You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by el...@apache.org on 2010/12/16 11:08:07 UTC
svn commit: r1049858 -
/directory/apacheds/branches/apacheds-AP/core-integ/src/test/java/org/apache/directory/server/core/authz/AddAuthorizationIT.java
Author: elecharny
Date: Thu Dec 16 10:08:07 2010
New Revision: 1049858
URL: http://svn.apache.org/viewvc?rev=1049858&view=rev
Log:
Some more refactoring
Modified:
directory/apacheds/branches/apacheds-AP/core-integ/src/test/java/org/apache/directory/server/core/authz/AddAuthorizationIT.java
Modified: directory/apacheds/branches/apacheds-AP/core-integ/src/test/java/org/apache/directory/server/core/authz/AddAuthorizationIT.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/apacheds-AP/core-integ/src/test/java/org/apache/directory/server/core/authz/AddAuthorizationIT.java?rev=1049858&r1=1049857&r2=1049858&view=diff
==============================================================================
--- directory/apacheds/branches/apacheds-AP/core-integ/src/test/java/org/apache/directory/server/core/authz/AddAuthorizationIT.java (original)
+++ directory/apacheds/branches/apacheds-AP/core-integ/src/test/java/org/apache/directory/server/core/authz/AddAuthorizationIT.java Thu Dec 16 10:08:07 2010
@@ -130,11 +130,23 @@ public class AddAuthorizationIT extends
// Gives grantAdd perm to all users in the Administrators group for
// entries and all attribute types and values
- createAccessControlSubentry( "administratorAdd", "{ " + " identificationTag \"addAci\", "
- + " precedence 14, " + " authenticationLevel none, " + " itemOrUserFirst userFirst: " + " { "
- + " userClasses { userGroup { \"cn=Administrators,ou=groups,ou=system\" } }, " + " userPermissions "
- + " { " + " { " + " protectedItems {entry, allUserAttributeTypesAndValues}, "
- + " grantsAndDenials { grantAdd, grantBrowse } " + " } " + " } " + " } " + "}" );
+ createAccessControlSubentry( "administratorAdd",
+ "{ "
+ + " identificationTag \"addAci\", "
+ + " precedence 14, "
+ + " authenticationLevel none, "
+ + " itemOrUserFirst userFirst: "
+ + " { "
+ + " userClasses { userGroup { \"cn=Administrators,ou=groups,ou=system\" } }, "
+ + " userPermissions "
+ + " { "
+ + " { "
+ + " protectedItems {entry, allUserAttributeTypesAndValues}, "
+ + " grantsAndDenials { grantAdd, grantBrowse } "
+ + " } "
+ + " } "
+ + " } "
+ + "}" );
// see if we can now add that test entry which we could not before
// add op should still fail since billd is not in the admin group
@@ -163,11 +175,23 @@ public class AddAuthorizationIT extends
assertFalse( checkCanAddEntryAs( "billyd", "billyd", "ou=testou" ) );
// now add a subentry that enables user billyd to add an entry below ou=system
- createAccessControlSubentry( "billydAdd", "{ " + " identificationTag \"addAci\", " + " precedence 14, "
- + " authenticationLevel none, " + " itemOrUserFirst userFirst: " + " { "
- + " userClasses { name { \"uid=billyd,ou=users,ou=system\" } }, " + " userPermissions " + " { "
- + " { " + " protectedItems {entry, allUserAttributeTypesAndValues}, "
- + " grantsAndDenials { grantAdd, grantBrowse } " + " } " + " } " + " } " + "}" );
+ createAccessControlSubentry( "billydAdd",
+ "{ "
+ + " identificationTag \"addAci\", "
+ + " precedence 14, "
+ + " authenticationLevel none, "
+ + " itemOrUserFirst userFirst: "
+ + " { "
+ + " userClasses { name { \"uid=billyd,ou=users,ou=system\" } }, "
+ + " userPermissions "
+ + " { "
+ + " { "
+ + " protectedItems {entry, allUserAttributeTypesAndValues}, "
+ + " grantsAndDenials { grantAdd, grantBrowse } "
+ + " } "
+ + " } "
+ + " } "
+ + "}" );
// should work now that billyd is authorized by name
assertTrue( checkCanAddEntryAs( "billyd", "billyd", "ou=testou" ) );
@@ -189,12 +213,26 @@ public class AddAuthorizationIT extends
assertFalse( checkCanAddEntryAs( "billyd", "billyd", "ou=testou" ) );
// now add a subentry that enables user billyd to add an entry below ou=system
- createAccessControlSubentry( "billyAddBySubtree", "{ " + " identificationTag \"addAci\", "
- + " precedence 14, " + " authenticationLevel none, " + " itemOrUserFirst userFirst: " + " { "
- + " userClasses " + " { " + " subtree { { base \"ou=users,ou=system\" } } " + " }, "
- + " userPermissions " + " { " + " { "
+ createAccessControlSubentry( "billyAddBySubtree",
+ "{ "
+ + " identificationTag \"addAci\", "
+ + " precedence 14, "
+ + " authenticationLevel none, "
+ + " itemOrUserFirst userFirst: "
+ + " { "
+ + " userClasses "
+ + " { "
+ + " subtree { { base \"ou=users,ou=system\" } } "
+ + " }, "
+ + " userPermissions "
+ + " { "
+ + " { "
+ " protectedItems {entry, allUserAttributeTypesAndValues}, "
- + " grantsAndDenials { grantAdd, grantBrowse } " + " } " + " } " + " } " + "}" );
+ + " grantsAndDenials { grantAdd, grantBrowse } "
+ + " } "
+ + " } "
+ + " } "
+ + "}" );
// should work now that billyd is authorized by the subtree userClass
assertTrue( checkCanAddEntryAs( "billyd", "billyd", "ou=testou" ) );
@@ -216,11 +254,23 @@ public class AddAuthorizationIT extends
assertFalse( checkCanAddEntryAs( "billyd", "billyd", "ou=testou" ) );
// now add a subentry that enables anyone to add an entry below ou=system
- createAccessControlSubentry( "anybodyAdd", "{ " + " identificationTag \"addAci\", " + " precedence 14, "
- + " authenticationLevel none, " + " itemOrUserFirst userFirst: " + " { "
- + " userClasses { allUsers }, " + " userPermissions " + " { " + " { "
+ createAccessControlSubentry( "anybodyAdd",
+ "{ "
+ + " identificationTag \"addAci\", "
+ + " precedence 14, "
+ + " authenticationLevel none, "
+ + " itemOrUserFirst userFirst: "
+ + " { "
+ + " userClasses { allUsers }, "
+ + " userPermissions "
+ + " { "
+ + " { "
+ " protectedItems {entry, allUserAttributeTypesAndValues}, "
- + " grantsAndDenials { grantAdd, grantBrowse } " + " } " + " } " + " } " + "}" );
+ + " grantsAndDenials { grantAdd, grantBrowse } "
+ + " } "
+ + " } "
+ + " } "
+ + "}" );
// see if we can now add that test entry which we could not before
// should work now with billyd now that all users are authorized