use of org.apache.jackrabbit.api.security.JackrabbitAccessControlPolicy in project jackrabbit-oak by apache.
the class AccessControlManagerImplTest method testRemovePrincipalPolicy.
//--------------------------------------------< removePrincipalPolicy() >---
@Test
public void testRemovePrincipalPolicy() throws Exception {
JackrabbitAccessControlPolicy[] applicable = acMgr.getApplicablePolicies(testPrincipal);
assertNotNull(applicable);
assertEquals(1, applicable.length);
assertTrue(applicable[0] instanceof ACL);
ACL acl = (ACL) applicable[0];
Value pathValue = getValueFactory().createValue(testPath, PropertyType.PATH);
assertTrue(acl.addEntry(testPrincipal, testPrivileges, true, Collections.singletonMap(REP_NODE_PATH, pathValue)));
acMgr.setPolicy(acl.getPath(), acl);
root.commit();
acMgr.removePolicy(acl.getPath(), acl);
root.commit();
assertEquals(0, acMgr.getPolicies(testPrincipal).length);
assertEquals(0, acMgr.getPolicies(testPath).length);
}
use of org.apache.jackrabbit.api.security.JackrabbitAccessControlPolicy in project jackrabbit-oak by apache.
the class AccessControlManagerImplTest method testEffectiveSorting.
@Test
public void testEffectiveSorting() throws Exception {
Set<Principal> principalSet = ImmutableSet.of(testPrincipal, EveryonePrincipal.getInstance());
ACL nullPathPolicy = null;
try {
// 1. policy at 'testPath'
ACL policy = getApplicablePolicy(testPath);
policy.addEntry(testPrincipal, testPrivileges, true, getGlobRestriction("*"));
policy.addEntry(testPrincipal, privilegesFromNames(PrivilegeConstants.JCR_VERSION_MANAGEMENT), false);
policy.addEntry(EveryonePrincipal.getInstance(), privilegesFromNames(PrivilegeConstants.JCR_LIFECYCLE_MANAGEMENT), false);
acMgr.setPolicy(testPath, policy);
// 2. policy at child node
NodeUtil child = new NodeUtil(root.getTree(testPath)).addChild("child", JcrConstants.NT_UNSTRUCTURED);
String childPath = child.getTree().getPath();
setupPolicy(childPath);
// 3. policy for null-path
nullPathPolicy = getApplicablePolicy(null);
assertNotNull(nullPathPolicy);
nullPathPolicy.addEntry(testPrincipal, privilegesFromNames(PrivilegeConstants.REP_PRIVILEGE_MANAGEMENT), true);
acMgr.setPolicy(null, nullPathPolicy);
root.commit();
AccessControlPolicy[] effectivePolicies = acMgr.getEffectivePolicies(principalSet);
assertEquals(3, effectivePolicies.length);
assertNull(((JackrabbitAccessControlPolicy) effectivePolicies[0]).getPath());
assertEquals(testPath, ((JackrabbitAccessControlPolicy) effectivePolicies[1]).getPath());
assertEquals(childPath, ((JackrabbitAccessControlPolicy) effectivePolicies[2]).getPath());
} finally {
if (nullPathPolicy != null) {
acMgr.removePolicy(null, nullPathPolicy);
root.commit();
}
}
}
use of org.apache.jackrabbit.api.security.JackrabbitAccessControlPolicy in project jackrabbit by apache.
the class ACLEditor method editAccessControlPolicies.
/**
* @see AccessControlEditor#editAccessControlPolicies(Principal)
*/
public JackrabbitAccessControlPolicy[] editAccessControlPolicies(Principal principal) throws RepositoryException {
if (!session.getPrincipalManager().hasPrincipal(principal.getName())) {
throw new AccessControlException("Cannot edit access control: " + principal.getName() + " isn't a known principal.");
}
String nPath = getPathToAcNode(principal);
NodeImpl acNode;
if (!session.nodeExists(nPath)) {
acNode = createAcNode(nPath);
} else {
acNode = (NodeImpl) session.getNode(nPath);
}
if (!isAccessControlled(acNode)) {
return new JackrabbitAccessControlPolicy[] { createTemplate(acNode) };
} else {
// no additional applicable policies present.
return new JackrabbitAccessControlPolicy[0];
}
}
use of org.apache.jackrabbit.api.security.JackrabbitAccessControlPolicy in project jackrabbit-oak by apache.
the class AccessControlManagerImpl method getPolicies.
@Nonnull
@Override
public JackrabbitAccessControlPolicy[] getPolicies(@Nonnull Principal principal) throws RepositoryException {
Util.checkValidPrincipal(principal, principalManager);
String oakPath = (principal instanceof ItemBasedPrincipal) ? ((ItemBasedPrincipal) principal).getPath() : null;
JackrabbitAccessControlPolicy policy = createPrincipalACL(oakPath, principal);
if (policy != null) {
return new JackrabbitAccessControlPolicy[] { policy };
} else {
return new JackrabbitAccessControlPolicy[0];
}
}
use of org.apache.jackrabbit.api.security.JackrabbitAccessControlPolicy in project jackrabbit-oak by apache.
the class CompositeAccessControlManager method getPolicies.
@Override
public JackrabbitAccessControlPolicy[] getPolicies(Principal principal) throws RepositoryException {
ImmutableList.Builder<JackrabbitAccessControlPolicy> privs = ImmutableList.builder();
for (AccessControlManager acMgr : acMgrs) {
if (acMgr instanceof JackrabbitAccessControlManager) {
privs.add(((JackrabbitAccessControlManager) acMgr).getPolicies(principal));
}
}
List<JackrabbitAccessControlPolicy> l = privs.build();
return l.toArray(new JackrabbitAccessControlPolicy[l.size()]);
}
Aggregations