Skip to content

Commit

Permalink
SAK-33632 Assignments NPE when checking group submitter for assignment (
Browse files Browse the repository at this point in the history 
sakaiproject#5035)
  • Loading branch information
@ern
ern authored Nov 27, 2017
1 parent aa39548 commit 6875c92
Show file tree
Hide file tree
Showing 2 changed files with 85 additions and 2 deletions.
4 changes: 2 additions & 2 deletions assignment/impl/src/java/org/sakaiproject/assignment/impl/AssignmentServiceImpl.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -948,7 +948,7 @@ public AssignmentSubmission addSubmission(String assignmentId, String submitter)

if (assignment.getIsGroup()) {
Group group = site.getGroup(submitter);
if (assignment.getGroups().contains(group.getReference())) {
if (group != null && assignment.getGroups().contains(group.getReference())) {
for (Member member : group.getMembers()) {
AssignmentSubmissionSubmitter ass = new AssignmentSubmissionSubmitter();
ass.setSubmitter(member.getUserId());
Expand Down Expand Up @@ -2517,7 +2517,7 @@ private Assignment checkAssignmentAccessibleForUser(Assignment assignment, Strin
Collection<Group> allowedGroups = getGroupsAllowFunction(SECURE_ACCESS_ASSIGNMENT, context, currentUserId);
// reject and throw PermissionException if there is no intersection
if (!allowAllGroups(context)
&& StringUtils.equals(assignment.getAuthor(), currentUserId)
&& !StringUtils.equals(assignment.getAuthor(), currentUserId)
&& !CollectionUtils.containsAny(asgGroups, allowedGroups.stream().map(Group::getReference).collect(Collectors.toSet()))) {
throw new PermissionException(currentUserId, SECURE_ACCESS_ASSIGNMENT, assignment.getId());
}
Expand Down
83 changes: 83 additions & 0 deletions assignment/impl/src/test/org/sakaiproject/assignment/impl/AssignmentServiceTest.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,7 @@
import java.text.NumberFormat;
import java.time.Duration;
import java.time.Instant;
import java.time.Period;
import java.util.Collection;
import java.util.HashSet;
import java.util.Map;
Expand Down Expand Up @@ -339,6 +340,39 @@ public void addAndGetSubmission() {
}
}

@Test
public void addAndGetGroupSubmission() {
String context = UUID.randomUUID().toString();
String groupSubmitter = UUID.randomUUID().toString();
String submitter1 = UUID.randomUUID().toString();
String submitter2 = UUID.randomUUID().toString();
Set<String> submitters = new HashSet<>();
submitters.add(submitter1);
submitters.add(submitter2);

try {
AssignmentSubmission savedSubmission = createNewGroupSubmission(context, groupSubmitter, submitters);
Assert.assertNotNull(savedSubmission);
Assert.assertNotNull(savedSubmission.getId());

AssignmentSubmission getSubmission = assignmentService.getSubmission(savedSubmission.getId());
Assert.assertNotNull(getSubmission);
Assert.assertNotNull(getSubmission.getId());

Assignment assignment = getSubmission.getAssignment();
Assert.assertNotNull(assignment.getId());
Assert.assertEquals(context, assignment.getContext());

Set<AssignmentSubmissionSubmitter> submissionSubmitters = getSubmission.getSubmitters();
Assert.assertEquals(2, submissionSubmitters.size());
submissionSubmitters.forEach(s -> Assert.assertTrue(submitters.contains(s.getSubmitter())));
Assert.assertEquals(1, submissionSubmitters.stream().filter(AssignmentSubmissionSubmitter::getSubmittee).collect(Collectors.toList()).size());
Assert.assertEquals(groupSubmitter, getSubmission.getGroupId());
} catch (Exception e) {
Assert.fail("Could not create submission, " + e.getMessage());
}
}

@Test
public void removeSubmission() {
String context = UUID.randomUUID().toString();
Expand Down Expand Up @@ -508,6 +542,55 @@ private AssignmentSubmission createNewSubmission(String context, String submitte
return submission;
}

private AssignmentSubmission createNewGroupSubmission(String context, String groupSubmitter, Set<String> submitters) throws UserNotDefinedException, IdUnusedException, PermissionException {

// Setup an Assignment for Group Submission
Assignment assignment = createNewAssignment(context);
assignment.setTypeOfAccess(Assignment.Access.GROUP);
assignment.setIsGroup(true);
assignment.setOpenDate(Instant.now().minus(Period.ofDays(1)));
String groupRef = "/site/" + context + "/group/" + groupSubmitter;
assignment.getGroups().add(groupRef);
String assignmentReference = AssignmentReferenceReckoner.reckoner().assignment(assignment).reckon().getReference();
when(securityService.unlock(AssignmentServiceConstants.SECURE_UPDATE_ASSIGNMENT, assignmentReference)).thenReturn(true);
assignmentService.updateAssignment(assignment);

// configure mock group objects
Site site = mock(Site.class);
Group group = mock(Group.class);
when(group.getReference()).thenReturn(groupRef);
Collection<Group> groups = new HashSet<>();
groups.add(group);
when(site.getGroups()).thenReturn(groups);
when(site.getGroup(groupSubmitter)).thenReturn(group);
Set<Member> members = new HashSet<>();
submitters.forEach(s -> {
Member member = mock(Member.class);
when(member.getUserId()).thenReturn(s);
members.add(member);
});
when(group.getMembers()).thenReturn(members);
when(siteService.getSite(context)).thenReturn(site);
Set<String> groupRefs = groups.stream().map(Group::getReference).collect(Collectors.toSet());

// pick a submitter to be the current user
String currentUser = submitters.stream().findAny().get();
when(sessionManager.getCurrentSessionUserId()).thenReturn(currentUser);

// drop security to student permissions
when(authzGroupService.getAuthzGroupsIsAllowed(currentUser, AssignmentServiceConstants.SECURE_ACCESS_ASSIGNMENT, groupRefs)).thenReturn(groupRefs);
when(securityService.unlock(AssignmentServiceConstants.SECURE_ACCESS_ASSIGNMENT, groupSubmitter)).thenReturn(true);
when(securityService.unlock(AssignmentServiceConstants.SECURE_ADD_ASSIGNMENT, AssignmentReferenceReckoner.reckoner().context(context).reckon().getReference())).thenReturn(false);
when(securityService.unlock(AssignmentServiceConstants.SECURE_ADD_ASSIGNMENT_SUBMISSION, groupRef)).thenReturn(true);

try {
return assignmentService.addSubmission(assignment.getId(), groupSubmitter);
} catch (PermissionException e) {
Assert.fail(e.getMessage());
}
return null;
}

private Assignment createNewAssignment(String context) {
String contextReference = AssignmentReferenceReckoner.reckoner().context(context).reckon().getReference();
when(securityService.unlock(AssignmentServiceConstants.SECURE_ADD_ASSIGNMENT, contextReference)).thenReturn(true);
Expand Down

0 comments on commit 6875c92

Please sign in to comment.