Example 21 with PrivilegeBits
use of org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeBits in project jackrabbit-oak by apache.
the class CompositeProviderFullScopeTest method testHasPrivileges.
@Test
public void testHasPrivileges() throws Exception {
PrivilegeBitsProvider pbp = new PrivilegeBitsProvider(readOnlyRoot);
PrivilegeBits readNodes = pbp.getBits(REP_READ_NODES);
for (String path : defPrivileges.keySet()) {
Set<String> defaultPrivs = defPrivileges.get(path);
PrivilegeBits defaultBits = pbp.getBits(defaultPrivs);
Tree tree = readOnlyRoot.getTree(path);
if (defaultPrivs.isEmpty()) {
assertFalse(path, cppTestUser.hasPrivileges(tree, REP_READ_NODES));
} else if (defaultBits.includes(readNodes)) {
assertTrue(path, cppTestUser.hasPrivileges(tree, REP_READ_NODES));
if (!readNodes.equals(defaultBits)) {
assertFalse(path, cppTestUser.hasPrivileges(tree, defaultPrivs.toArray(new String[defaultPrivs.size()])));
}
} else {
assertFalse(path, cppTestUser.hasPrivileges(tree, REP_READ_NODES));
assertFalse(path, cppTestUser.hasPrivileges(tree, defaultPrivs.toArray(new String[defaultPrivs.size()])));
}
}
}
Also used :
PrivilegeBitsProvider(org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeBitsProvider)
Tree(org.apache.jackrabbit.oak.api.Tree)
PrivilegeBits(org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeBits)
Test(org.junit.Test)
Example 22 with PrivilegeBits
use of org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeBits in project jackrabbit-oak by apache.
the class CompositeProviderScopeTest method testGetPrivilegesAdmin.
@Test
public void testGetPrivilegesAdmin() throws Exception {
for (String path : NODE_PATHS) {
Tree tree = readOnlyRoot.getTree(path);
Set<String> privNames = cppAdminUser.getPrivileges(tree);
if (testProvider.isSupported(path)) {
PrivilegeBits expected = pbp.getBits(JCR_ALL).modifiable().diff(denied).unmodifiable();
assertEquals(expected, pbp.getBits(privNames));
} else {
assertEquals(path, ImmutableSet.of(JCR_ALL), privNames);
}
}
}
Also used :
Tree(org.apache.jackrabbit.oak.api.Tree)
PrivilegeBits(org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeBits)
Test(org.junit.Test)
Example 23 with PrivilegeBits
use of org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeBits in project jackrabbit-oak by apache.
the class CompositeProviderScopeTest method testGetPrivilegesOnRepoAdmin.
@Test
public void testGetPrivilegesOnRepoAdmin() throws Exception {
PrivilegeBits expected = pbp.getBits(JCR_ALL).modifiable().diff(pbp.getBits(JCR_NAMESPACE_MANAGEMENT)).unmodifiable();
assertEquals(expected, pbp.getBits(cppAdminUser.getPrivileges(null)));
}
Also used :
PrivilegeBits(org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeBits)
Test(org.junit.Test)
Example 24 with PrivilegeBits
use of org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeBits in project jackrabbit-oak by apache.
the class JcrAllTest method testAllAggregation.
@Test
public void testAllAggregation() throws Exception {
PrivilegeBits all = bitsProvider.getBits(JCR_ALL);
PrivilegeManager pMgr = getSecurityProvider().getConfiguration(PrivilegeConfiguration.class).getPrivilegeManager(root, NamePathMapper.DEFAULT);
Iterable<Privilege> declaredAggr = Arrays.asList(pMgr.getPrivilege(JCR_ALL).getDeclaredAggregatePrivileges());
String[] allAggregates = Iterables.toArray(Iterables.transform(declaredAggr, new Function<Privilege, String>() {
@Override
public String apply(@Nullable Privilege privilege) {
return checkNotNull(privilege).getName();
}
}), String.class);
PrivilegeBits all2 = bitsProvider.getBits(allAggregates);
assertEquals(all, all2);
assertEquals(Collections.singleton(JCR_ALL), bitsProvider.getPrivilegeNames(all2));
PrivilegeBits bits = PrivilegeBits.getInstance();
for (String name : allAggregates) {
bits.add(bitsProvider.getBits(name));
}
assertEquals(all, bits.unmodifiable());
}
Also used :
Function(com.google.common.base.Function)
PrivilegeManager(org.apache.jackrabbit.api.security.authorization.PrivilegeManager)
PrivilegeBits(org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeBits)
Privilege(javax.jcr.security.Privilege)
PrivilegeConfiguration(org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeConfiguration)
Nullable(javax.annotation.Nullable)
AbstractSecurityTest(org.apache.jackrabbit.oak.AbstractSecurityTest)
Test(org.junit.Test)
Example 25 with PrivilegeBits
use of org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeBits in project jackrabbit-oak by apache.
the class PrivilegeBitsProviderTest method testUnknownAggregation.
@Test
public void testUnknownAggregation() throws RepositoryException {
PrivilegeBits bits = bitsProvider.getBits(REP_WRITE, JCR_LIFECYCLE_MANAGEMENT);
Set<String> names = bitsProvider.getPrivilegeNames(bits);
assertEquals(2, names.size());
}
Also used :
PrivilegeBits(org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeBits)
AbstractSecurityTest(org.apache.jackrabbit.oak.AbstractSecurityTest)
Test(org.junit.Test)
Aggregations
PrivilegeBits (org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeBits)29
Test (org.junit.Test)18
Tree (org.apache.jackrabbit.oak.api.Tree)9
AbstractSecurityTest (org.apache.jackrabbit.oak.AbstractSecurityTest)8
PrivilegeBitsProvider (org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeBitsProvider)6
Nonnull (javax.annotation.Nonnull)5
Principal (java.security.Principal)2
Nullable (javax.annotation.Nullable)2
PrivilegeManager (org.apache.jackrabbit.api.security.authorization.PrivilegeManager)2
ImmutableTree (org.apache.jackrabbit.oak.plugins.tree.impl.ImmutableTree)2
ACE (org.apache.jackrabbit.oak.spi.security.authorization.accesscontrol.ACE)2
AggregatedPermissionProvider (org.apache.jackrabbit.oak.spi.security.authorization.permission.AggregatedPermissionProvider)2
Function (com.google.common.base.Function)1
Predicate (com.google.common.base.Predicate)1
ImmutableSet (com.google.common.collect.ImmutableSet)1
Sets.newHashSet (com.google.common.collect.Sets.newHashSet)1
HashSet (java.util.HashSet)1
Set (java.util.Set)1
Node (javax.jcr.Node)1
Privilege (javax.jcr.security.Privilege)1
