Example 1 with PrivilegeBitsProvider
use of org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeBitsProvider in project jackrabbit-oak by apache.
the class PermissionHookTest method before.
@Override
@Before
public void before() throws Exception {
super.before();
testPrincipal = getTestUser().getPrincipal();
NodeUtil rootNode = new NodeUtil(root.getTree("/"), namePathMapper);
NodeUtil testNode = rootNode.addChild("testPath", JcrConstants.NT_UNSTRUCTURED);
testNode.addChild("childNode", JcrConstants.NT_UNSTRUCTURED);
AccessControlManager acMgr = getAccessControlManager(root);
JackrabbitAccessControlList acl = AccessControlUtils.getAccessControlList(acMgr, testPath);
acl.addAccessControlEntry(testPrincipal, privilegesFromNames(JCR_ADD_CHILD_NODES));
acl.addAccessControlEntry(EveryonePrincipal.getInstance(), privilegesFromNames(JCR_READ));
acMgr.setPolicy(testPath, acl);
root.commit();
bitsProvider = new PrivilegeBitsProvider(root);
}
Also used :
AccessControlManager(javax.jcr.security.AccessControlManager)
PrivilegeBitsProvider(org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeBitsProvider)
JackrabbitAccessControlList(org.apache.jackrabbit.api.security.JackrabbitAccessControlList)
NodeUtil(org.apache.jackrabbit.oak.util.NodeUtil)
Before(org.junit.Before)
Example 2 with PrivilegeBitsProvider
use of org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeBitsProvider in project jackrabbit-oak by apache.
the class UtilTest method before.
@Override
@Before
public void before() throws Exception {
super.before();
bitsProvider = new PrivilegeBitsProvider(root);
}
Also used :
PrivilegeBitsProvider(org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeBitsProvider)
Before(org.junit.Before)
Example 3 with PrivilegeBitsProvider
use of org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeBitsProvider in project jackrabbit-oak by apache.
the class CompositeProviderScopeTest method testGetPrivileges.
@Test
public void testGetPrivileges() throws Exception {
PrivilegeBitsProvider pbp = new PrivilegeBitsProvider(readOnlyRoot);
for (String path : defPrivileges.keySet()) {
Tree tree = readOnlyRoot.getTree(path);
Set<String> defaultPrivs = defPrivileges.get(path);
Set<String> privNames = cppTestUser.getPrivileges(tree);
if (testProvider.isSupported(path)) {
PrivilegeBits expected = pbp.getBits(defaultPrivs).modifiable().diff(denied).unmodifiable();
assertEquals(expected, pbp.getBits(privNames));
} else {
assertEquals(path, defaultPrivs, privNames);
}
}
}
Also used :
PrivilegeBitsProvider(org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeBitsProvider)
Tree(org.apache.jackrabbit.oak.api.Tree)
PrivilegeBits(org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeBits)
Test(org.junit.Test)
Example 4 with PrivilegeBitsProvider
use of org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeBitsProvider in project jackrabbit-oak by apache.
the class CompositeProviderFullScopeTest method testGetPrivileges.
@Test
public void testGetPrivileges() throws Exception {
PrivilegeBitsProvider pbp = new PrivilegeBitsProvider(readOnlyRoot);
PrivilegeBits readNodes = pbp.getBits(REP_READ_NODES);
Set<String> expected = ImmutableSet.of(REP_READ_NODES);
for (String path : defPrivileges.keySet()) {
Set<String> defaultPrivs = defPrivileges.get(path);
Tree tree = readOnlyRoot.getTree(path);
Set<String> privNames = cppTestUser.getPrivileges(tree);
if (pbp.getBits(defaultPrivs).includes(readNodes)) {
assertEquals(expected, privNames);
} else {
assertTrue(privNames.isEmpty());
}
}
}
Also used :
PrivilegeBitsProvider(org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeBitsProvider)
Tree(org.apache.jackrabbit.oak.api.Tree)
PrivilegeBits(org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeBits)
Test(org.junit.Test)
Example 5 with PrivilegeBitsProvider
use of org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeBitsProvider in project jackrabbit-oak by apache.
the class CugPermissionProviderTest method testSupportedPrivilegesForNullTree.
/**
* @see org.apache.jackrabbit.oak.spi.security.authorization.permission.AggregatedPermissionProvider#supportedPrivileges(org.apache.jackrabbit.oak.api.Tree, org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeBits)
*/
@Test
public void testSupportedPrivilegesForNullTree() {
PrivilegeBits readBits = PrivilegeBits.BUILT_IN.get(PrivilegeConstants.JCR_READ);
PrivilegeBits readNodeBits = PrivilegeBits.BUILT_IN.get(PrivilegeConstants.REP_READ_NODES);
PrivilegeBits readPropBits = PrivilegeBits.BUILT_IN.get(PrivilegeConstants.REP_READ_PROPERTIES);
PrivilegeBitsProvider provider = new PrivilegeBitsProvider(root);
assertTrue(cugPermProvider.supportedPrivileges(null, readBits).isEmpty());
assertTrue(cugPermProvider.supportedPrivileges(null, readNodeBits).isEmpty());
assertTrue(cugPermProvider.supportedPrivileges(null, readPropBits).isEmpty());
assertTrue(cugPermProvider.supportedPrivileges(null, provider.getBits(PrivilegeConstants.JCR_ALL)).isEmpty());
assertTrue(cugPermProvider.supportedPrivileges(null, provider.getBits(PrivilegeConstants.REP_READ_NODES, PrivilegeConstants.JCR_READ_ACCESS_CONTROL)).isEmpty());
assertTrue(cugPermProvider.supportedPrivileges(null, provider.getBits(PrivilegeConstants.REP_WRITE)).isEmpty());
assertTrue(cugPermProvider.supportedPrivileges(null, provider.getBits(PrivilegeConstants.JCR_ADD_CHILD_NODES, PrivilegeConstants.JCR_REMOVE_CHILD_NODES, PrivilegeConstants.JCR_REMOVE_NODE)).isEmpty());
assertTrue(cugPermProvider.supportedPrivileges(null, provider.getBits(PrivilegeConstants.JCR_READ_ACCESS_CONTROL)).isEmpty());
}
Also used :
PrivilegeBitsProvider(org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeBitsProvider)
PrivilegeBits(org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeBits)
Test(org.junit.Test)
Aggregations
PrivilegeBitsProvider (org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeBitsProvider)16
PrivilegeBits (org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeBits)6
Test (org.junit.Test)6
Tree (org.apache.jackrabbit.oak.api.Tree)5
Before (org.junit.Before)3
Nonnull (javax.annotation.Nonnull)2
AccessControlManager (javax.jcr.security.AccessControlManager)1
JackrabbitAccessControlList (org.apache.jackrabbit.api.security.JackrabbitAccessControlList)1
PrivilegeManager (org.apache.jackrabbit.api.security.authorization.PrivilegeManager)1
AbstractSecurityTest (org.apache.jackrabbit.oak.AbstractSecurityTest)1
Root (org.apache.jackrabbit.oak.api.Root)1
L4_PrivilegesAndPermissionsTest (org.apache.jackrabbit.oak.exercise.security.authorization.permission.L4_PrivilegesAndPermissionsTest)1
L7_PermissionContentTest (org.apache.jackrabbit.oak.exercise.security.authorization.permission.L7_PermissionContentTest)1
TypePredicate (org.apache.jackrabbit.oak.plugins.nodetype.TypePredicate)1
AuthorizationConfiguration (org.apache.jackrabbit.oak.spi.security.authorization.AuthorizationConfiguration)1
AggregatedPermissionProvider (org.apache.jackrabbit.oak.spi.security.authorization.permission.AggregatedPermissionProvider)1
PermissionProvider (org.apache.jackrabbit.oak.spi.security.authorization.permission.PermissionProvider)1
RestrictionProvider (org.apache.jackrabbit.oak.spi.security.authorization.restriction.RestrictionProvider)1
PrivilegeConfiguration (org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeConfiguration)1
DefaultNodeStateDiff (org.apache.jackrabbit.oak.spi.state.DefaultNodeStateDiff)1
