You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by el...@apache.org on 2010/07/02 15:34:56 UTC
svn commit: r959980 -
/directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/authz/AddAuthorizationIT.java
Author: elecharny
Date: Fri Jul 2 13:34:55 2010
New Revision: 959980
URL: http://svn.apache.org/viewvc?rev=959980&view=rev
Log:
Some more ACI formating
Modified:
directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/authz/AddAuthorizationIT.java
Modified: directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/authz/AddAuthorizationIT.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/authz/AddAuthorizationIT.java?rev=959980&r1=959979&r2=959980&view=diff
==============================================================================
--- directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/authz/AddAuthorizationIT.java (original)
+++ directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/authz/AddAuthorizationIT.java Fri Jul 2 13:34:55 2010
@@ -128,11 +128,24 @@ public class AddAuthorizationIT extends
// Gives grantAdd perm to all users in the Administrators group for
// entries and all attribute types and values
- createAccessControlSubentry( "administratorAdd", "{ " + "identificationTag \"addAci\", " + "precedence 14, "
- + "authenticationLevel none, " + "itemOrUserFirst userFirst: { "
- + "userClasses { userGroup { \"cn=Administrators,ou=groups,ou=system\" } }, " + "userPermissions { { "
- + "protectedItems {entry, allUserAttributeTypesAndValues}, "
- + "grantsAndDenials { grantAdd, grantBrowse } } } } }" );
+ createAccessControlSubentry(
+ "administratorAdd",
+ "{ " +
+ " identificationTag \"addAci\", " +
+ " precedence 14, " +
+ " authenticationLevel none, " +
+ " itemOrUserFirst userFirst: " +
+ " { " +
+ " userClasses { userGroup { \"cn=Administrators,ou=groups,ou=system\" } }, " +
+ " userPermissions " +
+ " { " +
+ " { " +
+ " protectedItems {entry, allUserAttributeTypesAndValues}, " +
+ " grantsAndDenials { grantAdd, grantBrowse } " +
+ " } " +
+ " } " +
+ " } " +
+ "}" );
// see if we can now add that test entry which we could not before
// add op should still fail since billd is not in the admin group
@@ -161,11 +174,24 @@ public class AddAuthorizationIT extends
assertFalse( checkCanAddEntryAs( "billyd", "billyd", "ou=testou" ) );
// now add a subentry that enables user billyd to add an entry below ou=system
- createAccessControlSubentry( "billydAdd", "{ " + "identificationTag \"addAci\", " + "precedence 14, "
- + "authenticationLevel none, " + "itemOrUserFirst userFirst: { "
- + "userClasses { name { \"uid=billyd,ou=users,ou=system\" } }, " + "userPermissions { { "
- + "protectedItems {entry, allUserAttributeTypesAndValues}, "
- + "grantsAndDenials { grantAdd, grantBrowse } } } } }" );
+ createAccessControlSubentry(
+ "billydAdd",
+ "{ " +
+ " identificationTag \"addAci\", " +
+ " precedence 14, " +
+ " authenticationLevel none, " +
+ " itemOrUserFirst userFirst: " +
+ " { " +
+ " userClasses { name { \"uid=billyd,ou=users,ou=system\" } }, " +
+ " userPermissions " +
+ " { " +
+ " { " +
+ " protectedItems {entry, allUserAttributeTypesAndValues}, " +
+ " grantsAndDenials { grantAdd, grantBrowse } " +
+ " } " +
+ " } " +
+ " } " +
+ "}" );
// should work now that billyd is authorized by name
assertTrue( checkCanAddEntryAs( "billyd", "billyd", "ou=testou" ) );
@@ -187,11 +213,27 @@ public class AddAuthorizationIT extends
assertFalse( checkCanAddEntryAs( "billyd", "billyd", "ou=testou" ) );
// now add a subentry that enables user billyd to add an entry below ou=system
- createAccessControlSubentry( "billyAddBySubtree", "{ " + "identificationTag \"addAci\", " + "precedence 14, "
- + "authenticationLevel none, " + "itemOrUserFirst userFirst: { "
- + "userClasses { subtree { { base \"ou=users,ou=system\" } } }, " + "userPermissions { { "
- + "protectedItems {entry, allUserAttributeTypesAndValues}, "
- + "grantsAndDenials { grantAdd, grantBrowse } } } } }" );
+ createAccessControlSubentry(
+ "billyAddBySubtree",
+ "{ " +
+ " identificationTag \"addAci\", " +
+ " precedence 14, " +
+ " authenticationLevel none, " +
+ " itemOrUserFirst userFirst: " +
+ " { " +
+ " userClasses " +
+ " { " +
+ " subtree { { base \"ou=users,ou=system\" } } " +
+ " }, " +
+ " userPermissions " +
+ " { " +
+ " { " +
+ " protectedItems {entry, allUserAttributeTypesAndValues}, " +
+ " grantsAndDenials { grantAdd, grantBrowse } " +
+ " } " +
+ " } " +
+ " } " +
+ "}" );
// should work now that billyd is authorized by the subtree userClass
assertTrue( checkCanAddEntryAs( "billyd", "billyd", "ou=testou" ) );
@@ -213,10 +255,24 @@ public class AddAuthorizationIT extends
assertFalse( checkCanAddEntryAs( "billyd", "billyd", "ou=testou" ) );
// now add a subentry that enables anyone to add an entry below ou=system
- createAccessControlSubentry( "anybodyAdd", "{ " + "identificationTag \"addAci\", " + "precedence 14, "
- + "authenticationLevel none, " + "itemOrUserFirst userFirst: { " + "userClasses { allUsers }, "
- + "userPermissions { { " + "protectedItems {entry, allUserAttributeTypesAndValues}, "
- + "grantsAndDenials { grantAdd, grantBrowse } } } } }" );
+ createAccessControlSubentry(
+ "anybodyAdd",
+ "{ " +
+ " identificationTag \"addAci\", " +
+ " precedence 14, " +
+ " authenticationLevel none, " +
+ " itemOrUserFirst userFirst: " +
+ " { " +
+ " userClasses { allUsers }, " +
+ " userPermissions " +
+ " { " +
+ " { " +
+ " protectedItems {entry, allUserAttributeTypesAndValues}, " +
+ " grantsAndDenials { grantAdd, grantBrowse } " +
+ " } " +
+ " } " +
+ " } " +
+ "}" );
// see if we can now add that test entry which we could not before
// should work now with billyd now that all users are authorized