Example 6 with AccessControlList
use of com.enonic.xp.security.acl.AccessControlList in project xp by enonic.
the class ProjectServiceImplTest method create_with_root_content_permissions.
@Test
void create_with_root_content_permissions() {
final RepositoryId projectRepoId = RepositoryId.from("com.enonic.cms.test-project");
final ProjectName projectName = ProjectName.from(projectRepoId);
doCreateProjectAsAdmin(projectName);
List.of(ContextBuilder.from(adminContext()).branch(ContentConstants.BRANCH_DRAFT).repositoryId(projectRepoId).build(), ContextBuilder.from(adminContext()).branch(ContentConstants.BRANCH_MASTER).repositoryId(projectRepoId).build()).forEach(context -> context.runWith(() -> {
final Node rootContentNode = nodeService.getByPath(ContentConstants.CONTENT_ROOT_PATH);
final AccessControlList rootContentPermissions = rootContentNode.getPermissions();
assertTrue(rootContentPermissions.getEntry(RoleKeys.ADMIN).isAllowedAll());
assertTrue(rootContentPermissions.getEntry(RoleKeys.CONTENT_MANAGER_ADMIN).isAllowedAll());
assertTrue(rootContentPermissions.getEntry(PrincipalKey.ofRole("cms.project.test-project.owner")).isAllowedAll());
assertTrue(rootContentPermissions.getEntry(PrincipalKey.ofRole("cms.project.test-project.editor")).isAllowedAll());
assertTrue(rootContentPermissions.getEntry(PrincipalKey.ofRole("cms.project.test-project.author")).isAllowed(Permission.READ, Permission.CREATE, Permission.MODIFY, Permission.DELETE));
assertTrue(rootContentPermissions.getEntry(PrincipalKey.ofRole("cms.project.test-project.contributor")).isAllowed(Permission.READ));
assertTrue(rootContentPermissions.getEntry(PrincipalKey.ofRole("cms.project.test-project.viewer")).isAllowed(Permission.READ));
assertNull(rootContentPermissions.getEntry(RoleKeys.EVERYONE));
}));
}
Also used :
AccessControlList(com.enonic.xp.security.acl.AccessControlList)
ProjectName(com.enonic.xp.project.ProjectName)
Node(com.enonic.xp.node.Node)
RepositoryId(com.enonic.xp.repository.RepositoryId)
Test(org.junit.jupiter.api.Test)
AbstractNodeTest(com.enonic.xp.repo.impl.node.AbstractNodeTest)
Example 7 with AccessControlList
use of com.enonic.xp.security.acl.AccessControlList in project xp by enonic.
the class ProjectServiceImplTest method create_with_root_issues_permissions.
@Test
void create_with_root_issues_permissions() {
final RepositoryId projectRepoId = RepositoryId.from("com.enonic.cms.test-project");
final ProjectName projectName = ProjectName.from(projectRepoId);
doCreateProjectAsAdmin(projectName);
ContextBuilder.from(adminContext()).branch(ContentConstants.BRANCH_DRAFT).repositoryId(projectRepoId).build().runWith(() -> {
final Node rootIssuesNode = nodeService.getByPath(NodePath.create(NodePath.ROOT, "issues").build());
final AccessControlList rootContentPermissions = rootIssuesNode.getPermissions();
assertAll(() -> assertTrue(rootContentPermissions.getEntry(RoleKeys.ADMIN).isAllowedAll()), () -> assertTrue(rootContentPermissions.getEntry(RoleKeys.CONTENT_MANAGER_ADMIN).isAllowedAll()), () -> assertTrue(rootContentPermissions.isAllowedFor(PrincipalKey.ofRole("cms.project.test-project.viewer"), Permission.READ)));
PrincipalKeys.from(PrincipalKey.ofRole("cms.project.test-project.owner"), PrincipalKey.ofRole("cms.project.test-project.editor"), PrincipalKey.ofRole("cms.project.test-project.contributor"), PrincipalKey.ofRole("cms.project.test-project.author")).forEach(principalKey -> assertTrue(rootContentPermissions.isAllowedFor(principalKey, Permission.READ, Permission.CREATE, Permission.MODIFY, Permission.DELETE)));
});
}
Also used :
AccessControlList(com.enonic.xp.security.acl.AccessControlList)
ProjectName(com.enonic.xp.project.ProjectName)
Node(com.enonic.xp.node.Node)
RepositoryId(com.enonic.xp.repository.RepositoryId)
Test(org.junit.jupiter.api.Test)
AbstractNodeTest(com.enonic.xp.repo.impl.node.AbstractNodeTest)
Example 8 with AccessControlList
use of com.enonic.xp.security.acl.AccessControlList in project xp by enonic.
the class ProjectServiceImplTest method create_project_with_public_readAccess.
@Test
void create_project_with_public_readAccess() {
final RepositoryId projectRepoId = RepositoryId.from("com.enonic.cms.test-project");
final ProjectName projectName = ProjectName.from(projectRepoId);
adminContext().callWith(() -> doCreateProject(projectName, null, false, null, AccessControlList.create().add(AccessControlEntry.create().principal(RoleKeys.EVERYONE).allow(Permission.READ).build()).build()));
ContextBuilder.from(adminContext()).branch(ContentConstants.BRANCH_DRAFT).repositoryId(projectRepoId).build().runWith(() -> {
final Node rootContentNode = nodeService.getByPath(ContentConstants.CONTENT_ROOT_PATH);
final AccessControlList rootContentPermissions = rootContentNode.getPermissions();
assertTrue(rootContentPermissions.getEntry(RoleKeys.EVERYONE).isAllowed(Permission.READ));
});
}
Also used :
AccessControlList(com.enonic.xp.security.acl.AccessControlList)
ProjectName(com.enonic.xp.project.ProjectName)
Node(com.enonic.xp.node.Node)
RepositoryId(com.enonic.xp.repository.RepositoryId)
Test(org.junit.jupiter.api.Test)
AbstractNodeTest(com.enonic.xp.repo.impl.node.AbstractNodeTest)
Example 9 with AccessControlList
use of com.enonic.xp.security.acl.AccessControlList in project xp by enonic.
the class CreateContentCommandTest method mockNodeServiceCreate.
private Node mockNodeServiceCreate(final InvocationOnMock invocation) throws Throwable {
CreateNodeParams params = (CreateNodeParams) invocation.getArguments()[0];
final AccessControlList permissions = AccessControlList.create().add(AccessControlEntry.create().allowAll().principal(PrincipalKey.ofAnonymous()).build()).build();
return Node.create().id(params.getNodeId() != null ? params.getNodeId() : new NodeId()).parentPath(params.getParent()).name(NodeName.from(params.getName())).data(params.getData()).indexConfigDocument(params.getIndexConfigDocument()).childOrder(params.getChildOrder() != null ? params.getChildOrder() : ChildOrder.defaultOrder()).permissions(permissions).inheritPermissions(params.inheritPermissions()).nodeType(params.getNodeType() != null ? params.getNodeType() : NodeType.DEFAULT_NODE_COLLECTION).timestamp(Instant.now()).build();
}
Also used :
AccessControlList(com.enonic.xp.security.acl.AccessControlList)
NodeId(com.enonic.xp.node.NodeId)
CreateNodeParams(com.enonic.xp.node.CreateNodeParams)
Example 10 with AccessControlList
use of com.enonic.xp.security.acl.AccessControlList in project xp by enonic.
the class CreateNodeCommand method execute.
public Node execute() {
Preconditions.checkNotNull(params.getParent(), "Path of parent Node must be specified");
Preconditions.checkArgument(params.getParent().isAbsolute(), "Path to parent Node must be absolute: " + params.getParent());
NodeHelper.runAsAdmin(this::verifyNotExistsAlready);
final Node parentNode = NodeHelper.runAsAdmin(this::verifyParentExists);
if (parentNode == null) {
throw new NodeNotFoundException("Parent node to node with name '" + params.getName() + "' with parent path '" + params.getParent() + "' not found");
}
requireContextUserPermission(Permission.CREATE, parentNode);
final PrincipalKey user = getCurrentPrincipalKey();
final AccessControlList permissions = getAccessControlEntries(user);
final Long manualOrderValue = NodeHelper.runAsAdmin(() -> resolvePotentialManualOrderValue(parentNode));
final AttachedBinaries attachedBinaries = storeAndAttachBinaries();
final Node.Builder nodeBuilder = Node.create().id(this.params.getNodeId() != null ? params.getNodeId() : new NodeId()).parentPath(params.getParent()).name(NodeName.from(params.getName())).data(params.getData()).indexConfigDocument(params.getIndexConfigDocument()).childOrder(params.getChildOrder() != null ? params.getChildOrder() : ChildOrder.defaultOrder()).manualOrderValue(manualOrderValue).permissions(permissions).inheritPermissions(params.inheritPermissions()).nodeType(params.getNodeType() != null ? params.getNodeType() : NodeType.DEFAULT_NODE_COLLECTION).attachedBinaries(attachedBinaries).timestamp(this.timestamp != null ? this.timestamp : Instant.now(CLOCK));
final Node newNode = nodeBuilder.build();
return StoreNodeCommand.create(this).node(newNode).updateMetadataOnly(false).build().execute();
}
Also used :
AccessControlList(com.enonic.xp.security.acl.AccessControlList)
NodeNotFoundException(com.enonic.xp.node.NodeNotFoundException)
Node(com.enonic.xp.node.Node)
NodeId(com.enonic.xp.node.NodeId)
AttachedBinaries(com.enonic.xp.node.AttachedBinaries)
PrincipalKey(com.enonic.xp.security.PrincipalKey)
Aggregations
AccessControlList (com.enonic.xp.security.acl.AccessControlList)53
Test (org.junit.jupiter.api.Test)35
Node (com.enonic.xp.node.Node)26
PropertyTree (com.enonic.xp.data.PropertyTree)15
PrincipalKey (com.enonic.xp.security.PrincipalKey)8
CreateNodeParams (com.enonic.xp.node.CreateNodeParams)6
AbstractNodeTest (com.enonic.xp.repo.impl.node.AbstractNodeTest)6
AuthenticationInfo (com.enonic.xp.security.auth.AuthenticationInfo)6
AccessControlEntry (com.enonic.xp.security.acl.AccessControlEntry)5
Content (com.enonic.xp.content.Content)4
Context (com.enonic.xp.context.Context)4
PropertySet (com.enonic.xp.data.PropertySet)4
ApplyNodePermissionsParams (com.enonic.xp.node.ApplyNodePermissionsParams)4
NodeId (com.enonic.xp.node.NodeId)4
NodePath (com.enonic.xp.node.NodePath)4
FindNodesByParentParams (com.enonic.xp.node.FindNodesByParentParams)3
FindNodesByParentResult (com.enonic.xp.node.FindNodesByParentResult)3
ImportNodeResult (com.enonic.xp.node.ImportNodeResult)3
Nodes (com.enonic.xp.node.Nodes)3
UpdateNodeParams (com.enonic.xp.node.UpdateNodeParams)3
