use of org.apache.jackrabbit.api.security.JackrabbitAccessControlList in project jackrabbit-oak by apache.
the class PermissionHookTest method testReorderAddAndRemoveAces2.
/**
* ACE : 0 1 2 3 4 5 6 7
* Before : tp ev p0 p1 p2 p3
* After : ev p2 p1 p3 p4 p5
*/
@Test
public void testReorderAddAndRemoveAces2() throws Exception {
createPrincipals();
AccessControlManager acMgr = getAccessControlManager(root);
JackrabbitAccessControlList acl = AccessControlUtils.getAccessControlList(acMgr, testPath);
for (int i = 0; i < 4; i++) {
acl.addAccessControlEntry(principals.get(i), privilegesFromNames(JCR_READ));
}
acMgr.setPolicy(testPath, acl);
root.commit();
AccessControlEntry[] aces = acl.getAccessControlEntries();
acl.removeAccessControlEntry(aces[0]);
acl.removeAccessControlEntry(aces[2]);
acl.orderBefore(aces[4], aces[3]);
acl.addAccessControlEntry(principals.get(4), privilegesFromNames(JCR_READ));
acl.addAccessControlEntry(principals.get(5), privilegesFromNames(JCR_READ));
acMgr.setPolicy(testPath, acl);
root.commit();
Tree entry = getEntry(principals.get(2), testPath, 1);
assertIndex(1, entry);
entry = getEntry(principals.get(1), testPath, 2);
assertIndex(2, entry);
}
use of org.apache.jackrabbit.api.security.JackrabbitAccessControlList in project jackrabbit by apache.
the class AbstractACLTemplateTest method testEffect.
public void testEffect() throws RepositoryException, NotExecutableException {
JackrabbitAccessControlList pt = createEmptyTemplate(getTestPath());
Privilege[] read = privilegesFromName(Privilege.JCR_READ);
Privilege[] modProp = privilegesFromName(Privilege.JCR_MODIFY_PROPERTIES);
pt.addAccessControlEntry(testPrincipal, read);
// add deny entry for mod_props
assertTrue(pt.addEntry(testPrincipal, modProp, false, null));
// test net-effect
PrivilegeBits allows = PrivilegeBits.getInstance();
PrivilegeBits denies = PrivilegeBits.getInstance();
AccessControlEntry[] entries = pt.getAccessControlEntries();
for (AccessControlEntry ace : entries) {
if (testPrincipal.equals(ace.getPrincipal()) && ace instanceof JackrabbitAccessControlEntry) {
PrivilegeBits entryBits = privilegeMgr.getBits(ace.getPrivileges());
if (((JackrabbitAccessControlEntry) ace).isAllow()) {
allows.addDifference(entryBits, denies);
} else {
denies.addDifference(entryBits, allows);
}
}
}
assertEquals(privilegeMgr.getBits(read), allows);
assertEquals(privilegeMgr.getBits(modProp), denies);
}
use of org.apache.jackrabbit.api.security.JackrabbitAccessControlList in project jackrabbit by apache.
the class AbstractACLTemplateTest method testAddInvalidEntry2.
public void testAddInvalidEntry2() throws RepositoryException {
JackrabbitAccessControlList pt = createEmptyTemplate(getTestPath());
try {
pt.addAccessControlEntry(testPrincipal, new Privilege[0]);
fail("Adding an ACE with invalid privileges should fail");
} catch (AccessControlException e) {
// success
}
}
use of org.apache.jackrabbit.api.security.JackrabbitAccessControlList in project jackrabbit by apache.
the class AbstractACLTemplateTest method testRemoveInvalidEntry.
public void testRemoveInvalidEntry() throws RepositoryException {
JackrabbitAccessControlList pt = createEmptyTemplate(getTestPath());
try {
pt.removeAccessControlEntry(new JackrabbitAccessControlEntry() {
public boolean isAllow() {
return false;
}
public String[] getRestrictionNames() {
return new String[0];
}
public Value getRestriction(String restrictionName) {
return null;
}
public Value[] getRestrictions(String restrictionName) throws RepositoryException {
return null;
}
public Principal getPrincipal() {
return testPrincipal;
}
public Privilege[] getPrivileges() {
try {
return privilegesFromName(Privilege.JCR_READ);
} catch (Exception e) {
return new Privilege[0];
}
}
});
fail("Passing an unknown ACE should fail");
} catch (AccessControlException e) {
// success
}
}
use of org.apache.jackrabbit.api.security.JackrabbitAccessControlList in project jackrabbit by apache.
the class AccessControlImporterTest method testImportEmptyExistingPolicy.
/**
* Imports an empty resource-based ACL for a policy that already exists.
*
* @throws Exception
*/
public void testImportEmptyExistingPolicy() throws Exception {
NodeImpl target = (NodeImpl) testRootNode;
target = (NodeImpl) target.addNode("test", "test:sameNameSibsFalseChildNodeDefinition");
AccessControlManager acMgr = sImpl.getAccessControlManager();
for (AccessControlPolicyIterator it = acMgr.getApplicablePolicies(target.getPath()); it.hasNext(); ) {
AccessControlPolicy policy = it.nextAccessControlPolicy();
if (policy instanceof AccessControlList) {
acMgr.setPolicy(target.getPath(), policy);
}
}
try {
InputStream in = new ByteArrayInputStream(XML_POLICY_ONLY.getBytes("UTF-8"));
SessionImporter importer = new SessionImporter(target, sImpl, ImportUUIDBehavior.IMPORT_UUID_CREATE_NEW, new PseudoConfig());
ImportHandler ih = new ImportHandler(importer, sImpl);
new ParsingContentHandler(ih).parse(in);
AccessControlPolicy[] policies = acMgr.getPolicies(target.getPath());
assertEquals(1, policies.length);
assertTrue(policies[0] instanceof JackrabbitAccessControlList);
AccessControlEntry[] entries = ((JackrabbitAccessControlList) policies[0]).getAccessControlEntries();
assertEquals(0, entries.length);
} finally {
superuser.refresh(false);
}
}
Aggregations