You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by el...@apache.org on 2010/07/02 16:48:04 UTC
svn commit: r960013 - in
/directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/authz:
DeleteAuthorizationIT.java GeneralAuthorizationIT.java
ModifyAuthorizationIT.java
Author: elecharny
Date: Fri Jul 2 14:48:03 2010
New Revision: 960013
URL: http://svn.apache.org/viewvc?rev=960013&view=rev
Log:
Some more ACI formating
Modified:
directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/authz/DeleteAuthorizationIT.java
directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/authz/GeneralAuthorizationIT.java
directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/authz/ModifyAuthorizationIT.java
Modified: directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/authz/DeleteAuthorizationIT.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/authz/DeleteAuthorizationIT.java?rev=960013&r1=960012&r2=960013&view=diff
==============================================================================
--- directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/authz/DeleteAuthorizationIT.java (original)
+++ directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/authz/DeleteAuthorizationIT.java Fri Jul 2 14:48:03 2010
@@ -135,10 +135,24 @@ public class DeleteAuthorizationIT exten
// Gives grantRemove perm to all users in the Administrators group for
// entries and all attribute types and values
- createAccessControlSubentry( "administratorAdd", "{ " + "identificationTag \"addAci\", " + "precedence 14, "
- + "authenticationLevel none, " + "itemOrUserFirst userFirst: { "
- + "userClasses { userGroup { \"cn=Administrators,ou=groups,ou=system\" } }, " + "userPermissions { { "
- + "protectedItems {entry}, " + "grantsAndDenials { grantRemove, grantBrowse } } } } }" );
+ createAccessControlSubentry(
+ "administratorAdd",
+ "{ " +
+ " identificationTag \"addAci\", " +
+ " precedence 14, " +
+ " authenticationLevel none, " +
+ " itemOrUserFirst userFirst: " +
+ " { " +
+ " userClasses { userGroup { \"cn=Administrators,ou=groups,ou=system\" } }, " +
+ " userPermissions " +
+ " { " +
+ " { " +
+ " protectedItems {entry}, " +
+ " grantsAndDenials { grantRemove, grantBrowse } " +
+ " } " +
+ " } " +
+ " } " +
+ "}" );
// see if we can now delete that test entry which we could not before
// delete op should still fail since billd is not in the admin group
@@ -167,10 +181,24 @@ public class DeleteAuthorizationIT exten
assertFalse( checkCanDeleteEntryAs( "billyd", "billyd", "ou=testou" ) );
// now add a subentry that enables user billyd to delete an entry below ou=system
- createAccessControlSubentry( "billydAdd", "{ " + "identificationTag \"addAci\", " + "precedence 14, "
- + "authenticationLevel none, " + "itemOrUserFirst userFirst: { "
- + "userClasses { name { \"uid=billyd,ou=users,ou=system\" } }, " + "userPermissions { { "
- + "protectedItems {entry}, " + "grantsAndDenials { grantRemove, grantBrowse } } } } }" );
+ createAccessControlSubentry(
+ "billydAdd",
+ "{ " +
+ " identificationTag \"addAci\", " +
+ " precedence 14, " +
+ " authenticationLevel none, " +
+ " itemOrUserFirst userFirst: " +
+ " { " +
+ " userClasses { name { \"uid=billyd,ou=users,ou=system\" } }, " +
+ " userPermissions " +
+ " { " +
+ " { " +
+ " protectedItems {entry}, " +
+ " grantsAndDenials { grantRemove, grantBrowse } " +
+ " } " +
+ " } " +
+ " } " +
+ "}" );
// should work now that billyd is authorized by name
assertTrue( checkCanDeleteEntryAs( "billyd", "billyd", "ou=testou" ) );
@@ -192,10 +220,27 @@ public class DeleteAuthorizationIT exten
assertFalse( checkCanDeleteEntryAs( "billyd", "billyd", "ou=testou" ) );
// now add a subentry that enables user billyd to delte an entry below ou=system
- createAccessControlSubentry( "billyAddBySubtree", "{ " + "identificationTag \"addAci\", " + "precedence 14, "
- + "authenticationLevel none, " + "itemOrUserFirst userFirst: { "
- + "userClasses { subtree { { base \"ou=users,ou=system\" } } }, " + "userPermissions { { "
- + "protectedItems {entry}, " + "grantsAndDenials { grantRemove, grantBrowse } } } } }" );
+ createAccessControlSubentry(
+ "billyAddBySubtree",
+ "{ " +
+ " identificationTag \"addAci\", " +
+ " precedence 14, " +
+ " authenticationLevel none, " +
+ " itemOrUserFirst userFirst: " +
+ " { " +
+ " userClasses " +
+ " { " +
+ " subtree { { base \"ou=users,ou=system\" } } " +
+ " }, " +
+ " userPermissions " +
+ " { " +
+ " { " +
+ " protectedItems {entry}, " +
+ " grantsAndDenials { grantRemove, grantBrowse } " +
+ " } " +
+ " } " +
+ " } " +
+ "}" );
// should work now that billyd is authorized by the subtree userClass
assertTrue( checkCanDeleteEntryAs( "billyd", "billyd", "ou=testou" ) );
@@ -217,10 +262,24 @@ public class DeleteAuthorizationIT exten
assertFalse( checkCanDeleteEntryAs( "billyd", "billyd", "ou=testou" ) );
// now add a subentry that enables anyone to add an entry below ou=system
- createAccessControlSubentry( "anybodyAdd", "{ " + "identificationTag \"addAci\", " + "precedence 14, "
- + "authenticationLevel none, " + "itemOrUserFirst userFirst: { " + "userClasses { allUsers }, "
- + "userPermissions { { " + "protectedItems {entry}, "
- + "grantsAndDenials { grantRemove, grantBrowse } } } } }" );
+ createAccessControlSubentry(
+ "anybodyAdd",
+ "{ " +
+ " identificationTag \"addAci\", " +
+ " precedence 14, " +
+ " authenticationLevel none, " +
+ " itemOrUserFirst userFirst: " +
+ " { " +
+ " userClasses { allUsers }, " +
+ " userPermissions " +
+ " { " +
+ " { " +
+ " protectedItems {entry}, " +
+ " grantsAndDenials { grantRemove, grantBrowse } " +
+ " } " +
+ " } " +
+ " } " +
+ "}" );
// see if we can now delete that test entry which we could not before
// should work now with billyd now that all users are authorized
Modified: directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/authz/GeneralAuthorizationIT.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/authz/GeneralAuthorizationIT.java?rev=960013&r1=960012&r2=960013&view=diff
==============================================================================
--- directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/authz/GeneralAuthorizationIT.java (original)
+++ directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/authz/GeneralAuthorizationIT.java Fri Jul 2 14:48:03 2010
@@ -64,10 +64,22 @@ public class GeneralAuthorizationIT exte
public void testFailureToAddBadACI() throws Exception
{
// add a subentry with malformed ACI
- ResultCodeEnum result = createAccessControlSubentry( "anybodyAdd", "{ " + "identificationTag \"addAci\", " + "precedence 14, "
- + "authenticationLevel none, " + "itemOrUserFirst userFirst: { " + "userClasses { allUsers }, "
- + "userPermissions { { " + "protectedItems {entry, allUserAttributeTypesAndValues}, "
- + "grantsAndDenials { grantAdd, grantBrowse } } }" );
+ ResultCodeEnum result = createAccessControlSubentry(
+ "anybodyAdd",
+ "{ " +
+ " identificationTag \"addAci\", " +
+ " precedence 14, " +
+ " authenticationLevel none, " +
+ " itemOrUserFirst userFirst: " +
+ " { " +
+ " userClasses { allUsers }, " +
+ " userPermissions " +
+ " { " +
+ " { " +
+ " protectedItems {entry, allUserAttributeTypesAndValues}, " +
+ " grantsAndDenials { grantAdd, grantBrowse } " +
+ " } " +
+ " }" );
assertEquals( ResultCodeEnum.INVALID_ATTRIBUTE_SYNTAX, result );
}
}
Modified: directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/authz/ModifyAuthorizationIT.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/authz/ModifyAuthorizationIT.java?rev=960013&r1=960012&r2=960013&view=diff
==============================================================================
--- directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/authz/ModifyAuthorizationIT.java (original)
+++ directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/authz/ModifyAuthorizationIT.java Fri Jul 2 14:48:03 2010
@@ -40,8 +40,8 @@ import org.apache.directory.server.core.
import org.apache.directory.server.core.integ.IntegrationUtils;
import org.apache.directory.shared.ldap.constants.SchemaConstants;
import org.apache.directory.shared.ldap.entry.DefaultEntry;
-import org.apache.directory.shared.ldap.entry.DefaultModification;
import org.apache.directory.shared.ldap.entry.DefaultEntryAttribute;
+import org.apache.directory.shared.ldap.entry.DefaultModification;
import org.apache.directory.shared.ldap.entry.Entry;
import org.apache.directory.shared.ldap.entry.EntryAttribute;
import org.apache.directory.shared.ldap.entry.Modification;
@@ -266,12 +266,28 @@ public class ModifyAuthorizationIT exten
// Gives grantModify, and grantRead perm to all users in the Administrators group for
// entries and all attribute types and values
- createAccessControlSubentry( "selfModifyUserPassword", "{ " + "identificationTag \"addAci\", "
- + "precedence 14, " + "authenticationLevel none, " + "itemOrUserFirst userFirst: { "
- + "userClasses { thisEntry }, " + "userPermissions { "
- + "{ protectedItems {entry}, grantsAndDenials { grantModify, grantBrowse, grantRead } }, "
- + "{ protectedItems {allAttributeValues {userPassword}}, grantsAndDenials { grantAdd, grantRemove } } "
- + "} } }" );
+ createAccessControlSubentry(
+ "selfModifyUserPassword",
+ "{ " +
+ " identificationTag \"addAci\", " +
+ " precedence 14, " +
+ " authenticationLevel none, " +
+ " itemOrUserFirst userFirst: " +
+ " { " +
+ " userClasses { thisEntry }, " +
+ " userPermissions " +
+ " { " +
+ " { " +
+ " protectedItems {entry}, " +
+ " grantsAndDenials { grantModify, grantBrowse, grantRead } " +
+ " }, " +
+ " { " +
+ " protectedItems {allAttributeValues {userPassword}}, " +
+ " grantsAndDenials { grantAdd, grantRemove } " +
+ " } " +
+ " } " +
+ " } " +
+ "}" );
// try a modify operation which should succeed with ACI
assertTrue( checkCanSelfModify( "billyd", "billyd", mods ) );
@@ -307,16 +323,30 @@ public class ModifyAuthorizationIT exten
// entries and all attribute types and values
createAccessControlSubentry(
"administratorModifyAdd",
- "{ "
- + "identificationTag \"addAci\", "
- + "precedence 14, "
- + "authenticationLevel none, "
- + "itemOrUserFirst userFirst: { "
- + "userClasses { userGroup { \"cn=TestGroup,ou=groups,ou=system\" } }, "
- + "userPermissions { "
- + "{ protectedItems {entry}, grantsAndDenials { grantModify, grantBrowse } }, "
- + "{ protectedItems {attributeType {registeredAddress}, allAttributeValues {registeredAddress}}, grantsAndDenials { grantAdd } } "
- + "} } }" );
+ "{ " +
+ " identificationTag \"addAci\", " +
+ " precedence 14, " +
+ " authenticationLevel none, " +
+ " itemOrUserFirst userFirst: " +
+ " { " +
+ " userClasses { userGroup { \"cn=TestGroup,ou=groups,ou=system\" } }, " +
+ " userPermissions " +
+ " { " +
+ " { " +
+ " protectedItems {entry}, " +
+ " grantsAndDenials { grantModify, grantBrowse } " +
+ " }, " +
+ " { " +
+ " protectedItems " +
+ " {" +
+ " attributeType {registeredAddress}, " +
+ " allAttributeValues {registeredAddress}" +
+ " }, " +
+ " grantsAndDenials { grantAdd } " +
+ " } " +
+ " } " +
+ " } " +
+ "}" );
// see if we can now add that test entry which we could not before
// add op should still fail since billd is not in the admin group
@@ -344,16 +374,30 @@ public class ModifyAuthorizationIT exten
// entries and all attribute types and values
createAccessControlSubentry(
"administratorModifyRemove",
- "{ "
- + "identificationTag \"addAci\", "
- + "precedence 14, "
- + "authenticationLevel none, "
- + "itemOrUserFirst userFirst: { "
- + "userClasses { userGroup { \"cn=TestGroup,ou=groups,ou=system\" } }, "
- + "userPermissions { "
- + "{ protectedItems {entry}, grantsAndDenials { grantModify, grantBrowse } }, "
- + "{ protectedItems {attributeType {telephoneNumber}, allAttributeValues {telephoneNumber}}, grantsAndDenials { grantRemove } } "
- + "} } }" );
+ "{ " +
+ " identificationTag \"addAci\", " +
+ " precedence 14, " +
+ " authenticationLevel none, " +
+ " itemOrUserFirst userFirst: " +
+ " { " +
+ " userClasses { userGroup { \"cn=TestGroup,ou=groups,ou=system\" } }, " +
+ " userPermissions " +
+ " { " +
+ " { " +
+ " protectedItems {entry}, " +
+ " grantsAndDenials { grantModify, grantBrowse } " +
+ " }, " +
+ " { " +
+ " protectedItems " +
+ " {" +
+ " attributeType {telephoneNumber}, " +
+ " allAttributeValues {telephoneNumber}" +
+ " }, " +
+ " grantsAndDenials { grantRemove } " +
+ " } " +
+ " } " +
+ " } " +
+ "}" );
// try a modify operation which should succeed with ACI and group membership change
assertTrue( checkCanModifyAs( "billyd", "billyd", "ou=testou", mods ) );
@@ -374,16 +418,30 @@ public class ModifyAuthorizationIT exten
// entries and all attribute types and values
createAccessControlSubentry(
"administratorModifyReplace",
- "{ "
- + "identificationTag \"addAci\", "
- + "precedence 14, "
- + "authenticationLevel none, "
- + "itemOrUserFirst userFirst: { "
- + "userClasses { userGroup { \"cn=TestGroup,ou=groups,ou=system\" } }, "
- + "userPermissions { "
- + "{ protectedItems {entry}, grantsAndDenials { grantModify, grantBrowse } }, "
- + "{ protectedItems {attributeType {registeredAddress}, allAttributeValues {telephoneNumber}}, grantsAndDenials { grantAdd, grantRemove } } "
- + "} } }" );
+ "{ " +
+ " identificationTag \"addAci\", " +
+ " precedence 14, " +
+ " authenticationLevel none, " +
+ " itemOrUserFirst userFirst: " +
+ " { " +
+ " userClasses { userGroup { \"cn=TestGroup,ou=groups,ou=system\" } }, " +
+ " userPermissions " +
+ " { " +
+ " { " +
+ " protectedItems {entry}, " +
+ " grantsAndDenials { grantModify, grantBrowse } " +
+ " }, " +
+ " { " +
+ " protectedItems " +
+ " {" +
+ " attributeType {registeredAddress}, " +
+ " allAttributeValues {telephoneNumber}" +
+ " }, " +
+ " grantsAndDenials { grantAdd, grantRemove } " +
+ " } " +
+ " } " +
+ " } " +
+ "}" );
// try a modify operation which should succeed with ACI and group membership change
assertTrue( checkCanModifyAs( "billyd", "billyd", "ou=testou", mods ) );
@@ -406,16 +464,30 @@ public class ModifyAuthorizationIT exten
// entries and all attribute types and values
createAccessControlSubentry(
"administratorModifyAdd",
- "{ "
- + "identificationTag \"addAci\", "
- + "precedence 14, "
- + "authenticationLevel none, "
- + "itemOrUserFirst userFirst: { "
- + "userClasses { userGroup { \"cn=TestGroup,ou=groups,ou=system\" } }, "
- + "userPermissions { "
- + "{ protectedItems {entry}, grantsAndDenials { grantModify, grantBrowse } }, "
- + "{ protectedItems {attributeType {registeredAddress}, allAttributeValues {registeredAddress}}, grantsAndDenials { grantAdd } } "
- + "} } }" );
+ "{ " +
+ " identificationTag \"addAci\", " +
+ " precedence 14, " +
+ " authenticationLevel none, " +
+ " itemOrUserFirst userFirst: " +
+ " { " +
+ " userClasses { userGroup { \"cn=TestGroup,ou=groups,ou=system\" } }, " +
+ " userPermissions " +
+ " { " +
+ " { " +
+ " protectedItems {entry}, " +
+ " grantsAndDenials { grantModify, grantBrowse } " +
+ " }, " +
+ " { " +
+ " protectedItems " +
+ " {" +
+ " attributeType {registeredAddress}, " +
+ " allAttributeValues {registeredAddress}" +
+ " }, " +
+ " grantsAndDenials { grantAdd } " +
+ " } " +
+ " } " +
+ " } " +
+ "}" );
// try a modify operation which should succeed with ACI and group membership change
assertTrue( checkCanModifyAs( "billyd", "billyd", "ou=testou", ModificationOperation.ADD_ATTRIBUTE, changes ) );
@@ -435,16 +507,30 @@ public class ModifyAuthorizationIT exten
// entries and all attribute types and values
createAccessControlSubentry(
"administratorModifyRemove",
- "{ "
- + "identificationTag \"addAci\", "
- + "precedence 14, "
- + "authenticationLevel none, "
- + "itemOrUserFirst userFirst: { "
- + "userClasses { userGroup { \"cn=TestGroup,ou=groups,ou=system\" } }, "
- + "userPermissions { "
- + "{ protectedItems {entry}, grantsAndDenials { grantModify, grantBrowse } }, "
- + "{ protectedItems {attributeType {telephoneNumber}, allAttributeValues {telephoneNumber}}, grantsAndDenials { grantRemove } } "
- + "} } }" );
+ "{ " +
+ " identificationTag \"addAci\", " +
+ " precedence 14, " +
+ " authenticationLevel none, " +
+ " itemOrUserFirst userFirst: " +
+ " { " +
+ " userClasses { userGroup { \"cn=TestGroup,ou=groups,ou=system\" } }, " +
+ " userPermissions " +
+ " { " +
+ " { " +
+ " protectedItems {entry}, " +
+ " grantsAndDenials { grantModify, grantBrowse } " +
+ " }, " +
+ " { " +
+ " protectedItems " +
+ " {" +
+ " attributeType {telephoneNumber}, " +
+ " allAttributeValues {telephoneNumber}" +
+ " }, " +
+ " grantsAndDenials { grantRemove } " +
+ " } " +
+ " } " +
+ " } " +
+ "}" );
// try a modify operation which should succeed with ACI and group membership change
assertTrue( checkCanModifyAs( "billyd", "billyd", "ou=testou", ModificationOperation.REMOVE_ATTRIBUTE, changes ) );
@@ -464,16 +550,30 @@ public class ModifyAuthorizationIT exten
// entries and all attribute types and values
createAccessControlSubentry(
"administratorModifyReplace",
- "{ "
- + "identificationTag \"addAci\", "
- + "precedence 14, "
- + "authenticationLevel none, "
- + "itemOrUserFirst userFirst: { "
- + "userClasses { userGroup { \"cn=TestGroup,ou=groups,ou=system\" } }, "
- + "userPermissions { "
- + "{ protectedItems {entry}, grantsAndDenials { grantModify, grantBrowse } }, "
- + "{ protectedItems {attributeType {registeredAddress}, allAttributeValues {telephoneNumber}}, grantsAndDenials { grantAdd, grantRemove } } "
- + "} } }" );
+ "{ " +
+ " identificationTag \"addAci\", " +
+ " precedence 14, " +
+ " authenticationLevel none, " +
+ " itemOrUserFirst userFirst: " +
+ " { " +
+ " userClasses { userGroup { \"cn=TestGroup,ou=groups,ou=system\" } }, " +
+ " userPermissions " +
+ " { " +
+ " { " +
+ " protectedItems {entry}, " +
+ " grantsAndDenials { grantModify, grantBrowse } " +
+ " }, " +
+ " { " +
+ " protectedItems " +
+ " {" +
+ " attributeType {registeredAddress}, " +
+ " allAttributeValues {telephoneNumber}" +
+ " }, " +
+ " grantsAndDenials { grantAdd, grantRemove } " +
+ " } " +
+ " } " +
+ " } " +
+ "}" );
// try a modify operation which should succeed with ACI and group membership change
assertTrue( checkCanModifyAs( "billyd", "billyd", "ou=testou", ModificationOperation.REPLACE_ATTRIBUTE, changes ) );
@@ -579,24 +679,46 @@ public class ModifyAuthorizationIT exten
createAccessControlSubentry(
"modifyACI",
- "{ "
- + "identificationTag \"modifyAci\", "
- + "precedence 14, "
- + "authenticationLevel none, "
- + "itemOrUserFirst userFirst: { "
- + "userClasses { allUsers }, "
- + "userPermissions { "
- + "{ protectedItems {entry, allUserAttributeTypesAndValues}, grantsAndDenials { grantModify, grantBrowse, grantAdd, grantRemove } } } } }" );
+ "{ " +
+ " identificationTag \"modifyAci\", " +
+ " precedence 14, " +
+ " authenticationLevel none, " +
+ " itemOrUserFirst userFirst: " +
+ " { " +
+ " userClasses { allUsers }, " +
+ " userPermissions " +
+ " { " +
+ " { " +
+ " protectedItems {entry, allUserAttributeTypesAndValues}, " +
+ " grantsAndDenials { grantModify, grantBrowse, grantAdd, grantRemove } " +
+ " } " +
+ " } " +
+ " } " +
+ "}" );
assertTrue( checkCanModifyAs( "billyd", "billyd", "ou=testou", mods ) );
mods = toItems( ModificationOperation.REPLACE_ATTRIBUTE, new DefaultEntryAttribute( "registeredAddress",
"200 Park Ave." ) );
- changePresciptiveACI( "modifyACI", "{ " + "identificationTag \"modifyAci\", " + "precedence 14, "
- + "authenticationLevel none, " + "itemOrUserFirst userFirst: { " + "userClasses { allUsers }, "
- + "userPermissions { "
- + "{ protectedItems {entry, allUserAttributeTypesAndValues}, grantsAndDenials { denyModify } } } } }" );
+ changePresciptiveACI(
+ "modifyACI",
+ "{ " +
+ " identificationTag \"modifyAci\", " +
+ " precedence 14, " +
+ " authenticationLevel none, " +
+ " itemOrUserFirst userFirst: " +
+ " { " +
+ " userClasses { allUsers }, " +
+ " userPermissions " +
+ " { " +
+ " { " +
+ " protectedItems {entry, allUserAttributeTypesAndValues}, " +
+ " grantsAndDenials { denyModify } " +
+ " } " +
+ " } " +
+ " } " +
+ "}" );
assertFalse( checkCanModifyAs( "billyd", "billyd", "ou=testou", mods ) );
@@ -609,13 +731,33 @@ public class ModifyAuthorizationIT exten
public void testMaxValueCountProtectedItem() throws Exception
{
createUser( "billyd", "billyd" );
- createAccessControlSubentry( "mvcACI", " {" + " identificationTag \"mvcACI\"," + " precedence 10,"
- + " authenticationLevel simple," + " itemOrUserFirst userFirst:" + " {" + " userClasses { allUsers },"
- + " userPermissions" + " {" + " {" + " protectedItems { entry },"
- + " grantsAndDenials { grantModify, grantBrowse }" + " }" + " ," + " {" + " protectedItems" + " {"
- + " attributeType { description }," + " allAttributeValues { description }," + " maxValueCount" + " {"
- + " { type description, maxCount 1 }" + " }" + " }" + " ," + " grantsAndDenials" + " {" + " grantRemove,"
- + " grantAdd" + " }" + " }" + " }" + " }" + " }" );
+ createAccessControlSubentry(
+ "mvcACI",
+ "{" +
+ " identificationTag \"mvcACI\"," +
+ " precedence 10," +
+ " authenticationLevel simple," +
+ " itemOrUserFirst userFirst:" +
+ " {" +
+ " userClasses { allUsers }," +
+ " userPermissions" +
+ " {" +
+ " {" +
+ " protectedItems { entry }," +
+ " grantsAndDenials { grantModify, grantBrowse }" +
+ " }," +
+ " {" +
+ " protectedItems" +
+ " {" +
+ " attributeType { description }," +
+ " allAttributeValues { description }," +
+ " maxValueCount { { type description, maxCount 1 } }" +
+ " } ," +
+ " grantsAndDenials { grantRemove, grantAdd }" +
+ " }" +
+ " }" +
+ " }" +
+ "}" );
Modification[] mods = toItems( ModificationOperation.ADD_ATTRIBUTE, new DefaultEntryAttribute( "description",
"description 1" ) );