You are viewing a plain text version of this content. The canonical link for it is here.
Posted to oak-commits@jackrabbit.apache.org by an...@apache.org on 2013/05/03 12:08:41 UTC
svn commit: r1478707 - in
/jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/authorization:
AbstractEvaluationTest.java ReadTest.java
Author: angela
Date: Fri May 3 10:08:41 2013
New Revision: 1478707
URL: http://svn.apache.org/r1478707
Log:
OAK-527: permissions (tests)
Modified:
jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/authorization/AbstractEvaluationTest.java
jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/authorization/ReadTest.java
Modified: jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/authorization/AbstractEvaluationTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/authorization/AbstractEvaluationTest.java?rev=1478707&r1=1478706&r2=1478707&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/authorization/AbstractEvaluationTest.java (original)
+++ jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/authorization/AbstractEvaluationTest.java Fri May 3 10:08:41 2013
@@ -188,6 +188,7 @@ public abstract class AbstractEvaluation
}
return sb.toString();
}
+
protected Map<String, Value> createGlobRestriction(String value) throws RepositoryException {
return Collections.singletonMap("rep:glob", testSession.getValueFactory().createValue(value));
}
@@ -223,7 +224,7 @@ public abstract class AbstractEvaluation
return modify(path, testUser.getPrincipal(), privilegesFromName(privilege), isAllow, EMPTY_RESTRICTIONS);
}
- private JackrabbitAccessControlList modify(String path, Principal principal, Privilege[] privileges, boolean isAllow, Map<String, Value> restrictions) throws Exception {
+ protected JackrabbitAccessControlList modify(String path, Principal principal, Privilege[] privileges, boolean isAllow, Map<String, Value> restrictions) throws Exception {
JackrabbitAccessControlList tmpl = AccessControlUtils.getAccessControlList(acMgr, path);
tmpl.addEntry(principal, privileges, isAllow, restrictions);
Modified: jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/authorization/ReadTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/authorization/ReadTest.java?rev=1478707&r1=1478706&r2=1478707&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/authorization/ReadTest.java (original)
+++ jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/authorization/ReadTest.java Fri May 3 10:08:41 2013
@@ -16,12 +16,17 @@
*/
package org.apache.jackrabbit.oak.jcr.security.authorization;
+import java.security.Principal;
+import java.util.HashSet;
+import java.util.Set;
import javax.jcr.Node;
import javax.jcr.PathNotFoundException;
import javax.jcr.Session;
+import javax.jcr.security.Privilege;
+import org.apache.jackrabbit.api.security.JackrabbitAccessControlManager;
+import org.apache.jackrabbit.api.security.user.Group;
import org.apache.jackrabbit.oak.spi.security.principal.EveryonePrincipal;
-import org.junit.Ignore;
import org.junit.Test;
import static org.junit.Assert.assertArrayEquals;
@@ -319,4 +324,58 @@ public class ReadTest extends AbstractEv
assertFalse(testSession.hasPermission(propPath, javax.jcr.Session.ACTION_READ));
assertFalse(testSession.propertyExists(propPath));
}
+
+ @Test
+ public void testGlobRestriction2() throws Exception {
+ Group group2 = getUserManager(superuser).createGroup("group2");
+ Group group3 = getUserManager(superuser).createGroup("group3");
+ superuser.save();
+
+ try {
+ Privilege[] readPrivs = privilegesFromName(Privilege.JCR_READ);
+
+ modify(path, getTestGroup().getPrincipal(), readPrivs, true, createGlobRestriction("/*"));
+ allow(path, group2.getPrincipal(), readPrivs);
+ deny(path, group3.getPrincipal(), readPrivs);
+
+ Set<Principal> principals = new HashSet();
+ principals.add(getTestGroup().getPrincipal());
+ principals.add(group2.getPrincipal());
+ principals.add(group3.getPrincipal());
+
+ assertFalse(((JackrabbitAccessControlManager) acMgr).hasPrivileges(path, principals, readPrivs));
+ assertFalse(((JackrabbitAccessControlManager) acMgr).hasPrivileges(childNPath, principals, readPrivs));
+ } finally {
+ group2.remove();
+ group3.remove();
+ superuser.save();
+ }
+ }
+
+ @Test
+ public void testGlobRestriction3() throws Exception {
+ Group group2 = getUserManager(superuser).createGroup("group2");
+ Group group3 = getUserManager(superuser).createGroup("group3");
+ superuser.save();
+
+ try {
+ Privilege[] readPrivs = privilegesFromName(Privilege.JCR_READ);
+
+ allow(path, group2.getPrincipal(), readPrivs);
+ deny(path, group3.getPrincipal(), readPrivs);
+ modify(path, getTestGroup().getPrincipal(), readPrivs, true, createGlobRestriction("/*"));
+
+ Set<Principal> principals = new HashSet();
+ principals.add(getTestGroup().getPrincipal());
+ principals.add(group2.getPrincipal());
+ principals.add(group3.getPrincipal());
+
+ assertFalse(((JackrabbitAccessControlManager) acMgr).hasPrivileges(path, principals, readPrivs));
+ assertTrue(((JackrabbitAccessControlManager) acMgr).hasPrivileges(childNPath, principals, readPrivs));
+ } finally {
+ group2.remove();
+ group3.remove();
+ superuser.save();
+ }
+ }
}