Modified: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionHookTest.java URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionHookTest.java?rev=1792852&r1=1792851&r2=1792852&view=diff ============================================================================== --- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionHookTest.java (original) +++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionHookTest.java Thu Apr 27 08:53:56 2017 @@ -22,6 +22,7 @@ import java.util.Iterator; import java.util.List; import java.util.Set; +import javax.annotation.Nonnull; import javax.jcr.RepositoryException; import javax.jcr.security.AccessControlEntry; import javax.jcr.security.AccessControlManager; @@ -31,13 +32,13 @@ import org.apache.jackrabbit.JcrConstant import org.apache.jackrabbit.api.security.JackrabbitAccessControlList; import org.apache.jackrabbit.api.security.user.Group; import org.apache.jackrabbit.commons.jackrabbit.authorization.AccessControlUtils; +import org.apache.jackrabbit.oak.AbstractSecurityTest; import org.apache.jackrabbit.oak.api.ContentSession; import org.apache.jackrabbit.oak.api.PropertyState; import org.apache.jackrabbit.oak.api.Root; import org.apache.jackrabbit.oak.api.Tree; import org.apache.jackrabbit.oak.api.Type; import org.apache.jackrabbit.oak.spi.security.authorization.AuthorizationConfiguration; -import org.apache.jackrabbit.oak.spi.security.authorization.accesscontrol.AbstractAccessControlTest; import org.apache.jackrabbit.oak.spi.security.authorization.accesscontrol.AccessControlConstants; import org.apache.jackrabbit.oak.spi.security.authorization.permission.PermissionConstants; import org.apache.jackrabbit.oak.spi.security.authorization.permission.PermissionProvider; @@ -59,12 +60,12 @@ import static org.junit.Assert.fail; /** * Testing the {@code PermissionHook} */ -public class PermissionHookTest extends AbstractAccessControlTest implements AccessControlConstants, PermissionConstants, PrivilegeConstants { +public class PermissionHookTest extends AbstractSecurityTest implements AccessControlConstants, PermissionConstants, PrivilegeConstants { protected String testPath = "/testPath"; protected String childPath = "/testPath/childNode"; - protected String testPrincipalName; + protected Principal testPrincipal; protected PrivilegeBitsProvider bitsProvider; protected List<Principal> principals = new ArrayList<Principal>(); @@ -73,7 +74,7 @@ public class PermissionHookTest extends public void before() throws Exception { super.before(); - Principal testPrincipal = getTestPrincipal(); + testPrincipal = getTestUser().getPrincipal(); NodeUtil rootNode = new NodeUtil(root.getTree("/"), namePathMapper); NodeUtil testNode = rootNode.addChild("testPath", JcrConstants.NT_UNSTRUCTURED); testNode.addChild("childNode", JcrConstants.NT_UNSTRUCTURED); @@ -85,7 +86,6 @@ public class PermissionHookTest extends acMgr.setPolicy(testPath, acl); root.commit(); - testPrincipalName = testPrincipal.getName(); bitsProvider = new PrivilegeBitsProvider(root); } @@ -108,12 +108,12 @@ public class PermissionHookTest extends } } - protected Tree getPrincipalRoot(String principalName) { - return root.getTree(PERMISSIONS_STORE_PATH).getChild(adminSession.getWorkspaceName()).getChild(principalName); + protected Tree getPrincipalRoot(@Nonnull Principal principal) { + return root.getTree(PERMISSIONS_STORE_PATH).getChild(adminSession.getWorkspaceName()).getChild(principal.getName()); } - protected Tree getEntry(String principalName, String accessControlledPath, long index) throws Exception { - Tree principalRoot = getPrincipalRoot(principalName); + protected Tree getEntry(@Nonnull Principal principal, String accessControlledPath, long index) throws Exception { + Tree principalRoot = getPrincipalRoot(principal); Tree parent = principalRoot.getChild(PermissionUtil.getEntryName(accessControlledPath)); Tree entry = parent.getChild(String.valueOf(index)); if (!entry.exists()) { @@ -147,7 +147,7 @@ public class PermissionHookTest extends @Test public void testModifyRestrictions() throws Exception { Tree testAce = root.getTree(testPath + "/rep:policy").getChildren().iterator().next(); - assertEquals(testPrincipalName, testAce.getProperty(REP_PRINCIPAL_NAME).getValue(Type.STRING)); + assertEquals(testPrincipal.getName(), testAce.getProperty(REP_PRINCIPAL_NAME).getValue(Type.STRING)); // add a new restriction node through the OAK API instead of access control manager NodeUtil node = new NodeUtil(testAce); @@ -156,7 +156,7 @@ public class PermissionHookTest extends String restrictionsPath = restrictions.getTree().getPath(); root.commit(); - Tree principalRoot = getPrincipalRoot(testPrincipalName); + Tree principalRoot = getPrincipalRoot(testPrincipal); assertEquals(2, cntEntries(principalRoot)); Tree parent = principalRoot.getChildren().iterator().next(); assertEquals("*", parent.getChildren().iterator().next().getProperty(REP_GLOB).getValue(Type.STRING)); @@ -166,7 +166,7 @@ public class PermissionHookTest extends restrictionsNode.setProperty(REP_GLOB, "/*/jcr:content/*"); root.commit(); - principalRoot = getPrincipalRoot(testPrincipalName); + principalRoot = getPrincipalRoot(testPrincipal); assertEquals(2, cntEntries(principalRoot)); parent = principalRoot.getChildren().iterator().next(); assertEquals("/*/jcr:content/*", parent.getChildren().iterator().next().getProperty(REP_GLOB).getValue(Type.STRING)); @@ -175,7 +175,7 @@ public class PermissionHookTest extends root.getTree(restrictionsPath).remove(); root.commit(); - principalRoot = getPrincipalRoot(testPrincipalName); + principalRoot = getPrincipalRoot(testPrincipal); assertEquals(2, cntEntries(principalRoot)); parent = principalRoot.getChildren().iterator().next(); assertNull(parent.getChildren().iterator().next().getProperty(REP_GLOB)); @@ -183,7 +183,7 @@ public class PermissionHookTest extends @Test public void testReorderAce() throws Exception { - Tree entry = getEntry(testPrincipalName, testPath, 0); + Tree entry = getEntry(testPrincipal, testPath, 0); assertIndex(0, entry); Tree aclTree = root.getTree(testPath + "/rep:policy"); @@ -191,13 +191,13 @@ public class PermissionHookTest extends root.commit(); - entry = getEntry(testPrincipalName, testPath, 1); + entry = getEntry(testPrincipal, testPath, 1); assertIndex(1, entry); } @Test public void testReorderAndAddAce() throws Exception { - Tree entry = getEntry(testPrincipalName, testPath, 0); + Tree entry = getEntry(testPrincipal, testPath, 0); assertIndex(0, entry); Tree aclTree = root.getTree(testPath + "/rep:policy"); @@ -210,13 +210,13 @@ public class PermissionHookTest extends ace.setNames(AccessControlConstants.REP_PRIVILEGES, JCR_LOCK_MANAGEMENT); root.commit(); - entry = getEntry(testPrincipalName, testPath, 1); + entry = getEntry(testPrincipal, testPath, 1); assertIndex(1, entry); } @Test public void testReorderAddAndRemoveAces() throws Exception { - Tree entry = getEntry(testPrincipalName, testPath, 0); + Tree entry = getEntry(testPrincipal, testPath, 0); assertIndex(0, entry); Tree aclTree = root.getTree(testPath + "/rep:policy"); @@ -240,7 +240,7 @@ public class PermissionHookTest extends root.commit(); - entry = getEntry(testPrincipalName, testPath, 1); + entry = getEntry(testPrincipal, testPath, 1); assertIndex(1, entry); } @@ -270,10 +270,10 @@ public class PermissionHookTest extends acMgr.setPolicy(testPath, acl); root.commit(); - Tree entry = getEntry(principals.get(2).getName(), testPath, 1); + Tree entry = getEntry(principals.get(2), testPath, 1); assertIndex(1, entry); - entry = getEntry(principals.get(1).getName(), testPath, 2); + entry = getEntry(principals.get(1), testPath, 2); assertIndex(2, entry); } @@ -302,15 +302,15 @@ public class PermissionHookTest extends acMgr.setPolicy(testPath, acl); root.commit(); - Tree entry = getEntry(EveryonePrincipal.NAME, testPath, 1); + Tree entry = getEntry(EveryonePrincipal.getInstance(), testPath, 1); assertIndex(1, entry); - entry = getEntry(principals.get(2).getName(), testPath, 3); + entry = getEntry(principals.get(2), testPath, 3); assertIndex(3, entry); - for (String pName : new String[]{testPrincipalName, principals.get(0).getName()}) { + for (Principal p : new Principal[]{testPrincipal, principals.get(0)}) { try { - getEntry(pName, testPath, 0); + getEntry(p, testPath, 0); fail(); } catch (RepositoryException e) { // success @@ -322,7 +322,7 @@ public class PermissionHookTest extends public void testImplicitAceRemoval() throws Exception { AccessControlManager acMgr = getAccessControlManager(root); JackrabbitAccessControlList acl = AccessControlUtils.getAccessControlList(acMgr, testPath); - acl.addAccessControlEntry(getTestPrincipal(), privilegesFromNames(JCR_READ, REP_WRITE)); + acl.addAccessControlEntry(testPrincipal, privilegesFromNames(JCR_READ, REP_WRITE)); acMgr.setPolicy(testPath, acl); acl = AccessControlUtils.getAccessControlList(acMgr, childPath); @@ -332,7 +332,7 @@ public class PermissionHookTest extends assertTrue(root.getTree(childPath + "/rep:policy").exists()); - Tree principalRoot = getPrincipalRoot(EveryonePrincipal.NAME); + Tree principalRoot = getPrincipalRoot(EveryonePrincipal.getInstance()); assertEquals(4, cntEntries(principalRoot)); ContentSession testSession = createTestSession(); @@ -350,7 +350,7 @@ public class PermissionHookTest extends assertFalse(root.getTree(childPath + "/rep:policy").exists()); // aces must be removed in the permission store even if the editing // session wasn't able to access them. - principalRoot = getPrincipalRoot(EveryonePrincipal.NAME); + principalRoot = getPrincipalRoot(EveryonePrincipal.getInstance()); assertEquals(2, cntEntries(principalRoot)); } @@ -369,7 +369,7 @@ public class PermissionHookTest extends // verify that the permission store contains an entry for everyone at childPath // and the privilegeBits for jcr:all are reflect with a placeholder value. - Tree allEntry = getEntry(EveryonePrincipal.NAME, childPath, 0); + Tree allEntry = getEntry(EveryonePrincipal.getInstance(), childPath, 0); assertTrue(allEntry.exists()); PropertyState ps = allEntry.getProperty(PermissionConstants.REP_PRIVILEGE_BITS); assertEquals(1, ps.count()); @@ -401,7 +401,7 @@ public class PermissionHookTest extends root.commit(); // verify that the corresponding permission entry has been removed. - Tree everyoneRoot = getPrincipalRoot(EveryonePrincipal.NAME); + Tree everyoneRoot = getPrincipalRoot(EveryonePrincipal.getInstance()); Tree parent = everyoneRoot.getChild(PermissionUtil.getEntryName(childPath)); if (parent.exists()) { assertFalse(parent.getChild("0").exists());
Modified: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/restriction/RestrictionProviderImplTest.java URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/restriction/RestrictionProviderImplTest.java?rev=1792852&r1=1792851&r2=1792852&view=diff ============================================================================== --- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/restriction/RestrictionProviderImplTest.java (original) +++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/restriction/RestrictionProviderImplTest.java Thu Apr 27 08:53:56 2017 @@ -27,11 +27,11 @@ import com.google.common.collect.Immutab import org.apache.jackrabbit.JcrConstants; import org.apache.jackrabbit.api.security.JackrabbitAccessControlList; import org.apache.jackrabbit.commons.jackrabbit.authorization.AccessControlUtils; +import org.apache.jackrabbit.oak.AbstractSecurityTest; import org.apache.jackrabbit.oak.api.PropertyState; import org.apache.jackrabbit.oak.api.Tree; import org.apache.jackrabbit.oak.api.Type; import org.apache.jackrabbit.oak.plugins.memory.PropertyStates; -import org.apache.jackrabbit.oak.spi.security.authorization.accesscontrol.AbstractAccessControlTest; import org.apache.jackrabbit.oak.spi.security.authorization.accesscontrol.AccessControlConstants; import org.apache.jackrabbit.oak.spi.security.authorization.restriction.CompositePattern; import org.apache.jackrabbit.oak.spi.security.authorization.restriction.RestrictionDefinition; @@ -51,7 +51,7 @@ import static org.junit.Assert.fail; /** * Tests for {@link RestrictionProviderImpl} */ -public class RestrictionProviderImplTest extends AbstractAccessControlTest implements AccessControlConstants { +public class RestrictionProviderImplTest extends AbstractSecurityTest implements AccessControlConstants { private RestrictionProviderImpl provider; @@ -184,7 +184,7 @@ public class RestrictionProviderImplTest "*********************"); for (String glob : globs) { JackrabbitAccessControlList acl = AccessControlUtils.getAccessControlList(acMgr, path); - acl.addEntry(getTestPrincipal(), + acl.addEntry(getTestUser().getPrincipal(), AccessControlUtils.privilegesFromNames(acMgr, PrivilegeConstants.JCR_READ), true, Collections.singletonMap(REP_GLOB, getValueFactory().createValue(glob))); acMgr.setPolicy(path, acl); Modified: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/accesscontrol/ACETest.java URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/accesscontrol/ACETest.java?rev=1792852&r1=1792851&r2=1792852&view=diff ============================================================================== --- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/accesscontrol/ACETest.java (original) +++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/accesscontrol/ACETest.java Thu Apr 27 08:53:56 2017 @@ -16,34 +16,29 @@ */ package org.apache.jackrabbit.oak.spi.security.authorization.accesscontrol; -import java.security.Principal; -import java.util.ArrayList; -import java.util.Arrays; -import java.util.Collections; -import java.util.HashMap; -import java.util.List; -import java.util.Map; import java.util.Set; import javax.jcr.PropertyType; import javax.jcr.RepositoryException; import javax.jcr.Value; import javax.jcr.ValueFactory; import javax.jcr.ValueFormatException; -import javax.jcr.security.AccessControlEntry; import javax.jcr.security.AccessControlException; -import javax.jcr.security.AccessControlManager; import javax.jcr.security.Privilege; +import com.google.common.collect.ImmutableList; import com.google.common.collect.ImmutableSet; -import com.google.common.collect.Lists; import org.apache.jackrabbit.api.security.JackrabbitAccessControlEntry; -import org.apache.jackrabbit.commons.jackrabbit.authorization.AccessControlUtils; +import org.apache.jackrabbit.oak.api.Root; +import org.apache.jackrabbit.oak.plugins.memory.PropertyStates; import org.apache.jackrabbit.oak.plugins.value.jcr.ValueFactoryImpl; import org.apache.jackrabbit.oak.spi.security.authorization.restriction.Restriction; +import org.apache.jackrabbit.oak.spi.security.authorization.restriction.RestrictionImpl; +import org.apache.jackrabbit.oak.spi.security.principal.EveryonePrincipal; import org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeBits; import org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeConstants; import org.junit.Before; import org.junit.Test; +import org.mockito.Mockito; import static org.junit.Assert.assertArrayEquals; import static org.junit.Assert.assertEquals; @@ -59,25 +54,13 @@ import static org.junit.Assert.fail; */ public class ACETest extends AbstractAccessControlTest { - private Principal testPrincipal; - private AccessControlManager acMgr; - private Value globValue; private Value[] nameValues; private Value nameValue; - @Override @Before public void before() throws Exception { - super.before(); - - acMgr = getAccessControlManager(root); - testPrincipal = new Principal() { - public String getName() { - return "TestPrincipal"; - } - }; - ValueFactory valueFactory = new ValueFactoryImpl(root, namePathMapper); + ValueFactory valueFactory = new ValueFactoryImpl(Mockito.mock(Root.class), getNamePathMapper()); globValue = valueFactory.createValue("*"); nameValue = valueFactory.createValue("nt:file", PropertyType.NAME); nameValues = new Value[] { @@ -86,100 +69,69 @@ public class ACETest extends AbstractAcc }; } - private ACE createEntry(String... privilegeNames) - throws RepositoryException { - return createEntry(testPrincipal, true, null, privilegeNames); - } - - private ACE createEntry(String[] privilegeNames, boolean isAllow) - throws RepositoryException { - return createEntry(testPrincipal, isAllow, null, privilegeNames); + private ACE createEntry(Restriction... restrictions) throws Exception { + return createEntry(testPrincipal, PrivilegeBits.BUILT_IN.get(PrivilegeConstants.JCR_READ), true, restrictions); } - private ACE createEntry(Set<Restriction> restrictions) throws Exception { - return createEntry(testPrincipal, true, restrictions, PrivilegeConstants.JCR_READ); + private Restriction createRestriction(String name, String value) throws Exception { + return new RestrictionImpl(PropertyStates.createProperty(name, value), false); } private Restriction createRestriction(String name, Value value) throws Exception { - return getRestrictionProvider().createRestriction("/a/b/c", name, value); + return new RestrictionImpl(PropertyStates.createProperty(name, value), false); } private Restriction createRestriction(String name, Value[] values) throws Exception { - return getRestrictionProvider().createRestriction("/a/b/c", name, values); + return new RestrictionImpl(PropertyStates.createProperty(name, ImmutableList.copyOf(values)), false); } @Test public void testIsAllow() throws RepositoryException { - ACE ace = createEntry(new String[]{PrivilegeConstants.JCR_READ}, true); + ACE ace = createEntry(true, PrivilegeConstants.JCR_READ); assertTrue(ace.isAllow()); - ace = createEntry(new String[]{PrivilegeConstants.JCR_READ}, false); + ace = createEntry(false, PrivilegeConstants.JCR_READ); assertFalse(ace.isAllow()); } @Test public void testGetPrincipal() throws RepositoryException { - ACE tmpl = createEntry(new String[]{PrivilegeConstants.JCR_READ}, true); + ACE tmpl = createEntry(true, PrivilegeConstants.JCR_READ); assertNotNull(tmpl.getPrincipal()); assertEquals(testPrincipal.getName(), tmpl.getPrincipal().getName()); assertSame(testPrincipal, tmpl.getPrincipal()); } - @Test + @Test(expected = AccessControlException.class) public void testNullPrincipal() throws Exception { - try { - Privilege[] privs = new Privilege[]{ - acMgr.privilegeFromName(PrivilegeConstants.JCR_ALL) - }; - createEntry(null, privs, true); - fail("Principal must not be null"); - } catch (AccessControlException e) { - // success - } + createEntry(null, PrivilegeBits.BUILT_IN.get(PrivilegeConstants.JCR_READ), true); } - @Test - public void testGetPrivileges() throws RepositoryException { - ACE entry = createEntry(new String[]{PrivilegeConstants.JCR_READ}, true); - - Privilege[] privs = entry.getPrivileges(); - assertNotNull(privs); - assertEquals(1, privs.length); - assertEquals(privs[0], acMgr.privilegeFromName(PrivilegeConstants.JCR_READ)); - - entry = createEntry(new String[]{PrivilegeConstants.REP_WRITE}, true); - privs = entry.getPrivileges(); - assertNotNull(privs); - assertEquals(1, privs.length); - assertEquals(privs[0], acMgr.privilegeFromName(PrivilegeConstants.REP_WRITE)); - - entry = createEntry(new String[]{PrivilegeConstants.JCR_ADD_CHILD_NODES, - PrivilegeConstants.JCR_REMOVE_CHILD_NODES}, true); - privs = entry.getPrivileges(); - assertNotNull(privs); - assertEquals(2, privs.length); + @Test(expected = AccessControlException.class) + public void testNullPrivilegeBits() throws Exception { + createEntry(testPrincipal, (PrivilegeBits) null, true); + } - Privilege[] expected = AccessControlUtils.privilegesFromNames(acMgr, - PrivilegeConstants.JCR_ADD_CHILD_NODES, - PrivilegeConstants.JCR_REMOVE_CHILD_NODES); - assertEquals(ImmutableSet.copyOf(expected), ImmutableSet.copyOf(privs)); + @Test(expected = AccessControlException.class) + public void testEmptyPrivilegeBits() throws Exception { + createEntry(testPrincipal, PrivilegeBits.EMPTY, true); } @Test public void testGetPrivilegeBits() throws RepositoryException { - ACE entry = createEntry(new String[]{PrivilegeConstants.JCR_READ}, true); + ACE entry = createEntry(true, PrivilegeConstants.JCR_READ); PrivilegeBits bits = entry.getPrivilegeBits(); assertNotNull(bits); - assertEquals(bits, getBitsProvider().getBits(PrivilegeConstants.JCR_READ)); + assertEquals(PrivilegeBits.BUILT_IN.get(PrivilegeConstants.JCR_READ), bits); - entry = createEntry(new String[]{PrivilegeConstants.REP_WRITE}, true); + entry = createEntry(true, PrivilegeConstants.REP_WRITE); bits = entry.getPrivilegeBits(); assertNotNull(bits); - assertEquals(bits, getBitsProvider().getBits(PrivilegeConstants.REP_WRITE)); + assertEquals(PrivilegeBits.BUILT_IN.get(PrivilegeConstants.REP_WRITE), bits); - entry = createEntry(new String[]{PrivilegeConstants.JCR_ADD_CHILD_NODES, - PrivilegeConstants.JCR_REMOVE_CHILD_NODES}, true); + entry = createEntry(true, PrivilegeConstants.JCR_ADD_CHILD_NODES, + PrivilegeConstants.JCR_REMOVE_CHILD_NODES); bits = entry.getPrivilegeBits(); assertNotNull(bits); @@ -192,7 +144,7 @@ public class ACETest extends AbstractAcc @Test public void testNullPrivileges() throws Exception { try { - ACE empty = new EmptyACE(null); + new EmptyACE(null); fail("Privileges must not be null"); } catch (AccessControlException e) { // success @@ -202,7 +154,7 @@ public class ACETest extends AbstractAcc @Test public void testEmptyPrivileges() throws Exception { try { - ACE empty = new EmptyACE(PrivilegeBits.EMPTY); + new EmptyACE(PrivilegeBits.EMPTY); fail("Privileges must not be empty."); } catch (AccessControlException e) { // success @@ -210,54 +162,9 @@ public class ACETest extends AbstractAcc } @Test - public void testRedundantPrivileges() throws Exception { - ACE ace = createEntry(PrivilegeConstants.JCR_READ, PrivilegeConstants.JCR_READ); - assertEquals(getBitsProvider().getBits(PrivilegeConstants.JCR_READ), ace.getPrivilegeBits()); - } - - /** - * @since oak 1.0 ACE doesn't validate privileges. - */ - @Test - public void testUnknownPrivilege() throws Exception { - Privilege invalidPriv = new Privilege() { - public String getName() { - return ""; - } - - public boolean isAbstract() { - return false; - } - - public boolean isAggregate() { - return false; - } - - public Privilege[] getDeclaredAggregatePrivileges() { - return new Privilege[0]; - } - - public Privilege[] getAggregatePrivileges() { - return new Privilege[0]; - } - }; - Privilege[] privs = new Privilege[]{invalidPriv, acMgr.privilegeFromName(PrivilegeConstants.JCR_READ)}; - ACE entry = createEntry(testPrincipal, privs, true); - assertEquals(getBitsProvider().getBits(PrivilegeConstants.JCR_READ), entry.getPrivilegeBits()); - } - - @Test - public void testAggregatePrivileges() throws Exception { - ACE ace = createEntry(PrivilegeConstants.REP_READ_NODES, PrivilegeConstants.REP_READ_PROPERTIES); - - assertEquals(getBitsProvider().getBits(PrivilegeConstants.JCR_READ), ace.getPrivilegeBits()); - assertArrayEquals(privilegesFromNames(PrivilegeConstants.JCR_READ), ace.getPrivileges()); - } - - @Test public void testGetRestrictionNames() throws Exception { // empty restrictions - String[] restrictionNames = createEntry(Collections.<Restriction>emptySet()).getRestrictionNames(); + String[] restrictionNames = createEntry().getRestrictionNames(); assertNotNull(restrictionNames); assertEquals(0, restrictionNames.length); @@ -265,18 +172,18 @@ public class ACETest extends AbstractAcc Restriction nameRestr = createRestriction(AccessControlConstants.REP_NT_NAMES, nameValues); // single restriction - restrictionNames = createEntry(ImmutableSet.of(globRestr)).getRestrictionNames(); + restrictionNames = createEntry(globRestr).getRestrictionNames(); assertEquals(1, restrictionNames.length); // 2 restrictions - restrictionNames = createEntry(ImmutableSet.of(globRestr, nameRestr)).getRestrictionNames(); + restrictionNames = createEntry(globRestr, nameRestr).getRestrictionNames(); assertEquals(2, restrictionNames.length); } @Test public void testGetRestrictionForEmpty() throws Exception { // empty restrictions - Value val = createEntry(Collections.<Restriction>emptySet()).getRestriction(AccessControlConstants.REP_GLOB); + Value val = createEntry().getRestriction(AccessControlConstants.REP_GLOB); assertNull(val); } @@ -284,7 +191,7 @@ public class ACETest extends AbstractAcc public void testGetNonExistingRestriction() throws Exception { // single valued restriction Restriction globRestr = createRestriction(AccessControlConstants.REP_GLOB, globValue); - ACE ace = createEntry(ImmutableSet.of(globRestr)); + ACE ace = createEntry(globRestr); assertNull(ace.getRestriction(AccessControlConstants.REP_NT_NAMES)); } @@ -292,7 +199,7 @@ public class ACETest extends AbstractAcc public void testGetRestrictionForSingleValued() throws Exception { // single valued restriction Restriction globRestr = createRestriction(AccessControlConstants.REP_GLOB, globValue); - ACE ace = createEntry(ImmutableSet.of(globRestr)); + ACE ace = createEntry(globRestr); Value val = ace.getRestriction(AccessControlConstants.REP_GLOB); assertNotNull(val); assertEquals(globValue, val); @@ -301,17 +208,12 @@ public class ACETest extends AbstractAcc /** * @since OAK 1.0: support for multi-value restrictions */ - @Test + @Test(expected = ValueFormatException.class) public void testGetRestrictionForMultiValued() throws Exception { // multivalued restriction Restriction nameRestr = createRestriction(AccessControlConstants.REP_NT_NAMES, nameValues); - ACE ace = createEntry(ImmutableSet.of(nameRestr)); - try { - ace.getRestriction(AccessControlConstants.REP_NT_NAMES); - fail("Multiple restriction values"); - } catch (ValueFormatException e) { - // success - } + ACE ace = createEntry(nameRestr); + ace.getRestriction(AccessControlConstants.REP_NT_NAMES); } /** @@ -322,7 +224,7 @@ public class ACETest extends AbstractAcc // single value restriction stored in multi-value property Restriction singleNameRestr = createRestriction(AccessControlConstants.REP_NT_NAMES, new Value[] {nameValue}); - ACE ace = createEntry(ImmutableSet.of(singleNameRestr)); + ACE ace = createEntry(singleNameRestr); Value val = ace.getRestriction(AccessControlConstants.REP_NT_NAMES); assertEquals(nameValue, val); } @@ -333,7 +235,7 @@ public class ACETest extends AbstractAcc @Test public void testGetEmptyRestrictions() throws Exception { // empty restrictions - Value[] vs = createEntry(Collections.<Restriction>emptySet()).getRestrictions(AccessControlConstants.REP_GLOB); + Value[] vs = createEntry().getRestrictions(AccessControlConstants.REP_GLOB); assertNull(vs); } @@ -343,7 +245,7 @@ public class ACETest extends AbstractAcc @Test public void testGetNonExistingRestrictions() throws Exception { Restriction nameRestr = createRestriction(AccessControlConstants.REP_NT_NAMES, nameValues); - ACE ace = createEntry(ImmutableSet.of(nameRestr)); + ACE ace = createEntry(nameRestr); assertNull(ace.getRestrictions(AccessControlConstants.REP_GLOB)); } @@ -354,7 +256,7 @@ public class ACETest extends AbstractAcc public void testGetRestrictionsForSingleValue() throws Exception { // single valued restriction Restriction globRestr = createRestriction(AccessControlConstants.REP_GLOB, globValue); - ACE ace = createEntry(ImmutableSet.of(globRestr)); + ACE ace = createEntry(globRestr); Value[] vs = ace.getRestrictions(AccessControlConstants.REP_GLOB); assertNotNull(vs); assertArrayEquals(new Value[] {globValue}, vs); @@ -367,7 +269,7 @@ public class ACETest extends AbstractAcc public void testGetRestrictionsForMultiValued() throws Exception { // multivalued restriction Restriction nameRestr = createRestriction(AccessControlConstants.REP_NT_NAMES, nameValues); - ACE ace = createEntry(ImmutableSet.of(nameRestr)); + ACE ace = createEntry(nameRestr); Value[] vs = ace.getRestrictions(AccessControlConstants.REP_NT_NAMES); assertEquals(2, vs.length); assertArrayEquals(nameValues, vs); @@ -380,7 +282,7 @@ public class ACETest extends AbstractAcc public void testGetRestrictionsForMultiValued2() throws Exception { // single value restriction stored in multi-value property Restriction singleNameRestr = createRestriction(AccessControlConstants.REP_NT_NAMES, new Value[]{nameValue}); - ACE ace = createEntry(ImmutableSet.of(singleNameRestr)); + ACE ace = createEntry(singleNameRestr); Value[] vs = ace.getRestrictions(AccessControlConstants.REP_NT_NAMES); assertEquals(1, vs.length); assertEquals(nameValue, vs[0]); @@ -392,225 +294,84 @@ public class ACETest extends AbstractAcc Restriction globRestr = createRestriction(AccessControlConstants.REP_GLOB, globValue); Set<Restriction> expected = ImmutableSet.of(nameRestr, globRestr); - ACE ace = createEntry(expected); + ACE ace = createEntry(nameRestr, globRestr); assertEquals(expected, ace.getRestrictions()); } @Test public void testGetRestrictionsNone() throws Exception { - ACE ace = createEntry(ImmutableSet.<Restriction>of()); + ACE ace = createEntry(testPrincipal, PrivilegeBits.BUILT_IN.get(PrivilegeConstants.JCR_READ), true); assertTrue(ace.getRestrictions().isEmpty()); } @Test - public void testEquals() throws RepositoryException { - - Map<AccessControlEntry, AccessControlEntry> equalAces = new HashMap<AccessControlEntry, AccessControlEntry>(); + public void testEqualsSameACE() throws Exception { + ACE ace = createEntry(testPrincipal, PrivilegeBits.BUILT_IN.get(PrivilegeConstants.JCR_READ), true); - ACE ace = createEntry(PrivilegeConstants.JCR_ALL); - // create same entry again - equalAces.put(ace, createEntry(PrivilegeConstants.JCR_ALL)); - - // create entry with declared aggregate privileges - Privilege[] declaredAllPrivs = acMgr.privilegeFromName(PrivilegeConstants.JCR_ALL).getDeclaredAggregatePrivileges(); - equalAces.put(ace, createEntry(testPrincipal, declaredAllPrivs, true)); - - // create entry with aggregate privileges - Privilege[] aggregateAllPrivs = acMgr.privilegeFromName(PrivilegeConstants.JCR_ALL).getAggregatePrivileges(); - equalAces.put(ace, createEntry(testPrincipal, aggregateAllPrivs, true)); - - // create entry with different privilege order - List<Privilege> reordered = new ArrayList<Privilege>(Arrays.asList(aggregateAllPrivs)); - reordered.add(reordered.remove(0)); - equalAces.put(createEntry(testPrincipal, reordered.toArray(new Privilege[reordered.size()]), true), - createEntry(testPrincipal, aggregateAllPrivs, true)); - - // even if entries are build with aggregated or declared aggregate privileges - equalAces.put(createEntry(testPrincipal, declaredAllPrivs, true), - createEntry(testPrincipal, aggregateAllPrivs, true)); - - for (AccessControlEntry entry : equalAces.keySet()) { - assertEquals(entry, equalAces.get(entry)); - } + assertTrue(ace.equals(ace)); } @Test - public void testEquals2() throws RepositoryException { - ACE ace = createEntry(PrivilegeConstants.JCR_ADD_CHILD_NODES, PrivilegeConstants.JCR_READ); - // priv array contains duplicates - ACE ace2 = createEntry(PrivilegeConstants.JCR_ADD_CHILD_NODES, PrivilegeConstants.JCR_ADD_CHILD_NODES, PrivilegeConstants.JCR_READ); + public void testEqualsACE() throws Exception { + ACE ace = createEntry(testPrincipal, PrivilegeBits.BUILT_IN.get(PrivilegeConstants.JCR_READ), true); + ACE ace2 = createEntry(testPrincipal, PrivilegeBits.BUILT_IN.get(PrivilegeConstants.JCR_READ), true); - assertEquals(ace, ace2); + assertTrue(ace.equals(ace2)); } @Test - public void testNotEquals() throws RepositoryException { - ACE ace = createEntry(new String[]{PrivilegeConstants.JCR_ALL}, true); - List<JackrabbitAccessControlEntry> otherAces = new ArrayList<JackrabbitAccessControlEntry>(); - - try { - // ACE template with different principal - Principal princ = new Principal() { - public String getName() { - return "a name"; - } - }; - Privilege[] privs = new Privilege[]{ - acMgr.privilegeFromName(PrivilegeConstants.JCR_ALL) - }; - otherAces.add(createEntry(princ, privs, true)); - } catch (RepositoryException e) { - } - - // ACE template with different privileges - try { - otherAces.add(createEntry(new String[]{PrivilegeConstants.JCR_READ}, true)); - } catch (RepositoryException e) { - } - // ACE template with different 'allow' flag - try { - otherAces.add(createEntry(new String[]{PrivilegeConstants.JCR_ALL}, false)); - } catch (RepositoryException e) { - } - // ACE template with different privileges and 'allows - try { - otherAces.add(createEntry(new String[]{PrivilegeConstants.REP_WRITE}, false)); - } catch (RepositoryException e) { - } + public void testEqualsOtherEntryImpl() throws Exception { + ACE ace = createEntry(testPrincipal, PrivilegeBits.BUILT_IN.get(PrivilegeConstants.JCR_READ), true); - // other ace impl - final Privilege[] privs = new Privilege[]{ - acMgr.privilegeFromName(PrivilegeConstants.JCR_ALL) - }; + assertFalse(ace.equals(Mockito.mock(JackrabbitAccessControlEntry.class))); + } - JackrabbitAccessControlEntry pe = new JackrabbitAccessControlEntry() { - public boolean isAllow() { - return true; - } - - public String[] getRestrictionNames() { - return new String[0]; - } - - public Value getRestriction(String restrictionName) { - return null; - } - - public Value[] getRestrictions(String restrictionName) { - return null; - } - - public Principal getPrincipal() { - return testPrincipal; - } - - public Privilege[] getPrivileges() { - return privs; - } - }; - otherAces.add(pe); + @Test + public void testEqualsDifferentAllow() throws Exception { + ACE ace = createEntry(testPrincipal, PrivilegeBits.BUILT_IN.get(PrivilegeConstants.JCR_READ), true); + ACE ace2 = createEntry(testPrincipal, PrivilegeBits.BUILT_IN.get(PrivilegeConstants.JCR_READ), false); - for (JackrabbitAccessControlEntry otherAce : otherAces) { - assertFalse(ace.equals(otherAce)); - } + assertFalse(ace.equals(ace2)); } @Test - public void testHashCode() throws RepositoryException { - JackrabbitAccessControlEntry ace = createEntry(PrivilegeConstants.JCR_ALL); - Privilege[] declaredAllPrivs = acMgr.privilegeFromName(PrivilegeConstants.JCR_ALL).getDeclaredAggregatePrivileges(); - Privilege[] aggregateAllPrivs = acMgr.privilegeFromName(PrivilegeConstants.JCR_ALL).getAggregatePrivileges(); - List<Privilege> l = Lists.newArrayList(aggregateAllPrivs); - l.add(l.remove(0)); - Privilege[] reordered = l.toArray(new Privilege[l.size()]); - - Map<AccessControlEntry, AccessControlEntry> equivalent = new HashMap<AccessControlEntry, AccessControlEntry>(); - // create same entry again - equivalent.put(ace, createEntry(PrivilegeConstants.JCR_ALL)); - // create entry with duplicate privs - equivalent.put(ace, createEntry(PrivilegeConstants.JCR_ALL, PrivilegeConstants.JCR_ALL)); - // create entry with declared aggregate privileges - equivalent.put(ace, createEntry(testPrincipal, declaredAllPrivs, true)); - // create entry with aggregate privileges - equivalent.put(ace, createEntry(testPrincipal, aggregateAllPrivs, true)); - // create entry with different privilege order - equivalent.put(ace, createEntry(testPrincipal, reordered, true)); - equivalent.put(createEntry(testPrincipal, declaredAllPrivs, true), - createEntry(testPrincipal, reordered, true)); - // even if entries are build with aggregated or declared aggregate privileges - equivalent.put(createEntry(testPrincipal, declaredAllPrivs, true), - createEntry(testPrincipal, aggregateAllPrivs, true)); - - for (AccessControlEntry entry : equivalent.keySet()) { - AccessControlEntry eqv = equivalent.get(entry); - assertEquals(entry.hashCode(), eqv.hashCode()); - } + public void testEqualsDifferentPrincipal() throws Exception { + ACE ace = createEntry(testPrincipal, PrivilegeBits.BUILT_IN.get(PrivilegeConstants.JCR_READ), true); + ACE ace2 = createEntry(EveryonePrincipal.getInstance(), PrivilegeBits.BUILT_IN.get(PrivilegeConstants.JCR_READ), true); + + assertFalse(ace.equals(ace2)); } @Test - public void testHashCode2() throws Exception { - JackrabbitAccessControlEntry ace = createEntry(new String[]{PrivilegeConstants.JCR_ALL}, true); - final Privilege[] privs = AccessControlUtils.privilegesFromNames(acMgr, PrivilegeConstants.JCR_ALL); - - // and the opposite: - List<JackrabbitAccessControlEntry> otherAces = new ArrayList<JackrabbitAccessControlEntry>(); - // ACE template with different principal - Principal princ = new Principal() { - public String getName() { - return "a name"; - } - }; - otherAces.add(createEntry(princ, privs, true)); + public void testEqualsDifferentPrivs() throws Exception { + ACE ace = createEntry(testPrincipal, PrivilegeBits.BUILT_IN.get(PrivilegeConstants.JCR_READ), true); + ACE ace2 = createEntry(testPrincipal, PrivilegeBits.BUILT_IN.get(PrivilegeConstants.JCR_ADD_CHILD_NODES), true); - // ACE template with different privileges - otherAces.add(createEntry(new String[]{PrivilegeConstants.JCR_READ}, true)); + assertFalse(ace.equals(ace2)); + } - // ACE template with different 'allow' flag - otherAces.add(createEntry(new String[]{PrivilegeConstants.JCR_ALL}, false)); + @Test + public void testEqualsDifferentRestrictions() throws Exception { + ACE ace = createEntry(testPrincipal, PrivilegeBits.BUILT_IN.get(PrivilegeConstants.JCR_READ), true, createRestriction("name2", "val")); + ACE ace2 = createEntry(testPrincipal, PrivilegeBits.BUILT_IN.get(PrivilegeConstants.JCR_READ), true, createRestriction("name", "val")); - // ACE template with different privileges and 'allows - otherAces.add(createEntry(new String[]{PrivilegeConstants.REP_WRITE}, false)); - - // other ace impl - JackrabbitAccessControlEntry pe = new JackrabbitAccessControlEntry() { - public boolean isAllow() { - return true; - } - - public String[] getRestrictionNames() { - return new String[0]; - } - - public Value getRestriction(String restrictionName) { - return null; - } - - public Value[] getRestrictions(String restrictionName) { - return null; - } - - public Principal getPrincipal() { - return testPrincipal; - } - - public Privilege[] getPrivileges() { - return privs; - } - }; - otherAces.add(pe); + assertFalse(ace.equals(ace2)); + } - for (JackrabbitAccessControlEntry otherAce : otherAces) { - assertFalse(ace.hashCode() == otherAce.hashCode()); - } + @Test + public void testEqualsDifferentRestrictionValue() throws Exception { + ACE ace = createEntry(testPrincipal, PrivilegeBits.BUILT_IN.get(PrivilegeConstants.JCR_READ), true, createRestriction("name", "val")); + ACE ace2 = createEntry(testPrincipal, PrivilegeBits.BUILT_IN.get(PrivilegeConstants.JCR_READ), true, createRestriction("name", "val2")); + assertFalse(ace.equals(ace2)); } private class EmptyACE extends ACE { public EmptyACE(PrivilegeBits privilegeBits) throws AccessControlException { - super(testPrincipal, privilegeBits, true, null, namePathMapper); + super(testPrincipal, privilegeBits, true, null, getNamePathMapper()); } @Override Modified: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/accesscontrol/AbstractAccessControlListTest.java URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/accesscontrol/AbstractAccessControlListTest.java?rev=1792852&r1=1792851&r2=1792852&view=diff ============================================================================== --- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/accesscontrol/AbstractAccessControlListTest.java (original) +++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/accesscontrol/AbstractAccessControlListTest.java Thu Apr 27 08:53:56 2017 @@ -20,31 +20,35 @@ import java.util.ArrayList; import java.util.Arrays; import java.util.Collections; import java.util.HashMap; -import java.util.HashSet; import java.util.List; import java.util.Map; import java.util.Set; - import javax.annotation.Nonnull; import javax.annotation.Nullable; import javax.jcr.PropertyType; import javax.jcr.RepositoryException; -import javax.jcr.security.Privilege; import com.google.common.collect.ImmutableList; +import com.google.common.collect.Lists; +import org.apache.jackrabbit.api.security.JackrabbitAccessControlEntry; +import org.apache.jackrabbit.oak.api.Tree; +import org.apache.jackrabbit.oak.api.Type; import org.apache.jackrabbit.oak.namepath.GlobalNameMapper; import org.apache.jackrabbit.oak.namepath.LocalNameMapper; import org.apache.jackrabbit.oak.namepath.NameMapper; import org.apache.jackrabbit.oak.namepath.NamePathMapper; import org.apache.jackrabbit.oak.namepath.NamePathMapperImpl; +import org.apache.jackrabbit.oak.spi.security.authorization.restriction.AbstractRestrictionProvider; +import org.apache.jackrabbit.oak.spi.security.authorization.restriction.Restriction; import org.apache.jackrabbit.oak.spi.security.authorization.restriction.RestrictionDefinition; +import org.apache.jackrabbit.oak.spi.security.authorization.restriction.RestrictionDefinitionImpl; +import org.apache.jackrabbit.oak.spi.security.authorization.restriction.RestrictionPattern; import org.apache.jackrabbit.oak.spi.security.authorization.restriction.RestrictionProvider; import org.apache.jackrabbit.oak.spi.security.principal.PrincipalImpl; +import org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeBits; import org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeConstants; import org.junit.Test; -import com.google.common.collect.Lists; - import static java.util.Collections.singletonMap; import static org.junit.Assert.assertEquals; import static org.junit.Assert.assertFalse; @@ -55,65 +59,79 @@ import static org.junit.Assert.assertTru /** * Tests for functionality provided by {@link AbstractAccessControlList}. */ -public abstract class AbstractAccessControlListTest extends AbstractAccessControlTest { +public class AbstractAccessControlListTest extends AbstractAccessControlTest { protected String getTestPath() { return "/testPath"; } + protected NamePathMapper getNamePathMapper() { + return NamePathMapper.DEFAULT; + } + + protected RestrictionProvider getRestrictionProvider() { + Map<String, RestrictionDefinition> rDefs = new HashMap(); + rDefs.put("r1", new RestrictionDefinitionImpl("r1", Type.STRING, true)); + rDefs.put("r2", new RestrictionDefinitionImpl("r2", Type.LONGS, false)); + + return new AbstractRestrictionProvider(rDefs) { + @Nonnull + @Override + public RestrictionPattern getPattern(@Nullable String oakPath, @Nonnull Tree tree) { + throw new UnsupportedOperationException(); + } + + @Nonnull + @Override + public RestrictionPattern getPattern(@Nullable String oakPath, @Nonnull Set<Restriction> restrictions) { + throw new UnsupportedOperationException(); + } + }; + } + protected AbstractAccessControlList createEmptyACL() { - return createACL(getTestPath(), Collections.<ACE>emptyList(), namePathMapper); + return createACL(getTestPath(), Collections.<JackrabbitAccessControlEntry>emptyList(), getNamePathMapper()); } - protected AbstractAccessControlList createACL(@Nonnull ACE... entries) { - return createACL(getTestPath(), Lists.newArrayList(entries), namePathMapper); + protected AbstractAccessControlList createACL(@Nonnull JackrabbitAccessControlEntry... entries) { + return createACL(getTestPath(), Lists.newArrayList(entries), getNamePathMapper()); } - protected AbstractAccessControlList createACL(@Nonnull List<ACE> entries) { - return createACL(getTestPath(), entries, namePathMapper); + protected AbstractAccessControlList createACL(@Nonnull List<JackrabbitAccessControlEntry> entries) { + return createACL(getTestPath(), entries, getNamePathMapper()); } protected AbstractAccessControlList createACL(@Nullable String jcrPath, @Nonnull ACE... entries) { - return createACL(jcrPath, Lists.newArrayList(entries), namePathMapper); + return createACL(jcrPath, Lists.newArrayList(entries), getNamePathMapper()); } protected AbstractAccessControlList createACL(@Nullable String jcrPath, - @Nonnull List<ACE> entries, + @Nonnull List<JackrabbitAccessControlEntry> entries, @Nonnull NamePathMapper namePathMapper) { return createACL(jcrPath, entries, namePathMapper, getRestrictionProvider()); } - protected abstract AbstractAccessControlList createACL(@Nullable String jcrPath, - @Nonnull List<ACE> entries, - @Nonnull NamePathMapper namePathMapper, - @Nonnull RestrictionProvider restrictionProvider); + protected AbstractAccessControlList createACL(@Nullable String jcrPath, + @Nonnull List<JackrabbitAccessControlEntry> entries, + @Nonnull NamePathMapper namePathMapper, + @Nonnull RestrictionProvider restrictionProvider) { + return new TestACL(jcrPath, restrictionProvider, namePathMapper, entries); + } - protected List<ACE> createTestEntries() throws RepositoryException { - List<ACE> entries = new ArrayList<ACE>(3); + protected List<JackrabbitAccessControlEntry> createTestEntries() throws RepositoryException { + List<JackrabbitAccessControlEntry> entries = new ArrayList(3); for (int i = 0; i < 3; i++) { entries.add(createEntry( - new PrincipalImpl("testPrincipal" + i), true, null, PrivilegeConstants.JCR_READ)); + new PrincipalImpl("testPrincipal" + i), PrivilegeBits.BUILT_IN.get(PrivilegeConstants.JCR_READ), true)); } return entries; } - protected static Privilege[] getAggregatedPrivileges(Privilege... privileges) { - Set<Privilege> aggr = new HashSet<Privilege>(); - for (Privilege p : privileges) { - if (p.isAggregate()) { - aggr.addAll(Arrays.asList(p.getAggregatePrivileges())); - } else { - aggr.add(p); - } - } - return aggr.toArray(new Privilege[aggr.size()]); - } - @Test public void testGetNamePathMapper() throws Exception { - assertSame(namePathMapper, createEmptyACL().getNamePathMapper()); - assertSame(NamePathMapper.DEFAULT, createACL(getTestPath(), ImmutableList.<ACE>of(), NamePathMapper.DEFAULT).getNamePathMapper()); + assertSame(getNamePathMapper(), createEmptyACL().getNamePathMapper()); + assertSame(NamePathMapper.DEFAULT, createACL(getTestPath(), ImmutableList.<JackrabbitAccessControlEntry>of(), NamePathMapper.DEFAULT).getNamePathMapper()); } @Test @@ -131,7 +149,7 @@ public abstract class AbstractAccessCont paths.put("/{http://jackrabbit.apache.org}testPath";, "/jr:testPath"); for (String path : paths.keySet()) { - AbstractAccessControlList acl = createACL(path, Collections.<ACE>emptyList(), npMapper); + AbstractAccessControlList acl = createACL(path, Collections.<JackrabbitAccessControlEntry>emptyList(), npMapper); assertEquals(paths.get(path), acl.getPath()); } } @@ -154,7 +172,7 @@ public abstract class AbstractAccessCont // test if oak-path is properly set. for (String path : paths.keySet()) { - AbstractAccessControlList acl = createACL(path, Collections.<ACE>emptyList(), npMapper); + AbstractAccessControlList acl = createACL(path, Collections.<JackrabbitAccessControlEntry>emptyList(), npMapper); assertEquals(paths.get(path), acl.getOakPath()); } } @@ -186,7 +204,7 @@ public abstract class AbstractAccessCont @Test public void testGetEntries() throws RepositoryException { - List<ACE> aces = createTestEntries(); + List<JackrabbitAccessControlEntry> aces = createTestEntries(); AbstractAccessControlList acl = createACL(aces); assertNotNull(acl.getEntries()); @@ -206,7 +224,7 @@ public abstract class AbstractAccessCont assertNotNull(restrNames); List<String> names = Lists.newArrayList(restrNames); for (RestrictionDefinition def : getRestrictionProvider().getSupportedRestrictions(getTestPath())) { - assertTrue(names.remove(namePathMapper.getJcrName(def.getName()))); + assertTrue(names.remove(getNamePathMapper().getJcrName(def.getName()))); } assertTrue(names.isEmpty()); } @@ -215,7 +233,7 @@ public abstract class AbstractAccessCont public void testGetRestrictionType() throws RepositoryException { AbstractAccessControlList acl = createEmptyACL(); for (RestrictionDefinition def : getRestrictionProvider().getSupportedRestrictions(getTestPath())) { - int reqType = acl.getRestrictionType(namePathMapper.getJcrName(def.getName())); + int reqType = acl.getRestrictionType(getNamePathMapper().getJcrName(def.getName())); assertTrue(reqType > PropertyType.UNDEFINED); assertEquals(def.getRequiredType().tag(), reqType); Modified: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/accesscontrol/AbstractAccessControlManagerTest.java URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/accesscontrol/AbstractAccessControlManagerTest.java?rev=1792852&r1=1792851&r2=1792852&view=diff ============================================================================== --- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/accesscontrol/AbstractAccessControlManagerTest.java (original) +++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/accesscontrol/AbstractAccessControlManagerTest.java Thu Apr 27 08:53:56 2017 @@ -24,7 +24,6 @@ import java.util.List; import java.util.Set; import javax.annotation.Nonnull; import javax.jcr.AccessDeniedException; -import javax.jcr.NamespaceRegistry; import javax.jcr.PathNotFoundException; import javax.jcr.RepositoryException; import javax.jcr.security.AccessControlException; @@ -32,22 +31,27 @@ import javax.jcr.security.AccessControlP import javax.jcr.security.AccessControlPolicyIterator; import javax.jcr.security.Privilege; -import com.google.common.collect.ImmutableList; +import com.google.common.collect.ImmutableMap; import com.google.common.collect.ImmutableSet; -import org.apache.jackrabbit.JcrConstants; import org.apache.jackrabbit.api.security.JackrabbitAccessControlPolicy; import org.apache.jackrabbit.api.security.authorization.PrivilegeManager; import org.apache.jackrabbit.oak.api.ContentSession; import org.apache.jackrabbit.oak.api.Root; +import org.apache.jackrabbit.oak.api.Tree; import org.apache.jackrabbit.oak.namepath.NamePathMapper; +import org.apache.jackrabbit.oak.spi.security.Context; import org.apache.jackrabbit.oak.spi.security.SecurityProvider; +import org.apache.jackrabbit.oak.spi.security.authentication.AuthInfoImpl; import org.apache.jackrabbit.oak.spi.security.authorization.AuthorizationConfiguration; +import org.apache.jackrabbit.oak.spi.security.authorization.permission.EmptyPermissionProvider; +import org.apache.jackrabbit.oak.spi.security.authorization.permission.OpenPermissionProvider; +import org.apache.jackrabbit.oak.spi.security.authorization.permission.Permissions; import org.apache.jackrabbit.oak.spi.security.principal.EveryonePrincipal; +import org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeConfiguration; import org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeConstants; -import org.apache.jackrabbit.oak.util.NodeUtil; -import org.junit.After; import org.junit.Before; import org.junit.Test; +import org.mockito.Mockito; import static org.junit.Assert.assertArrayEquals; import static org.junit.Assert.assertEquals; @@ -58,73 +62,79 @@ import static org.junit.Assert.assertNul import static org.junit.Assert.assertSame; import static org.junit.Assert.assertTrue; import static org.junit.Assert.fail; +import static org.mockito.Mockito.when; public class AbstractAccessControlManagerTest extends AbstractAccessControlTest { + private static final String WSP_NAME = "wspName"; public static final String TEST_PREFIX = "jr"; - public static final String TEST_URI = "http://jackrabbit.apache.org";; private final String testName = TEST_PREFIX + ":testRoot"; - protected final String testPath = '/' + testName; + private final String testPath = '/' + testName; + private final String nonExistingPath = "/not/existing"; - protected Principal testPrincipal; - protected Privilege[] testPrivileges; - protected Root testRoot; + private final Set<Principal> testPrincipals = ImmutableSet.of(testPrincipal); + private Privilege[] testPrivileges; + private Privilege[] allPrivileges; - protected AbstractAccessControlManager acMgr; + private AbstractAccessControlManager acMgr; - @Override - @Before - public void before() throws Exception { - super.before(); - - acMgr = createAccessControlManager(root, getNamePathMapper()); + private PrivilegeManager privilegeManager; + private AuthorizationConfiguration authorizationConfiguration; - NodeUtil rootNode = new NodeUtil(root.getTree("/"), getNamePathMapper()); - rootNode.addChild(testName, JcrConstants.NT_UNSTRUCTURED); - root.commit(); + private SecurityProvider securityProvider; + private ContentSession cs; - testPrivileges = privilegesFromNames(PrivilegeConstants.JCR_ADD_CHILD_NODES, PrivilegeConstants.JCR_READ); - testPrincipal = getTestPrincipal(); - } - - @After - public void after() throws Exception { - try { - root.refresh(); - root.getTree(testPath).remove(); - root.commit(); - - if (testRoot != null) { - testRoot.getContentSession().close(); - testRoot = null; - } - } finally { - super.after(); - } - } + @Before + public void before() throws Exception { + testPrivileges = new Privilege[] {mockPrivilege("priv1"), mockPrivilege("priv2")}; + allPrivileges = new Privilege[] {mockPrivilege(PrivilegeConstants.JCR_ALL)}; - protected AbstractAccessControlManager createAccessControlManager(@Nonnull Root root, @Nonnull NamePathMapper namePathMapper) { - return new TestAcMgr(root, namePathMapper, getSecurityProvider()); - } + cs = Mockito.mock(ContentSession.class); + when(cs.getWorkspaceName()).thenReturn(WSP_NAME); + when(cs.getAuthInfo()).thenReturn(new AuthInfoImpl(null, ImmutableMap.of(), testPrincipals)); + + when(root.getContentSession()).thenReturn(cs); + + Tree nonExistingTree = Mockito.mock(Tree.class); + when(nonExistingTree.exists()).thenReturn(false); + when(root.getTree(nonExistingPath)).thenReturn(nonExistingTree); + + Tree existingTree = Mockito.mock(Tree.class); + when(existingTree.exists()).thenReturn(true); + when(root.getTree(testPath)).thenReturn(existingTree); + + Tree rootTree = Mockito.mock(Tree.class); + when(rootTree.exists()).thenReturn(true); + when(root.getTree("/")).thenReturn(rootTree); + + privilegeManager = Mockito.mock(PrivilegeManager.class); + when(privilegeManager.getRegisteredPrivileges()).thenReturn(testPrivileges); + when(privilegeManager.getPrivilege("priv1")).thenReturn(testPrivileges[0]); + when(privilegeManager.getPrivilege("priv2")).thenReturn(testPrivileges[1]); + when(privilegeManager.getPrivilege(PrivilegeConstants.JCR_ALL)).thenReturn(allPrivileges[0]); + + PrivilegeConfiguration privilegeConfiguration = Mockito.mock(PrivilegeConfiguration.class); + when(privilegeConfiguration.getPrivilegeManager(root, getNamePathMapper())).thenReturn(privilegeManager); + + authorizationConfiguration = Mockito.mock(AuthorizationConfiguration.class); + when(authorizationConfiguration.getPermissionProvider(root, WSP_NAME, getEveryonePrincipalSet())).thenReturn(EmptyPermissionProvider.getInstance()); + when(authorizationConfiguration.getPermissionProvider(root, WSP_NAME, testPrincipals)).thenReturn(OpenPermissionProvider.getInstance()); + when(authorizationConfiguration.getPermissionProvider(root, WSP_NAME, ImmutableSet.of())).thenReturn(EmptyPermissionProvider.getInstance()); + when(authorizationConfiguration.getContext()).thenReturn(Context.DEFAULT); + + securityProvider = Mockito.mock(SecurityProvider.class); + when(securityProvider.getConfiguration(PrivilegeConfiguration.class)).thenReturn(privilegeConfiguration); + when(securityProvider.getConfiguration(AuthorizationConfiguration.class)).thenReturn(authorizationConfiguration); - protected AbstractAccessControlManager getTestAccessControlManager() throws Exception { - return new TestAcMgr(getTestRoot(), getNamePathMapper(), getSecurityProvider()); - } - - protected List<String> getAcContentPaths() throws RepositoryException { - // TODO: create ac-content paths - return ImmutableList.of(); + acMgr = createAccessControlManager(root, getNamePathMapper()); } - protected Root getTestRoot() throws Exception { - if (testRoot == null) { - testRoot = createTestSession().getLatestRoot(); - } - return testRoot; + private AbstractAccessControlManager createAccessControlManager(@Nonnull Root root, @Nonnull NamePathMapper namePathMapper) { + return new TestAcMgr(root, namePathMapper, securityProvider); } - protected List<String> getInvalidPaths() { + private static List<String> getInvalidPaths() { List<String> invalid = new ArrayList<String>(); invalid.add(""); invalid.add("../../jcr:testRoot"); @@ -134,43 +144,40 @@ public class AbstractAccessControlManage return invalid; } - protected static Set<Principal> getPrincipals(ContentSession session) { - return session.getAuthInfo().getPrincipals(); + private static Privilege mockPrivilege(@Nonnull String name) { + Privilege p = Mockito.mock(Privilege.class); + when(p.getName()).thenReturn(name); + return p; } - protected static Set<Principal> getEveryonePrincipalSet() { + private static Set<Principal> getEveryonePrincipalSet() { return ImmutableSet.<Principal>of(EveryonePrincipal.getInstance()); } //--------------------------------------------------- protected methods >--- @Test public void testGetConfig() { - assertSame(getSecurityProvider().getConfiguration(AuthorizationConfiguration.class), acMgr.getConfig()); + assertSame(authorizationConfiguration, acMgr.getConfig()); } @Test public void testGetRoot() throws Exception { assertSame(root, createAccessControlManager(root, getNamePathMapper()).getRoot()); - assertSame(getTestRoot(), createAccessControlManager(getTestRoot(), getNamePathMapper()).getRoot()); } @Test public void testGetLatestRoot() throws Exception { assertNotSame(root, createAccessControlManager(root, getNamePathMapper()).getLatestRoot()); - assertNotSame(getTestRoot(), createAccessControlManager(getTestRoot(), getNamePathMapper()).getLatestRoot()); } @Test public void testGetNamePathMapper() throws Exception { assertSame(getNamePathMapper(), createAccessControlManager(root, getNamePathMapper()).getNamePathMapper()); - assertSame(getNamePathMapper(), createAccessControlManager(getTestRoot(), getNamePathMapper()).getNamePathMapper()); } @Test public void testGetPrivilegeManager() throws Exception { - PrivilegeManager privMgr = getPrivilegeManager(root); - assertNotSame(privMgr, acMgr.getPrivilegeManager()); - assertEquals(privMgr.getClass().getName(), acMgr.getPrivilegeManager().getClass().getName()); + assertSame(privilegeManager, acMgr.getPrivilegeManager()); } @Test @@ -195,24 +202,58 @@ public class AbstractAccessControlManage createAccessControlManager(root, np).getOakPath("/any/abs/path"); } + @Test + public void testGetTreeTestPath() throws Exception { + assertNotNull(acMgr.getTree(testPath, Permissions.NO_PERMISSION, false)); + assertNotNull(acMgr.getTree(testPath, Permissions.NO_PERMISSION, true)); + } + + @Test(expected = PathNotFoundException.class) + public void testGetTreeNonExstingPath() throws Exception { + acMgr.getTree(nonExistingPath, Permissions.NO_PERMISSION, false); + } + + @Test + public void testGetTreeNullPath() throws Exception { + assertNotNull(acMgr.getTree(null, Permissions.NO_PERMISSION, false)); + } + + @Test + public void testGetTreeNullPathCheckPermission() throws Exception { + assertNotNull(acMgr.getTree(null, Permissions.ALL, false)); + } + + @Test(expected = AccessControlException.class) + public void testGetTreeDefinesAcContent() throws Exception { + Context ctx = new Context.Default() { + @Override + public boolean definesTree(@Nonnull Tree tree) { + return true; + } + }; + when(authorizationConfiguration.getContext()).thenReturn(ctx); + + acMgr.getTree(testPath, Permissions.NO_PERMISSION, true); + } + + @Test(expected = AccessDeniedException.class) + public void testGetTreeDefinesNoAccess() throws Exception { + when(cs.getAuthInfo()).thenReturn(new AuthInfoImpl(null, ImmutableMap.of(), getEveryonePrincipalSet())); + + AbstractAccessControlManager mgr = createAccessControlManager(root, getNamePathMapper()); + mgr.getTree(testPath, Permissions.ALL, true); + } + //---------------------------------------------< getSupportedPrivileges >--- @Test public void testGetSupportedPrivileges() throws Exception { - List<Privilege> allPrivileges = Arrays.asList(getPrivilegeManager(root).getRegisteredPrivileges()); + List<Privilege> allPrivileges = Arrays.asList(privilegeManager.getRegisteredPrivileges()); - List<String> testPaths = new ArrayList<String>(); - testPaths.add(null); - testPaths.add("/"); - testPaths.add("/jcr:system"); - testPaths.add(testPath); - - for (String path : testPaths) { - Privilege[] supported = acMgr.getSupportedPrivileges(path); - - assertNotNull(supported); - assertEquals(allPrivileges.size(), supported.length); - assertTrue(allPrivileges.containsAll(Arrays.asList(supported))); - } + Privilege[] supported = acMgr.getSupportedPrivileges(testPath); + + assertNotNull(supported); + assertEquals(allPrivileges.size(), supported.length); + assertTrue(allPrivileges.containsAll(Arrays.asList(supported))); } @Test @@ -228,19 +269,9 @@ public class AbstractAccessControlManage } @Test - public void testGetSupportedPrivilegesPropertyPath() throws Exception { - try { - acMgr.getSupportedPrivileges("/jcr:primaryType"); - fail("Property path -> PathNotFoundException expected."); - } catch (PathNotFoundException e) { - // success - } - } - - @Test public void testGetSupportedPrivilegesNonExistingPath() throws Exception { try { - acMgr.getSupportedPrivileges("/non/existing/node"); + acMgr.getSupportedPrivileges(nonExistingPath); fail("Nonexisting node -> PathNotFoundException expected."); } catch (PathNotFoundException e) { // success @@ -250,46 +281,13 @@ public class AbstractAccessControlManage //--------------------------------------------------< privilegeFromName >--- @Test public void testPrivilegeFromName() throws Exception { - List<Privilege> allPrivileges = Arrays.asList(getPrivilegeManager(root).getRegisteredPrivileges()); + List<Privilege> allPrivileges = Arrays.asList(privilegeManager.getRegisteredPrivileges()); for (Privilege privilege : allPrivileges) { Privilege p = acMgr.privilegeFromName(privilege.getName()); assertEquals(privilege, p); } } - @Test - public void testPrivilegeFromInvalidName() throws Exception { - List<String> invalid = new ArrayList<String>(); - invalid.add(null); - invalid.add(""); - invalid.add("test:read"); - - for (String privilegeName : invalid) { - try { - acMgr.privilegeFromName(privilegeName); - fail("Invalid privilege name " + privilegeName); - } catch (RepositoryException e) { - // success - } - } - } - - @Test - public void testPrivilegeFromUnknownName() throws Exception { - List<String> invalid = new ArrayList<String>(); - invalid.add("unknownPrivilege"); - invalid.add('{' + NamespaceRegistry.NAMESPACE_JCR + "}unknown"); - - for (String privilegeName : invalid) { - try { - acMgr.privilegeFromName(privilegeName); - fail("Invalid privilege name " + privilegeName); - } catch (AccessControlException e) { - // success - } - } - } - //------------------------------------------------------< hasPrivileges >--- @Test public void testHasNullPrivileges() throws Exception { @@ -301,77 +299,26 @@ public class AbstractAccessControlManage assertTrue(acMgr.hasPrivileges(testPath, new Privilege[0])); } - @Test - public void testHasPrivilegesForPropertyPath() throws Exception { - String propertyPath = "/jcr:primaryType"; - Privilege[] privs = privilegesFromNames(PrivilegeConstants.JCR_ALL); - try { - acMgr.hasPrivileges(propertyPath, privs); - fail("AccessControlManager#hasPrivileges for property should fail."); - } catch (PathNotFoundException e) { - // success - } + @Test(expected = PathNotFoundException.class) + public void testHasPrivilegesNonExistingNodePath() throws Exception { + acMgr.hasPrivileges(nonExistingPath, testPrivileges); + } - try { - acMgr.hasPrivileges(propertyPath, getPrincipals(adminSession), privs); - fail("AccessControlManager#hasPrivileges for property should fail."); - } catch (PathNotFoundException e) { - // success - } + @Test(expected = PathNotFoundException.class) + public void testHasPrivilegesNonExistingNodePathEveryoneSet() throws Exception { + acMgr.hasPrivileges(nonExistingPath, getEveryonePrincipalSet(), testPrivileges); } - @Test - public void testHasPrivilegesNonExistingNodePath() throws Exception { - String nonExistingPath = "/not/existing"; - Privilege[] privs = privilegesFromNames(PrivilegeConstants.JCR_ALL); - try { - acMgr.hasPrivileges(nonExistingPath, privs); - fail("AccessControlManager#hasPrivileges for node that doesn't exist should fail."); - } catch (PathNotFoundException e) { - // success - } - try { - acMgr.hasPrivileges(nonExistingPath, getPrincipals(adminSession), privs); - fail("AccessControlManager#hasPrivileges for node that doesn't exist should fail."); - } catch (PathNotFoundException e) { - // success - } - try { - acMgr.hasPrivileges(nonExistingPath, getEveryonePrincipalSet(), privs); - fail("AccessControlManager#hasPrivileges for node that doesn't exist should fail."); - } catch (PathNotFoundException e) { - // success - } - try { - acMgr.hasPrivileges(nonExistingPath, ImmutableSet.<Principal>of(), privs); - fail("AccessControlManager#hasPrivileges for node that doesn't exist should fail."); - } catch (PathNotFoundException e) { - // success - } + @Test(expected = PathNotFoundException.class) + public void testHasPrivilegesNonExistingNodePathEmptyPrincipalSet() throws Exception { + acMgr.hasPrivileges(nonExistingPath, ImmutableSet.<Principal>of(), testPrivileges); } @Test public void testHasPrivilegesInvalidPaths() throws Exception { - Privilege[] privs = privilegesFromNames(PrivilegeConstants.JCR_ALL); - for (String path : getInvalidPaths()) { - try { - acMgr.hasPrivileges(path, privs); - fail("AccessControlManager#hasPrivileges for node that doesn't exist should fail."); - } catch (RepositoryException e) { - // success - } - } - for (String path : getInvalidPaths()) { - try { - acMgr.hasPrivileges(path, getPrincipals(adminSession), privs); - fail("AccessControlManager#hasPrivileges for node that doesn't exist should fail."); - } catch (RepositoryException e) { - // success - } - } for (String path : getInvalidPaths()) { try { - acMgr.hasPrivileges(path, ImmutableSet.<Principal>of(EveryonePrincipal.getInstance()), privs); + acMgr.hasPrivileges(path, testPrivileges); fail("AccessControlManager#hasPrivileges for node that doesn't exist should fail."); } catch (RepositoryException e) { // success @@ -380,58 +327,22 @@ public class AbstractAccessControlManage } @Test - public void testHasPrivilegesAccessControlledNodePath() throws Exception { - Privilege[] privs = privilegesFromNames(PrivilegeConstants.JCR_ALL); - for (String path : getAcContentPaths()) { - assertTrue(acMgr.hasPrivileges(path, privs)); - assertTrue(acMgr.hasPrivileges(path, getPrincipals(adminSession), privs)); - assertFalse(acMgr.hasPrivileges(path, ImmutableSet.<Principal>of(EveryonePrincipal.getInstance()), privs)); - } + public void testHasPrivileges() throws Exception { + assertTrue(acMgr.hasPrivileges(testPath, allPrivileges)); } - /** - * @since OAK 1.0 As of OAK AccessControlManager#hasPrivilege will throw - * PathNotFoundException in case the node associated with a given path is - * not readable to the editing session (compatibility with the specification - * which was missing in jackrabbit). - */ - @Test - public void testHasPrivilegesNotAccessiblePath() throws Exception { - List<String> notAccessible = new ArrayList(); - notAccessible.add("/"); - notAccessible.addAll(getAcContentPaths()); - - Privilege[] privs = privilegesFromNames(PrivilegeConstants.JCR_ALL); - AbstractAccessControlManager testAcMgr = getTestAccessControlManager(); - for (String path : notAccessible) { - try { - testAcMgr.hasPrivileges(path, privs); - fail("AccessControlManager#hasPrivileges for node that is not accessible should fail."); - } catch (PathNotFoundException e) { - // success - } - } - for (String path : notAccessible) { - try { - testAcMgr.hasPrivileges(path, getPrincipals(root.getContentSession()), privs); - fail("AccessControlManager#hasPrivileges for node that is not accessible should fail."); - } catch (PathNotFoundException e) { - // success - } - } - for (String path : notAccessible) { - try { - testAcMgr.hasPrivileges(path, getPrincipals(getTestRoot().getContentSession()), privs); - fail("AccessControlManager#hasPrivileges for node that is not accessible should fail."); - } catch (PathNotFoundException e) { - // success - } - } - for (String path : notAccessible) { + @Test + public void testHasPrivilegesSessionSet() throws Exception { + assertTrue(acMgr.hasPrivileges(testPath, testPrincipals, allPrivileges)); + } + + @Test + public void testHasPrivilegesInvalidPathsEveryoneSet() throws Exception { + for (String path : getInvalidPaths()) { try { - testAcMgr.hasPrivileges(path, ImmutableSet.<Principal>of(), privs); - fail("AccessControlManager#hasPrivileges for node that is not accessible should fail."); - } catch (PathNotFoundException e) { + acMgr.hasPrivileges(path, ImmutableSet.<Principal>of(EveryonePrincipal.getInstance()), testPrivileges); + fail("AccessControlManager#hasPrivileges for node that doesn't exist should fail."); + } catch (RepositoryException e) { // success } } @@ -439,103 +350,28 @@ public class AbstractAccessControlManage @Test public void testHasRepoPrivileges() throws Exception { - assertTrue(acMgr.hasPrivileges(null, privilegesFromNames(PrivilegeConstants.JCR_ALL))); - assertTrue(acMgr.hasPrivileges(null, getPrincipals(adminSession), privilegesFromNames(PrivilegeConstants.JCR_ALL))); + assertTrue(acMgr.hasPrivileges(null, testPrivileges)); } @Test - public void testHasRepoPrivilegesEmptyPrincipalSet() throws Exception { - assertFalse(acMgr.hasPrivileges(null, ImmutableSet.<Principal>of(), privilegesFromNames(PrivilegeConstants.JCR_ALL))); + public void testHasRepoPrivilegesEveryoneSet() throws Exception { + assertFalse(acMgr.hasPrivileges(null, getEveryonePrincipalSet(), testPrivileges)); } @Test - public void testTestSessionHasRepoPrivileges() throws Exception { - AbstractAccessControlManager testAcMgr = getTestAccessControlManager(); - - assertFalse(testAcMgr.hasPrivileges(null, testPrivileges)); - assertFalse(testAcMgr.hasPrivileges(null, getPrincipals(getTestRoot().getContentSession()), testPrivileges)); - } - - @Test - public void testHasRepoPrivilegesNoAccessToPrincipals() throws Exception { - AbstractAccessControlManager testAcMgr = getTestAccessControlManager(); - // the test-session doesn't have sufficient permissions to read privilege set for admin session. - try { - testAcMgr.getPrivileges(null, getPrincipals(adminSession)); - fail("testSession doesn't have sufficient permission to read access control information"); - } catch (AccessDeniedException e) { - // success - } - } - - @Test - public void testHasRepoPrivilegesForEmptyPrincipalSet() throws Exception { - AbstractAccessControlManager testAcMgr = getTestAccessControlManager(); - // the test-session doesn't have sufficient permissions to read privilege set. - try { - testAcMgr.getPrivileges(null, ImmutableSet.<Principal>of()); - fail("testSession doesn't have sufficient permission to read access control information"); - } catch (AccessDeniedException e) { - // success - } + public void testHasRepoPrivilegesEmptyPrincipalSet() throws Exception { + assertFalse(acMgr.hasPrivileges(null, ImmutableSet.<Principal>of(), testPrivileges)); } //------------------------------------------------------< getPrivileges >--- - @Test - public void testGetPrivilegesForPropertyPath() throws Exception { - String propertyPath = "/jcr:primaryType"; - try { - acMgr.getPrivileges(propertyPath); - fail("AccessControlManager#getPrivileges for property should fail."); - } catch (PathNotFoundException e) { - // success - } - - try { - acMgr.getPrivileges(propertyPath, Collections.singleton(testPrincipal)); - fail("AccessControlManager#getPrivileges for property should fail."); - } catch (PathNotFoundException e) { - // success - } - - try { - acMgr.getPrivileges(propertyPath, getPrincipals(adminSession)); - fail("AccessControlManager#getPrivileges for property should fail."); - } catch (PathNotFoundException e) { - // success - } - } - - @Test + @Test(expected = PathNotFoundException.class) public void testGetPrivilegesNonExistingNodePath() throws Exception { - String nonExistingPath = "/not/existing"; - try { - acMgr.getPrivileges(nonExistingPath); - fail("AccessControlManager#getPrivileges for node that doesn't exist should fail."); - } catch (PathNotFoundException e) { - // success - } - - try { - acMgr.getPrivileges(nonExistingPath, getPrincipals(adminSession)); - fail("AccessControlManager#getPrivileges for node that doesn't exist should fail."); - } catch (PathNotFoundException e) { - // success - } - - try { - acMgr.getPrivileges(nonExistingPath, Collections.singleton(testPrincipal)); - fail("AccessControlManager#getPrivileges for node that doesn't exist should fail."); - } catch (PathNotFoundException e) { - // success - } + acMgr.getPrivileges(nonExistingPath); + } - try { - acMgr.getPrivileges(nonExistingPath, ImmutableSet.<Principal>of()); - fail("AccessControlManager#getPrivileges for node that doesn't exist should fail."); - } catch (PathNotFoundException e) { - // success - } + @Test(expected = PathNotFoundException.class) + public void testGetPrivilegesNonExistingNodePathEmptyPrincipalSet() throws Exception { + acMgr.getPrivileges(nonExistingPath, ImmutableSet.<Principal>of()); } @Test @@ -551,15 +387,6 @@ public class AbstractAccessControlManage for (String path : getInvalidPaths()) { try { - acMgr.getPrivileges(path, getPrincipals(adminSession)); - fail("AccessControlManager#getPrivileges for node that doesn't exist should fail."); - } catch (RepositoryException e) { - // success - } - } - - for (String path : getInvalidPaths()) { - try { acMgr.getPrivileges(path, Collections.singleton(testPrincipal)); fail("AccessControlManager#getPrivileges for node that doesn't exist should fail."); } catch (RepositoryException e) { @@ -577,76 +404,24 @@ public class AbstractAccessControlManage } } - /** - * @since OAK 1.0 As of OAK AccessControlManager#hasPrivilege will throw - * PathNotFoundException in case the node associated with a given path is - * not readable to the editing session. - */ - @Test - public void testGetPrivilegesNotAccessiblePath() throws Exception { - List<String> notAccessible = new ArrayList(); - notAccessible.add("/"); - notAccessible.addAll(getAcContentPaths()); - - for (String path : notAccessible) { - try { - getTestAccessControlManager().getPrivileges(path); - fail("AccessControlManager#getPrivileges for node that is not accessible should fail."); - } catch (PathNotFoundException e) { - // success - } - } - - for (String path : notAccessible) { - try { - getTestAccessControlManager().getPrivileges(path, getPrincipals(adminSession)); - fail("AccessControlManager#getPrivileges for node that is not accessible should fail."); - } catch (PathNotFoundException e) { - // success - } - } - - for (String path : notAccessible) { - try { - getTestAccessControlManager().getPrivileges(path, Collections.singleton(testPrincipal)); - fail("AccessControlManager#getPrivileges for node that is not accessible should fail."); - } catch (PathNotFoundException e) { - // success - } - } - - } - @Test - public void testGetPrivilegesAccessControlledNodePath() throws Exception { - Privilege[] expected = privilegesFromNames(PrivilegeConstants.JCR_ALL); - for (String path : getAcContentPaths()) { - assertArrayEquals(expected, acMgr.getPrivileges(path)); - assertArrayEquals(expected, acMgr.getPrivileges(path, getPrincipals(adminSession))); - } + public void testGetPrivileges() throws Exception { + assertArrayEquals(allPrivileges, acMgr.getPrivileges(testPath)); } @Test - public void testGetPrivilegesForPrincipalsAccessControlledNodePath() throws Exception { - Set<Principal> testPrincipals = ImmutableSet.of(testPrincipal); - Privilege[] expected = new Privilege[0]; - for (String path : getAcContentPaths()) { - assertArrayEquals(expected, acMgr.getPrivileges(path, testPrincipals)); - } + public void testGetPrivilegesEveronePrincipalSet() throws Exception { + assertArrayEquals(new Privilege[0], acMgr.getPrivileges(testPath, getEveryonePrincipalSet())); } @Test - public void testGetPrivilegesForNoPrincipalsAccessControlledNodePath() throws Exception { - Privilege[] expected = new Privilege[0]; - for (String path : getAcContentPaths()) { - assertArrayEquals(expected, acMgr.getPrivileges(path, ImmutableSet.<Principal>of())); - } + public void testGetPrivilegesEmptyPrincipalSet() throws Exception { + assertArrayEquals(new Privilege[0], acMgr.getPrivileges(testPath, ImmutableSet.<Principal>of())); } @Test public void testGetRepoPrivileges() throws Exception { - assertArrayEquals(privilegesFromNames(PrivilegeConstants.JCR_ALL), acMgr.getPrivileges(null)); - assertArrayEquals(privilegesFromNames(PrivilegeConstants.JCR_ALL), acMgr.getPrivileges(null, getPrincipals(adminSession))); + assertArrayEquals(allPrivileges, acMgr.getPrivileges(null)); } @Test
