use of org.apache.jackrabbit.api.security.JackrabbitAccessControlPolicy in project jackrabbit by apache.
the class WriteTest method testEditor2.
public void testEditor2() throws NotExecutableException, RepositoryException {
UserManager uMgr = getUserManager(superuser);
User u = null;
User u2 = null;
try {
u = uMgr.createUser("t", "t");
u2 = uMgr.createUser("tt", "tt", new TestPrincipal("tt"), "t/tt");
if (!uMgr.isAutoSave()) {
superuser.save();
}
Principal p = u.getPrincipal();
Principal p2 = u2.getPrincipal();
if (p instanceof ItemBasedPrincipal && p2 instanceof ItemBasedPrincipal && Text.isDescendant(((ItemBasedPrincipal) p).getPath(), ((ItemBasedPrincipal) p2).getPath())) {
JackrabbitAccessControlManager acMgr = (JackrabbitAccessControlManager) getAccessControlManager(superuser);
JackrabbitAccessControlPolicy[] acls = acMgr.getApplicablePolicies(p2);
acMgr.setPolicy(acls[0].getPath(), acls[0]);
acls = acMgr.getApplicablePolicies(p);
String path = acls[0].getPath();
Node n = superuser.getNode(path);
assertEquals("rep:PrincipalAccessControl", n.getPrimaryNodeType().getName());
} else {
throw new NotExecutableException();
}
} finally {
superuser.refresh(false);
if (u2 != null)
u2.remove();
if (u != null)
u.remove();
if (!uMgr.isAutoSave()) {
superuser.save();
}
}
}
use of org.apache.jackrabbit.api.security.JackrabbitAccessControlPolicy in project jackrabbit by apache.
the class WriteTest method testEditor.
public void testEditor() throws NotExecutableException, RepositoryException {
UserManager uMgr = getUserManager(superuser);
User u = null;
try {
u = uMgr.createUser("t", "t");
if (!uMgr.isAutoSave()) {
superuser.save();
}
Principal p = u.getPrincipal();
JackrabbitAccessControlManager acMgr = (JackrabbitAccessControlManager) getAccessControlManager(superuser);
JackrabbitAccessControlPolicy[] acls = acMgr.getApplicablePolicies(p);
assertEquals(1, acls.length);
assertTrue(acls[0] instanceof ACLTemplate);
// access again
acls = acMgr.getApplicablePolicies(p);
assertEquals(1, acls.length);
assertEquals(1, acMgr.getApplicablePolicies(acls[0].getPath()).getSize());
assertEquals(0, acMgr.getPolicies(p).length);
assertEquals(0, acMgr.getPolicies(acls[0].getPath()).length);
acMgr.setPolicy(acls[0].getPath(), acls[0]);
assertEquals(0, acMgr.getApplicablePolicies(p).length);
assertEquals(1, acMgr.getPolicies(p).length);
assertEquals(1, acMgr.getPolicies(acls[0].getPath()).length);
} finally {
superuser.refresh(false);
if (u != null) {
u.remove();
if (!uMgr.isAutoSave()) {
superuser.save();
}
}
}
}
use of org.apache.jackrabbit.api.security.JackrabbitAccessControlPolicy in project jackrabbit by apache.
the class EffectivePolicyTest method testGetEffectivePoliciesByPrincipal.
public void testGetEffectivePoliciesByPrincipal() throws Exception {
Privilege[] privileges = privilegesFromNames(new String[] { Privilege.JCR_READ_ACCESS_CONTROL });
JackrabbitAccessControlManager jacMgr = (JackrabbitAccessControlManager) acMgr;
Principal everyone = ((SessionImpl) superuser).getPrincipalManager().getEveryone();
AccessControlPolicy[] acp = jacMgr.getEffectivePolicies(Collections.singleton(everyone));
assertNotNull(acp);
assertEquals(1, acp.length);
assertTrue(acp[0] instanceof JackrabbitAccessControlPolicy);
JackrabbitAccessControlPolicy jacp = (JackrabbitAccessControlPolicy) acp[0];
assertFalse(jacMgr.hasPrivileges(jacp.getPath(), Collections.singleton(testUser.getPrincipal()), privileges));
assertFalse(jacMgr.hasPrivileges(jacp.getPath(), Collections.singleton(everyone), privileges));
acp = jacMgr.getApplicablePolicies(testUser.getPrincipal());
if (acp.length == 0) {
acp = jacMgr.getPolicies(testUser.getPrincipal());
}
assertNotNull(acp);
assertEquals(1, acp.length);
assertTrue(acp[0] instanceof JackrabbitAccessControlList);
// let testuser read the ACL defined for 'testUser' principal.
JackrabbitAccessControlList acl = (JackrabbitAccessControlList) acp[0];
acl.addEntry(testUser.getPrincipal(), privileges, true, getRestrictions(superuser, acl.getPath()));
jacMgr.setPolicy(acl.getPath(), acl);
superuser.save();
Session testSession = getTestSession();
AccessControlManager testAcMgr = getTestACManager();
// effective policies for testPrinicpal only on path -> must succeed.
((JackrabbitAccessControlManager) testAcMgr).getEffectivePolicies(Collections.singleton(testUser.getPrincipal()));
// effective policies for a combination of principals -> must fail
try {
((JackrabbitAccessControlManager) testAcMgr).getEffectivePolicies(((SessionImpl) testSession).getSubject().getPrincipals());
fail();
} catch (AccessDeniedException e) {
// success
}
}
use of org.apache.jackrabbit.api.security.JackrabbitAccessControlPolicy in project jackrabbit-oak by apache.
the class AccessControlManagerImplTest method testSetPrincipalPolicy.
//-----------------------------------------------< setPrincipalPolicy() >---
@Test
public void testSetPrincipalPolicy() throws Exception {
JackrabbitAccessControlPolicy[] applicable = acMgr.getApplicablePolicies(testPrincipal);
assertNotNull(applicable);
assertEquals(1, applicable.length);
assertTrue(applicable[0] instanceof ACL);
ACL acl = (ACL) applicable[0];
Value pathValue = getValueFactory().createValue(testPath, PropertyType.PATH);
assertTrue(acl.addEntry(testPrincipal, testPrivileges, true, Collections.singletonMap(REP_NODE_PATH, pathValue)));
acMgr.setPolicy(acl.getPath(), acl);
root.commit();
Root root2 = adminSession.getLatestRoot();
AccessControlPolicy[] policies = getAccessControlManager(root2).getPolicies(testPath);
assertEquals(1, policies.length);
assertEquals(1, ((ACL) policies[0]).getAccessControlEntries().length);
policies = getAccessControlManager(root2).getPolicies(testPrincipal);
assertEquals(1, policies.length);
assertArrayEquals(acl.getAccessControlEntries(), ((ACL) policies[0]).getAccessControlEntries());
}
use of org.apache.jackrabbit.api.security.JackrabbitAccessControlPolicy in project jackrabbit-oak by apache.
the class AccessControlManagerImplTest method testSetPrincipalPolicyWithNewMvRestriction.
@Test
public void testSetPrincipalPolicyWithNewMvRestriction() throws Exception {
setupPolicy(testPath);
root.commit();
JackrabbitAccessControlPolicy[] policies = acMgr.getPolicies(testPrincipal);
ACL acl = (ACL) policies[0];
Map<String, Value> restrictions = new HashMap();
restrictions.put(REP_NODE_PATH, getValueFactory().createValue(testPath, PropertyType.PATH));
Map<String, Value[]> mvRestrictions = new HashMap();
ValueFactory vf = getValueFactory(root);
Value[] restrValues = new Value[] { vf.createValue("itemname", PropertyType.NAME), vf.createValue("propName", PropertyType.NAME) };
mvRestrictions.put(REP_ITEM_NAMES, restrValues);
assertTrue(acl.addEntry(testPrincipal, testPrivileges, true, restrictions, mvRestrictions));
acMgr.setPolicy(acl.getPath(), acl);
AccessControlEntry[] entries = ((ACL) acMgr.getPolicies(testPath)[0]).getAccessControlEntries();
assertEquals(2, entries.length);
ACE newEntry = (ACE) entries[1];
assertEquals(1, newEntry.getRestrictions().size());
assertArrayEquals(restrValues, newEntry.getRestrictions(REP_ITEM_NAMES));
}
Aggregations