Search in sources :

Example 1 with EffectiveRightsEntry

use of com.unboundid.ldap.sdk.unboundidds.controls.EffectiveRightsEntry in project ldapsdk by pingidentity.

the class DSEETestCase method testGetEffectiveRights.

/**
 * Tests the ability to use the get effective rights control against a Sun
 * DSEE instance.
 * <BR><BR>
 * Access to a Sun DSEE instance is required for complete processing.
 *
 * @throws  Exception  If an unexpected problem occurs.
 */
@Test()
public void testGetEffectiveRights() throws Exception {
    if (!available) {
        return;
    }
    LDAPConnection conn = getAdminDSEEConnection();
    try {
        LinkedList<Attribute> attrList = new LinkedList<Attribute>();
        attrList.addAll(Arrays.asList(getBaseEntryAttributes()));
        attrList.add(new Attribute("aci", "(targetattr=\"*\")(version 3.0; acl \"Admin Rights\"; allow " + "(all) userdn=\"ldap:///uid=admin," + getTestBaseDN() + "\";)", "(targetattr=\"*\")(version 3.0; acl \"Proxy Rights\"; allow " + "(proxy) userdn=\"ldap:///uid=proxy," + getTestBaseDN() + "\";)"));
        conn.add(getTestBaseDN(), attrList);
        conn.add("dn: uid=admin," + getTestBaseDN(), "objectClass: top", "objectClass: person", "objectClass: organizationalPerson", "objectClass: inetOrgPerson", "uid: admin", "givenName: Admin", "sn: User", "cn: Admin User", "userPassword: password");
        conn.add("dn: uid=proxy," + getTestBaseDN(), "objectClass: top", "objectClass: person", "objectClass: organizationalPerson", "objectClass: inetOrgPerson", "uid: proxy", "givenName: Proxy", "sn: User", "cn: Proxy User", "userPassword: password");
        conn.add("dn: ou=test," + getTestBaseDN(), "objectClass: top", "objectClass: organizationalUnit", "ou: test", "description: foo");
        // Test effective rights for the admin user without any attributes.
        SearchRequest searchRequest = new SearchRequest("ou=test," + getTestBaseDN(), SearchScope.BASE, "(objectClass=*)", "aclRights");
        searchRequest.addControl(new GetEffectiveRightsRequestControl("dn:uid=admin," + getTestBaseDN()));
        SearchResult searchResult = conn.search(searchRequest);
        assertEquals(searchResult.getResultCode(), ResultCode.SUCCESS);
        assertEquals(searchResult.getEntryCount(), 1);
        EffectiveRightsEntry e = new EffectiveRightsEntry(searchResult.getSearchEntries().get(0));
        assertNotNull(e);
        Set<EntryRight> entryRights = e.getEntryRights();
        assertTrue(entryRights.contains(EntryRight.ADD));
        assertTrue(entryRights.contains(EntryRight.DELETE));
        assertTrue(entryRights.contains(EntryRight.READ));
        assertTrue(entryRights.contains(EntryRight.WRITE));
        assertFalse(entryRights.contains(EntryRight.PROXY));
        // Test effective rights for the admin user with an attribute.
        searchRequest = new SearchRequest("ou=test," + getTestBaseDN(), SearchScope.BASE, "(objectClass=*)", "aclRights", "description");
        searchRequest.addControl(new GetEffectiveRightsRequestControl("dn:uid=admin," + getTestBaseDN(), "description"));
        searchResult = conn.search(searchRequest);
        assertEquals(searchResult.getResultCode(), ResultCode.SUCCESS);
        assertEquals(searchResult.getEntryCount(), 1);
        e = new EffectiveRightsEntry(searchResult.getSearchEntries().get(0));
        assertNotNull(e);
        entryRights = e.getEntryRights();
        assertTrue(entryRights.contains(EntryRight.ADD));
        assertTrue(entryRights.contains(EntryRight.DELETE));
        assertTrue(entryRights.contains(EntryRight.READ));
        assertTrue(entryRights.contains(EntryRight.WRITE));
        assertFalse(entryRights.contains(EntryRight.PROXY));
        Set<AttributeRight> attrRights = e.getAttributeRights("description");
        assertTrue(attrRights.contains(AttributeRight.READ));
        assertTrue(attrRights.contains(AttributeRight.SEARCH));
        assertTrue(attrRights.contains(AttributeRight.COMPARE));
        assertTrue(attrRights.contains(AttributeRight.WRITE));
        assertTrue(attrRights.contains(AttributeRight.SELFWRITE_ADD));
        assertFalse(attrRights.contains(AttributeRight.PROXY));
        // Test effective rights for the proxy user without any attributes.
        searchRequest = new SearchRequest("ou=test," + getTestBaseDN(), SearchScope.BASE, "(objectClass=*)", "aclRights");
        searchRequest.addControl(new GetEffectiveRightsRequestControl("dn:uid=proxy," + getTestBaseDN()));
        searchResult = conn.search(searchRequest);
        assertEquals(searchResult.getResultCode(), ResultCode.SUCCESS);
        assertEquals(searchResult.getEntryCount(), 1);
        e = new EffectiveRightsEntry(searchResult.getSearchEntries().get(0));
        assertNotNull(e);
        entryRights = e.getEntryRights();
        assertTrue(entryRights.contains(EntryRight.PROXY));
        // Test effective rights for the proxy user with an attribute.
        searchRequest = new SearchRequest("ou=test," + getTestBaseDN(), SearchScope.BASE, "(objectClass=*)", "aclRights", "description");
        searchRequest.addControl(new GetEffectiveRightsRequestControl("dn:uid=proxy," + getTestBaseDN(), "description"));
        searchResult = conn.search(searchRequest);
        assertEquals(searchResult.getResultCode(), ResultCode.SUCCESS);
        assertEquals(searchResult.getEntryCount(), 1);
        e = new EffectiveRightsEntry(searchResult.getSearchEntries().get(0));
        assertNotNull(e);
        entryRights = e.getEntryRights();
        assertTrue(entryRights.contains(EntryRight.PROXY));
        attrRights = e.getAttributeRights("description");
        assertTrue(attrRights.contains(AttributeRight.PROXY));
        conn.delete("uid=admin," + getTestBaseDN());
        conn.delete("uid=proxy," + getTestBaseDN());
        conn.delete("ou=test," + getTestBaseDN());
        conn.delete(getTestBaseDN());
    } finally {
        conn.close();
    }
}
Also used : AttributeRight(com.unboundid.ldap.sdk.unboundidds.controls.AttributeRight) EffectiveRightsEntry(com.unboundid.ldap.sdk.unboundidds.controls.EffectiveRightsEntry) EntryRight(com.unboundid.ldap.sdk.unboundidds.controls.EntryRight) GetEffectiveRightsRequestControl(com.unboundid.ldap.sdk.unboundidds.controls.GetEffectiveRightsRequestControl) LinkedList(java.util.LinkedList) Test(org.testng.annotations.Test)

Aggregations

AttributeRight (com.unboundid.ldap.sdk.unboundidds.controls.AttributeRight)1 EffectiveRightsEntry (com.unboundid.ldap.sdk.unboundidds.controls.EffectiveRightsEntry)1 EntryRight (com.unboundid.ldap.sdk.unboundidds.controls.EntryRight)1 GetEffectiveRightsRequestControl (com.unboundid.ldap.sdk.unboundidds.controls.GetEffectiveRightsRequestControl)1 LinkedList (java.util.LinkedList)1 Test (org.testng.annotations.Test)1