You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by el...@apache.org on 2010/12/25 20:20:01 UTC
svn commit: r1052799 - in /directory/apacheds/branches/apacheds-AP:
core-integ/src/test/java/org/apache/directory/server/core/subtree/
core/src/main/java/org/apache/directory/server/core/subtree/
Author: elecharny
Date: Sat Dec 25 19:20:01 2010
New Revision: 1052799
URL: http://svn.apache.org/viewvc?rev=1052799&view=rev
Log:
o Implemented the Del operation for APs
o Added some tests for the AP Del operation
Added:
directory/apacheds/branches/apacheds-AP/core-integ/src/test/java/org/apache/directory/server/core/subtree/SubentryDeleteOperationIT.java
Modified:
directory/apacheds/branches/apacheds-AP/core-integ/src/test/java/org/apache/directory/server/core/subtree/SubentryAddOperationIT.java
directory/apacheds/branches/apacheds-AP/core/src/main/java/org/apache/directory/server/core/subtree/SubentryInterceptor.java
Modified: directory/apacheds/branches/apacheds-AP/core-integ/src/test/java/org/apache/directory/server/core/subtree/SubentryAddOperationIT.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/apacheds-AP/core-integ/src/test/java/org/apache/directory/server/core/subtree/SubentryAddOperationIT.java?rev=1052799&r1=1052798&r2=1052799&view=diff
==============================================================================
--- directory/apacheds/branches/apacheds-AP/core-integ/src/test/java/org/apache/directory/server/core/subtree/SubentryAddOperationIT.java (original)
+++ directory/apacheds/branches/apacheds-AP/core-integ/src/test/java/org/apache/directory/server/core/subtree/SubentryAddOperationIT.java Sat Dec 25 19:20:01 2010
@@ -43,7 +43,7 @@ import org.junit.runner.RunWith;
/**
- * Test cases for the AdministrativePoint interceptor.
+ * Test cases for the AdministrativePoint interceptor Add operation.
*
* @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
*/
Added: directory/apacheds/branches/apacheds-AP/core-integ/src/test/java/org/apache/directory/server/core/subtree/SubentryDeleteOperationIT.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/apacheds-AP/core-integ/src/test/java/org/apache/directory/server/core/subtree/SubentryDeleteOperationIT.java?rev=1052799&view=auto
==============================================================================
--- directory/apacheds/branches/apacheds-AP/core-integ/src/test/java/org/apache/directory/server/core/subtree/SubentryDeleteOperationIT.java (added)
+++ directory/apacheds/branches/apacheds-AP/core-integ/src/test/java/org/apache/directory/server/core/subtree/SubentryDeleteOperationIT.java Sat Dec 25 19:20:01 2010
@@ -0,0 +1,275 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.directory.server.core.subtree;
+
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertNotNull;
+import static org.junit.Assert.assertNull;
+
+import org.apache.directory.ldap.client.api.LdapConnection;
+import org.apache.directory.server.core.annotations.ApplyLdifs;
+import org.apache.directory.server.core.annotations.CreateDS;
+import org.apache.directory.server.core.integ.AbstractLdapTestUnit;
+import org.apache.directory.server.core.integ.FrameworkRunner;
+import org.apache.directory.server.core.integ.IntegrationUtils;
+import org.apache.directory.shared.ldap.entry.Entry;
+import org.apache.directory.shared.ldap.ldif.LdifUtils;
+import org.apache.directory.shared.ldap.message.AddResponse;
+import org.apache.directory.shared.ldap.message.DeleteResponse;
+import org.apache.directory.shared.ldap.message.ResultCodeEnum;
+import org.junit.After;
+import org.junit.Before;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+
+
+/**
+ * Test cases for the AdministrativePoint interceptor delete operation.
+ *
+ * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
+ */
+@RunWith(FrameworkRunner.class)
+@CreateDS(name = "AdministrativePointServiceIT")
+@ApplyLdifs(
+ {
+ // A test branch
+ "dn: cn=test,ou=system",
+ "objectClass: top",
+ "objectClass: person",
+ "cn: test",
+ "sn: test",
+ "userpassword: test"
+ })
+public class SubentryDeleteOperationIT extends AbstractLdapTestUnit
+{
+ // The shared LDAP admin connection
+ private static LdapConnection adminConnection;
+
+ // The shared LDAP user connection
+ private static LdapConnection userConnection;
+
+
+ @Before
+ public void init() throws Exception
+ {
+ adminConnection = IntegrationUtils.getAdminConnection( service );
+ userConnection = IntegrationUtils.getConnectionAs( service, "cn=test,ou=system", "test" );
+ }
+
+
+ @After
+ public void shutdown() throws Exception
+ {
+ adminConnection.close();
+ userConnection.close();
+ }
+
+
+ // ===================================================================
+ // Test the Delete operation
+ // -------------------------------------------------------------------
+ // Failure expected
+ // -------------------------------------------------------------------
+ /**
+ * Test the deletion of an AP with children
+ */
+ @Test
+ public void testDeleteAPWithChildren() throws Exception
+ {
+ Entry autonomousArea = LdifUtils.createEntry(
+ "ou=AAP,ou=system",
+ "ObjectClass: top",
+ "ObjectClass: organizationalUnit",
+ "ou: AAP",
+ "administrativeRole: autonomousArea" );
+
+ // It should succeed
+ AddResponse response = adminConnection.add( autonomousArea );
+
+ assertEquals( ResultCodeEnum.SUCCESS, response.getLdapResult().getResultCode() );
+
+ // Add a subentry now
+ Entry subentry = LdifUtils.createEntry(
+ "cn=test,ou=AAP,ou=system",
+ "ObjectClass: top",
+ "ObjectClass: subentry",
+ "ObjectClass: collectiveAttributeSubentry",
+ "cn: test",
+ "subtreeSpecification: {}",
+ "c-o: Test Org" );
+
+ response = adminConnection.add( subentry );
+ assertEquals( ResultCodeEnum.SUCCESS, response.getLdapResult().getResultCode() );
+
+ Entry subentryEntry = adminConnection.lookup( "cn=test,ou=AAP,ou=system", "+", "*" );
+ assertNotNull( subentryEntry );
+
+ Entry ap = adminConnection.lookup( "ou=AAP,ou=system", "+", "*" );
+ assertNotNull( ap );
+ assertEquals( "0", ap.get( "APSeqNumber" ).getString() );
+
+ // Now try to delete the AP
+ DeleteResponse delResponse = adminConnection.delete( "ou=AAP,ou=system" );
+
+ assertEquals( ResultCodeEnum.NOT_ALLOWED_ON_NON_LEAF, delResponse.getLdapResult().getResultCode() );
+ }
+
+
+ @Test
+ public void testDeleteSAPNonAdmin() throws Exception
+ {
+ Entry sap = LdifUtils.createEntry(
+ "ou=SAP,ou=system",
+ "ObjectClass: top",
+ "ObjectClass: organizationalUnit",
+ "ou: SAP",
+ "administrativeRole: collectiveAttributeSpecificArea" );
+
+ // It should succeed
+ AddResponse response = adminConnection.add( sap );
+
+ assertEquals( ResultCodeEnum.SUCCESS, response.getLdapResult().getResultCode() );
+
+ // Now try to delete the AP with another user
+ DeleteResponse delResponse = userConnection.delete( "ou=SAP,ou=system" );
+
+ assertEquals( ResultCodeEnum.UNWILLING_TO_PERFORM, delResponse.getLdapResult().getResultCode() );
+
+ // Check that the SAP is still present
+ Entry entry = adminConnection.lookup( "ou=SAP,ou=system" );
+
+ assertNotNull( entry );
+ }
+
+
+ // -------------------------------------------------------------------
+ // Success expected
+ // -------------------------------------------------------------------
+ @Test
+ public void testDeleteAAP() throws Exception
+ {
+ Entry autonomousArea = LdifUtils.createEntry(
+ "ou=AAP2,ou=system",
+ "ObjectClass: top",
+ "ObjectClass: organizationalUnit",
+ "ou: AAP",
+ "administrativeRole: autonomousArea" );
+
+ // It should succeed
+ AddResponse response = adminConnection.add( autonomousArea );
+
+ assertEquals( ResultCodeEnum.SUCCESS, response.getLdapResult().getResultCode() );
+
+ // Now try to delete the AP
+ DeleteResponse delResponse = adminConnection.delete( "ou=AAP2,ou=system" );
+
+ assertEquals( ResultCodeEnum.SUCCESS, delResponse.getLdapResult().getResultCode() );
+
+ // Check that the AAP is not anymore present
+ Entry aap = adminConnection.lookup( "ou=AAP2,ou=system" );
+
+ assertNull( aap );
+ }
+
+
+ @Test
+ public void testDeleteSAP() throws Exception
+ {
+ Entry sap = LdifUtils.createEntry(
+ "ou=SAP,ou=system",
+ "ObjectClass: top",
+ "ObjectClass: organizationalUnit",
+ "ou: SAP",
+ "administrativeRole: collectiveAttributeSpecificArea" );
+
+ // It should succeed
+ AddResponse response = adminConnection.add( sap );
+
+ assertEquals( ResultCodeEnum.SUCCESS, response.getLdapResult().getResultCode() );
+
+ // Now try to delete the AP
+ DeleteResponse delResponse = adminConnection.delete( "ou=SAP,ou=system" );
+
+ assertEquals( ResultCodeEnum.SUCCESS, delResponse.getLdapResult().getResultCode() );
+
+ // Check that the SAP is not anymore present
+ Entry aap = adminConnection.lookup( "ou=SAP,ou=system" );
+
+ assertNull( aap );
+ }
+
+
+
+
+ @Test
+ public void testDeleteIAP() throws Exception
+ {
+ Entry sap = LdifUtils.createEntry(
+ "ou=SAP1,ou=system",
+ "ObjectClass: top",
+ "ObjectClass: organizationalUnit",
+ "ou: SAP1",
+ "administrativeRole: collectiveAttributeSpecificArea" );
+
+ // It should succeed
+ AddResponse response = adminConnection.add( sap );
+
+ assertEquals( ResultCodeEnum.SUCCESS, response.getLdapResult().getResultCode() );
+
+ // Add the IAP
+ Entry iap = LdifUtils.createEntry(
+ "ou=IAP1,ou=SAP1,ou=system",
+ "ObjectClass: top",
+ "ObjectClass: organizationalUnit",
+ "ou: IAP1",
+ "administrativeRole: collectiveAttributeInnerArea" );
+
+ // It should succeed
+ response = adminConnection.add( iap );
+
+ assertEquals( ResultCodeEnum.SUCCESS, response.getLdapResult().getResultCode() );
+
+ // Now try to delete the SAP (it should fail)
+ DeleteResponse delResponse = adminConnection.delete( "ou=SAP1,ou=system" );
+
+ assertEquals( ResultCodeEnum.NOT_ALLOWED_ON_NON_LEAF, delResponse.getLdapResult().getResultCode() );
+
+ // Remove the IAP first
+ delResponse = adminConnection.delete( "ou=IAP1,ou=SAP1,ou=system" );
+
+ assertEquals( ResultCodeEnum.SUCCESS, delResponse.getLdapResult().getResultCode() );
+
+ // Check that the IAP is not anymore present
+ Entry iapDel = adminConnection.lookup( "ou=IA1P,ou=SAP1,ou=system" );
+
+ assertNull( iapDel );
+
+ // Remove the SAP
+ delResponse = adminConnection.delete( "ou=SAP1,ou=system" );
+
+ assertEquals( ResultCodeEnum.SUCCESS, delResponse.getLdapResult().getResultCode() );
+
+ // Check that the SAP is not anymore present
+ Entry sapDel = adminConnection.lookup( "ou=SAP1,ou=system" );
+
+ assertNull( sapDel );
+ }
+}
Modified: directory/apacheds/branches/apacheds-AP/core/src/main/java/org/apache/directory/server/core/subtree/SubentryInterceptor.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/apacheds-AP/core/src/main/java/org/apache/directory/server/core/subtree/SubentryInterceptor.java?rev=1052799&r1=1052798&r2=1052799&view=diff
==============================================================================
--- directory/apacheds/branches/apacheds-AP/core/src/main/java/org/apache/directory/server/core/subtree/SubentryInterceptor.java (original)
+++ directory/apacheds/branches/apacheds-AP/core/src/main/java/org/apache/directory/server/core/subtree/SubentryInterceptor.java Sat Dec 25 19:20:01 2010
@@ -1503,6 +1503,88 @@ public class SubentryInterceptor extends
/**
+ * Delete the list of AP for a given entry. We can update the cache for each role,
+ * as if the AP doe snot have such a role, it won't do anythig anyway
+ */
+ private void deleteAdministrativePoints( EntryAttribute adminPoint, DN dn ) throws LdapException
+ {
+ // The AC SAP
+ directoryService.getAccessControlAPCache().remove( dn );
+
+ // The CA SAP
+ directoryService.getCollectiveAttributeAPCache().remove( dn );
+
+ // The TE SAP
+ directoryService.getTriggerExecutionAPCache().remove( dn );
+
+ // The SS SAP
+ directoryService.getSubschemaAPCache().remove( dn );
+ // If it's an AAP, we can get out immediately
+ return;
+
+ /*
+ if ( isAAP( adminPoint ) )
+ {
+ // The AC AAP
+ directoryService.getAccessControlAPCache().remove( dn );
+
+ // The CA AAP
+ directoryService.getCollectiveAttributeAPCache().remove( dn );
+
+ // The TE AAP
+ directoryService.getTriggerExecutionAPCache().remove( dn );
+
+ // The SS AAP
+ directoryService.getSubschemaAPCache().remove( dn );
+
+ // If it's an AAP, we can get out immediately
+ return;
+ }
+
+ // Not an AAP
+ for ( Value<?> value : adminPoint )
+ {
+ String role = value.getString();
+
+ // Deal with AccessControl AP
+ if ( isAccessControlSpecificRole( role ) || isAccessControlInnerRole( role ) )
+ {
+ directoryService.getAccessControlAPCache().remove( dn );
+
+ continue;
+ }
+
+ // Deal with CollectiveAttribute AP
+ if ( isCollectiveAttributeSpecificRole( role ) || isCollectiveAttributeInnerRole( role ) )
+ {
+ directoryService.getCollectiveAttributeAPCache().remove( dn );
+
+ continue;
+ }
+
+ // Deal with SubSchema AP
+ if ( isSubschemaSpecficRole( role ) )
+ {
+ directoryService.getSubschemaAPCache().remove( dn );
+
+ continue;
+ }
+
+ // Deal with TriggerExecution AP
+ if ( isTriggerExecutionSpecificRole( role ) || isTriggerExecutionInnerRole( role ) )
+ {
+ directoryService.getTriggerExecutionAPCache().remove( dn );
+
+ continue;
+ }
+ }
+
+ return;
+ */
+ }
+
+
+ /**
* Get the AdministrativePoint associated with a subentry
* @param apDn
* @return
@@ -1908,18 +1990,27 @@ public class SubentryInterceptor extends
// First, deal with an AP deletion
if ( adminPointAT != null )
{
+ if ( !isAdmin )
+ {
+ String message = "Cannot delete the given AdministrativePoint, user is not an Admin";
+ LOG.error( message );
+
+ throw new LdapUnwillingToPerformException( message );
+ }
+
// It's an AP : we can delete the entry, and if done successfully,
// we can update the APCache for each role
next.delete( deleteContext );
// Now, update the AP cache
+ deleteAdministrativePoints( adminPointAT, dn );
}
else if ( entry.contains( OBJECT_CLASS_AT, SchemaConstants.SUBENTRY_OC ) )
{
// It's a subentry
if ( !isAdmin )
{
- String message = "Cannot add the given Subentry, user is not an Admin";
+ String message = "Cannot delete the given Subentry, user is not an Admin";
LOG.error( message );
throw new LdapUnwillingToPerformException( message );