Search in sources :

Example 26 with AccessControlList

use of com.enonic.xp.security.acl.AccessControlList in project xp by enonic.

the class AccessControlListIndexDocumentFactoryTest method single_user_all_permissions.

@Test
public void single_user_all_permissions() throws Exception {
    final AccessControlList acl = AccessControlList.create().add(AccessControlEntry.create().allow(Permission.READ).allow(Permission.PUBLISH).allow(Permission.WRITE_PERMISSIONS).allow(Permission.READ_PERMISSIONS).allow(Permission.MODIFY).allow(Permission.CREATE).allow(Permission.DELETE).principal(PrincipalKey.from("user:myidprovider:rmy")).build()).build();
    final List<IndexItem> aclStoreDocumentItems = AccessControlListStoreDocumentFactory.create(acl);
    assertEquals(7, aclStoreDocumentItems.size());
}
Also used : AccessControlList(com.enonic.xp.security.acl.AccessControlList) IndexItem(com.enonic.xp.repo.impl.elasticsearch.document.indexitem.IndexItem) Test(org.junit.jupiter.api.Test)

Example 27 with AccessControlList

use of com.enonic.xp.security.acl.AccessControlList in project xp by enonic.

the class NodeVersionJsonDumpSerializerTest method serialize_deserialize.

@Test
public void serialize_deserialize() throws Exception {
    PropertyTree nodeData = new PropertyTree();
    nodeData.setDouble("a.b.c", 2.0);
    nodeData.setLocalDate("b", LocalDate.of(2013, 1, 2));
    nodeData.setString("c", "runar");
    nodeData.setLocalDateTime("d", LocalDateTime.of(2013, 1, 2, 3, 4, 5, 0));
    nodeData.setBinaryReference("e", BinaryReference.from("myImage1"));
    nodeData.setBinaryReference("f", BinaryReference.from("myImage2"));
    final AccessControlEntry entry1 = AccessControlEntry.create().principal(PrincipalKey.ofAnonymous()).allow(Permission.READ).deny(Permission.DELETE).build();
    final AccessControlEntry entry2 = AccessControlEntry.create().principal(PrincipalKey.ofUser(IdProviderKey.system(), "user1")).allow(Permission.MODIFY).deny(Permission.PUBLISH).build();
    AccessControlList acl = AccessControlList.create().add(entry1).add(entry2).build();
    IndexValueProcessor indexValueProcessor = new IndexValueProcessor() {

        @Override
        public Value process(final Value value) {
            return value;
        }

        @Override
        public String getName() {
            return "indexValueProcessor";
        }
    };
    IndexConfig indexConfig = IndexConfig.create().enabled(true).fulltext(true).nGram(true).decideByType(false).includeInAllText(true).path(true).addIndexValueProcessor(indexValueProcessor).addIndexValueProcessor(indexValueProcessor).build();
    NodeVersion nodeVersion = NodeVersion.create().id(NodeId.from("myId")).indexConfigDocument(PatternIndexConfigDocument.create().analyzer("myAnalyzer").defaultConfig(IndexConfig.MINIMAL).add("myPath", indexConfig).build()).data(nodeData).childOrder(ChildOrder.create().add(FieldOrderExpr.create(IndexPath.from("modifiedTime"), OrderExpr.Direction.ASC)).add(FieldOrderExpr.create(IndexPath.from("displayName"), OrderExpr.Direction.DESC)).build()).permissions(acl).nodeType(NodeType.from("myNodeType")).attachedBinaries(AttachedBinaries.create().add(new AttachedBinary(BinaryReference.from("myImage1"), "a")).add(new AttachedBinary(BinaryReference.from("myImage2"), "b")).build()).build();
    final String expectedNodeStr = readJson("serialized-node.json");
    final String expectedIndexConfigStr = readJson("serialized-index.json");
    final String expectedAccessControlStr = readJson("serialized-access.json");
    final String serializedNode = new String(this.serializer.toNodeString(nodeVersion), StandardCharsets.UTF_8);
    final String serializedIndexConfig = new String(this.serializer.toIndexConfigDocumentString(nodeVersion), StandardCharsets.UTF_8);
    final String serializedAccessControl = new String(this.serializer.toAccessControlString(nodeVersion), StandardCharsets.UTF_8);
    assertEquals(expectedNodeStr, serializedNode);
    assertEquals(expectedIndexConfigStr, serializedIndexConfig);
    assertEquals(expectedAccessControlStr, serializedAccessControl);
    final NodeVersion deSerializedNode = this.serializer.toNodeVersion(expectedNodeStr.getBytes(StandardCharsets.UTF_8), expectedIndexConfigStr.getBytes(StandardCharsets.UTF_8), expectedAccessControlStr.getBytes(StandardCharsets.UTF_8));
    assertEquals(nodeVersion, deSerializedNode);
}
Also used : AccessControlList(com.enonic.xp.security.acl.AccessControlList) NodeVersion(com.enonic.xp.node.NodeVersion) IndexConfig(com.enonic.xp.index.IndexConfig) PropertyTree(com.enonic.xp.data.PropertyTree) Value(com.enonic.xp.data.Value) AccessControlEntry(com.enonic.xp.security.acl.AccessControlEntry) IndexValueProcessor(com.enonic.xp.index.IndexValueProcessor) AttachedBinary(com.enonic.xp.node.AttachedBinary) Test(org.junit.jupiter.api.Test)

Example 28 with AccessControlList

use of com.enonic.xp.security.acl.AccessControlList in project xp by enonic.

the class ModifyNodeExecutorTest method update_permissions.

@Test
public void update_permissions() throws Exception {
    final Node originalNode = Node.create().name("myNode").parentPath(NodePath.ROOT).permissions(AccessControlList.empty()).build();
    final EditableNode editableNode = new EditableNode(originalNode);
    final PropertyTree updateScript = new PropertyTree();
    final PropertySet propertySet = new PropertySet();
    propertySet.setString("principal", "role:newRole");
    propertySet.addString("allow", "READ");
    propertySet.addString("allow", "MODIFY");
    updateScript.addSet("_permissions", propertySet);
    ModifyNodeExecutor.create().editableNode(editableNode).propertyTree(updateScript).build().execute();
    final AccessControlList newPermissions = AccessControlList.create().add(AccessControlEntry.create().principal(PrincipalKey.from("role:newRole")).allow(Permission.READ, Permission.MODIFY).build()).build();
    assertEquals(newPermissions, editableNode.permissions);
}
Also used : AccessControlList(com.enonic.xp.security.acl.AccessControlList) Node(com.enonic.xp.node.Node) EditableNode(com.enonic.xp.node.EditableNode) PropertyTree(com.enonic.xp.data.PropertyTree) PropertySet(com.enonic.xp.data.PropertySet) EditableNode(com.enonic.xp.node.EditableNode) Test(org.junit.jupiter.api.Test)

Example 29 with AccessControlList

use of com.enonic.xp.security.acl.AccessControlList in project xp by enonic.

the class PermissionsFactoryTest method full.

@Test
public void full() throws Exception {
    final AccessControlList acl = create(" { \"_permissions\": [\n" + "        {\n" + "            \"principal\": \"user:system:anonymous\",\n" + "            \"allow\": [\n" + "                \"READ\"\n" + "            ],\n" + "            \"deny\": []\n" + "        },\n" + "        {\n" + "            \"principal\": \"role:admin\",\n" + "            \"allow\": [\n" + "                \"READ\",\n" + "                \"CREATE\",\n" + "                \"MODIFY\",\n" + "                \"DELETE\",\n" + "                \"PUBLISH\",\n" + "                \"READ_PERMISSIONS\",\n" + "                \"WRITE_PERMISSIONS\"\n" + "            ],\n" + "            \"deny\": []\n" + "        },\n" + "        {\n" + "            \"principal\": \"role:everyone\",\n" + "            \"allow\": [\n" + "                \"READ\"\n" + "            ],\n" + "            \"deny\": [" + "               \"DELETE\"\n " + "            ]" + "        },\n" + "        {\n" + "            \"principal\": \"role:authenticated\",\n" + "            \"deny\": [" + "               \"DELETE\"\n " + "            ]" + "        }\n" + "    ]" + "}");
    assertNotNull(acl);
    checkAllowed(acl, "role:everyone", Permission.READ);
    checkDenied(acl, "role:everyone", Permission.CREATE, Permission.DELETE, Permission.MODIFY, Permission.MODIFY);
    checkAllowed(acl, "user:system:anonymous", Permission.READ);
    checkDenied(acl, "user:system:anonymous", Permission.CREATE, Permission.DELETE, Permission.MODIFY, Permission.MODIFY);
    checkAllowed(acl, "role:admin", Permission.READ, Permission.MODIFY, Permission.CREATE, Permission.DELETE, Permission.PUBLISH);
    checkAllowed(acl, "role:authenticated", Permission.READ, Permission.MODIFY, Permission.CREATE, Permission.PUBLISH);
    checkDenied(acl, "role:authenticated", Permission.DELETE);
}
Also used : AccessControlList(com.enonic.xp.security.acl.AccessControlList) Test(org.junit.jupiter.api.Test)

Example 30 with AccessControlList

use of com.enonic.xp.security.acl.AccessControlList in project xp by enonic.

the class PermissionsFactoryTest method empty.

@Test
public void empty() throws Exception {
    final AccessControlList acl = create("{}");
    assertNotNull(acl);
    checkAllowed(acl, RoleKeys.ADMIN.toString(), Permission.READ, Permission.MODIFY, Permission.CREATE, Permission.DELETE, Permission.PUBLISH);
    checkAllowed(acl, RoleKeys.EVERYONE.toString(), Permission.READ);
}
Also used : AccessControlList(com.enonic.xp.security.acl.AccessControlList) Test(org.junit.jupiter.api.Test)

Aggregations

AccessControlList (com.enonic.xp.security.acl.AccessControlList)53 Test (org.junit.jupiter.api.Test)35 Node (com.enonic.xp.node.Node)26 PropertyTree (com.enonic.xp.data.PropertyTree)15 PrincipalKey (com.enonic.xp.security.PrincipalKey)8 CreateNodeParams (com.enonic.xp.node.CreateNodeParams)6 AbstractNodeTest (com.enonic.xp.repo.impl.node.AbstractNodeTest)6 AuthenticationInfo (com.enonic.xp.security.auth.AuthenticationInfo)6 AccessControlEntry (com.enonic.xp.security.acl.AccessControlEntry)5 Content (com.enonic.xp.content.Content)4 Context (com.enonic.xp.context.Context)4 PropertySet (com.enonic.xp.data.PropertySet)4 ApplyNodePermissionsParams (com.enonic.xp.node.ApplyNodePermissionsParams)4 NodeId (com.enonic.xp.node.NodeId)4 NodePath (com.enonic.xp.node.NodePath)4 FindNodesByParentParams (com.enonic.xp.node.FindNodesByParentParams)3 FindNodesByParentResult (com.enonic.xp.node.FindNodesByParentResult)3 ImportNodeResult (com.enonic.xp.node.ImportNodeResult)3 Nodes (com.enonic.xp.node.Nodes)3 UpdateNodeParams (com.enonic.xp.node.UpdateNodeParams)3