You are viewing a plain text version of this content. The canonical link for it is here.
Posted to oak-commits@jackrabbit.apache.org by an...@apache.org on 2012/08/21 12:28:30 UTC
svn commit: r1375461 - in /jackrabbit/oak/trunk:
oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/
oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/privilege/
oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/...
Author: angela
Date: Tue Aug 21 10:28:29 2012
New Revision: 1375461
URL: http://svn.apache.org/viewvc?rev=1375461&view=rev
Log:
OAK-64 : Privilege Management (WIP)
Modified:
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeConstants.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeMigrator.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeRegistry.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/privilege/PrivilegeProvider.java
jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/privilege/PrivilegeManagerImplTest.java
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeConstants.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeConstants.java?rev=1375461&r1=1375460&r2=1375461&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeConstants.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeConstants.java Tue Aug 21 10:28:29 2012
@@ -57,4 +57,26 @@ public interface PrivilegeConstants {
String REP_ADD_PROPERTIES = "rep:addProperties";
String REP_ALTER_PROPERTIES = "rep:alterProperties";
String REP_REMOVE_PROPERTIES = "rep:removeProperties";
+
+ String[] NON_AGGR_PRIVILEGES = new String[] {
+ JCR_READ, REP_ADD_PROPERTIES, REP_ALTER_PROPERTIES, REP_REMOVE_PROPERTIES,
+ JCR_ADD_CHILD_NODES, JCR_REMOVE_CHILD_NODES, JCR_REMOVE_NODE,
+ JCR_READ_ACCESS_CONTROL, JCR_MODIFY_ACCESS_CONTROL, JCR_NODE_TYPE_MANAGEMENT,
+ JCR_VERSION_MANAGEMENT, JCR_LOCK_MANAGEMENT, JCR_LIFECYCLE_MANAGEMENT,
+ JCR_RETENTION_MANAGEMENT, JCR_WORKSPACE_MANAGEMENT, JCR_NODE_TYPE_DEFINITION_MANAGEMENT,
+ JCR_NAMESPACE_MANAGEMENT, REP_PRIVILEGE_MANAGEMENT};
+
+ String[] AGGR_PRIVILEGES = new String[] {JCR_MODIFY_PROPERTIES, JCR_WRITE, REP_WRITE};
+
+ String[] AGGR_JCR_MODIFY_PROPERTIES = new String[] {
+ REP_ADD_PROPERTIES, REP_ALTER_PROPERTIES, REP_REMOVE_PROPERTIES
+ };
+
+ String[] AGGR_JCR_WRITE = new String[] {
+ JCR_MODIFY_PROPERTIES, JCR_ADD_CHILD_NODES, JCR_REMOVE_CHILD_NODES, JCR_REMOVE_NODE
+ };
+
+ String[] AGGR_REP_WRITE = new String[] {
+ JCR_WRITE, JCR_NODE_TYPE_MANAGEMENT
+ };
}
\ No newline at end of file
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeMigrator.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeMigrator.java?rev=1375461&r1=1375460&r2=1375461&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeMigrator.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeMigrator.java Tue Aug 21 10:28:29 2012
@@ -52,7 +52,10 @@ public class PrivilegeMigrator {
try {
NamespaceRegistry nsRegistry = new NamespaceRegistryImpl(contentSession);
PrivilegeDefinition[] custom = PrivilegeDefinitionReader.readCustomDefinitons(stream, nsRegistry);
- pr.registerDefinitions(custom);
+
+ for (PrivilegeDefinition def : custom) {
+ pr.registerDefinition(def.getName(), def.isAbstract(), def.getDeclaredAggregateNames());
+ }
} catch (IOException e) {
throw new RepositoryException(e);
} finally {
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeRegistry.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeRegistry.java?rev=1375461&r1=1375460&r2=1375461&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeRegistry.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeRegistry.java Tue Aug 21 10:28:29 2012
@@ -17,7 +17,6 @@
package org.apache.jackrabbit.oak.security.privilege;
import java.util.HashMap;
-import java.util.HashSet;
import java.util.Map;
import java.util.Set;
import javax.annotation.Nonnull;
@@ -41,26 +40,14 @@ import org.apache.jackrabbit.oak.util.No
* TODO: define if custom privileges are read with editing content session (thus enforcing read permissions)
*
* FIXME: Session#refresh should refresh privileges exposed
- * FIXME: Proper implementation for JCR_ALL privilege containing all custom privileges.
*/
public class PrivilegeRegistry implements PrivilegeProvider, PrivilegeConstants {
- private static final String[] SIMPLE_PRIVILEGES = new String[] {
- JCR_READ, REP_ADD_PROPERTIES, REP_ALTER_PROPERTIES, REP_REMOVE_PROPERTIES,
- JCR_ADD_CHILD_NODES, JCR_REMOVE_CHILD_NODES, JCR_REMOVE_NODE,
- JCR_READ_ACCESS_CONTROL, JCR_MODIFY_ACCESS_CONTROL, JCR_NODE_TYPE_MANAGEMENT,
- JCR_VERSION_MANAGEMENT, JCR_LOCK_MANAGEMENT, JCR_LIFECYCLE_MANAGEMENT,
- JCR_RETENTION_MANAGEMENT, JCR_WORKSPACE_MANAGEMENT, JCR_NODE_TYPE_DEFINITION_MANAGEMENT,
- JCR_NAMESPACE_MANAGEMENT, REP_PRIVILEGE_MANAGEMENT};
-
private static final Map<String, String[]> AGGREGATE_PRIVILEGES = new HashMap<String,String[]>();
static {
- AGGREGATE_PRIVILEGES.put(JCR_MODIFY_PROPERTIES,
- new String[] {REP_ADD_PROPERTIES, REP_ALTER_PROPERTIES, REP_REMOVE_PROPERTIES});
- AGGREGATE_PRIVILEGES.put(JCR_WRITE,
- new String[] {JCR_MODIFY_PROPERTIES, JCR_ADD_CHILD_NODES, JCR_REMOVE_CHILD_NODES, JCR_REMOVE_NODE});
- AGGREGATE_PRIVILEGES.put(REP_WRITE,
- new String[] {JCR_WRITE, JCR_NODE_TYPE_MANAGEMENT});
+ AGGREGATE_PRIVILEGES.put(JCR_MODIFY_PROPERTIES, AGGR_JCR_MODIFY_PROPERTIES);
+ AGGREGATE_PRIVILEGES.put(JCR_WRITE, AGGR_JCR_WRITE);
+ AGGREGATE_PRIVILEGES.put(REP_WRITE, AGGR_REP_WRITE);
}
private final ContentSession contentSession;
@@ -74,7 +61,7 @@ public class PrivilegeRegistry implement
static Map<String, PrivilegeDefinition> getAllDefinitions(PrivilegeDefinitionReader reader) {
Map<String, PrivilegeDefinition> definitions = new HashMap<String, PrivilegeDefinition>();
- for (String privilegeName : SIMPLE_PRIVILEGES) {
+ for (String privilegeName : NON_AGGR_PRIVILEGES) {
PrivilegeDefinition def = new PrivilegeDefinitionImpl(privilegeName, false);
definitions.put(privilegeName, def);
}
@@ -84,40 +71,16 @@ public class PrivilegeRegistry implement
definitions.put(privilegeName, def);
}
+ // add custom definitions
definitions.putAll(reader.readDefinitions());
updateJcrAllPrivilege(definitions);
return definitions;
}
private static void updateJcrAllPrivilege(Map<String, PrivilegeDefinition> definitions) {
- // TODO: add proper implementation taking custom privileges into account.
- Set<String> declaredAggregateNames = new HashSet<String>();
- declaredAggregateNames.add(JCR_READ);
- declaredAggregateNames.add(JCR_READ_ACCESS_CONTROL);
- declaredAggregateNames.add(JCR_MODIFY_ACCESS_CONTROL);
- declaredAggregateNames.add(JCR_VERSION_MANAGEMENT);
- declaredAggregateNames.add(JCR_LOCK_MANAGEMENT);
- declaredAggregateNames.add(JCR_LIFECYCLE_MANAGEMENT);
- declaredAggregateNames.add(JCR_RETENTION_MANAGEMENT);
- declaredAggregateNames.add(JCR_WORKSPACE_MANAGEMENT);
- declaredAggregateNames.add(JCR_NODE_TYPE_DEFINITION_MANAGEMENT);
- declaredAggregateNames.add(JCR_NAMESPACE_MANAGEMENT);
- declaredAggregateNames.add(REP_PRIVILEGE_MANAGEMENT);
- declaredAggregateNames.add(REP_WRITE);
-
- definitions.put(JCR_ALL, new PrivilegeDefinitionImpl(JCR_ALL, false, declaredAggregateNames));
- }
-
- void registerDefinitions(PrivilegeDefinition[] definitions) throws RepositoryException {
- for (PrivilegeDefinition definition : definitions) {
- PrivilegeDefinition toRegister;
- if (definition instanceof PrivilegeDefinitionImpl) {
- toRegister = definition;
- } else {
- toRegister = new PrivilegeDefinitionImpl(definition.getName(), definition.isAbstract(), definition.getDeclaredAggregateNames());
- }
- internalRegisterDefinitions(toRegister);
- }
+ Map<String, PrivilegeDefinition> m = new HashMap<String, PrivilegeDefinition>(definitions);
+ m.remove(JCR_ALL);
+ definitions.put(JCR_ALL, new PrivilegeDefinitionImpl(JCR_ALL, false, m.keySet()));
}
//--------------------------------------------------< PrivilegeProvider >---
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/privilege/PrivilegeProvider.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/privilege/PrivilegeProvider.java?rev=1375461&r1=1375460&r2=1375461&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/privilege/PrivilegeProvider.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/privilege/PrivilegeProvider.java Tue Aug 21 10:28:29 2012
@@ -46,5 +46,16 @@ public interface PrivilegeProvider {
@Nullable
PrivilegeDefinition getPrivilegeDefinition(String name);
+ /**
+ * Creates and registers a new custom privilege definition with the specified
+ * characteristics. If the registration succeeds the new definition is
+ * returned; otherwise an {@code RepositoryException} is thrown.
+ *
+ * @param privilegeName The name of the definition.
+ * @param isAbstract {@code true} if the privilege is abstract.
+ * @param declaredAggregateNames The set of declared aggregate privilege names.
+ * @return The new definition.
+ * @throws RepositoryException If the definition could not be registered.
+ */
PrivilegeDefinition registerDefinition(String privilegeName, boolean isAbstract, Set<String> declaredAggregateNames) throws RepositoryException;
}
\ No newline at end of file
Modified: jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/privilege/PrivilegeManagerImplTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/privilege/PrivilegeManagerImplTest.java?rev=1375461&r1=1375460&r2=1375461&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/privilege/PrivilegeManagerImplTest.java (original)
+++ jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/privilege/PrivilegeManagerImplTest.java Tue Aug 21 10:28:29 2012
@@ -43,7 +43,7 @@ import org.junit.Test;
*
* TODO: more tests for cyclic aggregation
*/
-public class PrivilegeManagerImplTest extends AbstractJCRTest {
+public class PrivilegeManagerImplTest extends AbstractJCRTest implements PrivilegeConstants {
private PrivilegeManager privilegeManager;
@@ -73,86 +73,76 @@ public class PrivilegeManagerImplTest ex
assertTrue(found);
}
- @Test
- public void testRegisteredPrivileges() throws RepositoryException {
- Privilege[] ps = privilegeManager.getRegisteredPrivileges();
-
- List<Privilege> l = new ArrayList<Privilege>(Arrays.asList(ps));
- assertTrue(l.remove(privilegeManager.getPrivilege(Privilege.JCR_READ)));
- assertTrue(l.remove(privilegeManager.getPrivilege(Privilege.JCR_ADD_CHILD_NODES)));
- assertTrue(l.remove(privilegeManager.getPrivilege(Privilege.JCR_REMOVE_CHILD_NODES)));
- assertTrue(l.remove(privilegeManager.getPrivilege(Privilege.JCR_MODIFY_PROPERTIES)));
- assertTrue(l.remove(privilegeManager.getPrivilege(Privilege.JCR_REMOVE_NODE)));
- assertTrue(l.remove(privilegeManager.getPrivilege(Privilege.JCR_READ_ACCESS_CONTROL)));
- assertTrue(l.remove(privilegeManager.getPrivilege(Privilege.JCR_MODIFY_ACCESS_CONTROL)));
- assertTrue(l.remove(privilegeManager.getPrivilege(Privilege.JCR_WRITE)));
- assertTrue(l.remove(privilegeManager.getPrivilege(Privilege.JCR_ALL)));
- assertTrue(l.remove(privilegeManager.getPrivilege(Privilege.JCR_LIFECYCLE_MANAGEMENT)));
- assertTrue(l.remove(privilegeManager.getPrivilege(Privilege.JCR_LOCK_MANAGEMENT)));
- assertTrue(l.remove(privilegeManager.getPrivilege(Privilege.JCR_NODE_TYPE_MANAGEMENT)));
- assertTrue(l.remove(privilegeManager.getPrivilege(Privilege.JCR_RETENTION_MANAGEMENT)));
- assertTrue(l.remove(privilegeManager.getPrivilege(Privilege.JCR_VERSION_MANAGEMENT)));
- assertTrue(l.remove(privilegeManager.getPrivilege(PrivilegeConstants.REP_WRITE)));
- assertTrue(l.remove(privilegeManager.getPrivilege(PrivilegeConstants.REP_ADD_PROPERTIES)));
- assertTrue(l.remove(privilegeManager.getPrivilege(PrivilegeConstants.REP_ALTER_PROPERTIES)));
- assertTrue(l.remove(privilegeManager.getPrivilege(PrivilegeConstants.REP_REMOVE_PROPERTIES)));
- // including repo-level operation privileges
- assertTrue(l.remove(privilegeManager.getPrivilege(PrivilegeConstants.JCR_NAMESPACE_MANAGEMENT)));
- assertTrue(l.remove(privilegeManager.getPrivilege(PrivilegeConstants.JCR_NODE_TYPE_DEFINITION_MANAGEMENT)));
- assertTrue(l.remove(privilegeManager.getPrivilege(PrivilegeConstants.JCR_WORKSPACE_MANAGEMENT)));
- assertTrue(l.remove(privilegeManager.getPrivilege(PrivilegeConstants.REP_PRIVILEGE_MANAGEMENT)));
-
- assertTrue(l.isEmpty());
- }
-
- @Test
- public void testAllPrivilege() throws RepositoryException {
- Privilege p = privilegeManager.getPrivilege(Privilege.JCR_ALL);
- assertEquals("jcr:all",p.getName());
- assertTrue(p.isAggregate());
- assertFalse(p.isAbstract());
-
- List<Privilege> l = new ArrayList<Privilege>(Arrays.asList(p.getAggregatePrivileges()));
- assertTrue(l.remove(privilegeManager.getPrivilege(Privilege.JCR_READ)));
- assertTrue(l.remove(privilegeManager.getPrivilege(Privilege.JCR_ADD_CHILD_NODES)));
- assertTrue(l.remove(privilegeManager.getPrivilege(Privilege.JCR_REMOVE_CHILD_NODES)));
- assertTrue(l.remove(privilegeManager.getPrivilege(Privilege.JCR_MODIFY_PROPERTIES)));
- assertTrue(l.remove(privilegeManager.getPrivilege(Privilege.JCR_REMOVE_NODE)));
- assertTrue(l.remove(privilegeManager.getPrivilege(Privilege.JCR_READ_ACCESS_CONTROL)));
- assertTrue(l.remove(privilegeManager.getPrivilege(Privilege.JCR_MODIFY_ACCESS_CONTROL)));
- assertTrue(l.remove(privilegeManager.getPrivilege(Privilege.JCR_LIFECYCLE_MANAGEMENT)));
- assertTrue(l.remove(privilegeManager.getPrivilege(Privilege.JCR_LOCK_MANAGEMENT)));
- assertTrue(l.remove(privilegeManager.getPrivilege(Privilege.JCR_NODE_TYPE_MANAGEMENT)));
- assertTrue(l.remove(privilegeManager.getPrivilege(Privilege.JCR_RETENTION_MANAGEMENT)));
- assertTrue(l.remove(privilegeManager.getPrivilege(Privilege.JCR_VERSION_MANAGEMENT)));
- assertTrue(l.remove(privilegeManager.getPrivilege(Privilege.JCR_WRITE)));
- assertTrue(l.remove(privilegeManager.getPrivilege(PrivilegeConstants.REP_WRITE)));
- assertTrue(l.remove(privilegeManager.getPrivilege(PrivilegeConstants.REP_ADD_PROPERTIES)));
- assertTrue(l.remove(privilegeManager.getPrivilege(PrivilegeConstants.REP_ALTER_PROPERTIES)));
- assertTrue(l.remove(privilegeManager.getPrivilege(PrivilegeConstants.REP_REMOVE_PROPERTIES)));
- // including repo-level operation privileges
- assertTrue(l.remove(privilegeManager.getPrivilege(PrivilegeConstants.JCR_NAMESPACE_MANAGEMENT)));
- assertTrue(l.remove(privilegeManager.getPrivilege(PrivilegeConstants.JCR_NODE_TYPE_DEFINITION_MANAGEMENT)));
- assertTrue(l.remove(privilegeManager.getPrivilege(PrivilegeConstants.JCR_WORKSPACE_MANAGEMENT)));
- assertTrue(l.remove(privilegeManager.getPrivilege(PrivilegeConstants.REP_PRIVILEGE_MANAGEMENT)));
- assertTrue(l.isEmpty());
-
- l = new ArrayList<Privilege>(Arrays.asList(p.getDeclaredAggregatePrivileges()));
- assertTrue(l.remove(privilegeManager.getPrivilege(Privilege.JCR_READ)));
- assertTrue(l.remove(privilegeManager.getPrivilege(Privilege.JCR_READ_ACCESS_CONTROL)));
- assertTrue(l.remove(privilegeManager.getPrivilege(Privilege.JCR_MODIFY_ACCESS_CONTROL)));
- assertTrue(l.remove(privilegeManager.getPrivilege(Privilege.JCR_LIFECYCLE_MANAGEMENT)));
- assertTrue(l.remove(privilegeManager.getPrivilege(Privilege.JCR_LOCK_MANAGEMENT)));
- assertTrue(l.remove(privilegeManager.getPrivilege(Privilege.JCR_RETENTION_MANAGEMENT)));
- assertTrue(l.remove(privilegeManager.getPrivilege(Privilege.JCR_VERSION_MANAGEMENT)));
- assertTrue(l.remove(privilegeManager.getPrivilege(PrivilegeConstants.REP_WRITE)));
- // including repo-level operation privileges
- assertTrue(l.remove(privilegeManager.getPrivilege(PrivilegeConstants.JCR_NAMESPACE_MANAGEMENT)));
- assertTrue(l.remove(privilegeManager.getPrivilege(PrivilegeConstants.JCR_NODE_TYPE_DEFINITION_MANAGEMENT)));
- assertTrue(l.remove(privilegeManager.getPrivilege(PrivilegeConstants.JCR_WORKSPACE_MANAGEMENT)));
- assertTrue(l.remove(privilegeManager.getPrivilege(PrivilegeConstants.REP_PRIVILEGE_MANAGEMENT)));
+ private void assertPrivilege(Privilege priv, String name, boolean isAggregate, boolean isAbstract) {
+ assertNotNull(priv);
+ assertEquals(name, priv.getName());
+ assertEquals(isAggregate, priv.isAggregate());
+ assertEquals(isAbstract, priv.isAbstract());
+ }
+
+ public void testGetRegisteredPrivileges() throws RepositoryException {
+ Privilege[] registered = privilegeManager.getRegisteredPrivileges();
+ Set<Privilege> set = new HashSet<Privilege>();
+ Privilege all = privilegeManager.getPrivilege(Privilege.JCR_ALL);
+ set.add(all);
+ set.addAll(Arrays.asList(all.getAggregatePrivileges()));
+
+ for (Privilege p : registered) {
+ assertTrue(set.remove(p));
+ }
+ assertTrue(set.isEmpty());
+ }
+
+ public void testGetPrivilege() throws RepositoryException {
+ for (String privName : NON_AGGR_PRIVILEGES) {
+ Privilege p = privilegeManager.getPrivilege(privName);
+ assertPrivilege(p, privName, false, false);
+ }
+
+ for (String privName : AGGR_PRIVILEGES) {
+ Privilege p = privilegeManager.getPrivilege(privName);
+ assertPrivilege(p, privName, true, false);
+ }
+ }
+
+ public void testJcrAll() throws RepositoryException {
+ Privilege all = privilegeManager.getPrivilege(Privilege.JCR_ALL);
+ assertPrivilege(all, JCR_ALL, true, false);
+
+ List<Privilege> decl = Arrays.asList(all.getDeclaredAggregatePrivileges());
+ List<Privilege> aggr = new ArrayList<Privilege>(Arrays.asList(all.getAggregatePrivileges()));
+
+ assertFalse(decl.contains(all));
+ assertFalse(aggr.contains(all));
+
+ // declared and aggregated privileges are the same for jcr:all
+ assertTrue(decl.containsAll(aggr));
+
+ // test individual built-in privileges are listed in the aggregates
+ assertTrue(aggr.remove(privilegeManager.getPrivilege(Privilege.JCR_READ)));
+ assertTrue(aggr.remove(privilegeManager.getPrivilege(Privilege.JCR_ADD_CHILD_NODES)));
+ assertTrue(aggr.remove(privilegeManager.getPrivilege(Privilege.JCR_REMOVE_CHILD_NODES)));
+ assertTrue(aggr.remove(privilegeManager.getPrivilege(Privilege.JCR_MODIFY_PROPERTIES)));
+ assertTrue(aggr.remove(privilegeManager.getPrivilege(Privilege.JCR_REMOVE_NODE)));
+ assertTrue(aggr.remove(privilegeManager.getPrivilege(Privilege.JCR_READ_ACCESS_CONTROL)));
+ assertTrue(aggr.remove(privilegeManager.getPrivilege(Privilege.JCR_MODIFY_ACCESS_CONTROL)));
+ assertTrue(aggr.remove(privilegeManager.getPrivilege(Privilege.JCR_LIFECYCLE_MANAGEMENT)));
+ assertTrue(aggr.remove(privilegeManager.getPrivilege(Privilege.JCR_LOCK_MANAGEMENT)));
+ assertTrue(aggr.remove(privilegeManager.getPrivilege(Privilege.JCR_NODE_TYPE_MANAGEMENT)));
+ assertTrue(aggr.remove(privilegeManager.getPrivilege(Privilege.JCR_RETENTION_MANAGEMENT)));
+ assertTrue(aggr.remove(privilegeManager.getPrivilege(Privilege.JCR_VERSION_MANAGEMENT)));
+ assertTrue(aggr.remove(privilegeManager.getPrivilege(Privilege.JCR_WRITE)));
+ assertTrue(aggr.remove(privilegeManager.getPrivilege(PrivilegeConstants.REP_WRITE)));
+ assertTrue(aggr.remove(privilegeManager.getPrivilege(PrivilegeConstants.REP_ADD_PROPERTIES)));
+ assertTrue(aggr.remove(privilegeManager.getPrivilege(PrivilegeConstants.REP_ALTER_PROPERTIES)));
+ assertTrue(aggr.remove(privilegeManager.getPrivilege(PrivilegeConstants.REP_REMOVE_PROPERTIES)));
+ assertTrue(aggr.remove(privilegeManager.getPrivilege(PrivilegeConstants.JCR_NAMESPACE_MANAGEMENT)));
+ assertTrue(aggr.remove(privilegeManager.getPrivilege(PrivilegeConstants.JCR_NODE_TYPE_DEFINITION_MANAGEMENT)));
+ assertTrue(aggr.remove(privilegeManager.getPrivilege(PrivilegeConstants.JCR_WORKSPACE_MANAGEMENT)));
+ assertTrue(aggr.remove(privilegeManager.getPrivilege(PrivilegeConstants.REP_PRIVILEGE_MANAGEMENT)));
- assertTrue(l.isEmpty());
+ // there may be no privileges left
+ assertTrue(aggr.isEmpty());
}
@Test
@@ -377,52 +367,51 @@ public class PrivilegeManagerImplTest ex
}
}
-// FIXME: JCR_ALL privilege must be updated
-// @Test
-// public void testRegisterCustomPrivileges() throws RepositoryException {
-// Map<String, String[]> newCustomPrivs = new HashMap<String, String[]>();
-// newCustomPrivs.put("new", new String[0]);
-// newCustomPrivs.put("test:new", new String[0]);
-//
-// for (String name : newCustomPrivs.keySet()) {
-// boolean isAbstract = true;
-// String[] aggrNames = newCustomPrivs.get(name);
-//
-// Privilege registered = privilegeManager.registerPrivilege(name, isAbstract, aggrNames);
-//
-// // validate definition
-// Privilege privilege = privilegeManager.getPrivilege(name);
-// assertNotNull(privilege);
-// assertEquals(name, privilege.getName());
-// assertTrue(privilege.isAbstract());
-// assertEquals(0, privilege.getDeclaredAggregatePrivileges().length);
-// assertContainsDeclared(privilegeManager.getPrivilege(PrivilegeConstants.JCR_ALL), name);
-// }
-//
-// Map<String, String[]> newAggregates = new HashMap<String, String[]>();
-// // a new aggregate of custom privileges
-// newAggregates.put("newA2", getAggregateNames("test:new", "new"));
-// // a new aggregate of custom and built-in privilege
-// newAggregates.put("newA1", getAggregateNames("new", PrivilegeConstants.JCR_READ));
-// // aggregating built-in privileges
-// newAggregates.put("aggrBuiltIn", getAggregateNames(PrivilegeConstants.JCR_MODIFY_PROPERTIES, PrivilegeConstants.JCR_READ));
-//
-// for (String name : newAggregates.keySet()) {
-// boolean isAbstract = false;
-// String[] aggrNames = newAggregates.get(name);
-// privilegeManager.registerPrivilege(name, isAbstract, aggrNames);
-// Privilege p = privilegeManager.getPrivilege(name);
-//
-// assertNotNull(p);
-// assertEquals(name, p.getName());
-// assertFalse(p.isAbstract());
-//
-// for (String n : aggrNames) {
-// assertContainsDeclared(p, n);
-// }
-// assertContainsDeclared(privilegeManager.getPrivilege(PrivilegeConstants.JCR_ALL), name);
-// }
-// }
+ @Test
+ public void testRegisterCustomPrivileges() throws RepositoryException {
+ Map<String, String[]> newCustomPrivs = new HashMap<String, String[]>();
+ newCustomPrivs.put("new", new String[0]);
+ newCustomPrivs.put("test:new", new String[0]);
+
+ for (String name : newCustomPrivs.keySet()) {
+ boolean isAbstract = true;
+ String[] aggrNames = newCustomPrivs.get(name);
+
+ Privilege registered = privilegeManager.registerPrivilege(name, isAbstract, aggrNames);
+
+ // validate definition
+ Privilege privilege = privilegeManager.getPrivilege(name);
+ assertNotNull(privilege);
+ assertEquals(name, privilege.getName());
+ assertTrue(privilege.isAbstract());
+ assertEquals(0, privilege.getDeclaredAggregatePrivileges().length);
+ assertContainsDeclared(privilegeManager.getPrivilege(PrivilegeConstants.JCR_ALL), name);
+ }
+
+ Map<String, String[]> newAggregates = new HashMap<String, String[]>();
+ // a new aggregate of custom privileges
+ newAggregates.put("newA2", getAggregateNames("test:new", "new"));
+ // a new aggregate of custom and built-in privilege
+ newAggregates.put("newA1", getAggregateNames("new", PrivilegeConstants.JCR_READ));
+ // aggregating built-in privileges
+ newAggregates.put("aggrBuiltIn", getAggregateNames(PrivilegeConstants.JCR_MODIFY_PROPERTIES, PrivilegeConstants.JCR_READ));
+
+ for (String name : newAggregates.keySet()) {
+ boolean isAbstract = false;
+ String[] aggrNames = newAggregates.get(name);
+ privilegeManager.registerPrivilege(name, isAbstract, aggrNames);
+ Privilege p = privilegeManager.getPrivilege(name);
+
+ assertNotNull(p);
+ assertEquals(name, p.getName());
+ assertFalse(p.isAbstract());
+
+ for (String n : aggrNames) {
+ assertContainsDeclared(p, n);
+ }
+ assertContainsDeclared(privilegeManager.getPrivilege(PrivilegeConstants.JCR_ALL), name);
+ }
+ }
@Test
public void testCustomPrivilegeVisibleToNewSession() throws RepositoryException {