Search in sources :

Example 16 with PermissionProvider

use of org.apache.jackrabbit.oak.spi.security.authorization.permission.PermissionProvider in project jackrabbit-oak by apache.

the class CugEvaluationTest method testHasPrivilegesTestGroup.

@Test
public void testHasPrivilegesTestGroup() throws Exception {
    // testGroup
    PermissionProvider pp = createPermissionProvider(testGroupPrincipal);
    assertTrue(pp.hasPrivileges(content, PrivilegeConstants.JCR_READ));
    assertTrue(pp.hasPrivileges(a, PrivilegeConstants.JCR_READ));
    assertFalse(pp.hasPrivileges(c, PrivilegeConstants.JCR_READ));
    assertTrue(pp.hasPrivileges(content, PrivilegeConstants.REP_WRITE, PrivilegeConstants.JCR_READ_ACCESS_CONTROL));
    assertTrue(pp.hasPrivileges(a, PrivilegeConstants.REP_WRITE, PrivilegeConstants.JCR_READ_ACCESS_CONTROL));
    assertTrue(pp.hasPrivileges(c, PrivilegeConstants.REP_WRITE, PrivilegeConstants.JCR_READ_ACCESS_CONTROL));
}
Also used : PermissionProvider(org.apache.jackrabbit.oak.spi.security.authorization.permission.PermissionProvider) Test(org.junit.Test)

Example 17 with PermissionProvider

use of org.apache.jackrabbit.oak.spi.security.authorization.permission.PermissionProvider in project jackrabbit-oak by apache.

the class CugEvaluationTest method testHasPrivilegesEveryone.

@Test
public void testHasPrivilegesEveryone() throws Exception {
    // everyone
    PermissionProvider pp = createPermissionProvider(EveryonePrincipal.getInstance());
    assertFalse(pp.hasPrivileges(content, PrivilegeConstants.JCR_READ));
    assertFalse(pp.hasPrivileges(content2, PrivilegeConstants.JCR_READ));
    assertFalse(pp.hasPrivileges(a, PrivilegeConstants.JCR_READ));
    assertFalse(pp.hasPrivileges(c, PrivilegeConstants.JCR_READ));
    assertFalse(pp.hasPrivileges(content, PrivilegeConstants.REP_WRITE, PrivilegeConstants.JCR_READ_ACCESS_CONTROL));
    assertFalse(pp.hasPrivileges(content2, PrivilegeConstants.REP_WRITE, PrivilegeConstants.JCR_READ_ACCESS_CONTROL));
    assertFalse(pp.hasPrivileges(a, PrivilegeConstants.REP_WRITE, PrivilegeConstants.JCR_READ_ACCESS_CONTROL));
    assertFalse(pp.hasPrivileges(c, PrivilegeConstants.REP_WRITE, PrivilegeConstants.JCR_READ_ACCESS_CONTROL));
}
Also used : PermissionProvider(org.apache.jackrabbit.oak.spi.security.authorization.permission.PermissionProvider) Test(org.junit.Test)

Example 18 with PermissionProvider

use of org.apache.jackrabbit.oak.spi.security.authorization.permission.PermissionProvider in project jackrabbit-oak by apache.

the class CugEvaluationTest method testHasPrivilegesTestUserEveryone.

@Test
public void testHasPrivilegesTestUserEveryone() throws Exception {
    // testUser + everyone
    PermissionProvider pp = createPermissionProvider(getTestUser().getPrincipal(), EveryonePrincipal.getInstance());
    assertTrue(pp.hasPrivileges(content, PrivilegeConstants.JCR_READ));
    assertFalse(pp.hasPrivileges(a, PrivilegeConstants.JCR_READ));
    assertTrue(pp.hasPrivileges(c, PrivilegeConstants.JCR_READ));
    assertFalse(pp.hasPrivileges(content, PrivilegeConstants.REP_WRITE, PrivilegeConstants.JCR_READ_ACCESS_CONTROL));
    assertFalse(pp.hasPrivileges(a, PrivilegeConstants.REP_WRITE, PrivilegeConstants.JCR_READ_ACCESS_CONTROL));
    assertFalse(pp.hasPrivileges(c, PrivilegeConstants.REP_WRITE, PrivilegeConstants.JCR_READ_ACCESS_CONTROL));
}
Also used : PermissionProvider(org.apache.jackrabbit.oak.spi.security.authorization.permission.PermissionProvider) Test(org.junit.Test)

Example 19 with PermissionProvider

use of org.apache.jackrabbit.oak.spi.security.authorization.permission.PermissionProvider in project jackrabbit-oak by apache.

the class CugEvaluationTest method testHasAllPrivileges.

@Test
public void testHasAllPrivileges() throws Exception {
    // testGroup
    PermissionProvider pp = createPermissionProvider(testGroupPrincipal);
    assertFalse(pp.hasPrivileges(content, PrivilegeConstants.JCR_ALL));
    assertFalse(pp.hasPrivileges(a, PrivilegeConstants.JCR_ALL));
    assertFalse(pp.hasPrivileges(c, PrivilegeConstants.JCR_ALL));
}
Also used : PermissionProvider(org.apache.jackrabbit.oak.spi.security.authorization.permission.PermissionProvider) Test(org.junit.Test)

Example 20 with PermissionProvider

use of org.apache.jackrabbit.oak.spi.security.authorization.permission.PermissionProvider in project jackrabbit-oak by apache.

the class CugConfigurationTest method testGetPermissionProviderNoSupportedPaths.

@Test
public void testGetPermissionProviderNoSupportedPaths() {
    // enabled but no supported paths specified
    CugConfiguration cc = createConfiguration(ConfigurationParameters.of(CugConstants.PARAM_CUG_ENABLED, true));
    PermissionProvider pp = cc.getPermissionProvider(root, "default", ImmutableSet.<Principal>of(EveryonePrincipal.getInstance()));
    assertSame(EmptyPermissionProvider.getInstance(), pp);
}
Also used : EmptyPermissionProvider(org.apache.jackrabbit.oak.spi.security.authorization.permission.EmptyPermissionProvider) PermissionProvider(org.apache.jackrabbit.oak.spi.security.authorization.permission.PermissionProvider) AbstractSecurityTest(org.apache.jackrabbit.oak.AbstractSecurityTest) Test(org.junit.Test)

Aggregations

PermissionProvider (org.apache.jackrabbit.oak.spi.security.authorization.permission.PermissionProvider)70 Test (org.junit.Test)65 AbstractSecurityTest (org.apache.jackrabbit.oak.AbstractSecurityTest)44 Tree (org.apache.jackrabbit.oak.api.Tree)21 AggregatedPermissionProvider (org.apache.jackrabbit.oak.spi.security.authorization.permission.AggregatedPermissionProvider)18 ContentSession (org.apache.jackrabbit.oak.api.ContentSession)15 Root (org.apache.jackrabbit.oak.api.Root)12 EmptyPermissionProvider (org.apache.jackrabbit.oak.spi.security.authorization.permission.EmptyPermissionProvider)11 TreePermission (org.apache.jackrabbit.oak.spi.security.authorization.permission.TreePermission)11 ImmutableTree (org.apache.jackrabbit.oak.plugins.tree.impl.ImmutableTree)8 PropertyState (org.apache.jackrabbit.oak.api.PropertyState)6 AccessControlManager (javax.jcr.security.AccessControlManager)4 CommitFailedException (org.apache.jackrabbit.oak.api.CommitFailedException)4 AuthorizationConfiguration (org.apache.jackrabbit.oak.spi.security.authorization.AuthorizationConfiguration)4 Principal (java.security.Principal)3 Nonnull (javax.annotation.Nonnull)3 AuthorizationConfigurationImpl (org.apache.jackrabbit.oak.security.authorization.AuthorizationConfigurationImpl)3 ConfigurationParameters (org.apache.jackrabbit.oak.spi.security.ConfigurationParameters)3 OpenAuthorizationConfiguration (org.apache.jackrabbit.oak.spi.security.authorization.OpenAuthorizationConfiguration)3 AccessControlList (javax.jcr.security.AccessControlList)2