Examples with AccessDeniedException javax.jcr.AccessDeniedException used on opensource projects

Example 76 with AccessDeniedException

use of javax.jcr.AccessDeniedException in project jackrabbit-oak by apache.

the class UserManagementTest method testChangePasswordWithoutPermission2.

@Test
public void testChangePasswordWithoutPermission2() throws Exception {
    createUser(userId);
    modify("/", PrivilegeConstants.REP_WRITE, true);
    UserManager testUserMgr = getUserManager(testSession);
    User user = (User) testUserMgr.getAuthorizable(userId);
    try {
        user.changePassword("pw2");
        testSession.save();
        fail();
    } catch (AccessDeniedException e) {
    // success
    }
}

Example 77 with AccessDeniedException

use of javax.jcr.AccessDeniedException in project jackrabbit-oak by apache.

the class UserManagementTest method testChangeUserPropertiesWithoutPermission2.

@Test
public void testChangeUserPropertiesWithoutPermission2() throws Exception {
    createUser(userId);
    // testSession has read and user-mgt permission but lacks permission to
    // alter regular properties
    modify("/", PrivilegeConstants.REP_USER_MANAGEMENT, true);
    UserManager testUserMgr = getUserManager(testSession);
    try {
        Authorizable a = testUserMgr.getAuthorizable(userId);
        a.setProperty("someProp", testSession.getValueFactory().createValue("value"));
        testSession.save();
        fail("Test session doesn't have sufficient permission to alter user properties.");
    } catch (AccessDeniedException e) {
    // success
    }
}

Example 78 with AccessDeniedException

use of javax.jcr.AccessDeniedException in project jackrabbit-oak by apache.

the class WriteTest method testAddChildNodeAndSetProperty.

@Test
public void testAddChildNodeAndSetProperty() throws Exception {
    // give 'testUser' ADD_CHILD_NODES|MODIFY_PROPERTIES privileges at 'path'
    Privilege[] privileges = privilegesFromNames(new String[] { Privilege.JCR_ADD_CHILD_NODES, Privilege.JCR_MODIFY_PROPERTIES });
    allow(path, privileges);
    /*
         testuser must now have
         - ADD_NODE permission for child node
         - SET_PROPERTY permission for child props
         - REMOVE permission for child-props
         - READ-only permission for the node at 'path'

         testuser must not have
         - REMOVE permission for child node
        */
    String nonExChildPath = path + "/anyItem";
    String actions = getActions(Session.ACTION_READ, Session.ACTION_ADD_NODE, Session.ACTION_SET_PROPERTY);
    assertTrue(testSession.hasPermission(nonExChildPath, actions));
    assertFalse(testSession.hasPermission(nonExChildPath, Session.ACTION_REMOVE));
    Node testN = testSession.getNode(path);
    // must be allowed to add child node
    testN.addNode(nodeName4);
    testSession.save();
    // must be allowed to remove child-property
    testSession.getProperty(childPPath).remove();
    testSession.save();
    // must be allowed to set child property again
    testN.setProperty(Text.getName(childPPath), "othervalue");
    testSession.save();
    // must not be allowed to remove child nodes
    try {
        testSession.getNode(childNPath).remove();
        testSession.save();
        fail("test-user is not allowed to remove a node below " + path);
    } catch (AccessDeniedException e) {
    // success
    }
    // must have read-only access on 'testN' and it's sibling
    assertTrue(testSession.hasPermission(path, Session.ACTION_READ));
    assertFalse(testSession.hasPermission(path, getActions(Session.ACTION_ADD_NODE, Session.ACTION_SET_PROPERTY, Session.ACTION_REMOVE)));
    assertReadOnly(siblingPath);
}

Example 79 with AccessDeniedException

use of javax.jcr.AccessDeniedException in project jackrabbit-oak by apache.

the class UserManagementTest method testCreateUserWithoutPermission.

@Test
public void testCreateUserWithoutPermission() throws Exception {
    UserManager testUserMgr = getUserManager(testSession);
    // testSession has read-only access
    try {
        testUserMgr.createUser(userId, "pw");
        testSession.save();
        fail("Test session doesn't have sufficient permission -> creating user should fail.");
    } catch (AccessDeniedException e) {
    // success
    }
    // testSession has write permission but no user-mgt permission
    // -> should still fail
    modify("/", PrivilegeConstants.REP_WRITE, true);
    try {
        testUserMgr.createUser(userId, "pw");
        testSession.save();
        fail("Test session doesn't have sufficient permission -> creating user should fail.");
    } catch (AccessDeniedException e) {
    // success
    }
}

Example 80 with AccessDeniedException

use of javax.jcr.AccessDeniedException in project jackrabbit-oak by apache.

the class UserManagementTest method testCreateWithoutReadAccess.

@Test
public void testCreateWithoutReadAccess() throws Exception {
    UserManager testUserMgr = getUserManager(testSession);
    deny("/", privilegesFromName(PrivilegeConstants.JCR_READ));
    allow("/", privilegesFromName(PrivilegeConstants.REP_USER_MANAGEMENT));
    try {
        Group gr = testUserMgr.createGroup(groupId);
        testSession.save();
        fail("Creating group without read-access on the folder node should fail");
    } catch (AccessDeniedException e) {
    // success
    }
}