Search in sources :

Example 1 with PermissionProvider

use of org.apache.jackrabbit.oak.spi.security.authorization.permission.PermissionProvider in project jackrabbit-oak by apache.

the class AbstractCompositeProviderTest method testTreePermissionIsNotGranted.

@Test
public void testTreePermissionIsNotGranted() throws Exception {
    PermissionProvider pp = createPermissionProvider();
    TreePermission parentPermission = TreePermission.EMPTY;
    PropertyState ps = PropertyStates.createProperty("propName", "val");
    for (String path : TP_PATHS) {
        Tree t = readOnlyRoot.getTree(path);
        TreePermission tp = pp.getTreePermission(t, parentPermission);
        assertFalse(tp.isGranted(Permissions.NO_PERMISSION));
        assertFalse(tp.isGranted(Permissions.MODIFY_ACCESS_CONTROL));
        assertFalse(tp.isGranted(Permissions.NO_PERMISSION, ps));
        assertFalse(tp.isGranted(Permissions.MODIFY_ACCESS_CONTROL, ps));
        parentPermission = tp;
    }
}
Also used : PermissionProvider(org.apache.jackrabbit.oak.spi.security.authorization.permission.PermissionProvider) AggregatedPermissionProvider(org.apache.jackrabbit.oak.spi.security.authorization.permission.AggregatedPermissionProvider) Tree(org.apache.jackrabbit.oak.api.Tree) ImmutableTree(org.apache.jackrabbit.oak.plugins.tree.impl.ImmutableTree) TreePermission(org.apache.jackrabbit.oak.spi.security.authorization.permission.TreePermission) PropertyState(org.apache.jackrabbit.oak.api.PropertyState) AbstractSecurityTest(org.apache.jackrabbit.oak.AbstractSecurityTest) Test(org.junit.Test)

Example 2 with PermissionProvider

use of org.apache.jackrabbit.oak.spi.security.authorization.permission.PermissionProvider in project jackrabbit-oak by apache.

the class CompositeAuthorizationConfigurationTest method testMultipleGetPermissionProvider3.

@Test
public void testMultipleGetPermissionProvider3() {
    CompositeAuthorizationConfiguration cc = getCompositeConfiguration(new OpenAuthorizationConfiguration(), new OpenAuthorizationConfiguration());
    PermissionProvider pp = cc.getPermissionProvider(root, root.getContentSession().getWorkspaceName(), Collections.<Principal>emptySet());
    assertFalse(pp instanceof CompositePermissionProvider);
    assertSame(EmptyPermissionProvider.getInstance(), pp);
}
Also used : EmptyPermissionProvider(org.apache.jackrabbit.oak.spi.security.authorization.permission.EmptyPermissionProvider) PermissionProvider(org.apache.jackrabbit.oak.spi.security.authorization.permission.PermissionProvider) OpenAuthorizationConfiguration(org.apache.jackrabbit.oak.spi.security.authorization.OpenAuthorizationConfiguration) AbstractSecurityTest(org.apache.jackrabbit.oak.AbstractSecurityTest) Test(org.junit.Test)

Example 3 with PermissionProvider

use of org.apache.jackrabbit.oak.spi.security.authorization.permission.PermissionProvider in project jackrabbit-oak by apache.

the class AbstractCompositeProviderTest method testTreePermissionCanReadProperties.

@Test
public void testTreePermissionCanReadProperties() throws Exception {
    PermissionProvider pp = createPermissionProvider();
    TreePermission parentPermission = TreePermission.EMPTY;
    for (String path : TP_PATHS) {
        TreePermission tp = pp.getTreePermission(readOnlyRoot.getTree(path), parentPermission);
        assertFalse(tp.canReadProperties());
        parentPermission = tp;
    }
}
Also used : PermissionProvider(org.apache.jackrabbit.oak.spi.security.authorization.permission.PermissionProvider) AggregatedPermissionProvider(org.apache.jackrabbit.oak.spi.security.authorization.permission.AggregatedPermissionProvider) TreePermission(org.apache.jackrabbit.oak.spi.security.authorization.permission.TreePermission) AbstractSecurityTest(org.apache.jackrabbit.oak.AbstractSecurityTest) Test(org.junit.Test)

Example 4 with PermissionProvider

use of org.apache.jackrabbit.oak.spi.security.authorization.permission.PermissionProvider in project jackrabbit-oak by apache.

the class PermissionTest method testHasPermission.

@Test
public void testHasPermission() throws Exception {
    // create permissions
    // allow rep:write      /testroot
    // allow jcr:removeNode /testroot/a/b
    // deny  jcr:removeNode /testroot/a/b/c
    addEntry(TEST_ROOT_PATH, true, "", PrivilegeConstants.JCR_READ, PrivilegeConstants.REP_WRITE);
    addEntry(TEST_B_PATH, true, "", PrivilegeConstants.JCR_REMOVE_NODE);
    addEntry(TEST_C_PATH, false, "", PrivilegeConstants.JCR_REMOVE_NODE);
    ContentSession testSession = createTestSession();
    try {
        Root testRoot = testSession.getLatestRoot();
        PermissionProvider pp = getPermissionProvider(testSession);
        assertIsGranted(pp, testRoot, true, TEST_A_PATH, Permissions.REMOVE_NODE);
        assertIsGranted(pp, testRoot, true, TEST_B_PATH, Permissions.REMOVE_NODE);
        assertIsGranted(pp, testRoot, false, TEST_C_PATH, Permissions.REMOVE_NODE);
        try {
            testRoot.getTree(TEST_C_PATH).remove();
            testRoot.commit();
            fail("removing node on /a/b/c should fail");
        } catch (CommitFailedException e) {
        // all ok
        }
    } finally {
        testSession.close();
    }
}
Also used : Root(org.apache.jackrabbit.oak.api.Root) PermissionProvider(org.apache.jackrabbit.oak.spi.security.authorization.permission.PermissionProvider) ContentSession(org.apache.jackrabbit.oak.api.ContentSession) CommitFailedException(org.apache.jackrabbit.oak.api.CommitFailedException) AbstractSecurityTest(org.apache.jackrabbit.oak.AbstractSecurityTest) Test(org.junit.Test)

Example 5 with PermissionProvider

use of org.apache.jackrabbit.oak.spi.security.authorization.permission.PermissionProvider in project jackrabbit-oak by apache.

the class RepoPolicyTreePermissionTest method getTreePermission.

@Nonnull
private TreePermission getTreePermission(@Nonnull ContentSession cs, @Nonnull String path) throws Exception {
    Root r = cs.getLatestRoot();
    PermissionProvider pp = config.getPermissionProvider(r, cs.getWorkspaceName(), cs.getAuthInfo().getPrincipals());
    Tree t = r.getTree(PathUtils.ROOT_PATH);
    TreePermission tp = pp.getTreePermission(t, TreePermission.EMPTY);
    for (String name : PathUtils.elements(path)) {
        t = t.getChild(name);
        tp = pp.getTreePermission(t, tp);
    }
    return tp;
}
Also used : Root(org.apache.jackrabbit.oak.api.Root) PermissionProvider(org.apache.jackrabbit.oak.spi.security.authorization.permission.PermissionProvider) Tree(org.apache.jackrabbit.oak.api.Tree) TreePermission(org.apache.jackrabbit.oak.spi.security.authorization.permission.TreePermission) Nonnull(javax.annotation.Nonnull)

Aggregations

PermissionProvider (org.apache.jackrabbit.oak.spi.security.authorization.permission.PermissionProvider)93 Test (org.junit.Test)86 AbstractSecurityTest (org.apache.jackrabbit.oak.AbstractSecurityTest)49 AggregatedPermissionProvider (org.apache.jackrabbit.oak.spi.security.authorization.permission.AggregatedPermissionProvider)33 Tree (org.apache.jackrabbit.oak.api.Tree)32 TreePermission (org.apache.jackrabbit.oak.spi.security.authorization.permission.TreePermission)20 EmptyPermissionProvider (org.apache.jackrabbit.oak.spi.security.authorization.permission.EmptyPermissionProvider)16 ContentSession (org.apache.jackrabbit.oak.api.ContentSession)15 Root (org.apache.jackrabbit.oak.api.Root)13 PropertyState (org.apache.jackrabbit.oak.api.PropertyState)12 ImmutableTree (org.apache.jackrabbit.oak.plugins.tree.impl.ImmutableTree)12 AuthorizationConfiguration (org.apache.jackrabbit.oak.spi.security.authorization.AuthorizationConfiguration)11 OpenPermissionProvider (org.apache.jackrabbit.oak.spi.security.authorization.permission.OpenPermissionProvider)8 Principal (java.security.Principal)5 AccessControlManager (javax.jcr.security.AccessControlManager)5 PrincipalImpl (org.apache.jackrabbit.oak.spi.security.principal.PrincipalImpl)5 CommitFailedException (org.apache.jackrabbit.oak.api.CommitFailedException)4 Nonnull (javax.annotation.Nonnull)3 AccessControlList (javax.jcr.security.AccessControlList)3 ConfigurationParameters (org.apache.jackrabbit.oak.spi.security.ConfigurationParameters)3