use of org.apache.jackrabbit.oak.spi.security.authorization.permission.PermissionProvider in project jackrabbit-oak by apache.
the class CustomRestrictionProviderTest method testUnProtectByRestriction.
/**
* Tests the custom restriction provider that checks on the absence of a property.
* @throws Exception
*/
@Test
public void testUnProtectByRestriction() throws Exception {
// allow rep:write /testroot
// deny jcr:removeNode /testroot
// allow jcr:removeNode /testroot/a hasProperty=!protect-me
addEntry(TEST_ROOT_PATH, true, "", PrivilegeConstants.JCR_READ, PrivilegeConstants.REP_WRITE);
addEntry(TEST_ROOT_PATH, false, "", PrivilegeConstants.JCR_REMOVE_NODE);
addEntry(TEST_A_PATH, true, "!" + PROP_NAME_PROTECT_ME, PrivilegeConstants.JCR_REMOVE_NODE);
ContentSession testSession = createTestSession();
try {
Root testRoot = testSession.getLatestRoot();
PermissionProvider pp = getPermissionProvider(testSession);
assertIsGranted(pp, testRoot, true, TEST_A_PATH, Permissions.REMOVE_NODE);
assertIsGranted(pp, testRoot, true, TEST_B_PATH, Permissions.REMOVE_NODE);
assertIsGranted(pp, testRoot, false, TEST_C_PATH, Permissions.REMOVE_NODE);
assertIsGranted(pp, testRoot, true, TEST_D_PATH, Permissions.REMOVE_NODE);
assertIsGranted(pp, testRoot, true, TEST_E_PATH, Permissions.REMOVE_NODE);
} finally {
testSession.close();
}
}
use of org.apache.jackrabbit.oak.spi.security.authorization.permission.PermissionProvider in project jackrabbit-oak by apache.
the class AbstractCompositeProviderTest method testIsNotGranted.
@Test
public void testIsNotGranted() throws Exception {
PermissionProvider pp = createPermissionProvider();
PermissionProvider ppo = createPermissionProviderOR();
for (String p : NODE_PATHS) {
Tree tree = readOnlyRoot.getTree(p);
PropertyState ps = tree.getProperty(JcrConstants.JCR_PRIMARYTYPE);
assertFalse(p, pp.isGranted(tree, null, Permissions.MODIFY_ACCESS_CONTROL));
assertFalse(PathUtils.concat(p, JcrConstants.JCR_PRIMARYTYPE), pp.isGranted(tree, ps, Permissions.MODIFY_ACCESS_CONTROL));
assertFalse(p, ppo.isGranted(tree, null, Permissions.MODIFY_ACCESS_CONTROL));
assertFalse(PathUtils.concat(p, JcrConstants.JCR_PRIMARYTYPE), ppo.isGranted(tree, ps, Permissions.MODIFY_ACCESS_CONTROL));
}
}
use of org.apache.jackrabbit.oak.spi.security.authorization.permission.PermissionProvider in project jackrabbit-oak by apache.
the class AbstractCompositeProviderTest method testTreePermissionCanReadPropertiesOR.
@Test
public void testTreePermissionCanReadPropertiesOR() throws Exception {
PermissionProvider pp = createPermissionProviderOR();
TreePermission parentPermission = TreePermission.EMPTY;
for (String path : TP_PATHS) {
TreePermission tp = pp.getTreePermission(readOnlyRoot.getTree(path), parentPermission);
assertFalse(tp.canReadProperties());
parentPermission = tp;
}
}
use of org.apache.jackrabbit.oak.spi.security.authorization.permission.PermissionProvider in project jackrabbit-oak by apache.
the class AbstractCompositeProviderTest method testIsNotGrantedAction.
@Test
public void testIsNotGrantedAction() throws Exception {
PermissionProvider pp = createPermissionProvider();
PermissionProvider ppo = createPermissionProviderOR();
String[] actions = new String[] { JackrabbitSession.ACTION_LOCKING, JackrabbitSession.ACTION_MODIFY_ACCESS_CONTROL };
for (String nodePath : NODE_PATHS) {
String actionStr = getActionString(actions);
assertFalse(nodePath, pp.isGranted(nodePath, actionStr));
assertFalse(nodePath, ppo.isGranted(nodePath, actionStr));
String propPath = PathUtils.concat(nodePath, JcrConstants.JCR_PRIMARYTYPE);
assertFalse(propPath, pp.isGranted(propPath, actionStr));
assertFalse(propPath, ppo.isGranted(propPath, actionStr));
String nonExPath = PathUtils.concat(nodePath, "nonExisting");
assertFalse(nonExPath, pp.isGranted(nonExPath, actionStr));
assertFalse(nonExPath, ppo.isGranted(nonExPath, actionStr));
}
}
use of org.apache.jackrabbit.oak.spi.security.authorization.permission.PermissionProvider in project jackrabbit-oak by apache.
the class AbstractCompositeProviderTest method testHasPrivilegesJcrAllOR.
@Test
public void testHasPrivilegesJcrAllOR() throws Exception {
PermissionProvider pp = createPermissionProviderOR();
for (String p : NODE_PATHS) {
Tree tree = readOnlyRoot.getTree(p);
assertFalse(p, pp.hasPrivileges(tree, JCR_ALL));
}
}
Aggregations