Search in sources :

Example 1 with NodeUtil

use of org.apache.jackrabbit.oak.util.NodeUtil in project jackrabbit-oak by apache.

the class PermissionHookTest method testReorderAndAddAce.

@Test
public void testReorderAndAddAce() throws Exception {
    Tree entry = getEntry(testPrincipal, testPath, 0);
    assertIndex(0, entry);
    Tree aclTree = root.getTree(testPath + "/rep:policy");
    // reorder
    aclTree.getChildren().iterator().next().orderBefore(null);
    // add a new entry
    NodeUtil ace = new NodeUtil(aclTree).addChild("denyEveryoneLockMgt", NT_REP_DENY_ACE);
    ace.setString(REP_PRINCIPAL_NAME, EveryonePrincipal.NAME);
    ace.setNames(AccessControlConstants.REP_PRIVILEGES, JCR_LOCK_MANAGEMENT);
    root.commit();
    entry = getEntry(testPrincipal, testPath, 1);
    assertIndex(1, entry);
}
Also used : Tree(org.apache.jackrabbit.oak.api.Tree) NodeUtil(org.apache.jackrabbit.oak.util.NodeUtil) AbstractSecurityTest(org.apache.jackrabbit.oak.AbstractSecurityTest) Test(org.junit.Test)

Example 2 with NodeUtil

use of org.apache.jackrabbit.oak.util.NodeUtil in project jackrabbit-oak by apache.

the class PermissionHookTest method before.

@Override
@Before
public void before() throws Exception {
    super.before();
    testPrincipal = getTestUser().getPrincipal();
    NodeUtil rootNode = new NodeUtil(root.getTree("/"), namePathMapper);
    NodeUtil testNode = rootNode.addChild("testPath", JcrConstants.NT_UNSTRUCTURED);
    testNode.addChild("childNode", JcrConstants.NT_UNSTRUCTURED);
    AccessControlManager acMgr = getAccessControlManager(root);
    JackrabbitAccessControlList acl = AccessControlUtils.getAccessControlList(acMgr, testPath);
    acl.addAccessControlEntry(testPrincipal, privilegesFromNames(JCR_ADD_CHILD_NODES));
    acl.addAccessControlEntry(EveryonePrincipal.getInstance(), privilegesFromNames(JCR_READ));
    acMgr.setPolicy(testPath, acl);
    root.commit();
    bitsProvider = new PrivilegeBitsProvider(root);
}
Also used : AccessControlManager(javax.jcr.security.AccessControlManager) PrivilegeBitsProvider(org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeBitsProvider) JackrabbitAccessControlList(org.apache.jackrabbit.api.security.JackrabbitAccessControlList) NodeUtil(org.apache.jackrabbit.oak.util.NodeUtil) Before(org.junit.Before)

Example 3 with NodeUtil

use of org.apache.jackrabbit.oak.util.NodeUtil in project jackrabbit-oak by apache.

the class PermissionHookTest method testModifyRestrictions.

@Test
public void testModifyRestrictions() throws Exception {
    Tree testAce = root.getTree(testPath + "/rep:policy").getChildren().iterator().next();
    assertEquals(testPrincipal.getName(), testAce.getProperty(REP_PRINCIPAL_NAME).getValue(Type.STRING));
    // add a new restriction node through the OAK API instead of access control manager
    NodeUtil node = new NodeUtil(testAce);
    NodeUtil restrictions = node.addChild(REP_RESTRICTIONS, NT_REP_RESTRICTIONS);
    restrictions.setString(REP_GLOB, "*");
    String restrictionsPath = restrictions.getTree().getPath();
    root.commit();
    Tree principalRoot = getPrincipalRoot(testPrincipal);
    assertEquals(2, cntEntries(principalRoot));
    Tree parent = principalRoot.getChildren().iterator().next();
    assertEquals("*", parent.getChildren().iterator().next().getProperty(REP_GLOB).getValue(Type.STRING));
    // modify the restrictions node
    Tree restrictionsNode = root.getTree(restrictionsPath);
    restrictionsNode.setProperty(REP_GLOB, "/*/jcr:content/*");
    root.commit();
    principalRoot = getPrincipalRoot(testPrincipal);
    assertEquals(2, cntEntries(principalRoot));
    parent = principalRoot.getChildren().iterator().next();
    assertEquals("/*/jcr:content/*", parent.getChildren().iterator().next().getProperty(REP_GLOB).getValue(Type.STRING));
    // remove the restriction again
    root.getTree(restrictionsPath).remove();
    root.commit();
    principalRoot = getPrincipalRoot(testPrincipal);
    assertEquals(2, cntEntries(principalRoot));
    parent = principalRoot.getChildren().iterator().next();
    assertNull(parent.getChildren().iterator().next().getProperty(REP_GLOB));
}
Also used : Tree(org.apache.jackrabbit.oak.api.Tree) NodeUtil(org.apache.jackrabbit.oak.util.NodeUtil) AbstractSecurityTest(org.apache.jackrabbit.oak.AbstractSecurityTest) Test(org.junit.Test)

Example 4 with NodeUtil

use of org.apache.jackrabbit.oak.util.NodeUtil in project jackrabbit-oak by apache.

the class TreePermissionImplTest method testCanReadProperties2.

@Test
public void testCanReadProperties2() throws Exception {
    AccessControlManager acMgr = getAccessControlManager(root);
    JackrabbitAccessControlList acl = AccessControlUtils.getAccessControlList(acMgr, "/test");
    acl.addEntry(getTestUser().getPrincipal(), privilegesFromNames(PrivilegeConstants.JCR_READ), true);
    acMgr.setPolicy("/test", acl);
    root.commit();
    Tree policyTree = root.getTree("/test/rep:policy");
    NodeUtil ace = new NodeUtil(policyTree).addChild("ace2", NT_REP_DENY_ACE);
    ace.setNames(REP_PRIVILEGES, PrivilegeConstants.REP_READ_PROPERTIES);
    ace.setString(REP_PRINCIPAL_NAME, getTestUser().getPrincipal().getName());
    root.commit();
    TreePermission tp = getTreePermission("/test");
    assertFalse(tp.canReadProperties());
    assertTrue(tp.canRead());
    assertFalse(tp.canReadProperties());
}
Also used : AccessControlManager(javax.jcr.security.AccessControlManager) Tree(org.apache.jackrabbit.oak.api.Tree) TreePermission(org.apache.jackrabbit.oak.spi.security.authorization.permission.TreePermission) JackrabbitAccessControlList(org.apache.jackrabbit.api.security.JackrabbitAccessControlList) NodeUtil(org.apache.jackrabbit.oak.util.NodeUtil) AbstractSecurityTest(org.apache.jackrabbit.oak.AbstractSecurityTest) Test(org.junit.Test)

Example 5 with NodeUtil

use of org.apache.jackrabbit.oak.util.NodeUtil in project jackrabbit-oak by apache.

the class AbstractRestrictionProviderTest method getAceTree.

private Tree getAceTree(Restriction... restrictions) throws Exception {
    NodeUtil rootNode = new NodeUtil(root.getTree("/"));
    NodeUtil tmp = rootNode.addChild("testRoot", JcrConstants.NT_UNSTRUCTURED);
    Tree ace = tmp.addChild("rep:policy", NT_REP_ACL).addChild("ace0", NT_REP_GRANT_ACE).getTree();
    restrictionProvider.writeRestrictions(tmp.getTree().getPath(), ace, ImmutableSet.copyOf(restrictions));
    return ace;
}
Also used : Tree(org.apache.jackrabbit.oak.api.Tree) NodeUtil(org.apache.jackrabbit.oak.util.NodeUtil)

Aggregations

NodeUtil (org.apache.jackrabbit.oak.util.NodeUtil)183 Test (org.junit.Test)149 AbstractSecurityTest (org.apache.jackrabbit.oak.AbstractSecurityTest)74 Tree (org.apache.jackrabbit.oak.api.Tree)67 CommitFailedException (org.apache.jackrabbit.oak.api.CommitFailedException)59 Root (org.apache.jackrabbit.oak.api.Root)28 AccessControlPolicy (javax.jcr.security.AccessControlPolicy)14 Before (org.junit.Before)14 JackrabbitAccessControlPolicy (org.apache.jackrabbit.api.security.JackrabbitAccessControlPolicy)13 TokenInfo (org.apache.jackrabbit.oak.spi.security.authentication.token.TokenInfo)13 AccessControlManager (javax.jcr.security.AccessControlManager)12 Principal (java.security.Principal)10 EveryonePrincipal (org.apache.jackrabbit.oak.spi.security.principal.EveryonePrincipal)8 AccessControlException (javax.jcr.security.AccessControlException)7 JackrabbitAccessControlList (org.apache.jackrabbit.api.security.JackrabbitAccessControlList)7 JackrabbitAccessControlManager (org.apache.jackrabbit.api.security.JackrabbitAccessControlManager)6 Authorizable (org.apache.jackrabbit.api.security.user.Authorizable)6 Privilege (javax.jcr.security.Privilege)5 Restriction (org.apache.jackrabbit.oak.spi.security.authorization.restriction.Restriction)5 AccessControlList (javax.jcr.security.AccessControlList)4