use of javax.jcr.security.Privilege in project jackrabbit-oak by apache.
the class PrivilegeManagerTest method testGetPrivilege.
@Test
public void testGetPrivilege() throws RepositoryException {
Set<String> aggregatedPrivilegeNames = ImmutableSet.of("jcr:read", "jcr:modifyProperties", "jcr:write", "rep:write", "jcr:all");
for (Privilege priv : privilegeManager.getRegisteredPrivileges()) {
String privName = priv.getName();
boolean isAggregate = aggregatedPrivilegeNames.contains(privName);
assertPrivilege(priv, privName, isAggregate, false);
}
}
use of javax.jcr.security.Privilege in project jackrabbit-oak by apache.
the class L3_PrecedenceRulesTest method testAceOrder.
public void testAceOrder() throws RepositoryException {
assertFalse(testSession.nodeExists(testRoot));
Privilege[] readPrivs = AccessControlUtils.privilegesFromNames(superuser, Privilege.JCR_READ);
// EXERCISE: fix the permission setup such that the test success without dropping either ACE
JackrabbitAccessControlList acl = AccessControlUtils.getAccessControlList(superuser, testRoot);
acl.addEntry(testGroupPrincipal, readPrivs, true);
acl.addEntry(EveryonePrincipal.getInstance(), readPrivs, false);
superuser.getAccessControlManager().setPolicy(acl.getPath(), acl);
superuser.save();
testSession.refresh(false);
assertTrue(testSession.nodeExists(testRoot));
assertTrue(testSession.propertyExists(propertyPath));
}
use of javax.jcr.security.Privilege in project jackrabbit-oak by apache.
the class L4_PrivilegesAndPermissionsTest method testAddNodes.
public void testAddNodes() throws Exception {
// grant the test principal jcr:addChildNode privilege at 'childPath'
AccessControlUtils.addAccessControlEntry(superuser, childPath, testPrincipal, new String[] { Privilege.JCR_ADD_CHILD_NODES }, true);
superuser.save();
Session userSession = createTestSession();
// EXERCISE: fill in the expected return values for Session.hasPermission as performed below
// EXERCISE: verify that the test passes and explain the individual results
Map<String, Boolean> pathHasPermissionMap = ImmutableMap.of(testRootNode.getPath(), null, childPath, null, childPath + "/toCreate", null, grandChildPath + "/nextGeneration", null, propertyPath, null);
for (String path : pathHasPermissionMap.keySet()) {
boolean expectedHasPermission = pathHasPermissionMap.get(path);
assertEquals(expectedHasPermission, userSession.hasPermission(path, Session.ACTION_ADD_NODE));
}
// EXERCISE: fill in the expected return values for AccessControlManager#getPrivileges as performed below
// EXERCISE: verify that the test passes and compare the results with your findings from the permission-discovery
Map<String, Privilege[]> pathPrivilegesMap = ImmutableMap.of(testRootNode.getPath(), null, childPath, null, childPath + "/toCreate", null, grandChildPath + "/nextGeneration", null);
for (String path : pathPrivilegesMap.keySet()) {
Privilege[] expectedPrivileges = pathPrivilegesMap.get(path);
assertEquals(ImmutableSet.of(expectedPrivileges), ImmutableSet.of(userSession.getAccessControlManager().getPrivileges(path)));
}
// EXERCISE: optionally add nodes at the expected allowed path(s)
// EXERCISE: using 'userSession' to verify that it actually works and
// EXERCISE: save the changes to trigger the evaluation
}
use of javax.jcr.security.Privilege in project jackrabbit-oak by apache.
the class L4_PrivilegesAndPermissionsTest method testRemoveNodes.
public void testRemoveNodes() throws Exception {
// EXERCISE: setup the correct set of privileges such that the test passes
superuser.save();
Map<String, Boolean> pathHasPermissionMap = ImmutableMap.of(testRootNode.getPath(), false, childPath, false, grandChildPath, true);
Session userSession = createTestSession();
for (String path : pathHasPermissionMap.keySet()) {
boolean expectedHasPermission = pathHasPermissionMap.get(path);
assertEquals(expectedHasPermission, userSession.hasPermission(path, Session.ACTION_REMOVE));
}
AccessControlManager acMgr = userSession.getAccessControlManager();
assertFalse(acMgr.hasPrivileges(childPath, new Privilege[] { acMgr.privilegeFromName(Privilege.JCR_REMOVE_NODE) }));
userSession.getNode(grandChildPath).remove();
userSession.save();
}
use of javax.jcr.security.Privilege in project jackrabbit-oak by apache.
the class L7_PrivilegeDiscoveryTest method testGetPrivilegesForPrincipalsUserSession.
public void testGetPrivilegesForPrincipalsUserSession() throws Exception {
JackrabbitAccessControlManager acMgr = (JackrabbitAccessControlManager) userSession.getAccessControlManager();
// EXERCISE: complete the test case and explain the behaviour
Privilege[] privs = acMgr.getPrivileges(testPath, ImmutableSet.of(gPrincipal));
Set<Privilege> expectedPrivs = null;
assertEquals(expectedPrivs, ImmutableSet.copyOf(privs));
}
Aggregations