @ Mock
50+ private Principal mockPrincipal ;
51+ @ Mock
52+ private CalmHubPermissionChecker mockPermissionChecker ;
53+
54+ private static final List <NamespaceInfo > ALL_NAMESPACES = List .of (
55+ new NamespaceInfo ("finos" , "FINOS namespace" ),
56+ new NamespaceInfo ("custom" , "custom namespace" )
57+ );
58+
59+ private NamespaceResource resourceWithAuth (boolean authEnabled ) {
60+ NamespaceResource resource = new NamespaceResource (mockNamespaceStore , mockValidatorInstance , mockPermissionChecker );
61+ resource .identity = mockIdentity ;
62+ resource .authEnabled = authEnabled ;
63+ return resource ;
64+ }
65+
3066 @ Test
3167 void return_empty_wrapper_when_no_namespaces_in_store () {
3268 when (namespaceStore .getNamespaces ()).thenReturn (new ArrayList <>());
@@ -226,4 +262,55 @@ void return_400_when_request_body_is_null() throws NamespaceAlreadyExistsExcepti
226262
227263 verify (namespaceStore , never ()).createNamespace (any (), any ());
228264 }
265+
266+ @ Test
267+ void return_all_namespaces_when_auth_disabled () {
268+ when (mockNamespaceStore .getNamespaces ()).thenReturn (ALL_NAMESPACES );
269+
270+ assertEquals (ALL_NAMESPACES , resourceWithAuth (false ).namespaces ().getValues ());
271+ }
272+
273+ @ Test
274+ void return_all_namespaces_when_validator_not_resolvable () {
275+ when (mockValidatorInstance .isResolvable ()).thenReturn (false );
276+ when (mockNamespaceStore .getNamespaces ()).thenReturn (ALL_NAMESPACES );
277+
278+ assertEquals (ALL_NAMESPACES , resourceWithAuth (true ).namespaces ().getValues ());
279+ }
280+
281+ @ Test
282+ void return_all_namespaces_for_global_admin () {
283+ when (mockValidatorInstance .isResolvable ()).thenReturn (true );
284+ when (mockPermissionChecker .hasGlobalAdmin (mockIdentity )).thenReturn (true );
285+ when (mockNamespaceStore .getNamespaces ()).thenReturn (ALL_NAMESPACES );
286+
287+ assertEquals (ALL_NAMESPACES , resourceWithAuth (true ).namespaces ().getValues ());
288+ }
289+
290+ @ Test
291+ void return_only_accessible_namespaces_for_authenticated_user () {
292+ when (mockValidatorInstance .isResolvable ()).thenReturn (true );
293+ when (mockPermissionChecker .hasGlobalAdmin (mockIdentity )).thenReturn (false );
294+ when (mockIdentity .getPrincipal ()).thenReturn (mockPrincipal );
295+ when (mockPrincipal .getName ()).thenReturn ("thomas" );
296+ when (mockValidatorInstance .get ()).thenReturn (mockValidator );
297+ when (mockValidator .getReadableNamespaces ("thomas" )).thenReturn (Set .of ("finos" ));
298+ when (mockNamespaceStore .getNamespaces ()).thenReturn (ALL_NAMESPACES );
299+
300+ assertEquals (List .of (new NamespaceInfo ("finos" , "FINOS namespace" )),
301+ resourceWithAuth (true ).namespaces ().getValues ());
302+ }
303+
304+ @ Test
305+ void return_empty_list_when_user_has_no_grants () {
306+ when (mockValidatorInstance .isResolvable ()).thenReturn (true );
307+ when (mockPermissionChecker .hasGlobalAdmin (mockIdentity )).thenReturn (false );
308+ when (mockIdentity .getPrincipal ()).thenReturn (mockPrincipal );
309+ when (mockPrincipal .getName ()).thenReturn ("thomas" );
310+ when (mockValidatorInstance .get ()).thenReturn (mockValidator );
311+ when (mockValidator .getReadableNamespaces ("thomas" )).thenReturn (Set .of ());
312+ when (mockNamespaceStore .getNamespaces ()).thenReturn (ALL_NAMESPACES );
313+
314+ assertTrue (resourceWithAuth (true ).namespaces ().getValues ().isEmpty ());
315+ }
229316}
0 commit comments