Search in sources :

Example 76 with PermissionProvider

use of org.apache.jackrabbit.oak.spi.security.authorization.permission.PermissionProvider in project jackrabbit-oak by apache.

the class CustomRestrictionProviderTest method testUnProtectByRestriction.

/**
 * Tests the custom restriction provider that checks on the absence of a property.
 * @throws Exception
 */
@Test
public void testUnProtectByRestriction() throws Exception {
    // allow rep:write      /testroot
    // deny  jcr:removeNode /testroot
    // allow jcr:removeNode /testroot/a  hasProperty=!protect-me
    addEntry(TEST_ROOT_PATH, true, "", PrivilegeConstants.JCR_READ, PrivilegeConstants.REP_WRITE);
    addEntry(TEST_ROOT_PATH, false, "", PrivilegeConstants.JCR_REMOVE_NODE);
    addEntry(TEST_A_PATH, true, "!" + PROP_NAME_PROTECT_ME, PrivilegeConstants.JCR_REMOVE_NODE);
    ContentSession testSession = createTestSession();
    try {
        Root testRoot = testSession.getLatestRoot();
        PermissionProvider pp = getPermissionProvider(testSession);
        assertIsGranted(pp, testRoot, true, TEST_A_PATH, Permissions.REMOVE_NODE);
        assertIsGranted(pp, testRoot, true, TEST_B_PATH, Permissions.REMOVE_NODE);
        assertIsGranted(pp, testRoot, false, TEST_C_PATH, Permissions.REMOVE_NODE);
        assertIsGranted(pp, testRoot, true, TEST_D_PATH, Permissions.REMOVE_NODE);
        assertIsGranted(pp, testRoot, true, TEST_E_PATH, Permissions.REMOVE_NODE);
    } finally {
        testSession.close();
    }
}
Also used : Root(org.apache.jackrabbit.oak.api.Root) PermissionProvider(org.apache.jackrabbit.oak.spi.security.authorization.permission.PermissionProvider) ContentSession(org.apache.jackrabbit.oak.api.ContentSession) AbstractSecurityTest(org.apache.jackrabbit.oak.AbstractSecurityTest) Test(org.junit.Test)

Example 77 with PermissionProvider

use of org.apache.jackrabbit.oak.spi.security.authorization.permission.PermissionProvider in project jackrabbit-oak by apache.

the class AbstractCompositeProviderTest method testIsNotGranted.

@Test
public void testIsNotGranted() throws Exception {
    PermissionProvider pp = createPermissionProvider();
    PermissionProvider ppo = createPermissionProviderOR();
    for (String p : NODE_PATHS) {
        Tree tree = readOnlyRoot.getTree(p);
        PropertyState ps = tree.getProperty(JcrConstants.JCR_PRIMARYTYPE);
        assertFalse(p, pp.isGranted(tree, null, Permissions.MODIFY_ACCESS_CONTROL));
        assertFalse(PathUtils.concat(p, JcrConstants.JCR_PRIMARYTYPE), pp.isGranted(tree, ps, Permissions.MODIFY_ACCESS_CONTROL));
        assertFalse(p, ppo.isGranted(tree, null, Permissions.MODIFY_ACCESS_CONTROL));
        assertFalse(PathUtils.concat(p, JcrConstants.JCR_PRIMARYTYPE), ppo.isGranted(tree, ps, Permissions.MODIFY_ACCESS_CONTROL));
    }
}
Also used : PermissionProvider(org.apache.jackrabbit.oak.spi.security.authorization.permission.PermissionProvider) AggregatedPermissionProvider(org.apache.jackrabbit.oak.spi.security.authorization.permission.AggregatedPermissionProvider) Tree(org.apache.jackrabbit.oak.api.Tree) ImmutableTree(org.apache.jackrabbit.oak.plugins.tree.impl.ImmutableTree) PropertyState(org.apache.jackrabbit.oak.api.PropertyState) AbstractSecurityTest(org.apache.jackrabbit.oak.AbstractSecurityTest) Test(org.junit.Test)

Example 78 with PermissionProvider

use of org.apache.jackrabbit.oak.spi.security.authorization.permission.PermissionProvider in project jackrabbit-oak by apache.

the class AbstractCompositeProviderTest method testTreePermissionCanReadPropertiesOR.

@Test
public void testTreePermissionCanReadPropertiesOR() throws Exception {
    PermissionProvider pp = createPermissionProviderOR();
    TreePermission parentPermission = TreePermission.EMPTY;
    for (String path : TP_PATHS) {
        TreePermission tp = pp.getTreePermission(readOnlyRoot.getTree(path), parentPermission);
        assertFalse(tp.canReadProperties());
        parentPermission = tp;
    }
}
Also used : PermissionProvider(org.apache.jackrabbit.oak.spi.security.authorization.permission.PermissionProvider) AggregatedPermissionProvider(org.apache.jackrabbit.oak.spi.security.authorization.permission.AggregatedPermissionProvider) TreePermission(org.apache.jackrabbit.oak.spi.security.authorization.permission.TreePermission) AbstractSecurityTest(org.apache.jackrabbit.oak.AbstractSecurityTest) Test(org.junit.Test)

Example 79 with PermissionProvider

use of org.apache.jackrabbit.oak.spi.security.authorization.permission.PermissionProvider in project jackrabbit-oak by apache.

the class AbstractCompositeProviderTest method testIsNotGrantedAction.

@Test
public void testIsNotGrantedAction() throws Exception {
    PermissionProvider pp = createPermissionProvider();
    PermissionProvider ppo = createPermissionProviderOR();
    String[] actions = new String[] { JackrabbitSession.ACTION_LOCKING, JackrabbitSession.ACTION_MODIFY_ACCESS_CONTROL };
    for (String nodePath : NODE_PATHS) {
        String actionStr = getActionString(actions);
        assertFalse(nodePath, pp.isGranted(nodePath, actionStr));
        assertFalse(nodePath, ppo.isGranted(nodePath, actionStr));
        String propPath = PathUtils.concat(nodePath, JcrConstants.JCR_PRIMARYTYPE);
        assertFalse(propPath, pp.isGranted(propPath, actionStr));
        assertFalse(propPath, ppo.isGranted(propPath, actionStr));
        String nonExPath = PathUtils.concat(nodePath, "nonExisting");
        assertFalse(nonExPath, pp.isGranted(nonExPath, actionStr));
        assertFalse(nonExPath, ppo.isGranted(nonExPath, actionStr));
    }
}
Also used : PermissionProvider(org.apache.jackrabbit.oak.spi.security.authorization.permission.PermissionProvider) AggregatedPermissionProvider(org.apache.jackrabbit.oak.spi.security.authorization.permission.AggregatedPermissionProvider) AbstractSecurityTest(org.apache.jackrabbit.oak.AbstractSecurityTest) Test(org.junit.Test)

Example 80 with PermissionProvider

use of org.apache.jackrabbit.oak.spi.security.authorization.permission.PermissionProvider in project jackrabbit-oak by apache.

the class AbstractCompositeProviderTest method testHasPrivilegesJcrAllOR.

@Test
public void testHasPrivilegesJcrAllOR() throws Exception {
    PermissionProvider pp = createPermissionProviderOR();
    for (String p : NODE_PATHS) {
        Tree tree = readOnlyRoot.getTree(p);
        assertFalse(p, pp.hasPrivileges(tree, JCR_ALL));
    }
}
Also used : PermissionProvider(org.apache.jackrabbit.oak.spi.security.authorization.permission.PermissionProvider) AggregatedPermissionProvider(org.apache.jackrabbit.oak.spi.security.authorization.permission.AggregatedPermissionProvider) Tree(org.apache.jackrabbit.oak.api.Tree) ImmutableTree(org.apache.jackrabbit.oak.plugins.tree.impl.ImmutableTree) AbstractSecurityTest(org.apache.jackrabbit.oak.AbstractSecurityTest) Test(org.junit.Test)

Aggregations

PermissionProvider (org.apache.jackrabbit.oak.spi.security.authorization.permission.PermissionProvider)93 Test (org.junit.Test)86 AbstractSecurityTest (org.apache.jackrabbit.oak.AbstractSecurityTest)49 AggregatedPermissionProvider (org.apache.jackrabbit.oak.spi.security.authorization.permission.AggregatedPermissionProvider)33 Tree (org.apache.jackrabbit.oak.api.Tree)32 TreePermission (org.apache.jackrabbit.oak.spi.security.authorization.permission.TreePermission)20 EmptyPermissionProvider (org.apache.jackrabbit.oak.spi.security.authorization.permission.EmptyPermissionProvider)16 ContentSession (org.apache.jackrabbit.oak.api.ContentSession)15 Root (org.apache.jackrabbit.oak.api.Root)13 PropertyState (org.apache.jackrabbit.oak.api.PropertyState)12 ImmutableTree (org.apache.jackrabbit.oak.plugins.tree.impl.ImmutableTree)12 AuthorizationConfiguration (org.apache.jackrabbit.oak.spi.security.authorization.AuthorizationConfiguration)11 OpenPermissionProvider (org.apache.jackrabbit.oak.spi.security.authorization.permission.OpenPermissionProvider)8 Principal (java.security.Principal)5 AccessControlManager (javax.jcr.security.AccessControlManager)5 PrincipalImpl (org.apache.jackrabbit.oak.spi.security.principal.PrincipalImpl)5 CommitFailedException (org.apache.jackrabbit.oak.api.CommitFailedException)4 Nonnull (javax.annotation.Nonnull)3 AccessControlList (javax.jcr.security.AccessControlList)3 ConfigurationParameters (org.apache.jackrabbit.oak.spi.security.ConfigurationParameters)3