Search in sources :

Example 96 with NodeUtil

use of org.apache.jackrabbit.oak.util.NodeUtil in project jackrabbit-oak by apache.

the class ExternalIdentityValidatorTest method testAddExternalPrincipalNames.

@Test
public void testAddExternalPrincipalNames() throws Exception {
    Tree userTree = root.getTree(testUserPath);
    NodeUtil userNode = new NodeUtil(userTree);
    try {
        userNode.setStrings(ExternalIdentityConstants.REP_EXTERNAL_PRINCIPAL_NAMES, "principalName");
        root.commit();
        fail("Creating rep:externalPrincipalNames must be detected.");
    } catch (CommitFailedException e) {
        // success
        assertEquals(70, e.getCode());
    } finally {
        root.refresh();
    }
}
Also used : Tree(org.apache.jackrabbit.oak.api.Tree) CommitFailedException(org.apache.jackrabbit.oak.api.CommitFailedException) NodeUtil(org.apache.jackrabbit.oak.util.NodeUtil) Test(org.junit.Test)

Example 97 with NodeUtil

use of org.apache.jackrabbit.oak.util.NodeUtil in project jackrabbit-oak by apache.

the class ValidatorNotDynamicTest method testRemoveRepExternalIdAsSystem.

@Override
@Test
public void testRemoveRepExternalIdAsSystem() throws Exception {
    Root systemRoot = getSystemRoot();
    NodeUtil n = new NodeUtil(systemRoot.getTree(externalUserPath));
    n.removeProperty(ExternalIdentityConstants.REP_EXTERNAL_ID);
    systemRoot.commit();
}
Also used : Root(org.apache.jackrabbit.oak.api.Root) NodeUtil(org.apache.jackrabbit.oak.util.NodeUtil) Test(org.junit.Test)

Example 98 with NodeUtil

use of org.apache.jackrabbit.oak.util.NodeUtil in project jackrabbit-oak by apache.

the class ExternalIdentityValidatorTest method testRemoveExternalPrincipalNamesAsSystem.

@Test
public void testRemoveExternalPrincipalNamesAsSystem() throws Exception {
    Root systemRoot = getSystemRoot();
    NodeUtil n = new NodeUtil(systemRoot.getTree(externalUserPath));
    // removal with system root must succeed
    n.removeProperty(ExternalIdentityConstants.REP_EXTERNAL_PRINCIPAL_NAMES);
    systemRoot.commit();
}
Also used : Root(org.apache.jackrabbit.oak.api.Root) NodeUtil(org.apache.jackrabbit.oak.util.NodeUtil) Test(org.junit.Test)

Example 99 with NodeUtil

use of org.apache.jackrabbit.oak.util.NodeUtil in project jackrabbit-oak by apache.

the class ExternalIdentityValidatorTest method testAddExternalPrincipalNamesAsSystemMissingExternalId.

@Test
public void testAddExternalPrincipalNamesAsSystemMissingExternalId() throws Exception {
    Root systemRoot = getSystemRoot();
    try {
        NodeUtil n = new NodeUtil(systemRoot.getTree(testUserPath));
        n.setStrings(ExternalIdentityConstants.REP_EXTERNAL_PRINCIPAL_NAMES, "principalName");
        systemRoot.commit();
        fail("Creating rep:externalPrincipalNames without rep:externalId must be detected.");
    } catch (CommitFailedException e) {
        // success
        assertEquals(72, e.getCode());
    } finally {
        systemRoot.refresh();
    }
}
Also used : Root(org.apache.jackrabbit.oak.api.Root) CommitFailedException(org.apache.jackrabbit.oak.api.CommitFailedException) NodeUtil(org.apache.jackrabbit.oak.util.NodeUtil) Test(org.junit.Test)

Example 100 with NodeUtil

use of org.apache.jackrabbit.oak.util.NodeUtil in project jackrabbit-oak by apache.

the class CugPermissionProviderTest method testGetTreePermissions.

//--------------------------------------------------< getTreePermission >---
/**
     * @see PermissionProvider#getTreePermission(org.apache.jackrabbit.oak.api.Tree, org.apache.jackrabbit.oak.spi.security.authorization.permission.TreePermission)
     */
@Test
public void testGetTreePermissions() throws AccessDeniedException {
    TreePermission rootTp = cugPermProvider.getTreePermission(root.getTree("/"), TreePermission.EMPTY);
    assertTrue(rootTp instanceof EmptyCugTreePermission);
    TreePermission contentTp = cugPermProvider.getTreePermission(root.getTree(SUPPORTED_PATH), rootTp);
    assertTrue(contentTp instanceof CugTreePermission);
    TreePermission aTp = cugPermProvider.getTreePermission(root.getTree("/content/a"), contentTp);
    assertTrue(aTp instanceof CugTreePermission);
    TreePermission bTp = cugPermProvider.getTreePermission(root.getTree("/content/a/b"), aTp);
    assertTrue(bTp instanceof CugTreePermission);
    TreePermission cTp = cugPermProvider.getTreePermission(root.getTree("/content/a/b/c"), bTp);
    assertTrue(cTp instanceof CugTreePermission);
    TreePermission aaTp = cugPermProvider.getTreePermission(root.getTree("/content/aa"), contentTp);
    assertTrue(aaTp instanceof CugTreePermission);
    TreePermission bbTp = cugPermProvider.getTreePermission(root.getTree("/content/aa/bb"), aaTp);
    assertTrue(bbTp instanceof CugTreePermission);
    TreePermission ccTp = cugPermProvider.getTreePermission(root.getTree("/content/aa/bb/cc"), bbTp);
    assertTrue(ccTp instanceof CugTreePermission);
    // false cug-policy node (wrong nt)
    Tree aaTree = root.getTree("/content/aa");
    new NodeUtil(aaTree).addChild(CugConstants.REP_CUG_POLICY, NT_OAK_UNSTRUCTURED);
    TreePermission aaTp2 = cugPermProvider.getTreePermission(root.getTree("/content/aa"), contentTp);
    assertTrue(aaTp2 instanceof CugTreePermission);
    TreePermission falseCugTp = cugPermProvider.getTreePermission(root.getTree("/content/aa/rep:cugPolicy"), aaTp2);
    assertNotSame(TreePermission.EMPTY, falseCugTp);
    // cug content
    TreePermission cugTp = cugPermProvider.getTreePermission(root.getTree("/content/a/rep:cugPolicy"), aTp);
    assertSame(TreePermission.NO_RECOURSE, cugTp);
    // jcr:system special case
    TreePermission jcrSystemTp = cugPermProvider.getTreePermission(root.getTree("/jcr:system"), rootTp);
    assertTrue(jcrSystemTp instanceof EmptyCugTreePermission);
    // paths that may not contain cugs anyway
    assertSame(TreePermission.NO_RECOURSE, cugPermProvider.getTreePermission(root.getTree(NodeTypeConstants.NODE_TYPES_PATH), jcrSystemTp));
    TreePermission unsupportedPathTp = cugPermProvider.getTreePermission(root.getTree(UNSUPPORTED_PATH), rootTp);
    assertSame(TreePermission.NO_RECOURSE, unsupportedPathTp);
    try {
        cugPermProvider.getTreePermission(root.getTree(UNSUPPORTED_PATH + "/child"), unsupportedPathTp);
        fail();
    } catch (IllegalStateException e) {
    // success
    }
}
Also used : Tree(org.apache.jackrabbit.oak.api.Tree) TreePermission(org.apache.jackrabbit.oak.spi.security.authorization.permission.TreePermission) NodeUtil(org.apache.jackrabbit.oak.util.NodeUtil) Test(org.junit.Test)

Aggregations

NodeUtil (org.apache.jackrabbit.oak.util.NodeUtil)183 Test (org.junit.Test)149 AbstractSecurityTest (org.apache.jackrabbit.oak.AbstractSecurityTest)74 Tree (org.apache.jackrabbit.oak.api.Tree)67 CommitFailedException (org.apache.jackrabbit.oak.api.CommitFailedException)59 Root (org.apache.jackrabbit.oak.api.Root)28 AccessControlPolicy (javax.jcr.security.AccessControlPolicy)14 Before (org.junit.Before)14 JackrabbitAccessControlPolicy (org.apache.jackrabbit.api.security.JackrabbitAccessControlPolicy)13 TokenInfo (org.apache.jackrabbit.oak.spi.security.authentication.token.TokenInfo)13 AccessControlManager (javax.jcr.security.AccessControlManager)12 Principal (java.security.Principal)10 EveryonePrincipal (org.apache.jackrabbit.oak.spi.security.principal.EveryonePrincipal)8 AccessControlException (javax.jcr.security.AccessControlException)7 JackrabbitAccessControlList (org.apache.jackrabbit.api.security.JackrabbitAccessControlList)7 JackrabbitAccessControlManager (org.apache.jackrabbit.api.security.JackrabbitAccessControlManager)6 Authorizable (org.apache.jackrabbit.api.security.user.Authorizable)6 Privilege (javax.jcr.security.Privilege)5 Restriction (org.apache.jackrabbit.oak.spi.security.authorization.restriction.Restriction)5 AccessControlList (javax.jcr.security.AccessControlList)4