Modified: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/accesscontrol/AbstractAccessControlTest.java URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/accesscontrol/AbstractAccessControlTest.java?rev=1792852&r1=1792851&r2=1792852&view=diff ============================================================================== --- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/accesscontrol/AbstractAccessControlTest.java (original) +++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/accesscontrol/AbstractAccessControlTest.java Thu Apr 27 08:53:56 2017 @@ -17,54 +17,50 @@ package org.apache.jackrabbit.oak.spi.security.authorization.accesscontrol; import java.security.Principal; -import java.util.HashSet; import java.util.Set; import javax.jcr.RepositoryException; import javax.jcr.security.AccessControlException; import javax.jcr.security.Privilege; -import org.apache.jackrabbit.oak.AbstractSecurityTest; -import org.apache.jackrabbit.oak.spi.security.authorization.AuthorizationConfiguration; +import com.google.common.collect.ImmutableSet; +import org.apache.jackrabbit.oak.api.Root; +import org.apache.jackrabbit.oak.namepath.NamePathMapper; import org.apache.jackrabbit.oak.spi.security.authorization.restriction.Restriction; -import org.apache.jackrabbit.oak.spi.security.authorization.restriction.RestrictionProvider; +import org.apache.jackrabbit.oak.spi.security.principal.PrincipalImpl; import org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeBits; import org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeBitsProvider; +import org.mockito.Mockito; -public abstract class AbstractAccessControlTest extends AbstractSecurityTest { +public abstract class AbstractAccessControlTest { - private RestrictionProvider restrictionProvider; - private PrivilegeBitsProvider bitsProvider; + final Root root = Mockito.mock(Root.class); - protected RestrictionProvider getRestrictionProvider() { - if (restrictionProvider == null) { - restrictionProvider = getConfig(AuthorizationConfiguration.class).getRestrictionProvider(); - } - return restrictionProvider; - } - - protected PrivilegeBitsProvider getBitsProvider() { - if (bitsProvider == null) { - bitsProvider = new PrivilegeBitsProvider(root); - } - return bitsProvider; - } + Principal testPrincipal = new PrincipalImpl("testPrincipal"); - protected Principal getTestPrincipal() throws Exception { - return getTestUser().getPrincipal(); + PrivilegeBitsProvider getBitsProvider() { + return new PrivilegeBitsProvider(root); } - protected ACE createEntry(Principal principal, boolean isAllow, Set<Restriction> restrictions, String... privilegeNames) throws RepositoryException { - return new TestACE(principal, getBitsProvider().getBits(privilegeNames), isAllow, restrictions); + NamePathMapper getNamePathMapper() { + return NamePathMapper.DEFAULT; } - protected ACE createEntry(Principal principal, Privilege[] privileges, boolean isAllow) + ACE createEntry(boolean isAllow, String... privilegeName) throws RepositoryException { - PrivilegeBits bits = getBitsProvider().getBits(privileges, getNamePathMapper()); - return new TestACE(principal, bits, isAllow, null); + if (privilegeName.length == 1) { + return createEntry(testPrincipal, PrivilegeBits.BUILT_IN.get(privilegeName[0]), isAllow); + } else { + PrivilegeBits bits = PrivilegeBits.getInstance(); + for (String n : privilegeName) { + bits.add(PrivilegeBits.BUILT_IN.get(n)); + } + return createEntry(testPrincipal, bits.unmodifiable(), isAllow); + } } - protected ACE createEntry(Principal principal, PrivilegeBits bits, boolean isAllow, Set<Restriction> restrictions) throws AccessControlException { - return new TestACE(principal, bits, isAllow, restrictions); + ACE createEntry(Principal principal, PrivilegeBits privilegeBits, boolean isAllow, Restriction... restrictions) + throws RepositoryException { + return new TestACE(principal, privilegeBits, isAllow, ImmutableSet.copyOf(restrictions)); } private final class TestACE extends ACE { @@ -75,15 +71,7 @@ public abstract class AbstractAccessCont @Override public Privilege[] getPrivileges() { - Set<Privilege> privileges = new HashSet<Privilege>(); - for (String name : bitsProvider.getPrivilegeNames(getPrivilegeBits())) { - try { - privileges.add(getPrivilegeManager(root).getPrivilege(name)); - } catch (RepositoryException e) { - throw new RuntimeException(e); - } - } - return privileges.toArray(new Privilege[privileges.size()]); + throw new UnsupportedOperationException(); } } }
Modified: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/accesscontrol/ImmutableACLTest.java URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/accesscontrol/ImmutableACLTest.java?rev=1792852&r1=1792851&r2=1792852&view=diff ============================================================================== --- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/accesscontrol/ImmutableACLTest.java (original) +++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/accesscontrol/ImmutableACLTest.java Thu Apr 27 08:53:56 2017 @@ -16,16 +16,11 @@ */ package org.apache.jackrabbit.oak.spi.security.authorization.accesscontrol; -import static org.junit.Assert.assertEquals; -import static org.junit.Assert.assertFalse; -import static org.junit.Assert.assertTrue; -import static org.junit.Assert.fail; - -import java.security.Principal; import java.util.ArrayList; import java.util.Collections; import java.util.List; - +import javax.annotation.Nonnull; +import javax.annotation.Nullable; import javax.jcr.Value; import javax.jcr.security.AccessControlEntry; import javax.jcr.security.AccessControlException; @@ -35,30 +30,44 @@ import org.apache.jackrabbit.api.securit import org.apache.jackrabbit.api.security.JackrabbitAccessControlList; import org.apache.jackrabbit.oak.namepath.NamePathMapper; import org.apache.jackrabbit.oak.spi.security.authorization.restriction.RestrictionProvider; +import org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeBits; import org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeConstants; import org.junit.Before; import org.junit.Test; +import org.mockito.Mockito; + +import static org.junit.Assert.assertEquals; +import static org.junit.Assert.assertFalse; +import static org.junit.Assert.assertTrue; +import static org.junit.Assert.fail; +import static org.mockito.Mockito.when; /** * Test for {@code ImmutableACL} */ public class ImmutableACLTest extends AbstractAccessControlListTest { - private Principal testPrincipal; private Privilege[] testPrivileges; - @Override @Before public void before() throws Exception { - super.before(); - - testPrincipal = getTestPrincipal(); testPrivileges = privilegesFromNames(PrivilegeConstants.JCR_READ, PrivilegeConstants.JCR_ADD_CHILD_NODES); } - @Override - protected ImmutableACL createACL(String jcrPath, List<ACE> entries, - NamePathMapper namePathMapper, RestrictionProvider restrictionProvider) { + private static Privilege[] privilegesFromNames(String... privNames) { + Privilege[] p = new Privilege[privNames.length]; + for (int i = 0; i < privNames.length; i++) { + Privilege privilege = Mockito.mock(Privilege.class); + when(privilege.getName()).thenReturn(privNames[i]); + p[i] = privilege; + } + return p; + } + + protected ImmutableACL createACL(@Nullable String jcrPath, + @Nonnull List<JackrabbitAccessControlEntry> entries, + @Nonnull NamePathMapper namePathMapper, + @Nonnull RestrictionProvider restrictionProvider) { String oakPath = (jcrPath == null) ? null : namePathMapper.getOakPath(jcrPath); return new ImmutableACL(oakPath, entries, restrictionProvider, namePathMapper); } @@ -123,9 +132,9 @@ public class ImmutableACLTest extends Ab @Test public void testImmutable() throws Exception { - List<ACE> entries = new ArrayList<ACE>(); - entries.add(createEntry(testPrincipal, testPrivileges, true)); - entries.add(createEntry(testPrincipal, privilegesFromNames(PrivilegeConstants.JCR_LIFECYCLE_MANAGEMENT), false)); + List<JackrabbitAccessControlEntry> entries = new ArrayList(); + entries.add(createEntry(true, PrivilegeConstants.JCR_READ, PrivilegeConstants.JCR_ADD_CHILD_NODES)); + entries.add(createEntry(false, PrivilegeConstants.JCR_LIFECYCLE_MANAGEMENT)); JackrabbitAccessControlList acl = createACL(entries); assertFalse(acl.isEmpty()); @@ -150,17 +159,17 @@ public class ImmutableACLTest extends Ab JackrabbitAccessControlList acl = createEmptyACL(); assertEquals(acl, createEmptyACL()); - ACE entry = createEntry(testPrincipal, testPrivileges, true); + ACE entry = createEntry(true, PrivilegeConstants.JCR_READ, PrivilegeConstants.JCR_ADD_CHILD_NODES); assertFalse(acl.equals(createACL(entry))); - assertFalse(acl.equals(new TestACL(getTestPath(), getRestrictionProvider(), Collections.<JackrabbitAccessControlEntry>emptyList()))); + assertFalse(acl.equals(new TestACL(getTestPath(), getRestrictionProvider(), getNamePathMapper(), Collections.<JackrabbitAccessControlEntry>emptyList()))); } @Test public void testEquals() throws Exception { RestrictionProvider rp = getRestrictionProvider(); - ACE ace1 = createEntry(testPrincipal, false, null, PrivilegeConstants.JCR_VERSION_MANAGEMENT); - ACE ace2 = createEntry(testPrincipal, testPrivileges, true); - ACE ace2b = createEntry(testPrincipal, getAggregatedPrivileges(testPrivileges), true); + ACE ace1 = createEntry(testPrincipal, PrivilegeBits.BUILT_IN.get(PrivilegeConstants.JCR_VERSION_MANAGEMENT), false); + ACE ace2 = createEntry(true, PrivilegeConstants.JCR_READ, PrivilegeConstants.JCR_ADD_CHILD_NODES); + ACE ace2b = createEntry(true, PrivilegeConstants.REP_READ_NODES, PrivilegeConstants.REP_READ_PROPERTIES, PrivilegeConstants.JCR_ADD_CHILD_NODES); JackrabbitAccessControlList acl = createACL(ace1, ace2); assertTrue(acl instanceof ImmutableACL); @@ -179,18 +188,18 @@ public class ImmutableACLTest extends Ab assertFalse(acl.equals(repoAcl)); assertFalse(acl.equals(createEmptyACL())); assertFalse(acl.equals(createACL("/anotherPath", ace1, ace2))); - assertFalse(acl.equals(new TestACL("/anotherPath", rp, ace1, ace2))); - assertFalse(acl.equals(new TestACL("/anotherPath", rp, ace1, ace2))); - assertFalse(acl.equals(new TestACL("/anotherPath", rp))); - assertFalse(acl.equals(new TestACL(getTestPath(), rp, ace1, ace2))); + assertFalse(acl.equals(new TestACL("/anotherPath", rp, getNamePathMapper(), ace1, ace2))); + assertFalse(acl.equals(new TestACL("/anotherPath", rp, getNamePathMapper(), ace1, ace2))); + assertFalse(acl.equals(new TestACL("/anotherPath", rp, getNamePathMapper()))); + assertFalse(acl.equals(new TestACL(getTestPath(), rp, getNamePathMapper(), ace1, ace2))); } @Test public void testHashCode() throws Exception { RestrictionProvider rp = getRestrictionProvider(); - ACE ace1 = createEntry(testPrincipal, privilegesFromNames(PrivilegeConstants.JCR_VERSION_MANAGEMENT), false); - ACE ace2 = createEntry(testPrincipal, testPrivileges, true); - ACE ace2b = createEntry(testPrincipal, getAggregatedPrivileges(testPrivileges), true); + ACE ace1 = createEntry(false, PrivilegeConstants.JCR_VERSION_MANAGEMENT); + ACE ace2 = createEntry(true, PrivilegeConstants.JCR_READ, PrivilegeConstants.JCR_ADD_CHILD_NODES); + ACE ace2b = createEntry(true, PrivilegeConstants.REP_READ_NODES, PrivilegeConstants.REP_READ_PROPERTIES, PrivilegeConstants.JCR_ADD_CHILD_NODES); JackrabbitAccessControlList acl = createACL(ace1, ace2); JackrabbitAccessControlList repoAcl = createACL((String) null, ace1, ace2); @@ -205,9 +214,9 @@ public class ImmutableACLTest extends Ab assertFalse(hc == repoAcl.hashCode()); assertFalse(hc == createEmptyACL().hashCode()); assertFalse(hc == createACL("/anotherPath", ace1, ace2).hashCode()); - assertFalse(hc == new TestACL("/anotherPath", rp, ace1, ace2).hashCode()); - assertFalse(hc == new TestACL("/anotherPath", rp, ace1, ace2).hashCode()); - assertFalse(hc == new TestACL("/anotherPath", rp).hashCode()); - assertFalse(hc == new TestACL(getTestPath(), rp, ace1, ace2).hashCode()); + assertFalse(hc == new TestACL("/anotherPath", rp, getNamePathMapper(), ace1, ace2).hashCode()); + assertFalse(hc == new TestACL("/anotherPath", rp, getNamePathMapper(), ace1, ace2).hashCode()); + assertFalse(hc == new TestACL("/anotherPath", rp, getNamePathMapper()).hashCode()); + assertFalse(hc == new TestACL(getTestPath(), rp, getNamePathMapper(), ace1, ace2).hashCode()); } } \ No newline at end of file Modified: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/accesscontrol/TestACL.java URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/accesscontrol/TestACL.java?rev=1792852&r1=1792851&r2=1792852&view=diff ============================================================================== --- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/accesscontrol/TestACL.java (original) +++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/accesscontrol/TestACL.java Thu Apr 27 08:53:56 2017 @@ -21,6 +21,7 @@ import java.util.ArrayList; import java.util.List; import java.util.Map; import javax.annotation.Nonnull; +import javax.annotation.Nullable; import javax.jcr.RepositoryException; import javax.jcr.Value; import javax.jcr.security.AccessControlEntry; @@ -40,16 +41,20 @@ public final class TestACL extends Abstr private final List<JackrabbitAccessControlEntry> entries = new ArrayList<JackrabbitAccessControlEntry>(); private final RestrictionProvider restrictionProvider; - public TestACL(String jcrPath, RestrictionProvider restrictionProvider, - List<JackrabbitAccessControlEntry> entries) { - super(jcrPath, NamePathMapper.DEFAULT); + public TestACL(@Nullable String jcrPath, + @Nonnull RestrictionProvider restrictionProvider, + @Nonnull NamePathMapper namePathMapper, + @Nonnull List<JackrabbitAccessControlEntry> entries) { + super((jcrPath == null) ? null : namePathMapper.getOakPath(jcrPath), namePathMapper); this.entries.addAll(entries); this.restrictionProvider = restrictionProvider; } - public TestACL(String jcrPath, RestrictionProvider restrictionProvider, - JackrabbitAccessControlEntry... entry) { - this(jcrPath, restrictionProvider, Lists.newArrayList(entry)); + public TestACL(@Nullable String jcrPath, + @Nonnull RestrictionProvider restrictionProvider, + @Nonnull NamePathMapper namePathMapper, + @Nonnull JackrabbitAccessControlEntry... entry) { + this(jcrPath, restrictionProvider, namePathMapper, Lists.newArrayList(entry)); } @Override @@ -79,11 +84,6 @@ public final class TestACL extends Abstr } @Override - public AccessControlEntry[] getAccessControlEntries() { - return entries.toArray(new AccessControlEntry[entries.size()]); - } - - @Override public void removeAccessControlEntry(AccessControlEntry ace) { throw new UnsupportedOperationException(); }
