use of org.apache.jackrabbit.oak.api.ContentSession in project jackrabbit-oak by apache.
the class PermissionValidatorTest method testChangePrimaryTypeToPolicyNode.
@Test
public void testChangePrimaryTypeToPolicyNode() throws Exception {
// create a rep:policy node that is not detected as access control content
testRootNode.getChild("child").addChild(AccessControlConstants.REP_POLICY, NT_UNSTRUCTURED);
root.commit();
// grant the test session the ability to read/write that node but don't
// allow to modify access control content
grant(TEST_ROOT_PATH, PrivilegeConstants.JCR_READ, PrivilegeConstants.JCR_READ_ACCESS_CONTROL, PrivilegeConstants.REP_WRITE);
ContentSession testSession = createTestSession();
try {
Root testRoot = testSession.getLatestRoot();
Tree testChild = testRoot.getTree(TEST_CHILD_PATH);
testChild.setProperty(PropertyStates.createProperty(JcrConstants.JCR_MIXINTYPES, ImmutableList.of(AccessControlConstants.MIX_REP_ACCESS_CONTROLLABLE), Type.NAMES));
Tree testPolicy = testChild.getChild(AccessControlConstants.REP_POLICY);
testPolicy.setOrderableChildren(true);
testPolicy.setProperty(JCR_PRIMARYTYPE, AccessControlConstants.NT_REP_ACL, Type.NAME);
testRoot.commit();
fail("Turning a false policy node into access control content requires the ability to write AC content.");
} catch (CommitFailedException e) {
assertTrue(e.isAccessViolation());
assertEquals(0, e.getCode());
} finally {
testSession.close();
}
}
use of org.apache.jackrabbit.oak.api.ContentSession in project jackrabbit-oak by apache.
the class TreePermissionImplTest method getTreePermission.
private TreePermission getTreePermission(String path) throws Exception {
ContentSession testSession = createTestSession();
PermissionProvider pp = config.getPermissionProvider(testSession.getLatestRoot(), testSession.getWorkspaceName(), testSession.getAuthInfo().getPrincipals());
return pp.getTreePermission(root.getTree(path), TreePermission.EMPTY);
}
use of org.apache.jackrabbit.oak.api.ContentSession in project jackrabbit-oak by apache.
the class PermissionProviderImplTest method testIsGrantedForReadPaths.
@Test
public void testIsGrantedForReadPaths() throws Exception {
ContentSession testSession = createTestSession();
try {
PermissionProvider pp = createPermissionProvider(testSession);
for (String path : READ_PATHS) {
assertTrue(pp.isGranted(path, Permissions.getString(Permissions.READ)));
assertTrue(pp.isGranted(path, Permissions.getString(Permissions.READ_NODE)));
assertTrue(pp.isGranted(path + '/' + JcrConstants.JCR_PRIMARYTYPE, Permissions.getString(Permissions.READ_PROPERTY)));
assertFalse(pp.isGranted(path, Permissions.getString(Permissions.READ_ACCESS_CONTROL)));
}
for (String path : READ_PATHS) {
Tree tree = root.getTree(path);
assertTrue(pp.isGranted(tree, null, Permissions.READ));
assertTrue(pp.isGranted(tree, null, Permissions.READ_NODE));
assertTrue(pp.isGranted(tree, tree.getProperty(JcrConstants.JCR_PRIMARYTYPE), Permissions.READ_PROPERTY));
assertFalse(pp.isGranted(tree, null, Permissions.READ_ACCESS_CONTROL));
}
RepositoryPermission rp = pp.getRepositoryPermission();
assertFalse(rp.isGranted(Permissions.READ));
assertFalse(rp.isGranted(Permissions.READ_NODE));
assertFalse(rp.isGranted(Permissions.READ_PROPERTY));
assertFalse(rp.isGranted(Permissions.READ_ACCESS_CONTROL));
} finally {
testSession.close();
}
}
use of org.apache.jackrabbit.oak.api.ContentSession in project jackrabbit-oak by apache.
the class PermissionProviderImplTest method testHasPrivileges.
@Test
public void testHasPrivileges() throws Exception {
ContentSession testSession = createTestSession();
try {
PermissionProvider pp = createPermissionProvider(testSession);
assertTrue(pp.hasPrivileges(null));
assertTrue(pp.hasPrivileges(null, new String[0]));
assertFalse(pp.hasPrivileges(null, PrivilegeConstants.JCR_WORKSPACE_MANAGEMENT));
} finally {
testSession.close();
}
}
use of org.apache.jackrabbit.oak.api.ContentSession in project jackrabbit-oak by apache.
the class PermissionProviderImplTest method testHasPrivilegesForReadPaths.
@Test
public void testHasPrivilegesForReadPaths() throws Exception {
ContentSession testSession = createTestSession();
try {
PermissionProvider pp = createPermissionProvider(testSession);
for (String path : READ_PATHS) {
Tree tree = root.getTree(path);
assertTrue(pp.hasPrivileges(tree, PrivilegeConstants.JCR_READ));
assertTrue(pp.hasPrivileges(tree, PrivilegeConstants.REP_READ_NODES));
assertTrue(pp.hasPrivileges(tree, PrivilegeConstants.REP_READ_PROPERTIES));
assertFalse(pp.hasPrivileges(tree, PrivilegeConstants.JCR_READ_ACCESS_CONTROL));
}
assertFalse(pp.hasPrivileges(null, PrivilegeConstants.JCR_READ));
} finally {
testSession.close();
}
}
Aggregations