summaryrefslogtreecommitdiffstats
path: root/authz-test/TestSuite/expected/TC_Perm3.expected
blob: 6cdf2297010a5fbcc4666542276c260d76079fc9 (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136

set XX@NS <pass>
set testid@aaf.att.com <pass>
set testunused@aaf.att.com <pass>
set testid_1@test.com <pass>
set testid_2@test.com <pass>
set bogus boguspass
#delay 10
set NFR 0
as XX@NS
# TC_Perm3.10.0.POS Print NS to prove ok
ns list name com.test.TC_Perm3.@[user.name] 
** Expect 200 **

List Namespaces by Name[com.test.TC_Perm3.@[THE_USER]]
--------------------------------------------------------------------------------
    *** Namespace Not Found ***

# TC_Perm3.10.1.POS Create Namespace with User ID
ns create com.test.TC_Perm3.@[user.name]_1 @[user.name] testid_1@test.com
** Expect 201 **
Created Namespace

# TC_Perm3.10.2.POS Create Namespace with Different ID
ns create com.test.TC_Perm3.@[user.name]_2 @[user.name] testid_2@test.com
** Expect 201 **
Created Namespace

# TC_Perm3.10.3.POS Create Namespace in Different Company
ns create com.att.TC_Perm3.@[user.name] @[user.name] testunused@aaf.att.com
** Expect 201 **
Created Namespace

as testid_1@test.com
# TC_Perm3.20.0.POS User1 Create a Perm
perm create com.test.TC_Perm3.@[user.name]_1.dev.myPerm_a myInstance myAction
** Expect 201 **
Created Permission

# TC_Perm3.20.5.NEG User1 should not be able to create Role in other group
role create com.test.TC_Perm3.@[user.name]_2.dev.myRole_a
** Expect 403 **
Failed [SVC1403]: Forbidden - [testid_1@test.com] may not write Role [com.test.TC_Perm3.@[THE_USER]_2.dev.myRole_a]

# TC_Perm3.20.6.POS User2 should be able to create Role in own group
as testid_2@test.com
role create com.test.TC_Perm3.@[user.name]_2.dev.myRole_a
** Expect 201 **
Created Role

# TC_Perm3.20.7.NEG User2 should not be able to grant Perm to own Role
perm grant com.test.TC_Perm3.@[user.name]_1.dev.myPerm_a myInstance myAction com.test.TC_Perm3.@[user.name]_2.dev.myRole_a
** Expect 403 **
Failed [SVC1403]: Forbidden - [testid_2@test.com] may not write Perm [com.test.TC_Perm3.@[THE_USER]_1.dev.myPerm_a|myInstance|myAction]

# TC_Perm3.20.8.NEG User2 cannot create Role in NS 2
as testid_2@test.com
perm grant com.test.TC_Perm3.@[user.name]_1.dev.myPerm_a myInstance myAction com.test.TC_Perm3.@[user.name]_2.dev.myRole_a
** Expect 403 **
Failed [SVC1403]: Forbidden - [testid_2@test.com] may not write Perm [com.test.TC_Perm3.@[THE_USER]_1.dev.myPerm_a|myInstance|myAction]

# TC_Perm3.20.9.POS Role created, but can't grant... has to be testid_1
as testid_1@test.com
perm grant com.test.TC_Perm3.@[user.name]_1.dev.myPerm_a myInstance myAction com.test.TC_Perm3.@[user.name]_2.dev.myRole_a
** Expect 201 **
Granted Permission [com.test.TC_Perm3.@[THE_USER]_1.dev.myPerm_a|myInstance|myAction] to Role [com.test.TC_Perm3.@[THE_USER]_2.dev.myRole_a]

# TC_Perm3.30.0.POS User1 Create a Perm
as testid_1@test.com
perm create com.test.TC_Perm3.@[user.name]_1.dev.myPerm_b myInstance myAction
** Expect 201 **
Created Permission

# TC_Perm3.30.5.NEG User1 should not be able to create Role in other group
role create com.test.TC_Perm3.@[user.name]_2.dev.myRole_b
** Expect 403 **
Failed [SVC1403]: Forbidden - [testid_1@test.com] may not write Role [com.test.TC_Perm3.@[THE_USER]_2.dev.myRole_b]

# TC_Perm3.30.6.POS User2 should be able to create Role in own group
as testunused@aaf.att.com
role create com.att.TC_Perm3.@[user.name].dev.myRole_b
** Expect 201 **
Created Role

# TC_Perm3.30.7.NEG User2 should not be able to grant Perm to own Role
perm grant com.test.TC_Perm3.@[user.name]_1.dev.myPerm_b myInstance myAction com.att.TC_Perm3.@[user.name].dev.myRole_b
** Expect 403 **
Failed [SVC1403]: Forbidden - [testunused@aaf.att.com] may not write Perm [com.test.TC_Perm3.@[THE_USER]_1.dev.myPerm_b|myInstance|myAction]

# TC_Perm3.30.8.POS User should be able to grant cross company only Double Perm
as testid_1@test.com
perm grant com.test.TC_Perm3.@[user.name]_1.dev.myPerm_b myInstance myAction com.att.TC_Perm3.@[user.name].dev.myRole_b
** Expect 403 **
Failed [SVC1403]: Forbidden - [testid_1@test.com] may not write Role [com.att.TC_Perm3.@[THE_USER].dev.myRole_b]

as testid_1@test.com
# TC_Perm3.99.2.POS Namespace Admin can delete Namespace
force ns delete com.test.TC_Perm3.@[user.name]_1
** Expect 200,404 **
Deleted Namespace

# TC_Perm3.99.3.POS Print Namespaces
ns list name com.test.TC_Perm3.@[user.name]_1
** Expect 200,404 **

List Namespaces by Name[com.test.TC_Perm3.@[THE_USER]_1]
--------------------------------------------------------------------------------
    *** Namespace Not Found ***

as testid_2@test.com
# TC_Perm3.99.4.POS Namespace Admin can delete Namespace
force ns delete com.test.TC_Perm3.@[user.name]_2
** Expect 200,404 **
Deleted Namespace

# TC_Perm3.99.5.POS Print Namespaces
ns list name com.test.TC_Perm3.@[user.name]_2
** Expect 200,404 **

List Namespaces by Name[com.test.TC_Perm3.@[THE_USER]_2]
--------------------------------------------------------------------------------
    *** Namespace Not Found ***

as testunused@aaf.att.com
# TC_Perm3.99.6.POS Remove Namespace from other company
force ns delete com.att.TC_Perm3.@[user.name]
** Expect 200,404 **
Deleted Namespace

# TC_Perm3.99.7.POS Print Namespace from other company
ns list name com.att.TC_Perm3.@[user.name]
** Expect 200,404 **

List Namespaces by Name[com.att.TC_Perm3.@[THE_USER]]
--------------------------------------------------------------------------------
    *** Namespace Not Found ***