You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by el...@apache.org on 2010/07/02 15:53:39 UTC
svn commit: r959986 - in
/directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/authz:
AuthzAuthnIT.java CompareAuthorizationIT.java
Author: elecharny
Date: Fri Jul 2 13:53:38 2010
New Revision: 959986
URL: http://svn.apache.org/viewvc?rev=959986&view=rev
Log:
Some more ACI formating
Modified:
directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/authz/AuthzAuthnIT.java
directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/authz/CompareAuthorizationIT.java
Modified: directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/authz/AuthzAuthnIT.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/authz/AuthzAuthnIT.java?rev=959986&r1=959985&r2=959986&view=diff
==============================================================================
--- directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/authz/AuthzAuthnIT.java (original)
+++ directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/authz/AuthzAuthnIT.java Fri Jul 2 13:53:38 2010
@@ -124,11 +124,22 @@ public class AuthzAuthnIT extends Abstra
createAccessControlSubentry(
"grantBrowseForTheWholeNamingContext",
"{ maximum 0 }", // !!!!! Replace this with "{ minimum 1 }" for practicing !
- "{ " + "identificationTag \"browseACI\", "
- + "precedence 14, " + "authenticationLevel none, " + "itemOrUserFirst userFirst: { "
- + "userClasses { name { \"uid=billyd,ou=users,ou=system\" } }, " + "userPermissions { { "
- + "protectedItems { entry }, "
- + "grantsAndDenials { grantBrowse } } } } }" );
+ "{ " +
+ " identificationTag \"browseACI\", " +
+ " precedence 14, " +
+ " authenticationLevel none, " +
+ " itemOrUserFirst userFirst: " +
+ " { " +
+ " userClasses { name { \"uid=billyd,ou=users,ou=system\" } }, " +
+ " userPermissions " +
+ " { " +
+ " { " +
+ " protectedItems { entry }, " +
+ " grantsAndDenials { grantBrowse } " +
+ " } " +
+ " } " +
+ " } " +
+ "}" );
DN userName = new DN( "uid=billyd,ou=users,ou=system" );
Modified: directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/authz/CompareAuthorizationIT.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/authz/CompareAuthorizationIT.java?rev=959986&r1=959985&r2=959986&view=diff
==============================================================================
--- directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/authz/CompareAuthorizationIT.java (original)
+++ directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/authz/CompareAuthorizationIT.java Fri Jul 2 13:53:38 2010
@@ -142,16 +142,15 @@ public class CompareAuthorizationIT exte
// Gives grantCompare, and grantRead perm to all users in the Administrators group for
// entries and all attribute types and values
createAccessControlSubentry( "administratorAdd",
- "{ identificationTag \"addAci\", " +
+ "{ " +
+ " identificationTag \"addAci\", " +
" precedence 14, " +
" authenticationLevel none, " +
- " itemOrUserFirst userFirst: { " +
- " userClasses { " +
- " userGroup { " +
- " \"cn=Administrators,ou=groups,ou=system\" " +
- " } " +
- " }, " +
- " userPermissions { " +
+ " itemOrUserFirst userFirst: " +
+ " { " +
+ " userClasses { userGroup { \"cn=Administrators,ou=groups,ou=system\" } }" +
+ " userPermissions " +
+ " { " +
" { " +
" protectedItems { entry, allUserAttributeTypesAndValues }, " +
" grantsAndDenials { grantCompare, grantRead, grantBrowse } " +
@@ -189,26 +188,17 @@ public class CompareAuthorizationIT exte
// now add a subentry that enables user billyd to compare an entry below ou=system
createAccessControlSubentry( "billydAdd",
"{ " +
- " identificationTag \"addAci\", precedence 14, authenticationLevel none, itemOrUserFirst userFirst: " +
+ " identificationTag \"addAci\", " +
+ " precedence 14, " +
+ " authenticationLevel none, " +
+ " itemOrUserFirst userFirst: " +
" { " +
- " userClasses " +
- " { " +
- " name " +
- " { " +
- " \"uid=billyd,ou=users,ou=system\" " +
- " } " +
- " }, " +
+ " userClasses { name { \"uid=billyd,ou=users,ou=system\" } }, " +
" userPermissions " +
" { " +
" { " +
- " protectedItems " +
- " {" +
- " entry, allUserAttributeTypesAndValues" +
- " }, " +
- " grantsAndDenials " +
- " { " +
- " grantCompare, grantRead, grantBrowse " +
- " } " +
+ " protectedItems { entry, allUserAttributeTypesAndValues }, " +
+ " grantsAndDenials { grantCompare, grantRead, grantBrowse } " +
" } " +
" } " +
" } " +
@@ -234,11 +224,27 @@ public class CompareAuthorizationIT exte
assertFalse( checkCanCompareTelephoneNumberAs( "billyd", "billyd", "ou=testou", "867-5309" ) );
// now add a subentry that enables user billyd to compare an entry below ou=system
- createAccessControlSubentry( "billyAddBySubtree", "{ " + "identificationTag \"addAci\", " + "precedence 14, "
- + "authenticationLevel none, " + "itemOrUserFirst userFirst: { "
- + "userClasses { subtree { { base \"ou=users,ou=system\" } } }, " + "userPermissions { { "
- + "protectedItems {entry, allUserAttributeTypesAndValues}, "
- + "grantsAndDenials { grantCompare, grantRead, grantBrowse } } } } }" );
+ createAccessControlSubentry(
+ "billyAddBySubtree",
+ "{ " +
+ " identificationTag \"addAci\", " +
+ " precedence 14, " +
+ " authenticationLevel none, " +
+ " itemOrUserFirst userFirst: " +
+ " { " +
+ " userClasses " +
+ " { " +
+ " subtree { { base \"ou=users,ou=system\" } } " +
+ " }, " +
+ " userPermissions " +
+ " { " +
+ " { " +
+ " protectedItems {entry, allUserAttributeTypesAndValues}, " +
+ " grantsAndDenials { grantCompare, grantRead, grantBrowse } " +
+ " } " +
+ " } " +
+ " } " +
+ "}" );
// should work now that billyd is authorized by the subtree userClass
assertTrue( checkCanCompareTelephoneNumberAs( "billyd", "billyd", "ou=testou", "867-5309" ) );
@@ -260,10 +266,24 @@ public class CompareAuthorizationIT exte
assertFalse( checkCanCompareTelephoneNumberAs( "billyd", "billyd", "ou=testou", "867-5309" ) );
// now add a subentry that enables anyone to add an entry below ou=system
- createAccessControlSubentry( "anybodyAdd", "{ " + "identificationTag \"addAci\", " + "precedence 14, "
- + "authenticationLevel none, " + "itemOrUserFirst userFirst: { " + "userClasses { allUsers }, "
- + "userPermissions { { " + "protectedItems {entry, allUserAttributeTypesAndValues}, "
- + "grantsAndDenials { grantCompare, grantRead, grantBrowse } } } } }" );
+ createAccessControlSubentry(
+ "anybodyAdd",
+ "{ " +
+ " identificationTag \"addAci\", " +
+ " precedence 14, " +
+ " authenticationLevel none, " +
+ " itemOrUserFirst userFirst: " +
+ " { " +
+ " userClasses { allUsers }, " +
+ " userPermissions " +
+ " { " +
+ " { " +
+ " protectedItems {entry, allUserAttributeTypesAndValues}, " +
+ " grantsAndDenials { grantCompare, grantRead, grantBrowse } " +
+ " } " +
+ " } " +
+ " } " +
+ "}" );
// see if we can now compare that test entry's number which we could not before
// should work with billyd now that all users are authorized