You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by er...@apache.org on 2006/08/29 20:28:19 UTC
svn commit: r438144 -
/directory/branches/apacheds/1.0/core-unit/src/test/java/org/apache/directory/server/core/authz/MoveRenameAuthorizationITest.java
Author: ersiner
Date: Tue Aug 29 11:28:19 2006
New Revision: 438144
URL: http://svn.apache.org/viewvc?rev=438144&view=rev
Log:
Added a test case to show that EXPORT/IMPORT permissions are not handled correctly.
Modified:
directory/branches/apacheds/1.0/core-unit/src/test/java/org/apache/directory/server/core/authz/MoveRenameAuthorizationITest.java
Modified: directory/branches/apacheds/1.0/core-unit/src/test/java/org/apache/directory/server/core/authz/MoveRenameAuthorizationITest.java
URL: http://svn.apache.org/viewvc/directory/branches/apacheds/1.0/core-unit/src/test/java/org/apache/directory/server/core/authz/MoveRenameAuthorizationITest.java?rev=438144&r1=438143&r2=438144&view=diff
==============================================================================
--- directory/branches/apacheds/1.0/core-unit/src/test/java/org/apache/directory/server/core/authz/MoveRenameAuthorizationITest.java (original)
+++ directory/branches/apacheds/1.0/core-unit/src/test/java/org/apache/directory/server/core/authz/MoveRenameAuthorizationITest.java Tue Aug 29 11:28:19 2006
@@ -65,7 +65,7 @@
// create the new entry as the admin user
adminContext.createSubcontext( entryRdn, testEntry );
- LdapDN userName = new LdapDN( "uid=" + uid + ",ou=users,ou=system" );
+ LdapDN userName = new LdapDN( "uid=" + uid + ",ou=users,ou=system" );
DirContext userContext = getContextAs( userName, password );
userContext.rename( entryRdn, newRdn );
@@ -425,4 +425,80 @@
deleteAccessControlSubentry( "grantMoveByAny" );
deleteUser( "billyd" );
}
+
+
+ /**
+ * FIXME: THIS TEST FAILS
+ *
+ * Checks to make sure Export and Import permissions work correctly
+ * when they are defined on seperate contexts.
+ *
+ * @throws javax.naming.NamingException if the test encounters an error
+ */
+ /*
+ public void testExportAndImportSeperately() throws NamingException
+ {
+ // ----------------------------------------------------------------------------
+ // Test move and RDN change at the same time.
+ // ----------------------------------------------------------------------------
+
+ // create the non-admin user
+ createUser( "billyd", "billyd" );
+
+ // try an move w/ rdn change which should fail without any ACI
+ assertFalse( checkCanRenameAs( "billyd", "billyd", "ou=testou,ou=users", "ou=newname,ou=groups" ) );
+
+
+ // Gives grantBrowse perm to all users in the Administrators
+ // group for entries
+ // It's is needed just to read navigate the tree at root
+ createAccessControlSubentry(
+ "grantBrowseForTheWholeNamingContext",
+ "{ }",
+ "{ " + "identificationTag \"browseACI\", "
+ + "precedence 14, " + "authenticationLevel none, " + "itemOrUserFirst userFirst: { "
+ + "userClasses { userGroup { \"cn=Administrators,ou=groups,ou=system\" } }, " + "userPermissions { { "
+ + "protectedItems { entry }, "
+ + "grantsAndDenials { grantBrowse } } } } }" );
+
+ // Gives grantExport, grantRename perm to all users in the Administrators
+ // group for entries
+ createAccessControlSubentry(
+ "grantExportFromASubtree",
+ "{ base \"ou=users\" }", // !!!!! =====>>>>> { base "ou=users" }
+ "{ " + "identificationTag \"exportACI\", "
+ + "precedence 14, " + "authenticationLevel none, " + "itemOrUserFirst userFirst: { "
+ + "userClasses { userGroup { \"cn=Administrators,ou=groups,ou=system\" } }, " + "userPermissions { { "
+ + "protectedItems { entry }, "
+ + "grantsAndDenials { grantExport, grantRename } } } } }" );
+
+ // Gives grantImport perm to all users in the Administrators
+ // group for the target context
+ createAccessControlSubentry(
+ "grantImportToASubtree",
+ "{ base \"ou=groups\" }", // !!!!! =====>>>>> { base "ou=groups" }
+ "{ " + "identificationTag \"importACI\", "
+ + "precedence 14, " + "authenticationLevel none, " + "itemOrUserFirst userFirst: { "
+ + "userClasses { userGroup { \"cn=Administrators,ou=groups,ou=system\" } }, " + "userPermissions { { "
+ + "protectedItems { entry }, "
+ + "grantsAndDenials { grantImport } } } } }" );
+
+ // see if we can move and rename the test entry which we could not before
+ // op should still fail since billyd is not in the admin group
+ assertFalse( checkCanRenameAs( "billyd", "billyd", "ou=testou,ou=users", "ou=newname,ou=groups" ) );
+
+ // now add billyd to the Administrator group and try again
+ addUserToGroup( "billyd", "Administrators" );
+
+ // try move w/ rdn change which should succeed with ACI and group membership change
+ assertTrue( checkCanRenameAs( "billyd", "billyd", "ou=testou,ou=users", "ou=newname,ou=groups" ) );
+
+ // now let's cleanup
+ removeUserFromGroup( "billyd", "Administrators" );
+ deleteAccessControlSubentry( "grantBrowseForTheWholeNamingContext" );
+ deleteAccessControlSubentry( "grantExportFromASubtree" );
+ deleteAccessControlSubentry( "grantImportToASubtree" );
+ deleteUser( "billyd" );
+ }
+ */
}