Examples with Session javax.jcr.Session used on opensource projects

Example 96 with Session

use of javax.jcr.Session in project jackrabbit by apache.

the class AcReadWriteTest method testAccessControlPrivileges.

public void testAccessControlPrivileges() throws RepositoryException, NotExecutableException {
    /* precondition:
          testuser must have READ-only permission on test-node and below
        */
    checkReadOnly(path);
    /* grant 'testUser' rep:write, rep:readAccessControl and
           rep:modifyAccessControl privileges at 'path' */
    Privilege[] privileges = privilegesFromNames(new String[] { PrivilegeRegistry.REP_WRITE, Privilege.JCR_READ_ACCESS_CONTROL, Privilege.JCR_MODIFY_ACCESS_CONTROL });
    JackrabbitAccessControlList tmpl = givePrivileges(path, privileges, getRestrictions(superuser, path));
    Session testSession = getTestSession();
    AccessControlManager testAcMgr = getTestACManager();
    /*
         testuser must have
         - permission to view AC items
         - permission to modify AC items
        */
    // the policy node however must be visible to the test-user
    assertTrue(testSession.itemExists(tmpl.getPath() + "/rep:policy"));
    testAcMgr.getPolicies(tmpl.getPath());
    testAcMgr.removePolicy(tmpl.getPath(), tmpl);
}

Example 97 with Session

use of javax.jcr.Session in project jackrabbit by apache.

the class MoveTest method testMoveWithDifferentEffectiveAc.

public void testMoveWithDifferentEffectiveAc() throws Exception {
    Session testSession = getTestSession();
    AccessControlManager testAcMgr = getTestACManager();
    ValueFactory vf = superuser.getValueFactory();
    /*
        precondition:
        testuser must have READ-only permission on test-node and below
        */
    checkReadOnly(path);
    checkReadOnly(childNPath);
    Node node3 = superuser.getNode(childNPath).addNode(nodeName3);
    superuser.save();
    String node3Path = node3.getPath();
    Privilege[] privileges = privilegesFromName(NameConstants.JCR_READ.toString());
    // @path read is denied, @childNode its allowed again
    withdrawPrivileges(path, privileges, getRestrictions(superuser, path));
    givePrivileges(childNPath, privileges, getRestrictions(superuser, childNPath));
    assertTrue(testSession.nodeExists(node3Path));
    assertTrue(testAcMgr.hasPrivileges(node3Path, privileges));
    // move the ancestor node
    String movedPath = path + "/movedNode";
    superuser.move(node3Path, movedPath);
    superuser.save();
    // expected behavior:
    // due to move node3 should not e visible any more
    assertFalse(testSession.nodeExists(movedPath));
    assertFalse(testAcMgr.hasPrivileges(movedPath, privileges));
}

Example 98 with Session

use of javax.jcr.Session in project jackrabbit by apache.

the class RestrictionTest method testHasPermissionWithRestrictions.

/**
     * Tests if the restriction are active at the proper place
     */
public void testHasPermissionWithRestrictions() throws Exception {
    // create permissions
    // allow rep:write      /testroot
    // deny  jcr:removeNode /testroot/a  glob=*/c
    // allow jcr:removeNode /testroot/a  glob=*/b
    // allow jcr:removeNode /testroot/a  glob=*/c/*
    addEntry(path_root, true, "", Privilege.JCR_READ, Privilege.JCR_WRITE);
    addEntry(path_a, false, "*/c", Privilege.JCR_REMOVE_NODE);
    addEntry(path_a, true, "*/b", Privilege.JCR_REMOVE_NODE);
    addEntry(path_a, true, "*/c/*", Privilege.JCR_REMOVE_NODE);
    Session testSession = getTestSession();
    try {
        AccessControlManager acMgr = getAccessControlManager(testSession);
        assertFalse("user should not have remove node on /a/b/c", acMgr.hasPrivileges(path_c, AccessControlUtils.privilegesFromNames(acMgr, Privilege.JCR_REMOVE_NODE)));
        assertTrue("user should have remove node on /a/b", acMgr.hasPrivileges(path_b, AccessControlUtils.privilegesFromNames(acMgr, Privilege.JCR_REMOVE_NODE)));
        assertTrue("user should have remove node on /a/b/c/d", acMgr.hasPrivileges(path_d, AccessControlUtils.privilegesFromNames(acMgr, Privilege.JCR_REMOVE_NODE)));
        // should be able to remove /a/b/c/d
        testSession.getNode(path_d).remove();
        testSession.save();
        try {
            testSession.getNode(path_c).remove();
            testSession.save();
            fail("removing node on /a/b/c should fail");
        } catch (RepositoryException e) {
        // all ok
        }
    } finally {
        testSession.logout();
    }
}

Example 99 with Session

use of javax.jcr.Session in project jackrabbit by apache.

the class WriteTest method testRemoveNodeWithPolicy.

public void testRemoveNodeWithPolicy() throws Exception {
    Privilege[] privileges = privilegesFromNames(new String[] { Privilege.JCR_READ, Privilege.JCR_WRITE });
    /* allow READ/WRITE privilege for testUser at 'path' */
    givePrivileges(path, testUser.getPrincipal(), privileges, getRestrictions(superuser, path));
    /* allow READ/WRITE privilege for testUser at 'childPath' */
    givePrivileges(childNPath, testUser.getPrincipal(), privileges, getRestrictions(superuser, path));
    Session testSession = getTestSession();
    assertTrue(testSession.nodeExists(childNPath));
    assertTrue(testSession.hasPermission(childNPath, Session.ACTION_REMOVE));
    Node n = testSession.getNode(childNPath);
    // removing the child node must succeed as both remove-node and
    // remove-child-nodes are granted to testsession.
    // the policy node underneath childNPath should silently be removed
    // as the editing session has no knowledge about it's existence.
    n.remove();
    testSession.save();
}

Example 100 with Session

use of javax.jcr.Session in project jackrabbit by apache.

the class ReadTest method testEmptyGlobRestriction2.

/**
     * @see <a href="https://issues.apache.org/jira/browse/OAK-2412">OAK-2412</a>
     */
@Test
public void testEmptyGlobRestriction2() throws Exception {
    Node grandchild = superuser.getNode(childNPath).addNode("child");
    String ccPath = grandchild.getPath();
    superuser.save();
    // first deny access to 'path' (read-access is granted in the test setup)
    Privilege[] read = privilegesFromName(Privilege.JCR_READ);
    withdrawPrivileges(path, read, Collections.EMPTY_MAP);
    Session testSession = getTestSession();
    assertFalse(testSession.nodeExists(path));
    assertFalse(canGetNode(testSession, path));
    assertFalse(testSession.nodeExists(childNPath));
    assertFalse(canGetNode(testSession, childNPath));
    assertFalse(testSession.nodeExists(ccPath));
    assertFalse(canGetNode(testSession, ccPath));
    assertFalse(testSession.propertyExists(childNPath + '/' + JcrConstants.JCR_PRIMARYTYPE));
    Map<String, Value> emptyStringRestriction = new HashMap<String, Value>(getRestrictions(superuser, path));
    emptyStringRestriction.put(AccessControlConstants.P_GLOB.toString(), vf.createValue(""));
    givePrivileges(path, read, emptyStringRestriction);
    assertTrue(testSession.nodeExists(path));
    assertTrue(canGetNode(testSession, path));
    assertFalse(testSession.nodeExists(childNPath));
    assertFalse(canGetNode(testSession, childNPath));
    assertFalse(testSession.nodeExists(ccPath));
    assertFalse(canGetNode(testSession, ccPath));
    assertFalse(testSession.propertyExists(childNPath + '/' + JcrConstants.JCR_PRIMARYTYPE));
}