You are viewing a plain text version of this content. The canonical link for it is here.
Posted to oak-commits@jackrabbit.apache.org by an...@apache.org on 2013/04/18 12:21:04 UTC
svn commit: r1469269 - in /jackrabbit/oak/trunk:
oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/ACLTest.java
oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/authorization/JackrabbitAccessControlListTest.java
Author: angela
Date: Thu Apr 18 10:21:04 2013
New Revision: 1469269
URL: http://svn.apache.org/r1469269
Log:
OAK-51 : Access Control Management (tests)
Modified:
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/ACLTest.java
jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/authorization/JackrabbitAccessControlListTest.java
Modified: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/ACLTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/ACLTest.java?rev=1469269&r1=1469268&r2=1469269&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/ACLTest.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/ACLTest.java Thu Apr 18 10:21:04 2013
@@ -18,9 +18,12 @@ package org.apache.jackrabbit.oak.securi
import java.security.Principal;
import java.security.acl.Group;
+import java.util.Arrays;
import java.util.Collections;
+import java.util.HashSet;
import java.util.List;
import java.util.Map;
+import java.util.Set;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import javax.jcr.PropertyType;
@@ -30,6 +33,7 @@ import javax.jcr.security.AccessControlE
import javax.jcr.security.AccessControlException;
import javax.jcr.security.Privilege;
+import com.google.common.collect.ImmutableList;
import com.google.common.collect.Sets;
import org.apache.jackrabbit.api.security.JackrabbitAccessControlEntry;
import org.apache.jackrabbit.api.security.JackrabbitAccessControlList;
@@ -38,8 +42,8 @@ import org.apache.jackrabbit.api.securit
import org.apache.jackrabbit.oak.namepath.NamePathMapper;
import org.apache.jackrabbit.oak.plugins.value.ValueFactoryImpl;
import org.apache.jackrabbit.oak.security.principal.PrincipalImpl;
-import org.apache.jackrabbit.oak.security.privilege.PrivilegeConstants;
import org.apache.jackrabbit.oak.security.privilege.PrivilegeBitsProvider;
+import org.apache.jackrabbit.oak.security.privilege.PrivilegeConstants;
import org.apache.jackrabbit.oak.spi.security.authorization.ACE;
import org.apache.jackrabbit.oak.spi.security.authorization.AbstractAccessControlList;
import org.apache.jackrabbit.oak.spi.security.authorization.AbstractAccessControlListTest;
@@ -57,7 +61,7 @@ import static org.junit.Assert.assertTru
import static org.junit.Assert.fail;
/**
- * ACLTest... TODO
+ * Test abstract {@code ACL} implementation.
* <p/>
* TODO: test restrictions
* TODO: add test with multiple entries
@@ -463,6 +467,39 @@ public class ACLTest extends AbstractAcc
assertACE(second, false, privilegesFromNames(JCR_READ, JCR_WRITE));
}
+ @Ignore("OAK-51") // TODO
+ @Test
+ public void testAllowWriteDenyRemoveGroupEntries() throws Exception {
+ Principal everyone = principalManager.getEveryone();
+ Privilege[] grPriv = privilegesFromNames("rep:write");
+ Privilege[] dePriv = privilegesFromNames(JCR_REMOVE_CHILD_NODES);
+
+ acl.addEntry(everyone, grPriv, true, Collections.<String, Value>emptyMap());
+ acl.addEntry(everyone, dePriv, false, Collections.<String, Value>emptyMap());
+
+ Set<Privilege> allows = new HashSet<Privilege>();
+ Set<Privilege> denies = new HashSet<Privilege>();
+ AccessControlEntry[] entries = acl.getAccessControlEntries();
+ for (AccessControlEntry en : entries) {
+ if (everyone.equals(en.getPrincipal()) && en instanceof JackrabbitAccessControlEntry) {
+ JackrabbitAccessControlEntry ace = (JackrabbitAccessControlEntry) en;
+ Privilege[] privs = ace.getPrivileges();
+ if (ace.isAllow()) {
+ allows.addAll(Arrays.asList(privs));
+ } else {
+ denies.addAll(Arrays.asList(privs));
+ }
+ }
+ }
+
+ Privilege[] expected = privilegesFromNames(JCR_ADD_CHILD_NODES, JCR_REMOVE_NODE, JCR_MODIFY_PROPERTIES, JCR_NODE_TYPE_MANAGEMENT);
+ assertEquals(expected.length, allows.size());
+ assertTrue(allows.containsAll(ImmutableList.of(expected)));
+
+ assertEquals(1, denies.size());
+ assertEquals(privilegesFromNames(JCR_REMOVE_CHILD_NODES)[0], denies.iterator().next());
+ }
+
@Test
public void testUpdateAndComplementary() throws Exception {
Privilege[] readPriv = privilegesFromNames(JCR_READ);
Modified: jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/authorization/JackrabbitAccessControlListTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/authorization/JackrabbitAccessControlListTest.java?rev=1469269&r1=1469268&r2=1469269&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/authorization/JackrabbitAccessControlListTest.java (original)
+++ jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/authorization/JackrabbitAccessControlListTest.java Thu Apr 18 10:21:04 2013
@@ -35,9 +35,10 @@ import org.apache.jackrabbit.api.securit
import org.apache.jackrabbit.api.security.principal.PrincipalManager;
import org.apache.jackrabbit.test.NotExecutableException;
import org.apache.jackrabbit.test.api.security.AbstractAccessControlTest;
+import org.junit.Test;
/**
- * JackrabbitAccessControlListTest... TODO
+ * Testing {@code JackrabbitAccessControlList} functionality exposed by the API.
*/
public class JackrabbitAccessControlListTest extends AbstractAccessControlTest {
@@ -89,10 +90,12 @@ public class JackrabbitAccessControlList
}
}
+ @Test
public void testGetRestrictionNames() throws RepositoryException {
assertNotNull(acl.getRestrictionNames());
}
+ @Test
public void testGetRestrictionType() throws RepositoryException {
String[] names = acl.getRestrictionNames();
for (String name : names) {
@@ -101,11 +104,13 @@ public class JackrabbitAccessControlList
}
}
+ @Test
public void testApplicablePolicyIsEmpty() {
assertTrue(acl.isEmpty());
assertEquals(0, acl.size());
}
+ @Test
public void testIsEmpty() throws RepositoryException {
if (acl.addAccessControlEntry(testPrincipal, testPrivileges)) {
assertFalse(acl.isEmpty());
@@ -114,6 +119,7 @@ public class JackrabbitAccessControlList
}
}
+ @Test
public void testSize() throws RepositoryException {
if (acl.addAccessControlEntry(testPrincipal, testPrivileges)) {
assertTrue(acl.size() > 0);
@@ -122,6 +128,7 @@ public class JackrabbitAccessControlList
}
}
+ @Test
public void testAddEntry() throws NotExecutableException, RepositoryException {
List<AccessControlEntry> entriesBefore = Arrays.asList(acl.getAccessControlEntries());
if (acl.addEntry(testPrincipal, testPrivileges, true, Collections.<String, Value>emptyMap())) {
@@ -140,40 +147,7 @@ public class JackrabbitAccessControlList
}
}
- // TODO: rewrite
-// public void testAllowWriteDenyRemove() throws NotExecutableException, RepositoryException {
-// Principal princ = getValidPrincipal();
-// Privilege[] grPriv = privilegesFromName("rep:write");
-// Privilege[] dePriv = privilegesFromName(Privilege.JCR_REMOVE_CHILD_NODES);
-//
-// acl.addEntry(princ, grPriv, true, Collections.<String, Value>emptyMap());
-// acl.addEntry(princ, dePriv, false, Collections.<String, Value>emptyMap());
-//
-// Set<Privilege> allows = new HashSet<Privilege>();
-// Set<Privilege> denies = new HashSet<Privilege>();
-// AccessControlEntry[] entries = acl.getAccessControlEntries();
-// for (AccessControlEntry en : entries) {
-// if (princ.equals(en.getPrincipal()) && en instanceof JackrabbitAccessControlEntry) {
-// JackrabbitAccessControlEntry ace = (JackrabbitAccessControlEntry) en;
-// Privilege[] privs = ace.getPrivileges();
-// if (ace.isAllow()) {
-// allows.addAll(Arrays.asList(privs));
-// } else {
-// denies.addAll(Arrays.asList(privs));
-// }
-// }
-// }
-//
-// String[] expected = new String[] {Privilege.JCR_ADD_CHILD_NODES, Privilege.JCR_REMOVE_NODE, Privilege.JCR_MODIFY_PROPERTIES, Privilege.JCR_NODE_TYPE_MANAGEMENT};
-// assertEquals(expected.length, allows.size());
-// for (String name : expected) {
-// assertTrue(allows.contains(acMgr.privilegeFromName(name)));
-// }
-//
-// assertEquals(1, denies.size());
-// assertEquals(acMgr.privilegeFromName(Privilege.JCR_REMOVE_CHILD_NODES), denies.iterator().next());
-// }
-
+ @Test
public void testRemoveEntry() throws NotExecutableException, RepositoryException {
Principal princ = getValidPrincipal();
Privilege[] grPriv = privilegesFromName("rep:write");