use of javax.jcr.security.AccessControlEntry in project jackrabbit by apache.
the class ACLTemplateTest method testInsertionOrder.
public void testInsertionOrder() throws Exception {
JackrabbitAccessControlList pt = createEmptyTemplate(getTestPath());
Privilege[] readPriv = privilegesFromName(Privilege.JCR_READ);
Privilege[] writePriv = privilegesFromName(Privilege.JCR_WRITE);
Privilege[] addNodePriv = privilegesFromName(Privilege.JCR_ADD_CHILD_NODES);
String restrName = ((SessionImpl) superuser).getJCRName(ACLTemplate.P_GLOB);
Map<String, Value> restrictions = Collections.singletonMap(restrName, superuser.getValueFactory().createValue("/.*"));
pt.addEntry(testPrincipal, readPriv, true, emptyRestrictions);
pt.addEntry(testPrincipal, writePriv, false, emptyRestrictions);
pt.addEntry(testPrincipal, addNodePriv, true, restrictions);
AccessControlEntry[] entries = pt.getAccessControlEntries();
assertTrue(Arrays.equals(readPriv, entries[0].getPrivileges()));
assertTrue(Arrays.equals(writePriv, entries[1].getPrivileges()));
assertTrue(Arrays.equals(addNodePriv, entries[2].getPrivileges()));
}
use of javax.jcr.security.AccessControlEntry in project jackrabbit by apache.
the class ACLTemplateTest method testMultipleEntryEffect2.
public void testMultipleEntryEffect2() throws RepositoryException, NotExecutableException {
Privilege repwrite = getAccessControlManager(superuser).privilegeFromName(PrivilegeRegistry.REP_WRITE);
JackrabbitAccessControlList pt = createEmptyTemplate(getTestPath());
pt.addAccessControlEntry(testPrincipal, new Privilege[] { repwrite });
// add deny entry for mod_props
Privilege modProperties = getAccessControlManager(superuser).privilegeFromName(Privilege.JCR_MODIFY_PROPERTIES);
assertTrue(pt.addEntry(testPrincipal, new Privilege[] { modProperties }, false, null));
// net-effect: 2 entries with the allow entry being adjusted
assertTrue(pt.size() == 2);
AccessControlEntry[] entries = pt.getAccessControlEntries();
for (AccessControlEntry entry1 : entries) {
ACLTemplate.Entry entry = (ACLTemplate.Entry) entry1;
PrivilegeBits privs = entry.getPrivilegeBits();
if (entry.isAllow()) {
Privilege[] result = privilegesFromNames(new String[] { Privilege.JCR_ADD_CHILD_NODES, Privilege.JCR_NODE_TYPE_MANAGEMENT, Privilege.JCR_REMOVE_CHILD_NODES, Privilege.JCR_REMOVE_NODE });
PrivilegeBits bits = privilegeMgr.getBits(result);
assertEquals(privs, bits);
} else {
assertEquals(privs, privilegeMgr.getBits(modProperties));
}
}
}
use of javax.jcr.security.AccessControlEntry in project jackrabbit by apache.
the class JackrabbitAccessControlListTest method testAddEntry2.
public void testAddEntry2() throws NotExecutableException, RepositoryException {
Principal princ = getValidPrincipal();
Privilege[] privs = privilegesFromName(PrivilegeRegistry.REP_WRITE);
templ.addEntry(princ, privs, true, Collections.<String, Value>emptyMap());
AccessControlEntry[] entries = templ.getAccessControlEntries();
assertTrue("GrantPrivileges was successful -> at least 1 entry for principal.", entries.length > 0);
PrivilegeBits allows = PrivilegeBits.getInstance();
for (AccessControlEntry en : entries) {
PrivilegeBits bits = privilegeMgr.getBits(en.getPrivileges());
if (en instanceof JackrabbitAccessControlEntry && ((JackrabbitAccessControlEntry) en).isAllow()) {
allows.add(bits);
}
}
assertTrue("After successfully granting WRITE, the entries must reflect this", allows.includes(privilegeMgr.getBits(privs)));
}
use of javax.jcr.security.AccessControlEntry in project jackrabbit-oak by apache.
the class AccessControlManagerImplTest method testModifyExistingPolicy.
@Test
public void testModifyExistingPolicy() throws Exception {
ACL acl = getApplicablePolicy(testPath);
assertTrue(acl.addAccessControlEntry(testPrincipal, testPrivileges));
AccessControlEntry allowTest = acl.getAccessControlEntries()[0];
acMgr.setPolicy(testPath, acl);
root.commit();
acl = (ACL) acMgr.getPolicies(testPath)[0];
assertTrue(acl.addEntry(EveryonePrincipal.getInstance(), testPrivileges, false, getGlobRestriction("*/something")));
AccessControlEntry[] aces = acl.getAccessControlEntries();
assertEquals(2, aces.length);
AccessControlEntry denyEveryone = aces[1];
assertEquals(EveryonePrincipal.getInstance(), denyEveryone.getPrincipal());
acl.orderBefore(denyEveryone, allowTest);
acMgr.setPolicy(testPath, acl);
root.commit();
acl = (ACL) acMgr.getPolicies(testPath)[0];
aces = acl.getAccessControlEntries();
assertEquals(2, aces.length);
assertEquals(denyEveryone, aces[0]);
assertEquals(allowTest, aces[1]);
Privilege[] readAc = new Privilege[] { acMgr.privilegeFromName(PrivilegeConstants.JCR_READ_ACCESS_CONTROL) };
assertTrue(acl.addEntry(testPrincipal, readAc, false, Collections.<String, Value>emptyMap()));
assertEquals(3, acl.size());
AccessControlEntry denyTest = acl.getAccessControlEntries()[2];
acl.orderBefore(denyTest, allowTest);
acMgr.setPolicy(testPath, acl);
acl = (ACL) acMgr.getPolicies(testPath)[0];
aces = acl.getAccessControlEntries();
assertEquals(3, aces.length);
assertEquals(denyEveryone, aces[0]);
assertEquals(denyTest, aces[1]);
assertEquals(allowTest, aces[2]);
}
use of javax.jcr.security.AccessControlEntry in project jackrabbit-oak by apache.
the class AccessControlManagerImplTest method testSetPrincipalPolicyWithNewMvRestriction.
@Test
public void testSetPrincipalPolicyWithNewMvRestriction() throws Exception {
setupPolicy(testPath);
root.commit();
JackrabbitAccessControlPolicy[] policies = acMgr.getPolicies(testPrincipal);
ACL acl = (ACL) policies[0];
Map<String, Value> restrictions = new HashMap();
restrictions.put(REP_NODE_PATH, getValueFactory().createValue(testPath, PropertyType.PATH));
Map<String, Value[]> mvRestrictions = new HashMap();
ValueFactory vf = getValueFactory(root);
Value[] restrValues = new Value[] { vf.createValue("itemname", PropertyType.NAME), vf.createValue("propName", PropertyType.NAME) };
mvRestrictions.put(REP_ITEM_NAMES, restrValues);
assertTrue(acl.addEntry(testPrincipal, testPrivileges, true, restrictions, mvRestrictions));
acMgr.setPolicy(acl.getPath(), acl);
AccessControlEntry[] entries = ((ACL) acMgr.getPolicies(testPath)[0]).getAccessControlEntries();
assertEquals(2, entries.length);
ACE newEntry = (ACE) entries[1];
assertEquals(1, newEntry.getRestrictions().size());
assertArrayEquals(restrValues, newEntry.getRestrictions(REP_ITEM_NAMES));
}
Aggregations