use of org.apache.jackrabbit.api.security.JackrabbitAccessControlList in project jackrabbit-oak by apache.
the class ConcurrentCreateNodesTest method createACLsForEveryone.
private void createACLsForEveryone(Session session, int numACLs) throws RepositoryException {
AccessControlManager acMgr = session.getAccessControlManager();
Node listenHere = session.getRootNode().addNode("nodes-with-acl");
for (int i = 0; i < numACLs; i++) {
String path = listenHere.addNode("node-" + i).getPath();
JackrabbitAccessControlList acl = AccessControlUtils.getAccessControlList(session, path);
if (acl.isEmpty()) {
Privilege[] privileges = new Privilege[] { acMgr.privilegeFromName(Privilege.JCR_READ) };
if (acl.addAccessControlEntry(EveryonePrincipal.getInstance(), privileges)) {
acMgr.setPolicy(path, acl);
}
}
}
session.save();
}
use of org.apache.jackrabbit.api.security.JackrabbitAccessControlList in project jackrabbit-oak by apache.
the class ConcurrentEveryoneACLTest method beforeSuite.
@Override
public void beforeSuite() throws Exception {
Session session = loginWriter();
AccessControlManager acMgr = session.getAccessControlManager();
Privilege[] privileges = new Privilege[] { acMgr.privilegeFromName(Privilege.JCR_READ), acMgr.privilegeFromName(Privilege.JCR_READ_ACCESS_CONTROL) };
final Node root = session.getRootNode().addNode(ROOT_NODE_NAME, "nt:unstructured");
for (int i = 0; i < NODE_COUNT; i++) {
Node node = root.addNode("node" + i, "nt:unstructured");
for (int j = 0; j < NODE_COUNT; j++) {
Node newNode = node.addNode("node" + j, "nt:unstructured");
JackrabbitAccessControlList acl = AccessControlUtils.getAccessControlList(session, newNode.getPath());
acl.addEntry(EveryonePrincipal.getInstance(), privileges, true);
acMgr.setPolicy(newNode.getPath(), acl);
}
session.save();
}
// deny everyone on root node
JackrabbitAccessControlList acl = AccessControlUtils.getAccessControlList(session, root.getPath());
acl.addEntry(EveryonePrincipal.getInstance(), privileges, false);
acMgr.setPolicy(root.getPath(), acl);
session.save();
final int[] numACEs = new int[1];
ItemVisitor v = new TraversingItemVisitor.Default() {
@Override
protected void entering(Node node, int i) throws RepositoryException {
if (node.isNodeType(AccessControlConstants.NT_REP_ACE)) {
numACEs[0]++;
}
super.entering(node, i);
}
@Override
protected void entering(Property prop, int i) throws RepositoryException {
super.entering(prop, i);
}
};
v.visit(root);
System.out.println("Num ACEs: " + numACEs[0]);
session.logout();
}
use of org.apache.jackrabbit.api.security.JackrabbitAccessControlList in project jackrabbit-oak by apache.
the class ConcurrentReadAccessControlledTreeTest2 method addPolicy.
private void addPolicy(Node node) throws RepositoryException {
AccessControlManager acMgr = node.getSession().getAccessControlManager();
String path = node.getPath();
int level = 0;
if (node.isNodeType(AccessControlConstants.NT_REP_POLICY)) {
level = 1;
} else if (node.isNodeType(AccessControlConstants.NT_REP_ACE)) {
level = 2;
} else if (node.isNodeType(AccessControlConstants.NT_REP_RESTRICTIONS)) {
level = 3;
}
if (level > 0) {
path = Text.getRelativeParent(path, level);
}
JackrabbitAccessControlList acl = AccessControlUtils.getAccessControlList(node.getSession(), path);
if (acl != null) {
Privilege[] privileges = new Privilege[] { acMgr.privilegeFromName(Privilege.JCR_READ), acMgr.privilegeFromName(Privilege.JCR_READ_ACCESS_CONTROL) };
for (Principal principal : principals) {
acl.addAccessControlEntry(principal, privileges);
}
acMgr.setPolicy(path, acl);
adminSession.save();
}
}
use of org.apache.jackrabbit.api.security.JackrabbitAccessControlList in project jackrabbit-oak by apache.
the class ConcurrentReadSinglePolicyTreeTest method visitingNode.
@Override
protected void visitingNode(Node node, int i) throws RepositoryException {
super.visitingNode(node, i);
String path = node.getPath();
AccessControlManager acMgr = node.getSession().getAccessControlManager();
if (testRoot.getPath().equals(path)) {
JackrabbitAccessControlList policy = AccessControlUtils.getAccessControlList(acMgr, path);
if (policy != null) {
policy.addEntry(EveryonePrincipal.getInstance(), AccessControlUtils.privilegesFromNames(acMgr, Privilege.JCR_READ), true);
}
acMgr.setPolicy(path, policy);
} else if (!path.contains("rep:policy")) {
for (AccessControlPolicy policy : acMgr.getPolicies(path)) {
if (policy instanceof JackrabbitAccessControlList) {
acMgr.removePolicy(path, policy);
}
}
}
node.getSession().save();
}
use of org.apache.jackrabbit.api.security.JackrabbitAccessControlList in project jackrabbit-oak by apache.
the class AbstractRemoveMembersByIdTest method removeExistingMemberWithoutAccess.
Set<String> removeExistingMemberWithoutAccess() throws Exception {
AccessControlManager acMgr = getAccessControlManager(root);
JackrabbitAccessControlList acl = AccessControlUtils.getAccessControlList(acMgr, testGroup.getPath());
if (acl != null) {
if (acl.addEntry(getTestUser().getPrincipal(), privilegesFromNames(PrivilegeConstants.JCR_READ, PrivilegeConstants.REP_USER_MANAGEMENT), true)) {
acMgr.setPolicy(testGroup.getPath(), acl);
root.commit();
}
}
String userId = getTestUser().getID();
ContentSession testSession = null;
try {
testSession = login(new SimpleCredentials(userId, userId.toCharArray()));
Root testRoot = testSession.getLatestRoot();
assertFalse(testRoot.getTree(memberGroup.getPath()).exists());
Group gr = getUserManager(testRoot).getAuthorizable(testGroup.getID(), Group.class);
Set<String> failed = gr.removeMembers(memberGroup.getID());
testRoot.commit();
return failed;
} finally {
if (testSession != null) {
testSession.close();
}
}
}
Aggregations