diff --git a/api/src/org/labkey/api/security/permissions/AbstractContainerScopingTest.java b/api/src/org/labkey/api/security/permissions/AbstractContainerScopingTest.java index bb5db4d34a6..1146126f196 100644 --- a/api/src/org/labkey/api/security/permissions/AbstractContainerScopingTest.java +++ b/api/src/org/labkey/api/security/permissions/AbstractContainerScopingTest.java @@ -19,6 +19,7 @@ import org.junit.Assert; import org.labkey.api.data.Container; import org.labkey.api.data.ContainerManager; +import org.labkey.api.module.Module; import org.labkey.api.security.MutableSecurityPolicy; import org.labkey.api.security.SecurityManager; import org.labkey.api.security.SecurityPolicyManager; @@ -33,8 +34,11 @@ import org.springframework.mock.web.MockHttpServletResponse; import java.util.ArrayList; +import java.util.Collections; +import java.util.HashSet; import java.util.List; import java.util.Map; +import java.util.Set; /** * Base class for "container scoping" (a.k.a. broken-object-level-authorization / BOLA / IDOR) integration tests. These @@ -71,14 +75,26 @@ protected User getAdmin() * automatic cleanup. Callers pass a short local name (e.g. "A"/"B"/"Source"); the class name is prepended so two * test classes can both ask for "A" without colliding. */ - protected Container createContainer(String name) + protected Container createContainer(String name, org.labkey.api.module.Module... enabledModules) { Container junit = JunitUtil.getTestContainer(); Container c = ContainerManager.ensureContainer(junit.getParsedPath().append(getClass().getSimpleName() + "-" + name, true), getAdmin()); + activateModules(c, enabledModules); _containers.add(c); return c; } + protected Container activateModules(Container c, Module... enabledModules) + { + if (enabledModules.length > 0) + { + Set m = new HashSet<>(c.getActiveModules()); + Collections.addAll(m, enabledModules); + c.setActiveModules(m, getAdmin()); + } + return c; + } + /** * Create a user that has {@code role} assigned in {@code scope} only (it has no rights in any other * container), registered for automatic cleanup. This is the canonical way to build a caller who is privileged in diff --git a/mothership/src/org/labkey/mothership/MothershipController.java b/mothership/src/org/labkey/mothership/MothershipController.java index dbbe9c2a009..a46431a6e58 100644 --- a/mothership/src/org/labkey/mothership/MothershipController.java +++ b/mothership/src/org/labkey/mothership/MothershipController.java @@ -54,6 +54,7 @@ import org.labkey.api.data.TableInfo; import org.labkey.api.data.TableSelector; import org.labkey.api.module.AllowedDuringUpgrade; +import org.labkey.api.module.ModuleLoader; import org.labkey.api.query.DetailsURL; import org.labkey.api.query.FieldKey; import org.labkey.api.query.QueryService; @@ -1887,8 +1888,8 @@ public static class ContainerScopingTestCase extends AbstractContainerScopingTes public void testUpdateInstallationContainerScoping() throws Exception { User admin = getAdmin(); - Container folderA = createContainer("A"); - Container folderB = createContainer("B"); + Container folderA = createContainer("A", ModuleLoader.getInstance().getModule(MothershipModule.class)); + Container folderB = createContainer("B", ModuleLoader.getInstance().getModule(MothershipModule.class)); // An installation row that lives in folder B ServerInstallation si = new ServerInstallation();