use of org.apache.jackrabbit.oak.util.NodeUtil in project jackrabbit-oak by apache.
the class PermissionHookTest method testReorderAndAddAce.
@Test
public void testReorderAndAddAce() throws Exception {
Tree entry = getEntry(testPrincipal, testPath, 0);
assertIndex(0, entry);
Tree aclTree = root.getTree(testPath + "/rep:policy");
// reorder
aclTree.getChildren().iterator().next().orderBefore(null);
// add a new entry
NodeUtil ace = new NodeUtil(aclTree).addChild("denyEveryoneLockMgt", NT_REP_DENY_ACE);
ace.setString(REP_PRINCIPAL_NAME, EveryonePrincipal.NAME);
ace.setNames(AccessControlConstants.REP_PRIVILEGES, JCR_LOCK_MANAGEMENT);
root.commit();
entry = getEntry(testPrincipal, testPath, 1);
assertIndex(1, entry);
}
use of org.apache.jackrabbit.oak.util.NodeUtil in project jackrabbit-oak by apache.
the class PermissionHookTest method before.
@Override
@Before
public void before() throws Exception {
super.before();
testPrincipal = getTestUser().getPrincipal();
NodeUtil rootNode = new NodeUtil(root.getTree("/"), namePathMapper);
NodeUtil testNode = rootNode.addChild("testPath", JcrConstants.NT_UNSTRUCTURED);
testNode.addChild("childNode", JcrConstants.NT_UNSTRUCTURED);
AccessControlManager acMgr = getAccessControlManager(root);
JackrabbitAccessControlList acl = AccessControlUtils.getAccessControlList(acMgr, testPath);
acl.addAccessControlEntry(testPrincipal, privilegesFromNames(JCR_ADD_CHILD_NODES));
acl.addAccessControlEntry(EveryonePrincipal.getInstance(), privilegesFromNames(JCR_READ));
acMgr.setPolicy(testPath, acl);
root.commit();
bitsProvider = new PrivilegeBitsProvider(root);
}
use of org.apache.jackrabbit.oak.util.NodeUtil in project jackrabbit-oak by apache.
the class PermissionHookTest method testModifyRestrictions.
@Test
public void testModifyRestrictions() throws Exception {
Tree testAce = root.getTree(testPath + "/rep:policy").getChildren().iterator().next();
assertEquals(testPrincipal.getName(), testAce.getProperty(REP_PRINCIPAL_NAME).getValue(Type.STRING));
// add a new restriction node through the OAK API instead of access control manager
NodeUtil node = new NodeUtil(testAce);
NodeUtil restrictions = node.addChild(REP_RESTRICTIONS, NT_REP_RESTRICTIONS);
restrictions.setString(REP_GLOB, "*");
String restrictionsPath = restrictions.getTree().getPath();
root.commit();
Tree principalRoot = getPrincipalRoot(testPrincipal);
assertEquals(2, cntEntries(principalRoot));
Tree parent = principalRoot.getChildren().iterator().next();
assertEquals("*", parent.getChildren().iterator().next().getProperty(REP_GLOB).getValue(Type.STRING));
// modify the restrictions node
Tree restrictionsNode = root.getTree(restrictionsPath);
restrictionsNode.setProperty(REP_GLOB, "/*/jcr:content/*");
root.commit();
principalRoot = getPrincipalRoot(testPrincipal);
assertEquals(2, cntEntries(principalRoot));
parent = principalRoot.getChildren().iterator().next();
assertEquals("/*/jcr:content/*", parent.getChildren().iterator().next().getProperty(REP_GLOB).getValue(Type.STRING));
// remove the restriction again
root.getTree(restrictionsPath).remove();
root.commit();
principalRoot = getPrincipalRoot(testPrincipal);
assertEquals(2, cntEntries(principalRoot));
parent = principalRoot.getChildren().iterator().next();
assertNull(parent.getChildren().iterator().next().getProperty(REP_GLOB));
}
use of org.apache.jackrabbit.oak.util.NodeUtil in project jackrabbit-oak by apache.
the class TreePermissionImplTest method testCanReadProperties2.
@Test
public void testCanReadProperties2() throws Exception {
AccessControlManager acMgr = getAccessControlManager(root);
JackrabbitAccessControlList acl = AccessControlUtils.getAccessControlList(acMgr, "/test");
acl.addEntry(getTestUser().getPrincipal(), privilegesFromNames(PrivilegeConstants.JCR_READ), true);
acMgr.setPolicy("/test", acl);
root.commit();
Tree policyTree = root.getTree("/test/rep:policy");
NodeUtil ace = new NodeUtil(policyTree).addChild("ace2", NT_REP_DENY_ACE);
ace.setNames(REP_PRIVILEGES, PrivilegeConstants.REP_READ_PROPERTIES);
ace.setString(REP_PRINCIPAL_NAME, getTestUser().getPrincipal().getName());
root.commit();
TreePermission tp = getTreePermission("/test");
assertFalse(tp.canReadProperties());
assertTrue(tp.canRead());
assertFalse(tp.canReadProperties());
}
use of org.apache.jackrabbit.oak.util.NodeUtil in project jackrabbit-oak by apache.
the class AbstractRestrictionProviderTest method getAceTree.
private Tree getAceTree(Restriction... restrictions) throws Exception {
NodeUtil rootNode = new NodeUtil(root.getTree("/"));
NodeUtil tmp = rootNode.addChild("testRoot", JcrConstants.NT_UNSTRUCTURED);
Tree ace = tmp.addChild("rep:policy", NT_REP_ACL).addChild("ace0", NT_REP_GRANT_ACE).getTree();
restrictionProvider.writeRestrictions(tmp.getTree().getPath(), ace, ImmutableSet.copyOf(restrictions));
return ace;
}
Aggregations