use of org.apache.jackrabbit.api.security.JackrabbitAccessControlEntry in project jackrabbit by apache.
the class JsonDiffHandlerImportTest method testUpdatePolicyNode.
/**
* Test adding 'rep:policy' policy node as a child node of /testroot without
* intermediate node.
*/
public void testUpdatePolicyNode() throws Exception {
try {
AccessControlUtils.addAccessControlEntry(superuser, testRoot, EveryonePrincipal.getInstance(), new String[] { Privilege.JCR_READ }, false);
JsonDiffHandler handler = new JsonDiffHandler(superuser, testRoot, null);
new DiffParser(handler).parse(JSOP_POLICY_TREE);
assertTrue(testRootNode.hasNode("rep:policy"));
assertTrue(testRootNode.getNode("rep:policy").getDefinition().isProtected());
assertTrue(testRootNode.getNode("rep:policy").getPrimaryNodeType().getName().equals("rep:ACL"));
assertPolicy(acMgr, testRootNode, 1);
AccessControlEntry entry = ((AccessControlList) acMgr.getPolicies(testRoot)[0]).getAccessControlEntries()[0];
assertEquals(EveryonePrincipal.NAME, entry.getPrincipal().getName());
assertEquals(1, entry.getPrivileges().length);
assertEquals(acMgr.privilegeFromName(Privilege.JCR_WRITE), entry.getPrivileges()[0]);
if (entry instanceof JackrabbitAccessControlEntry) {
assertTrue(((JackrabbitAccessControlEntry) entry).isAllow());
}
} finally {
superuser.refresh(false);
}
}
use of org.apache.jackrabbit.api.security.JackrabbitAccessControlEntry in project jackrabbit-oak by apache.
the class ImportBesteffortTest method testImportUnknownPrincipal.
@Test
public void testImportUnknownPrincipal() throws Exception {
runImport();
AccessControlManager acMgr = adminSession.getAccessControlManager();
AccessControlPolicy[] policies = acMgr.getPolicies(target.getPath());
assertEquals(1, policies.length);
assertTrue(policies[0] instanceof JackrabbitAccessControlList);
AccessControlEntry[] entries = ((JackrabbitAccessControlList) policies[0]).getAccessControlEntries();
assertEquals(1, entries.length);
AccessControlEntry entry = entries[0];
assertEquals("unknownprincipal", entry.getPrincipal().getName());
assertEquals(1, entry.getPrivileges().length);
assertEquals(acMgr.privilegeFromName(Privilege.JCR_WRITE), entry.getPrivileges()[0]);
if (entry instanceof JackrabbitAccessControlEntry) {
assertTrue(((JackrabbitAccessControlEntry) entry).isAllow());
}
}
use of org.apache.jackrabbit.api.security.JackrabbitAccessControlEntry in project jackrabbit-oak by apache.
the class AccessControlImporterTest method testImportPolicyExists.
/**
* Imports a resource-based ACL containing a single entry for a policy that
* already exists: expected outcome its that the existing ACE is replaced.
*/
public void testImportPolicyExists() throws Exception {
try {
Node target = createImportTargetWithPolicy(EveryonePrincipal.getInstance());
doImport(target.getPath(), XML_POLICY_TREE_2);
AccessControlManager acMgr = superuser.getAccessControlManager();
AccessControlPolicy[] policies = acMgr.getPolicies(target.getPath());
assertEquals(1, policies.length);
assertTrue(policies[0] instanceof JackrabbitAccessControlList);
AccessControlEntry[] entries = ((JackrabbitAccessControlList) policies[0]).getAccessControlEntries();
assertEquals(1, entries.length);
AccessControlEntry entry = entries[0];
assertEquals(EveryonePrincipal.getInstance(), entry.getPrincipal());
List<Privilege> privs = Arrays.asList(entry.getPrivileges());
assertEquals(1, privs.size());
assertEquals(acMgr.privilegeFromName(Privilege.JCR_WRITE), entry.getPrivileges()[0]);
if (entry instanceof JackrabbitAccessControlEntry) {
assertTrue(((JackrabbitAccessControlEntry) entry).isAllow());
}
} finally {
superuser.refresh(false);
}
}
use of org.apache.jackrabbit.api.security.JackrabbitAccessControlEntry in project jackrabbit-oak by apache.
the class ImmutableACLTest method testImmutable.
@Test
public void testImmutable() throws Exception {
List<JackrabbitAccessControlEntry> entries = new ArrayList();
entries.add(createEntry(true, PrivilegeConstants.JCR_READ, PrivilegeConstants.JCR_ADD_CHILD_NODES));
entries.add(createEntry(false, PrivilegeConstants.JCR_LIFECYCLE_MANAGEMENT));
JackrabbitAccessControlList acl = createACL(entries);
assertFalse(acl.isEmpty());
assertEquals(2, acl.size());
assertEquals(getTestPath(), acl.getPath());
assertImmutable(acl);
}
use of org.apache.jackrabbit.api.security.JackrabbitAccessControlEntry in project jackrabbit-oak by apache.
the class L2_AccessControlManagerTest method testSetPolicy.
public void testSetPolicy() throws RepositoryException {
JackrabbitAccessControlList acl = AccessControlUtils.getAccessControlList(acMgr, testRoot);
assertTrue(acl.addEntry(testPrincipal, AccessControlUtils.privilegesFromNames(acMgr, Privilege.JCR_READ), false));
// EXERCISE: fix the test.
assertFalse(acMgr.getApplicablePolicies(testRoot).hasNext());
AccessControlPolicy[] policies = acMgr.getPolicies(testRoot);
assertEquals(1, policies.length);
assertTrue(policies[0] instanceof JackrabbitAccessControlList);
JackrabbitAccessControlList acl2 = (JackrabbitAccessControlList) policies[0];
assertFalse(acl2.isEmpty());
assertEquals(1, acl2.size());
AccessControlEntry ace = acl2.getAccessControlEntries()[0];
assertTrue(ace instanceof JackrabbitAccessControlEntry);
assertEquals(testPrincipal, ace.getPrincipal());
assertFalse(((JackrabbitAccessControlEntry) ace).isAllow());
}
Aggregations