You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@sling.apache.org by en...@apache.org on 2021/06/10 19:52:53 UTC
[sling-org-apache-sling-launchpad-integration-tests] branch master
updated: SLING-10443 Remove duplicate tests from
org-apache-sling-launchpad-integration-tests
This is an automated email from the ASF dual-hosted git repository.
enorman pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/sling-org-apache-sling-launchpad-integration-tests.git
The following commit(s) were added to refs/heads/master by this push:
new 0e52079 SLING-10443 Remove duplicate tests from org-apache-sling-launchpad-integration-tests
new 2cb4e70 Merge branch 'master' of https://gitbox.apache.org/repos/asf/sling-org-apache-sling-launchpad-integration-tests
0e52079 is described below
commit 0e5207956301b253f70ab5a8cb6a7cfd7eb2ecd9
Author: Eric Norman <en...@apache.org>
AuthorDate: Thu Jun 10 12:51:34 2021 -0700
SLING-10443 Remove duplicate tests from org-apache-sling-launchpad-integration-tests
---
.../accessManager/AccessManagerTestUtil.java | 89 --
.../accessManager/AccessPrivilegesInfoTest.java | 520 --------
.../integrationtest/accessManager/GetAclTest.java | 506 -------
.../accessManager/ModifyAceTest.java | 1410 --------------------
.../accessManager/RemoveAcesTest.java | 302 -----
.../accessmanager/privileges-info.json.esp | 111 --
6 files changed, 2938 deletions(-)
diff --git a/src/main/java/org/apache/sling/launchpad/webapp/integrationtest/accessManager/AccessManagerTestUtil.java b/src/main/java/org/apache/sling/launchpad/webapp/integrationtest/accessManager/AccessManagerTestUtil.java
deleted file mode 100644
index 240cccf..0000000
--- a/src/main/java/org/apache/sling/launchpad/webapp/integrationtest/accessManager/AccessManagerTestUtil.java
+++ /dev/null
@@ -1,89 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.sling.launchpad.webapp.integrationtest.accessManager;
-
-import java.io.IOException;
-import java.util.Collection;
-import java.util.HashMap;
-import java.util.Map;
-import java.util.Random;
-
-import javax.servlet.http.HttpServletResponse;
-
-import org.apache.sling.launchpad.webapp.integrationtest.AuthenticatedTestUtil;
-import org.apache.sling.servlets.post.SlingPostConstants;
-
-/**
- * Base class for AccessManager tests - it's called "Util" now
- * as we're moving tests to JUnit4-style which won't extend
- * this anymore - but right now some still do.
- */
-public class AccessManagerTestUtil extends AuthenticatedTestUtil {
-
- public static final String TEST_BASE_PATH = "/sling-tests";
-
- private static Random random = new Random(System.currentTimeMillis());
-
- public String createTestFolder() throws IOException {
- String postUrl = HTTP_BASE_URL + TEST_BASE_PATH + "/" + "testFolder" + random.nextInt();
-
- final String location = testClient.createNode(postUrl + SlingPostConstants.DEFAULT_CREATE_SUFFIX, null);
- assertHttpStatus(location + DEFAULT_EXT, HttpServletResponse.SC_OK,
- "POST must redirect to created resource (" + location + ")");
- assertTrue("Node (" + location + ") must have generated name",
- !location.endsWith("/*"));
- assertTrue("Node (" + location + ") must created be under POST URL (" + postUrl + ")",
- location.contains(postUrl + "/"));
-
- return location;
- }
-
- public String createTestFolder(String jsonContent) throws IOException {
- final String testPath = TEST_BASE_PATH;
- Map<String, String> props = new HashMap<String, String>();
- String testNode = testClient.createNode(HTTP_BASE_URL + testPath, props);
- urlsToDelete.add(testNode);
-
- props.clear();
- props.put(SlingPostConstants.RP_OPERATION,
- SlingPostConstants.OPERATION_IMPORT);
-
- String testNodeName = "testNode_" + String.valueOf(random.nextInt());
- props.put(SlingPostConstants.RP_NODE_NAME_HINT, testNodeName);
- props.put(SlingPostConstants.RP_CONTENT, jsonContent);
- props.put(SlingPostConstants.RP_CONTENT_TYPE, "json");
- props.put(SlingPostConstants.RP_REDIRECT_TO, SERVLET_CONTEXT + testPath + "/*");
- String location = testClient.createNode(HTTP_BASE_URL + testPath, props);
-
- assertHttpStatus(location + DEFAULT_EXT, HttpServletResponse.SC_OK,
- "POST must redirect to created resource (" + location + ")");
- assertTrue("Node (" + location + ") must have generated name",
- !location.endsWith("/*"));
- assertTrue("Node (" + location + ") must created be under POST URL (" + testPath + ")",
- location.contains(testPath + "/"));
-
- return location;
- }
-
- public void assertPrivilege(Collection<String> privileges, boolean expected, String privilegeName) {
- if(expected != privileges.contains(privilegeName)) {
- fail("Expected privilege " + privilegeName + " to be "
- + (expected ? "included" : "NOT INCLUDED")
- + " in supplied list: " + privileges + ")");
- }
- }
-}
\ No newline at end of file
diff --git a/src/main/java/org/apache/sling/launchpad/webapp/integrationtest/accessManager/AccessPrivilegesInfoTest.java b/src/main/java/org/apache/sling/launchpad/webapp/integrationtest/accessManager/AccessPrivilegesInfoTest.java
deleted file mode 100644
index 36a646d..0000000
--- a/src/main/java/org/apache/sling/launchpad/webapp/integrationtest/accessManager/AccessPrivilegesInfoTest.java
+++ /dev/null
@@ -1,520 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.sling.launchpad.webapp.integrationtest.accessManager;
-
-import static org.junit.Assert.assertEquals;
-import static org.junit.Assert.assertNotNull;
-import static org.junit.Assert.assertNull;
-
-import java.io.IOException;
-import java.util.ArrayList;
-import java.util.HashSet;
-import java.util.List;
-import java.util.Random;
-import java.util.Set;
-
-import javax.json.JsonArray;
-import javax.json.JsonException;
-import javax.json.JsonObject;
-import javax.servlet.http.HttpServletResponse;
-
-import org.apache.commons.httpclient.Credentials;
-import org.apache.commons.httpclient.NameValuePair;
-import org.apache.commons.httpclient.UsernamePasswordCredentials;
-import org.apache.sling.commons.testing.integration.HttpTest;
-import org.apache.sling.launchpad.webapp.integrationtest.util.JsonUtil;
-import org.apache.sling.servlets.post.SlingPostConstants;
-import org.junit.After;
-import org.junit.Before;
-import org.junit.Test;
-
-public class AccessPrivilegesInfoTest {
- private static Random random = new Random(System.currentTimeMillis());
-
- String testUserId = null;
- String testUserId2 = null;
- String testGroupId = null;
- String testFolderUrl = null;
- Set<String> toDelete = new HashSet<String>();
-
- private final AccessManagerTestUtil H = new AccessManagerTestUtil();
-
- @Before
- public void setup() throws Exception {
- H.setUp();
-
- // Script for server-side PrivilegeInfo calculations
- String scriptPath = "/apps/nt/unstructured";
- H.getTestClient().mkdirs(HttpTest.WEBDAV_BASE_URL, scriptPath);
- toDelete.add(H.uploadTestScript(scriptPath,
- "accessmanager/privileges-info.json.esp",
- "privileges-info.json.esp"));
- }
-
- @After
- public void cleanup() throws Exception {
- H.tearDown();
-
- Credentials creds = new UsernamePasswordCredentials("admin", "admin");
-
- if (testFolderUrl != null) {
- //remove the test user if it exists.
- String postUrl = testFolderUrl;
- List<NameValuePair> postParams = new ArrayList<NameValuePair>();
- postParams.add(new NameValuePair(":operation", "delete"));
- H.assertAuthenticatedPostStatus(creds, postUrl, HttpServletResponse.SC_OK, postParams, null);
- }
- if (testGroupId != null) {
- //remove the test user if it exists.
- String postUrl = HttpTest.HTTP_BASE_URL + "/system/userManager/group/" + testGroupId + ".delete.html";
- List<NameValuePair> postParams = new ArrayList<NameValuePair>();
- H.assertAuthenticatedPostStatus(creds, postUrl, HttpServletResponse.SC_OK, postParams, null);
- }
- if (testUserId != null) {
- //remove the test user if it exists.
- String postUrl = HttpTest.HTTP_BASE_URL + "/system/userManager/user/" + testUserId + ".delete.html";
- List<NameValuePair> postParams = new ArrayList<NameValuePair>();
- H.assertAuthenticatedPostStatus(creds, postUrl, HttpServletResponse.SC_OK, postParams, null);
- }
- if (testUserId2 != null) {
- //remove the test user if it exists.
- String postUrl = HttpTest.HTTP_BASE_URL + "/system/userManager/user/" + testUserId2 + ".delete.html";
- List<NameValuePair> postParams = new ArrayList<NameValuePair>();
- H.assertAuthenticatedPostStatus(creds, postUrl, HttpServletResponse.SC_OK, postParams, null);
- }
-
- for(String script : toDelete) {
- H.getTestClient().delete(script);
- }
- }
-
- /*
- * testuser granted read / denied write
- */
- @Test
- public void testDeniedWriteForUser() throws IOException, JsonException {
- testUserId = H.createTestUser();
- testFolderUrl = H.createTestFolder();
-
- //assign some privileges
- String postUrl = testFolderUrl + ".modifyAce.html";
-
- List<NameValuePair> postParams = new ArrayList<NameValuePair>();
- postParams.add(new NameValuePair("principalId", testUserId));
- postParams.add(new NameValuePair("privilege@jcr:read", "granted"));
- postParams.add(new NameValuePair("privilege@jcr:readAccessControl", "granted"));
- postParams.add(new NameValuePair("privilege@jcr:write", "denied"));
-
- Credentials adminCreds = new UsernamePasswordCredentials("admin", "admin");
- H.assertAuthenticatedPostStatus(adminCreds, postUrl, HttpServletResponse.SC_OK, postParams, null);
-
- String getUrl = testFolderUrl + ".privileges-info.json";
-
- //fetch the JSON for the test page to verify the settings.
- Credentials testUserCreds = new UsernamePasswordCredentials(testUserId, "testPwd");
-
- String json = H.getAuthenticatedContent(testUserCreds, getUrl, HttpTest.CONTENT_TYPE_JSON, null, HttpServletResponse.SC_OK);
- assertNotNull(json);
- JsonObject jsonObj = JsonUtil.parseObject(json);
-
- assertEquals(false, jsonObj.getBoolean("canAddChildren"));
- assertEquals(false, jsonObj.getBoolean("canDeleteChildren"));
- assertEquals(false, jsonObj.getBoolean("canDelete"));
- assertEquals(false, jsonObj.getBoolean("canModifyProperties"));
- assertEquals(true, jsonObj.getBoolean("canReadAccessControl"));
- assertEquals(false, jsonObj.getBoolean("canModifyAccessControl"));
- }
-
- /*
- * testuser granted read / granted write
- */
- @Test
- public void testGrantedWriteForUser() throws IOException, JsonException {
- testUserId = H.createTestUser();
- testFolderUrl = H.createTestFolder();
-
- //assign some privileges
- String postUrl = testFolderUrl + ".modifyAce.html";
-
- List<NameValuePair> postParams = new ArrayList<NameValuePair>();
- postParams.add(new NameValuePair("principalId", testUserId));
- postParams.add(new NameValuePair("privilege@jcr:read", "granted"));
- postParams.add(new NameValuePair("privilege@jcr:write", "granted"));
- postParams.add(new NameValuePair("privilege@jcr:readAccessControl", "granted"));
- postParams.add(new NameValuePair("privilege@jcr:modifyAccessControl", "granted"));
-
- Credentials adminCreds = new UsernamePasswordCredentials("admin", "admin");
- H.assertAuthenticatedPostStatus(adminCreds, postUrl, HttpServletResponse.SC_OK, postParams, null);
-
- String getUrl = testFolderUrl + ".privileges-info.json";
-
- //fetch the JSON for the test page to verify the settings.
- Credentials testUserCreds = new UsernamePasswordCredentials(testUserId, "testPwd");
-
- String json = H.getAuthenticatedContent(testUserCreds, getUrl, HttpTest.CONTENT_TYPE_JSON, null, HttpServletResponse.SC_OK);
- assertNotNull(json);
- JsonObject jsonObj = JsonUtil.parseObject(json);
-
- assertEquals(true, jsonObj.getBoolean("canAddChildren"));
- assertEquals(true, jsonObj.getBoolean("canDeleteChildren"));
- //the parent node must also have jcr:removeChildren granted for 'canDelete' to be true
- assertEquals(false, jsonObj.getBoolean("canDelete"));
- assertEquals(true, jsonObj.getBoolean("canModifyProperties"));
- assertEquals(true, jsonObj.getBoolean("canReadAccessControl"));
- assertEquals(true, jsonObj.getBoolean("canModifyAccessControl"));
-
- //add a child node to verify the 'canDelete' use case
- String childFolderUrl = H.getTestClient().createNode(testFolderUrl + "/testFolder" + random.nextInt() + SlingPostConstants.DEFAULT_CREATE_SUFFIX, null);
- String childPostUrl = childFolderUrl + ".modifyAce.html";
-
- postParams = new ArrayList<NameValuePair>();
- postParams.add(new NameValuePair("principalId", testUserId));
- postParams.add(new NameValuePair("privilege@jcr:read", "granted"));
- postParams.add(new NameValuePair("privilege@jcr:removeNode", "granted"));
- H.assertAuthenticatedPostStatus(adminCreds, childPostUrl, HttpServletResponse.SC_OK, postParams, null);
-
- String childGetUrl = childFolderUrl + ".privileges-info.json";
- String childJson = H.getAuthenticatedContent(testUserCreds, childGetUrl, HttpTest.CONTENT_TYPE_JSON, null, HttpServletResponse.SC_OK);
- assertNotNull(childJson);
- JsonObject childJsonObj = JsonUtil.parseObject(childJson);
- assertEquals(true, childJsonObj.getBoolean("canDelete"));
- }
-
-
-
- /*
- * group testuser granted read / denied write
- */
- @Test
- public void testDeniedWriteForGroup() throws IOException, JsonException {
- testGroupId = H.createTestGroup();
- testUserId = H.createTestUser();
- testFolderUrl = H.createTestFolder();
-
- Credentials adminCreds = new UsernamePasswordCredentials("admin", "admin");
-
- //add testUserId to testGroup
- String groupPostUrl = HttpTest.HTTP_BASE_URL + "/system/userManager/group/" + testGroupId + ".update.html";
- List<NameValuePair> groupPostParams = new ArrayList<NameValuePair>();
- groupPostParams.add(new NameValuePair(":member", testUserId));
- H.assertAuthenticatedPostStatus(adminCreds, groupPostUrl, HttpServletResponse.SC_OK, groupPostParams, null);
-
- //assign some privileges
- String postUrl = testFolderUrl + ".modifyAce.html";
-
- List<NameValuePair> postParams = new ArrayList<NameValuePair>();
- postParams.add(new NameValuePair("principalId", testGroupId));
- postParams.add(new NameValuePair("privilege@jcr:read", "granted"));
- postParams.add(new NameValuePair("privilege@jcr:readAccessControl", "granted"));
- postParams.add(new NameValuePair("privilege@jcr:write", "denied"));
-
- H.assertAuthenticatedPostStatus(adminCreds, postUrl, HttpServletResponse.SC_OK, postParams, null);
-
- String getUrl = testFolderUrl + ".privileges-info.json";
-
- //fetch the JSON for the test page to verify the settings.
- Credentials testUserCreds = new UsernamePasswordCredentials(testUserId, "testPwd");
-
- String json = H.getAuthenticatedContent(testUserCreds, getUrl, HttpTest.CONTENT_TYPE_JSON, null, HttpServletResponse.SC_OK);
- assertNotNull(json);
- JsonObject jsonObj = JsonUtil.parseObject(json);
-
- assertEquals(false, jsonObj.getBoolean("canAddChildren"));
- assertEquals(false, jsonObj.getBoolean("canDeleteChildren"));
- assertEquals(false, jsonObj.getBoolean("canDelete"));
- assertEquals(false, jsonObj.getBoolean("canModifyProperties"));
- assertEquals(true, jsonObj.getBoolean("canReadAccessControl"));
- assertEquals(false, jsonObj.getBoolean("canModifyAccessControl"));
- }
-
- /*
- * group testuser granted read / granted write
- */
- @Test
- public void testGrantedWriteForGroup() throws IOException, JsonException {
- testGroupId = H.createTestGroup();
- testUserId = H.createTestUser();
- testFolderUrl = H.createTestFolder();
-
- Credentials adminCreds = new UsernamePasswordCredentials("admin", "admin");
-
- //add testUserId to testGroup
- String groupPostUrl = HttpTest.HTTP_BASE_URL + "/system/userManager/group/" + testGroupId + ".update.html";
- List<NameValuePair> groupPostParams = new ArrayList<NameValuePair>();
- groupPostParams.add(new NameValuePair(":member", testUserId));
- H.assertAuthenticatedPostStatus(adminCreds, groupPostUrl, HttpServletResponse.SC_OK, groupPostParams, null);
-
- //assign some privileges
- String postUrl = testFolderUrl + ".modifyAce.html";
-
- List<NameValuePair> postParams = new ArrayList<NameValuePair>();
- postParams.add(new NameValuePair("principalId", testGroupId));
- postParams.add(new NameValuePair("privilege@jcr:read", "granted"));
- postParams.add(new NameValuePair("privilege@jcr:write", "granted"));
- postParams.add(new NameValuePair("privilege@jcr:readAccessControl", "granted"));
- postParams.add(new NameValuePair("privilege@jcr:modifyAccessControl", "granted"));
-
- H.assertAuthenticatedPostStatus(adminCreds, postUrl, HttpServletResponse.SC_OK, postParams, null);
-
- String getUrl = testFolderUrl + ".privileges-info.json";
-
- //fetch the JSON for the test page to verify the settings.
- Credentials testUserCreds = new UsernamePasswordCredentials(testUserId, "testPwd");
-
- String json = H.getAuthenticatedContent(testUserCreds, getUrl, HttpTest.CONTENT_TYPE_JSON, null, HttpServletResponse.SC_OK);
- assertNotNull(json);
- JsonObject jsonObj = JsonUtil.parseObject(json);
-
- assertEquals(true, jsonObj.getBoolean("canAddChildren"));
- assertEquals(true, jsonObj.getBoolean("canDeleteChildren"));
- //the parent node must also have jcr:removeChildren granted for 'canDelete' to be true
- assertEquals(false, jsonObj.getBoolean("canDelete"));
- assertEquals(true, jsonObj.getBoolean("canModifyProperties"));
- assertEquals(true, jsonObj.getBoolean("canReadAccessControl"));
- assertEquals(true, jsonObj.getBoolean("canModifyAccessControl"));
-
-
- //add a child node to verify the 'canDelete' use case
- String childFolderUrl = H.getTestClient().createNode(testFolderUrl + "/testFolder" + random.nextInt() + SlingPostConstants.DEFAULT_CREATE_SUFFIX, null);
- String childPostUrl = childFolderUrl + ".modifyAce.html";
-
- postParams = new ArrayList<NameValuePair>();
- postParams.add(new NameValuePair("principalId", testGroupId));
- postParams.add(new NameValuePair("privilege@jcr:read", "granted"));
- postParams.add(new NameValuePair("privilege@jcr:removeNode", "granted"));
- H.assertAuthenticatedPostStatus(adminCreds, childPostUrl, HttpServletResponse.SC_OK, postParams, null);
-
- String childGetUrl = childFolderUrl + ".privileges-info.json";
- String childJson = H.getAuthenticatedContent(testUserCreds, childGetUrl, HttpTest.CONTENT_TYPE_JSON, null, HttpServletResponse.SC_OK);
- assertNotNull(childJson);
- JsonObject childJsonObj = JsonUtil.parseObject(childJson);
- assertEquals(true, childJsonObj.getBoolean("canDelete"));
- }
-
-
- /**
- * Test the fix for SLING-1090
- */
- @Test
- public void testSLING_1090() throws Exception {
- testUserId = H.createTestUser();
-
- //grant jcr: removeChildNodes to the root node
- ArrayList<NameValuePair> postParams = new ArrayList<NameValuePair>();
- postParams.add(new NameValuePair("principalId", testUserId));
- postParams.add(new NameValuePair("privilege@jcr:read", "granted"));
- postParams.add(new NameValuePair("privilege@jcr:removeChildNodes", "granted"));
- Credentials adminCreds = new UsernamePasswordCredentials("admin", "admin");
- H.assertAuthenticatedPostStatus(adminCreds, HttpTest.HTTP_BASE_URL + "/.modifyAce.html", HttpServletResponse.SC_OK, postParams, null);
-
- //create a node as a child of the root folder
- testFolderUrl = H.getTestClient().createNode(HttpTest.HTTP_BASE_URL + "/testFolder" + random.nextInt() + SlingPostConstants.DEFAULT_CREATE_SUFFIX, null);
- String postUrl = testFolderUrl + ".modifyAce.html";
-
- //grant jcr:removeNode to the test node
- postParams = new ArrayList<NameValuePair>();
- postParams.add(new NameValuePair("principalId", testUserId));
- postParams.add(new NameValuePair("privilege@jcr:read", "granted"));
- postParams.add(new NameValuePair("privilege@jcr:removeNode", "granted"));
- H.assertAuthenticatedPostStatus(adminCreds, postUrl, HttpServletResponse.SC_OK, postParams, null);
-
- //fetch the JSON for the test page to verify the settings.
- String getUrl = testFolderUrl + ".privileges-info.json";
- Credentials testUserCreds = new UsernamePasswordCredentials(testUserId, "testPwd");
- String json = H.getAuthenticatedContent(testUserCreds, getUrl, HttpTest.CONTENT_TYPE_JSON, null, HttpServletResponse.SC_OK);
- assertNotNull(json);
- JsonObject jsonObj = JsonUtil.parseObject(json);
- assertEquals(true, jsonObj.getBoolean("canDelete"));
- }
-
- /**
- * Test for SLING-7835, PrivilegesInfo#getDeclaredAccessRights returns incorrect information
- */
- @Test
- public void testDeclaredAclForUser() throws IOException, JsonException {
- testUserId = H.createTestUser();
- testUserId2 = H.createTestUser();
-
- testFolderUrl = H.createTestFolder("{ \"jcr:primaryType\": \"nt:unstructured\", \"propOne\" : \"propOneValue\", \"child\" : { \"childPropOne\" : true } }");
-
- String postUrl = testFolderUrl + ".modifyAce.html";
-
- //1. create an initial set of privileges
- List<NameValuePair> postParams = new ArrayList<NameValuePair>();
- postParams.add(new NameValuePair("principalId", testUserId));
- postParams.add(new NameValuePair("privilege@jcr:write", "granted"));
-
- Credentials creds = new UsernamePasswordCredentials("admin", "admin");
- H.assertAuthenticatedPostStatus(creds, postUrl, HttpServletResponse.SC_OK, postParams, null);
-
- postParams = new ArrayList<NameValuePair>();
- postParams.add(new NameValuePair("principalId", testUserId2));
- postParams.add(new NameValuePair("privilege@jcr:write", "granted"));
-
- H.assertAuthenticatedPostStatus(creds, postUrl, HttpServletResponse.SC_OK, postParams, null);
-
- postParams = new ArrayList<NameValuePair>();
- postParams.add(new NameValuePair("principalId", testUserId2));
- postParams.add(new NameValuePair("privilege@jcr:lockManagement", "granted"));
-
- postUrl = testFolderUrl + "/child.modifyAce.html";
- H.assertAuthenticatedPostStatus(creds, postUrl, HttpServletResponse.SC_OK, postParams, null);
-
-
- //fetch the JSON for the eacl to verify the settings.
- String getUrl = testFolderUrl + "/child.privileges-info.json";
- Credentials testUserCreds = new UsernamePasswordCredentials("admin", "admin");
- String json = H.getAuthenticatedContent(testUserCreds, getUrl, HttpTest.CONTENT_TYPE_JSON, null, HttpServletResponse.SC_OK);
- assertNotNull(json);
- JsonObject jsonObject = JsonUtil.parseObject(json);
- jsonObject = jsonObject.getJsonObject("declaredAccessRights");
-
- assertNull(jsonObject.get(testUserId));
-
- JsonObject aceObject2 = jsonObject.getJsonObject(testUserId2);
- assertNotNull(aceObject2);
-
- JsonArray grantedArray2 = aceObject2.getJsonArray("granted");
- assertNotNull(grantedArray2);
- assertEquals(1, grantedArray2.size());
- Set<String> grantedPrivilegeNames2 = new HashSet<String>();
- for (int i=0; i < grantedArray2.size(); i++) {
- grantedPrivilegeNames2.add(grantedArray2.getString(i));
- }
- H.assertPrivilege(grantedPrivilegeNames2, true, "jcr:lockManagement");
-
- JsonArray deniedArray2 = aceObject2.getJsonArray("denied");
- assertNotNull(deniedArray2);
- assertEquals(0, deniedArray2.size());
-
-
- getUrl = testFolderUrl + ".privileges-info.json";
- json = H.getAuthenticatedContent(testUserCreds, getUrl, HttpTest.CONTENT_TYPE_JSON, null, HttpServletResponse.SC_OK);
- assertNotNull(json);
- jsonObject = JsonUtil.parseObject(json);
- jsonObject = jsonObject.getJsonObject("declaredAccessRights");
-
- JsonObject aceObject = jsonObject.getJsonObject(testUserId);
- assertNotNull(aceObject);
-
- JsonArray grantedArray = aceObject.getJsonArray("granted");
- assertNotNull(grantedArray);
- assertEquals(1, grantedArray.size());
- Set<String> grantedPrivilegeNames = new HashSet<String>();
- for (int i=0; i < grantedArray.size(); i++) {
- grantedPrivilegeNames.add(grantedArray.getString(i));
- }
- H.assertPrivilege(grantedPrivilegeNames,true,"jcr:write");
-
- JsonArray deniedArray = aceObject.getJsonArray("denied");
- assertNotNull(deniedArray);
- assertEquals(0, deniedArray.size());
-
- aceObject2 = jsonObject.getJsonObject(testUserId2);
- assertNotNull(aceObject2);
-
- grantedArray2 = aceObject2.getJsonArray("granted");
- assertNotNull(grantedArray2);
- assertEquals(1, grantedArray2.size());
- grantedPrivilegeNames2 = new HashSet<String>();
- for (int i=0; i < grantedArray2.size(); i++) {
- grantedPrivilegeNames2.add(grantedArray2.getString(i));
- }
- H.assertPrivilege(grantedPrivilegeNames2, true, "jcr:write");
-
- deniedArray2 = aceObject2.getJsonArray("denied");
- assertNotNull(deniedArray2);
- assertEquals(0, deniedArray2.size());
- }
-
- /**
- * Test for SLING-7835, PrivilegesInfo#getEffectiveAccessRights returns incorrect information
- */
- @Test
- public void testEffectiveAclForUser() throws IOException, JsonException {
- testUserId = H.createTestUser();
- testUserId2 = H.createTestUser();
-
- testFolderUrl = H.createTestFolder("{ \"jcr:primaryType\": \"nt:unstructured\", \"propOne\" : \"propOneValue\", \"child\" : { \"childPropOne\" : true } }");
-
- String postUrl = testFolderUrl + ".modifyAce.html";
-
- //1. create an initial set of privileges
- List<NameValuePair> postParams = new ArrayList<NameValuePair>();
- postParams.add(new NameValuePair("principalId", testUserId));
- postParams.add(new NameValuePair("privilege@jcr:write", "granted"));
-
- Credentials creds = new UsernamePasswordCredentials("admin", "admin");
- H.assertAuthenticatedPostStatus(creds, postUrl, HttpServletResponse.SC_OK, postParams, null);
-
- postParams = new ArrayList<NameValuePair>();
- postParams.add(new NameValuePair("principalId", testUserId2));
- postParams.add(new NameValuePair("privilege@jcr:write", "granted"));
-
- H.assertAuthenticatedPostStatus(creds, postUrl, HttpServletResponse.SC_OK, postParams, null);
-
- postParams = new ArrayList<NameValuePair>();
- postParams.add(new NameValuePair("principalId", testUserId2));
- postParams.add(new NameValuePair("privilege@jcr:lockManagement", "granted"));
-
- postUrl = testFolderUrl + "/child.modifyAce.html";
- H.assertAuthenticatedPostStatus(creds, postUrl, HttpServletResponse.SC_OK, postParams, null);
-
-
- //fetch the JSON for the eacl to verify the settings.
- String getUrl = testFolderUrl + "/child.privileges-info.json";
- Credentials testUserCreds = new UsernamePasswordCredentials("admin", "admin");
- String json = H.getAuthenticatedContent(testUserCreds, getUrl, HttpTest.CONTENT_TYPE_JSON, null, HttpServletResponse.SC_OK);
- assertNotNull(json);
- JsonObject jsonObject = JsonUtil.parseObject(json);
- jsonObject = jsonObject.getJsonObject("effectiveAccessRights");
-
- JsonObject aceObject = jsonObject.getJsonObject(testUserId);
- assertNotNull(aceObject);
-
- JsonArray grantedArray = aceObject.getJsonArray("granted");
- assertNotNull(grantedArray);
- assertEquals(1, grantedArray.size());
- Set<String> grantedPrivilegeNames = new HashSet<String>();
- for (int i=0; i < grantedArray.size(); i++) {
- grantedPrivilegeNames.add(grantedArray.getString(i));
- }
- H.assertPrivilege(grantedPrivilegeNames,true,"jcr:write");
-
- JsonArray deniedArray = aceObject.getJsonArray("denied");
- assertNotNull(deniedArray);
- assertEquals(0, deniedArray.size());
-
- JsonObject aceObject2 = jsonObject.getJsonObject(testUserId2);
- assertNotNull(aceObject2);
-
- JsonArray grantedArray2 = aceObject2.getJsonArray("granted");
- assertNotNull(grantedArray2);
- assertEquals(2, grantedArray2.size());
- Set<String> grantedPrivilegeNames2 = new HashSet<String>();
- for (int i=0; i < grantedArray2.size(); i++) {
- grantedPrivilegeNames2.add(grantedArray2.getString(i));
- }
- H.assertPrivilege(grantedPrivilegeNames2, true, "jcr:write");
- H.assertPrivilege(grantedPrivilegeNames2, true, "jcr:lockManagement");
-
- JsonArray deniedArray2 = aceObject2.getJsonArray("denied");
- assertNotNull(deniedArray2);
- assertEquals(0, deniedArray2.size());
- }
-
-}
diff --git a/src/main/java/org/apache/sling/launchpad/webapp/integrationtest/accessManager/GetAclTest.java b/src/main/java/org/apache/sling/launchpad/webapp/integrationtest/accessManager/GetAclTest.java
deleted file mode 100644
index 04d9781..0000000
--- a/src/main/java/org/apache/sling/launchpad/webapp/integrationtest/accessManager/GetAclTest.java
+++ /dev/null
@@ -1,506 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.sling.launchpad.webapp.integrationtest.accessManager;
-
-import static org.junit.Assert.assertEquals;
-import static org.junit.Assert.assertNotNull;
-import static org.junit.Assert.assertNull;
-import static org.junit.Assert.assertTrue;
-
-import java.io.IOException;
-import java.util.ArrayList;
-import java.util.HashSet;
-import java.util.List;
-import java.util.Set;
-
-import javax.json.JsonArray;
-import javax.json.JsonException;
-import javax.json.JsonObject;
-import javax.servlet.http.HttpServletResponse;
-
-import org.apache.commons.httpclient.Credentials;
-import org.apache.commons.httpclient.NameValuePair;
-import org.apache.commons.httpclient.UsernamePasswordCredentials;
-import org.apache.sling.commons.testing.integration.HttpTest;
-import org.apache.sling.launchpad.webapp.integrationtest.util.JsonUtil;
-import org.junit.After;
-import org.junit.Before;
-import org.junit.Test;
-
-/**
- * Tests for the 'acl' and 'eacl' Sling Get Operation
- */
-public class GetAclTest {
-
- String testUserId = null;
- String testUserId2 = null;
-
- private final AccessManagerTestUtil H = new AccessManagerTestUtil();
-
- @Before
- public void setup() throws Exception {
- H.setUp();
- }
-
- @After
- public void cleanup() throws Exception {
- H.tearDown();
-
- Credentials creds = new UsernamePasswordCredentials("admin", "admin");
-
- if (testUserId != null) {
- //remove the test user if it exists.
- String postUrl = HttpTest.HTTP_BASE_URL + "/system/userManager/user/" + testUserId + ".delete.html";
- List<NameValuePair> postParams = new ArrayList<NameValuePair>();
- H.assertAuthenticatedPostStatus(creds, postUrl, HttpServletResponse.SC_OK, postParams, null);
- }
- if (testUserId2 != null) {
- //remove the test user if it exists.
- String postUrl = HttpTest.HTTP_BASE_URL + "/system/userManager/user/" + testUserId2 + ".delete.html";
- List<NameValuePair> postParams = new ArrayList<NameValuePair>();
- H.assertAuthenticatedPostStatus(creds, postUrl, HttpServletResponse.SC_OK, postParams, null);
- }
- }
-
- /**
- * Test for SLING-2600, Effective ACL servlet returns incorrect information
- */
- @Test
- public void testEffectiveAclForUser() throws IOException, JsonException {
- testUserId = H.createTestUser();
- testUserId2 = H.createTestUser();
-
- String testFolderUrl = H.createTestFolder("{ \"jcr:primaryType\": \"nt:unstructured\", \"propOne\" : \"propOneValue\", \"child\" : { \"childPropOne\" : true } }");
-
- String postUrl = testFolderUrl + ".modifyAce.html";
-
- //1. create an initial set of privileges
- List<NameValuePair> postParams = new ArrayList<NameValuePair>();
- postParams.add(new NameValuePair("principalId", testUserId));
- postParams.add(new NameValuePair("privilege@jcr:write", "granted"));
-
- Credentials creds = new UsernamePasswordCredentials("admin", "admin");
- H.assertAuthenticatedPostStatus(creds, postUrl, HttpServletResponse.SC_OK, postParams, null);
-
- postParams = new ArrayList<NameValuePair>();
- postParams.add(new NameValuePair("principalId", testUserId2));
- postParams.add(new NameValuePair("privilege@jcr:write", "granted"));
-
- H.assertAuthenticatedPostStatus(creds, postUrl, HttpServletResponse.SC_OK, postParams, null);
-
- postParams = new ArrayList<NameValuePair>();
- postParams.add(new NameValuePair("principalId", testUserId2));
- postParams.add(new NameValuePair("privilege@jcr:lockManagement", "granted"));
-
- postUrl = testFolderUrl + "/child.modifyAce.html";
- H.assertAuthenticatedPostStatus(creds, postUrl, HttpServletResponse.SC_OK, postParams, null);
-
-
- //fetch the JSON for the eacl to verify the settings.
- String getUrl = testFolderUrl + "/child.eacl.json";
-
- String json = H.getAuthenticatedContent(creds, getUrl, HttpTest.CONTENT_TYPE_JSON, null, HttpServletResponse.SC_OK);
- assertNotNull(json);
- JsonObject jsonObject = JsonUtil.parseObject(json);
-
- JsonObject aceObject = jsonObject.getJsonObject(testUserId);
- assertNotNull(aceObject);
-
- String principalString = aceObject.getString("principal");
- assertEquals(testUserId, principalString);
-
- JsonArray grantedArray = aceObject.getJsonArray("granted");
- assertNotNull(grantedArray);
- assertEquals(1, grantedArray.size());
- Set<String> grantedPrivilegeNames = new HashSet<String>();
- for (int i=0; i < grantedArray.size(); i++) {
- grantedPrivilegeNames.add(grantedArray.getString(i));
- }
- H.assertPrivilege(grantedPrivilegeNames,true,"jcr:write");
-
- Object deniedArray = aceObject.get("denied");
- assertNull(deniedArray);
-
- JsonObject aceObject2 = jsonObject.getJsonObject(testUserId2);
- assertNotNull(aceObject2);
-
- String principalString2 = aceObject2.getString("principal");
- assertEquals(testUserId2, principalString2);
-
- JsonArray grantedArray2 = aceObject2.getJsonArray("granted");
- assertNotNull(grantedArray2);
- assertEquals(2, grantedArray2.size());
- Set<String> grantedPrivilegeNames2 = new HashSet<String>();
- for (int i=0; i < grantedArray2.size(); i++) {
- grantedPrivilegeNames2.add(grantedArray2.getString(i));
- }
- H.assertPrivilege(grantedPrivilegeNames2, true, "jcr:write");
- H.assertPrivilege(grantedPrivilegeNames2, true, "jcr:lockManagement");
-
- Object deniedArray2 = aceObject2.get("denied");
- assertNull(deniedArray2);
-
- }
-
- /**
- * Test for SLING-2600, Effective ACL servlet returns incorrect information
- */
- @Test
- public void testEffectiveAclMergeForUser_ReplacePrivilegeOnChild() throws IOException, JsonException {
- testUserId = H.createTestUser();
-
- String testFolderUrl = H.createTestFolder("{ \"jcr:primaryType\": \"nt:unstructured\", \"propOne\" : \"propOneValue\", \"child\" : { \"childPropOne\" : true } }");
-
- String postUrl = testFolderUrl + ".modifyAce.html";
-
- //1. create an initial set of privileges
- List<NameValuePair> postParams = new ArrayList<NameValuePair>();
- postParams.add(new NameValuePair("principalId", testUserId));
- postParams.add(new NameValuePair("privilege@jcr:write", "denied"));
-
- Credentials creds = new UsernamePasswordCredentials("admin", "admin");
- H.assertAuthenticatedPostStatus(creds, postUrl, HttpServletResponse.SC_OK, postParams, null);
-
- H.assertAuthenticatedPostStatus(creds, postUrl, HttpServletResponse.SC_OK, postParams, null);
-
- postParams = new ArrayList<NameValuePair>();
- postParams.add(new NameValuePair("principalId", testUserId));
- postParams.add(new NameValuePair("privilege@jcr:write", "granted"));
-
- postUrl = testFolderUrl + "/child.modifyAce.html";
- H.assertAuthenticatedPostStatus(creds, postUrl, HttpServletResponse.SC_OK, postParams, null);
-
-
- //fetch the JSON for the eacl to verify the settings.
- String getUrl = testFolderUrl + "/child.eacl.json";
-
- String json = H.getAuthenticatedContent(creds, getUrl, HttpTest.CONTENT_TYPE_JSON, null, HttpServletResponse.SC_OK);
- assertNotNull(json);
- JsonObject jsonObject = JsonUtil.parseObject(json);
-
- JsonObject aceObject = jsonObject.getJsonObject(testUserId);
- assertNotNull(aceObject);
-
- String principalString = aceObject.getString("principal");
- assertEquals(testUserId, principalString);
-
- JsonArray grantedArray = aceObject.getJsonArray("granted");
- assertNotNull(grantedArray);
- assertEquals(1, grantedArray.size());
- Set<String> grantedPrivilegeNames = new HashSet<String>();
- for (int i=0; i < grantedArray.size(); i++) {
- grantedPrivilegeNames.add(grantedArray.getString(i));
- }
- H.assertPrivilege(grantedPrivilegeNames,true,"jcr:write");
-
- Object deniedArray = aceObject.get("denied");
- assertNull(deniedArray);
- }
-
- /**
- * Test for SLING-2600, Effective ACL servlet returns incorrect information
- */
- @Test
- public void testEffectiveAclMergeForUser_FewerPrivilegesGrantedOnChild() throws IOException, JsonException {
- testUserId = H.createTestUser();
-
- String testFolderUrl = H.createTestFolder("{ \"jcr:primaryType\": \"nt:unstructured\", \"propOne\" : \"propOneValue\", \"child\" : { \"childPropOne\" : true } }");
-
- String postUrl = testFolderUrl + ".modifyAce.html";
-
- //1. create an initial set of privileges
- List<NameValuePair> postParams = new ArrayList<NameValuePair>();
- postParams.add(new NameValuePair("principalId", testUserId));
- postParams.add(new NameValuePair("privilege@jcr:all", "granted"));
-
- Credentials creds = new UsernamePasswordCredentials("admin", "admin");
- H.assertAuthenticatedPostStatus(creds, postUrl, HttpServletResponse.SC_OK, postParams, null);
-
- H.assertAuthenticatedPostStatus(creds, postUrl, HttpServletResponse.SC_OK, postParams, null);
-
- postParams = new ArrayList<NameValuePair>();
- postParams.add(new NameValuePair("principalId", testUserId));
- postParams.add(new NameValuePair("privilege@jcr:write", "granted"));
-
- postUrl = testFolderUrl + "/child.modifyAce.html";
- H.assertAuthenticatedPostStatus(creds, postUrl, HttpServletResponse.SC_OK, postParams, null);
-
-
- //fetch the JSON for the eacl to verify the settings.
- String getUrl = testFolderUrl + "/child.eacl.json";
-
- String json = H.getAuthenticatedContent(creds, getUrl, HttpTest.CONTENT_TYPE_JSON, null, HttpServletResponse.SC_OK);
- assertNotNull(json);
- JsonObject jsonObject = JsonUtil.parseObject(json);
-
- JsonObject aceObject = jsonObject.getJsonObject(testUserId);
- assertNotNull(aceObject);
-
- String principalString = aceObject.getString("principal");
- assertEquals(testUserId, principalString);
-
- JsonArray grantedArray = aceObject.getJsonArray("granted");
- assertNotNull(grantedArray);
- assertEquals(1, grantedArray.size());
- Set<String> grantedPrivilegeNames = new HashSet<String>();
- for (int i=0; i < grantedArray.size(); i++) {
- grantedPrivilegeNames.add(grantedArray.getString(i));
- }
- H.assertPrivilege(grantedPrivilegeNames,true,"jcr:all");
-
- Object deniedArray = aceObject.get("denied");
- assertNull(deniedArray);
- }
-
- /**
- * Test for SLING-2600, Effective ACL servlet returns incorrect information
- */
- @Test
- public void testEffectiveAclMergeForUser_MorePrivilegesGrantedOnChild() throws IOException, JsonException {
- testUserId = H.createTestUser();
-
- String testFolderUrl = H.createTestFolder("{ \"jcr:primaryType\": \"nt:unstructured\", \"propOne\" : \"propOneValue\", \"child\" : { \"childPropOne\" : true } }");
-
- String postUrl = testFolderUrl + ".modifyAce.html";
-
- //1. create an initial set of privileges
- List<NameValuePair> postParams = new ArrayList<NameValuePair>();
- postParams.add(new NameValuePair("principalId", testUserId));
- postParams.add(new NameValuePair("privilege@jcr:write", "granted"));
-
- Credentials creds = new UsernamePasswordCredentials("admin", "admin");
- H.assertAuthenticatedPostStatus(creds, postUrl, HttpServletResponse.SC_OK, postParams, null);
-
- H.assertAuthenticatedPostStatus(creds, postUrl, HttpServletResponse.SC_OK, postParams, null);
-
- postParams = new ArrayList<NameValuePair>();
- postParams.add(new NameValuePair("principalId", testUserId));
- postParams.add(new NameValuePair("privilege@jcr:all", "granted"));
-
- postUrl = testFolderUrl + "/child.modifyAce.html";
- H.assertAuthenticatedPostStatus(creds, postUrl, HttpServletResponse.SC_OK, postParams, null);
-
-
- //fetch the JSON for the eacl to verify the settings.
- String getUrl = testFolderUrl + "/child.eacl.json";
-
- String json = H.getAuthenticatedContent(creds, getUrl, HttpTest.CONTENT_TYPE_JSON, null, HttpServletResponse.SC_OK);
- assertNotNull(json);
- JsonObject jsonObject = JsonUtil.parseObject(json);
-
- JsonObject aceObject = jsonObject.getJsonObject(testUserId);
- assertNotNull(aceObject);
-
- String principalString = aceObject.getString("principal");
- assertEquals(testUserId, principalString);
-
- JsonArray grantedArray = aceObject.getJsonArray("granted");
- assertNotNull(grantedArray);
- assertEquals(1, grantedArray.size());
- Set<String> grantedPrivilegeNames = new HashSet<String>();
- for (int i=0; i < grantedArray.size(); i++) {
- grantedPrivilegeNames.add(grantedArray.getString(i));
- }
- H.assertPrivilege(grantedPrivilegeNames,true,"jcr:all");
-
- Object deniedArray = aceObject.get("denied");
- assertNull(deniedArray);
- }
-
- /**
- * Test for SLING-2600, Effective ACL servlet returns incorrect information
- */
- @Test
- public void testEffectiveAclMergeForUser_SubsetOfPrivilegesDeniedOnChild2() throws IOException, JsonException {
- testUserId = H.createTestUser();
-
- String testFolderUrl = H.createTestFolder("{ \"jcr:primaryType\": \"nt:unstructured\", \"propOne\" : \"propOneValue\", \"child\" : { \"childPropOne\" : true } }");
-
- String postUrl = testFolderUrl + ".modifyAce.html";
-
- //1. create an initial set of privileges
- List<NameValuePair> postParams = new ArrayList<NameValuePair>();
- postParams.add(new NameValuePair("principalId", testUserId));
- postParams.add(new NameValuePair("privilege@jcr:all", "granted"));
-
- Credentials creds = new UsernamePasswordCredentials("admin", "admin");
- H.assertAuthenticatedPostStatus(creds, postUrl, HttpServletResponse.SC_OK, postParams, null);
-
- H.assertAuthenticatedPostStatus(creds, postUrl, HttpServletResponse.SC_OK, postParams, null);
-
- postParams = new ArrayList<NameValuePair>();
- postParams.add(new NameValuePair("principalId", testUserId));
- postParams.add(new NameValuePair("privilege@jcr:removeNode", "denied"));
-
- postUrl = testFolderUrl + "/child.modifyAce.html";
- H.assertAuthenticatedPostStatus(creds, postUrl, HttpServletResponse.SC_OK, postParams, null);
-
-
- //fetch the JSON for the eacl to verify the settings.
- String getUrl = testFolderUrl + "/child.eacl.json";
-
- String json = H.getAuthenticatedContent(creds, getUrl, HttpTest.CONTENT_TYPE_JSON, null, HttpServletResponse.SC_OK);
- assertNotNull(json);
- JsonObject jsonObject = JsonUtil.parseObject(json);
-
- JsonObject aceObject = jsonObject.getJsonObject(testUserId);
- assertNotNull(aceObject);
-
- String principalString = aceObject.getString("principal");
- assertEquals(testUserId, principalString);
-
- JsonArray grantedArray = aceObject.getJsonArray("granted");
- assertNotNull(grantedArray);
- assertTrue(grantedArray.size() >= 11);
- Set<String> grantedPrivilegeNames = new HashSet<String>();
- for (int i=0; i < grantedArray.size(); i++) {
- grantedPrivilegeNames.add(grantedArray.getString(i));
- }
- H.assertPrivilege(grantedPrivilegeNames,false,"jcr:all");
- H.assertPrivilege(grantedPrivilegeNames,false,"jcr:write");
- H.assertPrivilege(grantedPrivilegeNames,true,"jcr:read");
- H.assertPrivilege(grantedPrivilegeNames,true,"jcr:readAccessControl");
- H.assertPrivilege(grantedPrivilegeNames,true,"jcr:modifyAccessControl");
- H.assertPrivilege(grantedPrivilegeNames,true,"jcr:lockManagement");
- H.assertPrivilege(grantedPrivilegeNames,true,"jcr:versionManagement");
- H.assertPrivilege(grantedPrivilegeNames,true,"jcr:nodeTypeManagement");
- H.assertPrivilege(grantedPrivilegeNames,true,"jcr:retentionManagement");
- H.assertPrivilege(grantedPrivilegeNames,true,"jcr:lifecycleManagement");
- H.assertPrivilege(grantedPrivilegeNames,true,"jcr:modifyProperties");
- H.assertPrivilege(grantedPrivilegeNames,true,"jcr:addChildNodes");
- H.assertPrivilege(grantedPrivilegeNames,true,"jcr:removeChildNodes");
-
- JsonArray deniedArray = aceObject.getJsonArray("denied");
- assertNotNull(deniedArray);
- assertEquals(1, deniedArray.size());
- Set<String> deniedPrivilegeNames = new HashSet<String>();
- for (int i=0; i < deniedArray.size(); i++) {
- deniedPrivilegeNames.add(deniedArray.getString(i));
- }
- H.assertPrivilege(deniedPrivilegeNames, true, "jcr:removeNode");
- }
-
- /**
- * Test for SLING-2600, Effective ACL servlet returns incorrect information
- */
- @Test
- public void testEffectiveAclMergeForUser_SupersetOfPrivilegesDeniedOnChild() throws IOException, JsonException {
- testUserId = H.createTestUser();
-
- String testFolderUrl = H.createTestFolder("{ \"jcr:primaryType\": \"nt:unstructured\", \"propOne\" : \"propOneValue\", \"child\" : { \"childPropOne\" : true } }");
-
- String postUrl = testFolderUrl + ".modifyAce.html";
-
- //1. create an initial set of privileges
- List<NameValuePair> postParams = new ArrayList<NameValuePair>();
- postParams.add(new NameValuePair("principalId", testUserId));
- postParams.add(new NameValuePair("privilege@jcr:write", "granted"));
-
- Credentials creds = new UsernamePasswordCredentials("admin", "admin");
- H.assertAuthenticatedPostStatus(creds, postUrl, HttpServletResponse.SC_OK, postParams, null);
-
- H.assertAuthenticatedPostStatus(creds, postUrl, HttpServletResponse.SC_OK, postParams, null);
-
- postParams = new ArrayList<NameValuePair>();
- postParams.add(new NameValuePair("principalId", testUserId));
- postParams.add(new NameValuePair("privilege@jcr:all", "denied"));
-
- postUrl = testFolderUrl + "/child.modifyAce.html";
- H.assertAuthenticatedPostStatus(creds, postUrl, HttpServletResponse.SC_OK, postParams, null);
-
-
- //fetch the JSON for the eacl to verify the settings.
- String getUrl = testFolderUrl + "/child.eacl.json";
-
- String json = H.getAuthenticatedContent(creds, getUrl, HttpTest.CONTENT_TYPE_JSON, null, HttpServletResponse.SC_OK);
- assertNotNull(json);
- JsonObject jsonObject = JsonUtil.parseObject(json);
-
- JsonObject aceObject = jsonObject.getJsonObject(testUserId);
- assertNotNull(aceObject);
-
- String principalString = aceObject.getString("principal");
- assertEquals(testUserId, principalString);
-
- Object grantedArray = aceObject.get("granted");
- assertNull(grantedArray);
-
- JsonArray deniedArray = aceObject.getJsonArray("denied");
- assertNotNull(deniedArray);
- assertEquals(1, deniedArray.size());
- Set<String> deniedPrivilegeNames = new HashSet<String>();
- for (int i=0; i < deniedArray.size(); i++) {
- deniedPrivilegeNames.add(deniedArray.getString(i));
- }
- H.assertPrivilege(deniedPrivilegeNames, true, "jcr:all");
- }
-
- /**
- * Test for SLING-2600, Effective ACL servlet returns incorrect information
- */
- @Test
- public void testEffectiveAclMergeForUser_SupersetOfPrivilegesDeniedOnChild2() throws IOException, JsonException {
- testUserId = H.createTestUser();
-
- String testFolderUrl = H.createTestFolder("{ \"jcr:primaryType\": \"nt:unstructured\", \"propOne\" : \"propOneValue\", \"child\" : { \"childPropOne\" : true } }");
-
- String postUrl = testFolderUrl + ".modifyAce.html";
-
- //1. create an initial set of privileges
- List<NameValuePair> postParams = new ArrayList<NameValuePair>();
- postParams.add(new NameValuePair("principalId", testUserId));
- postParams.add(new NameValuePair("privilege@jcr:modifyProperties", "granted"));
-
- Credentials creds = new UsernamePasswordCredentials("admin", "admin");
- H.assertAuthenticatedPostStatus(creds, postUrl, HttpServletResponse.SC_OK, postParams, null);
-
- H.assertAuthenticatedPostStatus(creds, postUrl, HttpServletResponse.SC_OK, postParams, null);
-
- postParams = new ArrayList<NameValuePair>();
- postParams.add(new NameValuePair("principalId", testUserId));
- postParams.add(new NameValuePair("privilege@jcr:all", "denied"));
-
- postUrl = testFolderUrl + "/child.modifyAce.html";
- H.assertAuthenticatedPostStatus(creds, postUrl, HttpServletResponse.SC_OK, postParams, null);
-
-
- //fetch the JSON for the eacl to verify the settings.
- String getUrl = testFolderUrl + "/child.eacl.json";
-
- String json = H.getAuthenticatedContent(creds, getUrl, HttpTest.CONTENT_TYPE_JSON, null, HttpServletResponse.SC_OK);
- assertNotNull(json);
- JsonObject jsonObject = JsonUtil.parseObject(json);
-
- JsonObject aceObject = jsonObject.getJsonObject(testUserId);
- assertNotNull(aceObject);
-
- String principalString = aceObject.getString("principal");
- assertEquals(testUserId, principalString);
-
- Object grantedArray = aceObject.get("granted");
- assertNull(grantedArray);
-
- JsonArray deniedArray = aceObject.getJsonArray("denied");
- assertNotNull(deniedArray);
- assertEquals(1, deniedArray.size());
- Set<String> deniedPrivilegeNames = new HashSet<String>();
- for (int i=0; i < deniedArray.size(); i++) {
- deniedPrivilegeNames.add(deniedArray.getString(i));
- }
- H.assertPrivilege(deniedPrivilegeNames, true, "jcr:all");
- }
-}
diff --git a/src/main/java/org/apache/sling/launchpad/webapp/integrationtest/accessManager/ModifyAceTest.java b/src/main/java/org/apache/sling/launchpad/webapp/integrationtest/accessManager/ModifyAceTest.java
deleted file mode 100644
index 505233e..0000000
--- a/src/main/java/org/apache/sling/launchpad/webapp/integrationtest/accessManager/ModifyAceTest.java
+++ /dev/null
@@ -1,1410 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.sling.launchpad.webapp.integrationtest.accessManager;
-
-import static org.junit.Assert.assertEquals;
-import static org.junit.Assert.assertFalse;
-import static org.junit.Assert.assertNotNull;
-import static org.junit.Assert.assertNull;
-import static org.junit.Assert.assertTrue;
-
-import java.io.IOException;
-import java.lang.reflect.Array;
-import java.util.ArrayList;
-import java.util.HashMap;
-import java.util.HashSet;
-import java.util.List;
-import java.util.Map;
-import java.util.Map.Entry;
-import java.util.Set;
-
-import javax.json.JsonArray;
-import javax.json.JsonException;
-import javax.json.JsonObject;
-import javax.json.JsonString;
-import javax.servlet.http.HttpServletResponse;
-
-import org.apache.commons.httpclient.Credentials;
-import org.apache.commons.httpclient.NameValuePair;
-import org.apache.commons.httpclient.UsernamePasswordCredentials;
-import org.apache.sling.commons.testing.integration.HttpTest;
-import org.apache.sling.launchpad.webapp.integrationtest.util.JsonUtil;
-import org.apache.sling.servlets.post.JSONResponse;
-import org.junit.After;
-import org.junit.Before;
-import org.junit.Test;
-
-/**
- * Tests for the 'modifyAce' Sling Post Operation
- */
-public class ModifyAceTest {
-
- String testUserId = null;
- String testUserId2 = null;
- String testGroupId = null;
- String testFolderUrl = null;
-
- private final AccessManagerTestUtil H = new AccessManagerTestUtil();
-
- @Before
- public void setup() throws Exception {
- H.setUp();
- }
- @After
- public void cleanup() throws Exception {
- H.tearDown();
-
- Credentials creds = new UsernamePasswordCredentials("admin", "admin");
-
- if (testFolderUrl != null) {
- //remove the test user if it exists.
- String postUrl = testFolderUrl;
- List<NameValuePair> postParams = new ArrayList<NameValuePair>();
- postParams.add(new NameValuePair(":operation", "delete"));
- H.assertAuthenticatedPostStatus(creds, postUrl, HttpServletResponse.SC_OK, postParams, null);
- }
- if (testGroupId != null) {
- //remove the test user if it exists.
- String postUrl = HttpTest.HTTP_BASE_URL + "/system/userManager/group/" + testGroupId + ".delete.html";
- List<NameValuePair> postParams = new ArrayList<NameValuePair>();
- H.assertAuthenticatedPostStatus(creds, postUrl, HttpServletResponse.SC_OK, postParams, null);
- }
- if (testUserId != null) {
- //remove the test user if it exists.
- String postUrl = HttpTest.HTTP_BASE_URL + "/system/userManager/user/" + testUserId + ".delete.html";
- List<NameValuePair> postParams = new ArrayList<NameValuePair>();
- H.assertAuthenticatedPostStatus(creds, postUrl, HttpServletResponse.SC_OK, postParams, null);
- }
- if (testUserId2 != null) {
- //remove the test user if it exists.
- String postUrl = HttpTest.HTTP_BASE_URL + "/system/userManager/user/" + testUserId2 + ".delete.html";
- List<NameValuePair> postParams = new ArrayList<NameValuePair>();
- H.assertAuthenticatedPostStatus(creds, postUrl, HttpServletResponse.SC_OK, postParams, null);
- }
- }
-
- @Test
- public void testModifyAceForUser() throws IOException, JsonException {
- testUserId = H.createTestUser();
-
- testFolderUrl = H.createTestFolder();
-
- String postUrl = testFolderUrl + ".modifyAce.html";
-
- List<NameValuePair> postParams = new ArrayList<NameValuePair>();
- postParams.add(new NameValuePair("principalId", testUserId));
- postParams.add(new NameValuePair("privilege@jcr:read", "granted"));
- postParams.add(new NameValuePair("privilege@jcr:write", "denied"));
- postParams.add(new NameValuePair("privilege@jcr:modifyAccessControl", "bogus")); //invalid value should be ignored.
-
- Credentials creds = new UsernamePasswordCredentials("admin", "admin");
- H.assertAuthenticatedPostStatus(creds, postUrl, HttpServletResponse.SC_OK, postParams, null);
-
-
- //fetch the JSON for the acl to verify the settings.
- String getUrl = testFolderUrl + ".acl.json";
-
- String json = H.getAuthenticatedContent(creds, getUrl, HttpTest.CONTENT_TYPE_JSON, null, HttpServletResponse.SC_OK);
- assertNotNull(json);
- JsonObject jsonObject = JsonUtil.parseObject(json);
- assertEquals(1, jsonObject.size());
-
- JsonObject aceObject = jsonObject.getJsonObject(testUserId);
- assertNotNull(aceObject);
-
- String principalString = aceObject.getString("principal");
- assertEquals(testUserId, principalString);
-
- int order = aceObject.getInt("order");
- assertEquals(0, order);
-
- JsonArray grantedArray = aceObject.getJsonArray("granted");
- assertNotNull(grantedArray);
- assertEquals(1, grantedArray.size());
- assertEquals("jcr:read", grantedArray.getString(0));
-
- JsonArray deniedArray = aceObject.getJsonArray("denied");
- assertNotNull(deniedArray);
- assertEquals(1, deniedArray.size());
- assertEquals("jcr:write", deniedArray.getString(0));
- }
-
- /**
- * Test for SLING-7831
- */
- @Test
- public void testModifyAceCustomPostResponse() throws IOException, JsonException {
- testUserId = H.createTestUser();
-
- testFolderUrl = H.createTestFolder();
-
- String postUrl = testFolderUrl + ".modifyAce.html";
-
- List<NameValuePair> postParams = new ArrayList<NameValuePair>();
- postParams.add(new NameValuePair(":responseType", "custom"));
- postParams.add(new NameValuePair("principalId", testUserId));
- postParams.add(new NameValuePair("privilege@jcr:read", "granted"));
-
- Credentials creds = new UsernamePasswordCredentials("admin", "admin");
- String content = H.getAuthenticatedPostContent(creds, postUrl, HttpTest.CONTENT_TYPE_HTML, postParams, HttpServletResponse.SC_OK);
- assertEquals("Thanks!", content); //verify that the content matches the custom response
- }
-
- @Test
- public void testModifyAceForGroup() throws IOException, JsonException {
- testGroupId = H.createTestGroup();
-
- testFolderUrl = H.createTestFolder();
-
- String postUrl = testFolderUrl + ".modifyAce.html";
-
- List<NameValuePair> postParams = new ArrayList<NameValuePair>();
- postParams.add(new NameValuePair("principalId", testGroupId));
- postParams.add(new NameValuePair("privilege@jcr:read", "granted"));
- postParams.add(new NameValuePair("privilege@jcr:write", "denied"));
- postParams.add(new NameValuePair("privilege@jcr:modifyAccessControl", "bogus")); //invalid value should be ignored.
-
- Credentials creds = new UsernamePasswordCredentials("admin", "admin");
- H.assertAuthenticatedPostStatus(creds, postUrl, HttpServletResponse.SC_OK, postParams, null);
-
-
- //fetch the JSON for the acl to verify the settings.
- String getUrl = testFolderUrl + ".acl.json";
-
- String json = H.getAuthenticatedContent(creds, getUrl, HttpTest.CONTENT_TYPE_JSON, null, HttpServletResponse.SC_OK);
- assertNotNull(json);
- JsonObject jsonObject = JsonUtil.parseObject(json);
- assertEquals(1, jsonObject.size());
-
- JsonObject aceObject = jsonObject.getJsonObject(testGroupId);
- assertNotNull(aceObject);
-
- int order = aceObject.getInt("order");
- assertEquals(0, order);
-
- String principalString = aceObject.getString("principal");
- assertEquals(testGroupId, principalString);
-
- JsonArray grantedArray = aceObject.getJsonArray("granted");
- assertNotNull(grantedArray);
- assertEquals(1, grantedArray.size());
- assertEquals("jcr:read", grantedArray.getString(0));
-
- JsonArray deniedArray = aceObject.getJsonArray("denied");
- assertNotNull(deniedArray);
- assertEquals("jcr:write", deniedArray.getString(0));
- }
-
- /**
- * Test for SLING-997, preserve privileges that were not posted with the modifyAce
- * request.
- */
- @Test
- public void testMergeAceForUser() throws IOException, JsonException {
- testUserId = H.createTestUser();
- testFolderUrl = H.createTestFolder();
-
- String postUrl = testFolderUrl + ".modifyAce.html";
-
- //1. create an initial set of privileges
- List<NameValuePair> postParams = new ArrayList<NameValuePair>();
- postParams.add(new NameValuePair("principalId", testUserId));
- postParams.add(new NameValuePair("privilege@jcr:read", "granted"));
- postParams.add(new NameValuePair("privilege@jcr:readAccessControl", "granted"));
- postParams.add(new NameValuePair("privilege@jcr:addChildNodes", "granted"));
- postParams.add(new NameValuePair("privilege@jcr:modifyAccessControl", "denied"));
- postParams.add(new NameValuePair("privilege@jcr:removeChildNodes", "denied"));
-
- Credentials creds = new UsernamePasswordCredentials("admin", "admin");
- H.assertAuthenticatedPostStatus(creds, postUrl, HttpServletResponse.SC_OK, postParams, null);
-
- //fetch the JSON for the acl to verify the settings.
- String getUrl = testFolderUrl + ".acl.json";
-
- String json = H.getAuthenticatedContent(creds, getUrl, HttpTest.CONTENT_TYPE_JSON, null, HttpServletResponse.SC_OK);
- assertNotNull(json);
- JsonObject jsonObject = JsonUtil.parseObject(json);
- assertEquals(1, jsonObject.size());
-
- JsonObject aceObject = jsonObject.getJsonObject(testUserId);
- assertNotNull(aceObject);
-
- String principalString = aceObject.getString("principal");
- assertEquals(testUserId, principalString);
-
- int order = aceObject.getInt("order");
- assertEquals(0, order);
-
- JsonArray grantedArray = aceObject.getJsonArray("granted");
- assertNotNull(grantedArray);
- assertEquals(3, grantedArray.size());
- Set<String> grantedPrivilegeNames = new HashSet<String>();
- for (int i=0; i < grantedArray.size(); i++) {
- grantedPrivilegeNames.add(grantedArray.getString(i));
- }
- H.assertPrivilege(grantedPrivilegeNames, true, "jcr:read");
- H.assertPrivilege(grantedPrivilegeNames, true, "jcr:readAccessControl");
- H.assertPrivilege(grantedPrivilegeNames, true, "jcr:addChildNodes");
-
- JsonArray deniedArray = aceObject.getJsonArray("denied");
- assertNotNull(deniedArray);
- assertEquals(2, deniedArray.size());
- Set<String> deniedPrivilegeNames = new HashSet<String>();
- for (int i=0; i < deniedArray.size(); i++) {
- deniedPrivilegeNames.add(deniedArray.getString(i));
- }
- H.assertPrivilege(deniedPrivilegeNames, true, "jcr:modifyAccessControl");
- H.assertPrivilege(deniedPrivilegeNames, true, "jcr:removeChildNodes");
-
-
-
- //2. post a new set of privileges to merge with the existing privileges
- List<NameValuePair> postParams2 = new ArrayList<NameValuePair>();
- postParams2.add(new NameValuePair("principalId", testUserId));
- //jcr:read and jcr:addChildNodes are not posted, so they should remain in the granted ACE
- postParams2.add(new NameValuePair("privilege@jcr:readAccessControl", "none")); //clear the existing privilege
- postParams2.add(new NameValuePair("privilege@jcr:modifyProperties", "granted")); //add a new privilege
- //jcr:modifyAccessControl is not posted, so it should remain in the denied ACE
- postParams2.add(new NameValuePair("privilege@jcr:modifyAccessControl", "denied")); //deny the modifyAccessControl privilege
- postParams2.add(new NameValuePair("privilege@jcr:removeChildNodes", "none")); //clear the existing privilege
- postParams2.add(new NameValuePair("privilege@jcr:removeNode", "denied")); //deny a new privilege
-
- H.assertAuthenticatedPostStatus(creds, postUrl, HttpServletResponse.SC_OK, postParams2, null);
-
-
- //fetch the JSON for the acl to verify the settings.
- String json2 = H.getAuthenticatedContent(creds, getUrl, HttpTest.CONTENT_TYPE_JSON, null, HttpServletResponse.SC_OK);
- assertNotNull(json2);
- JsonObject jsonObject2 = JsonUtil.parseObject(json2);
- assertEquals(1, jsonObject2.size());
-
- JsonObject aceObject2 = jsonObject2.getJsonObject(testUserId);
- assertNotNull(aceObject2);
-
- String principalString2 = aceObject2.getString("principal");
- assertEquals(testUserId, principalString2);
-
- JsonArray grantedArray2 = aceObject2.getJsonArray("granted");
- assertNotNull(grantedArray2);
- assertEquals(3, grantedArray2.size());
- Set<String> grantedPrivilegeNames2 = new HashSet<String>();
- for (int i=0; i < grantedArray2.size(); i++) {
- grantedPrivilegeNames2.add(grantedArray2.getString(i));
- }
- H.assertPrivilege(grantedPrivilegeNames2, true, "jcr:read");
- H.assertPrivilege(grantedPrivilegeNames2, true, "jcr:addChildNodes");
- H.assertPrivilege(grantedPrivilegeNames2, true, "jcr:modifyProperties");
-
- JsonArray deniedArray2 = aceObject2.getJsonArray("denied");
- assertNotNull(deniedArray2);
- assertEquals(2, deniedArray2.size());
- Set<String> deniedPrivilegeNames2 = new HashSet<String>();
- for (int i=0; i < deniedArray2.size(); i++) {
- deniedPrivilegeNames2.add(deniedArray2.getString(i));
- }
- H.assertPrivilege(deniedPrivilegeNames2, true, "jcr:modifyAccessControl");
- H.assertPrivilege(deniedPrivilegeNames2, true, "jcr:removeNode");
- }
-
-
- /**
- * Test for SLING-997, preserve privileges that were not posted with the modifyAce
- * request.
- */
- @Test
- public void testMergeAceForUserSplitAggregatePrincipal() throws IOException, JsonException {
- testUserId = H.createTestUser();
- testFolderUrl = H.createTestFolder();
-
- String postUrl = testFolderUrl + ".modifyAce.html";
-
- //1. create an initial set of privileges
- List<NameValuePair> postParams = new ArrayList<NameValuePair>();
- postParams.add(new NameValuePair("principalId", testUserId));
- postParams.add(new NameValuePair("privilege@jcr:read", "granted"));
- postParams.add(new NameValuePair("privilege@jcr:write", "denied"));
-
- Credentials creds = new UsernamePasswordCredentials("admin", "admin");
- H.assertAuthenticatedPostStatus(creds, postUrl, HttpServletResponse.SC_OK, postParams, null);
-
- //fetch the JSON for the acl to verify the settings.
- String getUrl = testFolderUrl + ".acl.json";
-
- String json = H.getAuthenticatedContent(creds, getUrl, HttpTest.CONTENT_TYPE_JSON, null, HttpServletResponse.SC_OK);
- assertNotNull(json);
-
- JsonObject jsonObject = JsonUtil.parseObject(json);
- assertEquals(1, jsonObject.size());
-
- JsonObject aceObject = jsonObject.getJsonObject(testUserId);
- assertNotNull(aceObject);
-
- assertEquals(testUserId, aceObject.getString("principal"));
-
- JsonArray grantedArray = aceObject.getJsonArray("granted");
- assertNotNull(grantedArray);
- assertEquals(1, grantedArray.size());
- Set<String> grantedPrivilegeNames = new HashSet<String>();
- for (int i=0; i < grantedArray.size(); i++) {
- grantedPrivilegeNames.add(grantedArray.getString(i));
- }
- H.assertPrivilege(grantedPrivilegeNames, true, "jcr:read");
-
- JsonArray deniedArray = aceObject.getJsonArray("denied");
- assertNotNull(deniedArray);
- assertEquals(1, deniedArray.size());
- Set<String> deniedPrivilegeNames = new HashSet<String>();
- for (int i=0; i < deniedArray.size(); i++) {
- deniedPrivilegeNames.add(deniedArray.getString(i));
- }
- H.assertPrivilege(deniedPrivilegeNames, true, "jcr:write");
-
-
-
- //2. post a new set of privileges to merge with the existing privileges
- List<NameValuePair> postParams2 = new ArrayList<NameValuePair>();
- postParams2.add(new NameValuePair("principalId", testUserId));
- //jcr:read is not posted, so it should remain in the granted ACE
- postParams2.add(new NameValuePair("privilege@jcr:modifyProperties", "granted")); //add a new privilege
- //jcr:write is not posted, but one of the aggregate privileges is now granted, so the aggregate priviledge should be disagreaged into
- // the remaining denied privileges in the denied ACE
-
- H.assertAuthenticatedPostStatus(creds, postUrl, HttpServletResponse.SC_OK, postParams2, null);
-
-
- //fetch the JSON for the acl to verify the settings.
- String json2 = H.getAuthenticatedContent(creds, getUrl, HttpTest.CONTENT_TYPE_JSON, null, HttpServletResponse.SC_OK);
- assertNotNull(json2);
-
- JsonObject jsonObject2 = JsonUtil.parseObject(json2);
- assertEquals(1, jsonObject2.size());
-
- JsonObject aceObject2 = jsonObject2.getJsonObject(testUserId);
- assertNotNull(aceObject2);
-
- assertEquals(testUserId, aceObject2.getString("principal"));
-
- JsonArray grantedArray2 = aceObject2.getJsonArray("granted");
- assertNotNull(grantedArray2);
- assertEquals(2, grantedArray2.size());
- Set<String> grantedPrivilegeNames2 = new HashSet<String>();
- for (int i=0; i < grantedArray2.size(); i++) {
- grantedPrivilegeNames2.add(grantedArray2.getString(i));
- }
- H.assertPrivilege(grantedPrivilegeNames2, true, "jcr:read");
- H.assertPrivilege(grantedPrivilegeNames2, true, "jcr:modifyProperties");
-
- JsonArray deniedArray2 = aceObject2.getJsonArray("denied");
- assertNotNull(deniedArray2);
- assertEquals(3, deniedArray2.size());
- Set<String> deniedPrivilegeNames2 = new HashSet<String>();
- for (int i=0; i < deniedArray2.size(); i++) {
- deniedPrivilegeNames2.add(deniedArray2.getString(i));
- }
- H.assertPrivilege(deniedPrivilegeNames2, false, "jcr:write");
- //only the remaining privileges from the disaggregated jcr:write collection should remain.
- H.assertPrivilege(deniedPrivilegeNames2, true, "jcr:addChildNodes");
- H.assertPrivilege(deniedPrivilegeNames2, true, "jcr:removeNode");
- H.assertPrivilege(deniedPrivilegeNames2, true, "jcr:removeChildNodes");
- }
-
- /**
- * Test for SLING-997, preserve privileges that were not posted with the modifyAce
- * request.
- */
- @Test
- public void testMergeAceForUserCombineAggregatePrivilege() throws IOException, JsonException {
- testUserId = H.createTestUser();
- testFolderUrl = H.createTestFolder();
-
- String postUrl = testFolderUrl + ".modifyAce.html";
-
- //1. create an initial set of privileges
- List<NameValuePair> postParams = new ArrayList<NameValuePair>();
- postParams.add(new NameValuePair("principalId", testUserId));
- postParams.add(new NameValuePair("privilege@jcr:read", "granted"));
- postParams.add(new NameValuePair("privilege@jcr:removeNode", "denied"));
-
- Credentials creds = new UsernamePasswordCredentials("admin", "admin");
- H.assertAuthenticatedPostStatus(creds, postUrl, HttpServletResponse.SC_OK, postParams, null);
-
- //fetch the JSON for the acl to verify the settings.
- String getUrl = testFolderUrl + ".acl.json";
-
- String json = H.getAuthenticatedContent(creds, getUrl, HttpTest.CONTENT_TYPE_JSON, null, HttpServletResponse.SC_OK);
- assertNotNull(json);
-
- JsonObject jsonObject = JsonUtil.parseObject(json);
- assertEquals(1, jsonObject.size());
-
- JsonObject aceObject = jsonObject.getJsonObject(testUserId);
- assertNotNull(aceObject);
-
- assertEquals(testUserId, aceObject.getString("principal"));
-
- JsonArray grantedArray = aceObject.getJsonArray("granted");
- assertNotNull(grantedArray);
- assertEquals(1, grantedArray.size());
- Set<String> grantedPrivilegeNames = new HashSet<String>();
- for (int i=0; i < grantedArray.size(); i++) {
- grantedPrivilegeNames.add(grantedArray.getString(i));
- }
- H.assertPrivilege(grantedPrivilegeNames, true, "jcr:read");
-
- JsonArray deniedArray = aceObject.getJsonArray("denied");
- assertNotNull(deniedArray);
- assertEquals(1, deniedArray.size());
- Set<String> deniedPrivilegeNames = new HashSet<String>();
- for (int i=0; i < deniedArray.size(); i++) {
- deniedPrivilegeNames.add(deniedArray.getString(i));
- }
- H.assertPrivilege(deniedPrivilegeNames, true, "jcr:removeNode");
-
-
-
- //2. post a new set of privileges to merge with the existing privileges
- List<NameValuePair> postParams2 = new ArrayList<NameValuePair>();
- postParams2.add(new NameValuePair("principalId", testUserId));
- //jcr:read is not posted, so it should remain in the granted ACE
-
- //deny the full jcr:write aggregate privilege, which should merge with the
- //existing part.
- postParams2.add(new NameValuePair("privilege@jcr:write", "denied")); //add a new privilege
-
- H.assertAuthenticatedPostStatus(creds, postUrl, HttpServletResponse.SC_OK, postParams2, null);
-
-
- //fetch the JSON for the acl to verify the settings.
- String json2 = H.getAuthenticatedContent(creds, getUrl, HttpTest.CONTENT_TYPE_JSON, null, HttpServletResponse.SC_OK);
- assertNotNull(json2);
-
- JsonObject jsonObject2 = JsonUtil.parseObject(json2);
- assertEquals(1, jsonObject2.size());
-
- JsonObject aceObject2 = jsonObject2.getJsonObject(testUserId);
- assertNotNull(aceObject2);
-
- assertEquals(testUserId, aceObject.getString("principal"));
-
- JsonArray grantedArray2 = aceObject2.getJsonArray("granted");
- assertNotNull(grantedArray2);
- assertEquals(1, grantedArray2.size());
- Set<String> grantedPrivilegeNames2 = new HashSet<String>();
- for (int i=0; i < grantedArray2.size(); i++) {
- grantedPrivilegeNames2.add(grantedArray2.getString(i));
- }
- H.assertPrivilege(grantedPrivilegeNames2, true, "jcr:read");
-
- JsonArray deniedArray2 = aceObject2.getJsonArray("denied");
- assertNotNull(deniedArray2);
- assertEquals(1, deniedArray2.size());
- Set<String> deniedPrivilegeNames2 = new HashSet<String>();
- for (int i=0; i < deniedArray2.size(); i++) {
- deniedPrivilegeNames2.add(deniedArray2.getString(i));
- }
- H.assertPrivilege(deniedPrivilegeNames2, true, "jcr:write");
- }
-
-
- /**
- * Test ACE update with a deny privilege for an ACE that already contains
- * a grant privilege
- */
- @Test
- public void testMergeAceForUserDenyPrivilegeAfterGrantPrivilege() throws IOException, JsonException {
- testUserId = H.createTestUser();
- testFolderUrl = H.createTestFolder();
-
- String postUrl = testFolderUrl + ".modifyAce.html";
-
- //1. create an initial set of privileges
- List<NameValuePair> postParams = new ArrayList<NameValuePair>();
- postParams.add(new NameValuePair("principalId", testUserId));
- postParams.add(new NameValuePair("privilege@jcr:write", "granted"));
-
- Credentials creds = new UsernamePasswordCredentials("admin", "admin");
- H.assertAuthenticatedPostStatus(creds, postUrl, HttpServletResponse.SC_OK, postParams, null);
-
- //fetch the JSON for the acl to verify the settings.
- String getUrl = testFolderUrl + ".acl.json";
-
- String json = H.getAuthenticatedContent(creds, getUrl, HttpTest.CONTENT_TYPE_JSON, null, HttpServletResponse.SC_OK);
- assertNotNull(json);
-
- JsonObject jsonObject = JsonUtil.parseObject(json);
- assertEquals(1, jsonObject.size());
-
- JsonObject aceObject = jsonObject.getJsonObject(testUserId);
- assertNotNull(aceObject);
-
- assertEquals(testUserId, aceObject.getString("principal"));
-
- JsonArray grantedArray = aceObject.getJsonArray("granted");
- assertNotNull(grantedArray);
- assertEquals(1, grantedArray.size());
- Set<String> grantedPrivilegeNames = new HashSet<String>();
- for (int i=0; i < grantedArray.size(); i++) {
- grantedPrivilegeNames.add(grantedArray.getString(i));
- }
- H.assertPrivilege(grantedPrivilegeNames, true, "jcr:write");
-
- assertFalse(aceObject.containsKey("denied"));
-
-
- //2. post a new set of privileges to merge with the existing privileges
- List<NameValuePair> postParams2 = new ArrayList<NameValuePair>();
- postParams2.add(new NameValuePair("principalId", testUserId));
- //jcr:write is not posted, so it should remain in the granted ACE
-
- //deny the jcr:nodeTypeManagement privilege, which should merge with the
- //existing ACE.
- postParams2.add(new NameValuePair("privilege@jcr:nodeTypeManagement", "denied")); //add a new privilege
-
- H.assertAuthenticatedPostStatus(creds, postUrl, HttpServletResponse.SC_OK, postParams2, null);
-
-
- //fetch the JSON for the acl to verify the settings.
- String json2 = H.getAuthenticatedContent(creds, getUrl, HttpTest.CONTENT_TYPE_JSON, null, HttpServletResponse.SC_OK);
- assertNotNull(json2);
-
- JsonObject jsonObject2 = JsonUtil.parseObject(json2);
- assertEquals(1, jsonObject2.size());
-
- JsonObject aceObject2 = jsonObject2.getJsonObject(testUserId);
- assertNotNull(aceObject2);
-
- assertEquals(testUserId, aceObject2.getString("principal"));
-
- JsonArray grantedArray2 = aceObject2.getJsonArray("granted");
- assertNotNull(grantedArray2);
- assertEquals(1, grantedArray2.size());
- Set<String> grantedPrivilegeNames2 = new HashSet<String>();
- for (int i=0; i < grantedArray2.size(); i++) {
- grantedPrivilegeNames2.add(grantedArray2.getString(i));
- }
- H.assertPrivilege(grantedPrivilegeNames2, true, "jcr:write");
-
- JsonArray deniedArray2 = aceObject2.getJsonArray("denied");
- assertNotNull(deniedArray2);
- assertEquals(1, deniedArray2.size());
- Set<String> deniedPrivilegeNames2 = new HashSet<String>();
- for (int i=0; i < deniedArray2.size(); i++) {
- deniedPrivilegeNames2.add(deniedArray2.getString(i));
- }
- H.assertPrivilege(deniedPrivilegeNames2, true, "jcr:nodeTypeManagement");
- }
-
-
-
- /**
- * Test to verify adding an ACE in the first position of
- * the ACL
- */
- @Test
- public void testAddAceOrderByFirst() throws IOException, JsonException {
- createAceOrderTestFolderWithOneAce();
-
- testGroupId = H.createTestGroup();
-
- addOrUpdateAce(testFolderUrl, testGroupId, true, "first");
-
- //fetch the JSON for the acl to verify the settings.
- String getUrl = testFolderUrl + ".acl.json";
-
- Credentials creds = new UsernamePasswordCredentials("admin", "admin");
- String json = H.getAuthenticatedContent(creds, getUrl, HttpTest.CONTENT_TYPE_JSON, null, HttpServletResponse.SC_OK);
- assertNotNull(json);
-
- JsonObject jsonObject = JsonUtil.parseObject(json);
- assertEquals(2, jsonObject.size());
-
- JsonObject group = jsonObject.getJsonObject(testGroupId);
- assertNotNull(group);
- assertEquals(testGroupId, group.getString("principal"));
- assertEquals(0, group.getInt("order"));
- JsonObject user = jsonObject.getJsonObject(testUserId);
- assertNotNull(user);
- assertEquals(testUserId, user.getString("principal"));
- assertEquals(1, user.getInt("order"));
- }
-
- /**
- * Test to verify adding an ACE at the end
- * the ACL
- */
- @Test
- public void testAddAceOrderByLast() throws IOException, JsonException {
- createAceOrderTestFolderWithOneAce();
-
- testGroupId = H.createTestGroup();
-
- addOrUpdateAce(testFolderUrl, testGroupId, true, "last");
-
- //fetch the JSON for the acl to verify the settings.
- String getUrl = testFolderUrl + ".acl.json";
-
- Credentials creds = new UsernamePasswordCredentials("admin", "admin");
- String json = H.getAuthenticatedContent(creds, getUrl, HttpTest.CONTENT_TYPE_JSON, null, HttpServletResponse.SC_OK);
- assertNotNull(json);
-
- JsonObject jsonObject = JsonUtil.parseObject(json);
- assertEquals(2, jsonObject.size());
-
- JsonObject user = jsonObject.getJsonObject(testUserId);
- assertNotNull(user);
- assertEquals(testUserId, user.getString("principal"));
- assertEquals(0, user.getInt("order"));
- JsonObject group = jsonObject.getJsonObject(testGroupId);
- assertNotNull(group);
- assertEquals(testGroupId, group.getString("principal"));
- assertEquals(1, group.getInt("order"));
-
- }
-
- /**
- * Test to verify adding an ACE before an existing ACE
- * the ACL
- */
- @Test
- public void testAddAceOrderByBefore() throws IOException, JsonException {
- createAceOrderTestFolderWithOneAce();
-
- testGroupId = H.createTestGroup();
-
- addOrUpdateAce(testFolderUrl, testGroupId, true, "before " + testUserId);
-
- //fetch the JSON for the acl to verify the settings.
- String getUrl = testFolderUrl + ".acl.json";
-
- Credentials creds = new UsernamePasswordCredentials("admin", "admin");
- String json = H.getAuthenticatedContent(creds, getUrl, HttpTest.CONTENT_TYPE_JSON, null, HttpServletResponse.SC_OK);
- assertNotNull(json);
-
-
- JsonObject jsonObject = JsonUtil.parseObject(json);
- assertEquals(2, jsonObject.size());
-
-
- JsonObject group = jsonObject.getJsonObject(testGroupId);
- assertNotNull(group);
- assertEquals(testGroupId, group.getString("principal"));
- assertEquals(0, group.getInt("order"));
- JsonObject user = jsonObject.getJsonObject(testUserId);
- assertNotNull(user);
- assertEquals(testUserId, user.getString("principal"));
- assertEquals(1, user.getInt("order"));
-
- }
-
- /**
- * Test to verify adding an ACE after an existing ACE
- * the ACL
- */
- @Test
- public void testAddAceOrderByAfter() throws IOException, JsonException {
- createAceOrderTestFolderWithOneAce();
-
- testGroupId = H.createTestGroup();
-
- addOrUpdateAce(testFolderUrl, testGroupId, true, "after " + testUserId);
-
- //fetch the JSON for the acl to verify the settings.
- String getUrl = testFolderUrl + ".acl.json";
-
- Credentials creds = new UsernamePasswordCredentials("admin", "admin");
- String json = H.getAuthenticatedContent(creds, getUrl, HttpTest.CONTENT_TYPE_JSON, null, HttpServletResponse.SC_OK);
- assertNotNull(json);
-
- JsonObject jsonObject = JsonUtil.parseObject(json);
- assertEquals(2, jsonObject.size());
-
- JsonObject user = jsonObject.getJsonObject(testUserId);
- assertNotNull(user);
- assertEquals(testUserId, user.getString("principal"));
- assertEquals(0, user.getInt("order"));
- JsonObject group = jsonObject.getJsonObject(testGroupId);
- assertNotNull(group);
- assertEquals(testGroupId, group.getString("principal"));
- assertEquals(1, group.getInt("order"));
-
- }
-
- /**
- * Test to verify adding an ACE at a specific index inside
- * the ACL
- */
- @Test
- public void testAddAceOrderByNumeric() throws IOException, JsonException {
- createAceOrderTestFolderWithOneAce();
-
- testGroupId = H.createTestGroup();
- addOrUpdateAce(testFolderUrl, testGroupId, true, "0");
-
- //fetch the JSON for the acl to verify the settings.
- String getUrl = testFolderUrl + ".acl.json";
-
- Credentials creds = new UsernamePasswordCredentials("admin", "admin");
- String json = H.getAuthenticatedContent(creds, getUrl, HttpTest.CONTENT_TYPE_JSON, null, HttpServletResponse.SC_OK);
- assertNotNull(json);
-
-
- JsonObject jsonObject = JsonUtil.parseObject(json);
- assertEquals(2, jsonObject.size());
-
- JsonObject group = jsonObject.getJsonObject(testGroupId);
- assertNotNull(group);
- assertEquals(testGroupId, group.getString("principal"));
- assertEquals(0, group.getInt("order"));
-
- JsonObject user = jsonObject.getJsonObject(testUserId);
- assertNotNull(user);
- assertEquals(testUserId, user.getString("principal"));
- assertEquals(1, user.getInt("order"));
-
-
-
- //add another principal between the testGroupId and testUserId
- testUserId2 = H.createTestUser();
- addOrUpdateAce(testFolderUrl, testUserId2, true, "1");
-
- String json2 = H.getAuthenticatedContent(creds, getUrl, HttpTest.CONTENT_TYPE_JSON, null, HttpServletResponse.SC_OK);
- assertNotNull(json2);
-
- JsonObject jsonObject2 = JsonUtil.parseObject(json2);
- assertEquals(3, jsonObject2.size());
-
- JsonObject group2 = jsonObject2.getJsonObject(testGroupId);
- assertNotNull(group2);
- assertEquals(testGroupId, group2.getString("principal"));
- assertEquals(0, group2.getInt("order"));
-
- JsonObject user3 = jsonObject2.getJsonObject(testUserId2);
- assertNotNull(user3);
- assertEquals(testUserId2, user3.getString("principal"));
- assertEquals(1, user3.getInt("order"));
-
- JsonObject user2 = jsonObject2.getJsonObject(testUserId);
- assertNotNull(user2);
- assertEquals(testUserId, user2.getString("principal"));
- assertEquals(2, user2.getInt("order"));
-
- }
-
- /**
- * Test to make sure modifying an existing ace without changing the order
- * leaves the ACE in the same position in the ACL
- */
- @Test
- public void testUpdateAcePreservePosition() throws IOException, JsonException {
- createAceOrderTestFolderWithOneAce();
-
- testGroupId = H.createTestGroup();
-
- addOrUpdateAce(testFolderUrl, testGroupId, true, "first");
-
- //update the ace to make sure the update does not change the ACE order
- addOrUpdateAce(testFolderUrl, testGroupId, false, null);
-
-
- //fetch the JSON for the acl to verify the settings.
- String getUrl = testFolderUrl + ".acl.json";
-
- Credentials creds = new UsernamePasswordCredentials("admin", "admin");
- String json = H.getAuthenticatedContent(creds, getUrl, HttpTest.CONTENT_TYPE_JSON, null, HttpServletResponse.SC_OK);
- assertNotNull(json);
-
- JsonObject jsonObject = JsonUtil.parseObject(json);
- assertEquals(2, jsonObject.size());
-
- JsonObject group = jsonObject.getJsonObject(testGroupId);
- assertNotNull(group);
- assertEquals(testGroupId, group.getString("principal"));
- assertEquals(0, group.getInt("order"));
- JsonObject user = jsonObject.getJsonObject(testUserId);
- assertNotNull(user);
- assertEquals(testUserId, user.getString("principal"));
- assertEquals(1, user.getInt("order"));
-
- }
-
-
- /**
- * Helper to create a test folder with a single ACE pre-created
- */
- private void createAceOrderTestFolderWithOneAce() throws IOException, JsonException {
- testUserId = H.createTestUser();
-
- testFolderUrl = H.createTestFolder();
-
- addOrUpdateAce(testFolderUrl, testUserId, true, null);
-
- //fetch the JSON for the acl to verify the settings.
- String getUrl = testFolderUrl + ".acl.json";
-
- Credentials creds = new UsernamePasswordCredentials("admin", "admin");
- String json = H.getAuthenticatedContent(creds, getUrl, HttpTest.CONTENT_TYPE_JSON, null, HttpServletResponse.SC_OK);
- assertNotNull(json);
-
- JsonObject jsonObject = JsonUtil.parseObject(json);
- assertEquals(1, jsonObject.size());
-
- JsonObject user = jsonObject.getJsonObject(testUserId);
- assertNotNull(user);
- assertEquals(testUserId, user.getString("principal"));
- assertEquals(0, user.getInt("order"));
-
- }
-
- /**
- * Helper to add or update an ace for testing
- */
- private void addOrUpdateAce(String folderUrl, String principalId, boolean readGranted, String order) throws IOException, JsonException {
- addOrUpdateAce(folderUrl, principalId, readGranted, order, null);
- }
- private void addOrUpdateAce(String folderUrl, String principalId, boolean readGranted, String order, Map<String, Object> restrictions) throws IOException, JsonException {
- String postUrl = folderUrl + ".modifyAce.html";
-
- //1. create an initial set of privileges
- List<NameValuePair> postParams = new ArrayList<NameValuePair>();
- postParams.add(new NameValuePair("principalId", principalId));
- postParams.add(new NameValuePair("privilege@jcr:read", readGranted ? "granted" : "denied"));
- postParams.add(new NameValuePair("privilege@jcr:write", "denied"));
- if (order != null) {
- postParams.add(new NameValuePair("order", order));
- }
- if (restrictions != null) {
- Set<Entry<String, Object>> entrySet = restrictions.entrySet();
- for (Entry<String, Object> entry : entrySet) {
- Object value = entry.getValue();
- if (value != null) {
- String rname = entry.getKey();
- String paramName = String.format("restriction@%s", rname);
-
- if (value.getClass().isArray()) {
- int length = Array.getLength(value);
- for (int i=0; i < length; i++) {
- Object rvalue = Array.get(value, i);
- if (rvalue instanceof String) {
- postParams.add(new NameValuePair(paramName, (String)rvalue));
- }
- }
- } else if (value instanceof String) {
- postParams.add(new NameValuePair(paramName, (String)value));
- }
- }
- }
- }
-
- Credentials creds = new UsernamePasswordCredentials("admin", "admin");
- H.assertAuthenticatedPostStatus(creds, postUrl, HttpServletResponse.SC_OK, postParams, null);
- }
-
- /**
- * Test for SLING-1677
- */
- @Test
- public void testModifyAceResponseAsJSON() throws IOException, JsonException {
- testUserId = H.createTestUser();
-
- testFolderUrl = H.createTestFolder();
-
- String postUrl = testFolderUrl + ".modifyAce.json";
-
- List<NameValuePair> postParams = new ArrayList<NameValuePair>();
- postParams.add(new NameValuePair("principalId", testUserId));
- postParams.add(new NameValuePair("privilege@jcr:read", "granted"));
- postParams.add(new NameValuePair("privilege@jcr:write", "denied"));
- postParams.add(new NameValuePair("privilege@jcr:modifyAccessControl", "bogus")); //invalid value should be ignored.
-
- Credentials creds = new UsernamePasswordCredentials("admin", "admin");
- String json = H.getAuthenticatedPostContent(creds, postUrl, HttpTest.CONTENT_TYPE_JSON, postParams, HttpServletResponse.SC_OK);
-
- //make sure the json response can be parsed as a JSON object
- JsonObject jsonObject = JsonUtil.parseObject(json);
- assertNotNull(jsonObject);
- }
-
-
- /**
- * Test for SLING-3010
- */
- @Test
- public void testMergeAceForUserGrantNestedAggregatePrivilegeAfterDenySuperAggregatePrivilege() throws IOException, JsonException {
- testUserId = H.createTestUser();
-
- testFolderUrl = H.createTestFolder();
-
- String postUrl = testFolderUrl + ".modifyAce.json";
-
- //1. setup an initial set of denied privileges for the test user
- List<NameValuePair> postParams = new ArrayList<NameValuePair>();
- postParams.add(new NameValuePair("principalId", testUserId));
- postParams.add(new NameValuePair("privilege@jcr:versionManagement", "denied"));
- postParams.add(new NameValuePair("privilege@jcr:read", "denied"));
- postParams.add(new NameValuePair("privilege@jcr:modifyAccessControl", "denied"));
- postParams.add(new NameValuePair("privilege@rep:write", "denied"));
-
- Credentials creds = new UsernamePasswordCredentials("admin", "admin");
- /*String json = */H.getAuthenticatedPostContent(creds, postUrl, HttpTest.CONTENT_TYPE_JSON, postParams, HttpServletResponse.SC_OK);
-
-
- //2. now grant the jcr:write subset from the rep:write aggregate privilege
- postParams = new ArrayList<NameValuePair>();
- postParams.add(new NameValuePair("principalId", testUserId));
- postParams.add(new NameValuePair("privilege@jcr:versionManagement", "granted"));
- postParams.add(new NameValuePair("privilege@jcr:read", "granted"));
- postParams.add(new NameValuePair("privilege@jcr:modifyAccessControl", "granted"));
- postParams.add(new NameValuePair("privilege@jcr:write", "granted")); //sub-aggregate of rep:write
-
- /*String json = */H.getAuthenticatedPostContent(creds, postUrl, HttpTest.CONTENT_TYPE_JSON, postParams, HttpServletResponse.SC_OK);
-
- //3. verify that the acl has the correct values
- //fetch the JSON for the acl to verify the settings.
- String getUrl = testFolderUrl + ".acl.json";
-
- String json = H.getAuthenticatedContent(creds, getUrl, HttpTest.CONTENT_TYPE_JSON, null, HttpServletResponse.SC_OK);
- assertNotNull(json);
-
- JsonObject jsonObject = JsonUtil.parseObject(json);
- assertEquals(1, jsonObject.size());
-
- JsonObject aceObject = jsonObject.getJsonObject(testUserId);
- assertNotNull(aceObject);
-
- assertEquals(testUserId, aceObject.getString("principal"));
-
- JsonArray grantedArray = aceObject.getJsonArray("granted");
- assertNotNull(grantedArray);
- assertEquals(4, grantedArray.size());
- Set<String> grantedPrivilegeNames = new HashSet<String>();
- for (int i=0; i < grantedArray.size(); i++) {
- grantedPrivilegeNames.add(grantedArray.getString(i));
- }
- H.assertPrivilege(grantedPrivilegeNames, true, "jcr:versionManagement");
- H.assertPrivilege(grantedPrivilegeNames, true, "jcr:read");
- H.assertPrivilege(grantedPrivilegeNames, true, "jcr:modifyAccessControl");
- H.assertPrivilege(grantedPrivilegeNames, true, "jcr:write");
-
- JsonArray deniedArray = aceObject.getJsonArray("denied");
- assertNotNull(deniedArray);
- assertEquals(1, deniedArray.size());
- Set<String> deniedPrivilegeNames = new HashSet<String>();
- for (int i=0; i < deniedArray.size(); i++) {
- deniedPrivilegeNames.add(deniedArray.getString(i));
- }
- //the leftovers from the denied rep:write that were not granted with jcr:write
- H.assertPrivilege(deniedPrivilegeNames, true, "jcr:nodeTypeManagement");
- }
-
- /**
- * Test for SLING-3010
- */
- @Test
- public void testMergeAceForUserGrantAggregatePrivilegePartsAfterDenyAggregatePrivilege() throws IOException, JsonException {
- testUserId = H.createTestUser();
-
- testFolderUrl = H.createTestFolder();
-
- String postUrl = testFolderUrl + ".modifyAce.json";
-
- //1. setup an initial set of denied privileges for the test user
- List<NameValuePair> postParams = new ArrayList<NameValuePair>();
- postParams.add(new NameValuePair("principalId", testUserId));
- postParams.add(new NameValuePair("privilege@jcr:versionManagement", "denied"));
- postParams.add(new NameValuePair("privilege@jcr:read", "denied"));
- postParams.add(new NameValuePair("privilege@jcr:modifyAccessControl", "denied"));
- postParams.add(new NameValuePair("privilege@rep:write", "denied"));
-
- Credentials creds = new UsernamePasswordCredentials("admin", "admin");
- /*String json = */H.getAuthenticatedPostContent(creds, postUrl, HttpTest.CONTENT_TYPE_JSON, postParams, HttpServletResponse.SC_OK);
-
- //2. now grant the all the privileges contained in the rep:write privilege
- postParams = new ArrayList<NameValuePair>();
- postParams.add(new NameValuePair("principalId", testUserId));
- postParams.add(new NameValuePair("privilege@jcr:versionManagement", "granted"));
- postParams.add(new NameValuePair("privilege@jcr:read", "granted"));
- postParams.add(new NameValuePair("privilege@jcr:modifyAccessControl", "granted"));
- postParams.add(new NameValuePair("privilege@jcr:nodeTypeManagement", "granted")); //sub-privilege of rep:write
- postParams.add(new NameValuePair("privilege@jcr:write", "granted")); //sub-aggregate of rep:write
-
- /*String json = */H.getAuthenticatedPostContent(creds, postUrl, HttpTest.CONTENT_TYPE_JSON, postParams, HttpServletResponse.SC_OK);
-
- //3. verify that the acl has the correct values
- //fetch the JSON for the acl to verify the settings.
- String getUrl = testFolderUrl + ".acl.json";
-
- String json = H.getAuthenticatedContent(creds, getUrl, HttpTest.CONTENT_TYPE_JSON, null, HttpServletResponse.SC_OK);
- assertNotNull(json);
-
- JsonObject jsonObject = JsonUtil.parseObject(json);
- assertEquals(1, jsonObject.size());
-
- JsonObject aceObject = jsonObject.getJsonObject(testUserId);
- assertNotNull(aceObject);
-
- assertEquals(testUserId, aceObject.getString("principal"));
-
- JsonArray grantedArray = aceObject.getJsonArray("granted");
- assertNotNull(grantedArray);
- Set<String> grantedPrivilegeNames = new HashSet<String>();
- for (int i=0; i < grantedArray.size(); i++) {
- grantedPrivilegeNames.add(grantedArray.getString(i));
- }
- H.assertPrivilege(grantedPrivilegeNames, true, "jcr:versionManagement");
- H.assertPrivilege(grantedPrivilegeNames, true, "jcr:read");
- H.assertPrivilege(grantedPrivilegeNames, true, "jcr:modifyAccessControl");
- H.assertPrivilege(grantedPrivilegeNames, true, "rep:write"); //jcr:nodeTypeManagement + jcr:write
- assertEquals("Expecting the correct number of privileges in " + grantedPrivilegeNames, 4, grantedPrivilegeNames.size());
-
- //should be nothing left in the denied set.
- Object deniedArray = aceObject.get("denied");
- assertNull(deniedArray);
- }
-
- /**
- * SLING-8117 - Test to verify adding an ACE with restriction to
- * the ACL
- */
- @Test
- public void testAddAceWithRestriction() throws IOException, JsonException {
- createAceOrderTestFolderWithOneAce();
-
- testGroupId = H.createTestGroup();
-
- Map<String, Object> restrictions = new HashMap<>();
- restrictions.put("rep:glob", "/hello");
- restrictions.put("rep:itemNames", new String[] {"child1", "child2"});
-
- addOrUpdateAce(testFolderUrl, testGroupId, true, "first", restrictions);
-
- //fetch the JSON for the acl to verify the settings.
- String getUrl = testFolderUrl + ".acl.json";
-
- Credentials creds = new UsernamePasswordCredentials("admin", "admin");
- String json = H.getAuthenticatedContent(creds, getUrl, HttpTest.CONTENT_TYPE_JSON, null, HttpServletResponse.SC_OK);
- assertNotNull(json);
-
-
- JsonObject jsonObject = JsonUtil.parseObject(json);
- assertEquals(2, jsonObject.size());
-
-
- JsonObject group = jsonObject.getJsonObject(testGroupId);
- assertNotNull(group);
- assertEquals(testGroupId, group.getString("principal"));
- assertEquals(0, group.getInt("order"));
-
- //verify restrictions are returned
- assertTrue(group.containsKey("restrictions"));
- JsonObject restrictionsObj = group.getJsonObject("restrictions");
- assertNotNull(restrictionsObj);
-
- Object repGlob = restrictionsObj.get("rep:glob");
- assertNotNull(repGlob);
- assertTrue(repGlob instanceof JsonString);
- assertEquals("/hello", ((JsonString)repGlob).getString());
-
- Object itemNames = restrictionsObj.get("rep:itemNames");
- assertNotNull(itemNames);
- assertTrue(itemNames instanceof JsonArray);
- assertEquals(2, ((JsonArray)itemNames).size());
-
-
- JsonObject user = jsonObject.getJsonObject(testUserId);
- assertNotNull(user);
- assertEquals(testUserId, user.getString("principal"));
- assertEquals(1, user.getInt("order"));
- assertFalse(user.containsKey("restrictions"));
-
- }
-
- /**
- * SLING-8117 - Test to verify merging an ACE with an existing restriction to
- * the ACL
- */
- @Test
- public void testUpdateAceToMergeNewRestriction() throws IOException, JsonException {
- createAceOrderTestFolderWithOneAce();
-
- testGroupId = H.createTestGroup();
-
- //first create an ACE with the first restriction
- Map<String, Object> restrictions = new HashMap<>();
- restrictions.put("rep:glob", "/hello");
-
- addOrUpdateAce(testFolderUrl, testGroupId, true, "first", restrictions);
-
- //fetch the JSON for the acl to verify the settings.
- String getUrl = testFolderUrl + ".acl.json";
-
- Credentials creds = new UsernamePasswordCredentials("admin", "admin");
- String json = H.getAuthenticatedContent(creds, getUrl, HttpTest.CONTENT_TYPE_JSON, null, HttpServletResponse.SC_OK);
- assertNotNull(json);
-
- JsonObject jsonObject = JsonUtil.parseObject(json);
- assertEquals(2, jsonObject.size());
-
- JsonObject group = jsonObject.getJsonObject(testGroupId);
- assertNotNull(group);
- assertEquals(testGroupId, group.getString("principal"));
- assertEquals(0, group.getInt("order"));
-
- //verify restrictions are returned
- assertTrue(group.containsKey("restrictions"));
- JsonObject restrictionsObj = group.getJsonObject("restrictions");
- assertNotNull(restrictionsObj);
- assertEquals(1, restrictionsObj.size());
-
- Object repGlob = restrictionsObj.get("rep:glob");
- assertNotNull(repGlob);
- assertTrue(repGlob instanceof JsonString);
- assertEquals("/hello", ((JsonString)repGlob).getString());
-
-
-
- //second update the ACE with a second restriction
- Map<String, Object> restrictions2 = new HashMap<>();
- restrictions2.put("rep:itemNames", new String[] {"child1", "child2"});
-
- addOrUpdateAce(testFolderUrl, testGroupId, true, "first", restrictions2);
-
- String json2 = H.getAuthenticatedContent(creds, getUrl, HttpTest.CONTENT_TYPE_JSON, null, HttpServletResponse.SC_OK);
- assertNotNull(json2);
-
- JsonObject jsonObject2 = JsonUtil.parseObject(json2);
- assertEquals(2, jsonObject2.size());
-
- JsonObject group2 = jsonObject2.getJsonObject(testGroupId);
- assertNotNull(group2);
- assertEquals(testGroupId, group2.getString("principal"));
- assertEquals(0, group2.getInt("order"));
-
- //verify restrictions are returned
- assertTrue(group2.containsKey("restrictions"));
- JsonObject restrictionsObj2 = group2.getJsonObject("restrictions");
- assertNotNull(restrictionsObj2);
- assertEquals(2, restrictionsObj2.size());
-
- Object repGlob2 = restrictionsObj2.get("rep:glob");
- assertNotNull(repGlob2);
- assertTrue(repGlob2 instanceof JsonString);
- assertEquals("/hello", ((JsonString)repGlob2).getString());
-
- Object itemNames2 = restrictionsObj2.get("rep:itemNames");
- assertNotNull(itemNames2);
- assertTrue(itemNames2 instanceof JsonArray);
- assertEquals(2, ((JsonArray)itemNames2).size());
- }
-
- /**
- * SLING-8117 - Test to verify removing a restriction from an ACE
- */
- @Test
- public void testUpdateAceToRemoveRestriction() throws IOException, JsonException {
- createAceOrderTestFolderWithOneAce();
-
- testGroupId = H.createTestGroup();
-
- //first create an ACE with the restrictions
- Map<String, Object> restrictions = new HashMap<>();
- restrictions.put("rep:glob", "/hello");
- restrictions.put("rep:itemNames", new String[] {"child1", "child2"});
-
- addOrUpdateAce(testFolderUrl, testGroupId, true, "first", restrictions);
-
- //fetch the JSON for the acl to verify the settings.
- String getUrl = testFolderUrl + ".acl.json";
-
- Credentials creds = new UsernamePasswordCredentials("admin", "admin");
- String json = H.getAuthenticatedContent(creds, getUrl, HttpTest.CONTENT_TYPE_JSON, null, HttpServletResponse.SC_OK);
- assertNotNull(json);
-
- JsonObject jsonObject = JsonUtil.parseObject(json);
- assertEquals(2, jsonObject.size());
-
- JsonObject group = jsonObject.getJsonObject(testGroupId);
- assertNotNull(group);
- assertEquals(testGroupId, group.getString("principal"));
- assertEquals(0, group.getInt("order"));
-
- //verify restrictions are returned
- assertTrue(group.containsKey("restrictions"));
- JsonObject restrictionsObj = group.getJsonObject("restrictions");
- assertNotNull(restrictionsObj);
-
- Object repGlob = restrictionsObj.get("rep:glob");
- assertNotNull(repGlob);
- assertTrue(repGlob instanceof JsonString);
- assertEquals("/hello", ((JsonString)repGlob).getString());
-
- Object itemNames = restrictionsObj.get("rep:itemNames");
- assertNotNull(itemNames);
- assertTrue(itemNames instanceof JsonArray);
- assertEquals(2, ((JsonArray)itemNames).size());
-
-
- //second remove the restrictions
- Map<String, Object> restrictions2 = new HashMap<>();
- restrictions2.put("rep:glob@Delete", "true");
- restrictions2.put("rep:itemNames@Delete", new String[] {"value does not", "matter"});
- addOrUpdateAce(testFolderUrl, testGroupId, true, "first", restrictions2);
-
- String json2 = H.getAuthenticatedContent(creds, getUrl, HttpTest.CONTENT_TYPE_JSON, null, HttpServletResponse.SC_OK);
- assertNotNull(json2);
-
- JsonObject jsonObject2 = JsonUtil.parseObject(json2);
- assertEquals(2, jsonObject2.size());
-
- JsonObject group2 = jsonObject2.getJsonObject(testGroupId);
- assertNotNull(group2);
- assertEquals(testGroupId, group2.getString("principal"));
- assertEquals(0, group2.getInt("order"));
-
- //verify no restrictions are returned
- assertFalse(group2.containsKey("restrictions"));
- }
-
- /**
- * SLING-8117 - Test to verify removing a restriction from an ACE does not happen
- * if a new value with the same name has also been supplied
- */
- @Test
- public void testUpdateAceToRemoveRestrictionWithConflict() throws IOException, JsonException {
- createAceOrderTestFolderWithOneAce();
-
- testGroupId = H.createTestGroup();
-
- //first create an ACE with the restrictions
- Map<String, Object> restrictions = new HashMap<>();
- restrictions.put("rep:glob", "/hello");
-
- addOrUpdateAce(testFolderUrl, testGroupId, true, "first", restrictions);
-
- //fetch the JSON for the acl to verify the settings.
- String getUrl = testFolderUrl + ".acl.json";
-
- Credentials creds = new UsernamePasswordCredentials("admin", "admin");
- String json = H.getAuthenticatedContent(creds, getUrl, HttpTest.CONTENT_TYPE_JSON, null, HttpServletResponse.SC_OK);
- assertNotNull(json);
-
- JsonObject jsonObject = JsonUtil.parseObject(json);
- assertEquals(2, jsonObject.size());
-
- JsonObject group = jsonObject.getJsonObject(testGroupId);
- assertNotNull(group);
- assertEquals(testGroupId, group.getString("principal"));
- assertEquals(0, group.getInt("order"));
-
- //verify restrictions are returned
- assertTrue(group.containsKey("restrictions"));
- JsonObject restrictionsObj = group.getJsonObject("restrictions");
- assertNotNull(restrictionsObj);
-
- Object repGlob = restrictionsObj.get("rep:glob");
- assertNotNull(repGlob);
- assertTrue(repGlob instanceof JsonString);
- assertEquals("/hello", ((JsonString)repGlob).getString());
-
-
- //second remove the restriction and also supply a new value of the same
- Map<String, Object> restrictions2 = new HashMap<>();
- restrictions2.put("rep:glob@Delete", "true");
- restrictions2.put("rep:glob", "/hello_again");
- addOrUpdateAce(testFolderUrl, testGroupId, true, "first", restrictions2);
-
- String json2 = H.getAuthenticatedContent(creds, getUrl, HttpTest.CONTENT_TYPE_JSON, null, HttpServletResponse.SC_OK);
- assertNotNull(json2);
-
- JsonObject jsonObject2 = JsonUtil.parseObject(json2);
- assertEquals(2, jsonObject2.size());
-
- JsonObject group2 = jsonObject2.getJsonObject(testGroupId);
- assertNotNull(group2);
- assertEquals(testGroupId, group2.getString("principal"));
- assertEquals(0, group2.getInt("order"));
-
- //verify restrictions are returned
- assertTrue(group2.containsKey("restrictions"));
- JsonObject restrictionsObj2 = group2.getJsonObject("restrictions");
- assertNotNull(restrictionsObj2);
-
- Object repGlob2 = restrictionsObj2.get("rep:glob");
- assertNotNull(repGlob2);
- assertTrue(repGlob2 instanceof JsonString);
- assertEquals("/hello_again", ((JsonString)repGlob2).getString());
- }
-
- /**
- * SLING-8809 - Test to verify submitting an invalid principalId returns a
- * good error message instead of a NullPointerException
- */
- @Test
- public void testModifyAceForInvalidUser() throws IOException, JsonException {
- String invalidUserId = "notRealUser123";
-
- testFolderUrl = H.createTestFolder();
-
- String postUrl = testFolderUrl + ".modifyAce.json";
-
- List<NameValuePair> postParams = new ArrayList<NameValuePair>();
- postParams.add(new NameValuePair(":http-equiv-accept", JSONResponse.RESPONSE_CONTENT_TYPE));
- postParams.add(new NameValuePair("principalId", invalidUserId));
- postParams.add(new NameValuePair("privilege@jcr:read", "granted"));
- postParams.add(new NameValuePair("privilege@jcr:write", "denied"));
- postParams.add(new NameValuePair("privilege@jcr:modifyAccessControl", "bogus")); //invalid value should be ignored.
-
- Credentials creds = new UsernamePasswordCredentials("admin", "admin");
- String json = H.getAuthenticatedPostContent(creds, postUrl, HttpTest.CONTENT_TYPE_JSON, postParams, HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
- assertNotNull(json);
-
- JsonObject jsonObject = JsonUtil.parseObject(json);
- assertEquals("javax.jcr.RepositoryException: Invalid principalId was submitted.", jsonObject.getString("status.message"));
- }
-
- /**
- * SLING-8811 - Test to verify that the "changes" list of a modifyAce response
- * returns the list of principals that were changed
- */
- @Test
- public void testModifyAceChangesInResponse() throws IOException, JsonException {
- testUserId = H.createTestUser();
-
- testFolderUrl = H.createTestFolder();
-
- String postUrl = testFolderUrl + ".modifyAce.json";
-
- List<NameValuePair> postParams = new ArrayList<NameValuePair>();
- postParams.add(new NameValuePair(":http-equiv-accept", JSONResponse.RESPONSE_CONTENT_TYPE));
- postParams.add(new NameValuePair("principalId", testUserId));
- postParams.add(new NameValuePair("privilege@jcr:read", "granted"));
- postParams.add(new NameValuePair("privilege@jcr:write", "denied"));
- postParams.add(new NameValuePair("privilege@jcr:modifyAccessControl", "bogus")); //invalid value should be ignored.
-
- Credentials creds = new UsernamePasswordCredentials("admin", "admin");
- String json = H.getAuthenticatedPostContent(creds, postUrl, HttpTest.CONTENT_TYPE_JSON, postParams, HttpServletResponse.SC_OK);
- assertNotNull(json);
-
- JsonObject jsonObject = JsonUtil.parseObject(json);
- JsonArray changesArray = jsonObject.getJsonArray("changes");
- assertNotNull(changesArray);
- assertEquals(1, changesArray.size());
- JsonObject change = changesArray.getJsonObject(0);
- assertEquals("modified", change.getString("type"));
- assertEquals(testUserId, change.getString("argument"));
- }
-
-}
diff --git a/src/main/java/org/apache/sling/launchpad/webapp/integrationtest/accessManager/RemoveAcesTest.java b/src/main/java/org/apache/sling/launchpad/webapp/integrationtest/accessManager/RemoveAcesTest.java
deleted file mode 100644
index a5e7f3a..0000000
--- a/src/main/java/org/apache/sling/launchpad/webapp/integrationtest/accessManager/RemoveAcesTest.java
+++ /dev/null
@@ -1,302 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.sling.launchpad.webapp.integrationtest.accessManager;
-
-import java.io.IOException;
-import java.util.ArrayList;
-import java.util.List;
-
-import javax.json.JsonArray;
-import javax.json.JsonException;
-import javax.json.JsonObject;
-import javax.servlet.http.HttpServletResponse;
-
-import org.apache.commons.httpclient.Credentials;
-import org.apache.commons.httpclient.NameValuePair;
-import org.apache.commons.httpclient.UsernamePasswordCredentials;
-import org.apache.sling.commons.testing.integration.HttpTest;
-import org.apache.sling.launchpad.webapp.integrationtest.util.JsonUtil;
-import org.apache.sling.servlets.post.JSONResponse;
-import org.junit.Test;
-
-/**
- * Tests for the 'removeAce' Sling POST operation
- */
-public class RemoveAcesTest extends AccessManagerTestUtil {
- String testUserId = null;
- String testGroupId = null;
- String testFolderUrl = null;
-
- @Override
- public void tearDown() throws Exception {
- super.tearDown();
-
- Credentials creds = new UsernamePasswordCredentials("admin", "admin");
-
- if (testFolderUrl != null) {
- //remove the test user if it exists.
- String postUrl = testFolderUrl;
- List<NameValuePair> postParams = new ArrayList<NameValuePair>();
- postParams.add(new NameValuePair(":operation", "delete"));
- assertAuthenticatedPostStatus(creds, postUrl, HttpServletResponse.SC_OK, postParams, null);
- }
- if (testGroupId != null) {
- //remove the test user if it exists.
- String postUrl = HTTP_BASE_URL + "/system/userManager/group/" + testGroupId + ".delete.html";
- List<NameValuePair> postParams = new ArrayList<NameValuePair>();
- assertAuthenticatedPostStatus(creds, postUrl, HttpServletResponse.SC_OK, postParams, null);
- }
- if (testUserId != null) {
- //remove the test user if it exists.
- String postUrl = HTTP_BASE_URL + "/system/userManager/user/" + testUserId + ".delete.html";
- List<NameValuePair> postParams = new ArrayList<NameValuePair>();
- assertAuthenticatedPostStatus(creds, postUrl, HttpServletResponse.SC_OK, postParams, null);
- }
- //todo delete test folder
- }
-
- private String createFolderWithAces(boolean addGroupAce) throws IOException, JsonException {
- testUserId = createTestUser();
- testFolderUrl = createTestFolder();
-
- String postUrl = testFolderUrl + ".modifyAce.html";
-
- List<NameValuePair> postParams = new ArrayList<NameValuePair>();
- postParams.add(new NameValuePair("principalId", testUserId));
- postParams.add(new NameValuePair("privilege@jcr:read", "granted"));
- postParams.add(new NameValuePair("privilege@jcr:write", "denied"));
-
- Credentials creds = new UsernamePasswordCredentials("admin", "admin");
- assertAuthenticatedPostStatus(creds, postUrl, HttpServletResponse.SC_OK, postParams, null);
-
- if (addGroupAce) {
- testGroupId = createTestGroup();
-
- postParams = new ArrayList<NameValuePair>();
- postParams.add(new NameValuePair("principalId", testGroupId));
- postParams.add(new NameValuePair("privilege@jcr:read", "granted"));
-
- assertAuthenticatedPostStatus(creds, postUrl, HttpServletResponse.SC_OK, postParams, null);
- }
-
- //fetch the JSON for the acl to verify the settings.
- String getUrl = testFolderUrl + ".acl.json";
-
- String json = getAuthenticatedContent(creds, getUrl, CONTENT_TYPE_JSON, null, HttpServletResponse.SC_OK);
- assertNotNull(json);
-
- JsonObject jsonObject = JsonUtil.parseObject(json);
-
- if (addGroupAce) {
- assertEquals(2, jsonObject.size());
- } else {
- assertEquals(1, jsonObject.size());
- }
-
- JsonObject aceObject = jsonObject.getJsonObject(testUserId);
- assertNotNull(aceObject);
-
- assertEquals(0, aceObject.getInt("order"));
-
- String principalString = aceObject.getString("principal");
- assertEquals(testUserId, principalString);
-
- JsonArray grantedArray = aceObject.getJsonArray("granted");
- assertNotNull(grantedArray);
- assertEquals("jcr:read", grantedArray.getString(0));
-
- JsonArray deniedArray = aceObject.getJsonArray("denied");
- assertNotNull(deniedArray);
- assertEquals("jcr:write", deniedArray.getString(0));
-
- if (addGroupAce) {
- aceObject = jsonObject.getJsonObject(testGroupId);
- assertNotNull(aceObject);
-
- principalString = aceObject.getString("principal");
- assertEquals(testGroupId, principalString);
-
- assertEquals(1, aceObject.getInt("order"));
-
- grantedArray = aceObject.getJsonArray("granted");
- assertNotNull(grantedArray);
- assertEquals("jcr:read", grantedArray.getString(0));
- }
-
- return testFolderUrl;
- }
-
- //test removing a single ace
- public void testRemoveAce() throws IOException, JsonException {
- String folderUrl = createFolderWithAces(false);
-
- //remove the ace for the testUser principal
- String postUrl = folderUrl + ".deleteAce.html";
- List<NameValuePair> postParams = new ArrayList<NameValuePair>();
- postParams.add(new NameValuePair(":applyTo", testUserId));
- Credentials creds = new UsernamePasswordCredentials("admin", "admin");
- assertAuthenticatedPostStatus(creds, postUrl, HttpServletResponse.SC_OK, postParams, null);
-
- //fetch the JSON for the acl to verify the settings.
- String getUrl = folderUrl + ".acl.json";
-
- String json = getAuthenticatedContent(creds, getUrl, CONTENT_TYPE_JSON, null, HttpServletResponse.SC_OK);
- assertNotNull(json);
-
- JsonObject jsonObject = JsonUtil.parseObject(json);
- assertNotNull(jsonObject);
- assertEquals(0, jsonObject.size());
- }
-
- /**
- * Test for SLING-7831
- */
- public void testRemoveAceCustomPostResponse() throws IOException, JsonException {
- String folderUrl = createFolderWithAces(false);
-
- //remove the ace for the testUser principal
- String postUrl = folderUrl + ".deleteAce.html";
- List<NameValuePair> postParams = new ArrayList<NameValuePair>();
- postParams.add(new NameValuePair(":responseType", "custom"));
- postParams.add(new NameValuePair(":applyTo", testUserId));
-
- Credentials creds = new UsernamePasswordCredentials("admin", "admin");
- String content = getAuthenticatedPostContent(creds, postUrl, HttpTest.CONTENT_TYPE_HTML, postParams, HttpServletResponse.SC_OK);
- assertEquals("Thanks!", content); //verify that the content matches the custom response
- }
-
- //test removing multiple aces
- public void testRemoveAces() throws IOException, JsonException {
- String folderUrl = createFolderWithAces(true);
-
- //remove the ace for the testUser principal
- String postUrl = folderUrl + ".deleteAce.html";
- List<NameValuePair> postParams = new ArrayList<NameValuePair>();
- postParams.add(new NameValuePair(":applyTo", testUserId));
- postParams.add(new NameValuePair(":applyTo", testGroupId));
- Credentials creds = new UsernamePasswordCredentials("admin", "admin");
- assertAuthenticatedPostStatus(creds, postUrl, HttpServletResponse.SC_OK, postParams, null);
-
- //fetch the JSON for the acl to verify the settings.
- String getUrl = folderUrl + ".acl.json";
-
- String json = getAuthenticatedContent(creds, getUrl, CONTENT_TYPE_JSON, null, HttpServletResponse.SC_OK);
- assertNotNull(json);
-
- JsonObject jsonObject = JsonUtil.parseObject(json);
- assertNotNull(jsonObject);
- assertEquals(0, jsonObject.size());
- }
-
- /**
- * Test for SLING-1677
- */
- public void testRemoveAcesResponseAsJSON() throws IOException, JsonException {
- String folderUrl = createFolderWithAces(true);
-
- //remove the ace for the testUser principal
- String postUrl = folderUrl + ".deleteAce.json";
- List<NameValuePair> postParams = new ArrayList<NameValuePair>();
- postParams.add(new NameValuePair(":applyTo", testUserId));
- postParams.add(new NameValuePair(":applyTo", testGroupId));
- Credentials creds = new UsernamePasswordCredentials("admin", "admin");
- String json = getAuthenticatedPostContent(creds, postUrl, CONTENT_TYPE_JSON, postParams, HttpServletResponse.SC_OK);
-
- //make sure the json response can be parsed as a JSON object
- JsonObject jsonObject = JsonUtil.parseObject(json);
- assertNotNull(jsonObject);
- }
-
- /**
- * SLING-8810 - Test that a attempt to remove an ACE from a
- * node that does not yet have an AccessControlList responds
- * in a consistent way to other scenarios
- */
- @Test
- public void testRemoveAceWhenAccessControlListDoesNotExist() throws IOException, JsonException {
- testUserId = createTestUser();
- testFolderUrl = createTestFolder();
-
- String postUrl = testFolderUrl + ".deleteAce.json";
-
- List<NameValuePair> postParams = new ArrayList<NameValuePair>();
- postParams.add(new NameValuePair(":http-equiv-accept", JSONResponse.RESPONSE_CONTENT_TYPE));
- postParams.add(new NameValuePair(":applyTo", testUserId));
-
- Credentials creds = new UsernamePasswordCredentials("admin", "admin");
- String json = getAuthenticatedPostContent(creds, postUrl, HttpTest.CONTENT_TYPE_JSON, postParams, HttpServletResponse.SC_OK);
- assertNotNull(json);
-
- JsonObject jsonObject = JsonUtil.parseObject(json);
- JsonArray changesArray = jsonObject.getJsonArray("changes");
- assertNotNull(changesArray);
- assertEquals(0, changesArray.size());
- }
-
- /**
- * SLING-8812 - Test to verify submitting an invalid principalId returns a
- * good error message instead of a NullPointerException
- */
- @Test
- public void testRemoveAceForInvalidUser() throws IOException, JsonException {
- String invalidUserId = "notRealUser123";
-
- String folderUrl = createFolderWithAces(true);
-
- String postUrl = folderUrl + ".deleteAce.json";
-
- List<NameValuePair> postParams = new ArrayList<NameValuePair>();
- postParams.add(new NameValuePair(":http-equiv-accept", JSONResponse.RESPONSE_CONTENT_TYPE));
- postParams.add(new NameValuePair(":applyTo", invalidUserId));
-
- Credentials creds = new UsernamePasswordCredentials("admin", "admin");
- String json = getAuthenticatedPostContent(creds, postUrl, HttpTest.CONTENT_TYPE_JSON, postParams, HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
- assertNotNull(json);
-
- JsonObject jsonObject = JsonUtil.parseObject(json);
- assertEquals("javax.jcr.RepositoryException: Invalid principalId was submitted.", jsonObject.getString("status.message"));
- }
-
- /**
- * SLING-8811 - Test to verify that the "changes" list of a modifyAce response
- * returns the list of principals that were changed
- */
- @Test
- public void testRemoveAceChangesInResponse() throws IOException, JsonException {
- String folderUrl = createFolderWithAces(true);
-
- String postUrl = folderUrl + ".deleteAce.json";
-
- List<NameValuePair> postParams = new ArrayList<NameValuePair>();
- postParams.add(new NameValuePair(":http-equiv-accept", JSONResponse.RESPONSE_CONTENT_TYPE));
- postParams.add(new NameValuePair(":applyTo", testUserId));
-
- Credentials creds = new UsernamePasswordCredentials("admin", "admin");
- String json = getAuthenticatedPostContent(creds, postUrl, HttpTest.CONTENT_TYPE_JSON, postParams, HttpServletResponse.SC_OK);
- assertNotNull(json);
-
- JsonObject jsonObject = JsonUtil.parseObject(json);
- JsonArray changesArray = jsonObject.getJsonArray("changes");
- assertNotNull(changesArray);
- assertEquals(1, changesArray.size());
- JsonObject change = changesArray.getJsonObject(0);
- assertEquals("deleted", change.getString("type"));
- assertEquals(testUserId, change.getString("argument"));
- }
-
-}
-
diff --git a/src/main/resources/integration-test/accessmanager/privileges-info.json.esp b/src/main/resources/integration-test/accessmanager/privileges-info.json.esp
deleted file mode 100644
index 01b32b6..0000000
--- a/src/main/resources/integration-test/accessmanager/privileges-info.json.esp
+++ /dev/null
@@ -1,111 +0,0 @@
-<%
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-var factory = Packages.javax.json.Json.createBuilderFactory(Packages.java.util.Collections.emptyMap());
-var jsonObjBuilder = factory.createObjectBuilder();
-
-var privilegesInfo = new Packages.org.apache.sling.jcr.jackrabbit.accessmanager.PrivilegesInfo();
-
-jsonObjBuilder.add("canAddChildren", privilegesInfo.canAddChildren(currentNode));
-jsonObjBuilder.add("canDeleteChildren", privilegesInfo.canDeleteChildren(currentNode));
-jsonObjBuilder.add("canDelete", privilegesInfo.canDelete(currentNode));
-jsonObjBuilder.add("canModifyProperties", privilegesInfo.canModifyProperties(currentNode));
-jsonObjBuilder.add("canReadAccessControl", privilegesInfo.canReadAccessControl(currentNode));
-jsonObjBuilder.add("canModifyAccessControl", privilegesInfo.canModifyAccessControl(currentNode));
-
-if (privilegesInfo.canReadAccessControl(currentNode)) {
- var declaredBuilder = factory.createObjectBuilder();
- var declared = privilegesInfo.getDeclaredAccessRights(currentNode);
- if (declared != null) {
- var iterator = declared.entrySet().iterator();
- while (iterator.hasNext()) {
- var next = iterator.next();
- var principal = next.getKey();
- var accessRights = next.getValue();
-
- var entryBuilder = factory.createObjectBuilder();
-
- var grantedBuilder = factory.createArrayBuilder();
- var granted = accessRights.getGranted();
- var grantedIt = granted.iterator();
- while (grantedIt.hasNext()) {
- var next = grantedIt.next();
- var name = next.getName();
- grantedBuilder.add(name);
- }
- entryBuilder.add("granted", grantedBuilder);
-
- var deniedBuilder = factory.createArrayBuilder();
- var denied = accessRights.getDenied();
- var deniedIt = denied.iterator();
- while (deniedIt.hasNext()) {
- var next = deniedIt.next();
- var name = next.getName();
- deniedBuilder.add(name);
- }
- entryBuilder.add("denied", deniedBuilder);
-
- declaredBuilder.add(principal.getName(), entryBuilder);
- }
- }
- jsonObjBuilder.add("declaredAccessRights", declaredBuilder);
-
- var effectiveBuilder = factory.createObjectBuilder();
- var effective = privilegesInfo.getEffectiveAccessRights(currentNode);
- if (effective != null) {
- var iterator = effective.entrySet().iterator();
- while (iterator.hasNext()) {
- var next = iterator.next();
- var principal = next.getKey();
- var accessRights = next.getValue();
-
- var entryBuilder = factory.createObjectBuilder();
-
- var grantedBuilder = factory.createArrayBuilder();
- var granted = accessRights.getGranted();
- var grantedIt = granted.iterator();
- while (grantedIt.hasNext()) {
- var next = grantedIt.next();
- var name = next.getName();
- grantedBuilder.add(name);
- }
- entryBuilder.add("granted", grantedBuilder);
-
- var deniedBuilder = factory.createArrayBuilder();
- var denied = accessRights.getDenied();
- var deniedIt = denied.iterator();
- while (deniedIt.hasNext()) {
- var next = deniedIt.next();
- var name = next.getName();
- deniedBuilder.add(name);
- }
- entryBuilder.add("denied", deniedBuilder);
-
- effectiveBuilder.add(principal.getName(), entryBuilder);
- }
- }
- jsonObjBuilder.add("effectiveAccessRights", effectiveBuilder);
-}
-
-var jsonObj = jsonObjBuilder.build();
-var jsonWriter = Packages.javax.json.Json.createWriter(response.getWriter());
-jsonWriter.writeObject(jsonObj);
-jsonWriter.close();
-%>
\ No newline at end of file