You are viewing a plain text version of this content. The canonical link for it is here.
Posted to oak-commits@jackrabbit.apache.org by an...@apache.org on 2019/06/26 09:49:58 UTC
svn commit: r1862115 -
/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/restriction/
Author: angela
Date: Wed Jun 26 09:49:58 2019
New Revision: 1862115
URL: http://svn.apache.org/viewvc?rev=1862115&view=rev
Log:
OAK-8441 : Improve tests for org.apache.jackrabbit.oak.security.authorization.restriction
Modified:
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/restriction/AbstractRestrictionProviderTest.java
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/restriction/CompositeRestrictionProviderTest.java
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/restriction/CustomRestrictionProviderTest.java
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/restriction/GlobPatternTest.java
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/restriction/ItemNamePatternTest.java
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/restriction/ItemNameRestrictionTest.java
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/restriction/NodeTypePatternTest.java
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/restriction/PermissionTest.java
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/restriction/PrefixPatternTest.java
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/restriction/RestrictionProviderImplTest.java
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/restriction/TestProvider.java
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/restriction/WhiteboardRestrictionProviderTest.java
Modified: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/restriction/AbstractRestrictionProviderTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/restriction/AbstractRestrictionProviderTest.java?rev=1862115&r1=1862114&r2=1862115&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/restriction/AbstractRestrictionProviderTest.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/restriction/AbstractRestrictionProviderTest.java Wed Jun 26 09:49:58 2019
@@ -31,6 +31,7 @@ import org.apache.jackrabbit.oak.api.Pro
import org.apache.jackrabbit.oak.api.Tree;
import org.apache.jackrabbit.oak.api.Type;
import org.apache.jackrabbit.oak.plugins.memory.PropertyStates;
+import org.apache.jackrabbit.oak.plugins.tree.TreeUtil;
import org.apache.jackrabbit.oak.plugins.value.jcr.ValueFactoryImpl;
import org.apache.jackrabbit.oak.spi.security.authorization.accesscontrol.AccessControlConstants;
import org.apache.jackrabbit.oak.spi.security.authorization.restriction.AbstractRestrictionProvider;
@@ -38,7 +39,6 @@ import org.apache.jackrabbit.oak.spi.sec
import org.apache.jackrabbit.oak.spi.security.authorization.restriction.RestrictionDefinition;
import org.apache.jackrabbit.oak.spi.security.authorization.restriction.RestrictionDefinitionImpl;
import org.apache.jackrabbit.oak.spi.security.authorization.restriction.RestrictionImpl;
-import org.apache.jackrabbit.oak.util.NodeUtil;
import org.junit.After;
import org.junit.Before;
import org.junit.Test;
@@ -53,15 +53,12 @@ import static org.junit.Assert.fail;
*/
public class AbstractRestrictionProviderTest extends AbstractSecurityTest implements AccessControlConstants {
- private String unsupportedPath = null;
private String testPath = "/testRoot";
private Value globValue;
private Value[] nameValues;
- private Value nameValue;
private ValueFactory valueFactory;
- private Map<String, ? extends RestrictionDefinition> supported;
private AbstractRestrictionProvider restrictionProvider;
@Before
@@ -71,7 +68,6 @@ public class AbstractRestrictionProvider
valueFactory = new ValueFactoryImpl(root, namePathMapper);
globValue = valueFactory.createValue("*");
- nameValue = valueFactory.createValue("nt:file", PropertyType.NAME);
nameValues = new Value[] {
valueFactory.createValue("nt:folder", PropertyType.NAME),
valueFactory.createValue("nt:file", PropertyType.NAME)
@@ -80,7 +76,7 @@ public class AbstractRestrictionProvider
RestrictionDefinition glob = new RestrictionDefinitionImpl(REP_GLOB, Type.STRING, false);
RestrictionDefinition nts = new RestrictionDefinitionImpl(REP_NT_NAMES, Type.NAMES, false);
RestrictionDefinition mand = new RestrictionDefinitionImpl("mandatory", Type.BOOLEAN, true);
- supported = ImmutableMap.of(glob.getName(), glob, nts.getName(), nts, mand.getName(), mand);
+ Map<String, ? extends RestrictionDefinition> supported = ImmutableMap.of(glob.getName(), glob, nts.getName(), nts, mand.getName(), mand);
restrictionProvider = new TestProvider(supported);
}
@@ -95,10 +91,11 @@ public class AbstractRestrictionProvider
}
private Tree getAceTree(Restriction... restrictions) throws Exception {
- NodeUtil rootNode = new NodeUtil(root.getTree("/"));
- NodeUtil tmp = rootNode.addChild("testRoot", JcrConstants.NT_UNSTRUCTURED);
- Tree ace = tmp.addChild("rep:policy", NT_REP_ACL).addChild("ace0", NT_REP_GRANT_ACE).getTree();
- restrictionProvider.writeRestrictions(tmp.getTree().getPath(), ace, ImmutableSet.copyOf(restrictions));
+ Tree rootNode = root.getTree("/");
+ Tree tmp = TreeUtil.addChild(rootNode, "testRoot", JcrConstants.NT_UNSTRUCTURED);
+ Tree policy = TreeUtil.addChild(tmp, REP_POLICY, NT_REP_ACL);
+ Tree ace = TreeUtil.addChild(policy, "ace0", NT_REP_GRANT_ACE);
+ restrictionProvider.writeRestrictions(tmp.getPath(), ace, ImmutableSet.copyOf(restrictions));
return ace;
}
@@ -117,7 +114,7 @@ public class AbstractRestrictionProvider
Restriction r = restrictionProvider.createRestriction(testPath, REP_GLOB, globValue);
Tree aceTree = getAceTree();
- restrictionProvider.writeRestrictions(testPath, aceTree, ImmutableSet.<Restriction>of(r));
+ restrictionProvider.writeRestrictions(testPath, aceTree, ImmutableSet.of(r));
assertTrue(aceTree.hasChild(REP_RESTRICTIONS));
Tree restr = aceTree.getChild(REP_RESTRICTIONS);
@@ -129,7 +126,7 @@ public class AbstractRestrictionProvider
PropertyState ps = PropertyStates.createProperty(REP_GLOB, valueFactory.createValue(false));
Tree aceTree = getAceTree();
- restrictionProvider.writeRestrictions(testPath, aceTree, ImmutableSet.<Restriction>of(new RestrictionImpl(ps, false)));
+ restrictionProvider.writeRestrictions(testPath, aceTree, ImmutableSet.of(new RestrictionImpl(ps, false)));
assertTrue(aceTree.hasChild(REP_RESTRICTIONS));
Tree restr = aceTree.getChild(REP_RESTRICTIONS);
@@ -157,7 +154,7 @@ public class AbstractRestrictionProvider
Restriction mand = restrictionProvider.createRestriction(testPath, "mandatory", valueFactory.createValue(true));
try {
Tree ace = getAceTree(mand);
- new NodeUtil(ace).getChild(REP_RESTRICTIONS).setBoolean(REP_GLOB, true);
+ ace.getChild(REP_RESTRICTIONS).setProperty(REP_GLOB, true);
restrictionProvider.validateRestrictions(testPath, ace);
fail("wrong type with restriction 'rep:glob");
@@ -171,7 +168,7 @@ public class AbstractRestrictionProvider
Restriction mand = restrictionProvider.createRestriction(testPath, "mandatory", valueFactory.createValue(true));
try {
Tree ace = getAceTree(mand);
- new NodeUtil(ace).getChild(REP_RESTRICTIONS).setString("Unsupported", "value");
+ ace.getChild(REP_RESTRICTIONS).setProperty("Unsupported", "value");
restrictionProvider.validateRestrictions(testPath, ace);
fail("wrong type with restriction 'rep:glob");
Modified: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/restriction/CompositeRestrictionProviderTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/restriction/CompositeRestrictionProviderTest.java?rev=1862115&r1=1862114&r2=1862115&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/restriction/CompositeRestrictionProviderTest.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/restriction/CompositeRestrictionProviderTest.java Wed Jun 26 09:49:58 2019
@@ -16,17 +16,14 @@
*/
package org.apache.jackrabbit.oak.security.authorization.restriction;
-import java.util.Set;
-import javax.jcr.PropertyType;
-import javax.jcr.Value;
-import javax.jcr.ValueFactory;
-import javax.jcr.security.AccessControlException;
-
+import com.google.common.collect.ImmutableList;
import com.google.common.collect.ImmutableMap;
import com.google.common.collect.ImmutableSet;
import org.apache.jackrabbit.oak.AbstractSecurityTest;
+import org.apache.jackrabbit.oak.api.Tree;
import org.apache.jackrabbit.oak.api.Type;
import org.apache.jackrabbit.oak.plugins.memory.PropertyStates;
+import org.apache.jackrabbit.oak.plugins.tree.TreeUtil;
import org.apache.jackrabbit.oak.spi.security.authorization.accesscontrol.AccessControlConstants;
import org.apache.jackrabbit.oak.spi.security.authorization.restriction.CompositePattern;
import org.apache.jackrabbit.oak.spi.security.authorization.restriction.CompositeRestrictionProvider;
@@ -35,11 +32,15 @@ import org.apache.jackrabbit.oak.spi.sec
import org.apache.jackrabbit.oak.spi.security.authorization.restriction.RestrictionDefinitionImpl;
import org.apache.jackrabbit.oak.spi.security.authorization.restriction.RestrictionImpl;
import org.apache.jackrabbit.oak.spi.security.authorization.restriction.RestrictionProvider;
-import org.apache.jackrabbit.oak.util.NodeUtil;
import org.junit.After;
import org.junit.Before;
import org.junit.Test;
+import javax.jcr.PropertyType;
+import javax.jcr.ValueFactory;
+import javax.jcr.security.AccessControlException;
+import java.util.Set;
+
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertFalse;
import static org.junit.Assert.assertTrue;
@@ -90,15 +91,15 @@ public class CompositeRestrictionProvide
@Test
public void testReadRestrictions() throws Exception {
- NodeUtil aceNode = new NodeUtil(root.getTree("/")).addChild("test", NT_REP_GRANT_ACE);
- aceNode.setBoolean("boolean", true);
- aceNode.setValues("longs", new Value[] {vf.createValue(10), vf.createValue(290)});
- aceNode.setString(REP_GLOB, "*");
- aceNode.setNames(REP_NT_NAMES); // empty array
- aceNode.setString("invalid", "val");
- aceNode.setStrings("invalid2", "val1", "val2", "val3");
+ Tree aceNode = TreeUtil.addChild(root.getTree("/"), "test", NT_REP_GRANT_ACE);
+ aceNode.setProperty("boolean", true);
+ aceNode.setProperty(PropertyStates.createProperty("longs", ImmutableList.of(vf.createValue(10), vf.createValue(290))));
+ aceNode.setProperty(REP_GLOB, "*");
+ aceNode.setProperty(REP_NT_NAMES, ImmutableSet.of(), Type.NAMES); // empty array
+ aceNode.setProperty("invalid", "val");
+ aceNode.setProperty("invalid2", ImmutableList.of("val1", "val2", "val3"), Type.STRINGS);
- Set<Restriction> restrictions = provider.readRestrictions("/test", aceNode.getTree());
+ Set<Restriction> restrictions = provider.readRestrictions("/test", aceNode);
assertEquals(4, restrictions.size());
for (Restriction r : restrictions) {
String name = r.getDefinition().getName();
@@ -110,21 +111,21 @@ public class CompositeRestrictionProvide
@Test
public void testWriteRestrictions() throws Exception {
- NodeUtil aceNode = new NodeUtil(root.getTree("/")).addChild("test", NT_REP_GRANT_ACE);
+ Tree aceNode = TreeUtil.addChild(root.getTree("/"), "test", NT_REP_GRANT_ACE);
Set<Restriction> restrictions = ImmutableSet.of(
provider.createRestriction("/test","boolean", vf.createValue(true)),
provider.createRestriction("/test", "longs"),
provider.createRestriction("/test", REP_GLOB, vf.createValue("*")),
provider.createRestriction("/test", REP_NT_NAMES, vf.createValue("nt:base", PropertyType.NAME), vf.createValue("nt:version", PropertyType.NAME)));
- provider.writeRestrictions("/test", aceNode.getTree(), restrictions);
+ provider.writeRestrictions("/test", aceNode, restrictions);
}
@Test
public void testWriteUnsupportedRestrictions() throws Exception {
- NodeUtil aceNode = new NodeUtil(root.getTree("/")).addChild("test", NT_REP_GRANT_ACE);
+ Tree aceNode = TreeUtil.addChild(root.getTree("/"), "test", NT_REP_GRANT_ACE);
Restriction invalid = new RestrictionImpl(PropertyStates.createProperty("invalid", vf.createValue(true)), false);
try {
- provider.writeRestrictions("/test", aceNode.getTree(), ImmutableSet.<Restriction>of(invalid));
+ provider.writeRestrictions("/test", aceNode, ImmutableSet.<Restriction>of(invalid));
fail("AccessControlException expected");
} catch (AccessControlException e) {
// success
@@ -133,38 +134,38 @@ public class CompositeRestrictionProvide
@Test
public void testValidateRestrictions() throws Exception {
- NodeUtil aceNode = new NodeUtil(root.getTree("/")).addChild("test", NT_REP_GRANT_ACE);
- NodeUtil rNode = aceNode.addChild(REP_RESTRICTIONS, NT_REP_RESTRICTIONS);
- rNode.setBoolean("boolean", true);
- rNode.setValues("longs", new Value[] {vf.createValue(10), vf.createValue(290)});
- rNode.setString(REP_GLOB, "*");
- rNode.setNames(REP_NT_NAMES); // empty array
+ Tree aceNode = TreeUtil.addChild(root.getTree("/"), "test", NT_REP_GRANT_ACE);
+ Tree rNode = TreeUtil.addChild(aceNode, REP_RESTRICTIONS, NT_REP_RESTRICTIONS);
+ rNode.setProperty("boolean", true);
+ rNode.setProperty(PropertyStates.createProperty("longs", ImmutableList.of(vf.createValue(10), vf.createValue(290))));
+ rNode.setProperty(REP_GLOB, "*");
+ rNode.setProperty(REP_NT_NAMES, ImmutableList.of(), Type.NAMES); // empty array
- provider.validateRestrictions("/test", aceNode.getTree());
+ provider.validateRestrictions("/test", aceNode);
// remove mandatory restriction
rNode.removeProperty("boolean");
try {
- provider.validateRestrictions("/test", aceNode.getTree());
+ provider.validateRestrictions("/test", aceNode);
fail("validation should detect missing mandatory restrictions");
} catch (AccessControlException e) {
// success
}
// set with wrong type
- rNode.setName("boolean", "nt:base");
+ rNode.setProperty("boolean", "nt:base", Type.NAME);
try {
- provider.validateRestrictions("/test", aceNode.getTree());
+ provider.validateRestrictions("/test", aceNode);
fail("validation should detect wrong restriction type");
} catch (AccessControlException e) {
// success
} finally {
- rNode.setBoolean("boolean", true);
+ rNode.setProperty("boolean", true);
}
- rNode.setStrings(REP_GLOB, "*", "/jcr:content");
+ rNode.setProperty(REP_GLOB, ImmutableList.of("*", "/jcr:content"), Type.STRINGS);
try {
- provider.validateRestrictions("/test", aceNode.getTree());
+ provider.validateRestrictions("/test", aceNode);
fail("validation should detect wrong restriction type (multi vs single valued)");
} catch (AccessControlException e) {
// success
@@ -173,25 +174,25 @@ public class CompositeRestrictionProvide
@Test
public void testValidateRestrictionsAtEntryNode() throws Exception {
- NodeUtil aceNode = new NodeUtil(root.getTree("/")).addChild("test", NT_REP_GRANT_ACE);
- aceNode.setBoolean("boolean", true);
- aceNode.setValues("longs", new Value[] {vf.createValue(10), vf.createValue(290)});
- aceNode.setString(REP_GLOB, "*");
- aceNode.setNames(REP_NT_NAMES); // empty array
+ Tree aceNode = TreeUtil.addChild(root.getTree("/"), "test", NT_REP_GRANT_ACE);
+ aceNode.setProperty("boolean", true);
+ aceNode.setProperty(PropertyStates.createProperty("longs", ImmutableList.of(vf.createValue(10), vf.createValue(290))));
+ aceNode.setProperty(REP_GLOB, "*");
+ aceNode.setProperty(REP_NT_NAMES, ImmutableList.of(), Type.NAMES); // empty array
- provider.validateRestrictions("/test", aceNode.getTree());
+ provider.validateRestrictions("/test", aceNode);
}
@Test
public void testValidateInvalidRestrictionDef() throws Exception {
RestrictionProvider rp = CompositeRestrictionProvider.newInstance(rp1, rp3);
- NodeUtil aceNode = new NodeUtil(root.getTree("/")).addChild("test", NT_REP_GRANT_ACE);
- NodeUtil rNode = aceNode.addChild(REP_RESTRICTIONS, NT_REP_RESTRICTIONS);
- rNode.setValues(REP_GLOB, new Value[]{vf.createValue(10), vf.createValue(290)});
+ Tree aceNode = TreeUtil.addChild(root.getTree("/"), "test", NT_REP_GRANT_ACE);
+ Tree rNode = TreeUtil.addChild(aceNode, REP_RESTRICTIONS, NT_REP_RESTRICTIONS);
+ rNode.setProperty(PropertyStates.createProperty("longs", ImmutableList.of(vf.createValue(10), vf.createValue(290))));
try {
- rp.validateRestrictions("/test", aceNode.getTree());
+ rp.validateRestrictions("/test", aceNode);
fail("Validation must detect invalid restriction definition");
} catch (AccessControlException e) {
// success
@@ -202,12 +203,12 @@ public class CompositeRestrictionProvide
public void testValidateUnsupportedRestriction() throws Exception {
RestrictionProvider rp = CompositeRestrictionProvider.newInstance(rp1, rp3);
- NodeUtil aceNode = new NodeUtil(root.getTree("/")).addChild("test", NT_REP_GRANT_ACE);
- NodeUtil rNode = aceNode.addChild(REP_RESTRICTIONS, NT_REP_RESTRICTIONS);
- rNode.setString("unsupported", "value");
+ Tree aceNode = TreeUtil.addChild(root.getTree("/"), "test", NT_REP_GRANT_ACE);
+ Tree rNode = TreeUtil.addChild(aceNode, REP_RESTRICTIONS, NT_REP_RESTRICTIONS);
+ rNode.setProperty("unsupported", "value");
try {
- rp.validateRestrictions("/test", aceNode.getTree());
+ rp.validateRestrictions("/test", aceNode);
fail("Validation must detect unsupported restriction");
} catch (AccessControlException e) {
// success
@@ -216,15 +217,15 @@ public class CompositeRestrictionProvide
@Test
public void testGetRestrictionPattern() throws Exception {
- NodeUtil aceNode = new NodeUtil(root.getTree("/")).addChild("test", NT_REP_GRANT_ACE);
- NodeUtil rNode = aceNode.addChild(REP_RESTRICTIONS, NT_REP_RESTRICTIONS);
- rNode.setString(REP_GLOB, "*");
+ Tree aceNode = TreeUtil.addChild(root.getTree("/"), "test", NT_REP_GRANT_ACE);
+ Tree rNode = TreeUtil.addChild(aceNode, REP_RESTRICTIONS, NT_REP_RESTRICTIONS);
+ rNode.setProperty(REP_GLOB, "*");
- assertFalse(provider.getPattern("/test", aceNode.getTree()) instanceof CompositePattern);
+ assertFalse(provider.getPattern("/test", aceNode) instanceof CompositePattern);
- rNode.setBoolean("boolean", true);
- rNode.setValues("longs", new Value[]{vf.createValue(10), vf.createValue(290)});
+ rNode.setProperty("boolean", true);
+ rNode.setProperty(PropertyStates.createProperty("longs", ImmutableList.of(vf.createValue(10), vf.createValue(290))));
- assertTrue(provider.getPattern("/test", rNode.getTree()) instanceof CompositePattern);
+ assertTrue(provider.getPattern("/test", rNode) instanceof CompositePattern);
}
}
\ No newline at end of file
Modified: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/restriction/CustomRestrictionProviderTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/restriction/CustomRestrictionProviderTest.java?rev=1862115&r1=1862114&r2=1862115&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/restriction/CustomRestrictionProviderTest.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/restriction/CustomRestrictionProviderTest.java Wed Jun 26 09:49:58 2019
@@ -16,15 +16,7 @@
*/
package org.apache.jackrabbit.oak.security.authorization.restriction;
-import java.security.Principal;
-import java.util.Collections;
-import java.util.HashMap;
-import java.util.Map;
-import java.util.Set;
-
-import javax.jcr.Value;
-import javax.jcr.security.AccessControlManager;
-
+import com.google.common.collect.ImmutableMap;
import org.apache.jackrabbit.JcrConstants;
import org.apache.jackrabbit.api.security.JackrabbitAccessControlList;
import org.apache.jackrabbit.commons.jackrabbit.authorization.AccessControlUtils;
@@ -35,6 +27,7 @@ import org.apache.jackrabbit.oak.api.Pro
import org.apache.jackrabbit.oak.api.Root;
import org.apache.jackrabbit.oak.api.Tree;
import org.apache.jackrabbit.oak.api.Type;
+import org.apache.jackrabbit.oak.plugins.tree.TreeUtil;
import org.apache.jackrabbit.oak.spi.security.ConfigurationParameters;
import org.apache.jackrabbit.oak.spi.security.authorization.AuthorizationConfiguration;
import org.apache.jackrabbit.oak.spi.security.authorization.accesscontrol.AccessControlConstants;
@@ -48,7 +41,6 @@ import org.apache.jackrabbit.oak.spi.sec
import org.apache.jackrabbit.oak.spi.security.authorization.restriction.RestrictionPattern;
import org.apache.jackrabbit.oak.spi.security.authorization.restriction.RestrictionProvider;
import org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeConstants;
-import org.apache.jackrabbit.oak.util.NodeUtil;
import org.apache.jackrabbit.value.StringValue;
import org.jetbrains.annotations.NotNull;
import org.jetbrains.annotations.Nullable;
@@ -56,11 +48,16 @@ import org.junit.After;
import org.junit.Before;
import org.junit.Test;
-import com.google.common.collect.ImmutableMap;
+import javax.jcr.Value;
+import javax.jcr.security.AccessControlManager;
+import java.security.Principal;
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.Map;
+import java.util.Set;
import static org.apache.jackrabbit.JcrConstants.NT_UNSTRUCTURED;
import static org.junit.Assert.assertEquals;
-import static org.junit.Assert.fail;
/**
* Test suite for a custom restriction provider. The restriction is enabled based on the (non) existence of a property.
@@ -90,14 +87,14 @@ public class CustomRestrictionProviderTe
public void before() throws Exception {
super.before();
- NodeUtil rootNode = new NodeUtil(root.getTree("/"));
- NodeUtil testRootNode = rootNode.addChild("testRoot", NT_UNSTRUCTURED);
- NodeUtil a = testRootNode.addChild("a", NT_UNSTRUCTURED);
- NodeUtil b = a.addChild("b", NT_UNSTRUCTURED);
- NodeUtil c = b.addChild("c", NT_UNSTRUCTURED);
- c.setBoolean(PROP_NAME_PROTECT_ME, true);
- NodeUtil d = c.addChild("d", NT_UNSTRUCTURED);
- d.addChild("e", NT_UNSTRUCTURED);
+ Tree rootNode = root.getTree("/");
+ Tree testRootNode = TreeUtil.addChild(rootNode, "testRoot", NT_UNSTRUCTURED);
+ Tree a = TreeUtil.addChild(testRootNode, "a", NT_UNSTRUCTURED);
+ Tree b = TreeUtil.addChild(a, "b", NT_UNSTRUCTURED);
+ Tree c = TreeUtil.addChild(b, "c", NT_UNSTRUCTURED);
+ c.setProperty(PROP_NAME_PROTECT_ME, true);
+ Tree d = TreeUtil.addChild(c, "d", NT_UNSTRUCTURED);
+ TreeUtil.addChild(d, "e", NT_UNSTRUCTURED);
root.commit();
testPrincipal = getTestUser().getPrincipal();
@@ -122,7 +119,7 @@ public class CustomRestrictionProviderTe
AccessControlManager acMgr = getAccessControlManager(root);
JackrabbitAccessControlList acl = AccessControlUtils.getAccessControlList(acMgr, path);
if (restriction.length() > 0) {
- Map<String, Value> rs = new HashMap<String, Value>();
+ Map<String, Value> rs = new HashMap<>();
rs.put(PropertyRestrictionProvider.RESTRICTION_NAME, new StringValue(restriction));
acl.addEntry(testPrincipal, AccessControlUtils.privilegesFromNames(acMgr, privilegeNames), grant, rs);
} else {
@@ -145,44 +142,35 @@ public class CustomRestrictionProviderTe
/**
* Tests the custom restriction provider that checks on the existence of a property.
- * @throws Exception
*/
- @Test
+ @Test(expected = CommitFailedException.class)
public void testProtectByRestriction() throws Exception {
// allow rep:write /testroot
// deny jcr:removeNode /testroot/a hasProperty=protect-me
addEntry(TEST_ROOT_PATH, true, "", PrivilegeConstants.JCR_READ, PrivilegeConstants.REP_WRITE);
addEntry(TEST_A_PATH, false, PROP_NAME_PROTECT_ME, PrivilegeConstants.JCR_REMOVE_NODE);
- ContentSession testSession = createTestSession();
- try {
+ try (ContentSession testSession = createTestSession()) {
Root testRoot = testSession.getLatestRoot();
PermissionProvider pp = getPermissionProvider(testSession);
- assertIsGranted(pp, testRoot, true , TEST_A_PATH, Permissions.REMOVE_NODE);
- assertIsGranted(pp, testRoot, true , TEST_B_PATH, Permissions.REMOVE_NODE);
+ assertIsGranted(pp, testRoot, true, TEST_A_PATH, Permissions.REMOVE_NODE);
+ assertIsGranted(pp, testRoot, true, TEST_B_PATH, Permissions.REMOVE_NODE);
assertIsGranted(pp, testRoot, false, TEST_C_PATH, Permissions.REMOVE_NODE);
- assertIsGranted(pp, testRoot, true , TEST_D_PATH, Permissions.REMOVE_NODE);
- assertIsGranted(pp, testRoot, true , TEST_E_PATH, Permissions.REMOVE_NODE);
+ assertIsGranted(pp, testRoot, true, TEST_D_PATH, Permissions.REMOVE_NODE);
+ assertIsGranted(pp, testRoot, true, TEST_E_PATH, Permissions.REMOVE_NODE);
// should be able to remove /a/b/c/d
testRoot.getTree(TEST_D_PATH).remove();
testRoot.commit();
- try {
- testRoot.getTree(TEST_C_PATH).remove();
- testRoot.commit();
- fail("should not be able to delete " + TEST_C_PATH);
- } catch (CommitFailedException e) {
- // all ok
- }
- } finally {
- testSession.close();
+ testRoot.getTree(TEST_C_PATH).remove();
+ testRoot.commit();
+ //fail("should not be able to delete " + TEST_C_PATH);
}
}
/**
* Tests the custom restriction provider that checks on the existence of a property.
- * @throws Exception
*/
@Test
public void testProtectPropertiesByRestriction() throws Exception {
@@ -191,25 +179,20 @@ public class CustomRestrictionProviderTe
addEntry(TEST_ROOT_PATH, true, "", PrivilegeConstants.JCR_READ, PrivilegeConstants.REP_WRITE);
addEntry(TEST_A_PATH, false, PROP_NAME_PROTECT_ME, PrivilegeConstants.JCR_MODIFY_PROPERTIES);
- ContentSession testSession = createTestSession();
- try {
+ try (ContentSession testSession = createTestSession()) {
Root testRoot = testSession.getLatestRoot();
PermissionProvider pp = getPermissionProvider(testSession);
- assertIsGranted(pp, testRoot, true , TEST_A_PATH, Permissions.MODIFY_PROPERTY);
- assertIsGranted(pp, testRoot, true , TEST_B_PATH, Permissions.MODIFY_PROPERTY);
+ assertIsGranted(pp, testRoot, true, TEST_A_PATH, Permissions.MODIFY_PROPERTY);
+ assertIsGranted(pp, testRoot, true, TEST_B_PATH, Permissions.MODIFY_PROPERTY);
assertIsGranted(pp, testRoot, false, TEST_C_PATH, Permissions.MODIFY_PROPERTY);
- assertIsGranted(pp, testRoot, true , TEST_D_PATH, Permissions.MODIFY_PROPERTY);
- assertIsGranted(pp, testRoot, true , TEST_E_PATH, Permissions.MODIFY_PROPERTY);
-
- } finally {
- testSession.close();
+ assertIsGranted(pp, testRoot, true, TEST_D_PATH, Permissions.MODIFY_PROPERTY);
+ assertIsGranted(pp, testRoot, true, TEST_E_PATH, Permissions.MODIFY_PROPERTY);
}
}
/**
* Tests the custom restriction provider that checks on the absence of a property.
- * @throws Exception
*/
@Test
public void testUnProtectByRestriction() throws Exception {
@@ -220,18 +203,14 @@ public class CustomRestrictionProviderTe
addEntry(TEST_ROOT_PATH, false, "", PrivilegeConstants.JCR_REMOVE_NODE);
addEntry(TEST_A_PATH, true, "!" + PROP_NAME_PROTECT_ME, PrivilegeConstants.JCR_REMOVE_NODE);
- ContentSession testSession = createTestSession();
- try {
+ try (ContentSession testSession = createTestSession()) {
Root testRoot = testSession.getLatestRoot();
PermissionProvider pp = getPermissionProvider(testSession);
- assertIsGranted(pp, testRoot, true , TEST_A_PATH, Permissions.REMOVE_NODE);
- assertIsGranted(pp, testRoot, true , TEST_B_PATH, Permissions.REMOVE_NODE);
+ assertIsGranted(pp, testRoot, true, TEST_A_PATH, Permissions.REMOVE_NODE);
+ assertIsGranted(pp, testRoot, true, TEST_B_PATH, Permissions.REMOVE_NODE);
assertIsGranted(pp, testRoot, false, TEST_C_PATH, Permissions.REMOVE_NODE);
- assertIsGranted(pp, testRoot, true , TEST_D_PATH, Permissions.REMOVE_NODE);
- assertIsGranted(pp, testRoot, true , TEST_E_PATH, Permissions.REMOVE_NODE);
-
- } finally {
- testSession.close();
+ assertIsGranted(pp, testRoot, true, TEST_D_PATH, Permissions.REMOVE_NODE);
+ assertIsGranted(pp, testRoot, true, TEST_E_PATH, Permissions.REMOVE_NODE);
}
}
@@ -240,9 +219,9 @@ public class CustomRestrictionProviderTe
*/
public static class PropertyRestrictionProvider extends AbstractRestrictionProvider {
- public static final String RESTRICTION_NAME = "hasProperty";
+ static final String RESTRICTION_NAME = "hasProperty";
- public PropertyRestrictionProvider() {
+ PropertyRestrictionProvider() {
super(supportedRestrictions());
}
@@ -316,7 +295,7 @@ public class CustomRestrictionProviderTe
match = tree.hasProperty(propertyName);
}
- return negate ? !match : match;
+ return negate != match;
}
@Override
Modified: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/restriction/GlobPatternTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/restriction/GlobPatternTest.java?rev=1862115&r1=1862114&r2=1862115&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/restriction/GlobPatternTest.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/restriction/GlobPatternTest.java Wed Jun 26 09:49:58 2019
@@ -27,20 +27,18 @@ import org.junit.Test;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertFalse;
import static org.junit.Assert.assertNotEquals;
-import static org.junit.Assert.assertTrue;
-import static org.junit.Assert.fail;
public class GlobPatternTest {
private static void assertMatch(GlobPattern gp, String testPath, Boolean expectedResult) {
- Boolean match = Boolean.valueOf(gp.matches(testPath));
+ Boolean match = gp.matches(testPath);
assertEquals("Pattern : " + gp + "; TestPath : " + testPath, expectedResult, match);
}
@Test
public void testMatchesWildcardAll() {
- Map<String,Boolean> tests = new HashMap<String,Boolean>();
+ Map<String,Boolean> tests = new HashMap<>();
// restriction "*" matches /foo, all siblings of foo and foo's and the siblings' descendants
GlobPattern gp = GlobPattern.create("/a/b/c", "*");
@@ -62,7 +60,7 @@ public class GlobPatternTest {
// restriction "*cat" matches all siblings and descendants of /foo that have a name ending with cat
gp = GlobPattern.create("/a/b/c", "*e");
- tests = new HashMap<String,Boolean>();
+ tests = new HashMap<>();
// matching
tests.put("/a/b/c/e", true); // descendant with name segment 'e'
tests.put("/a/b/c/d/e", true); // descendant with name segment 'e'
@@ -72,8 +70,8 @@ public class GlobPatternTest {
tests.put("/a/b/chee", true); // sibling whose name ends with 'e'
tests.put("/a/b/cd/e", true); // descendant of sibling named 'e'
tests.put("/a/b/cd/f/e", true); // descendant of sibling named 'e'
- tests.put("/a/b/cd/e", true); // descendant of sibling with name ending with 'e'
- tests.put("/a/b/cd/f/e", true); // descendant of sibling with name ending with 'e'
+ tests.put("/a/b/cd/name", true); // descendant of sibling with name ending with 'e'
+ tests.put("/a/b/cd/f/name", true); // descendant of sibling with name ending with 'e'
// not-matching
tests.put("/", false);
tests.put("/a", false);
@@ -94,7 +92,7 @@ public class GlobPatternTest {
// restriction "*/cat" matches all descendants of /foo and foo's siblings that have a name segment "cat"
gp = GlobPattern.create("/a/b/c", "*/e");
- tests = new HashMap<String,Boolean>();
+ tests = new HashMap<>();
// matching
tests.put("/a/b/c/e", true); // descendant with name segment 'e'
tests.put("/a/b/c/d/e", true); // descendant with name segment 'e'
@@ -120,11 +118,11 @@ public class GlobPatternTest {
// matches target path '/a/b/c/e', all siblings whose name starts with e
// and child nodes of either.
gp = GlobPattern.create("/a/b/c/e", "*");
- tests = new HashMap<String,Boolean>();
+ tests = new HashMap<>();
// matching
tests.put("/a/b/c/e/f/g/h", true);
tests.put("/a/b/c/e/d/e/f", true);
- tests.put("/a/b/c/e/d/e/f", true);
+ tests.put("/a/b/c/e/d/e/g", true);
tests.put("/a/b/c/e", true);
tests.put("/a/b/c/e/", true);
tests.put("/a/b/c/ef", true);
@@ -145,7 +143,7 @@ public class GlobPatternTest {
// all descendants of '/a/b/c/e'
gp = GlobPattern.create("/a/b/c/e", "/*");
- tests = new HashMap<String,Boolean>();
+ tests = new HashMap<>();
// matching
tests.put("/a/b/c/e/f/g/h", true);
tests.put("/a/b/c/e/d/e/f", true);
@@ -169,7 +167,7 @@ public class GlobPatternTest {
// all descendants of '/a/b/ce'
gp = GlobPattern.create("/a/b/c", "e/*");
- tests = new HashMap<String,Boolean>();
+ tests = new HashMap<>();
// not-matching
tests.put("/a/b/ce/f/g/h", true);
tests.put("/a/b/ce/d/e/f", true);
@@ -190,7 +188,7 @@ public class GlobPatternTest {
// all descendants of '/'
gp = GlobPattern.create("/", "*");
- tests = new HashMap<String,Boolean>();
+ tests = new HashMap<>();
// matching
tests.put("/a", true);
tests.put("/b/", true);
@@ -207,7 +205,7 @@ public class GlobPatternTest {
// restriction "*cat/*" matches all siblings and descendants of /foo that have an intermediate segment ending with 'cat'
gp = GlobPattern.create("/a/b/c", "*e/*");
- tests = new HashMap<String,Boolean>();
+ tests = new HashMap<>();
// matching
tests.put("/a/b/ceeeeeee/f/g/h", true);
tests.put("/a/b/cde/d/e/f", true);
@@ -228,7 +226,7 @@ public class GlobPatternTest {
// restriction /*cat/* matches all descendants of /foo that have an intermediate segment ending with 'cat'
gp = GlobPattern.create("/a/b/c", "/*e/*");
- tests = new HashMap<String,Boolean>();
+ tests = new HashMap<>();
// matching
tests.put("/a/b/c/d/e/f", true);
tests.put("/a/b/c/de/f", true);
@@ -238,7 +236,7 @@ public class GlobPatternTest {
tests.put("/a/b/cde/d/e/f", false);// sibling containing intermediate segment
tests.put("/a/b/ce/", false); // ignore trailing / in test path
tests.put("/a/b/c/d/e/", false); // ignore trailing / in test path
- tests.put("/a/b/c/d/e", false); // no intermediate segment
+ tests.put("/a/b/c/d/f", false); // no intermediate segment
tests.put("/a/b/c/d", false); // missing *e/*
tests.put("/a/b/c/d/e", false); // missing /*
tests.put("/a/b/c/d/f/f", false); // missing *e
@@ -250,7 +248,7 @@ public class GlobPatternTest {
// restriction /*cat matches all children of /a/b/c whose path ends with "cat"
gp = GlobPattern.create("/a/b/c", "/*cat");
- tests = new HashMap<String,Boolean>();
+ tests = new HashMap<>();
// matching
tests.put("/a/b/c/cat", true);
tests.put("/a/b/c/acat", true);
@@ -272,7 +270,7 @@ public class GlobPatternTest {
// restriction /*/cat matches all non-direct descendants of /foo named "cat"
gp = GlobPattern.create("/a/b/c", "/*/cat");
- tests = new HashMap<String,Boolean>();
+ tests = new HashMap<>();
// matching
tests.put("/a/b/c/a/cat", true);
tests.put("/a/b/c/d/e/f/cat", true);
@@ -298,7 +296,7 @@ public class GlobPatternTest {
// restriction /cat* matches all descendant paths of /foo that have the
// direct foo-descendant segment starting with "cat"
gp = GlobPattern.create("/a/b/c", "/cat*");
- tests = new HashMap<String,Boolean>();
+ tests = new HashMap<>();
// matching
tests.put("/a/b/c/cat", true);
tests.put("/a/b/c/cats", true);
@@ -327,7 +325,7 @@ public class GlobPatternTest {
@Test
public void testEmptyRestriction() {
GlobPattern gp = GlobPattern.create("/", "");
- Map<String,Boolean> tests = new HashMap<String,Boolean>();
+ Map<String,Boolean> tests = new HashMap<>();
tests.put("/", true);
tests.put("/a/b/c/d", false);
@@ -338,12 +336,12 @@ public class GlobPatternTest {
tests.put("/a/b/cde", false);
for (String toTest : tests.keySet()) {
- assertTrue(gp + " : " + toTest, tests.get(toTest) == gp.matches(toTest));
+ assertEquals(gp + " : " + toTest, tests.get(toTest), gp.matches(toTest));
}
gp = GlobPattern.create("/a/b/c", "");
- tests = new HashMap<String,Boolean>();
+ tests = new HashMap<>();
tests.put("/a/b/c", true);
tests.put("/a/b/c/d", false);
@@ -354,14 +352,14 @@ public class GlobPatternTest {
tests.put("/a/b/cde", false);
for (String toTest : tests.keySet()) {
- assertTrue(gp + " : " + toTest, tests.get(toTest) == gp.matches(toTest));
+ assertEquals(gp + " : " + toTest, tests.get(toTest), gp.matches(toTest));
}
}
@Test
public void testPathRestriction() {
GlobPattern gp = GlobPattern.create("/a/b/c", "d");
- Map<String,Boolean> tests = new HashMap<String,Boolean>();
+ Map<String,Boolean> tests = new HashMap<>();
tests.put("/", false);
tests.put("/a", false);
tests.put("/a/b/c", false);
@@ -373,12 +371,12 @@ public class GlobPatternTest {
tests.put("/a/b/cde", false);
for (String toTest : tests.keySet()) {
- assertTrue(gp + " : " + toTest, tests.get(toTest) == gp.matches(toTest));
+ assertEquals(gp + " : " + toTest, tests.get(toTest), gp.matches(toTest));
}
gp = GlobPattern.create("/a/b/c", "/d");
- tests = new HashMap<String,Boolean>();
+ tests = new HashMap<>();
tests.put("/", false);
tests.put("/a", false);
tests.put("/a/b/c", false);
@@ -390,12 +388,12 @@ public class GlobPatternTest {
tests.put("/a/b/cde", false);
for (String toTest : tests.keySet()) {
- assertTrue(gp + " : " + toTest, tests.get(toTest) == gp.matches(toTest));
+ assertEquals(gp + " : " + toTest, tests.get(toTest), gp.matches(toTest));
}
gp = GlobPattern.create("/a/b/c", "/d/");
- tests = new HashMap<String,Boolean>();
+ tests = new HashMap<>();
tests.put("/", false);
tests.put("/a", false);
tests.put("/a/b/c", false);
@@ -408,25 +406,20 @@ public class GlobPatternTest {
tests.put("/a/b/cde", false);
for (String toTest : tests.keySet()) {
- assertTrue(gp + " : " + toTest, tests.get(toTest) == gp.matches(toTest));
+ assertEquals(gp + " : " + toTest, tests.get(toTest), gp.matches(toTest));
}
}
- @Test
+ @Test(expected = IllegalArgumentException.class)
public void testMaxOccurrences() {
GlobPattern gp = GlobPattern.create("/", "1*/2*/3*/4*/5*/6*/7*/8*/9*/10*/11*/12*/13*/14*/15*/16*/17*/18*/19*/20*/21*");
- try {
- gp.matches("/1/2/3/4/5/6/7/8/9/10/11/12/13/14/15/16/17/18/19/20/21");
- fail();
- } catch (IllegalArgumentException e) {
- // success
- };
- try {
- gp.matches("/11/22/33/44/55/66/77/88/99/100/111/122/133/144/155/166/177/188/199/200/211");
- fail();
- } catch (IllegalArgumentException e) {
- // success
- };
+ gp.matches("/1/2/3/4/5/6/7/8/9/10/11/12/13/14/15/16/17/18/19/20/21");
+ }
+
+ @Test(expected = IllegalArgumentException.class)
+ public void testMaxOccurrences2() {
+ GlobPattern gp = GlobPattern.create("/", "1*/2*/3*/4*/5*/6*/7*/8*/9*/10*/11*/12*/13*/14*/15*/16*/17*/18*/19*/20*/21*");
+ gp.matches("/11/22/33/44/55/66/77/88/99/100/111/122/133/144/155/166/177/188/199/200/211");
}
@Test
Modified: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/restriction/ItemNamePatternTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/restriction/ItemNamePatternTest.java?rev=1862115&r1=1862114&r2=1862115&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/restriction/ItemNamePatternTest.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/restriction/ItemNamePatternTest.java Wed Jun 26 09:49:58 2019
@@ -23,11 +23,15 @@ import com.google.common.collect.Immutab
import com.google.common.collect.ImmutableSet;
import org.apache.jackrabbit.oak.AbstractSecurityTest;
import org.apache.jackrabbit.oak.api.Tree;
+import org.apache.jackrabbit.oak.commons.PathUtils;
import org.apache.jackrabbit.oak.plugins.memory.PropertyStates;
+import org.apache.jackrabbit.oak.plugins.tree.TreeUtil;
import org.apache.jackrabbit.oak.spi.nodetype.NodeTypeConstants;
-import org.apache.jackrabbit.oak.util.NodeUtil;
+import org.jetbrains.annotations.NotNull;
import org.junit.Test;
+import javax.jcr.AccessDeniedException;
+
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertFalse;
import static org.junit.Assert.assertNotEquals;
@@ -38,13 +42,21 @@ public class ItemNamePatternTest extends
private final Set<String> names = ImmutableSet.of("a", "b", "c");
private final ItemNamePattern pattern = new ItemNamePattern(names);
+ private static Tree addTree(@NotNull Tree parent, @NotNull String relPath) throws AccessDeniedException {
+ Tree t = parent;
+ for (String elem : PathUtils.elements(relPath)) {
+ t = TreeUtil.addChild(t, elem, NodeTypeConstants.NT_OAK_UNSTRUCTURED);
+ }
+ return t;
+ }
+
@Test
public void testMatchesItem() throws Exception {
- NodeUtil rootTree = new NodeUtil(root.getTree("/"));
+ Tree rootTree = root.getTree("/");
List<String> matching = ImmutableList.of("a", "b", "c", "d/e/a", "a/b/c/d/b", "test/c");
for (String relPath : matching) {
- Tree testTree = rootTree.getOrAddTree(relPath, NodeTypeConstants.NT_OAK_UNSTRUCTURED).getTree();
+ Tree testTree = addTree(rootTree, relPath);
assertTrue(pattern.matches(testTree, null));
assertTrue(pattern.matches(testTree, PropertyStates.createProperty("a", Boolean.FALSE)));
@@ -55,7 +67,7 @@ public class ItemNamePatternTest extends
List<String> notMatching = ImmutableList.of("d", "b/d", "d/e/f", "c/b/abc");
for (String relPath : notMatching) {
- Tree testTree = rootTree.getOrAddTree(relPath, NodeTypeConstants.NT_OAK_UNSTRUCTURED).getTree();
+ Tree testTree = addTree(rootTree, relPath);
assertFalse(pattern.matches(testTree, null));
assertTrue(pattern.matches(testTree, PropertyStates.createProperty("a", Boolean.FALSE)));
Modified: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/restriction/ItemNameRestrictionTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/restriction/ItemNameRestrictionTest.java?rev=1862115&r1=1862114&r2=1862115&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/restriction/ItemNameRestrictionTest.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/restriction/ItemNameRestrictionTest.java Wed Jun 26 09:49:58 2019
@@ -40,12 +40,12 @@ import org.apache.jackrabbit.oak.api.Roo
import org.apache.jackrabbit.oak.api.Tree;
import org.apache.jackrabbit.oak.commons.PathUtils;
import org.apache.jackrabbit.oak.namepath.NamePathMapper;
+import org.apache.jackrabbit.oak.plugins.tree.TreeUtil;
import org.apache.jackrabbit.oak.spi.nodetype.NodeTypeConstants;
import org.apache.jackrabbit.oak.plugins.value.jcr.ValueFactoryImpl;
import org.apache.jackrabbit.oak.spi.security.authorization.accesscontrol.AccessControlConstants;
import org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeConstants;
import org.apache.jackrabbit.oak.spi.security.user.UserConstants;
-import org.apache.jackrabbit.oak.util.NodeUtil;
import org.junit.Test;
import static org.junit.Assert.assertFalse;
import static org.junit.Assert.assertNotNull;
@@ -66,10 +66,16 @@ public class ItemNameRestrictionTest ext
super.before();
Tree rootTree = root.getTree("/");
- NodeUtil f = new NodeUtil(rootTree).getOrAddTree("a/d/b/e/c/f", NodeTypeConstants.NT_OAK_UNSTRUCTURED);
- NodeUtil c = f.getParent();
- c.setString("prop", "value");
- c.setString("a", "value");
+
+ // "/a/d/b/e/c/f"
+ Tree a = TreeUtil.addChild(rootTree, "a", NodeTypeConstants.NT_OAK_UNSTRUCTURED);
+ Tree d = TreeUtil.addChild(a, "d", NodeTypeConstants.NT_OAK_UNSTRUCTURED);
+ Tree b = TreeUtil.addChild(d, "b", NodeTypeConstants.NT_OAK_UNSTRUCTURED);
+ Tree e = TreeUtil.addChild(b, "e", NodeTypeConstants.NT_OAK_UNSTRUCTURED);
+ Tree c = TreeUtil.addChild(e, "c", NodeTypeConstants.NT_OAK_UNSTRUCTURED);
+ Tree f = TreeUtil.addChild(c, "f", NodeTypeConstants.NT_OAK_UNSTRUCTURED);
+ c.setProperty("prop", "value");
+ c.setProperty("a", "value");
testPrincipal = getTestUser().getPrincipal();
@@ -158,7 +164,7 @@ public class ItemNameRestrictionTest ext
}
}
- @Test
+ @Test(expected = CommitFailedException.class)
public void testModifyProperty() throws Exception {
Root testRoot = testSession.getLatestRoot();
Tree c = testRoot.getTree("/a/d/b/e/c");
@@ -166,12 +172,10 @@ public class ItemNameRestrictionTest ext
try {
c.setProperty("a", "anyvalue");
testRoot.commit();
- fail();
} catch (CommitFailedException e) {
// success
assertTrue(e.isAccessViolation());
- } finally {
- testRoot.refresh();
+ throw e;
}
}
@@ -181,14 +185,14 @@ public class ItemNameRestrictionTest ext
List<String> paths = ImmutableList.of("/a", "/a/d/b", "/a/d/b/e/c");
for (String p : paths) {
- NodeUtil t = new NodeUtil(testRoot.getTree(p));
- t.addChild("c", NodeTypeConstants.NT_OAK_UNSTRUCTURED);
+ Tree t = testRoot.getTree(p);
+ TreeUtil.addChild(t, "c", NodeTypeConstants.NT_OAK_UNSTRUCTURED);
testRoot.commit();
}
}
@Test
- public void testRemoveTree() throws Exception {
+ public void testRemoveTree() {
Root testRoot = testSession.getLatestRoot();
List<String> paths = ImmutableList.of("/a/d/b/e/c", "/a/d/b", "/a");
for (String p : paths) {
@@ -205,7 +209,7 @@ public class ItemNameRestrictionTest ext
}
}
- @Test
+ @Test(expected = CommitFailedException.class)
public void testRemoveTree2() throws Exception {
AccessControlManager acMgr = getAccessControlManager(root);
JackrabbitAccessControlList acl = AccessControlUtils.getAccessControlList(acMgr, "/a");
@@ -225,12 +229,10 @@ public class ItemNameRestrictionTest ext
try {
testRoot.getTree("/a").remove();
testRoot.commit();
- fail();
} catch (CommitFailedException e) {
// success
assertTrue(e.isAccessViolation());
- } finally {
- testRoot.refresh();
+ throw e;
}
}
Modified: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/restriction/NodeTypePatternTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/restriction/NodeTypePatternTest.java?rev=1862115&r1=1862114&r2=1862115&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/restriction/NodeTypePatternTest.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/restriction/NodeTypePatternTest.java Wed Jun 26 09:49:58 2019
@@ -25,8 +25,8 @@ import org.apache.jackrabbit.JcrConstant
import org.apache.jackrabbit.oak.AbstractSecurityTest;
import org.apache.jackrabbit.oak.api.Tree;
import org.apache.jackrabbit.oak.plugins.memory.PropertyStates;
+import org.apache.jackrabbit.oak.plugins.tree.TreeUtil;
import org.apache.jackrabbit.oak.spi.nodetype.NodeTypeConstants;
-import org.apache.jackrabbit.oak.util.NodeUtil;
import org.junit.Test;
import static org.junit.Assert.assertEquals;
@@ -43,9 +43,9 @@ public class NodeTypePatternTest extends
@Test
public void testMatchesItem() throws Exception {
- NodeUtil rootTree = new NodeUtil(root.getTree("/"));
+ Tree rootTree = root.getTree("/");
for (String ntName : ntNames) {
- Tree testTree = rootTree.addChild("name", ntName).getTree();
+ Tree testTree = TreeUtil.addChild(rootTree, "name", ntName);
assertTrue(pattern.matches(testTree, null));
assertTrue(pattern.matches(testTree, PropertyStates.createProperty("a", Boolean.FALSE)));
@@ -57,11 +57,11 @@ public class NodeTypePatternTest extends
@Test
public void testNotMatchesItem() throws Exception {
- NodeUtil rootTree = new NodeUtil(root.getTree("/"));
+ Tree rootTree = root.getTree("/");
List<String> notMatching = ImmutableList.of(NodeTypeConstants.NT_OAK_RESOURCE, NodeTypeConstants.NT_OAK_UNSTRUCTURED, JcrConstants.NT_VERSION);
for (String ntName : notMatching) {
- Tree testTree = rootTree.addChild("name", ntName).getTree();
+ Tree testTree = TreeUtil.addChild(rootTree, "name", ntName);
assertFalse(pattern.matches(testTree, null));
assertFalse(pattern.matches(testTree, PropertyStates.createProperty("a", Boolean.FALSE)));
Modified: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/restriction/PermissionTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/restriction/PermissionTest.java?rev=1862115&r1=1862114&r2=1862115&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/restriction/PermissionTest.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/restriction/PermissionTest.java Wed Jun 26 09:49:58 2019
@@ -29,11 +29,12 @@ import org.apache.jackrabbit.oak.Abstrac
import org.apache.jackrabbit.oak.api.CommitFailedException;
import org.apache.jackrabbit.oak.api.ContentSession;
import org.apache.jackrabbit.oak.api.Root;
+import org.apache.jackrabbit.oak.api.Tree;
+import org.apache.jackrabbit.oak.plugins.tree.TreeUtil;
import org.apache.jackrabbit.oak.spi.security.authorization.AuthorizationConfiguration;
import org.apache.jackrabbit.oak.spi.security.authorization.permission.PermissionProvider;
import org.apache.jackrabbit.oak.spi.security.authorization.permission.Permissions;
import org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeConstants;
-import org.apache.jackrabbit.oak.util.NodeUtil;
import org.apache.jackrabbit.value.StringValue;
import org.junit.After;
import org.junit.Before;
@@ -59,13 +60,13 @@ public class PermissionTest extends Abst
public void before() throws Exception {
super.before();
- NodeUtil rootNode = new NodeUtil(root.getTree("/"));
- NodeUtil testRootNode = rootNode.addChild("testRoot", NT_UNSTRUCTURED);
- NodeUtil a = testRootNode.addChild("a", NT_UNSTRUCTURED);
- NodeUtil b = a.addChild("b", NT_UNSTRUCTURED);
- NodeUtil c = b.addChild("c", NT_UNSTRUCTURED);
- NodeUtil d = c.addChild("d", NT_UNSTRUCTURED);
- d.addChild("e", NT_UNSTRUCTURED);
+ Tree rootNode = root.getTree("/");
+ Tree testRootNode = TreeUtil.addChild(rootNode, "testRoot", NT_UNSTRUCTURED);
+ Tree a = TreeUtil.addChild(testRootNode, "a", NT_UNSTRUCTURED);
+ Tree b = TreeUtil.addChild(a, "b", NT_UNSTRUCTURED);
+ Tree c = TreeUtil.addChild(b, "c", NT_UNSTRUCTURED);
+ Tree d = TreeUtil.addChild(c, "d", NT_UNSTRUCTURED);
+ TreeUtil.addChild(d, "e", NT_UNSTRUCTURED);
root.commit();
testPrincipal = getTestUser().getPrincipal();
@@ -90,7 +91,7 @@ public class PermissionTest extends Abst
AccessControlManager acMgr = getAccessControlManager(root);
JackrabbitAccessControlList acl = AccessControlUtils.getAccessControlList(acMgr, path);
if (restriction.length() > 0) {
- Map<String, Value> rs = new HashMap<String, Value>();
+ Map<String, Value> rs = new HashMap<>();
rs.put("rep:glob", new StringValue(restriction));
acl.addEntry(testPrincipal, AccessControlUtils.privilegesFromNames(acMgr, privilegeNames), grant, rs);
} else {
@@ -111,8 +112,7 @@ public class PermissionTest extends Abst
.getPermissionProvider(root, session.getWorkspaceName(), session.getAuthInfo().getPrincipals());
}
-
- @Test
+ @Test(expected = CommitFailedException.class)
public void testHasPermission() throws Exception {
// create permissions
// allow rep:write /testroot
@@ -123,8 +123,7 @@ public class PermissionTest extends Abst
addEntry(TEST_B_PATH, true, "", PrivilegeConstants.JCR_REMOVE_NODE);
addEntry(TEST_C_PATH, false, "", PrivilegeConstants.JCR_REMOVE_NODE);
- ContentSession testSession = createTestSession();
- try {
+ try (ContentSession testSession = createTestSession()) {
Root testRoot = testSession.getLatestRoot();
PermissionProvider pp = getPermissionProvider(testSession);
@@ -132,15 +131,8 @@ public class PermissionTest extends Abst
assertIsGranted(pp, testRoot, true, TEST_B_PATH, Permissions.REMOVE_NODE);
assertIsGranted(pp, testRoot, false, TEST_C_PATH, Permissions.REMOVE_NODE);
- try {
- testRoot.getTree(TEST_C_PATH).remove();
- testRoot.commit();
- fail("removing node on /a/b/c should fail");
- } catch (CommitFailedException e) {
- // all ok
- }
- } finally {
- testSession.close();
+ testRoot.getTree(TEST_C_PATH).remove();
+ testRoot.commit();
}
}
@@ -152,7 +144,7 @@ public class PermissionTest extends Abst
* The test currently fails on evaluation of /a/b/c/d. Probably because the evaluation
* of /a/b/c yields a deny, which terminates the iteration.
*/
- @Test
+ @Test(expected = CommitFailedException.class)
public void testHasPermissionWithRestrictions() throws Exception {
// create permissions
// allow rep:write /testroot
@@ -163,8 +155,7 @@ public class PermissionTest extends Abst
addEntry(TEST_A_PATH, false, "*/c", PrivilegeConstants.JCR_REMOVE_NODE);
addEntry(TEST_A_PATH, true, "*/b", PrivilegeConstants.JCR_REMOVE_NODE);
- ContentSession testSession = createTestSession();
- try {
+ try (ContentSession testSession = createTestSession()) {
Root testRoot = testSession.getLatestRoot();
PermissionProvider pp = getPermissionProvider(testSession);
@@ -178,17 +169,9 @@ public class PermissionTest extends Abst
testRoot.getTree(TEST_D_PATH).remove();
testRoot.commit();
- // should be able to remove /a/b/c
- try {
- testRoot.getTree(TEST_C_PATH).remove();
- testRoot.commit();
- fail("user should not be able to remove c");
- } catch (CommitFailedException e) {
- // ok
- }
-
- } finally {
- testSession.close();
+ // should not be able to remove /a/b/c
+ testRoot.getTree(TEST_C_PATH).remove();
+ testRoot.commit();
}
}
@@ -197,7 +180,7 @@ public class PermissionTest extends Abst
* the restriction enable/disable the ACE where it is defined.
* since the 'deny' on /a/b is after the 'allow' on a/b/c, the deny wins.
*/
- @Test
+ @Test(expected = CommitFailedException.class)
public void testHasPermissionWithRestrictions2() throws Exception {
// create permissions
// allow rep:write /testroot
@@ -208,8 +191,7 @@ public class PermissionTest extends Abst
addEntry(TEST_A_PATH, true, "*/b", PrivilegeConstants.JCR_REMOVE_NODE);
addEntry(TEST_A_PATH, false, "*/c", PrivilegeConstants.JCR_REMOVE_NODE);
- ContentSession testSession = createTestSession();
- try {
+ try (ContentSession testSession = createTestSession()) {
Root testRoot = testSession.getLatestRoot();
PermissionProvider pp = getPermissionProvider(testSession);
@@ -222,24 +204,15 @@ public class PermissionTest extends Abst
testRoot.getTree(TEST_D_PATH).remove();
testRoot.commit();
- try {
- // should not be able to remove /a/b/c
- testRoot.getTree(TEST_C_PATH).remove();
- testRoot.commit();
- fail("should not be able to delete " + TEST_C_PATH);
- } catch (CommitFailedException e) {
- // ok
- testRoot.refresh();
- }
-
- } finally {
- testSession.close();
+ // should not be able to remove /a/b/c
+ testRoot.getTree(TEST_C_PATH).remove();
+ testRoot.commit();
+ fail("should not be able to delete " + TEST_C_PATH);
}
}
/**
* Tests the custom restriction provider that checks on the existence of a property.
- * @throws Exception
*/
@Test
public void testProtectPropertiesByRestriction() throws Exception {
@@ -250,21 +223,15 @@ public class PermissionTest extends Abst
addEntry(TEST_ROOT_PATH, true, "", PrivilegeConstants.JCR_READ, PrivilegeConstants.REP_WRITE);
addEntry(TEST_A_PATH, false, "*/c", PrivilegeConstants.JCR_MODIFY_PROPERTIES);
- ContentSession testSession = createTestSession();
- try {
+ try (ContentSession testSession = createTestSession()) {
Root testRoot = testSession.getLatestRoot();
PermissionProvider pp = getPermissionProvider(testSession);
- assertIsGranted(pp, testRoot, true , TEST_A_PATH, Permissions.MODIFY_PROPERTY);
+ assertIsGranted(pp, testRoot, true, TEST_A_PATH, Permissions.MODIFY_PROPERTY);
assertIsGranted(pp, testRoot, true, TEST_B_PATH, Permissions.MODIFY_PROPERTY);
assertIsGranted(pp, testRoot, false, TEST_C_PATH, Permissions.MODIFY_PROPERTY);
assertIsGranted(pp, testRoot, true, TEST_D_PATH, Permissions.MODIFY_PROPERTY);
assertIsGranted(pp, testRoot, true, TEST_E_PATH, Permissions.MODIFY_PROPERTY);
-
- } finally {
- testSession.close();
}
}
-
-
}
\ No newline at end of file
Modified: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/restriction/PrefixPatternTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/restriction/PrefixPatternTest.java?rev=1862115&r1=1862114&r2=1862115&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/restriction/PrefixPatternTest.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/restriction/PrefixPatternTest.java Wed Jun 26 09:49:58 2019
@@ -25,8 +25,8 @@ import com.google.common.collect.Immutab
import org.apache.jackrabbit.oak.AbstractSecurityTest;
import org.apache.jackrabbit.oak.api.Tree;
import org.apache.jackrabbit.oak.plugins.memory.PropertyStates;
+import org.apache.jackrabbit.oak.plugins.tree.TreeUtil;
import org.apache.jackrabbit.oak.spi.nodetype.NodeTypeConstants;
-import org.apache.jackrabbit.oak.util.NodeUtil;
import org.junit.Test;
import static org.junit.Assert.assertEquals;
@@ -43,9 +43,9 @@ public class PrefixPatternTest extends A
@Test
public void testMatchesItem() throws Exception {
- NodeUtil rootTree = new NodeUtil(root.getTree("/"));
+ Tree rootTree = root.getTree("/");
for (String prefix : prefixes) {
- Tree testTree = rootTree.addChild(prefix + ":name", NodeTypeConstants.NT_OAK_UNSTRUCTURED).getTree();
+ Tree testTree = TreeUtil.addChild(rootTree, prefix + ":name", NodeTypeConstants.NT_OAK_UNSTRUCTURED);
assertTrue(pattern.matches(testTree, null));
assertTrue(pattern.matches(testTree, PropertyStates.createProperty(prefix + ":f", "anyval")));
@@ -58,7 +58,7 @@ public class PrefixPatternTest extends A
List<String> notMatching = ImmutableList.of(NamespaceRegistry.PREFIX_EMPTY, NamespaceRegistry.PREFIX_MIX, "any");
for (String prefix : notMatching) {
String name = (prefix.isEmpty()) ? "name" : prefix + ":name";
- Tree testTree = rootTree.addChild(name, NodeTypeConstants.NT_OAK_UNSTRUCTURED).getTree();
+ Tree testTree = TreeUtil.addChild(rootTree, name, NodeTypeConstants.NT_OAK_UNSTRUCTURED);
assertFalse(pattern.matches(testTree, null));
assertFalse(pattern.matches(testTree, PropertyStates.createProperty("f", "anyval")));
Modified: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/restriction/RestrictionProviderImplTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/restriction/RestrictionProviderImplTest.java?rev=1862115&r1=1862114&r2=1862115&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/restriction/RestrictionProviderImplTest.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/restriction/RestrictionProviderImplTest.java Wed Jun 26 09:49:58 2019
@@ -24,6 +24,7 @@ import javax.jcr.security.AccessControlE
import javax.jcr.security.AccessControlManager;
import com.google.common.collect.ImmutableList;
+import com.google.common.collect.ImmutableSet;
import org.apache.jackrabbit.JcrConstants;
import org.apache.jackrabbit.api.security.JackrabbitAccessControlList;
import org.apache.jackrabbit.commons.jackrabbit.authorization.AccessControlUtils;
@@ -32,12 +33,13 @@ import org.apache.jackrabbit.oak.api.Pro
import org.apache.jackrabbit.oak.api.Tree;
import org.apache.jackrabbit.oak.api.Type;
import org.apache.jackrabbit.oak.plugins.memory.PropertyStates;
+import org.apache.jackrabbit.oak.plugins.tree.TreeUtil;
import org.apache.jackrabbit.oak.spi.security.authorization.accesscontrol.AccessControlConstants;
import org.apache.jackrabbit.oak.spi.security.authorization.restriction.CompositePattern;
+import org.apache.jackrabbit.oak.spi.security.authorization.restriction.Restriction;
import org.apache.jackrabbit.oak.spi.security.authorization.restriction.RestrictionDefinition;
import org.apache.jackrabbit.oak.spi.security.authorization.restriction.RestrictionPattern;
import org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeConstants;
-import org.apache.jackrabbit.oak.util.NodeUtil;
import org.junit.Before;
import org.junit.Test;
@@ -45,8 +47,10 @@ import static com.google.common.collect.
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertFalse;
import static org.junit.Assert.assertNotNull;
+import static org.junit.Assert.assertSame;
import static org.junit.Assert.assertTrue;
import static org.junit.Assert.fail;
+import static org.mockito.Mockito.mock;
/**
* Tests for {@link RestrictionProviderImpl}
@@ -96,8 +100,8 @@ public class RestrictionProviderImplTest
List<String> ntNames = ImmutableList.of(JcrConstants.NT_FOLDER, JcrConstants.NT_LINKEDFILE);
map.put(PropertyStates.createProperty(REP_NT_NAMES, ntNames, Type.NAMES), new NodeTypePattern(ntNames));
- NodeUtil tree = new NodeUtil(root.getTree("/")).getOrAddTree("testPath", JcrConstants.NT_UNSTRUCTURED);
- Tree restrictions = tree.addChild(REP_RESTRICTIONS, NT_REP_RESTRICTIONS).getTree();
+ Tree tree = TreeUtil.getOrAddChild(root.getTree("/"), "testPath", JcrConstants.NT_UNSTRUCTURED);
+ Tree restrictions = TreeUtil.addChild(tree, REP_RESTRICTIONS, NT_REP_RESTRICTIONS);
// test restrictions individually
for (Map.Entry<PropertyState, RestrictionPattern> entry : map.entrySet()) {
@@ -128,8 +132,8 @@ public class RestrictionProviderImplTest
List<String> itemNames = ImmutableList.of("abc", "jcr:primaryType");
map.put(PropertyStates.createProperty(REP_ITEM_NAMES, prefixes, Type.NAMES), new ItemNamePattern(itemNames));
- NodeUtil tree = new NodeUtil(root.getTree("/")).getOrAddTree("testPath", JcrConstants.NT_UNSTRUCTURED);
- Tree restrictions = tree.addChild(REP_RESTRICTIONS, NT_REP_RESTRICTIONS).getTree();
+ Tree tree = TreeUtil.getOrAddChild(root.getTree("/"), "testPath", JcrConstants.NT_UNSTRUCTURED);
+ Tree restrictions = TreeUtil.addChild(tree, REP_RESTRICTIONS, NT_REP_RESTRICTIONS);
for (Map.Entry<PropertyState, RestrictionPattern> entry : map.entrySet()) {
restrictions.setProperty(entry.getKey());
}
@@ -152,14 +156,14 @@ public class RestrictionProviderImplTest
List<String> itemNames = ImmutableList.of("abc", "jcr:primaryType");
map.put(PropertyStates.createProperty(REP_ITEM_NAMES, itemNames, Type.NAMES), new ItemNamePattern(itemNames));
- NodeUtil tree = new NodeUtil(root.getTree("/")).getOrAddTree("testPath", JcrConstants.NT_UNSTRUCTURED);
- Tree restrictions = tree.addChild(REP_RESTRICTIONS, NT_REP_RESTRICTIONS).getTree();
+ Tree tree = TreeUtil.getOrAddChild(root.getTree("/"), "testPath", JcrConstants.NT_UNSTRUCTURED);
+ Tree restrictions = TreeUtil.addChild(tree, REP_RESTRICTIONS, NT_REP_RESTRICTIONS);
// test restrictions individually
for (Map.Entry<PropertyState, RestrictionPattern> entry : map.entrySet()) {
restrictions.setProperty(entry.getKey());
- RestrictionPattern pattern = provider.getPattern("/testPath", provider.readRestrictions("/testPath", tree.getTree()));
+ RestrictionPattern pattern = provider.getPattern("/testPath", provider.readRestrictions("/testPath", tree));
assertEquals(entry.getValue(), pattern);
restrictions.removeProperty(entry.getKey().getName());
}
@@ -168,13 +172,28 @@ public class RestrictionProviderImplTest
for (Map.Entry<PropertyState, RestrictionPattern> entry : map.entrySet()) {
restrictions.setProperty(entry.getKey());
}
- RestrictionPattern pattern = provider.getPattern("/testPath", provider.readRestrictions("/testPath", tree.getTree()));
+ RestrictionPattern pattern = provider.getPattern("/testPath", provider.readRestrictions("/testPath", tree));
assertTrue(pattern instanceof CompositePattern);
}
@Test
+ public void testGetPatternFromTreeNullPath() {
+ assertSame(RestrictionPattern.EMPTY, provider.getPattern(null, mock(Tree.class)));
+ }
+
+ @Test
+ public void testGetPatternFromRestrictionsNullPath() {
+ assertSame(RestrictionPattern.EMPTY, provider.getPattern(null, ImmutableSet.of(mock(Restriction.class))));
+ }
+
+ @Test
+ public void testGetPatternFromEmptyRestrictions() {
+ assertSame(RestrictionPattern.EMPTY, provider.getPattern("/testPath", ImmutableSet.of()));
+ }
+
+ @Test(expected = AccessControlException.class)
public void testValidateGlobRestriction() throws Exception {
- Tree t = new NodeUtil(root.getTree("/")).addChild("testTree", "nt:unstructured").getTree();
+ Tree t = TreeUtil.getOrAddChild(root.getTree("/"), "testTree", JcrConstants.NT_UNSTRUCTURED);
String path = t.getPath();
AccessControlManager acMgr = getAccessControlManager(root);
@@ -191,9 +210,6 @@ public class RestrictionProviderImplTest
try {
provider.validateRestrictions(path, t.getChild(REP_POLICY).getChild("allow"));
- fail("AccessControlException expected.");
- } catch (AccessControlException e) {
- // success
} finally {
acMgr.removePolicy(path, acl);
}
Modified: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/restriction/TestProvider.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/restriction/TestProvider.java?rev=1862115&r1=1862114&r2=1862115&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/restriction/TestProvider.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/restriction/TestProvider.java Wed Jun 26 09:49:58 2019
@@ -51,7 +51,7 @@ final class TestProvider extends Abstrac
@Override
public Set<Restriction> readRestrictions(String oakPath, @NotNull Tree aceTree) {
if (nonValidatingRead) {
- Set<Restriction> restrictions = new HashSet();
+ Set<Restriction> restrictions = new HashSet<>();
for (PropertyState propertyState : getRestrictionsTree(aceTree).getProperties()) {
String name = propertyState.getName();
if (!JcrConstants.JCR_PRIMARYTYPE.equals(name)) {
Modified: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/restriction/WhiteboardRestrictionProviderTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/restriction/WhiteboardRestrictionProviderTest.java?rev=1862115&r1=1862114&r2=1862115&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/restriction/WhiteboardRestrictionProviderTest.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/restriction/WhiteboardRestrictionProviderTest.java Wed Jun 26 09:49:58 2019
@@ -17,8 +17,10 @@
package org.apache.jackrabbit.oak.security.authorization.restriction;
import com.google.common.collect.ImmutableMap;
+import com.google.common.collect.ImmutableSet;
import org.apache.jackrabbit.oak.api.Tree;
import org.apache.jackrabbit.oak.commons.PathUtils;
+import org.apache.jackrabbit.oak.spi.security.authorization.restriction.Restriction;
import org.apache.jackrabbit.oak.spi.security.authorization.restriction.RestrictionPattern;
import org.apache.jackrabbit.oak.spi.security.authorization.restriction.RestrictionProvider;
import org.apache.jackrabbit.oak.spi.whiteboard.DefaultWhiteboard;
@@ -28,7 +30,12 @@ import org.junit.Before;
import org.junit.Test;
import org.mockito.Mockito;
+import javax.jcr.Value;
+
import static org.junit.Assert.assertSame;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.times;
+import static org.mockito.Mockito.verify;
import static org.mockito.Mockito.when;
public class WhiteboardRestrictionProviderTest {
@@ -37,7 +44,7 @@ public class WhiteboardRestrictionProvid
private final WhiteboardRestrictionProvider restrictionProvider = new WhiteboardRestrictionProvider();
- private final Tree tree = Mockito.mock(Tree.class);
+ private final Tree tree = mock(Tree.class);
private final class RestrictionException extends RuntimeException {}
@@ -45,8 +52,11 @@ public class WhiteboardRestrictionProvid
@Before
public void before() {
- registered = Mockito.mock(RestrictionProvider.class);
+ registered = mock(RestrictionProvider.class);
when(registered.getPattern(PathUtils.ROOT_PATH, tree)).thenThrow(new RestrictionException());
+
+ restrictionProvider.start(whiteboard);
+ whiteboard.register(RestrictionProvider.class, registered, ImmutableMap.of());
}
@After
@@ -55,21 +65,62 @@ public class WhiteboardRestrictionProvid
}
@Test
+ public void testCreateRestriction() throws Exception {
+ Value value = mock(Value.class);
+ restrictionProvider.createRestriction("/testPath", "name", value);
+ restrictionProvider.createRestriction("/testPath", "name", new Value[] {value});
+
+ verify(registered, times(1)).createRestriction("/testPath", "name", value);
+ verify(registered, times(1)).createRestriction("/testPath", "name", new Value[] {value});
+ }
+
+ @Test
+ public void testReadRestrictions() {
+ Tree tree = mock(Tree.class);
+ restrictionProvider.readRestrictions("/testPath", tree);
+
+ verify(registered, times(1)).readRestrictions("/testPath", tree);
+ }
+
+ @Test
+ public void testWriteRestrictions() throws Exception {
+ Tree tree = mock(Tree.class);
+ restrictionProvider.writeRestrictions("/testPath", tree, ImmutableSet.of());
+
+ verify(registered, times(1)).writeRestrictions("/testPath", tree, ImmutableSet.of());
+ }
+
+ @Test
+ public void testValidateRestrictions() throws Exception {
+ Tree tree = mock(Tree.class);
+ restrictionProvider.validateRestrictions("/testPath", tree);
+
+ verify(registered, times(1)).validateRestrictions("/testPath", tree);
+ }
+
+ @Test
public void testDefaultGetPattern() {
- assertSame(RestrictionPattern.EMPTY, restrictionProvider.getPattern(PathUtils.ROOT_PATH, tree));
+ assertSame(RestrictionPattern.EMPTY, new WhiteboardRestrictionProvider().getPattern(PathUtils.ROOT_PATH, tree));
}
@Test
public void testStartedGetPattern() {
- restrictionProvider.start(whiteboard);
- assertSame(RestrictionPattern.EMPTY, restrictionProvider.getPattern(PathUtils.ROOT_PATH, tree));
+ Whiteboard wb = new DefaultWhiteboard();
+ WhiteboardRestrictionProvider wrp = new WhiteboardRestrictionProvider();
+ wrp.start(wb);
+ assertSame(RestrictionPattern.EMPTY, wrp.getPattern(PathUtils.ROOT_PATH, tree));
}
@Test(expected = RestrictionException.class)
public void testRegisteredGetPattern() {
- restrictionProvider.start(whiteboard);
- whiteboard.register(RestrictionProvider.class, registered, ImmutableMap.of());
-
registered.getPattern(PathUtils.ROOT_PATH, tree);
}
+
+ @Test
+ public void testGetPatternFromRestrictions() {
+ Restriction r = mock(Restriction.class);
+ restrictionProvider.getPattern("/testPath", ImmutableSet.of(r));
+
+ verify(registered, times(1)).getPattern("/testPath", ImmutableSet.of(r));
+ }
}
\ No newline at end of file