use of org.apache.jackrabbit.api.security.JackrabbitAccessControlList in project jackrabbit-oak by apache.
the class VersionStorageTest method after.
@Override
public void after() throws Exception {
AccessControlManager acMgr = getAccessControlManager(root);
JackrabbitAccessControlList acl = AccessControlUtils.getAccessControlList(acMgr, "/");
for (AccessControlEntry ace : acl.getAccessControlEntries()) {
if (testPrincipal.equals(ace.getPrincipal())) {
acl.removeAccessControlEntry(ace);
}
}
acMgr.setPolicy("/", acl);
root.commit();
}
use of org.apache.jackrabbit.api.security.JackrabbitAccessControlList in project jackrabbit-oak by apache.
the class PermissionHookTest method testReorderAddAndRemoveAces2.
/**
* ACE : 0 1 2 3 4 5 6 7
* Before : tp ev p0 p1 p2 p3
* After : ev p2 p1 p3 p4 p5
*/
@Test
public void testReorderAddAndRemoveAces2() throws Exception {
createPrincipals();
AccessControlManager acMgr = getAccessControlManager(root);
JackrabbitAccessControlList acl = AccessControlUtils.getAccessControlList(acMgr, testPath);
for (int i = 0; i < 4; i++) {
acl.addAccessControlEntry(principals.get(i), privilegesFromNames(JCR_READ));
}
acMgr.setPolicy(testPath, acl);
root.commit();
AccessControlEntry[] aces = acl.getAccessControlEntries();
acl.removeAccessControlEntry(aces[0]);
acl.removeAccessControlEntry(aces[2]);
acl.orderBefore(aces[4], aces[3]);
acl.addAccessControlEntry(principals.get(4), privilegesFromNames(JCR_READ));
acl.addAccessControlEntry(principals.get(5), privilegesFromNames(JCR_READ));
acMgr.setPolicy(testPath, acl);
root.commit();
Tree entry = getEntry(principals.get(2), testPath, 1);
assertIndex(1, entry);
entry = getEntry(principals.get(1), testPath, 2);
assertIndex(2, entry);
}
use of org.apache.jackrabbit.api.security.JackrabbitAccessControlList in project jackrabbit by apache.
the class AbstractACLTemplateTest method testEffect.
public void testEffect() throws RepositoryException, NotExecutableException {
JackrabbitAccessControlList pt = createEmptyTemplate(getTestPath());
Privilege[] read = privilegesFromName(Privilege.JCR_READ);
Privilege[] modProp = privilegesFromName(Privilege.JCR_MODIFY_PROPERTIES);
pt.addAccessControlEntry(testPrincipal, read);
// add deny entry for mod_props
assertTrue(pt.addEntry(testPrincipal, modProp, false, null));
// test net-effect
PrivilegeBits allows = PrivilegeBits.getInstance();
PrivilegeBits denies = PrivilegeBits.getInstance();
AccessControlEntry[] entries = pt.getAccessControlEntries();
for (AccessControlEntry ace : entries) {
if (testPrincipal.equals(ace.getPrincipal()) && ace instanceof JackrabbitAccessControlEntry) {
PrivilegeBits entryBits = privilegeMgr.getBits(ace.getPrivileges());
if (((JackrabbitAccessControlEntry) ace).isAllow()) {
allows.addDifference(entryBits, denies);
} else {
denies.addDifference(entryBits, allows);
}
}
}
assertEquals(privilegeMgr.getBits(read), allows);
assertEquals(privilegeMgr.getBits(modProp), denies);
}
use of org.apache.jackrabbit.api.security.JackrabbitAccessControlList in project jackrabbit by apache.
the class AbstractACLTemplateTest method testAddInvalidEntry2.
public void testAddInvalidEntry2() throws RepositoryException {
JackrabbitAccessControlList pt = createEmptyTemplate(getTestPath());
try {
pt.addAccessControlEntry(testPrincipal, new Privilege[0]);
fail("Adding an ACE with invalid privileges should fail");
} catch (AccessControlException e) {
// success
}
}
use of org.apache.jackrabbit.api.security.JackrabbitAccessControlList in project jackrabbit by apache.
the class AbstractACLTemplateTest method testRemoveInvalidEntry.
public void testRemoveInvalidEntry() throws RepositoryException {
JackrabbitAccessControlList pt = createEmptyTemplate(getTestPath());
try {
pt.removeAccessControlEntry(new JackrabbitAccessControlEntry() {
public boolean isAllow() {
return false;
}
public String[] getRestrictionNames() {
return new String[0];
}
public Value getRestriction(String restrictionName) {
return null;
}
public Value[] getRestrictions(String restrictionName) throws RepositoryException {
return null;
}
public Principal getPrincipal() {
return testPrincipal;
}
public Privilege[] getPrivileges() {
try {
return privilegesFromName(Privilege.JCR_READ);
} catch (Exception e) {
return new Privilege[0];
}
}
});
fail("Passing an unknown ACE should fail");
} catch (AccessControlException e) {
// success
}
}
Aggregations