use of javax.jcr.security.AccessControlManager in project jackrabbit-oak by apache.
the class ConcurrentReadAccessControlledTreeTest2 method addPolicy.
private void addPolicy(Node node) throws RepositoryException {
AccessControlManager acMgr = node.getSession().getAccessControlManager();
String path = node.getPath();
int level = 0;
if (node.isNodeType(AccessControlConstants.NT_REP_POLICY)) {
level = 1;
} else if (node.isNodeType(AccessControlConstants.NT_REP_ACE)) {
level = 2;
} else if (node.isNodeType(AccessControlConstants.NT_REP_RESTRICTIONS)) {
level = 3;
}
if (level > 0) {
path = Text.getRelativeParent(path, level);
}
JackrabbitAccessControlList acl = AccessControlUtils.getAccessControlList(node.getSession(), path);
if (acl != null) {
Privilege[] privileges = new Privilege[] { acMgr.privilegeFromName(Privilege.JCR_READ), acMgr.privilegeFromName(Privilege.JCR_READ_ACCESS_CONTROL) };
for (Principal principal : principals) {
acl.addAccessControlEntry(principal, privileges);
}
acMgr.setPolicy(path, acl);
adminSession.save();
}
}
use of javax.jcr.security.AccessControlManager in project jackrabbit-oak by apache.
the class ConcurrentReadSinglePolicyTreeTest method visitingNode.
@Override
protected void visitingNode(Node node, int i) throws RepositoryException {
super.visitingNode(node, i);
String path = node.getPath();
AccessControlManager acMgr = node.getSession().getAccessControlManager();
if (testRoot.getPath().equals(path)) {
JackrabbitAccessControlList policy = AccessControlUtils.getAccessControlList(acMgr, path);
if (policy != null) {
policy.addEntry(EveryonePrincipal.getInstance(), AccessControlUtils.privilegesFromNames(acMgr, Privilege.JCR_READ), true);
}
acMgr.setPolicy(path, policy);
} else if (!path.contains("rep:policy")) {
for (AccessControlPolicy policy : acMgr.getPolicies(path)) {
if (policy instanceof JackrabbitAccessControlList) {
acMgr.removePolicy(path, policy);
}
}
}
node.getSession().save();
}
use of javax.jcr.security.AccessControlManager in project jackrabbit-oak by apache.
the class ItemNameRestrictionTest method testRemoveTree2.
@Test
public void testRemoveTree2() throws Exception {
AccessControlManager acMgr = getAccessControlManager(root);
JackrabbitAccessControlList acl = AccessControlUtils.getAccessControlList(acMgr, "/a");
acl.addEntry(testPrincipal, privilegesFromNames(PrivilegeConstants.JCR_READ, PrivilegeConstants.JCR_REMOVE_CHILD_NODES), true);
acMgr.setPolicy(acl.getPath(), acl);
root.commit();
Root testRoot = testSession.getLatestRoot();
List<String> paths = ImmutableList.of("/a/d/b/e/c", "/a/d/b");
for (String p : paths) {
testRoot.getTree(p).remove();
testRoot.commit();
}
try {
testRoot.getTree("/a").remove();
testRoot.commit();
fail();
} catch (CommitFailedException e) {
// success
assertTrue(e.isAccessViolation());
} finally {
testRoot.refresh();
}
}
use of javax.jcr.security.AccessControlManager in project jackrabbit-oak by apache.
the class PermissionTest method addEntry.
private void addEntry(String path, boolean grant, String restriction, String... privilegeNames) throws Exception {
AccessControlManager acMgr = getAccessControlManager(root);
JackrabbitAccessControlList acl = AccessControlUtils.getAccessControlList(acMgr, path);
if (restriction.length() > 0) {
Map<String, Value> rs = new HashMap<String, Value>();
rs.put("rep:glob", new StringValue(restriction));
acl.addEntry(testPrincipal, AccessControlUtils.privilegesFromNames(acMgr, privilegeNames), grant, rs);
} else {
acl.addEntry(testPrincipal, AccessControlUtils.privilegesFromNames(acMgr, privilegeNames), grant);
}
acMgr.setPolicy(path, acl);
root.commit();
}
use of javax.jcr.security.AccessControlManager in project jackrabbit-oak by apache.
the class ItemNameRestrictionTest method before.
@Override
public void before() throws Exception {
super.before();
Tree rootTree = root.getTree("/");
NodeUtil f = new NodeUtil(rootTree).getOrAddTree("a/d/b/e/c/f", NodeTypeConstants.NT_OAK_UNSTRUCTURED);
NodeUtil c = f.getParent();
c.setString("prop", "value");
c.setString("a", "value");
testPrincipal = getTestUser().getPrincipal();
AccessControlManager acMgr = getAccessControlManager(root);
JackrabbitAccessControlList acl = AccessControlUtils.getAccessControlList(acMgr, "/a");
vf = new ValueFactoryImpl(root, NamePathMapper.DEFAULT);
acl.addEntry(testPrincipal, privilegesFromNames(PrivilegeConstants.JCR_READ, PrivilegeConstants.REP_ADD_PROPERTIES, PrivilegeConstants.JCR_ADD_CHILD_NODES, PrivilegeConstants.JCR_REMOVE_NODE), true, Collections.<String, Value>emptyMap(), ImmutableMap.of(AccessControlConstants.REP_ITEM_NAMES, new Value[] { vf.createValue("a", PropertyType.NAME), vf.createValue("b", PropertyType.NAME), vf.createValue("c", PropertyType.NAME) }));
acMgr.setPolicy(acl.getPath(), acl);
UserManager uMgr = getUserManager(root);
testGroup = uMgr.createGroup("testGroup" + UUID.randomUUID());
root.commit();
testSession = createTestSession();
}
Aggregations