Improved test cases of RolesAuthorizationTest;

source/ledger/ledger-core/src/main/java/com/jd/blockchain/ledger/core/LedgerAdminDataset.java

@@ -16,7 +16,7 @@ import com.jd.blockchain.ledger.LedgerMetadata_V2;
 import com.jd.blockchain.ledger.LedgerSettings;
 import com.jd.blockchain.ledger.ParticipantNode;
 import com.jd.blockchain.ledger.RolePrivilegeSettings;
-import com.jd.blockchain.ledger.UserRolesSettings;
+import com.jd.blockchain.ledger.UserAuthorizationSettings;
 import com.jd.blockchain.storage.service.ExPolicyKVStorage;
 import com.jd.blockchain.storage.service.ExPolicyKVStorage.ExPolicy;
 import com.jd.blockchain.storage.service.VersioningKVStorage;
@@ -105,7 +105,7 @@ public class LedgerAdminDataset implements Transactional, LedgerAdminDataQuery,
 	}
 
 	@Override
-	public UserRolesSettings getUserRoles() {
+	public UserAuthorizationSettings getAuthorizations() {
 		return userRoles;
 	}
 

source/ledger/ledger-core/src/main/java/com/jd/blockchain/ledger/core/LedgerSecurityManagerImpl.java

@@ -17,7 +17,7 @@ import com.jd.blockchain.ledger.RolesPolicy;
 import com.jd.blockchain.ledger.TransactionPermission;
 import com.jd.blockchain.ledger.UserDoesNotExistException;
 import com.jd.blockchain.ledger.UserRoles;
-import com.jd.blockchain.ledger.UserRolesSettings;
+import com.jd.blockchain.ledger.UserAuthorizationSettings;
 import com.jd.blockchain.utils.Bytes;
 
 /**
@@ -30,7 +30,7 @@ public class LedgerSecurityManagerImpl implements LedgerSecurityManager {
 
 	private RolePrivilegeSettings rolePrivilegeSettings;
 
-	private UserRolesSettings userRolesSettings;
+	private UserAuthorizationSettings userRolesSettings;
 
 	// 用户的权限配置
 	private Map<Bytes, UserRolesPrivileges> userPrivilegesCache = new ConcurrentHashMap<>();
@@ -41,7 +41,7 @@ public class LedgerSecurityManagerImpl implements LedgerSecurityManager {
 	private ParticipantDataQuery participantsQuery;
 	private UserAccountQuery userAccountsQuery;
 
-	public LedgerSecurityManagerImpl(RolePrivilegeSettings rolePrivilegeSettings, UserRolesSettings userRolesSettings,
+	public LedgerSecurityManagerImpl(RolePrivilegeSettings rolePrivilegeSettings, UserAuthorizationSettings userRolesSettings,
 			ParticipantDataQuery participantsQuery, UserAccountQuery userAccountsQuery) {
 		this.rolePrivilegeSettings = rolePrivilegeSettings;
 		this.userRolesSettings = userRolesSettings;

source/ledger/ledger-core/src/main/java/com/jd/blockchain/ledger/core/TransactionBatchProcessor.java

@@ -82,7 +82,7 @@ public class TransactionBatchProcessor implements TransactionBatchProcess {
 		LedgerDataQuery ledgerDataQuery = ledgerRepo.getDataSet(ledgerBlock);
 		LedgerAdminDataQuery previousAdminDataset = ledgerDataQuery.getAdminDataset();
 		this.securityManager = new LedgerSecurityManagerImpl(previousAdminDataset.getAdminInfo().getRolePrivileges(),
-				previousAdminDataset.getAdminInfo().getUserRoles(), previousAdminDataset.getParticipantDataset(),
+				previousAdminDataset.getAdminInfo().getAuthorizations(), previousAdminDataset.getParticipantDataset(),
 				ledgerDataQuery.getUserAccountSet());
 		
 		this.newBlockEditor = ledgerRepo.createNextBlock();
@@ -98,7 +98,7 @@ public class TransactionBatchProcessor implements TransactionBatchProcess {
 		LedgerAdminDataQuery previousAdminDataset = previousBlockDataset.getAdminDataset();
 		LedgerSecurityManager securityManager = new LedgerSecurityManagerImpl(
 				previousAdminDataset.getAdminInfo().getRolePrivileges(),
-				previousAdminDataset.getAdminInfo().getUserRoles(), previousAdminDataset.getParticipantDataset(),
+				previousAdminDataset.getAdminInfo().getAuthorizations(), previousAdminDataset.getParticipantDataset(),
 				previousBlockDataset.getUserAccountSet());
 
 		TransactionBatchProcessor processor = new TransactionBatchProcessor(securityManager, newBlockEditor, ledgerRepo,

source/ledger/ledger-core/src/main/java/com/jd/blockchain/ledger/core/UserRoleDataset.java

@@ -11,7 +11,7 @@ import com.jd.blockchain.ledger.MerkleProof;
 import com.jd.blockchain.ledger.RoleSet;
 import com.jd.blockchain.ledger.RolesPolicy;
 import com.jd.blockchain.ledger.UserRoles;
-import com.jd.blockchain.ledger.UserRolesSettings;
+import com.jd.blockchain.ledger.UserAuthorizationSettings;
 import com.jd.blockchain.storage.service.ExPolicyKVStorage;
 import com.jd.blockchain.storage.service.VersioningKVEntry;
 import com.jd.blockchain.storage.service.VersioningKVStorage;
@@ -24,7 +24,7 @@ import com.jd.blockchain.utils.Transactional;
  * @author huanghaiquan
  *
  */
-public class UserRoleDataset implements Transactional, MerkleProvable, UserRolesSettings {
+public class UserRoleDataset implements Transactional, MerkleProvable, UserAuthorizationSettings {
 
 	private MerkleDataSet dataset;
 

source/ledger/ledger-core/src/main/java/com/jd/blockchain/ledger/core/handles/UserAuthorizeOperationHandle.java

@@ -9,7 +9,7 @@ import com.jd.blockchain.ledger.RolesPolicy;
 import com.jd.blockchain.ledger.UserAuthorizeOperation;
 import com.jd.blockchain.ledger.UserAuthorizeOperation.UserRolesEntry;
 import com.jd.blockchain.ledger.UserRoles;
-import com.jd.blockchain.ledger.UserRolesSettings;
+import com.jd.blockchain.ledger.UserAuthorizationSettings;
 import com.jd.blockchain.ledger.core.LedgerDataset;
 import com.jd.blockchain.ledger.core.LedgerQuery;
 import com.jd.blockchain.ledger.core.MultiIDsPolicy;
@@ -36,7 +36,7 @@ public class UserAuthorizeOperationHandle extends AbstractLedgerOperationHandle<
 		// 操作账本；
 
 		UserRolesEntry[] urcfgs = operation.getUserRolesAuthorizations();
-		UserRolesSettings urSettings = newBlockDataset.getAdminDataset().getUserRoles();
+		UserAuthorizationSettings urSettings = newBlockDataset.getAdminDataset().getAuthorizations();
 		RolePrivilegeSettings rolesSettings = newBlockDataset.getAdminDataset().getRolePrivileges();
 		if (urcfgs != null) {
 			for (UserRolesEntry urcfg : urcfgs) {

source/ledger/ledger-core/src/test/java/test/com/jd/blockchain/ledger/core/LedgerAdminDatasetTest.java

@@ -33,7 +33,7 @@ import com.jd.blockchain.ledger.RolePrivileges;
 import com.jd.blockchain.ledger.RolesPolicy;
 import com.jd.blockchain.ledger.TransactionPermission;
 import com.jd.blockchain.ledger.UserRoles;
-import com.jd.blockchain.ledger.UserRolesSettings;
+import com.jd.blockchain.ledger.UserAuthorizationSettings;
 import com.jd.blockchain.ledger.core.CryptoConfig;
 import com.jd.blockchain.ledger.core.LedgerAdminDataset;
 import com.jd.blockchain.ledger.core.LedgerConfiguration;
@@ -100,7 +100,7 @@ public class LedgerAdminDatasetTest {
 				new TransactionPermission[] { TransactionPermission.DIRECT_OPERATION,
 						TransactionPermission.CONTRACT_OPERATION });
 
-		ledgerAdminDataset.getUserRoles().addUserRoles(parties[0].getAddress(), RolesPolicy.UNION, "DEFAULT");
+		ledgerAdminDataset.getAuthorizations().addUserRoles(parties[0].getAddress(), RolesPolicy.UNION, "DEFAULT");
 
 		// New created instance is updated until being committed;
 		assertTrue(ledgerAdminDataset.isUpdated());
@@ -148,7 +148,7 @@ public class LedgerAdminDatasetTest {
 		verifyReadonlyState(reloadAdminAccount1);
 
 		verifyRealoadingRoleAuthorizations(reloadAdminAccount1, ledgerAdminDataset.getRolePrivileges(),
-				ledgerAdminDataset.getUserRoles());
+				ledgerAdminDataset.getAuthorizations());
 
 		// --------------
 		// 重新加载，并进行修改;
@@ -168,7 +168,7 @@ public class LedgerAdminDatasetTest {
 
 		reloadAdminAccount2.getRolePrivileges().disablePermissions("DEFAULT", TransactionPermission.CONTRACT_OPERATION);
 
-		reloadAdminAccount2.getUserRoles().addUserRoles(parties[1].getAddress(), RolesPolicy.UNION, "DEFAULT", "ADMIN");
+		reloadAdminAccount2.getAuthorizations().addUserRoles(parties[1].getAddress(), RolesPolicy.UNION, "DEFAULT", "ADMIN");
 
 		reloadAdminAccount2.commit();
 
@@ -228,7 +228,7 @@ public class LedgerAdminDatasetTest {
 	}
 
 	private void verifyRealoadingRoleAuthorizations(LedgerAdminSettings actualAccount,
-			RolePrivilegeSettings expRolePrivilegeSettings, UserRolesSettings expUserRoleSettings) {
+			RolePrivilegeSettings expRolePrivilegeSettings, UserAuthorizationSettings expUserRoleSettings) {
 		// 验证基本信息；
 		RolePrivilegeSettings actualRolePrivileges = actualAccount.getRolePrivileges();
 		RolePrivileges[] expRPs = expRolePrivilegeSettings.getRolePrivileges();
@@ -242,12 +242,12 @@ public class LedgerAdminDatasetTest {
 			assertArrayEquals(expRP.getTransactionPrivilege().toBytes(), actualRP.getTransactionPrivilege().toBytes());
 		}
 
-		UserRolesSettings actualUserRoleSettings = actualAccount.getUserRoles();
+		UserAuthorizationSettings actualUserRoleSettings = actualAccount.getAuthorizations();
 		UserRoles[] expUserRoles = expUserRoleSettings.getUserRoles();
 		assertEquals(expUserRoles.length, actualUserRoleSettings.getUserCount());
 
 		for (UserRoles expUR : expUserRoles) {
-			UserRoles actualUR = actualAccount.getUserRoles().getUserRoles(expUR.getUserAddress());
+			UserRoles actualUR = actualAccount.getAuthorizations().getUserRoles(expUR.getUserAddress());
 			assertNotNull(actualUR);
 			assertEquals(expUR.getPolicy(), actualUR.getPolicy());
 			String[] expRoles = expUR.getRoles();

source/ledger/ledger-model/src/main/java/com/jd/blockchain/ledger/LedgerAdminSettings.java

@@ -2,7 +2,7 @@ package com.jd.blockchain.ledger;
 
 public interface LedgerAdminSettings extends LedgerAdminInfo {
 
-	UserRolesSettings getUserRoles();
+	UserAuthorizationSettings getAuthorizations();
 
 	RolePrivilegeSettings getRolePrivileges();
 }

source/ledger/ledger-model/src/main/java/com/jd/blockchain/ledger/UserRolesSettings.java → source/ledger/ledger-model/src/main/java/com/jd/blockchain/ledger/UserAuthorizationSettings.java

@@ -4,7 +4,7 @@ import java.util.Collection;
 
 import com.jd.blockchain.utils.Bytes;
 
-public interface UserRolesSettings {
+public interface UserAuthorizationSettings {
 
 	/**
 	 * 单一用户可被授权的角色数量的最大值；

source/ledger/ledger-model/src/main/java/com/jd/blockchain/transaction/UserAuthorizeOpTemplate.java

@@ -22,8 +22,8 @@ public class UserAuthorizeOpTemplate implements UserAuthorizer, UserAuthorizeOpe
 		DataContractRegistry.register(UserRolesEntry.class);
 	}
 
-	private Set<UserRolesAuthorization> userAuthMap = Collections
-			.synchronizedSet(new LinkedHashSet<UserRolesAuthorization>());
+	private Set<AuthorizationDataEntry> userAuthMap = Collections
+			.synchronizedSet(new LinkedHashSet<AuthorizationDataEntry>());
 
 	public UserAuthorizeOpTemplate() {
 	}
@@ -32,8 +32,8 @@ public class UserAuthorizeOpTemplate implements UserAuthorizer, UserAuthorizeOpe
 	}
 
 	@Override
-	public UserRolesAuthorization[] getUserRolesAuthorizations() {
-		return ArrayUtils.toArray(userAuthMap, UserRolesAuthorization.class);
+	public AuthorizationDataEntry[] getUserRolesAuthorizations() {
+		return ArrayUtils.toArray(userAuthMap, AuthorizationDataEntry.class);
 	}
 
 	@Override
@@ -43,7 +43,7 @@ public class UserAuthorizeOpTemplate implements UserAuthorizer, UserAuthorizeOpe
 
 	@Override
 	public UserRolesAuthorizer forUser(Bytes... userAddresses) {
-		UserRolesAuthorization userRolesAuth = new UserRolesAuthorization(userAddresses);
+		AuthorizationDataEntry userRolesAuth = new AuthorizationDataEntry(userAddresses);
 		userAuthMap.add(userRolesAuth);
 		return userRolesAuth;
 	}
@@ -54,7 +54,7 @@ public class UserAuthorizeOpTemplate implements UserAuthorizer, UserAuthorizeOpe
 		return forUser(addresses);
 	}
 
-	private class UserRolesAuthorization implements UserRolesAuthorizer, UserRolesEntry {
+	private class AuthorizationDataEntry implements UserRolesAuthorizer, UserRolesEntry {
 
 		private Bytes[] userAddress;
 
@@ -63,7 +63,7 @@ public class UserAuthorizeOpTemplate implements UserAuthorizer, UserAuthorizeOpe
 		private Set<String> authRoles = new LinkedHashSet<String>();
 		private Set<String> unauthRoles = new LinkedHashSet<String>();
 
-		private UserRolesAuthorization(Bytes[] userAddress) {
+		private AuthorizationDataEntry(Bytes[] userAddress) {
 			this.userAddress = userAddress;
 		}
 

source/test/test-ledger/src/test/java/test/com/jd/blockchain/test/ledger/RolesAuthorizationTest.java

@@ -9,6 +9,7 @@ import java.io.IOException;
 import java.io.InputStream;
 import java.util.Arrays;
 import java.util.HashSet;
+import java.util.Iterator;
 import java.util.Set;
 
 import org.junit.Test;
@@ -36,9 +37,12 @@ import com.jd.blockchain.ledger.TransactionBuilder;
 import com.jd.blockchain.ledger.TransactionPermission;
 import com.jd.blockchain.ledger.TransactionRequest;
 import com.jd.blockchain.ledger.TransactionRequestBuilder;
+import com.jd.blockchain.ledger.TransactionResponse;
+import com.jd.blockchain.ledger.TransactionState;
 import com.jd.blockchain.ledger.UserAuthorizeOperation;
 import com.jd.blockchain.ledger.UserRegisterOperation;
 import com.jd.blockchain.ledger.UserRoles;
+import com.jd.blockchain.ledger.core.DataAccount;
 import com.jd.blockchain.ledger.core.DefaultOperationHandleRegisteration;
 import com.jd.blockchain.ledger.core.LedgerInitializer;
 import com.jd.blockchain.ledger.core.LedgerManager;
@@ -46,6 +50,7 @@ import com.jd.blockchain.ledger.core.LedgerQuery;
 import com.jd.blockchain.ledger.core.LedgerRepository;
 import com.jd.blockchain.ledger.core.OperationHandleRegisteration;
 import com.jd.blockchain.ledger.core.TransactionBatchProcessor;
+import com.jd.blockchain.ledger.core.UserAccount;
 import com.jd.blockchain.service.TransactionBatchResult;
 import com.jd.blockchain.service.TransactionBatchResultHandle;
 import com.jd.blockchain.storage.service.KVStorageService;
@@ -79,6 +84,8 @@ public class RolesAuthorizationTest {
 	private static final BlockchainKeypair DEFAULT_USER;
 	private static final BlockchainKeypair GUEST_USER;
 
+	// 预置的新普通用户；
+	private static final BlockchainKeypair NEW_USER = BlockchainKeyGenerator.getInstance().generate();
 	// 预置的数据账户；
 	private static final BlockchainIdentity DATA_ACCOUNT_ID = BlockchainKeyGenerator.getInstance().generate()
 			.getIdentity();
@@ -107,24 +114,123 @@ public class RolesAuthorizationTest {
 	public void test() {
 		MemoryKVStorage storage = new MemoryKVStorage();
 		LedgerBlock genesisBlock = initLedger(storage);
+		final HashDigest ledgerHash = genesisBlock.getHash();
 
 		LedgerManager ledgerManager = new LedgerManager();
-		LedgerRepository ledger = ledgerManager.register(genesisBlock.getHash(), storage);
+		LedgerRepository ledger = ledgerManager.register(ledgerHash, storage);
 
 		// 验证角色和用户的权限配置；
 		assertUserRolesPermissions(ledger);
 
-		// 预置数据；
-		TransactionRequest tx = buildRequest(ledger.getHash(), ADMIN_USER, ADMIN_USER, new TransactionDefiner() {
+		// 预置数据：准备一个新用户和数据账户；
+		TransactionRequest predefinedTx = buildRequest(ledger.getHash(), ADMIN_USER, ADMIN_USER,
+				new TransactionDefiner() {
+					@Override
+					public void define(TransactionBuilder txBuilder) {
+						txBuilder.security().roles().configure("NORMAL").enable(LedgerPermission.REGISTER_DATA_ACCOUNT)
+								.disable(LedgerPermission.REGISTER_USER)
+								.enable(TransactionPermission.CONTRACT_OPERATION);
+
+						txBuilder.users().register(NEW_USER.getIdentity());
+
+						txBuilder.security().authorziations().forUser(NEW_USER.getAddress()).authorize("NORMAL");
+
+						txBuilder.dataAccounts().register(DATA_ACCOUNT_ID);
+					}
+				});
+
+		TransactionBatchResult procResult = executeTransactions(ledger, predefinedTx);
+
+		//断言预定义数据的交易和区块成功；
+		assertBlock(1, procResult);
+		assertTransactionAllSuccess(procResult);
+
+		//断言预定义的数据符合预期；
+		assertPredefineData(ledgerHash, storage);
+
+		// 用不具备“注册用户”权限的用户，注册另一个新用户，预期交易失败；
+		BlockchainKeypair tempUser = BlockchainKeyGenerator.getInstance().generate();
+		TransactionRequest tx = buildRequest(ledger.getHash(), NEW_USER, ADMIN_USER, new TransactionDefiner() {
 			@Override
 			public void define(TransactionBuilder txBuilder) {
-				txBuilder.dataAccounts().register(DATA_ACCOUNT_ID);
+				txBuilder.users().register(tempUser.getIdentity());
 			}
 		});
 
-		TransactionBatchResult procResult = executeTransactions(ledger, tx);
-		assertEquals(1, procResult.getBlock().getHeight());
+		procResult = executeTransactions(ledger, tx);
+		assertBlock(2, procResult);
+		
+		assertTransactionAllFail(procResult, TransactionState.REJECTED_BY_SECURITY_POLICY);
+	}
+
+	/**
+	 * 断言区块高度；
+	 * 
+	 * @param blockHeight
+	 * @param procResult
+	 */
+	private void assertBlock(long blockHeight, TransactionBatchResult procResult) {
+		assertEquals(blockHeight, procResult.getBlock().getHeight());
+	}
 
+	/**
+	 * 断言全部交易结果都是成功的；
+	 * 
+	 * @param procResult
+	 */
+	private void assertTransactionAllSuccess(TransactionBatchResult procResult) {
+
+		Iterator<TransactionResponse> responses = procResult.getResponses();
+		while (responses.hasNext()) {
+			TransactionResponse transactionResponse = (TransactionResponse) responses.next();
+
+			assertEquals(true, transactionResponse.isSuccess());
+			assertEquals(TransactionState.SUCCESS, transactionResponse.getExecutionState());
+			assertEquals(procResult.getBlock().getHash(), transactionResponse.getBlockHash());
+			assertEquals(procResult.getBlock().getHeight(), transactionResponse.getBlockHeight());
+		}
+	}
+	
+	/**
+	 * 断言全部交易结果都是失败的；
+	 * 
+	 * @param procResult
+	 */
+	private void assertTransactionAllFail(TransactionBatchResult procResult, TransactionState txState) {
+		Iterator<TransactionResponse> responses = procResult.getResponses();
+		while (responses.hasNext()) {
+			TransactionResponse transactionResponse = (TransactionResponse) responses.next();
+			
+			assertEquals(false, transactionResponse.isSuccess());
+			assertEquals(txState, transactionResponse.getExecutionState());
+		}
+	}
+
+	/**
+	 * 断言预定义的数据符合预期；
+	 * 
+	 * @param ledgerHash
+	 * @param storage
+	 */
+	private void assertPredefineData(HashDigest ledgerHash, MemoryKVStorage storage) {
+		LedgerManager ledgerManager = new LedgerManager();
+		LedgerRepository ledger = ledgerManager.register(ledgerHash, storage);
+		UserAccount newUser = ledger.getUserAccountSet().getUser(NEW_USER.getAddress());
+		assertNotNull(newUser);
+		DataAccount dataAccount = ledger.getDataAccountSet().getDataAccount(DATA_ACCOUNT_ID.getAddress());
+		assertNotNull(dataAccount);
+
+		UserRoles userRoles = ledger.getAdminSettings().getAuthorizations().getUserRoles(NEW_USER.getAddress());
+		assertNotNull(userRoles);
+		assertEquals(1, userRoles.getRoleCount());
+		assertEquals("NORMAL", userRoles.getRoles()[0]);
+
+		RolePrivileges normalRole = ledger.getAdminSettings().getRolePrivileges().getRolePrivilege("NORMAL");
+		assertNotNull(normalRole);
+		assertEquals(true, normalRole.getLedgerPrivilege().isEnable(LedgerPermission.REGISTER_DATA_ACCOUNT));
+		assertEquals(false, normalRole.getLedgerPrivilege().isEnable(LedgerPermission.REGISTER_USER));
+		assertEquals(true, normalRole.getTransactionPrivilege().isEnable(TransactionPermission.CONTRACT_OPERATION));
+		assertEquals(false, normalRole.getTransactionPrivilege().isEnable(TransactionPermission.DIRECT_OPERATION));
 	}
 
 	private TransactionBatchResult executeTransactions(LedgerRepository ledger, TransactionRequest... transactions) {
@@ -192,7 +298,7 @@ public class RolesAuthorizationTest {
 		if (roles == null) {
 			roles = new String[0];
 		}
-		UserRoles userRoles = ledger.getAdminSettings().getUserRoles().getUserRoles(address);
+		UserRoles userRoles = ledger.getAdminSettings().getAuthorizations().getUserRoles(address);
 		assertNotNull(userRoles);
 		assertEquals(policy, userRoles.getPolicy());