You are viewing a plain text version of this content. The canonical link for it is here.
Posted to oak-commits@jackrabbit.apache.org by an...@apache.org on 2020/09/25 08:08:43 UTC
svn commit: r1882004 - in /jackrabbit/oak/trunk/oak-core: ./
src/test/java/org/apache/jackrabbit/oak/security/authorization/permission/
Author: angela
Date: Fri Sep 25 08:08:42 2020
New Revision: 1882004
URL: http://svn.apache.org/viewvc?rev=1882004&view=rev
Log:
OAK-9232 : Improvements to tests in o.a.j.oak.security.authorization.permission
Modified:
jackrabbit/oak/trunk/oak-core/pom.xml
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/permission/AbstractCacheTest.java
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/permission/AbstractPermissionRandomTestIT.java
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/permission/AdministrativePermissionProviderTest.java
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/permission/AllPermissionsTest.java
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/permission/CompiledPermissionImplTest.java
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/permission/MountPermissionProviderTest.java
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/permission/MountPermissionStoreTest.java
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/permission/MoveAwarePermissionValidatorTest.java
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/permission/NumEntriesTest.java
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionEntryCacheTest.java
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionHookTest.java
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionValidatorTest.java
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/permission/ReadStatusTest.java
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/permission/RepoPolicyTreePermissionTest.java
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/permission/TreePermissionImplTest.java
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/permission/VersionTreePermissionTest.java
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/permission/VersionablePathHookTest.java
Modified: jackrabbit/oak/trunk/oak-core/pom.xml
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/pom.xml?rev=1882004&r1=1882003&r2=1882004&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/pom.xml (original)
+++ jackrabbit/oak/trunk/oak-core/pom.xml Fri Sep 25 08:08:42 2020
@@ -178,10 +178,11 @@
<rule>
<element>PACKAGE</element>
<includes>
- <include>org.apache.jackrabbit.oak.security.authorization.composite</include>
- <include>org.apache.jackrabbit.oak.security.internal</include>
<include>org.apache.jackrabbit.oak.security.authorization.accesscontrol</include>
+ <include>org.apache.jackrabbit.oak.security.authorization.composite</include>
+ <include>org.apache.jackrabbit.oak.security.authorization.permission</include>
<include>org.apache.jackrabbit.oak.security.authorization.restriction</include>
+ <include>org.apache.jackrabbit.oak.security.internal</include>
</includes>
<excludes>
<exclude>*Test</exclude>
@@ -198,7 +199,6 @@
<element>PACKAGE</element>
<includes>
<include>org.apache.jackrabbit.oak.security.user</include>
- <include>org.apache.jackrabbit.oak.security.authorization.permission</include>
<include>org.apache.jackrabbit.oak.security.authentication.token</include>
</includes>
<excludes>
Modified: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/permission/AbstractCacheTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/permission/AbstractCacheTest.java?rev=1882004&r1=1882003&r2=1882004&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/permission/AbstractCacheTest.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/permission/AbstractCacheTest.java Fri Sep 25 08:08:42 2020
@@ -47,8 +47,6 @@ public abstract class AbstractCacheTest
return ppe;
}
-
-
@NotNull
static CacheStrategy createStrategy(long maxSize, long maxPaths, boolean isRefresh) {
return new CacheStrategyImpl(ConfigurationParameters.of(
Modified: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/permission/AbstractPermissionRandomTestIT.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/permission/AbstractPermissionRandomTestIT.java?rev=1882004&r1=1882003&r2=1882004&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/permission/AbstractPermissionRandomTestIT.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/permission/AbstractPermissionRandomTestIT.java Fri Sep 25 08:08:42 2020
@@ -18,6 +18,7 @@ package org.apache.jackrabbit.oak.securi
import static org.apache.jackrabbit.JcrConstants.NT_UNSTRUCTURED;
import static org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeConstants.JCR_READ;
+import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertTrue;
import static org.junit.Assert.assertArrayEquals;
@@ -75,10 +76,10 @@ public abstract class AbstractPermission
private List<String> paths = new ArrayList<>();
- protected final Set<String> allowU = Sets.newHashSet();
- protected final Set<String> denyU = Sets.newHashSet();
- protected final Set<String> allowG = Sets.newHashSet();
- protected final Set<String> denyG = Sets.newHashSet();
+ final Set<String> allowU = Sets.newHashSet();
+ private final Set<String> denyU = Sets.newHashSet();
+ private final Set<String> allowG = Sets.newHashSet();
+ private final Set<String> denyG = Sets.newHashSet();
private ContentSession testSession;
private final String groupId = "gr" + UUID.randomUUID();
@@ -184,21 +185,21 @@ public abstract class AbstractPermission
Arrays.sort(privs1);
if (isSetImpl) {
- assertTrue("Unexpected #hasPrivileges on [" + path + "] expecting " + hasPrivileges1 + " got "
- + hasPrivileges0 + ", seed " + seed, hasPrivileges1 == hasPrivileges0);
- assertTrue("Unexpected #isGranted on [" + path + "] expecting " + isGrantedA1 + " got " + isGrantedA0
- + ", seed " + seed, isGrantedA1 == isGrantedA0);
- assertTrue("Unexpected #isGranted on [" + path + "] expecting " + isGrantedP1 + " got " + isGrantedP0
- + ", seed " + seed, isGrantedP1 == isGrantedP0);
+ assertEquals("Unexpected #hasPrivileges on [" + path + "] expecting " + hasPrivileges1 + " got "
+ + hasPrivileges0 + ", seed " + seed, hasPrivileges1, hasPrivileges0);
+ assertEquals("Unexpected #isGranted on [" + path + "] expecting " + isGrantedA1 + " got " + isGrantedA0
+ + ", seed " + seed, isGrantedA1, isGrantedA0);
+ assertEquals("Unexpected #isGranted on [" + path + "] expecting " + isGrantedP1 + " got " + isGrantedP0
+ + ", seed " + seed, isGrantedP1, isGrantedP0);
assertArrayEquals(privs1, privs0);
} else {
- assertTrue("Unexpected #hasPrivileges on [" + path + "] expecting " + hasPrivileges0 + " got "
- + hasPrivileges1 + ", seed " + seed, hasPrivileges1 == hasPrivileges0);
- assertTrue("Unexpected #isGranted on [" + path + "] expecting " + isGrantedA0 + " got " + isGrantedA1
- + ", seed " + seed, isGrantedA1 == isGrantedA0);
- assertTrue("Unexpected #isGranted on [" + path + "] expecting " + isGrantedP0 + " got " + isGrantedP1
- + ", seed " + seed, isGrantedP1 == isGrantedP0);
+ assertEquals("Unexpected #hasPrivileges on [" + path + "] expecting " + hasPrivileges0 + " got "
+ + hasPrivileges1 + ", seed " + seed, hasPrivileges1, hasPrivileges0);
+ assertEquals("Unexpected #isGranted on [" + path + "] expecting " + isGrantedA0 + " got " + isGrantedA1
+ + ", seed " + seed, isGrantedA1, isGrantedA0);
+ assertEquals("Unexpected #isGranted on [" + path + "] expecting " + isGrantedP0 + " got " + isGrantedP1
+ + ", seed " + seed, isGrantedP1, isGrantedP0);
assertArrayEquals(privs0, privs1);
}
@@ -228,17 +229,17 @@ public abstract class AbstractPermission
private static class SetsPP implements PermissionProvider {
- public SetsPP(Set<String> allowU, Set<String> denyU, Set<String> allowG, Set<String> denyG) {
+ SetsPP(Set<String> allowU, Set<String> denyU, Set<String> allowG, Set<String> denyG) {
this.allowU = allowU;
this.denyU = denyU;
this.allowG = allowG;
this.denyG = denyG;
}
- protected final Set<String> allowU;
- protected final Set<String> denyU;
- protected final Set<String> allowG;
- protected final Set<String> denyG;
+ final Set<String> allowU;
+ final Set<String> denyU;
+ final Set<String> allowG;
+ final Set<String> denyG;
@Override
public void refresh() {
@@ -282,7 +283,7 @@ public abstract class AbstractPermission
@Override
public boolean isGranted(@NotNull String oakPath, @NotNull String jcrActions) {
- assertTrue("Implemened only for Session.ACTION_READ", jcrActions.equals(Session.ACTION_READ));
+ assertEquals("Implemened only for Session.ACTION_READ", Session.ACTION_READ, jcrActions);
return canRead(oakPath);
}
Modified: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/permission/AdministrativePermissionProviderTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/permission/AdministrativePermissionProviderTest.java?rev=1882004&r1=1882003&r2=1882004&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/permission/AdministrativePermissionProviderTest.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/permission/AdministrativePermissionProviderTest.java Fri Sep 25 08:08:42 2020
@@ -38,7 +38,6 @@ import org.junit.After;
import org.junit.Before;
import org.junit.Test;
-import static org.junit.Assert.assertFalse;
import static org.junit.Assert.assertSame;
import static org.junit.Assert.assertTrue;
Modified: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/permission/AllPermissionsTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/permission/AllPermissionsTest.java?rev=1882004&r1=1882003&r2=1882004&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/permission/AllPermissionsTest.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/permission/AllPermissionsTest.java Fri Sep 25 08:08:42 2020
@@ -40,7 +40,7 @@ public class AllPermissionsTest extends
private final CompiledPermissions all = AllPermissions.getInstance();
- private List<String> paths = new ArrayList<String>();
+ private List<String> paths = new ArrayList<>();
@Override
@Before
Modified: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/permission/CompiledPermissionImplTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/permission/CompiledPermissionImplTest.java?rev=1882004&r1=1882003&r2=1882004&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/permission/CompiledPermissionImplTest.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/permission/CompiledPermissionImplTest.java Fri Sep 25 08:08:42 2020
@@ -26,6 +26,9 @@ import org.apache.jackrabbit.oak.api.Roo
import org.apache.jackrabbit.oak.api.Tree;
import org.apache.jackrabbit.oak.commons.PathUtils;
import org.apache.jackrabbit.oak.plugins.memory.PropertyStates;
+import org.apache.jackrabbit.oak.plugins.nodetype.ReadOnlyNodeTypeManager;
+import org.apache.jackrabbit.oak.plugins.tree.TreeType;
+import org.apache.jackrabbit.oak.plugins.tree.TreeTypeAware;
import org.apache.jackrabbit.oak.plugins.tree.TreeUtil;
import org.apache.jackrabbit.oak.plugins.version.ReadOnlyVersionManager;
import org.apache.jackrabbit.oak.security.authorization.AuthorizationConfigurationImpl;
@@ -47,7 +50,9 @@ import org.junit.Test;
import javax.jcr.security.AccessControlList;
import javax.jcr.security.AccessControlManager;
+import java.lang.reflect.Field;
import java.security.Principal;
+import java.util.Collections;
import java.util.HashSet;
import java.util.Set;
@@ -73,12 +78,14 @@ import static org.junit.Assert.assertTru
import static org.mockito.ArgumentMatchers.anyLong;
import static org.mockito.ArgumentMatchers.anyString;
import static org.mockito.Mockito.clearInvocations;
+import static org.mockito.Mockito.doReturn;
import static org.mockito.Mockito.mock;
import static org.mockito.Mockito.never;
import static org.mockito.Mockito.spy;
import static org.mockito.Mockito.times;
import static org.mockito.Mockito.verify;
import static org.mockito.Mockito.when;
+import static org.mockito.Mockito.withSettings;
public class CompiledPermissionImplTest extends AbstractSecurityTest {
@@ -549,4 +556,80 @@ public class CompiledPermissionImplTest
verify(store, times(2)).load(anyString());
verify(store, never()).load(anyString(), anyString());
}
+
+ @Test(expected = IllegalArgumentException.class)
+ public void testGetTreePermissionInvalidParent() {
+ String wspName = adminSession.getWorkspaceName();
+ CompiledPermissionImpl cp = create(root, wspName, Collections.singleton(EveryonePrincipal.getInstance()), mockPermissionStore(root, wspName), ConfigurationParameters.EMPTY);
+ TreePermission invalidParentTreePermission = mock(TreePermission.class);
+ cp.getTreePermission(root.getTree("/jcr:system"), invalidParentTreePermission);
+ }
+
+ @Test
+ public void testGetTreePermissionForHiddenVersionable() throws Exception {
+ String wspName = adminSession.getWorkspaceName();
+ CompiledPermissionImpl cp = create(root, wspName, Collections.singleton(EveryonePrincipal.getInstance()), mockPermissionStore(root, wspName), ConfigurationParameters.EMPTY);
+
+ Tree hidden = mock(Tree.class, withSettings().extraInterfaces(TreeTypeAware.class));
+ when(((TreeTypeAware) hidden).getType()).thenReturn(TreeType.HIDDEN);
+ when(hidden.exists()).thenReturn(true);
+
+ setVersionManager(cp, hidden);
+
+ Tree t = when(mock(Tree.class).exists()).thenReturn(true).getMock();
+ TreePermission tp = cp.getTreePermission(t, TreeType.VERSION, TreePermission.EMPTY);
+ assertTrue(tp instanceof VersionTreePermission);
+ assertTrue(tp.canReadAll());
+ }
+
+ @Test
+ public void testGetTreePermissionForInternalVersionable() throws Exception {
+ String wspName = adminSession.getWorkspaceName();
+ CompiledPermissionImpl cp = create(root, wspName, Collections.singleton(EveryonePrincipal.getInstance()), mockPermissionStore(root, wspName), ConfigurationParameters.EMPTY);
+
+ Tree internal = mock(Tree.class, withSettings().extraInterfaces(TreeTypeAware.class));
+ when(((TreeTypeAware) internal).getType()).thenReturn(TreeType.INTERNAL);
+ when(internal.exists()).thenReturn(true);
+
+ setVersionManager(cp, internal);
+
+ Tree t = when(mock(Tree.class).exists()).thenReturn(true).getMock();
+ TreePermission tp = cp.getTreePermission(t, TreeType.VERSION, TreePermission.EMPTY);
+ assertTrue(tp instanceof VersionTreePermission);
+ assertFalse(tp.canRead());
+ assertFalse(tp.canReadProperties());
+ assertFalse(tp.canReadAll());
+ assertFalse(tp.isGranted(Permissions.NO_PERMISSION));
+ }
+
+ private static void setVersionManager(@NotNull CompiledPermissionImpl cp, @NotNull Tree t) throws Exception {
+ ReadOnlyVersionManager versionManager = createVersionManager(t);
+ Field f = CompiledPermissionImpl.class.getDeclaredField("versionManager");
+ f.setAccessible(true);
+ f.set(cp, versionManager);
+ }
+
+ private static ReadOnlyVersionManager createVersionManager(final @Nullable Tree t) {
+ return new ReadOnlyVersionManager() {
+ @Override
+ protected @NotNull Tree getVersionStorage() {
+ throw new UnsupportedOperationException();
+ }
+
+ @Override
+ protected @NotNull Root getWorkspaceRoot() {
+ throw new UnsupportedOperationException();
+ }
+
+ @Override
+ protected @NotNull ReadOnlyNodeTypeManager getNodeTypeManager() {
+ throw new UnsupportedOperationException();
+ }
+
+ @Override
+ public @Nullable Tree getVersionable(@NotNull Tree versionTree, @NotNull String workspaceName) {
+ return t;
+ }
+ };
+ }
}
\ No newline at end of file
Modified: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/permission/MountPermissionProviderTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/permission/MountPermissionProviderTest.java?rev=1882004&r1=1882003&r2=1882004&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/permission/MountPermissionProviderTest.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/permission/MountPermissionProviderTest.java Fri Sep 25 08:08:42 2020
@@ -16,14 +16,6 @@
*/
package org.apache.jackrabbit.oak.security.authorization.permission;
-import static org.junit.Assert.assertEquals;
-import static org.junit.Assert.assertFalse;
-import static org.junit.Assert.assertTrue;
-
-import java.security.Principal;
-
-import javax.jcr.security.AccessControlManager;
-
import org.apache.jackrabbit.JcrConstants;
import org.apache.jackrabbit.api.security.JackrabbitAccessControlList;
import org.apache.jackrabbit.commons.jackrabbit.authorization.AccessControlUtils;
@@ -32,21 +24,24 @@ import org.apache.jackrabbit.oak.api.Con
import org.apache.jackrabbit.oak.api.Root;
import org.apache.jackrabbit.oak.api.Tree;
import org.apache.jackrabbit.oak.plugins.tree.TreeUtil;
-import org.apache.jackrabbit.oak.security.authorization.AuthorizationConfigurationImpl;
-import org.apache.jackrabbit.oak.security.authorization.composite.CompositeAuthorizationConfiguration;
import org.apache.jackrabbit.oak.spi.mount.Mount;
import org.apache.jackrabbit.oak.spi.mount.MountInfoProvider;
import org.apache.jackrabbit.oak.spi.mount.Mounts;
import org.apache.jackrabbit.oak.spi.security.SecurityProvider;
-import org.apache.jackrabbit.oak.spi.security.authorization.AuthorizationConfiguration;
import org.apache.jackrabbit.oak.spi.security.authorization.accesscontrol.AccessControlConstants;
import org.apache.jackrabbit.oak.spi.security.authorization.permission.PermissionConstants;
import org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeConstants;
import org.junit.After;
-import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;
+import javax.jcr.security.AccessControlManager;
+import java.security.Principal;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertFalse;
+import static org.junit.Assert.assertTrue;
+
public class MountPermissionProviderTest extends AbstractSecurityTest
implements AccessControlConstants, PrivilegeConstants, PermissionConstants {
@@ -111,14 +106,11 @@ public class MountPermissionProviderTest
assertTrue(mps.hasChild(p.getName()));
}
- ContentSession testSession = createTestSession();
- try {
+ try (ContentSession testSession = createTestSession()) {
Root r = testSession.getLatestRoot();
assertFalse(r.getTree("/").exists());
assertTrue(r.getTree(test.getPath()).exists());
assertFalse(r.getTree(content.getPath()).exists());
- } finally {
- testSession.close();
}
}
@@ -135,14 +127,11 @@ public class MountPermissionProviderTest
setPrivileges(p, test.getPath(), false, JCR_READ);
setPrivileges(p, content.getPath(), true, JCR_READ);
- ContentSession testSession = createTestSession();
- try {
+ try (ContentSession testSession = createTestSession()) {
Root r = testSession.getLatestRoot();
assertTrue(r.getTree("/").exists());
assertFalse(test.getPath(), r.getTree(test.getPath()).exists());
assertTrue(r.getTree(content.getPath()).exists());
- } finally {
- testSession.close();
}
}
Modified: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/permission/MountPermissionStoreTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/permission/MountPermissionStoreTest.java?rev=1882004&r1=1882003&r2=1882004&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/permission/MountPermissionStoreTest.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/permission/MountPermissionStoreTest.java Fri Sep 25 08:08:42 2020
@@ -46,8 +46,8 @@ import static org.junit.Assert.assertEqu
import static org.junit.Assert.assertNotNull;
import static org.junit.Assert.assertNull;
import static org.junit.Assert.assertTrue;
-import static org.mockito.Matchers.anyLong;
-import static org.mockito.Matchers.anyString;
+import static org.mockito.ArgumentMatchers.anyLong;
+import static org.mockito.ArgumentMatchers.anyString;
import static org.mockito.Mockito.when;
public class MountPermissionStoreTest extends AbstractSecurityTest {
Modified: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/permission/MoveAwarePermissionValidatorTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/permission/MoveAwarePermissionValidatorTest.java?rev=1882004&r1=1882003&r2=1882004&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/permission/MoveAwarePermissionValidatorTest.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/permission/MoveAwarePermissionValidatorTest.java Fri Sep 25 08:08:42 2020
@@ -34,6 +34,7 @@ import org.apache.jackrabbit.oak.spi.sec
import org.apache.jackrabbit.oak.spi.security.Context;
import org.apache.jackrabbit.oak.spi.security.authorization.permission.PermissionProvider;
import org.apache.jackrabbit.oak.spi.security.authorization.permission.Permissions;
+import org.apache.jackrabbit.oak.spi.security.authorization.permission.TreePermission;
import org.apache.jackrabbit.oak.spi.security.authorization.restriction.RestrictionProvider;
import org.apache.jackrabbit.oak.spi.security.principal.EveryonePrincipal;
import org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeConstants;
@@ -49,7 +50,12 @@ import java.util.Set;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertNull;
+import static org.junit.Assert.assertSame;
import static org.junit.Assert.assertTrue;
+import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.ArgumentMatchers.eq;
+import static org.mockito.Mockito.doReturn;
+import static org.mockito.Mockito.doThrow;
import static org.mockito.Mockito.mock;
import static org.mockito.Mockito.never;
import static org.mockito.Mockito.spy;
@@ -258,4 +264,24 @@ public class MoveAwarePermissionValidato
throw e;
}
}
+
+ @Test(expected = CommitFailedException.class)
+ public void testDiffThrowsException() throws Exception {
+ MoveTracker mv = new MoveTracker();
+ mv.addMove("/src", "/dest");
+ mv.addMove("/dest", "/otherPath");
+
+ CommitFailedException exp = new CommitFailedException("error", 0, CommitFailedException.OAK);
+
+ MoveAwarePermissionValidator maValidator = spy(createRootValidator(adminSession.getAuthInfo().getPrincipals(), mv));
+ doReturn(maValidator).when(maValidator).createValidator(any(Tree.class), any(Tree.class), eq(TreePermission.ALL), eq(maValidator));
+ doThrow(exp).when(maValidator).enter(any(NodeState.class), any(NodeState.class));
+
+ try {
+ maValidator.childNodeAdded("dest", mock(NodeState.class));
+ } catch (CommitFailedException e){
+ assertSame(exp, e);
+ throw e;
+ }
+ }
}
\ No newline at end of file
Modified: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/permission/NumEntriesTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/permission/NumEntriesTest.java?rev=1882004&r1=1882003&r2=1882004&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/permission/NumEntriesTest.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/permission/NumEntriesTest.java Fri Sep 25 08:08:42 2020
@@ -21,7 +21,6 @@ import org.junit.Test;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertFalse;
import static org.junit.Assert.assertNotEquals;
-import static org.junit.Assert.assertNotSame;
import static org.junit.Assert.assertSame;
import static org.junit.Assert.assertTrue;
Modified: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionEntryCacheTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionEntryCacheTest.java?rev=1882004&r1=1882003&r2=1882004&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionEntryCacheTest.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionEntryCacheTest.java Fri Sep 25 08:08:42 2020
@@ -54,11 +54,6 @@ public class PermissionEntryCacheTest {
}
- private PrincipalPermissionEntries getPrincipalPermissionEntries(boolean fullyLoaded) {
- ppe.setFullyLoaded(fullyLoaded);
- return ppe;
- }
-
@Test
public void testMissingInit() throws Exception {
Map<String, PrincipalPermissionEntries> entries = inspectEntries(cache);
@@ -101,12 +96,11 @@ public class PermissionEntryCacheTest {
}
@Test
- public void testLoadMissingInit() throws Exception {
- PrincipalPermissionEntries ppeA = getPrincipalPermissionEntries(true);
+ public void testLoadMissingInit() {
+ ppe.setFullyLoaded(true);
+ when(store.load("a")).thenReturn(ppe);
- when(store.load("a")).thenReturn(ppeA);
-
- Collection<PermissionEntry> result = new TreeSet();
+ Collection<PermissionEntry> result = new TreeSet<>();
cache.load(store, result, "a", "/path");
assertTrue(result.isEmpty());
@@ -230,20 +224,19 @@ public class PermissionEntryCacheTest {
@Test
public void testGetFullyLoadedEntries() throws Exception {
- PrincipalPermissionEntries ppeA = getPrincipalPermissionEntries(true);
-
- when(store.load("a")).thenReturn(ppeA);
+ ppe.setFullyLoaded(true);
+ when(store.load("a")).thenReturn(ppe);
PrincipalPermissionEntries entries = cache.getFullyLoadedEntries(store, "a");
- assertSame(ppeA, entries);
+ assertSame(ppe, entries);
PrincipalPermissionEntries inspectedEntries = inspectEntries(cache, "a");
- assertSame(ppeA, inspectedEntries);
+ assertSame(ppe, inspectedEntries);
// requesting the entries again must NOT hit the store
when(store.load("a")).thenThrow(IllegalStateException.class);
entries = cache.getFullyLoadedEntries(store, "a");
- assertSame(ppeA, entries);
+ assertSame(ppe, entries);
}
private static PrincipalPermissionEntries inspectEntries(@NotNull PermissionEntryCache cache, @NotNull String principalName) throws Exception {
Modified: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionHookTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionHookTest.java?rev=1882004&r1=1882003&r2=1882004&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionHookTest.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionHookTest.java Fri Sep 25 08:08:42 2020
@@ -50,7 +50,6 @@ import org.apache.jackrabbit.oak.spi.sec
import org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeBitsProvider;
import org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeConstants;
import org.apache.jackrabbit.oak.spi.state.NodeState;
-import org.apache.jackrabbit.oak.util.NodeUtil;
import org.jetbrains.annotations.NotNull;
import org.jetbrains.annotations.Nullable;
import org.junit.After;
@@ -91,7 +90,6 @@ public class PermissionHookTest extends
protected String childPath = "/testPath/childNode";
protected Principal testPrincipal;
- protected PrivilegeBitsProvider bitsProvider;
protected List<Principal> principals = new ArrayList<>();
@Override
@@ -100,15 +98,15 @@ public class PermissionHookTest extends
super.before();
testPrincipal = getTestUser().getPrincipal();
- NodeUtil rootNode = new NodeUtil(root.getTree("/"), namePathMapper);
- NodeUtil testNode = rootNode.addChild("testPath", JcrConstants.NT_UNSTRUCTURED);
- testNode.addChild("childNode", JcrConstants.NT_UNSTRUCTURED);
+ Tree rootNode = root.getTree("/");
+ Tree testNode = TreeUtil.addChild(rootNode, "testPath", JcrConstants.NT_UNSTRUCTURED);
+ TreeUtil.addChild(testNode, "childNode", JcrConstants.NT_UNSTRUCTURED);
addACE(testPath, testPrincipal, JCR_ADD_CHILD_NODES);
addACE(testPath, EveryonePrincipal.getInstance(), JCR_READ);
root.commit();
- bitsProvider = new PrivilegeBitsProvider(root);
+ PrivilegeBitsProvider bitsProvider = new PrivilegeBitsProvider(root);
}
@Override
@@ -141,11 +139,11 @@ public class PermissionHookTest extends
acMgr.setPolicy(path, acl);
}
- protected Tree getPrincipalRoot(@NotNull Principal principal) {
+ private Tree getPrincipalRoot(@NotNull Principal principal) {
return root.getTree(PERMISSIONS_STORE_PATH).getChild(adminSession.getWorkspaceName()).getChild(principal.getName());
}
- protected Tree getEntry(@NotNull Principal principal, String accessControlledPath, long index) throws Exception {
+ private Tree getEntry(@NotNull Principal principal, String accessControlledPath, long index) throws Exception {
Tree principalRoot = getPrincipalRoot(principal);
Tree parent = principalRoot.getChild(PermissionUtil.getEntryName(accessControlledPath));
Tree entry = parent.getChild(String.valueOf(index));
@@ -155,7 +153,7 @@ public class PermissionHookTest extends
return entry;
}
- protected long cntEntries(Tree parent) {
+ private long cntEntries(Tree parent) {
long cnt = parent.getChildrenCount(Long.MAX_VALUE);
for (Tree child : parent.getChildren()) {
cnt += cntEntries(child);
@@ -163,7 +161,7 @@ public class PermissionHookTest extends
return cnt;
}
- protected void createPrincipals() throws Exception {
+ private void createPrincipals() throws Exception {
if (principals.isEmpty()) {
for (int i = 0; i < 10; i++) {
Group gr = getUserManager(root).createGroup("testGroup" + i);
@@ -173,7 +171,7 @@ public class PermissionHookTest extends
}
}
- static protected void assertIndex(int expected, Tree entry) {
+ private static void assertIndex(int expected, Tree entry) {
assertEquals(expected, Integer.parseInt(entry.getName()));
}
@@ -216,10 +214,9 @@ public class PermissionHookTest extends
assertEquals(testPrincipal.getName(), testAce.getProperty(REP_PRINCIPAL_NAME).getValue(Type.STRING));
// add a new restriction node through the OAK API instead of access control manager
- NodeUtil node = new NodeUtil(testAce);
- NodeUtil restrictions = node.addChild(REP_RESTRICTIONS, NT_REP_RESTRICTIONS);
- restrictions.setString(REP_GLOB, "*");
- String restrictionsPath = restrictions.getTree().getPath();
+ Tree restrictions = TreeUtil.addChild(testAce, REP_RESTRICTIONS, NT_REP_RESTRICTIONS);
+ restrictions.setProperty(REP_GLOB, "*");
+ String restrictionsPath = restrictions.getPath();
root.commit();
Tree principalRoot = getPrincipalRoot(testPrincipal);
@@ -271,9 +268,9 @@ public class PermissionHookTest extends
aclTree.getChildren().iterator().next().orderBefore(null);
// add a new entry
- NodeUtil ace = new NodeUtil(aclTree).addChild("denyEveryoneLockMgt", NT_REP_DENY_ACE);
- ace.setString(REP_PRINCIPAL_NAME, EveryonePrincipal.NAME);
- ace.setNames(AccessControlConstants.REP_PRIVILEGES, JCR_LOCK_MANAGEMENT);
+ Tree ace = TreeUtil.addChild(aclTree, "denyEveryoneLockMgt", NT_REP_DENY_ACE);
+ ace.setProperty(REP_PRINCIPAL_NAME, EveryonePrincipal.NAME);
+ ace.setProperty(AccessControlConstants.REP_PRIVILEGES, Collections.singleton(JCR_LOCK_MANAGEMENT), Type.NAMES);
root.commit();
entry = getEntry(testPrincipal, testPath, 1);
@@ -297,12 +294,12 @@ public class PermissionHookTest extends
String name = aceIt.next().getName();
// add a new entry
- NodeUtil ace = new NodeUtil(aclTree).addChild("denyEveryoneLockMgt", NT_REP_DENY_ACE);
- ace.setString(REP_PRINCIPAL_NAME, EveryonePrincipal.NAME);
- ace.setNames(AccessControlConstants.REP_PRIVILEGES, JCR_LOCK_MANAGEMENT);
+ Tree ace = TreeUtil.addChild(aclTree, "denyEveryoneLockMgt", NT_REP_DENY_ACE);
+ ace.setProperty(REP_PRINCIPAL_NAME, EveryonePrincipal.NAME);
+ ace.setProperty(AccessControlConstants.REP_PRIVILEGES, Collections.singleton(JCR_LOCK_MANAGEMENT), Type.NAMES);
// reorder the new entry before the remaining existing entry
- ace.getTree().orderBefore(name);
+ ace.orderBefore(name);
root.commit();
Modified: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionValidatorTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionValidatorTest.java?rev=1882004&r1=1882003&r2=1882004&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionValidatorTest.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionValidatorTest.java Fri Sep 25 08:08:42 2020
@@ -45,7 +45,6 @@ import org.apache.jackrabbit.oak.spi.sec
import org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeConstants;
import org.apache.jackrabbit.oak.spi.state.NodeState;
import org.jetbrains.annotations.NotNull;
-import org.jetbrains.annotations.Nullable;
import org.junit.After;
import org.junit.Before;
import org.junit.Test;
@@ -55,6 +54,7 @@ import static org.apache.jackrabbit.JcrC
import static org.apache.jackrabbit.JcrConstants.NT_UNSTRUCTURED;
import static org.apache.jackrabbit.oak.spi.nodetype.NodeTypeConstants.JCR_CREATEDBY;
import static org.apache.jackrabbit.oak.spi.nodetype.NodeTypeConstants.MIX_CREATED;
+import static org.apache.jackrabbit.oak.spi.nodetype.NodeTypeConstants.NODE_TYPES_PATH;
import static org.apache.jackrabbit.oak.spi.version.VersionConstants.REP_VERSIONSTORAGE;
import static org.apache.jackrabbit.oak.spi.version.VersionConstants.VERSION_STORE_PATH;
import static org.junit.Assert.assertEquals;
@@ -97,11 +97,11 @@ public class PermissionValidatorTest ext
}
}
- private void grant(@Nullable String path, @NotNull String... privilegeNames) throws Exception {
+ private void grant(@NotNull String... privilegeNames) throws Exception {
AccessControlManager acMgr = getAccessControlManager(root);
- JackrabbitAccessControlList acl = AccessControlUtils.getAccessControlList(acMgr, path);
+ JackrabbitAccessControlList acl = AccessControlUtils.getAccessControlList(acMgr, TEST_ROOT_PATH);
acl.addEntry(testPrincipal, AccessControlUtils.privilegesFromNames(acMgr, privilegeNames), true);
- acMgr.setPolicy(path, acl);
+ acMgr.setPolicy(TEST_ROOT_PATH, acl);
root.commit();
}
@@ -130,7 +130,7 @@ public class PermissionValidatorTest ext
@Test(expected = CommitFailedException.class)
public void testLockPermissions() throws Exception {
// grant the test session the ability to read/write that node but don't allow jcr:lockManagement
- grant(TEST_ROOT_PATH, PrivilegeConstants.JCR_READ, PrivilegeConstants.REP_WRITE);
+ grant(PrivilegeConstants.JCR_READ, PrivilegeConstants.REP_WRITE);
try (ContentSession testSession = createTestSession()) {
Root testRoot = testSession.getLatestRoot();
@@ -238,7 +238,7 @@ public class PermissionValidatorTest ext
public void testChangePrimaryTypeToPolicyNode() throws Exception {
// grant the test session the ability to read/write at test node but don't
// allow to modify access control content
- grant(TEST_ROOT_PATH, PrivilegeConstants.JCR_READ, PrivilegeConstants.JCR_READ_ACCESS_CONTROL, PrivilegeConstants.REP_WRITE);
+ grant(PrivilegeConstants.JCR_READ, PrivilegeConstants.JCR_READ_ACCESS_CONTROL, PrivilegeConstants.REP_WRITE);
// create a rep:policy node that is not detected as access control content
TreeUtil.addChild(root.getTree(TEST_CHILD_PATH), AccessControlConstants.REP_POLICY, NT_UNSTRUCTURED);
@@ -265,7 +265,7 @@ public class PermissionValidatorTest ext
public void testAddImmutablePropertyWithDeclaringMixin() throws Exception {
// grant the test session the ability to read/write at test node but don't
// allow to modify access control content
- grant(TEST_ROOT_PATH, PrivilegeConstants.JCR_READ, PrivilegeConstants.JCR_NODE_TYPE_MANAGEMENT);
+ grant(PrivilegeConstants.JCR_READ, PrivilegeConstants.JCR_NODE_TYPE_MANAGEMENT);
try (ContentSession testSession = createTestSession()) {
Root testRoot = testSession.getLatestRoot();
@@ -282,7 +282,7 @@ public class PermissionValidatorTest ext
public void testAddImmutablePropertyWithoutDeclaringMixin() throws Exception {
// grant the test session the ability to read/write at test node but don't
// allow to modify access control content
- grant(TEST_ROOT_PATH, PrivilegeConstants.JCR_READ);
+ grant(PrivilegeConstants.JCR_READ);
try (ContentSession testSession = createTestSession()) {
Root testRoot = testSession.getLatestRoot();
@@ -295,6 +295,25 @@ public class PermissionValidatorTest ext
testRoot.commit();
} catch (CommitFailedException e) {
assertTrue(e.isAccessViolation());
+ assertEquals(0, e.getCode());
+ throw e;
+ }
+ }
+
+ @Test(expected = CommitFailedException.class)
+ public void testChangeImmutableProperty() throws Exception {
+ TreeUtil.addMixin(root.getTree(TEST_ROOT_PATH), MIX_CREATED, root.getTree(NODE_TYPES_PATH), "uid");
+ // grant the test session the ability to read and write properties at test node but
+ // not to add/remove nodes
+ grant(PrivilegeConstants.JCR_READ, PrivilegeConstants.JCR_MODIFY_PROPERTIES);
+
+ try (ContentSession testSession = createTestSession()) {
+ Root testRoot = testSession.getLatestRoot();
+ Tree testTree = testRoot.getTree(TEST_ROOT_PATH);
+ testTree.setProperty(PropertyStates.createProperty(JCR_CREATEDBY, "anotherUid", Type.STRING));
+ testRoot.commit();
+ } catch (CommitFailedException e) {
+ assertTrue(e.isAccessViolation());
assertEquals(0, e.getCode());
throw e;
}
Modified: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/permission/ReadStatusTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/permission/ReadStatusTest.java?rev=1882004&r1=1882003&r2=1882004&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/permission/ReadStatusTest.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/permission/ReadStatusTest.java Fri Sep 25 08:08:42 2020
@@ -24,6 +24,8 @@ import org.jetbrains.annotations.NotNull
import org.junit.Before;
import org.junit.Test;
+import java.lang.reflect.Constructor;
+
import static org.apache.jackrabbit.oak.security.authorization.permission.ReadStatus.ALLOW_ALL;
import static org.apache.jackrabbit.oak.security.authorization.permission.ReadStatus.DENY_ALL;
import static org.apache.jackrabbit.oak.security.authorization.permission.ReadStatus.DENY_THIS;
@@ -174,4 +176,28 @@ public class ReadStatusTest extends Abst
assertDenied(rs);
assertSame(DENY_ALL, rs);
}
+
+ // additional tests for isolated read-status flags
+
+ @Test
+ public void testProperties() throws Exception {
+ ReadStatus rs = create(2);
+ assertFalse(rs.allowsThis());
+ assertFalse(rs.allowsAll());
+ assertTrue(rs.allowsProperties());
+ }
+
+ @Test
+ public void testChildNodes() throws Exception {
+ ReadStatus rs = create(4);
+ assertFalse(rs.allowsThis());
+ assertFalse(rs.allowsAll());
+ assertFalse(rs.allowsProperties());
+ }
+
+ private static ReadStatus create(int status) throws Exception {
+ Constructor c = ReadStatus.class.getDeclaredConstructor(int.class, boolean.class);
+ c.setAccessible(true);
+ return (ReadStatus) c.newInstance(status, true);
+ }
}
\ No newline at end of file
Modified: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/permission/RepoPolicyTreePermissionTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/permission/RepoPolicyTreePermissionTest.java?rev=1882004&r1=1882003&r2=1882004&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/permission/RepoPolicyTreePermissionTest.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/permission/RepoPolicyTreePermissionTest.java Fri Sep 25 08:08:42 2020
@@ -103,7 +103,7 @@ public class RepoPolicyTreePermissionTes
}
@NotNull
- private TreePermission getTreePermission(@NotNull ContentSession cs, @NotNull String path) throws Exception {
+ private TreePermission getTreePermission(@NotNull ContentSession cs, @NotNull String path) {
Root r = cs.getLatestRoot();
PermissionProvider pp = config.getPermissionProvider(r, cs.getWorkspaceName(), cs.getAuthInfo().getPrincipals());
@@ -117,57 +117,57 @@ public class RepoPolicyTreePermissionTes
}
@Test
- public void testTreePermissionImpl() throws Exception {
+ public void testTreePermissionImpl() {
TreePermission tp = getTreePermission(accessSession, REPO_POLICY_PATH);
assertTrue(tp instanceof RepoPolicyTreePermission);
}
@Test
- public void testGetChildPermission() throws Exception {
+ public void testGetChildPermission() {
TreePermission tp = getTreePermission(accessSession, REPO_POLICY_PATH);
assertSame(tp, tp.getChildPermission("childName", EmptyNodeState.EMPTY_NODE));
}
@Test
- public void testCanRead() throws Exception {
+ public void testCanRead() {
TreePermission tp = getTreePermission(accessSession, REPO_POLICY_PATH);
assertTrue(tp.canRead());
}
@Test
- public void testCanRead2() throws Exception {
+ public void testCanRead2() {
TreePermission tp = getTreePermission(noAccessSession, REPO_POLICY_PATH);
assertFalse(tp.canRead());
}
@Test
- public void testCanReadAceNode() throws Exception {
+ public void testCanReadAceNode() {
TreePermission tp = getTreePermission(accessSession, root.getTree(REPO_POLICY_PATH).getChildren().iterator().next().getPath());
assertTrue(tp.canRead());
}
@Test
- public void testCanReadAceNode2() throws Exception {
+ public void testCanReadAceNode2() {
TreePermission tp = getTreePermission(noAccessSession, root.getTree(REPO_POLICY_PATH).getChildren().iterator().next().getPath());
assertFalse(tp.canRead());
}
@Test
- public void testCanReadProperty() throws Exception {
+ public void testCanReadProperty() {
TreePermission tp = getTreePermission(accessSession, REPO_POLICY_PATH);
assertTrue(tp.canRead(PropertyStates.createProperty(JcrConstants.JCR_PRIMARYTYPE, NT_REP_ACL)));
}
@Test
- public void testCanReadProperty2() throws Exception {
+ public void testCanReadProperty2() {
TreePermission tp = getTreePermission(noAccessSession, REPO_POLICY_PATH);
assertFalse(tp.canRead(PropertyStates.createProperty(JcrConstants.JCR_PRIMARYTYPE, NT_REP_ACL)));
}
@Test
- public void testCanReadPropertyAceNode() throws Exception {
+ public void testCanReadPropertyAceNode() {
Tree aceTree = root.getTree(REPO_POLICY_PATH).getChildren().iterator().next();
PropertyState principalProp = aceTree.getProperty(REP_PRINCIPAL_NAME);
@@ -176,7 +176,7 @@ public class RepoPolicyTreePermissionTes
}
@Test
- public void testCanReadPropertyAceNode2() throws Exception {
+ public void testCanReadPropertyAceNode2() {
Tree aceTree = root.getTree(REPO_POLICY_PATH).getChildren().iterator().next();
PropertyState principalProp = aceTree.getProperty(REP_PRINCIPAL_NAME);
@@ -185,31 +185,31 @@ public class RepoPolicyTreePermissionTes
}
@Test
- public void testCanReadProperties() throws Exception {
+ public void testCanReadProperties() {
TreePermission tp = getTreePermission(accessSession, REPO_POLICY_PATH);
assertTrue(tp.canReadProperties());
}
@Test
- public void testCanReadProperties2() throws Exception {
+ public void testCanReadProperties2() {
TreePermission tp = getTreePermission(noAccessSession, REPO_POLICY_PATH);
assertFalse(tp.canReadProperties());
}
@Test
- public void testCanReadAll() throws Exception {
+ public void testCanReadAll() {
TreePermission tp = getTreePermission(accessSession, REPO_POLICY_PATH);
assertFalse(tp.canReadAll());
}
@Test
- public void testCanReadAll2() throws Exception {
+ public void testCanReadAll2() {
TreePermission tp = getTreePermission(noAccessSession, REPO_POLICY_PATH);
assertFalse(tp.canReadAll());
}
@Test
- public void testIsGranted() throws Exception {
+ public void testIsGranted() {
TreePermission tp = getTreePermission(accessSession, REPO_POLICY_PATH);
assertTrue(tp.isGranted(Permissions.NAMESPACE_MANAGEMENT));
assertFalse(tp.isGranted(Permissions.WORKSPACE_MANAGEMENT));
@@ -217,7 +217,7 @@ public class RepoPolicyTreePermissionTes
}
@Test
- public void testIsGranted2() throws Exception {
+ public void testIsGranted2() {
TreePermission tp = getTreePermission(noAccessSession, REPO_POLICY_PATH);
assertFalse(tp.isGranted(Permissions.NAMESPACE_MANAGEMENT));
assertFalse(tp.isGranted(Permissions.WORKSPACE_MANAGEMENT));
@@ -225,7 +225,7 @@ public class RepoPolicyTreePermissionTes
}
@Test
- public void testIsGrantedProperty() throws Exception {
+ public void testIsGrantedProperty() {
PropertyState ps = PropertyStates.createProperty("name", "value");
TreePermission tp = getTreePermission(accessSession, REPO_POLICY_PATH);
assertTrue(tp.isGranted(Permissions.NAMESPACE_MANAGEMENT, ps));
@@ -234,7 +234,7 @@ public class RepoPolicyTreePermissionTes
}
@Test
- public void testIsGrantedProperty2() throws Exception {
+ public void testIsGrantedProperty2() {
PropertyState ps = PropertyStates.createProperty("name", "value");
TreePermission tp = getTreePermission(noAccessSession, REPO_POLICY_PATH);
assertFalse(tp.isGranted(Permissions.NAMESPACE_MANAGEMENT, ps));
Modified: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/permission/TreePermissionImplTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/permission/TreePermissionImplTest.java?rev=1882004&r1=1882003&r2=1882004&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/permission/TreePermissionImplTest.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/permission/TreePermissionImplTest.java Fri Sep 25 08:08:42 2020
@@ -17,6 +17,7 @@
package org.apache.jackrabbit.oak.security.authorization.permission;
import java.security.Principal;
+import java.util.Collections;
import javax.jcr.security.AccessControlManager;
import org.apache.jackrabbit.JcrConstants;
@@ -25,12 +26,13 @@ import org.apache.jackrabbit.commons.jac
import org.apache.jackrabbit.oak.AbstractSecurityTest;
import org.apache.jackrabbit.oak.api.ContentSession;
import org.apache.jackrabbit.oak.api.Tree;
+import org.apache.jackrabbit.oak.api.Type;
+import org.apache.jackrabbit.oak.plugins.tree.TreeUtil;
import org.apache.jackrabbit.oak.spi.security.authorization.AuthorizationConfiguration;
import org.apache.jackrabbit.oak.spi.security.authorization.accesscontrol.AccessControlConstants;
import org.apache.jackrabbit.oak.spi.security.authorization.permission.PermissionProvider;
import org.apache.jackrabbit.oak.spi.security.authorization.permission.TreePermission;
import org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeConstants;
-import org.apache.jackrabbit.oak.util.NodeUtil;
import org.junit.Test;
import static org.junit.Assert.assertFalse;
@@ -38,6 +40,8 @@ import static org.junit.Assert.assertTru
public class TreePermissionImplTest extends AbstractSecurityTest implements AccessControlConstants {
+ private static final String TEST_PATH = "/test";
+
private AuthorizationConfiguration config;
private Principal testPrincipal;
@@ -45,7 +49,7 @@ public class TreePermissionImplTest exte
public void before() throws Exception {
super.before();
- new NodeUtil(root.getTree("/")).addChild("test", JcrConstants.NT_UNSTRUCTURED);
+ TreeUtil.addChild(root.getTree("/"), "test", JcrConstants.NT_UNSTRUCTURED);
root.commit();
config = getSecurityProvider().getConfiguration(AuthorizationConfiguration.class);
testPrincipal = getTestUser().getPrincipal();
@@ -54,7 +58,7 @@ public class TreePermissionImplTest exte
@Override
public void after() throws Exception {
try {
- root.getTree("/test").remove();
+ root.getTree(TEST_PATH).remove();
if (root.hasPendingChanges()) {
root.commit();
}
@@ -63,23 +67,23 @@ public class TreePermissionImplTest exte
}
}
- private TreePermission getTreePermission(String path) throws Exception {
+ private TreePermission getTreePermission() throws Exception {
ContentSession testSession = createTestSession();
PermissionProvider pp = config.getPermissionProvider(testSession.getLatestRoot(), testSession.getWorkspaceName(), testSession.getAuthInfo().getPrincipals());
- return pp.getTreePermission(root.getTree(path), TreePermission.EMPTY);
+ return pp.getTreePermission(root.getTree(TEST_PATH), TreePermission.EMPTY);
}
@Test
public void testCanReadProperties() throws Exception {
AccessControlManager acMgr = getAccessControlManager(root);
- JackrabbitAccessControlList acl = AccessControlUtils.getAccessControlList(acMgr, "/test");
+ JackrabbitAccessControlList acl = AccessControlUtils.getAccessControlList(acMgr, TEST_PATH);
acl.addEntry(testPrincipal, privilegesFromNames(PrivilegeConstants.JCR_READ), true);
acl.addEntry(testPrincipal, privilegesFromNames(PrivilegeConstants.REP_READ_PROPERTIES), false);
- acMgr.setPolicy("/test", acl);
+ acMgr.setPolicy(TEST_PATH, acl);
root.commit();
- TreePermission tp = getTreePermission("/test");
+ TreePermission tp = getTreePermission();
assertFalse(tp.canReadProperties());
assertTrue(tp.canRead());
@@ -89,21 +93,36 @@ public class TreePermissionImplTest exte
@Test
public void testCanReadProperties2() throws Exception {
AccessControlManager acMgr = getAccessControlManager(root);
- JackrabbitAccessControlList acl = AccessControlUtils.getAccessControlList(acMgr, "/test");
+ JackrabbitAccessControlList acl = AccessControlUtils.getAccessControlList(acMgr, TEST_PATH);
acl.addEntry(getTestUser().getPrincipal(), privilegesFromNames(PrivilegeConstants.JCR_READ), true);
- acMgr.setPolicy("/test", acl);
+ acMgr.setPolicy(TEST_PATH, acl);
root.commit();
Tree policyTree = root.getTree("/test/rep:policy");
- NodeUtil ace = new NodeUtil(policyTree).addChild("ace2", NT_REP_DENY_ACE);
- ace.setNames(REP_PRIVILEGES, PrivilegeConstants.REP_READ_PROPERTIES);
- ace.setString(REP_PRINCIPAL_NAME, getTestUser().getPrincipal().getName());
+ Tree ace = TreeUtil.addChild(policyTree, "ace2", NT_REP_DENY_ACE);
+ ace.setProperty(REP_PRIVILEGES, Collections.singleton(PrivilegeConstants.REP_READ_PROPERTIES), Type.NAMES);
+ ace.setProperty(REP_PRINCIPAL_NAME, getTestUser().getPrincipal().getName());
root.commit();
- TreePermission tp = getTreePermission("/test");
+ TreePermission tp = getTreePermission();
assertFalse(tp.canReadProperties());
assertTrue(tp.canRead());
assertFalse(tp.canReadProperties());
}
+
+ @Test
+ public void testCanReadAll() throws Exception {
+ AccessControlManager acMgr = getAccessControlManager(root);
+ JackrabbitAccessControlList acl = AccessControlUtils.getAccessControlList(acMgr, TEST_PATH);
+ acl.addEntry(testPrincipal, privilegesFromNames(PrivilegeConstants.JCR_ALL), true);
+ acMgr.setPolicy(TEST_PATH, acl);
+ root.commit();
+
+ TreePermission tp = getTreePermission();
+
+ assertFalse(tp.canReadAll());
+ assertTrue(tp.canRead());
+ assertFalse(tp.canReadAll());
+ }
}
\ No newline at end of file
Modified: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/permission/VersionTreePermissionTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/permission/VersionTreePermissionTest.java?rev=1882004&r1=1882003&r2=1882004&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/permission/VersionTreePermissionTest.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/permission/VersionTreePermissionTest.java Fri Sep 25 08:08:42 2020
@@ -17,7 +17,6 @@
package org.apache.jackrabbit.oak.security.authorization.permission;
import java.lang.reflect.Field;
-import java.security.Principal;
import javax.jcr.security.AccessControlList;
import javax.jcr.security.AccessControlManager;
@@ -40,7 +39,6 @@ import org.apache.jackrabbit.oak.spi.sec
import org.apache.jackrabbit.oak.spi.security.principal.EveryonePrincipal;
import org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeConstants;
import org.apache.jackrabbit.oak.spi.state.NodeState;
-import org.apache.jackrabbit.oak.util.NodeUtil;
import org.apache.jackrabbit.oak.plugins.tree.TreeUtil;
import org.jetbrains.annotations.NotNull;
import org.junit.Test;
@@ -67,9 +65,11 @@ public class VersionTreePermissionTest e
public void before() throws Exception {
super.before();
- NodeUtil testNode = new NodeUtil(root.getTree("/")).addChild("test", NT_OAK_UNSTRUCTURED);
- testNode.addChild("a", NT_OAK_UNSTRUCTURED).addChild("b", NT_OAK_UNSTRUCTURED).addChild("c", NT_OAK_UNSTRUCTURED);
- TreeUtil.addMixin(testNode.getTree(), MIX_VERSIONABLE, root.getTree(NODE_TYPES_PATH), null);
+ testTree = TreeUtil.addChild(root.getTree("/"),"test", NT_OAK_UNSTRUCTURED);
+ Tree a = TreeUtil.addChild(testTree, "a", NT_OAK_UNSTRUCTURED);
+ Tree b = TreeUtil.addChild(a, "b", NT_OAK_UNSTRUCTURED);
+ TreeUtil.addChild(b, "c", NT_OAK_UNSTRUCTURED);
+ TreeUtil.addMixin(testTree, MIX_VERSIONABLE, root.getTree(NODE_TYPES_PATH), null);
AccessControlManager acMgr = getAccessControlManager(root);
AccessControlList acl = AccessControlUtils.getAccessControlList(acMgr, "/test");
@@ -78,14 +78,13 @@ public class VersionTreePermissionTest e
root.commit();
// create a structure in the version storage
- testNode.setBoolean(JCR_ISCHECKEDOUT, false);
+ testTree.setProperty(JCR_ISCHECKEDOUT, false);
root.commit();
- testNode.setBoolean(JCR_ISCHECKEDOUT, true);
+ testTree.setProperty(JCR_ISCHECKEDOUT, true);
root.commit();
- testTree = testNode.getTree();
vMgr = ReadOnlyVersionManager.getInstance(root, NamePathMapper.DEFAULT);
- pp = getConfig(AuthorizationConfiguration.class).getPermissionProvider(root, root.getContentSession().getWorkspaceName(), ImmutableSet.<Principal>of(EveryonePrincipal.getInstance()));
+ pp = getConfig(AuthorizationConfiguration.class).getPermissionProvider(root, root.getContentSession().getWorkspaceName(), ImmutableSet.of(EveryonePrincipal.getInstance()));
assertTrue(pp instanceof PermissionProviderImpl);
Modified: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/permission/VersionablePathHookTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/permission/VersionablePathHookTest.java?rev=1882004&r1=1882003&r2=1882004&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/permission/VersionablePathHookTest.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/permission/VersionablePathHookTest.java Fri Sep 25 08:08:42 2020
@@ -91,7 +91,7 @@ public class VersionablePathHookTest ext
@Override
public @NotNull Iterable<? extends ChildNodeEntry> getChildNodeEntries() {
- return Collections.EMPTY_LIST;
+ return Collections.emptyList();
}
@Override