use of org.apache.jackrabbit.api.security.JackrabbitAccessControlEntry in project jackrabbit by apache.
the class ACLTemplateTest method testUpdateEntry.
public void testUpdateEntry() throws RepositoryException, NotExecutableException {
JackrabbitAccessControlList pt = createEmptyTemplate(getTestPath());
Privilege[] readPriv = privilegesFromName(Privilege.JCR_READ);
Privilege[] writePriv = privilegesFromName(Privilege.JCR_WRITE);
Principal principal2 = principalMgr.getEveryone();
pt.addEntry(testPrincipal, readPriv, true, emptyRestrictions);
pt.addEntry(principal2, readPriv, true, emptyRestrictions);
pt.addEntry(testPrincipal, writePriv, false, emptyRestrictions);
// adding an entry that should update the existing allow-entry for everyone.
pt.addEntry(principal2, writePriv, true, emptyRestrictions);
AccessControlEntry[] entries = pt.getAccessControlEntries();
assertEquals(3, entries.length);
JackrabbitAccessControlEntry princ2AllowEntry = (JackrabbitAccessControlEntry) entries[1];
assertEquals(principal2, princ2AllowEntry.getPrincipal());
assertTrue(princ2AllowEntry.isAllow());
assertSamePrivileges(new Privilege[] { readPriv[0], writePriv[0] }, princ2AllowEntry.getPrivileges());
}
use of org.apache.jackrabbit.api.security.JackrabbitAccessControlEntry in project jackrabbit by apache.
the class JackrabbitAccessControlListTest method testAddEntry2.
public void testAddEntry2() throws NotExecutableException, RepositoryException {
Principal princ = getValidPrincipal();
Privilege[] privs = privilegesFromName(PrivilegeRegistry.REP_WRITE);
templ.addEntry(princ, privs, true, Collections.<String, Value>emptyMap());
AccessControlEntry[] entries = templ.getAccessControlEntries();
assertTrue("GrantPrivileges was successful -> at least 1 entry for principal.", entries.length > 0);
PrivilegeBits allows = PrivilegeBits.getInstance();
for (AccessControlEntry en : entries) {
PrivilegeBits bits = privilegeMgr.getBits(en.getPrivileges());
if (en instanceof JackrabbitAccessControlEntry && ((JackrabbitAccessControlEntry) en).isAllow()) {
allows.add(bits);
}
}
assertTrue("After successfully granting WRITE, the entries must reflect this", allows.includes(privilegeMgr.getBits(privs)));
}
use of org.apache.jackrabbit.api.security.JackrabbitAccessControlEntry in project jackrabbit-oak by apache.
the class ACLTest method testNewEntriesAppendedAtEnd.
@Test
public void testNewEntriesAppendedAtEnd() throws Exception {
Privilege[] readPriv = privilegesFromNames(JCR_READ);
Privilege[] writePriv = privilegesFromNames(JCR_WRITE);
acl.addEntry(testPrincipal, readPriv, true);
acl.addEntry(principalManager.getEveryone(), readPriv, true);
acl.addEntry(testPrincipal, writePriv, false);
AccessControlEntry[] entries = acl.getAccessControlEntries();
assertEquals(3, entries.length);
JackrabbitAccessControlEntry last = (JackrabbitAccessControlEntry) entries[2];
assertEquals(testPrincipal, last.getPrincipal());
assertACE(last, false, writePriv);
}
use of org.apache.jackrabbit.api.security.JackrabbitAccessControlEntry in project jackrabbit-oak by apache.
the class ACLTest method testComplementaryGroupEntry.
@Test
public void testComplementaryGroupEntry() throws Exception {
Privilege[] readPriv = privilegesFromNames(JCR_READ);
Privilege[] writePriv = privilegesFromNames(JCR_WRITE);
Principal everyone = principalManager.getEveryone();
acl.addEntry(testPrincipal, readPriv, true);
acl.addEntry(everyone, readPriv, true);
acl.addEntry(testPrincipal, writePriv, false);
acl.addEntry(everyone, writePriv, true);
// entry complementary to the first entry
// -> must remove the allow-READ entry and update the deny-WRITE entry.
acl.addEntry(testPrincipal, readPriv, false);
AccessControlEntry[] entries = acl.getAccessControlEntries();
assertEquals(2, entries.length);
JackrabbitAccessControlEntry first = (JackrabbitAccessControlEntry) entries[0];
assertEquals(everyone, first.getPrincipal());
JackrabbitAccessControlEntry second = (JackrabbitAccessControlEntry) entries[1];
assertEquals(testPrincipal, second.getPrincipal());
assertACE(second, false, privilegesFromNames(JCR_READ, JCR_WRITE));
}
use of org.apache.jackrabbit.api.security.JackrabbitAccessControlEntry in project jackrabbit-oak by apache.
the class ACLTest method testReorderToTheEnd.
@Test
public void testReorderToTheEnd() throws Exception {
Privilege[] read = privilegesFromNames(JCR_READ, JCR_READ_ACCESS_CONTROL);
Privilege[] write = privilegesFromNames(JCR_WRITE);
AbstractAccessControlList acl = createEmptyACL();
acl.addAccessControlEntry(testPrincipal, read);
acl.addEntry(testPrincipal, write, false);
acl.addAccessControlEntry(EveryonePrincipal.getInstance(), write);
List<? extends JackrabbitAccessControlEntry> entries = acl.getEntries();
assertEquals(3, entries.size());
AccessControlEntry first = entries.get(0);
acl.orderBefore(first, null);
List<? extends JackrabbitAccessControlEntry> entriesAfter = acl.getEntries();
assertEquals(first, entriesAfter.get(2));
}
Aggregations