Examples with Value javax.jcr.Value used on opensource projects

Example 51 with Value

use of javax.jcr.Value in project jackrabbit by apache.

the class AcReadWriteTest method testReadAccessControl.

public void testReadAccessControl() throws NotExecutableException, RepositoryException {
    /* precondition:
          testuser must have READ-only permission on test-node and below
        */
    checkReadOnly(path);
    /* give 'testUser' jcr:readAccessControl privileges at subtree below
           path excluding the node at path itself. */
    Privilege[] privileges = privilegesFromNames(new String[] { Privilege.JCR_READ_ACCESS_CONTROL });
    Map<String, Value> restrictions = new HashMap<String, Value>(getRestrictions(superuser, path));
    restrictions.put(AccessControlConstants.P_GLOB.toString(), vf.createValue("/" + nodeName2));
    JackrabbitAccessControlList tmpl = givePrivileges(path, privileges, restrictions);
    /*
         testuser must not be allowed to read AC content at the target node;
         however, retrieving potential AC content at 'childPath' is granted.
        */
    Session testSession = getTestSession();
    AccessControlManager testAcMgr = getTestACManager();
    assertFalse(testAcMgr.hasPrivileges(path, privileges));
    try {
        testAcMgr.getPolicies(path);
        fail("AccessDeniedException expected");
    } catch (AccessDeniedException e) {
    // success.
    }
    assertTrue(testAcMgr.hasPrivileges(childNPath, privileges));
    assertEquals(0, testAcMgr.getPolicies(childNPath).length);
    /* similarly reading the corresponding AC items at 'path' must be forbidden */
    String aclNodePath = null;
    Node n = superuser.getNode(path);
    for (NodeIterator itr = n.getNodes(); itr.hasNext(); ) {
        Node child = itr.nextNode();
        if (child.isNodeType("rep:Policy")) {
            aclNodePath = child.getPath();
        }
    }
    if (aclNodePath == null) {
        fail("Expected node at " + path + " to have an ACL child node.");
    }
    assertFalse(testSession.nodeExists(aclNodePath));
    for (NodeIterator aceNodes = superuser.getNode(aclNodePath).getNodes(); aceNodes.hasNext(); ) {
        Node aceNode = aceNodes.nextNode();
        String aceNodePath = aceNode.getPath();
        assertFalse(testSession.nodeExists(aceNodePath));
        for (PropertyIterator it = aceNode.getProperties(); it.hasNext(); ) {
            assertFalse(testSession.propertyExists(it.nextProperty().getPath()));
        }
    }
}

Example 52 with Value

use of javax.jcr.Value in project jackrabbit by apache.

the class ACLTemplateTest method testInsertionOrder2.

public void testInsertionOrder2() throws Exception {
    JackrabbitAccessControlList pt = createEmptyTemplate(getTestPath());
    Privilege[] readPriv = privilegesFromName(Privilege.JCR_READ);
    Privilege[] writePriv = privilegesFromName(Privilege.JCR_WRITE);
    Privilege[] addNodePriv = privilegesFromName(Privilege.JCR_ADD_CHILD_NODES);
    String restrName = ((SessionImpl) superuser).getJCRName(ACLTemplate.P_GLOB);
    Map<String, Value> restrictions = Collections.singletonMap(restrName, superuser.getValueFactory().createValue("/.*"));
    pt.addEntry(testPrincipal, readPriv, true, emptyRestrictions);
    pt.addEntry(testPrincipal, addNodePriv, true, restrictions);
    pt.addEntry(testPrincipal, writePriv, false, emptyRestrictions);
    AccessControlEntry[] entries = pt.getAccessControlEntries();
    assertTrue(Arrays.equals(readPriv, entries[0].getPrivileges()));
    assertTrue(Arrays.equals(addNodePriv, entries[1].getPrivileges()));
    assertTrue(Arrays.equals(writePriv, entries[2].getPrivileges()));
}

Example 53 with Value

use of javax.jcr.Value in project jackrabbit by apache.

the class ACLTemplateTest method testInsertionOrder.

public void testInsertionOrder() throws Exception {
    JackrabbitAccessControlList pt = createEmptyTemplate(getTestPath());
    Privilege[] readPriv = privilegesFromName(Privilege.JCR_READ);
    Privilege[] writePriv = privilegesFromName(Privilege.JCR_WRITE);
    Privilege[] addNodePriv = privilegesFromName(Privilege.JCR_ADD_CHILD_NODES);
    String restrName = ((SessionImpl) superuser).getJCRName(ACLTemplate.P_GLOB);
    Map<String, Value> restrictions = Collections.singletonMap(restrName, superuser.getValueFactory().createValue("/.*"));
    pt.addEntry(testPrincipal, readPriv, true, emptyRestrictions);
    pt.addEntry(testPrincipal, writePriv, false, emptyRestrictions);
    pt.addEntry(testPrincipal, addNodePriv, true, restrictions);
    AccessControlEntry[] entries = pt.getAccessControlEntries();
    assertTrue(Arrays.equals(readPriv, entries[0].getPrivileges()));
    assertTrue(Arrays.equals(writePriv, entries[1].getPrivileges()));
    assertTrue(Arrays.equals(addNodePriv, entries[2].getPrivileges()));
}

Example 54 with Value

use of javax.jcr.Value in project jackrabbit by apache.

the class EntryTest method testRestrictions.

public void testRestrictions() throws RepositoryException, NotExecutableException {
    // test if restrictions with expanded name are properly resolved
    Map<String, Value> restrictions = new HashMap<String, Value>();
    restrictions.put(ACLTemplate.P_GLOB.toString(), superuser.getValueFactory().createValue("*/test"));
    acl = getPolicy(acMgr, testPath, testUser.getPrincipal());
    acl.addEntry(testUser.getPrincipal(), new Privilege[] { acMgr.privilegeFromName(Privilege.JCR_ALL) }, true, restrictions);
    acMgr.setPolicy(testPath, acl);
    superuser.save();
    Map<String, Boolean> toMatch = new HashMap<String, Boolean>();
    toMatch.put(acl.getPath(), false);
    toMatch.put(acl.getPath() + "test", false);
    toMatch.put(acl.getPath() + "/test", true);
    toMatch.put(acl.getPath() + "/something/test", true);
    toMatch.put(acl.getPath() + "de/test", true);
    NodeImpl aclNode = (NodeImpl) superuser.getNode(acl.getPath() + "/rep:policy");
    List<Entry> entries = Entry.readEntries(aclNode, testRootNode.getPath());
    assertTrue(!entries.isEmpty());
    assertEquals(1, entries.size());
    Entry entry = entries.iterator().next();
    for (String str : toMatch.keySet()) {
        assertEquals("Path to match : " + str, toMatch.get(str).booleanValue(), entry.matches(str));
    }
}

Example 55 with Value

use of javax.jcr.Value in project jackrabbit by apache.

the class ReadTest method testEmptyGlobRestriction2.

/**
     * @see <a href="https://issues.apache.org/jira/browse/OAK-2412">OAK-2412</a>
     */
@Test
public void testEmptyGlobRestriction2() throws Exception {
    Node grandchild = superuser.getNode(childNPath).addNode("child");
    String ccPath = grandchild.getPath();
    superuser.save();
    // first deny access to 'path' (read-access is granted in the test setup)
    Privilege[] read = privilegesFromName(Privilege.JCR_READ);
    withdrawPrivileges(path, read, Collections.EMPTY_MAP);
    Session testSession = getTestSession();
    assertFalse(testSession.nodeExists(path));
    assertFalse(canGetNode(testSession, path));
    assertFalse(testSession.nodeExists(childNPath));
    assertFalse(canGetNode(testSession, childNPath));
    assertFalse(testSession.nodeExists(ccPath));
    assertFalse(canGetNode(testSession, ccPath));
    assertFalse(testSession.propertyExists(childNPath + '/' + JcrConstants.JCR_PRIMARYTYPE));
    Map<String, Value> emptyStringRestriction = new HashMap<String, Value>(getRestrictions(superuser, path));
    emptyStringRestriction.put(AccessControlConstants.P_GLOB.toString(), vf.createValue(""));
    givePrivileges(path, read, emptyStringRestriction);
    assertTrue(testSession.nodeExists(path));
    assertTrue(canGetNode(testSession, path));
    assertFalse(testSession.nodeExists(childNPath));
    assertFalse(canGetNode(testSession, childNPath));
    assertFalse(testSession.nodeExists(ccPath));
    assertFalse(canGetNode(testSession, ccPath));
    assertFalse(testSession.propertyExists(childNPath + '/' + JcrConstants.JCR_PRIMARYTYPE));
}