use of org.apache.jackrabbit.oak.util.NodeUtil in project jackrabbit-oak by apache.
the class AccessControlManagerImplTest method testGetEffectivePoliciesByPrincipal.
@Test
public void testGetEffectivePoliciesByPrincipal() throws Exception {
// no ACLs containing entries for the specified principals
// -> no effective policies expected
Set<Set<Principal>> principalSets = new HashSet<Set<Principal>>();
principalSets.add(Collections.singleton(testPrincipal));
principalSets.add(Collections.<Principal>singleton(EveryonePrincipal.getInstance()));
principalSets.add(ImmutableSet.of(testPrincipal, EveryonePrincipal.getInstance()));
for (Set<Principal> principals : principalSets) {
AccessControlPolicy[] policies = acMgr.getEffectivePolicies(principals);
assertNotNull(policies);
assertEquals(0, policies.length);
}
setupPolicy(testPath);
// changes not yet persisted -> no effecitve policies found for testprincipal
for (Set<Principal> principals : principalSets) {
AccessControlPolicy[] policies = acMgr.getEffectivePolicies(principals);
assertNotNull(policies);
assertEquals(0, policies.length);
}
root.commit();
// after persisting changes -> the policy must be found
for (Set<Principal> principals : principalSets) {
AccessControlPolicy[] policies = acMgr.getEffectivePolicies(principals);
assertNotNull(policies);
if (principals.contains(testPrincipal)) {
assertEquals(1, policies.length);
} else {
assertEquals(0, policies.length);
}
}
NodeUtil child = new NodeUtil(root.getTree(testPath)).addChild("child", JcrConstants.NT_UNSTRUCTURED);
String childPath = child.getTree().getPath();
setupPolicy(childPath);
// changes not yet persisted -> no effecitve policies found for testprincipal
for (Set<Principal> principals : principalSets) {
AccessControlPolicy[] policies = acMgr.getEffectivePolicies(principals);
assertNotNull(policies);
if (principals.contains(testPrincipal)) {
assertEquals(1, policies.length);
} else {
assertEquals(0, policies.length);
}
}
root.commit();
// after persisting changes -> the policy must be found
for (Set<Principal> principals : principalSets) {
AccessControlPolicy[] policies = acMgr.getEffectivePolicies(principals);
assertNotNull(policies);
if (principals.contains(testPrincipal)) {
assertEquals(2, policies.length);
} else {
assertEquals(0, policies.length);
}
}
}
use of org.apache.jackrabbit.oak.util.NodeUtil in project jackrabbit-oak by apache.
the class AccessControlManagerImplTest method testEffectiveSorting.
@Test
public void testEffectiveSorting() throws Exception {
Set<Principal> principalSet = ImmutableSet.of(testPrincipal, EveryonePrincipal.getInstance());
ACL nullPathPolicy = null;
try {
// 1. policy at 'testPath'
ACL policy = getApplicablePolicy(testPath);
policy.addEntry(testPrincipal, testPrivileges, true, getGlobRestriction("*"));
policy.addEntry(testPrincipal, privilegesFromNames(PrivilegeConstants.JCR_VERSION_MANAGEMENT), false);
policy.addEntry(EveryonePrincipal.getInstance(), privilegesFromNames(PrivilegeConstants.JCR_LIFECYCLE_MANAGEMENT), false);
acMgr.setPolicy(testPath, policy);
// 2. policy at child node
NodeUtil child = new NodeUtil(root.getTree(testPath)).addChild("child", JcrConstants.NT_UNSTRUCTURED);
String childPath = child.getTree().getPath();
setupPolicy(childPath);
// 3. policy for null-path
nullPathPolicy = getApplicablePolicy(null);
assertNotNull(nullPathPolicy);
nullPathPolicy.addEntry(testPrincipal, privilegesFromNames(PrivilegeConstants.REP_PRIVILEGE_MANAGEMENT), true);
acMgr.setPolicy(null, nullPathPolicy);
root.commit();
AccessControlPolicy[] effectivePolicies = acMgr.getEffectivePolicies(principalSet);
assertEquals(3, effectivePolicies.length);
assertNull(((JackrabbitAccessControlPolicy) effectivePolicies[0]).getPath());
assertEquals(testPath, ((JackrabbitAccessControlPolicy) effectivePolicies[1]).getPath());
assertEquals(childPath, ((JackrabbitAccessControlPolicy) effectivePolicies[2]).getPath());
} finally {
if (nullPathPolicy != null) {
acMgr.removePolicy(null, nullPathPolicy);
root.commit();
}
}
}
use of org.apache.jackrabbit.oak.util.NodeUtil in project jackrabbit-oak by apache.
the class PermissionHookTest method testReorderAndAddAce.
@Test
public void testReorderAndAddAce() throws Exception {
Tree entry = getEntry(testPrincipal, testPath, 0);
assertIndex(0, entry);
Tree aclTree = root.getTree(testPath + "/rep:policy");
// reorder
aclTree.getChildren().iterator().next().orderBefore(null);
// add a new entry
NodeUtil ace = new NodeUtil(aclTree).addChild("denyEveryoneLockMgt", NT_REP_DENY_ACE);
ace.setString(REP_PRINCIPAL_NAME, EveryonePrincipal.NAME);
ace.setNames(AccessControlConstants.REP_PRIVILEGES, JCR_LOCK_MANAGEMENT);
root.commit();
entry = getEntry(testPrincipal, testPath, 1);
assertIndex(1, entry);
}
use of org.apache.jackrabbit.oak.util.NodeUtil in project jackrabbit-oak by apache.
the class PermissionHookTest method before.
@Override
@Before
public void before() throws Exception {
super.before();
testPrincipal = getTestUser().getPrincipal();
NodeUtil rootNode = new NodeUtil(root.getTree("/"), namePathMapper);
NodeUtil testNode = rootNode.addChild("testPath", JcrConstants.NT_UNSTRUCTURED);
testNode.addChild("childNode", JcrConstants.NT_UNSTRUCTURED);
AccessControlManager acMgr = getAccessControlManager(root);
JackrabbitAccessControlList acl = AccessControlUtils.getAccessControlList(acMgr, testPath);
acl.addAccessControlEntry(testPrincipal, privilegesFromNames(JCR_ADD_CHILD_NODES));
acl.addAccessControlEntry(EveryonePrincipal.getInstance(), privilegesFromNames(JCR_READ));
acMgr.setPolicy(testPath, acl);
root.commit();
bitsProvider = new PrivilegeBitsProvider(root);
}
use of org.apache.jackrabbit.oak.util.NodeUtil in project jackrabbit-oak by apache.
the class PermissionHookTest method testModifyRestrictions.
@Test
public void testModifyRestrictions() throws Exception {
Tree testAce = root.getTree(testPath + "/rep:policy").getChildren().iterator().next();
assertEquals(testPrincipal.getName(), testAce.getProperty(REP_PRINCIPAL_NAME).getValue(Type.STRING));
// add a new restriction node through the OAK API instead of access control manager
NodeUtil node = new NodeUtil(testAce);
NodeUtil restrictions = node.addChild(REP_RESTRICTIONS, NT_REP_RESTRICTIONS);
restrictions.setString(REP_GLOB, "*");
String restrictionsPath = restrictions.getTree().getPath();
root.commit();
Tree principalRoot = getPrincipalRoot(testPrincipal);
assertEquals(2, cntEntries(principalRoot));
Tree parent = principalRoot.getChildren().iterator().next();
assertEquals("*", parent.getChildren().iterator().next().getProperty(REP_GLOB).getValue(Type.STRING));
// modify the restrictions node
Tree restrictionsNode = root.getTree(restrictionsPath);
restrictionsNode.setProperty(REP_GLOB, "/*/jcr:content/*");
root.commit();
principalRoot = getPrincipalRoot(testPrincipal);
assertEquals(2, cntEntries(principalRoot));
parent = principalRoot.getChildren().iterator().next();
assertEquals("/*/jcr:content/*", parent.getChildren().iterator().next().getProperty(REP_GLOB).getValue(Type.STRING));
// remove the restriction again
root.getTree(restrictionsPath).remove();
root.commit();
principalRoot = getPrincipalRoot(testPrincipal);
assertEquals(2, cntEntries(principalRoot));
parent = principalRoot.getChildren().iterator().next();
assertNull(parent.getChildren().iterator().next().getProperty(REP_GLOB));
}
Aggregations