use of javax.jcr.AccessDeniedException in project jackrabbit-oak by apache.
the class WritePropertyTest method testAddProperty.
@Test
public void testAddProperty() throws Exception {
// grant 'testUser' ADD_PROPERTIES privileges at 'path'
Privilege[] privileges = privilegesFromNames(new String[] { "rep:addProperties" });
allow(path, privileges);
/*
testuser must now have
- ADD_PROPERTIES permission
- no other write permission
*/
assertHasPrivilege(path, Privilege.JCR_MODIFY_PROPERTIES, false);
assertHasPrivilege(path, "rep:addProperties", true);
assertHasPrivilege(path, "rep:removeProperties", false);
assertHasPrivilege(path, "rep:alterProperties", false);
// set_property action for non-existing property is translated to "add_properties" permission
String propertyPath = path + "/newProperty";
assertTrue(testSession.hasPermission(propertyPath, Session.ACTION_SET_PROPERTY));
// creating the property must succeed
Node testN = testSession.getNode(path);
testN.setProperty("newProperty", "value");
testSession.save();
// now property exists -> 'set_property' actions is no longer granted
assertFalse(testSession.hasPermission(propertyPath, Session.ACTION_SET_PROPERTY));
assertFalse(testSession.hasPermission(propertyPath, Session.ACTION_REMOVE));
// modifying or removing the new property must fail
try {
testN.setProperty("newProperty", "modified");
testSession.save();
fail();
} catch (AccessDeniedException e) {
// success
}
try {
testN.getProperty("newProperty").setValue("modified");
testSession.save();
fail();
} catch (AccessDeniedException e) {
// success
}
try {
testN.setProperty("newProperty", (String) null);
testSession.save();
fail();
} catch (AccessDeniedException e) {
// success
testSession.refresh(false);
}
try {
testN.getProperty("newProperty").remove();
testSession.save();
fail();
} catch (AccessDeniedException e) {
// success
testSession.refresh(false);
}
}
use of javax.jcr.AccessDeniedException in project jackrabbit-oak by apache.
the class WritePropertyTest method testModifyProperty.
@Test
public void testModifyProperty() throws Exception {
// grant 'testUser' ALTER_PROPERTIES privileges at 'path'
Privilege[] privileges = privilegesFromNames(new String[] { "rep:alterProperties" });
allow(path, privileges);
/*
testuser must now have
- MODIFY_PROPERTY_PROPERTIES permission
- no other write permission
*/
assertHasPrivilege(path, Privilege.JCR_MODIFY_PROPERTIES, false);
assertHasPrivilege(path, "rep:addProperties", false);
assertHasPrivilege(path, "rep:removeProperties", false);
assertHasPrivilege(path, "rep:alterProperties", true);
// set_property action for non-existing property is translated to
// "add_properties" permission
String propertyPath = path + "/newProperty";
assertFalse(testSession.hasPermission(propertyPath, Session.ACTION_SET_PROPERTY));
// creating a new property must fail
Node testN = testSession.getNode(path);
try {
testN.setProperty("newProperty", "value");
testSession.save();
fail();
} catch (AccessDeniedException e) {
// success
testSession.refresh(false);
}
superuser.getNode(path).setProperty("newProperty", "value");
superuser.save();
testSession.refresh(false);
// property exists -> 'set_property' actions is granted, 'remove' is denied
assertTrue(testSession.hasPermission(propertyPath, Session.ACTION_SET_PROPERTY));
assertFalse(testSession.hasPermission(propertyPath, Session.ACTION_REMOVE));
// modifying the new property must succeed
testN.setProperty("newProperty", "modified");
testSession.save();
testN.getProperty("newProperty").setValue("modified2");
testSession.save();
// removing the property must fail
try {
testN.setProperty("newProperty", (String) null);
testSession.save();
fail();
} catch (AccessDeniedException e) {
// success
testSession.refresh(false);
}
try {
testN.getProperty("newProperty").remove();
testSession.save();
fail();
} catch (AccessDeniedException e) {
// success
testSession.refresh(false);
}
}
use of javax.jcr.AccessDeniedException in project jackrabbit-oak by apache.
the class VersionManagementTest method testCheckInCheckout.
@Test
public void testCheckInCheckout() throws Exception {
modify(path, REP_WRITE, true);
modify(path, Privilege.JCR_VERSION_MANAGEMENT, false);
Node n = createVersionableNode(superuser.getNode(path));
try {
testSession.refresh(false);
Node testNode = testSession.getNode(n.getPath());
testNode.checkin();
fail("Missing jcr:versionManagement privilege -> checkin/checkout must fail.");
} catch (AccessDeniedException e) {
// success
// ... but the property must not be modified nor indicating
// checkedIn status
Property p = n.getProperty("jcr:isCheckedOut");
assertFalse(p.isModified());
assertTrue(n.getProperty("jcr:isCheckedOut").getValue().getBoolean());
}
}
use of javax.jcr.AccessDeniedException in project jackrabbit-oak by apache.
the class UserManagementTest method testDisableUserWithoutPermission2.
@Test
public void testDisableUserWithoutPermission2() throws Exception {
createUser(userId);
modify("/", PrivilegeConstants.REP_WRITE, true);
UserManager testUserMgr = getUserManager(testSession);
User user = (User) testUserMgr.getAuthorizable(userId);
try {
user.disable("disabled!");
testSession.save();
fail();
} catch (AccessDeniedException e) {
// success
}
}
use of javax.jcr.AccessDeniedException in project jackrabbit-oak by apache.
the class UserManagementTest method testChangeUserPropertiesWithoutPermission.
@Test
public void testChangeUserPropertiesWithoutPermission() throws Exception {
createUser(userId);
// testSession has read-only access
UserManager testUserMgr = getUserManager(testSession);
try {
Authorizable a = testUserMgr.getAuthorizable(userId);
a.setProperty("someProp", testSession.getValueFactory().createValue("value"));
testSession.save();
fail("Test session doesn't have sufficient permission to alter user properties.");
} catch (AccessDeniedException e) {
// success
}
}
Aggregations