Examples with ACE org.apache.jackrabbit.oak.spi.security.authorization.accesscontrol.ACE used on opensource projects

Example 21 with ACE

use of org.apache.jackrabbit.oak.spi.security.authorization.accesscontrol.ACE in project jackrabbit-oak by apache.

the class AccessControlManagerImpl method setNodeBasedAcl.

private void setNodeBasedAcl(@Nullable String oakPath, @Nonnull Tree tree, @Nonnull ACL acl) throws RepositoryException {
    Tree aclTree = getAclTree(oakPath, tree);
    if (aclTree != null) {
        // remove all existing aces
        for (Tree aceTree : aclTree.getChildren()) {
            aceTree.remove();
        }
    } else {
        aclTree = createAclTree(oakPath, tree);
    }
    aclTree.setOrderableChildren(true);
    List<ACE> entries = acl.getEntries();
    for (int i = 0; i < entries.size(); i++) {
        ACE ace = entries.get(i);
        String nodeName = Util.generateAceName(ace, i);
        String ntName = (ace.isAllow()) ? NT_REP_GRANT_ACE : NT_REP_DENY_ACE;
        Tree aceNode = TreeUtil.addChild(aclTree, nodeName, ntName);
        aceNode.setProperty(REP_PRINCIPAL_NAME, ace.getPrincipal().getName());
        aceNode.setProperty(REP_PRIVILEGES, ImmutableList.copyOf(AccessControlUtils.namesFromPrivileges(ace.getPrivileges())), Type.NAMES);
        Set<Restriction> restrictions = ace.getRestrictions();
        restrictionProvider.writeRestrictions(oakPath, aceNode, restrictions);
    }
}

Example 22 with ACE

use of org.apache.jackrabbit.oak.spi.security.authorization.accesscontrol.ACE in project jackrabbit-oak by apache.

the class EntryTest method testRedundantPrivileges.

@Test
public void testRedundantPrivileges() throws Exception {
    ACE ace = createEntry(PrivilegeConstants.JCR_READ, PrivilegeConstants.JCR_READ);
    assertEquals(getBitsProvider().getBits(PrivilegeConstants.JCR_READ), ace.getPrivilegeBits());
}

Example 23 with ACE

use of org.apache.jackrabbit.oak.spi.security.authorization.accesscontrol.ACE in project jackrabbit-oak by apache.

the class EntryTest method testGetRestrictionsForMultiValued.

/**
     * @since OAK 1.0: support for multi-value restrictions
     */
@Test
public void testGetRestrictionsForMultiValued() throws Exception {
    // multivalued restriction
    Restriction nameRestr = createRestriction(AccessControlConstants.REP_NT_NAMES, nameValues);
    ACE ace = createEntry(ImmutableSet.of(nameRestr));
    Value[] vs = ace.getRestrictions(AccessControlConstants.REP_NT_NAMES);
    assertEquals(2, vs.length);
    assertArrayEquals(nameValues, vs);
}

Example 24 with ACE

use of org.apache.jackrabbit.oak.spi.security.authorization.accesscontrol.ACE in project jackrabbit-oak by apache.

the class EntryTest method testNotEquals.

@Test
public void testNotEquals() throws RepositoryException {
    ACE ace = createEntry(new String[] { PrivilegeConstants.JCR_ALL }, true);
    List<JackrabbitAccessControlEntry> otherAces = new ArrayList<JackrabbitAccessControlEntry>();
    try {
        // ACE template with different principal
        Principal princ = new Principal() {

            public String getName() {
                return "a name";
            }
        };
        Privilege[] privs = new Privilege[] { acMgr.privilegeFromName(PrivilegeConstants.JCR_ALL) };
        otherAces.add(createEntry(princ, privs, true));
    } catch (RepositoryException e) {
    }
    // ACE template with different privileges
    try {
        otherAces.add(createEntry(new String[] { PrivilegeConstants.JCR_READ }, true));
    } catch (RepositoryException e) {
    }
    // ACE template with different 'allow' flag
    try {
        otherAces.add(createEntry(new String[] { PrivilegeConstants.JCR_ALL }, false));
    } catch (RepositoryException e) {
    }
    // ACE template with different privileges and 'allows
    try {
        otherAces.add(createEntry(new String[] { PrivilegeConstants.REP_WRITE }, false));
    } catch (RepositoryException e) {
    }
    // other ace impl
    final Privilege[] privs = new Privilege[] { acMgr.privilegeFromName(PrivilegeConstants.JCR_ALL) };
    JackrabbitAccessControlEntry pe = new JackrabbitAccessControlEntry() {

        public boolean isAllow() {
            return true;
        }

        public String[] getRestrictionNames() {
            return new String[0];
        }

        public Value getRestriction(String restrictionName) {
            return null;
        }

        public Value[] getRestrictions(String restrictionName) {
            return null;
        }

        public Principal getPrincipal() {
            return testPrincipal;
        }

        public Privilege[] getPrivileges() {
            return privs;
        }
    };
    otherAces.add(pe);
    for (JackrabbitAccessControlEntry otherAce : otherAces) {
        assertFalse(ace.equals(otherAce));
    }
}

Example 25 with ACE

use of org.apache.jackrabbit.oak.spi.security.authorization.accesscontrol.ACE in project jackrabbit-oak by apache.

the class EntryTest method testGetRestrictionsForSingleValue.

/**
     * @since OAK 1.0: support for multi-value restrictions
     */
@Test
public void testGetRestrictionsForSingleValue() throws Exception {
    // single valued restriction
    Restriction globRestr = createRestriction(AccessControlConstants.REP_GLOB, globValue);
    ACE ace = createEntry(ImmutableSet.of(globRestr));
    Value[] vs = ace.getRestrictions(AccessControlConstants.REP_GLOB);
    assertNotNull(vs);
    assertArrayEquals(new Value[] { globValue }, vs);
}