private synchronized boolean internalAdd(Entry entry) throws RepositoryException { Principal principal = entry.getPrincipal(); List<Entry> entriesPerPrincipal = internalGetEntries(principal); if (entriesPerPrincipal.isEmpty()) { if (entry.isAllow() == e.isAllow()) { if (e.getPrivilegeBits().includes(entry.getPrivilegeBits())) { PrivilegeBits mergedBits = PrivilegeBits.getInstance(e.getPrivilegeBits()); mergedBits.add(entry.getPrivilegeBits()); entry = new Entry(entry, mergedBits, entry.isAllow()); } else { complementEntry = e; PrivilegeBits complPrivs = complementEntry.getPrivilegeBits(); PrivilegeBits diff = PrivilegeBits.getInstance(complPrivs); diff.diff(entry.getPrivilegeBits()); Entry tmpl = new Entry(entry, diff, !entry.isAllow()); entries.add(index, tmpl);
private boolean equalRestriction(Entry entry1, Entry entry2) throws RepositoryException { Value v1 = entry1.getRestriction(jcrRepGlob); Value v2 = entry2.getRestriction(jcrRepGlob); return (v1 == null) ? v2 == null : v1.equals(v2); }
@Test public void testRequireRootAclUpdate() throws Exception { // everyone principle does not exist, update should be required assertTrue( provider.requireRootAclUpdate( editor ) ); // add everyone principle when( aclEntry.getPrincipal() ).thenReturn( everyone ); // everyone principle exists, but the JCR_READ_ACCESS_CONTROL privilege is not yet added, update should be required assertTrue( provider.requireRootAclUpdate( editor ) ); // add the JCR_READ_ACCESS_CONTROL privilege Privilege[] privs = new Privilege[] { jcrReadAccessControlPriv }; when( aclEntry.getPrivileges() ).thenReturn( privs ); // everyone principle exists and it had the the JCR_READ_ACCESS_CONTROL privilege, update should not be required assertFalse( provider.requireRootAclUpdate( editor ) ); } }
private synchronized boolean internalAdd(Entry entry) throws RepositoryException { Principal principal = entry.getPrincipal(); List<Entry> entriesPerPrincipal = internalGetEntries(principal); if (entriesPerPrincipal.isEmpty()) { if (entry.isAllow() == e.isAllow()) { if (e.getPrivilegeBits().includes(entry.getPrivilegeBits())) { PrivilegeBits mergedBits = PrivilegeBits.getInstance(e.getPrivilegeBits()); mergedBits.add(entry.getPrivilegeBits()); entry = new Entry(entry, mergedBits, entry.isAllow()); } else { complementEntry = e; PrivilegeBits complPrivs = complementEntry.getPrivilegeBits(); PrivilegeBits diff = PrivilegeBits.getInstance(complPrivs); diff.diff(entry.getPrivilegeBits()); Entry tmpl = new Entry(entry, diff, !entry.isAllow()); entries.add(index, tmpl);
Entry ace = new Entry(princ, privilegeMgr.getBits(privNames), isAllow, restrictions);
Entry ace = new Entry(princ, privilegeMgr.getBits(privNames), isAllow, restrictions);
public void testMultipleEntryEffect2() throws RepositoryException, NotExecutableException { Privilege repwrite = getAccessControlManager(superuser).privilegeFromName(PrivilegeRegistry.REP_WRITE); JackrabbitAccessControlList pt = createEmptyTemplate(getTestPath()); pt.addAccessControlEntry(testPrincipal, new Privilege[] {repwrite}); // add deny entry for mod_props Privilege modProperties = getAccessControlManager(superuser).privilegeFromName(Privilege.JCR_MODIFY_PROPERTIES); assertTrue(pt.addEntry(testPrincipal, new Privilege[] {modProperties}, false, null)); // net-effect: 2 entries with the allow entry being adjusted assertTrue(pt.size() == 2); AccessControlEntry[] entries = pt.getAccessControlEntries(); for (AccessControlEntry entry1 : entries) { ACLTemplate.Entry entry = (ACLTemplate.Entry) entry1; PrivilegeBits privs = entry.getPrivilegeBits(); if (entry.isAllow()) { Privilege[] result = privilegesFromNames(new String[] { Privilege.JCR_ADD_CHILD_NODES, Privilege.JCR_NODE_TYPE_MANAGEMENT, Privilege.JCR_REMOVE_CHILD_NODES, Privilege.JCR_REMOVE_NODE}); PrivilegeBits bits = privilegeMgr.getBits(result); assertEquals(privs, bits); } else { assertEquals(privs, privilegeMgr.getBits(modProperties)); } } }
Entry createEntry(Entry base, Privilege[] newPrivileges, boolean isAllow) throws RepositoryException { return new Entry(base, newPrivileges, isAllow); }
Entry createEntry(Entry base, Privilege[] newPrivileges, boolean isAllow) throws RepositoryException { return new Entry(base, newPrivileges, isAllow); }
private PentahoEntry buildPentahoEntry( NodeId nodeId, String path, AccessControlEntry ace ) throws RepositoryException { PentahoEntry entry = null; if ( ace != null ) { Principal principal = ace.getPrincipal(); boolean isGroupEntry = principal instanceof Group; PrivilegeBits bits = ( (ACLTemplate.Entry) ace ).getPrivilegeBits(); boolean isAllow = ( (ACLTemplate.Entry) ace ).isAllow(); entry = new PentahoEntry( nodeId, principal.getName(), isGroupEntry, bits, isAllow, path, ( (ACLTemplate.Entry) ace ).getRestrictions() ); } return entry; }
/** * Create a new entry omitting any validation checks. * * @param principal * @param privileges * @param isAllow * @param restrictions * @return A new entry */ Entry createEntry(Principal principal, Privilege[] privileges, boolean isAllow, Map<String,Value> restrictions) throws RepositoryException { return new Entry(principal, privileges, isAllow, restrictions); }
private boolean equalRestriction(Entry entry1, Entry entry2) throws RepositoryException { Value v1 = entry1.getRestriction(jcrRepGlob); Value v2 = entry2.getRestriction(jcrRepGlob); return (v1 == null) ? v2 == null : v1.equals(v2); }
public void testRestrictions() throws RepositoryException { // test if restrictions with expanded name are properly resolved Map<String, Value> restrictions = new HashMap<String,Value>(); restrictions.put(ACLTemplate.P_GLOB.toString(), superuser.getValueFactory().createValue("*/test")); Privilege[] privs = new Privilege[] {acMgr.privilegeFromName(Privilege.JCR_ALL)}; ACLTemplate.Entry ace = acl.createEntry(testPrincipal, privs, true, restrictions); Value v = ace.getRestriction(ACLTemplate.P_GLOB.toString()); Value v2 = ace.getRestriction(((SessionImpl) superuser).getJCRName(ACLTemplate.P_GLOB)); assertEquals(v, v2); } }
/** * Create a new entry omitting any validation checks. * * @param principal * @param privileges * @param isAllow * @param restrictions * @return A new entry */ Entry createEntry(Principal principal, Privilege[] privileges, boolean isAllow, Map<String,Value> restrictions) throws RepositoryException { return new Entry(principal, privileges, isAllow, restrictions); }