use of org.pentaho.platform.api.repository2.unified.RepositoryFileAcl in project pentaho-platform by pentaho.
the class DefaultUnifiedRepositoryAuthorizationIT method testStopThenStartInheriting.
@Test
public void testStopThenStartInheriting() throws Exception {
loginAsSysTenantAdmin();
ITenant tenantAcme = tenantManager.createTenant(systemTenant, TENANT_ID_ACME, tenantAdminRoleName, tenantAuthenticatedRoleName, ANONYMOUS_ROLE_NAME);
userRoleDao.createUser(tenantAcme, USERNAME_ADMIN, PASSWORD, "", new String[] { tenantAdminRoleName });
login(USERNAME_ADMIN, tenantAcme, new String[] { tenantAdminRoleName, tenantAuthenticatedRoleName });
userRoleDao.createUser(tenantAcme, USERNAME_TIFFANY, PASSWORD, "", null);
login(USERNAME_TIFFANY, tenantAcme, new String[] { tenantAuthenticatedRoleName });
RepositoryFile tiffanyHomeFolder = repo.getFile(ClientRepositoryPaths.getUserHomeFolderPath(USERNAME_TIFFANY));
RepositoryFile testFolder = repo.createFolder(tiffanyHomeFolder.getId(), new RepositoryFile.Builder("test").folder(true).build(), null);
RepositoryFileAcl acl = repo.getAcl(testFolder.getId());
RepositoryFileAcl updatedAcl = new RepositoryFileAcl.Builder(acl).entriesInheriting(false).build();
updatedAcl = repo.updateAcl(updatedAcl);
assertFalse(updatedAcl.isEntriesInheriting());
updatedAcl = new RepositoryFileAcl.Builder(updatedAcl).entriesInheriting(true).build();
updatedAcl = repo.updateAcl(updatedAcl);
assertTrue(updatedAcl.isEntriesInheriting());
}
use of org.pentaho.platform.api.repository2.unified.RepositoryFileAcl in project pentaho-platform by pentaho.
the class DefaultUnifiedRepositoryAuthorizationIT method testGetAclOnlyVersion.
/**
* While they may be filtered from the version history, we still must be able to fetch acl-only changes.
*/
@Test
public void testGetAclOnlyVersion() throws Exception {
loginAsSysTenantAdmin();
ITenant tenantAcme = tenantManager.createTenant(systemTenant, TENANT_ID_ACME, tenantAdminRoleName, tenantAuthenticatedRoleName, ANONYMOUS_ROLE_NAME);
userRoleDao.createUser(tenantAcme, USERNAME_ADMIN, PASSWORD, "", new String[] { tenantAdminRoleName });
userRoleDao.createUser(tenantAcme, USERNAME_SUZY, PASSWORD, "", null);
login(USERNAME_SUZY, tenantAcme, new String[] { tenantAuthenticatedRoleName });
login(USERNAME_ADMIN, tenantAcme, new String[] { tenantAdminRoleName, tenantAuthenticatedRoleName });
defaultBackingRepositoryLifecycleManager.newTenant();
final String fileName = "helloworld.sample";
RepositoryFile newFile = createSampleFile(ClientRepositoryPaths.getUserHomeFolderPath(USERNAME_SUZY), fileName, "blah", false, 123, true);
assertEquals(1, repo.getVersionSummaries(newFile.getId()).size());
RepositoryFileAcl acl = repo.getAcl(newFile.getId());
// no change; just want to create a new version
RepositoryFileAcl updatedAcl = new RepositoryFileAcl.Builder(acl).build();
repo.updateAcl(updatedAcl);
assertEquals(2, repo.getVersionSummaries(newFile.getId()).size());
assertNotNull(repo.getVersionSummary(newFile.getId(), "1.1"));
}
use of org.pentaho.platform.api.repository2.unified.RepositoryFileAcl in project pentaho-platform by pentaho.
the class DefaultUnifiedRepositoryAuthorizationIT method testUpdatingPermissionWhenNoGrantPermissionOnFile.
/**
* Tests Updating the ACL when no GRANT_PERMISSION is assigned
*/
@Test
public void testUpdatingPermissionWhenNoGrantPermissionOnFile() throws Exception {
loginAsSysTenantAdmin();
ITenant tenantAcme = tenantManager.createTenant(systemTenant, TENANT_ID_ACME, tenantAdminRoleName, tenantAuthenticatedRoleName, ANONYMOUS_ROLE_NAME);
userRoleDao.createUser(tenantAcme, USERNAME_ADMIN, PASSWORD, "", new String[] { tenantAdminRoleName });
login(USERNAME_ADMIN, tenantAcme, new String[] { tenantAdminRoleName, tenantAuthenticatedRoleName });
userRoleDao.createUser(tenantAcme, USERNAME_SUZY, PASSWORD, "", new String[] { tenantAuthenticatedRoleName });
userRoleDao.createUser(tenantAcme, USERNAME_TIFFANY, PASSWORD, "", new String[] { tenantAuthenticatedRoleName });
defaultBackingRepositoryLifecycleManager.newTenant();
RepositoryFile parentFolder = repo.getFile(ClientRepositoryPaths.getUserHomeFolderPath(PentahoSessionHolder.getSession().getName()));
RepositoryFile newFolder = new RepositoryFile.Builder("test").folder(true).versioned(true).build();
newFolder = repo.createFolder(parentFolder.getId(), newFolder, null);
RepositoryFileAcl acls = repo.getAcl(newFolder.getId());
RepositoryFileAcl.Builder newAclBuilder = new RepositoryFileAcl.Builder(acls);
newAclBuilder.entriesInheriting(false).ace(userNameUtils.getPrincipleId(tenantAcme, USERNAME_TIFFANY), RepositoryFileSid.Type.USER, RepositoryFilePermission.READ);
repo.updateAcl(newAclBuilder.build());
login(USERNAME_TIFFANY, tenantAcme, new String[] { tenantAuthenticatedRoleName });
RepositoryFileAcl newAcl = repo.getAcl(newFolder.getId());
RepositoryFileAcl.Builder anotherNewAclBuilder = new RepositoryFileAcl.Builder(newAcl);
anotherNewAclBuilder.ace(new RepositoryFileSid(userNameUtils.getPrincipleId(tenantAcme, tenantAuthenticatedRoleName), RepositoryFileSid.Type.ROLE), RepositoryFilePermission.READ, RepositoryFilePermission.WRITE, RepositoryFilePermission.DELETE);
try {
repo.updateAcl(anotherNewAclBuilder.build());
fail();
} catch (UnifiedRepositoryException e) {
assertNotNull(e);
}
}
use of org.pentaho.platform.api.repository2.unified.RepositoryFileAcl in project pentaho-platform by pentaho.
the class DefaultUnifiedRepositoryAuthorizationIT method testCreateFolderWithAcl.
@Test
public void testCreateFolderWithAcl() throws Exception {
loginAsSysTenantAdmin();
ITenant tenantAcme = tenantManager.createTenant(systemTenant, TENANT_ID_ACME, tenantAdminRoleName, tenantAuthenticatedRoleName, ANONYMOUS_ROLE_NAME);
userRoleDao.createUser(tenantAcme, USERNAME_ADMIN, PASSWORD, "", new String[] { tenantAdminRoleName });
login(USERNAME_ADMIN, tenantAcme, new String[] { tenantAdminRoleName, tenantAuthenticatedRoleName });
userRoleDao.createUser(tenantAcme, USERNAME_SUZY, PASSWORD, "", null);
login(USERNAME_SUZY, tenantAcme, new String[] { tenantAuthenticatedRoleName });
RepositoryFile parentFolder = repo.getFile(ClientRepositoryPaths.getUserHomeFolderPath(PentahoSessionHolder.getSession().getName()));
RepositoryFile newFolder = new RepositoryFile.Builder("test").folder(true).versioned(true).build();
RepositoryFileSid tiffanySid = new RepositoryFileSid(userNameUtils.getPrincipleId(tenantAcme, USERNAME_TIFFANY));
RepositoryFileSid suzySid = new RepositoryFileSid(userNameUtils.getPrincipleId(tenantAcme, USERNAME_SUZY));
// tiffany owns it but suzy is creating it
RepositoryFileAcl.Builder aclBuilder = new RepositoryFileAcl.Builder(tiffanySid);
// need this to be able to fetch acl as suzy
aclBuilder.ace(suzySid, RepositoryFilePermission.READ);
newFolder = repo.createFolder(parentFolder.getId(), newFolder, aclBuilder.build(), null);
RepositoryFileAcl fetchedAcl = repo.getAcl(newFolder.getId());
assertEquals(new RepositoryFileSid(USERNAME_TIFFANY), fetchedAcl.getOwner());
assertLocalAceExists(newFolder, new RepositoryFileSid(USERNAME_SUZY), EnumSet.of(RepositoryFilePermission.READ));
}
use of org.pentaho.platform.api.repository2.unified.RepositoryFileAcl in project pentaho-platform by pentaho.
the class DefaultUnifiedRepositoryAuthorizationIT method testWriteWhenNoWritePermissionOnFile.
/**
* Tests deleting a file when no delete permission is given to the role
*/
@Test
public void testWriteWhenNoWritePermissionOnFile() throws Exception {
loginAsSysTenantAdmin();
ITenant tenantAcme = tenantManager.createTenant(systemTenant, TENANT_ID_ACME, tenantAdminRoleName, tenantAuthenticatedRoleName, ANONYMOUS_ROLE_NAME);
userRoleDao.createUser(tenantAcme, USERNAME_ADMIN, PASSWORD, "", new String[] { tenantAdminRoleName });
login(USERNAME_ADMIN, tenantAcme, new String[] { tenantAdminRoleName, tenantAuthenticatedRoleName });
defaultBackingRepositoryLifecycleManager.newTenant();
RepositoryFile publicFolderFile = createSampleFile(repo.getFile(ClientRepositoryPaths.getUserHomeFolderPath(PentahoSessionHolder.getSession().getName())).getPath(), "helloworld.sample", "ddfdf", false, 83);
RepositoryFileAcl publicFolderFileAcl = new RepositoryFileAcl.Builder(publicFolderFile.getId(), userNameUtils.getPrincipleId(tenantAcme, USERNAME_ADMIN), RepositoryFileSid.Type.USER).entriesInheriting(false).ace(new RepositoryFileSid(roleNameUtils.getPrincipleId(tenantAcme, tenantAuthenticatedRoleName), RepositoryFileSid.Type.ROLE), RepositoryFilePermission.READ).build();
repo.updateAcl(publicFolderFileAcl);
userRoleDao.createUser(tenantAcme, USERNAME_SUZY, PASSWORD, "", new String[] { tenantAuthenticatedRoleName });
login(USERNAME_SUZY, tenantAcme, new String[] { tenantAuthenticatedRoleName });
final String modSampleString = "Ciao World!";
final boolean modSampleBoolean = true;
final int modSampleInteger = 99;
final SampleRepositoryFileData modContent = new SampleRepositoryFileData(modSampleString, modSampleBoolean, modSampleInteger);
try {
repo.updateFile(publicFolderFile, modContent, null);
fail();
} catch (UnifiedRepositoryException e) {
assertNotNull(e);
}
login(USERNAME_ADMIN, tenantAcme, new String[] { tenantAdminRoleName, tenantAuthenticatedRoleName });
try {
repo.updateFile(publicFolderFile, modContent, null);
assertTrue(true);
} catch (UnifiedRepositoryException e) {
fail();
}
}
Aggregations