Added:
jackrabbit/oak/trunk/oak-authorization-principalbased/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/principalbased/impl/ImportBaseTest.java
URL:
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-authorization-principalbased/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/principalbased/impl/ImportBaseTest.java?rev=1857551&view=auto
==============================================================================
---
jackrabbit/oak/trunk/oak-authorization-principalbased/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/principalbased/impl/ImportBaseTest.java
(added)
+++
jackrabbit/oak/trunk/oak-authorization-principalbased/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/principalbased/impl/ImportBaseTest.java
Mon Apr 15 07:16:49 2019
@@ -0,0 +1,499 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package
org.apache.jackrabbit.oak.spi.security.authorization.principalbased.impl;
+
+import com.google.common.collect.Iterators;
+import org.apache.jackrabbit.api.JackrabbitRepository;
+import org.apache.jackrabbit.api.JackrabbitSession;
+import org.apache.jackrabbit.api.security.JackrabbitAccessControlManager;
+import org.apache.jackrabbit.api.security.user.User;
+import org.apache.jackrabbit.api.security.user.UserManager;
+import org.apache.jackrabbit.oak.commons.PathUtils;
+import org.apache.jackrabbit.oak.jcr.Jcr;
+import org.apache.jackrabbit.oak.spi.security.ConfigurationParameters;
+import
org.apache.jackrabbit.oak.spi.security.authorization.AuthorizationConfiguration;
+import
org.apache.jackrabbit.oak.spi.security.authorization.accesscontrol.AccessControlConstants;
+import org.apache.jackrabbit.oak.spi.security.user.UserConstants;
+import org.apache.jackrabbit.oak.spi.xml.ProtectedItemImporter;
+import org.junit.After;
+import org.junit.Before;
+import org.junit.Test;
+
+import javax.jcr.ImportUUIDBehavior;
+import javax.jcr.Node;
+import javax.jcr.Repository;
+import javax.jcr.RepositoryException;
+import javax.jcr.Session;
+import javax.jcr.SimpleCredentials;
+import javax.jcr.nodetype.ConstraintViolationException;
+import java.io.ByteArrayInputStream;
+import java.io.InputStream;
+import java.security.Principal;
+import java.util.List;
+import java.util.UUID;
+
+import static org.apache.jackrabbit.JcrConstants.JCR_PRIMARYTYPE;
+import static
org.apache.jackrabbit.oak.spi.security.authorization.accesscontrol.AccessControlConstants.REP_GLOB;
+import static
org.apache.jackrabbit.oak.spi.security.authorization.principalbased.impl.Constants.MIX_REP_PRINCIPAL_BASED_MIXIN;
+import static
org.apache.jackrabbit.oak.spi.security.authorization.principalbased.impl.Constants.NT_REP_PRINCIPAL_ENTRY;
+import static
org.apache.jackrabbit.oak.spi.security.authorization.principalbased.impl.Constants.NT_REP_PRINCIPAL_POLICY;
+import static
org.apache.jackrabbit.oak.spi.security.authorization.principalbased.impl.Constants.NT_REP_RESTRICTIONS;
+import static
org.apache.jackrabbit.oak.spi.security.authorization.principalbased.impl.Constants.REP_EFFECTIVE_PATH;
+import static
org.apache.jackrabbit.oak.spi.security.authorization.principalbased.impl.Constants.REP_PRINCIPAL_NAME;
+import static
org.apache.jackrabbit.oak.spi.security.authorization.principalbased.impl.Constants.REP_PRINCIPAL_POLICY;
+import static
org.apache.jackrabbit.oak.spi.security.authorization.principalbased.impl.Constants.REP_PRIVILEGES;
+import static
org.apache.jackrabbit.oak.spi.security.authorization.principalbased.impl.Constants.REP_RESTRICTIONS;
+import static
org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeConstants.JCR_NAMESPACE_MANAGEMENT;
+import static
org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeConstants.JCR_READ;
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertNull;
+import static org.junit.Assert.assertTrue;
+
+public abstract class ImportBaseTest extends AbstractPrincipalBasedTest {
+
+ private Repository repo;
+ private JackrabbitSession adminSession;
+
+ private String testPath;
+ private String uid;
+ private Principal testPrincipal;
+ private String testPrincipalName;
+
+ @Before
+ public void before() throws Exception {
+ super.before();
+
+ Jcr jcr = new Jcr();
+ jcr.with(getSecurityProvider());
+ jcr.with(getQueryEngineSettings());
+ repo = jcr.createRepository();
+ adminSession = (JackrabbitSession) repo.login(new
SimpleCredentials(UserConstants.DEFAULT_ADMIN_ID,
UserConstants.DEFAULT_ADMIN_ID.toCharArray()));
+
+ User u = getUserManager().createSystemUser("testSystemUser" +
UUID.randomUUID(), getNamePathMapper().getJcrPath(INTERMEDIATE_PATH));
+ adminSession.save();
+ uid = u.getID();
+ testPath = u.getPath();
+ testPrincipal = u.getPrincipal();
+ testPrincipalName = testPrincipal.getName();
+ }
+
+ @After
+ public void after() throws Exception {
+ try {
+ adminSession.refresh(false);
+ User u = getUserManager().getAuthorizable(uid, User.class);
+ if (u != null) {
+ u.remove();
+ }
+ adminSession.removeItem(SUPPORTED_PATH);
+ adminSession.save();
+ } finally {
+ adminSession.logout();
+ if (repo instanceof JackrabbitRepository) {
+ ((JackrabbitRepository) repo).shutdown();
+ }
+ super.after();
+ }
+ }
+
+ @Override
+ protected ConfigurationParameters getSecurityConfigParameters() {
+ return ConfigurationParameters.of(AuthorizationConfiguration.NAME,
+
ConfigurationParameters.of(ProtectedItemImporter.PARAM_IMPORT_BEHAVIOR,
getImportBehavior())
+ );
+ }
+
+ abstract String getImportBehavior();
+
+ UserManager getUserManager() throws RepositoryException {
+ return adminSession.getUserManager();
+ }
+
+ JackrabbitSession getSession() {
+ return adminSession;
+ }
+
+ JackrabbitAccessControlManager getAccessControlManager() throws
RepositoryException {
+ return (JackrabbitAccessControlManager)
adminSession.getAccessControlManager();
+ }
+
+ void doImport(String parentPath, String xml) throws Exception {
+ doImport(adminSession, parentPath, xml,
ImportUUIDBehavior.IMPORT_UUID_COLLISION_THROW);
+ }
+
+ void doImport(Session importSession, String parentPath, String xml, int
importUUIDBehavior) throws Exception {
+ InputStream in;
+ if (xml.charAt(0) == '<') {
+ in = new ByteArrayInputStream(xml.getBytes());
+ } else {
+ in = getClass().getResourceAsStream(xml);
+ }
+ try {
+ importSession.importXML(parentPath, in, importUUIDBehavior);
+ } finally {
+ in.close();
+ }
+ }
+
+ @Test(expected = ConstraintViolationException.class)
+ public void testPolicyWithoutPrincipalName() throws Exception {
+ String xml = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>" +
+ "<sv:node sv:name=\""+REP_PRINCIPAL_POLICY+"\"
xmlns:mix=\"http://www.jcp.org/jcr/mix/1.0\";
xmlns:nt=\"http://www.jcp.org/jcr/nt/1.0\";
xmlns:fn_old=\"http://www.w3.org/2004/10/xpath-functions\";
xmlns:fn=\"http://www.w3.org/2005/xpath-functions\";
xmlns:xs=\"http://www.w3.org/2001/XMLSchema\";
xmlns:sv=\"http://www.jcp.org/jcr/sv/1.0\"; xmlns:rep=\"internal\"
xmlns:jcr=\"http://www.jcp.org/jcr/1.0\";>" +
+ "<sv:property sv:name=\""+JCR_PRIMARYTYPE+"\"
sv:type=\"Name\"><sv:value>"+NT_REP_PRINCIPAL_POLICY+"</sv:value></sv:property>"
+
+ "</sv:node>";
+ adminSession.getNode(testPath).addMixin(MIX_REP_PRINCIPAL_BASED_MIXIN);
+ doImport(testPath, xml);
+
+
assertTrue(adminSession.getNode(testPath).hasNode(REP_PRINCIPAL_POLICY));
+ adminSession.save();
+ }
+
+ @Test
+ public void testEmptyPolicyMissingMixinType() throws Exception {
+ String xml = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>" +
+ "<sv:node sv:name=\""+REP_PRINCIPAL_POLICY+"\"
xmlns:mix=\"http://www.jcp.org/jcr/mix/1.0\";
xmlns:nt=\"http://www.jcp.org/jcr/nt/1.0\";
xmlns:fn_old=\"http://www.w3.org/2004/10/xpath-functions\";
xmlns:fn=\"http://www.w3.org/2005/xpath-functions\";
xmlns:xs=\"http://www.w3.org/2001/XMLSchema\";
xmlns:sv=\"http://www.jcp.org/jcr/sv/1.0\"; xmlns:rep=\"internal\"
xmlns:jcr=\"http://www.jcp.org/jcr/1.0\";>" +
+ "<sv:property sv:name=\""+JCR_PRIMARYTYPE+"\"
sv:type=\"Name\"><sv:value>"+NT_REP_PRINCIPAL_POLICY+"</sv:value></sv:property>"
+
+ "<sv:property sv:name=\""+REP_PRINCIPAL_NAME+"\"
sv:type=\"String\"><sv:value>" + testPrincipalName +
"</sv:value></sv:property>" +
+ "</sv:node>";
+ doImport(testPath, xml);
+
+
assertTrue(adminSession.getNode(testPath).isNodeType(MIX_REP_PRINCIPAL_BASED_MIXIN));
+
assertTrue(adminSession.getNode(testPath).hasNode(REP_PRINCIPAL_POLICY));
+ adminSession.save();
+ }
+
+ @Test
+ public void testEmptyPolicy() throws Exception {
+ String xml = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>" +
+ "<sv:node sv:name=\""+REP_PRINCIPAL_POLICY+"\"
xmlns:mix=\"http://www.jcp.org/jcr/mix/1.0\";
xmlns:nt=\"http://www.jcp.org/jcr/nt/1.0\";
xmlns:fn_old=\"http://www.w3.org/2004/10/xpath-functions\";
xmlns:fn=\"http://www.w3.org/2005/xpath-functions\";
xmlns:xs=\"http://www.w3.org/2001/XMLSchema\";
xmlns:sv=\"http://www.jcp.org/jcr/sv/1.0\"; xmlns:rep=\"internal\"
xmlns:jcr=\"http://www.jcp.org/jcr/1.0\";>" +
+ "<sv:property sv:name=\""+JCR_PRIMARYTYPE+"\"
sv:type=\"Name\"><sv:value>"+NT_REP_PRINCIPAL_POLICY+"</sv:value></sv:property>"
+
+ "<sv:property sv:name=\""+REP_PRINCIPAL_NAME+"\"
sv:type=\"String\"><sv:value>" + testPrincipalName +
"</sv:value></sv:property>" +
+ "</sv:node>";
+ adminSession.getNode(testPath).addMixin(MIX_REP_PRINCIPAL_BASED_MIXIN);
+ doImport(testPath, xml);
+
+ PrincipalPolicyImpl policy = getPrincipalPolicyImpl(testPrincipal,
getAccessControlManager());
+ assertTrue(policy.isEmpty());
+ adminSession.save();
+ }
+
+ @Test(expected = ConstraintViolationException.class)
+ public void testEmptyPolicyWithInvalidNodeName() throws Exception {
+ String xml = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>" +
+ "<sv:node sv:name=\"someOtherNode\"
xmlns:mix=\"http://www.jcp.org/jcr/mix/1.0\";
xmlns:nt=\"http://www.jcp.org/jcr/nt/1.0\";
xmlns:fn_old=\"http://www.w3.org/2004/10/xpath-functions\";
xmlns:fn=\"http://www.w3.org/2005/xpath-functions\";
xmlns:xs=\"http://www.w3.org/2001/XMLSchema\";
xmlns:sv=\"http://www.jcp.org/jcr/sv/1.0\"; xmlns:rep=\"internal\"
xmlns:jcr=\"http://www.jcp.org/jcr/1.0\";>" +
+ "<sv:property sv:name=\""+JCR_PRIMARYTYPE+"\"
sv:type=\"Name\"><sv:value>"+NT_REP_PRINCIPAL_POLICY+"</sv:value></sv:property>"
+
+ "<sv:property sv:name=\""+REP_PRINCIPAL_NAME+"\"
sv:type=\"String\"><sv:value>" + testPrincipalName +
"</sv:value></sv:property>" +
+ "</sv:node>";
+
+ adminSession.getNode(testPath).addMixin(MIX_REP_PRINCIPAL_BASED_MIXIN);
+ doImport(testPath, xml);
+ adminSession.save();
+ }
+
+ @Test(expected = ConstraintViolationException.class)
+ public void testEmptyPolicyPrincipalNameTypeMismatch() throws Exception {
+ String xml = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>" +
+ "<sv:node sv:name=\""+REP_PRINCIPAL_POLICY+"\"
xmlns:mix=\"http://www.jcp.org/jcr/mix/1.0\";
xmlns:nt=\"http://www.jcp.org/jcr/nt/1.0\";
xmlns:fn_old=\"http://www.w3.org/2004/10/xpath-functions\";
xmlns:fn=\"http://www.w3.org/2005/xpath-functions\";
xmlns:xs=\"http://www.w3.org/2001/XMLSchema\";
xmlns:sv=\"http://www.jcp.org/jcr/sv/1.0\"; xmlns:rep=\"internal\"
xmlns:jcr=\"http://www.jcp.org/jcr/1.0\";>" +
+ "<sv:property sv:name=\""+JCR_PRIMARYTYPE+"\"
sv:type=\"Name\"><sv:value>"+NT_REP_PRINCIPAL_POLICY+"</sv:value></sv:property>"
+
+ "<sv:property sv:name=\""+REP_PRINCIPAL_NAME+"\"
sv:type=\"Name\"><sv:value>" + getTestUser().getPrincipal().getName() +
"</sv:value></sv:property>" +
+ "</sv:node>";
+ adminSession.getNode(testPath).addMixin(MIX_REP_PRINCIPAL_BASED_MIXIN);
+ doImport(testPath, xml);
+ }
+
+ @Test(expected = ConstraintViolationException.class)
+ public void testEmptyPolicyPrincipalNameMultiple() throws Exception {
+ String xml = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>" +
+ "<sv:node sv:name=\""+REP_PRINCIPAL_POLICY+"\"
xmlns:mix=\"http://www.jcp.org/jcr/mix/1.0\";
xmlns:nt=\"http://www.jcp.org/jcr/nt/1.0\";
xmlns:fn_old=\"http://www.w3.org/2004/10/xpath-functions\";
xmlns:fn=\"http://www.w3.org/2005/xpath-functions\";
xmlns:xs=\"http://www.w3.org/2001/XMLSchema\";
xmlns:sv=\"http://www.jcp.org/jcr/sv/1.0\"; xmlns:rep=\"internal\"
xmlns:jcr=\"http://www.jcp.org/jcr/1.0\";>" +
+ "<sv:property sv:name=\""+JCR_PRIMARYTYPE+"\"
sv:type=\"Name\"><sv:value>"+NT_REP_PRINCIPAL_POLICY+"</sv:value></sv:property>"
+
+ "<sv:property sv:name=\""+REP_PRINCIPAL_NAME+"\"
sv:type=\"String\" sv:multiple=\"true\"><sv:value>" + testPrincipalName +
"</sv:value></sv:property>" +
+ "</sv:node>";
+ adminSession.getNode(testPath).addMixin(MIX_REP_PRINCIPAL_BASED_MIXIN);
+ doImport(testPath, xml);
+ }
+
+ @Test(expected = ConstraintViolationException.class)
+ public void testNestedPolicy() throws Exception {
+ String xml = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>" +
+ "<sv:node sv:name=\""+REP_PRINCIPAL_POLICY+"\"
xmlns:mix=\"http://www.jcp.org/jcr/mix/1.0\";
xmlns:nt=\"http://www.jcp.org/jcr/nt/1.0\";
xmlns:fn_old=\"http://www.w3.org/2004/10/xpath-functions\";
xmlns:fn=\"http://www.w3.org/2005/xpath-functions\";
xmlns:xs=\"http://www.w3.org/2001/XMLSchema\";
xmlns:sv=\"http://www.jcp.org/jcr/sv/1.0\"; xmlns:rep=\"internal\"
xmlns:jcr=\"http://www.jcp.org/jcr/1.0\";>" +
+ "<sv:property sv:name=\""+JCR_PRIMARYTYPE+"\"
sv:type=\"Name\"><sv:value>"+NT_REP_PRINCIPAL_POLICY+"</sv:value></sv:property>"
+
+ "<sv:property sv:name=\""+REP_PRINCIPAL_NAME+"\"
sv:type=\"String\"><sv:value>" + testPrincipalName +
"</sv:value></sv:property>" +
+ "<sv:node sv:name=\""+REP_PRINCIPAL_POLICY+"\"
xmlns:mix=\"http://www.jcp.org/jcr/mix/1.0\";
xmlns:nt=\"http://www.jcp.org/jcr/nt/1.0\";
xmlns:fn_old=\"http://www.w3.org/2004/10/xpath-functions\";
xmlns:fn=\"http://www.w3.org/2005/xpath-functions\";
xmlns:xs=\"http://www.w3.org/2001/XMLSchema\";
xmlns:sv=\"http://www.jcp.org/jcr/sv/1.0\"; xmlns:rep=\"internal\"
xmlns:jcr=\"http://www.jcp.org/jcr/1.0\";>" +
+ "<sv:property sv:name=\""+JCR_PRIMARYTYPE+"\"
sv:type=\"Name\"><sv:value>"+NT_REP_PRINCIPAL_POLICY+"</sv:value></sv:property>"
+
+ "<sv:property sv:name=\""+REP_PRINCIPAL_NAME+"\"
sv:type=\"String\"><sv:value>" + testPrincipalName +
"</sv:value></sv:property>" +
+ "</sv:node>" +
+ "</sv:node>";
+
+ adminSession.getNode(testPath).addMixin(MIX_REP_PRINCIPAL_BASED_MIXIN);
+ doImport(testPath, xml);
+ }
+
+ @Test(expected = ConstraintViolationException.class)
+ public void testEmptyPolicyWithInvalidPrincipalName() throws Exception {
+ String xml = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>" +
+ "<sv:node sv:name=\""+REP_PRINCIPAL_POLICY+"\"
xmlns:mix=\"http://www.jcp.org/jcr/mix/1.0\";
xmlns:nt=\"http://www.jcp.org/jcr/nt/1.0\";
xmlns:fn_old=\"http://www.w3.org/2004/10/xpath-functions\";
xmlns:fn=\"http://www.w3.org/2005/xpath-functions\";
xmlns:xs=\"http://www.w3.org/2001/XMLSchema\";
xmlns:sv=\"http://www.jcp.org/jcr/sv/1.0\"; xmlns:rep=\"internal\"
xmlns:jcr=\"http://www.jcp.org/jcr/1.0\";>" +
+ "<sv:property sv:name=\""+JCR_PRIMARYTYPE+"\"
sv:type=\"Name\"><sv:value>"+NT_REP_PRINCIPAL_POLICY+"</sv:value></sv:property>"
+
+ "<sv:property sv:name=\""+REP_PRINCIPAL_NAME+"\"
sv:type=\"String\"><sv:value>"+getTestUser().getPrincipal().getName()+"</sv:value></sv:property>"
+
+ "</sv:node>";
+
+ adminSession.getNode(testPath).addMixin(MIX_REP_PRINCIPAL_BASED_MIXIN);
+ doImport(testPath, xml);
+ //adminSession.save();
+ }
+
+ @Test(expected = ConstraintViolationException.class)
+ public void testEntryWithMissingEffectivePath() throws Exception {
+ String xml = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>" +
+ "<sv:node sv:name=\""+REP_PRINCIPAL_POLICY+"\"
xmlns:mix=\"http://www.jcp.org/jcr/mix/1.0\";
xmlns:nt=\"http://www.jcp.org/jcr/nt/1.0\";
xmlns:fn_old=\"http://www.w3.org/2004/10/xpath-functions\";
xmlns:fn=\"http://www.w3.org/2005/xpath-functions\";
xmlns:xs=\"http://www.w3.org/2001/XMLSchema\";
xmlns:sv=\"http://www.jcp.org/jcr/sv/1.0\"; xmlns:rep=\"internal\"
xmlns:jcr=\"http://www.jcp.org/jcr/1.0\";>" +
+ "<sv:property sv:name=\""+JCR_PRIMARYTYPE+"\"
sv:type=\"Name\"><sv:value>"+NT_REP_PRINCIPAL_POLICY+"</sv:value></sv:property>"
+
+ "<sv:property sv:name=\""+REP_PRINCIPAL_NAME+"\"
sv:type=\"String\"><sv:value>"+testPrincipalName+"</sv:value></sv:property>" +
+ "<sv:node sv:name=\"entry0\">" +
+ "<sv:property sv:name=\""+JCR_PRIMARYTYPE+"\"
sv:type=\"Name\"><sv:value>"+NT_REP_PRINCIPAL_ENTRY+"</sv:value></sv:property>"
+
+ "<sv:property sv:name=\""+REP_PRIVILEGES+"\"
sv:type=\"Name\" sv:multiple=\"true\">" +
+ "<sv:value>"+JCR_READ+"</sv:value>" +
+ "</sv:property>" +
+ "</sv:node>" +
+ "</sv:node>";
+ doImport(testPath, xml);
+ }
+
+ @Test(expected = ConstraintViolationException.class)
+ public void testEntryWithEffectivePathTypeMismatch() throws Exception {
+ String xml = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>" +
+ "<sv:node sv:name=\""+REP_PRINCIPAL_POLICY+"\"
xmlns:mix=\"http://www.jcp.org/jcr/mix/1.0\";
xmlns:nt=\"http://www.jcp.org/jcr/nt/1.0\";
xmlns:fn_old=\"http://www.w3.org/2004/10/xpath-functions\";
xmlns:fn=\"http://www.w3.org/2005/xpath-functions\";
xmlns:xs=\"http://www.w3.org/2001/XMLSchema\";
xmlns:sv=\"http://www.jcp.org/jcr/sv/1.0\"; xmlns:rep=\"internal\"
xmlns:jcr=\"http://www.jcp.org/jcr/1.0\";>" +
+ "<sv:property sv:name=\""+JCR_PRIMARYTYPE+"\"
sv:type=\"Name\"><sv:value>"+NT_REP_PRINCIPAL_POLICY+"</sv:value></sv:property>"
+
+ "<sv:property sv:name=\""+REP_PRINCIPAL_NAME+"\"
sv:type=\"String\"><sv:value>"+testPrincipalName+"</sv:value></sv:property>" +
+ "<sv:node sv:name=\"entry0\">" +
+ "<sv:property sv:name=\""+JCR_PRIMARYTYPE+"\"
sv:type=\"Name\"><sv:value>"+NT_REP_PRINCIPAL_ENTRY+"</sv:value></sv:property>"
+
+ "<sv:property sv:name=\""+REP_EFFECTIVE_PATH+"\"
sv:type=\"String\"><sv:value>/content</sv:value></sv:property>" +
+ "<sv:property sv:name=\""+REP_PRIVILEGES+"\"
sv:type=\"Name\" sv:multiple=\"true\">" +
+ "<sv:value>"+JCR_READ+"</sv:value>" +
+ "</sv:property>" +
+ "</sv:node>" +
+ "</sv:node>";
+ doImport(testPath, xml);
+ }
+
+ @Test(expected = RepositoryException.class)
+ public void testEntryWithEffectivePathMV() throws Exception {
+ String xml = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>" +
+ "<sv:node sv:name=\""+REP_PRINCIPAL_POLICY+"\"
xmlns:mix=\"http://www.jcp.org/jcr/mix/1.0\";
xmlns:nt=\"http://www.jcp.org/jcr/nt/1.0\";
xmlns:fn_old=\"http://www.w3.org/2004/10/xpath-functions\";
xmlns:fn=\"http://www.w3.org/2005/xpath-functions\";
xmlns:xs=\"http://www.w3.org/2001/XMLSchema\";
xmlns:sv=\"http://www.jcp.org/jcr/sv/1.0\"; xmlns:rep=\"internal\"
xmlns:jcr=\"http://www.jcp.org/jcr/1.0\";>" +
+ "<sv:property sv:name=\""+JCR_PRIMARYTYPE+"\"
sv:type=\"Name\"><sv:value>"+NT_REP_PRINCIPAL_POLICY+"</sv:value></sv:property>"
+
+ "<sv:property sv:name=\""+REP_PRINCIPAL_NAME+"\"
sv:type=\"String\"><sv:value>"+testPrincipalName+"</sv:value></sv:property>" +
+ "<sv:node sv:name=\"entry0\">" +
+ "<sv:property sv:name=\""+JCR_PRIMARYTYPE+"\"
sv:type=\"Name\"><sv:value>"+NT_REP_PRINCIPAL_ENTRY+"</sv:value></sv:property>"
+
+ "<sv:property sv:name=\""+REP_EFFECTIVE_PATH+"\"
sv:type=\"Path\"
sv:multiple=\"true\"><sv:value>/content</sv:value></sv:property>" +
+ "<sv:property sv:name=\""+REP_PRIVILEGES+"\"
sv:type=\"Name\" sv:multiple=\"true\">" +
+ "<sv:value>"+JCR_READ+"</sv:value>" +
+ "</sv:property>" +
+ "</sv:node>" +
+ "</sv:node>";
+ doImport(testPath, xml);
+ }
+
+ @Test(expected = ConstraintViolationException.class)
+ public void testEntryWithMissingPrivileges() throws Exception {
+ String xml = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>" +
+ "<sv:node sv:name=\""+REP_PRINCIPAL_POLICY+"\"
xmlns:mix=\"http://www.jcp.org/jcr/mix/1.0\";
xmlns:nt=\"http://www.jcp.org/jcr/nt/1.0\";
xmlns:fn_old=\"http://www.w3.org/2004/10/xpath-functions\";
xmlns:fn=\"http://www.w3.org/2005/xpath-functions\";
xmlns:xs=\"http://www.w3.org/2001/XMLSchema\";
xmlns:sv=\"http://www.jcp.org/jcr/sv/1.0\"; xmlns:rep=\"internal\"
xmlns:jcr=\"http://www.jcp.org/jcr/1.0\";>" +
+ "<sv:property sv:name=\""+JCR_PRIMARYTYPE+"\"
sv:type=\"Name\"><sv:value>"+NT_REP_PRINCIPAL_POLICY+"</sv:value></sv:property>"
+
+ "<sv:property sv:name=\""+REP_PRINCIPAL_NAME+"\"
sv:type=\"String\"><sv:value>"+testPrincipalName+"</sv:value></sv:property>" +
+ "<sv:node sv:name=\"entry0\">" +
+ "<sv:property sv:name=\""+JCR_PRIMARYTYPE+"\"
sv:type=\"Name\"><sv:value>"+NT_REP_PRINCIPAL_ENTRY+"</sv:value></sv:property>"
+
+ "<sv:property sv:name=\""+REP_EFFECTIVE_PATH+"\"
sv:type=\"Path\"><sv:value>/content</sv:value></sv:property>" +
+ "</sv:node>" +
+ "</sv:node>";
+ doImport(testPath, xml);
+ }
+
+ @Test(expected = ConstraintViolationException.class)
+ public void testEntryWithPrivilegesTypeMismatch() throws Exception {
+ String xml = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>" +
+ "<sv:node sv:name=\""+REP_PRINCIPAL_POLICY+"\"
xmlns:mix=\"http://www.jcp.org/jcr/mix/1.0\";
xmlns:nt=\"http://www.jcp.org/jcr/nt/1.0\";
xmlns:fn_old=\"http://www.w3.org/2004/10/xpath-functions\";
xmlns:fn=\"http://www.w3.org/2005/xpath-functions\";
xmlns:xs=\"http://www.w3.org/2001/XMLSchema\";
xmlns:sv=\"http://www.jcp.org/jcr/sv/1.0\"; xmlns:rep=\"internal\"
xmlns:jcr=\"http://www.jcp.org/jcr/1.0\";>" +
+ "<sv:property sv:name=\""+JCR_PRIMARYTYPE+"\"
sv:type=\"Name\"><sv:value>"+NT_REP_PRINCIPAL_POLICY+"</sv:value></sv:property>"
+
+ "<sv:property sv:name=\""+REP_PRINCIPAL_NAME+"\"
sv:type=\"String\"><sv:value>"+testPrincipalName+"</sv:value></sv:property>" +
+ "<sv:node sv:name=\"entry0\">" +
+ "<sv:property sv:name=\""+JCR_PRIMARYTYPE+"\"
sv:type=\"Name\"><sv:value>"+NT_REP_PRINCIPAL_ENTRY+"</sv:value></sv:property>"
+
+ "<sv:property sv:name=\""+REP_EFFECTIVE_PATH+"\"
sv:type=\"Path\"><sv:value>/content</sv:value></sv:property>" +
+ "<sv:property sv:name=\""+REP_PRIVILEGES+"\"
sv:type=\"String\" sv:multiple=\"true\">" +
+ "<sv:value>"+JCR_READ+"</sv:value>" +
+ "</sv:property>" +
+ "</sv:node>" +
+ "</sv:node>";
+ doImport(testPath, xml);
+ }
+
+ @Test
+ public void testEntryWithPrivilegesSingleValue() throws Exception {
+ String xml = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>" +
+ "<sv:node sv:name=\""+REP_PRINCIPAL_POLICY+"\"
xmlns:mix=\"http://www.jcp.org/jcr/mix/1.0\";
xmlns:nt=\"http://www.jcp.org/jcr/nt/1.0\";
xmlns:fn_old=\"http://www.w3.org/2004/10/xpath-functions\";
xmlns:fn=\"http://www.w3.org/2005/xpath-functions\";
xmlns:xs=\"http://www.w3.org/2001/XMLSchema\";
xmlns:sv=\"http://www.jcp.org/jcr/sv/1.0\"; xmlns:rep=\"internal\"
xmlns:jcr=\"http://www.jcp.org/jcr/1.0\";>" +
+ "<sv:property sv:name=\""+JCR_PRIMARYTYPE+"\"
sv:type=\"Name\"><sv:value>"+NT_REP_PRINCIPAL_POLICY+"</sv:value></sv:property>"
+
+ "<sv:property sv:name=\""+REP_PRINCIPAL_NAME+"\"
sv:type=\"String\"><sv:value>"+testPrincipalName+"</sv:value></sv:property>" +
+ "<sv:node sv:name=\"entry0\">" +
+ "<sv:property sv:name=\""+JCR_PRIMARYTYPE+"\"
sv:type=\"Name\"><sv:value>"+NT_REP_PRINCIPAL_ENTRY+"</sv:value></sv:property>"
+
+ "<sv:property sv:name=\""+REP_EFFECTIVE_PATH+"\"
sv:type=\"Path\"><sv:value>/content</sv:value></sv:property>" +
+ "<sv:property sv:name=\""+REP_PRIVILEGES+"\"
sv:type=\"Name\">" +
+ "<sv:value>"+JCR_READ+"</sv:value>" +
+ "</sv:property>" +
+ "</sv:node>" +
+ "</sv:node>";
+ doImport(testPath, xml);
+ adminSession.save();
+
+ Node policyNode = adminSession.getNode(PathUtils.concat(testPath,
REP_PRINCIPAL_POLICY));
+ Node entry = Iterators.<Node>getOnlyElement(policyNode.getNodes());
+ assertTrue(entry.isNodeType(NT_REP_PRINCIPAL_ENTRY));
+ assertTrue(entry.getProperty(REP_PRIVILEGES).isMultiple());
+ }
+
+ @Test
+ public void testTwoIdenticalEntries() throws Exception {
+ String xml = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>" +
+ "<sv:node sv:name=\""+REP_PRINCIPAL_POLICY+"\"
xmlns:mix=\"http://www.jcp.org/jcr/mix/1.0\";
xmlns:nt=\"http://www.jcp.org/jcr/nt/1.0\";
xmlns:fn_old=\"http://www.w3.org/2004/10/xpath-functions\";
xmlns:fn=\"http://www.w3.org/2005/xpath-functions\";
xmlns:xs=\"http://www.w3.org/2001/XMLSchema\";
xmlns:sv=\"http://www.jcp.org/jcr/sv/1.0\"; xmlns:rep=\"internal\"
xmlns:jcr=\"http://www.jcp.org/jcr/1.0\";>" +
+ "<sv:property sv:name=\""+JCR_PRIMARYTYPE+"\"
sv:type=\"Name\"><sv:value>"+NT_REP_PRINCIPAL_POLICY+"</sv:value></sv:property>"
+
+ "<sv:property sv:name=\""+REP_PRINCIPAL_NAME+"\"
sv:type=\"String\"><sv:value>"+testPrincipalName+"</sv:value></sv:property>" +
+ "<sv:node sv:name=\"entry0\">" +
+ "<sv:property sv:name=\""+JCR_PRIMARYTYPE+"\"
sv:type=\"Name\"><sv:value>"+NT_REP_PRINCIPAL_ENTRY+"</sv:value></sv:property>"
+
+ "<sv:property sv:name=\""+REP_EFFECTIVE_PATH+"\"
sv:type=\"Path\"><sv:value>/content</sv:value></sv:property>" +
+ "<sv:property sv:name=\""+REP_PRIVILEGES+"\"
sv:type=\"Name\" sv:multiple=\"true\">" +
+ "<sv:value>"+JCR_READ+"</sv:value>" +
+ "</sv:property>" +
+ "</sv:node>" +
+ "<sv:node sv:name=\"entry1\">" +
+ "<sv:property sv:name=\""+JCR_PRIMARYTYPE+"\"
sv:type=\"Name\"><sv:value>"+NT_REP_PRINCIPAL_ENTRY+"</sv:value></sv:property>"
+
+ "<sv:property sv:name=\""+REP_EFFECTIVE_PATH+"\"
sv:type=\"Path\"><sv:value>/content</sv:value></sv:property>" +
+ "<sv:property sv:name=\""+REP_PRIVILEGES+"\"
sv:type=\"Name\" sv:multiple=\"true\">" +
+ "<sv:value>"+JCR_READ+"</sv:value>" +
+ "</sv:property>" +
+ "</sv:node>" +
+ "</sv:node>";
+ doImport(testPath, xml);
+ adminSession.save();
+
+ PrincipalPolicyImpl policy = getPrincipalPolicyImpl(testPrincipal,
getAccessControlManager());
+ assertEquals(1, policy.size());
+ }
+
+ @Test
+ public void testTwoDifferentEntries() throws Exception {
+ String xml = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>" +
+ "<sv:node sv:name=\""+REP_PRINCIPAL_POLICY+"\"
xmlns:mix=\"http://www.jcp.org/jcr/mix/1.0\";
xmlns:nt=\"http://www.jcp.org/jcr/nt/1.0\";
xmlns:fn_old=\"http://www.w3.org/2004/10/xpath-functions\";
xmlns:fn=\"http://www.w3.org/2005/xpath-functions\";
xmlns:xs=\"http://www.w3.org/2001/XMLSchema\";
xmlns:sv=\"http://www.jcp.org/jcr/sv/1.0\"; xmlns:rep=\"internal\"
xmlns:jcr=\"http://www.jcp.org/jcr/1.0\";>" +
+ "<sv:property sv:name=\""+JCR_PRIMARYTYPE+"\"
sv:type=\"Name\"><sv:value>"+NT_REP_PRINCIPAL_POLICY+"</sv:value></sv:property>"
+
+ "<sv:property sv:name=\""+REP_PRINCIPAL_NAME+"\"
sv:type=\"String\"><sv:value>"+testPrincipalName+"</sv:value></sv:property>" +
+ "<sv:node sv:name=\"entry0\">" +
+ "<sv:property sv:name=\""+JCR_PRIMARYTYPE+"\"
sv:type=\"Name\"><sv:value>"+NT_REP_PRINCIPAL_ENTRY+"</sv:value></sv:property>"
+
+ "<sv:property sv:name=\""+REP_EFFECTIVE_PATH+"\"
sv:type=\"Path\"><sv:value>/content</sv:value></sv:property>" +
+ "<sv:property sv:name=\""+REP_PRIVILEGES+"\"
sv:type=\"Name\" sv:multiple=\"true\">" +
+ "<sv:value>"+JCR_READ+"</sv:value>" +
+ "</sv:property>" +
+ "</sv:node>" +
+ "<sv:node sv:name=\"entry1\">" +
+ "<sv:property sv:name=\""+JCR_PRIMARYTYPE+"\"
sv:type=\"Name\"><sv:value>"+NT_REP_PRINCIPAL_ENTRY+"</sv:value></sv:property>"
+
+ "<sv:property sv:name=\""+REP_EFFECTIVE_PATH+"\"
sv:type=\"Path\"><sv:value></sv:value></sv:property>" +
+ "<sv:property sv:name=\""+REP_PRIVILEGES+"\"
sv:type=\"Name\" sv:multiple=\"true\">" +
+
"<sv:value>"+JCR_NAMESPACE_MANAGEMENT+"</sv:value>" +
+ "</sv:property>" +
+ "</sv:node>" +
+ "</sv:node>";
+ doImport(testPath, xml);
+ adminSession.save();
+
+ PrincipalPolicyImpl policy = getPrincipalPolicyImpl(testPrincipal,
getAccessControlManager());
+ assertEquals(2, policy.size());
+ List<PrincipalPolicyImpl.EntryImpl> entries = policy.getEntries();
+ assertEquals("/content", entries.get(0).getEffectivePath());
+ assertNull(entries.get(1).getEffectivePath());
+ }
+
+ @Test
+ public void testEffectivePathInRestriction() throws Exception {
+ String xml = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>" +
+ "<sv:node sv:name=\""+REP_PRINCIPAL_POLICY+"\"
xmlns:mix=\"http://www.jcp.org/jcr/mix/1.0\";
xmlns:nt=\"http://www.jcp.org/jcr/nt/1.0\";
xmlns:fn_old=\"http://www.w3.org/2004/10/xpath-functions\";
xmlns:fn=\"http://www.w3.org/2005/xpath-functions\";
xmlns:xs=\"http://www.w3.org/2001/XMLSchema\";
xmlns:sv=\"http://www.jcp.org/jcr/sv/1.0\"; xmlns:rep=\"internal\"
xmlns:jcr=\"http://www.jcp.org/jcr/1.0\";>" +
+ "<sv:property sv:name=\""+JCR_PRIMARYTYPE+"\"
sv:type=\"Name\"><sv:value>"+NT_REP_PRINCIPAL_POLICY+"</sv:value></sv:property>"
+
+ "<sv:property sv:name=\""+REP_PRINCIPAL_NAME+"\"
sv:type=\"String\"><sv:value>"+testPrincipalName+"</sv:value></sv:property>" +
+ "<sv:node sv:name=\"entry0\">" +
+ "<sv:property sv:name=\""+JCR_PRIMARYTYPE+"\"
sv:type=\"Name\"><sv:value>"+NT_REP_PRINCIPAL_ENTRY+"</sv:value></sv:property>"
+
+ "<sv:property sv:name=\""+REP_PRIVILEGES+"\"
sv:type=\"Name\" sv:multiple=\"true\">" +
+ "<sv:value>"+JCR_READ+"</sv:value>" +
+ "</sv:property>" +
+ "<sv:node sv:name=\""+REP_RESTRICTIONS+"\">" +
+ "<sv:property sv:name=\""+JCR_PRIMARYTYPE+"\"
sv:type=\"Name\"><sv:value>"+NT_REP_RESTRICTIONS+"</sv:value></sv:property>" +
+ "<sv:property sv:name=\""+
AccessControlConstants.REP_NODE_PATH+"\"
sv:type=\"String\"><sv:value>/content</sv:value></sv:property>" +
+ "</sv:node>" +
+ "</sv:node>" +
+ "</sv:node>";
+ doImport(testPath, xml);
+ adminSession.save();
+
+ PrincipalPolicyImpl policy = getPrincipalPolicyImpl(testPrincipal,
getAccessControlManager());
+ assertEquals(1, policy.size());
+ PrincipalPolicyImpl.EntryImpl entry = policy.getEntries().get(0);
+ assertEquals("/content", entry.getOakPath());
+ assertTrue(entry.getRestrictions().isEmpty());
+ }
+
+ @Test(expected = ConstraintViolationException.class)
+ public void testUnsupportedPath() throws Exception {
+ // move user node outside of supported path.
+ String unsupportedPath =
PathUtils.concat(PathUtils.getAncestorPath(testPath, 2),
PathUtils.getName(testPath));
+ adminSession.move(testPath, unsupportedPath);
+ adminSession.save();
+
+ String xml = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>" +
+ "<sv:node sv:name=\""+REP_PRINCIPAL_POLICY+"\"
xmlns:mix=\"http://www.jcp.org/jcr/mix/1.0\";
xmlns:nt=\"http://www.jcp.org/jcr/nt/1.0\";
xmlns:fn_old=\"http://www.w3.org/2004/10/xpath-functions\";
xmlns:fn=\"http://www.w3.org/2005/xpath-functions\";
xmlns:xs=\"http://www.w3.org/2001/XMLSchema\";
xmlns:sv=\"http://www.jcp.org/jcr/sv/1.0\"; xmlns:rep=\"internal\"
xmlns:jcr=\"http://www.jcp.org/jcr/1.0\";>" +
+ "<sv:property sv:name=\""+JCR_PRIMARYTYPE+"\"
sv:type=\"Name\"><sv:value>"+NT_REP_PRINCIPAL_POLICY+"</sv:value></sv:property>"
+
+ "<sv:property sv:name=\""+REP_PRINCIPAL_NAME+"\"
sv:type=\"String\"><sv:value>"+testPrincipalName+"</sv:value></sv:property>" +
+ "<sv:node sv:name=\"entry0\">" +
+ "<sv:property sv:name=\""+JCR_PRIMARYTYPE+"\"
sv:type=\"Name\"><sv:value>"+NT_REP_PRINCIPAL_ENTRY+"</sv:value></sv:property>"
+
+ "<sv:property sv:name=\""+REP_EFFECTIVE_PATH+"\"
sv:type=\"Path\"><sv:value>/content</sv:value></sv:property>" +
+ "<sv:property sv:name=\""+REP_PRIVILEGES+"\"
sv:type=\"Name\" sv:multiple=\"true\">" +
+ "<sv:value>"+JCR_READ+"</sv:value>" +
+ "</sv:property>" +
+ "</sv:node>" +
+ "</sv:node>";
+
+ // import will leave incomplete policy
+ doImport(unsupportedPath, xml);
+ adminSession.save();
+ }
+
+ @Test
+ public void testEntryWithRestriction() throws Exception {
+ String xml = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>" +
+ "<sv:node sv:name=\""+REP_PRINCIPAL_POLICY+"\"
xmlns:mix=\"http://www.jcp.org/jcr/mix/1.0\";
xmlns:nt=\"http://www.jcp.org/jcr/nt/1.0\";
xmlns:fn_old=\"http://www.w3.org/2004/10/xpath-functions\";
xmlns:fn=\"http://www.w3.org/2005/xpath-functions\";
xmlns:xs=\"http://www.w3.org/2001/XMLSchema\";
xmlns:sv=\"http://www.jcp.org/jcr/sv/1.0\"; xmlns:rep=\"internal\"
xmlns:jcr=\"http://www.jcp.org/jcr/1.0\";>" +
+ "<sv:property sv:name=\""+JCR_PRIMARYTYPE+"\"
sv:type=\"Name\"><sv:value>"+NT_REP_PRINCIPAL_POLICY+"</sv:value></sv:property>"
+
+ "<sv:property sv:name=\""+REP_PRINCIPAL_NAME+"\"
sv:type=\"String\"><sv:value>"+testPrincipalName+"</sv:value></sv:property>" +
+ "<sv:node sv:name=\"entry0\">" +
+ "<sv:property sv:name=\""+JCR_PRIMARYTYPE+"\"
sv:type=\"Name\"><sv:value>"+NT_REP_PRINCIPAL_ENTRY+"</sv:value></sv:property>"
+
+ "<sv:property sv:name=\""+REP_EFFECTIVE_PATH+"\"
sv:type=\"Path\"><sv:value>/content</sv:value></sv:property>" +
+ "<sv:property sv:name=\""+REP_PRIVILEGES+"\"
sv:type=\"Name\" sv:multiple=\"true\">" +
+ "<sv:value>"+JCR_READ+"</sv:value>" +
+ "</sv:property>" +
+ "<sv:node sv:name=\""+REP_RESTRICTIONS+"\">" +
+ "<sv:property sv:name=\""+JCR_PRIMARYTYPE+"\"
sv:type=\"Name\"><sv:value>"+NT_REP_RESTRICTIONS+"</sv:value></sv:property>" +
+ "<sv:property sv:name=\""+ REP_GLOB+"\"
sv:type=\"String\"><sv:value>*</sv:value></sv:property>" +
+ "</sv:node>" +
+ "</sv:node>" +
+ "</sv:node>";
+ doImport(testPath, xml);
+ adminSession.save();
+
+ PrincipalPolicyImpl policy = getPrincipalPolicyImpl(testPrincipal,
getAccessControlManager());
+ assertEquals(1, policy.size());
+ PrincipalPolicyImpl.EntryImpl entry = policy.getEntries().get(0);
+ assertEquals("*", entry.getRestriction(REP_GLOB).getString());
+ }
+}
Propchange:
jackrabbit/oak/trunk/oak-authorization-principalbased/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/principalbased/impl/ImportBaseTest.java
------------------------------------------------------------------------------
svn:eol-style = native
Added:
jackrabbit/oak/trunk/oak-authorization-principalbased/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/principalbased/impl/ImportBesteffortTest.java
URL:
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-authorization-principalbased/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/principalbased/impl/ImportBesteffortTest.java?rev=1857551&view=auto
==============================================================================
---
jackrabbit/oak/trunk/oak-authorization-principalbased/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/principalbased/impl/ImportBesteffortTest.java
(added)
+++
jackrabbit/oak/trunk/oak-authorization-principalbased/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/principalbased/impl/ImportBesteffortTest.java
Mon Apr 15 07:16:49 2019
@@ -0,0 +1,52 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package
org.apache.jackrabbit.oak.spi.security.authorization.principalbased.impl;
+
+import org.apache.jackrabbit.api.security.JackrabbitAccessControlManager;
+import org.apache.jackrabbit.api.security.user.User;
+import org.apache.jackrabbit.oak.spi.xml.ImportBehavior;
+import org.junit.Test;
+
+import static org.apache.jackrabbit.JcrConstants.JCR_PRIMARYTYPE;
+import static
org.apache.jackrabbit.oak.spi.security.authorization.principalbased.impl.Constants.NT_REP_PRINCIPAL_POLICY;
+import static
org.apache.jackrabbit.oak.spi.security.authorization.principalbased.impl.Constants.REP_PRINCIPAL_NAME;
+import static
org.apache.jackrabbit.oak.spi.security.authorization.principalbased.impl.Constants.REP_PRINCIPAL_POLICY;
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertTrue;
+
+public class ImportBesteffortTest extends ImportBaseTest {
+
+ @Override
+ String getImportBehavior() {
+ return ImportBehavior.NAME_BESTEFFORT;
+ }
+
+ @Test
+ public void testTransientPrincipal() throws Exception {
+ User transientSystemUser =
getUserManager().createSystemUser("transientSystemUser", INTERMEDIATE_PATH);
+ String xml = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>" +
+ "<sv:node sv:name=\""+REP_PRINCIPAL_POLICY+"\"
xmlns:mix=\"http://www.jcp.org/jcr/mix/1.0\";
xmlns:nt=\"http://www.jcp.org/jcr/nt/1.0\";
xmlns:fn_old=\"http://www.w3.org/2004/10/xpath-functions\";
xmlns:fn=\"http://www.w3.org/2005/xpath-functions\";
xmlns:xs=\"http://www.w3.org/2001/XMLSchema\";
xmlns:sv=\"http://www.jcp.org/jcr/sv/1.0\"; xmlns:rep=\"internal\"
xmlns:jcr=\"http://www.jcp.org/jcr/1.0\";>" +
+ "<sv:property sv:name=\""+JCR_PRIMARYTYPE+"\"
sv:type=\"Name\"><sv:value>"+NT_REP_PRINCIPAL_POLICY+"</sv:value></sv:property>"
+
+ "<sv:property sv:name=\""+REP_PRINCIPAL_NAME+"\"
sv:type=\"String\"><sv:value>"+transientSystemUser.getPrincipal().getName()+"</sv:value></sv:property>"
+
+ "</sv:node>";
+ doImport(transientSystemUser.getPath(), xml);
+
+ PrincipalPolicyImpl policy =
getPrincipalPolicyImpl(transientSystemUser.getPrincipal(),
getAccessControlManager());
+ assertEquals(policy.getPrincipal().getName(),
transientSystemUser.getPrincipal().getName());
+ assertTrue(policy.isEmpty());
+ }
+}
\ No newline at end of file
Propchange:
jackrabbit/oak/trunk/oak-authorization-principalbased/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/principalbased/impl/ImportBesteffortTest.java
------------------------------------------------------------------------------
svn:eol-style = native
Added:
jackrabbit/oak/trunk/oak-authorization-principalbased/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/principalbased/impl/ImportIgnoreTest.java
URL:
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-authorization-principalbased/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/principalbased/impl/ImportIgnoreTest.java?rev=1857551&view=auto
==============================================================================
---
jackrabbit/oak/trunk/oak-authorization-principalbased/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/principalbased/impl/ImportIgnoreTest.java
(added)
+++
jackrabbit/oak/trunk/oak-authorization-principalbased/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/principalbased/impl/ImportIgnoreTest.java
Mon Apr 15 07:16:49 2019
@@ -0,0 +1,58 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package
org.apache.jackrabbit.oak.spi.security.authorization.principalbased.impl;
+
+import org.apache.jackrabbit.api.security.user.User;
+import org.apache.jackrabbit.oak.spi.xml.ImportBehavior;
+import org.junit.Test;
+
+import javax.jcr.Node;
+import javax.jcr.security.AccessControlPolicy;
+
+import static org.apache.jackrabbit.JcrConstants.JCR_PRIMARYTYPE;
+import static
org.apache.jackrabbit.oak.spi.security.authorization.principalbased.impl.Constants.NT_REP_PRINCIPAL_POLICY;
+import static
org.apache.jackrabbit.oak.spi.security.authorization.principalbased.impl.Constants.REP_PRINCIPAL_NAME;
+import static
org.apache.jackrabbit.oak.spi.security.authorization.principalbased.impl.Constants.REP_PRINCIPAL_POLICY;
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertTrue;
+
+public class ImportIgnoreTest extends ImportBaseTest {
+
+ @Override
+ String getImportBehavior() {
+ return ImportBehavior.NAME_IGNORE;
+ }
+
+ @Test
+ public void testTransientPrincipal() throws Exception {
+ User transientSystemUser =
getUserManager().createSystemUser("transientSystemUser", INTERMEDIATE_PATH);
+ String xml = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>" +
+ "<sv:node sv:name=\""+REP_PRINCIPAL_POLICY+"\"
xmlns:mix=\"http://www.jcp.org/jcr/mix/1.0\";
xmlns:nt=\"http://www.jcp.org/jcr/nt/1.0\";
xmlns:fn_old=\"http://www.w3.org/2004/10/xpath-functions\";
xmlns:fn=\"http://www.w3.org/2005/xpath-functions\";
xmlns:xs=\"http://www.w3.org/2001/XMLSchema\";
xmlns:sv=\"http://www.jcp.org/jcr/sv/1.0\"; xmlns:rep=\"internal\"
xmlns:jcr=\"http://www.jcp.org/jcr/1.0\";>" +
+ "<sv:property sv:name=\""+JCR_PRIMARYTYPE+"\"
sv:type=\"Name\"><sv:value>"+NT_REP_PRINCIPAL_POLICY+"</sv:value></sv:property>"
+
+ "<sv:property sv:name=\""+REP_PRINCIPAL_NAME+"\"
sv:type=\"String\"><sv:value>"+transientSystemUser.getPrincipal().getName()+"</sv:value></sv:property>"
+
+ "</sv:node>";
+ doImport(transientSystemUser.getPath(), xml);
+
+
assertTrue(getSession().getNode(transientSystemUser.getPath()).hasNode(REP_PRINCIPAL_POLICY));
+ Node policy =
getSession().getNode(transientSystemUser.getPath()).getNode(REP_PRINCIPAL_POLICY);
+ assertTrue(policy.hasProperty(REP_PRINCIPAL_NAME));
+
+ // but looking up policy doesn't work because of transient principal.
+ AccessControlPolicy[] policies =
getAccessControlManager().getPolicies(transientSystemUser.getPrincipal());
+ assertEquals(0, policies.length);
+ }
+}
\ No newline at end of file
Propchange:
jackrabbit/oak/trunk/oak-authorization-principalbased/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/principalbased/impl/ImportIgnoreTest.java
------------------------------------------------------------------------------
svn:eol-style = native
Added:
jackrabbit/oak/trunk/oak-authorization-principalbased/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/principalbased/impl/MgrProviderImplTest.java
URL:
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-authorization-principalbased/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/principalbased/impl/MgrProviderImplTest.java?rev=1857551&view=auto
==============================================================================
---
jackrabbit/oak/trunk/oak-authorization-principalbased/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/principalbased/impl/MgrProviderImplTest.java
(added)
+++
jackrabbit/oak/trunk/oak-authorization-principalbased/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/principalbased/impl/MgrProviderImplTest.java
Mon Apr 15 07:16:49 2019
@@ -0,0 +1,135 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package
org.apache.jackrabbit.oak.spi.security.authorization.principalbased.impl;
+
+import org.apache.jackrabbit.api.security.authorization.PrivilegeManager;
+import org.apache.jackrabbit.api.security.principal.PrincipalManager;
+import org.apache.jackrabbit.oak.api.Root;
+import org.apache.jackrabbit.oak.namepath.NamePathMapper;
+import
org.apache.jackrabbit.oak.spi.security.authorization.AuthorizationConfiguration;
+import
org.apache.jackrabbit.oak.spi.security.authorization.restriction.RestrictionProvider;
+import org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeBitsProvider;
+import org.junit.Before;
+import org.junit.Test;
+
+import static org.junit.Assert.assertNotSame;
+import static org.junit.Assert.assertSame;
+import static org.mockito.Mockito.mock;
+
+public class MgrProviderImplTest extends AbstractPrincipalBasedTest {
+
+ private MgrProviderImpl mgrProvider;
+
+ @Before
+ @Override
+ public void before() throws Exception {
+ super.before();
+
+ mgrProvider = (MgrProviderImpl) getMgrProvider(root);
+ }
+
+ @Test
+ public void testGetContext() {
+ assertSame(getConfig(AuthorizationConfiguration.class).getContext(),
mgrProvider.getContext());
+ }
+
+ @Test
+ public void testGetNamePathMapper() {
+ assertSame(getNamePathMapper(), mgrProvider.getNamePathMapper());
+ }
+
+ @Test
+ public void testGetNamePathMapper2() {
+ MgrProvider mp = new
MgrProviderImpl(mock(PrincipalBasedAuthorizationConfiguration.class));
+ assertSame(NamePathMapper.DEFAULT, mp.getNamePathMapper());
+ }
+
+ @Test
+ public void testGetRoot() {
+ assertSame(root, mgrProvider.getRoot());
+ }
+
+ @Test(expected = IllegalStateException.class)
+ public void testRootNotInitialized() {
+ MgrProvider mp = new
MgrProviderImpl(mock(PrincipalBasedAuthorizationConfiguration.class));
+ mp.getRoot();
+ }
+
+ @Test
+ public void testReset() {
+ MgrProvider mp = new
MgrProviderImpl(mock(PrincipalBasedAuthorizationConfiguration.class));
+ Root r = mock(Root.class);
+ NamePathMapper mapper = mock(NamePathMapper.class);
+ mp.reset(r, mapper);
+ assertSame(r, mp.getRoot());
+ assertSame(mapper, mp.getNamePathMapper());
+ }
+
+ @Test
+ public void testGetPrincipalManager() {
+ PrincipalManager pm = mgrProvider.getPrincipalManager();
+ assertSame(pm, mgrProvider.getPrincipalManager());
+
+ mgrProvider.reset(root, getNamePathMapper());
+ assertNotSame(pm, mgrProvider.getPrincipalManager());
+ }
+
+ @Test
+ public void testGetPrivilegeManager() {
+ PrivilegeManager pm = mgrProvider.getPrivilegeManager();
+ assertSame(pm, mgrProvider.getPrivilegeManager());
+
+ mgrProvider.reset(root, getNamePathMapper());
+ assertNotSame(pm, mgrProvider.getPrivilegeManager());
+ }
+
+ @Test
+ public void testGetPrivilegeBitsProvider() {
+ PrivilegeBitsProvider pbp = mgrProvider.getPrivilegeBitsProvider();
+ assertSame(pbp, mgrProvider.getPrivilegeBitsProvider());
+
+ mgrProvider.reset(root, getNamePathMapper());
+ assertNotSame(pbp, mgrProvider.getPrivilegeBitsProvider());
+ }
+
+ @Test
+ public void testGetRestrictionProvider() {
+ RestrictionProvider rp = mgrProvider.getRestrictionProvider();
+ assertSame(rp, mgrProvider.getRestrictionProvider());
+
+ mgrProvider.reset(root, getNamePathMapper());
+ assertSame(rp, mgrProvider.getRestrictionProvider());
+ }
+
+ @Test
+ public void testGetSecurityProvider() {
+ assertSame(getSecurityProvider(), mgrProvider.getSecurityProvider());
+ assertSame(mgrProvider.getSecurityProvider(),
mgrProvider.getSecurityProvider());
+ }
+
+ @Test
+ public void testGetTreeProvider() {
+ assertSame(getTreeProvider(), mgrProvider.getTreeProvider());
+ assertSame(mgrProvider.getTreeProvider(),
mgrProvider.getTreeProvider());
+ }
+
+ @Test
+ public void testGetRootProvider() {
+ assertSame(getRootProvider(), mgrProvider.getRootProvider());
+ assertSame(mgrProvider.getRootProvider(),
mgrProvider.getRootProvider());
+ }
+}
\ No newline at end of file
Propchange:
jackrabbit/oak/trunk/oak-authorization-principalbased/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/principalbased/impl/MgrProviderImplTest.java
------------------------------------------------------------------------------
svn:eol-style = native
Added:
jackrabbit/oak/trunk/oak-authorization-principalbased/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/principalbased/impl/MockUtility.java
URL:
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-authorization-principalbased/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/principalbased/impl/MockUtility.java?rev=1857551&view=auto
==============================================================================
---
jackrabbit/oak/trunk/oak-authorization-principalbased/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/principalbased/impl/MockUtility.java
(added)
+++
jackrabbit/oak/trunk/oak-authorization-principalbased/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/principalbased/impl/MockUtility.java
Mon Apr 15 07:16:49 2019
@@ -0,0 +1,114 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package
org.apache.jackrabbit.oak.spi.security.authorization.principalbased.impl;
+
+import com.google.common.collect.ImmutableList;
+import org.apache.jackrabbit.JcrConstants;
+import org.apache.jackrabbit.oak.api.PropertyState;
+import org.apache.jackrabbit.oak.api.Root;
+import org.apache.jackrabbit.oak.api.Tree;
+import org.apache.jackrabbit.oak.api.Type;
+import org.apache.jackrabbit.oak.commons.PathUtils;
+import org.apache.jackrabbit.oak.namepath.NamePathMapper;
+import org.apache.jackrabbit.oak.plugins.memory.PropertyStates;
+import org.apache.jackrabbit.oak.plugins.tree.ReadOnly;
+import org.apache.jackrabbit.oak.plugins.tree.TreeType;
+import org.apache.jackrabbit.oak.plugins.tree.TreeTypeAware;
+import org.apache.jackrabbit.oak.spi.nodetype.NodeTypeConstants;
+import org.apache.jackrabbit.oak.spi.security.SecurityProvider;
+import
org.apache.jackrabbit.oak.spi.security.authorization.principalbased.Filter;
+import
org.apache.jackrabbit.oak.spi.security.authorization.principalbased.FilterProvider;
+import org.apache.jackrabbit.oak.spi.state.NodeState;
+import org.jetbrains.annotations.NotNull;
+import org.jetbrains.annotations.Nullable;
+import org.mockito.Mockito;
+
+import java.util.Set;
+
+import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.when;
+import static org.mockito.Mockito.withSettings;
+
+final class MockUtility {
+
+ private MockUtility() {}
+
+ static Tree mockTree(@NotNull String name, @Nullable String ntName,
boolean exists, @NotNull String... propertyNames) {
+ Tree t = mock(Tree.class);
+ when(t.exists()).thenReturn(exists);
+ when(t.getName()).thenReturn(name);
+ if (ntName != null) {
+
when(t.getProperty(JcrConstants.JCR_PRIMARYTYPE)).thenReturn(createPrimaryTypeProperty(ntName));
+ }
+ for (String propertyName : propertyNames) {
+ when(t.hasProperty(propertyName)).thenReturn(true);
+
when(t.getProperty(propertyName)).thenReturn(PropertyStates.createProperty(propertyName,
"anyValue"));
+ }
+ return t;
+ }
+
+ static Tree mockTree(@NotNull String name, @NotNull String ntName,
@NotNull String path, @NotNull String... propertyNames) {
+ Tree t = mock(Tree.class);
+ when(t.exists()).thenReturn(true);
+ when(t.getName()).thenReturn(name);
+ if (ntName != null) {
+
when(t.getProperty(JcrConstants.JCR_PRIMARYTYPE)).thenReturn(createPrimaryTypeProperty(ntName));
+ }
+ when(t.getPath()).thenReturn(path);
+ when(t.isRoot()).thenReturn(PathUtils.denotesRoot(path));
+ for (String propertyName : propertyNames) {
+ when(t.hasProperty(propertyName)).thenReturn(true);
+
when(t.getProperty(propertyName)).thenReturn(PropertyStates.createProperty(propertyName,
"anyValue"));
+ }
+ return t;
+ }
+
+ static Tree mockTree(@NotNull String path, boolean exists) {
+ Tree tree = Mockito.mock(Tree.class);
+ when(tree.getPath()).thenReturn(path);
+ when(tree.exists()).thenReturn(exists);
+ when(tree.isRoot()).thenReturn(PathUtils.denotesRoot(path));
+ return tree;
+ }
+
+ static Tree mockReadOnlyTree(@NotNull TreeType type) {
+ Tree readOnly = mock(Tree.class,
withSettings().extraInterfaces(ReadOnly.class, TreeTypeAware.class));
+ when(((TreeTypeAware) readOnly).getType()).thenReturn(type);
+ return readOnly;
+ }
+
+ static NodeState mockNodeState(@NotNull String primaryType) {
+ return
when(mock(NodeState.class).getProperty(JcrConstants.JCR_PRIMARYTYPE)).thenReturn(createPrimaryTypeProperty(primaryType)).getMock();
+ }
+
+ static PropertyState createPrimaryTypeProperty(@NotNull String ntName) {
+ return PropertyStates.createProperty(JcrConstants.JCR_PRIMARYTYPE,
ntName, Type.NAME);
+ }
+
+ static PropertyState createMixinTypesProperty(@NotNull String...
mixinTypes) {
+ return PropertyStates.createProperty(JcrConstants.JCR_MIXINTYPES,
ImmutableList.copyOf(mixinTypes), Type.NAMES);
+ }
+
+ static FilterProvider mockFilterProvider(boolean canHandle) {
+ Filter filter = mock(Filter.class);
+ when(filter.canHandle(any(Set.class))).thenReturn(canHandle);
+ FilterProvider fp = mock(FilterProvider.class);
+ when(fp.getFilter(any(SecurityProvider.class), any(Root.class),
any(NamePathMapper.class))).thenReturn(filter);
+ return fp;
+ }
+}
\ No newline at end of file
Propchange:
jackrabbit/oak/trunk/oak-authorization-principalbased/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/principalbased/impl/MockUtility.java
------------------------------------------------------------------------------
svn:eol-style = native
Added:
jackrabbit/oak/trunk/oak-authorization-principalbased/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/principalbased/impl/PermissionProviderAccessControlTest.java
URL:
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-authorization-principalbased/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/principalbased/impl/PermissionProviderAccessControlTest.java?rev=1857551&view=auto
==============================================================================
---
jackrabbit/oak/trunk/oak-authorization-principalbased/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/principalbased/impl/PermissionProviderAccessControlTest.java
(added)
+++
jackrabbit/oak/trunk/oak-authorization-principalbased/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/principalbased/impl/PermissionProviderAccessControlTest.java
Mon Apr 15 07:16:49 2019
@@ -0,0 +1,349 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package
org.apache.jackrabbit.oak.spi.security.authorization.principalbased.impl;
+
+import com.google.common.collect.ImmutableMap;
+import com.google.common.collect.ImmutableSet;
+import org.apache.jackrabbit.oak.api.PropertyState;
+import org.apache.jackrabbit.oak.api.Tree;
+import org.apache.jackrabbit.oak.commons.PathUtils;
+import org.apache.jackrabbit.oak.namepath.NamePathMapper;
+import org.apache.jackrabbit.oak.plugins.memory.PropertyStates;
+import org.apache.jackrabbit.oak.plugins.tree.TreeType;
+import
org.apache.jackrabbit.oak.spi.security.authorization.permission.Permissions;
+import
org.apache.jackrabbit.oak.spi.security.authorization.permission.TreePermission;
+import org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeConstants;
+import org.junit.Before;
+import org.junit.Test;
+
+import javax.jcr.Value;
+import java.security.Principal;
+import java.util.Map;
+import java.util.Set;
+
+import static org.apache.jackrabbit.oak.api.Type.STRING;
+import static
org.apache.jackrabbit.oak.spi.security.authorization.accesscontrol.AccessControlConstants.REP_GLOB;
+import static
org.apache.jackrabbit.oak.spi.security.authorization.principalbased.impl.Constants.REP_EFFECTIVE_PATH;
+import static
org.apache.jackrabbit.oak.spi.security.authorization.principalbased.impl.Constants.REP_PRINCIPAL_POLICY;
+import static
org.apache.jackrabbit.oak.spi.security.authorization.principalbased.impl.Constants.REP_PRIVILEGES;
+import static
org.apache.jackrabbit.oak.spi.security.authorization.principalbased.impl.Constants.REP_RESTRICTIONS;
+import static
org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeConstants.JCR_MODIFY_ACCESS_CONTROL;
+import static
org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeConstants.JCR_READ;
+import static
org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeConstants.JCR_READ_ACCESS_CONTROL;
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertFalse;
+import static org.junit.Assert.assertSame;
+import static org.junit.Assert.assertTrue;
+
+public class PermissionProviderAccessControlTest extends
AbstractPrincipalBasedTest {
+
+ private Principal testPrincipal;
+ private PrincipalBasedPermissionProvider permissionProvider;
+
+ private String contentPath;
+ private String childPath;
+ private String grandchildPath;
+
+ private String child2Path;
+
+ private String accessControlledPath;
+
+ @Before
+ public void before() throws Exception {
+ super.before();
+
+ testPrincipal = getTestSystemUser().getPrincipal();
+ setupContentTrees(TEST_OAK_PATH);
+ setupContentTrees("/oak:content/child2/grandchild2");
+
+ contentPath = PathUtils.getAncestorPath(TEST_OAK_PATH, 3);
+ childPath = PathUtils.getAncestorPath(TEST_OAK_PATH, 2);
+ grandchildPath = PathUtils.getAncestorPath(TEST_OAK_PATH, 1);
+
+ child2Path = "/oak:content/child2";
+
+ PrincipalPolicyImpl policy =
setupPrincipalBasedAccessControl(testPrincipal,
getNamePathMapper().getJcrPath(contentPath), JCR_READ);
+ addPrincipalBasedEntry(policy,
getNamePathMapper().getJcrPath(childPath),
PrivilegeConstants.JCR_READ_ACCESS_CONTROL);
+ addPrincipalBasedEntry(policy,
getNamePathMapper().getJcrPath(child2Path),
PrivilegeConstants.JCR_MODIFY_ACCESS_CONTROL);
+ accessControlledPath = policy.getOakPath();
+ root.commit();
+
+ permissionProvider = createPermissionProvider(root, testPrincipal);
+ }
+
+ @Override
+ protected NamePathMapper getNamePathMapper() {
+ return NamePathMapper.DEFAULT;
+ }
+
+ @Test
+ public void testGetTreePermission() throws Exception {
+ String oakPath = PathUtils.concat(accessControlledPath,
REP_PRINCIPAL_POLICY);
+ Tree tree = root.getTree(PathUtils.ROOT_PATH);
+ TreePermission tp = permissionProvider.getTreePermission(tree,
TreePermission.EMPTY);
+ for (String elem : PathUtils.elements(oakPath)) {
+ tree = tree.getChild(elem);
+ tp = permissionProvider.getTreePermission(tree, tp);
+ }
+
+ assertTrue(tp instanceof AbstractTreePermission);
+ assertSame(TreeType.ACCESS_CONTROL, ((AbstractTreePermission)
tp).getType());
+ }
+
+ @Test
+ public void testIsGrantedOnAccessControlledTree() throws Exception {
+ Tree accessControlledTree =
root.getTree(getNamePathMapper().getOakPath(accessControlledPath));
+ assertFalse(permissionProvider.isGranted(accessControlledTree, null,
Permissions.READ));
+ assertFalse(permissionProvider.isGranted(accessControlledTree, null,
Permissions.READ_ACCESS_CONTROL));
+
+ setupPrincipalBasedAccessControl(testPrincipal, accessControlledPath,
JCR_READ);
+ root.commit();
+ permissionProvider.refresh();
+
+ assertTrue(permissionProvider.isGranted(accessControlledTree, null,
Permissions.READ));
+
+ }
+
+ @Test
+ public void testIsGrantedOnPolicyTree() throws Exception {
+ Tree policyTree = root.getTree(PathUtils.concat(accessControlledPath,
REP_PRINCIPAL_POLICY));
+ assertFalse(permissionProvider.isGranted(policyTree, null,
Permissions.READ));
+ assertFalse(permissionProvider.isGranted(policyTree, null,
Permissions.READ_ACCESS_CONTROL));
+ assertFalse(permissionProvider.isGranted(policyTree, null,
Permissions.READ_ACCESS_CONTROL|Permissions.MODIFY_ACCESS_CONTROL));
+ assertFalse(permissionProvider.isGranted(policyTree, null,
Permissions.WRITE));
+ }
+
+ @Test
+ public void testIsGrantedOnPolicyTreePrincipalReadable() throws Exception {
+ setupPrincipalBasedAccessControl(testPrincipal, accessControlledPath,
JCR_READ);
+ root.commit();
+ permissionProvider.refresh();
+
+ Tree policyTree = root.getTree(PathUtils.concat(accessControlledPath,
REP_PRINCIPAL_POLICY));
+ assertTrue(permissionProvider.isGranted(policyTree, null,
Permissions.READ));
+ assertFalse(permissionProvider.isGranted(policyTree, null,
Permissions.READ_ACCESS_CONTROL));
+ assertFalse(permissionProvider.isGranted(policyTree, null,
Permissions.READ_ACCESS_CONTROL|Permissions.MODIFY_ACCESS_CONTROL));
+ assertFalse(permissionProvider.isGranted(policyTree, null,
Permissions.WRITE));
+ }
+
+ @Test
+ public void testIsGrantedOnPolicyTreePrincipalAccessControlReadable()
throws Exception {
+ setupPrincipalBasedAccessControl(testPrincipal, accessControlledPath,
JCR_READ, JCR_READ_ACCESS_CONTROL);
+ root.commit();
+ permissionProvider.refresh();
+
+ Tree policyTree = root.getTree(PathUtils.concat(accessControlledPath,
REP_PRINCIPAL_POLICY));
+ assertTrue(permissionProvider.isGranted(policyTree, null,
Permissions.READ));
+ assertTrue(permissionProvider.isGranted(policyTree, null,
Permissions.READ_ACCESS_CONTROL));
+ assertFalse(permissionProvider.isGranted(policyTree, null,
Permissions.READ_ACCESS_CONTROL|Permissions.MODIFY_ACCESS_CONTROL));
+ assertFalse(permissionProvider.isGranted(policyTree, null,
Permissions.WRITE));
+ }
+
+ @Test
+ public void testIsGrantedOnEntryTree() throws Exception {
+ setupPrincipalBasedAccessControl(testPrincipal, accessControlledPath,
JCR_READ, JCR_READ_ACCESS_CONTROL);
+ root.commit();
+ permissionProvider.refresh();
+
+ Tree policyTree = root.getTree(PathUtils.concat(accessControlledPath,
REP_PRINCIPAL_POLICY));
+ for (Tree child : policyTree.getChildren()) {
+ assertTrue(permissionProvider.isGranted(child, null,
Permissions.READ|Permissions.READ_ACCESS_CONTROL));
+ assertFalse(permissionProvider.isGranted(child, null,
Permissions.MODIFY_ACCESS_CONTROL));
+ }
+ }
+
+ @Test
+ public void testIsGrantedOnEntryTreeAccessControlModifiable() throws
Exception {
+ setupPrincipalBasedAccessControl(testPrincipal, accessControlledPath,
JCR_READ, JCR_MODIFY_ACCESS_CONTROL);
+ root.commit();
+ permissionProvider.refresh();
+
+ Tree policyTree = root.getTree(PathUtils.concat(accessControlledPath,
REP_PRINCIPAL_POLICY));
+ for (Tree child : policyTree.getChildren()) {
+ assertTrue(permissionProvider.isGranted(child, null,
Permissions.READ));
+
+ String effectivePath =
child.getProperty(REP_EFFECTIVE_PATH).getValue(STRING);
+ if (contentPath.equals(effectivePath)) {
+ assertFalse(permissionProvider.isGranted(child, null,
Permissions.READ_ACCESS_CONTROL));
+ assertFalse(permissionProvider.isGranted(child, null,
Permissions.MODIFY_ACCESS_CONTROL));
+ } else if (childPath.equals(effectivePath)) {
+ assertFalse(permissionProvider.isGranted(child, null,
Permissions.READ_ACCESS_CONTROL));
+ assertFalse(permissionProvider.isGranted(child, null,
Permissions.MODIFY_ACCESS_CONTROL));
+ } else if (child2Path.equals(effectivePath)) {
+ assertFalse(permissionProvider.isGranted(child, null,
Permissions.READ_ACCESS_CONTROL));
+ assertTrue(permissionProvider.isGranted(child, null,
Permissions.MODIFY_ACCESS_CONTROL));
+ }
+ }
+ }
+
+ @Test
+ public void testIsGrantedOnEntryTreeAccessMgt() throws Exception {
+ setupPrincipalBasedAccessControl(testPrincipal, accessControlledPath,
JCR_READ, JCR_READ_ACCESS_CONTROL, JCR_MODIFY_ACCESS_CONTROL);
+ root.commit();
+ permissionProvider.refresh();
+
+ Tree policyTree = root.getTree(PathUtils.concat(accessControlledPath,
REP_PRINCIPAL_POLICY));
+ for (Tree child : policyTree.getChildren()) {
+ assertTrue(permissionProvider.isGranted(child, null,
Permissions.READ|Permissions.READ_ACCESS_CONTROL));
+ assertTrue(permissionProvider.isGranted(child,
child.getProperty(REP_EFFECTIVE_PATH), Permissions.READ_ACCESS_CONTROL));
+ assertTrue(permissionProvider.isGranted(child,
child.getProperty(REP_PRIVILEGES), Permissions.READ_ACCESS_CONTROL));
+
+ String effectivePath =
child.getProperty(REP_EFFECTIVE_PATH).getValue(STRING);
+ if (contentPath.equals(effectivePath)) {
+ assertFalse(permissionProvider.isGranted(child, null,
Permissions.MODIFY_ACCESS_CONTROL));
+ } else if (childPath.equals(effectivePath)) {
+ assertFalse(permissionProvider.isGranted(child, null,
Permissions.MODIFY_ACCESS_CONTROL));
+ } else if (child2Path.equals(effectivePath)) {
+ assertTrue(permissionProvider.isGranted(child, null,
Permissions.MODIFY_ACCESS_CONTROL));
+ }
+ }
+ }
+
+ @Test
+ public void testIsGrantedOnNonExistingRestrictionTree() throws Exception {
+ setupPrincipalBasedAccessControl(testPrincipal, accessControlledPath,
JCR_READ_ACCESS_CONTROL, JCR_MODIFY_ACCESS_CONTROL);
+ root.commit();
+ permissionProvider.refresh();
+
+ Tree policyTree = root.getTree(PathUtils.concat(accessControlledPath,
REP_PRINCIPAL_POLICY));
+ for (Tree child : policyTree.getChildren()) {
+ Tree restr = child.getChild(REP_RESTRICTIONS);
+ PropertyState propertyState =
PropertyStates.createProperty(REP_GLOB, "any");
+
+ assertFalse(permissionProvider.isGranted(restr, null,
Permissions.READ));
+
+ String effectivePath =
child.getProperty(REP_EFFECTIVE_PATH).getValue(STRING);
+ if (contentPath.equals(effectivePath)) {
+ assertTrue(permissionProvider.isGranted(restr, null,
Permissions.READ_ACCESS_CONTROL));
+ assertTrue(permissionProvider.isGranted(restr, propertyState,
Permissions.READ_ACCESS_CONTROL));
+ assertFalse(permissionProvider.isGranted(restr, null,
Permissions.MODIFY_ACCESS_CONTROL));
+ } else if (childPath.equals(effectivePath)) {
+ assertTrue(permissionProvider.isGranted(restr, null,
Permissions.READ_ACCESS_CONTROL));
+ assertTrue(permissionProvider.isGranted(restr, propertyState,
Permissions.READ_ACCESS_CONTROL));
+ assertFalse(permissionProvider.isGranted(restr, null,
Permissions.MODIFY_ACCESS_CONTROL));
+ } else if (child2Path.equals(effectivePath)) {
+ assertTrue(permissionProvider.isGranted(restr, null,
Permissions.READ_ACCESS_CONTROL|Permissions.MODIFY_ACCESS_CONTROL));
+ assertTrue(permissionProvider.isGranted(restr, propertyState,
Permissions.READ_ACCESS_CONTROL|Permissions.MODIFY_ACCESS_CONTROL));
+ }
+ }
+ }
+
+ @Test
+ public void testIsGrantedOnRestrictionTree() throws Exception {
+ PrincipalPolicyImpl policy = getPrincipalPolicyImpl(testPrincipal,
getAccessControlManager(root));
+ Map<String, Value> restr =
ImmutableMap.of(getNamePathMapper().getJcrName(REP_GLOB),
getValueFactory(root).createValue(REP_RESTRICTIONS + "*"));
+ policy.addEntry(accessControlledPath,
privilegesFromNames(JCR_READ_ACCESS_CONTROL), restr, ImmutableMap.of());
+ root.commit();
+ permissionProvider.refresh();
+
+ Tree policyTree = root.getTree(PathUtils.concat(accessControlledPath,
REP_PRINCIPAL_POLICY));
+ for (Tree child : policyTree.getChildren()) {
+ assertFalse(permissionProvider.isGranted(child, null,
Permissions.READ));
+ if (child.hasChild(REP_RESTRICTIONS)) {
+ Tree restrTree = child.getChild(REP_RESTRICTIONS);
+ assertTrue(permissionProvider.isGranted(restrTree, null,
Permissions.READ_ACCESS_CONTROL));
+ assertFalse(permissionProvider.isGranted(restrTree, null,
Permissions.READ));
+ assertFalse(permissionProvider.isGranted(restrTree, null,
Permissions.READ_ACCESS_CONTROL|Permissions.MODIFY_ACCESS_CONTROL));
+ for (PropertyState ps : restrTree.getProperties()) {
+ assertTrue(permissionProvider.isGranted(restrTree, ps,
Permissions.READ_ACCESS_CONTROL));
+ }
+ break;
+ }
+ }
+ }
+
+ @Test
+ public void testIsGrantedByPath() throws Exception {
+ setupPrincipalBasedAccessControl(testPrincipal, accessControlledPath,
JCR_READ, JCR_READ_ACCESS_CONTROL, JCR_MODIFY_ACCESS_CONTROL);
+ root.commit();
+ permissionProvider.refresh();
+
+ assertTrue(permissionProvider.isGranted(accessControlledPath,
Permissions.getString(Permissions.READ|Permissions.READ_ACCESS_CONTROL|Permissions.MODIFY_ACCESS_CONTROL)));
+ assertFalse(permissionProvider.isGranted(accessControlledPath,
Permissions.getString(Permissions.READ|Permissions.WRITE)));
+
+ String policyPath = PathUtils.concat(accessControlledPath,
REP_PRINCIPAL_POLICY);
+ assertTrue(permissionProvider.isGranted(policyPath,
Permissions.getString(Permissions.READ_PROPERTY|Permissions.READ_NODE|Permissions.READ_ACCESS_CONTROL|Permissions.MODIFY_ACCESS_CONTROL)));
+
+ for (Tree child : root.getTree(policyPath).getChildren()) {
+ String childPath = child.getPath();
+ String effectivePath =
child.getProperty(REP_EFFECTIVE_PATH).getValue(STRING);
+ if (contentPath.equals(effectivePath)) {
+ assertTrue(permissionProvider.isGranted(childPath,
Permissions.getString(Permissions.READ|Permissions.READ_ACCESS_CONTROL)));
+ assertFalse(permissionProvider.isGranted(childPath,
Permissions.getString(Permissions.MODIFY_ACCESS_CONTROL)));
+ } else if (childPath.equals(effectivePath)) {
+ assertTrue(permissionProvider.isGranted(childPath,
Permissions.getString(Permissions.READ|Permissions.READ_ACCESS_CONTROL)));
+ assertFalse(permissionProvider.isGranted(childPath,
Permissions.getString(Permissions.READ|Permissions.MODIFY_ACCESS_CONTROL)));
+ } else if (child2Path.equals(effectivePath)) {
+ assertTrue(permissionProvider.isGranted(childPath,
Permissions.getString(Permissions.READ|Permissions.READ_ACCESS_CONTROL)));
+ assertTrue(permissionProvider.isGranted(childPath,
Permissions.getString(Permissions.READ|Permissions.MODIFY_ACCESS_CONTROL)));
+ }
+ }
+ }
+
+ @Test
+ public void testGetPrivileges() throws Exception {
+
assertTrue(permissionProvider.getPrivileges(root.getTree(accessControlledPath)).isEmpty());
+ Tree policyTree = root.getTree(PathUtils.concat(accessControlledPath,
REP_PRINCIPAL_POLICY));
+ assertTrue(permissionProvider.getPrivileges(policyTree).isEmpty());
+ for (Tree child : policyTree.getChildren()) {
+ assertTrue(permissionProvider.getPrivileges(policyTree).isEmpty());
+ }
+
+ setupPrincipalBasedAccessControl(testPrincipal, accessControlledPath,
JCR_READ);
+ root.commit();
+ permissionProvider.refresh();
+
+ Set<String> expectedPrivNames = ImmutableSet.of(JCR_READ);
+ assertEquals(expectedPrivNames,
permissionProvider.getPrivileges(root.getTree(accessControlledPath)));
+ policyTree = root.getTree(PathUtils.concat(accessControlledPath,
REP_PRINCIPAL_POLICY));
+ assertEquals(expectedPrivNames,
permissionProvider.getPrivileges(policyTree));
+ for (Tree child : policyTree.getChildren()) {
+ assertEquals(expectedPrivNames,
permissionProvider.getPrivileges(policyTree));
+ }
+
+ setupPrincipalBasedAccessControl(testPrincipal, accessControlledPath,
JCR_READ_ACCESS_CONTROL);
+ root.commit();
+ permissionProvider.refresh();
+
+ expectedPrivNames = ImmutableSet.of(JCR_READ, JCR_READ_ACCESS_CONTROL);
+ assertEquals(expectedPrivNames,
permissionProvider.getPrivileges(root.getTree(accessControlledPath)));
+ policyTree = root.getTree(PathUtils.concat(accessControlledPath,
REP_PRINCIPAL_POLICY));
+ assertEquals(expectedPrivNames,
permissionProvider.getPrivileges(policyTree));
+ for (Tree child : policyTree.getChildren()) {
+ assertEquals(ImmutableSet.of(JCR_READ, JCR_READ_ACCESS_CONTROL),
permissionProvider.getPrivileges(child));
+ }
+
+ setupPrincipalBasedAccessControl(testPrincipal, accessControlledPath,
JCR_MODIFY_ACCESS_CONTROL);
+ root.commit();
+ permissionProvider.refresh();
+
+ expectedPrivNames = ImmutableSet.of(JCR_READ, JCR_READ_ACCESS_CONTROL,
JCR_MODIFY_ACCESS_CONTROL);
+ assertEquals(expectedPrivNames,
permissionProvider.getPrivileges(root.getTree(accessControlledPath)));
+ policyTree = root.getTree(PathUtils.concat(accessControlledPath,
REP_PRINCIPAL_POLICY));
+ assertEquals(expectedPrivNames,
permissionProvider.getPrivileges(policyTree));
+ for (Tree child : policyTree.getChildren()) {
+ String effectivePath =
child.getProperty(REP_EFFECTIVE_PATH).getValue(STRING);
+ if (contentPath.equals(effectivePath)) {
+ assertEquals(ImmutableSet.of(JCR_READ,
JCR_READ_ACCESS_CONTROL), permissionProvider.getPrivileges(child));
+ } else if (childPath.equals(effectivePath)) {
+ assertEquals(ImmutableSet.of(JCR_READ,
JCR_READ_ACCESS_CONTROL), permissionProvider.getPrivileges(child));
+ } else if (child2Path.equals(effectivePath)) {
+ assertEquals(ImmutableSet.of(JCR_READ,
JCR_READ_ACCESS_CONTROL, JCR_MODIFY_ACCESS_CONTROL),
permissionProvider.getPrivileges(child));
+ }
+ }
+ }
+}
\ No newline at end of file
Propchange:
jackrabbit/oak/trunk/oak-authorization-principalbased/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/principalbased/impl/PermissionProviderAccessControlTest.java
------------------------------------------------------------------------------
svn:eol-style = native
Added:
jackrabbit/oak/trunk/oak-authorization-principalbased/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/principalbased/impl/PermissionProviderHiddenTypeTest.java
URL:
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-authorization-principalbased/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/principalbased/impl/PermissionProviderHiddenTypeTest.java?rev=1857551&view=auto
==============================================================================
---
jackrabbit/oak/trunk/oak-authorization-principalbased/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/principalbased/impl/PermissionProviderHiddenTypeTest.java
(added)
+++
jackrabbit/oak/trunk/oak-authorization-principalbased/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/principalbased/impl/PermissionProviderHiddenTypeTest.java
Mon Apr 15 07:16:49 2019
@@ -0,0 +1,87 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package
org.apache.jackrabbit.oak.spi.security.authorization.principalbased.impl;
+
+import org.apache.jackrabbit.oak.api.PropertyState;
+import org.apache.jackrabbit.oak.api.Tree;
+import org.apache.jackrabbit.oak.commons.PathUtils;
+import org.apache.jackrabbit.oak.namepath.NamePathMapper;
+import org.apache.jackrabbit.oak.plugins.index.IndexConstants;
+import org.apache.jackrabbit.oak.plugins.tree.TreeType;
+import
org.apache.jackrabbit.oak.spi.security.authorization.permission.Permissions;
+import
org.apache.jackrabbit.oak.spi.security.authorization.permission.TreePermission;
+import org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeConstants;
+import org.apache.jackrabbit.oak.spi.state.NodeState;
+import org.junit.Before;
+import org.junit.Test;
+
+import static
org.apache.jackrabbit.oak.spi.security.authorization.principalbased.impl.MockUtility.mockReadOnlyTree;
+import static org.junit.Assert.assertFalse;
+import static org.junit.Assert.assertSame;
+import static org.junit.Assert.assertTrue;
+import static org.mockito.Mockito.mock;
+
+public class PermissionProviderHiddenTypeTest extends
AbstractPrincipalBasedTest {
+
+ private PrincipalBasedPermissionProvider permissionProvider;
+
+ @Before
+ public void before() throws Exception {
+ super.before();
+
+ permissionProvider = createPermissionProvider(root,
getTestSystemUser().getPrincipal());
+ }
+
+
+ @Override
+ protected NamePathMapper getNamePathMapper() {
+ return NamePathMapper.DEFAULT;
+ }
+
+ @Test
+ public void testGetPrivileges() {
+
assertTrue(permissionProvider.getPrivileges(mockReadOnlyTree(TreeType.HIDDEN)).isEmpty());
+ }
+
+ @Test
+ public void testHasPrivileges() {
+
assertFalse(permissionProvider.hasPrivileges(mockReadOnlyTree(TreeType.HIDDEN),
PrivilegeConstants.REP_READ_NODES));
+ }
+
+ @Test
+ public void testIsGranted() {
+
assertTrue(permissionProvider.isGranted(mockReadOnlyTree(TreeType.HIDDEN),
null, Permissions.ALL));
+
assertTrue(permissionProvider.isGranted(mockReadOnlyTree(TreeType.HIDDEN),
mock(PropertyState.class), Permissions.ALL));
+ }
+ @Test
+ public void testGetTreePermission() throws Exception {
+ assertSame(TreePermission.ALL,
permissionProvider.getTreePermission(mockReadOnlyTree(TreeType.HIDDEN),
TreeType.HIDDEN, mock(AbstractTreePermission.class)));
+ }
+
+ @Test
+ public void testGetChildTreePermission() {
+ String indexPath = "/" + IndexConstants.INDEX_DEFINITIONS_NAME +
"/acPrincipalName/" + IndexConstants.INDEX_CONTENT_NODE_NAME;
+ Tree readOnly =
getRootProvider().createReadOnlyRoot(root).getTree(PathUtils.ROOT_PATH);
+ TreePermission tp = (AbstractTreePermission)
permissionProvider.getTreePermission(readOnly, TreePermission.EMPTY);
+ NodeState ns = getTreeProvider().asNodeState(readOnly);
+ for (String elem : PathUtils.elements(indexPath)) {
+ ns = ns.getChildNode(elem);
+ tp = permissionProvider.getTreePermission(elem, ns,
(AbstractTreePermission) tp);
+ }
+ assertSame(TreePermission.ALL, tp);
+ }
+}
\ No newline at end of file
Propchange:
jackrabbit/oak/trunk/oak-authorization-principalbased/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/principalbased/impl/PermissionProviderHiddenTypeTest.java
------------------------------------------------------------------------------
svn:eol-style = native
