#!/usr/bin/perl
# $Id: security_test,v 1.6 2001/08/10 22:23:20 mpashniak Exp $
# Copyright 2001 Sun Microsystems, Inc.  All rights reserved.

use lib qw( ../../client/perl );
use CCE;

my $ok, $badkeys, @info;
my $oid1, $oid2;

my $cce = new CCE;
$cce->connectuds("tmp/cced.socket");

$cce->create("setup", {});
$cce->set(1, "", {"trigger"=>"1"});

$ok = $cce->auth("", "");
if (!$ok) { print "Couldn't auth to no-user\n"; }

# not vsiteadmin of empty vsite
($ok, $badkeys, @info) = $cce->create("stuff", {"name" => "foo"});
if ($ok) { print "Shouldn't be able to create without a vsite\n"; }

# not authenticated
($ok, $badkeys, @info) = $cce->create("stuff", {"name" => "foo1", "vsite" => "one"});
if ($ok) { print "Shouldn't be able to create as no-user\n"; }

$cce->auth("test1", "test1");

($ok, $badkeys, @info) = $cce->create("stuff", {"name" => "fooone"});
if ($ok) { print "Shouldn't be able to create as test1 without a vsite\n"; }

($ok, $badkeys, @info) = $cce->create("stuff", {"name" => "fooone1", "vsite" => "one"});
if (!$ok) { print "Failed to create stuff vsite one as test1\n"; }

$oid1 = $cce->oid;

# test1 has capability "foo"
($ok, $badkeys, @info) = $cce->set($oid1, "", {"captest"=>"fooonemodify"});
if (!$ok) { print "Failed to modify capability(foo) protected data as test1\n"; }

# test1 is vsiteadmin _and_ is cap(foo)
($ok, $badkeys, @info) = $cce->set($oid1, "", {"other"=>"foo1modother"});
if (!$ok) { print "Failed to modify multi-rule protected data\n"; }

# doesn't have caps (baz) or (faz)
($ok, $badkeys, @info) = $cce->set($oid1, "", {"booltest"=>"foo1modbool"});
if ($ok) { print "Shouldn't be able to modify boolean rule protected data\n"; }

$cce->endkey();
$cce->auth("test2", "test2");

($ok, $badkeys, @info) = $cce->create("stuff", {"name" => "footwo"});
if ($ok) { print "Shouldn't be able to create as test2 without a vsite\n"; }

($ok, $badkeys, @info) = $cce->create("stuff", {"name" => "footwo1", "vsite" => "one"});
if ($ok) { print "Shouldn't be able to create as test2 with vsite one\n"; }

($ok, $badkeys, @info) = $cce->create("stuff", {"name" => "footwo2", "vsite" => "two"});
if (!$ok) { print "Failed to create stuff vsite two as test2\n"; }

$oid2 = $cce->oid;

# test2 has no cap foo
($ok, $badkeys, @info) = $cce->set($oid1, "", {"captest"=>"fooonemodify"});
if ($ok) { print "Shouldn't be able to modify capability protected data\n"; }

# test2 has no cap foo
($ok, $badkeys, @info) = $cce->set($oid2, "", {"captest"=>"fooonemodify"});
if ($ok) { print "Shouldn't be able to modify capability protected data\n"; }

# test2 is not vsite admin of site "one" and has no cap(foo)
($ok, $badkeys, @info) = $cce->set($oid1, "", {"other"=>"foo2modother"});
if ($ok) { print "Shouldn't be able to modify multi-rule protected data\n"; }

# test2 is vsite admin of site "two"
($ok, $badkeys, @info) = $cce->set($oid2, "", {"other"=>"foo2modother2"});
if (!$ok) { print "Failed to modify multi-rule protected data\n"; }

# test2 is not vsite admin of site "one"
($ok, $badkeys, @info) = $cce->set($oid1, "", {"booltest"=>"foo2modbool"});
if ($ok) { print "Shouldn't be able modify boolean rule protected data\n"; }

# test2 has cap(baz) (but not faz), and is vsite admin of site 2
($ok, $badkeys, @info) = $cce->set($oid2, "", {"booltest"=>"foo2modbool"});
if (!$ok) { print "Failed to modify boolean rule protected data\n"; }

$cce->bye();

