use of com.unboundid.ldap.sdk.unboundidds.controls.EffectiveRightsEntry in project ldapsdk by pingidentity.
the class DSEETestCase method testGetEffectiveRights.
/**
* Tests the ability to use the get effective rights control against a Sun
* DSEE instance.
* <BR><BR>
* Access to a Sun DSEE instance is required for complete processing.
*
* @throws Exception If an unexpected problem occurs.
*/
@Test()
public void testGetEffectiveRights() throws Exception {
if (!available) {
return;
}
LDAPConnection conn = getAdminDSEEConnection();
try {
LinkedList<Attribute> attrList = new LinkedList<Attribute>();
attrList.addAll(Arrays.asList(getBaseEntryAttributes()));
attrList.add(new Attribute("aci", "(targetattr=\"*\")(version 3.0; acl \"Admin Rights\"; allow " + "(all) userdn=\"ldap:///uid=admin," + getTestBaseDN() + "\";)", "(targetattr=\"*\")(version 3.0; acl \"Proxy Rights\"; allow " + "(proxy) userdn=\"ldap:///uid=proxy," + getTestBaseDN() + "\";)"));
conn.add(getTestBaseDN(), attrList);
conn.add("dn: uid=admin," + getTestBaseDN(), "objectClass: top", "objectClass: person", "objectClass: organizationalPerson", "objectClass: inetOrgPerson", "uid: admin", "givenName: Admin", "sn: User", "cn: Admin User", "userPassword: password");
conn.add("dn: uid=proxy," + getTestBaseDN(), "objectClass: top", "objectClass: person", "objectClass: organizationalPerson", "objectClass: inetOrgPerson", "uid: proxy", "givenName: Proxy", "sn: User", "cn: Proxy User", "userPassword: password");
conn.add("dn: ou=test," + getTestBaseDN(), "objectClass: top", "objectClass: organizationalUnit", "ou: test", "description: foo");
// Test effective rights for the admin user without any attributes.
SearchRequest searchRequest = new SearchRequest("ou=test," + getTestBaseDN(), SearchScope.BASE, "(objectClass=*)", "aclRights");
searchRequest.addControl(new GetEffectiveRightsRequestControl("dn:uid=admin," + getTestBaseDN()));
SearchResult searchResult = conn.search(searchRequest);
assertEquals(searchResult.getResultCode(), ResultCode.SUCCESS);
assertEquals(searchResult.getEntryCount(), 1);
EffectiveRightsEntry e = new EffectiveRightsEntry(searchResult.getSearchEntries().get(0));
assertNotNull(e);
Set<EntryRight> entryRights = e.getEntryRights();
assertTrue(entryRights.contains(EntryRight.ADD));
assertTrue(entryRights.contains(EntryRight.DELETE));
assertTrue(entryRights.contains(EntryRight.READ));
assertTrue(entryRights.contains(EntryRight.WRITE));
assertFalse(entryRights.contains(EntryRight.PROXY));
// Test effective rights for the admin user with an attribute.
searchRequest = new SearchRequest("ou=test," + getTestBaseDN(), SearchScope.BASE, "(objectClass=*)", "aclRights", "description");
searchRequest.addControl(new GetEffectiveRightsRequestControl("dn:uid=admin," + getTestBaseDN(), "description"));
searchResult = conn.search(searchRequest);
assertEquals(searchResult.getResultCode(), ResultCode.SUCCESS);
assertEquals(searchResult.getEntryCount(), 1);
e = new EffectiveRightsEntry(searchResult.getSearchEntries().get(0));
assertNotNull(e);
entryRights = e.getEntryRights();
assertTrue(entryRights.contains(EntryRight.ADD));
assertTrue(entryRights.contains(EntryRight.DELETE));
assertTrue(entryRights.contains(EntryRight.READ));
assertTrue(entryRights.contains(EntryRight.WRITE));
assertFalse(entryRights.contains(EntryRight.PROXY));
Set<AttributeRight> attrRights = e.getAttributeRights("description");
assertTrue(attrRights.contains(AttributeRight.READ));
assertTrue(attrRights.contains(AttributeRight.SEARCH));
assertTrue(attrRights.contains(AttributeRight.COMPARE));
assertTrue(attrRights.contains(AttributeRight.WRITE));
assertTrue(attrRights.contains(AttributeRight.SELFWRITE_ADD));
assertFalse(attrRights.contains(AttributeRight.PROXY));
// Test effective rights for the proxy user without any attributes.
searchRequest = new SearchRequest("ou=test," + getTestBaseDN(), SearchScope.BASE, "(objectClass=*)", "aclRights");
searchRequest.addControl(new GetEffectiveRightsRequestControl("dn:uid=proxy," + getTestBaseDN()));
searchResult = conn.search(searchRequest);
assertEquals(searchResult.getResultCode(), ResultCode.SUCCESS);
assertEquals(searchResult.getEntryCount(), 1);
e = new EffectiveRightsEntry(searchResult.getSearchEntries().get(0));
assertNotNull(e);
entryRights = e.getEntryRights();
assertTrue(entryRights.contains(EntryRight.PROXY));
// Test effective rights for the proxy user with an attribute.
searchRequest = new SearchRequest("ou=test," + getTestBaseDN(), SearchScope.BASE, "(objectClass=*)", "aclRights", "description");
searchRequest.addControl(new GetEffectiveRightsRequestControl("dn:uid=proxy," + getTestBaseDN(), "description"));
searchResult = conn.search(searchRequest);
assertEquals(searchResult.getResultCode(), ResultCode.SUCCESS);
assertEquals(searchResult.getEntryCount(), 1);
e = new EffectiveRightsEntry(searchResult.getSearchEntries().get(0));
assertNotNull(e);
entryRights = e.getEntryRights();
assertTrue(entryRights.contains(EntryRight.PROXY));
attrRights = e.getAttributeRights("description");
assertTrue(attrRights.contains(AttributeRight.PROXY));
conn.delete("uid=admin," + getTestBaseDN());
conn.delete("uid=proxy," + getTestBaseDN());
conn.delete("ou=test," + getTestBaseDN());
conn.delete(getTestBaseDN());
} finally {
conn.close();
}
}
Aggregations