public void testSetModifiedPolicy() throws RepositoryException, NotExecutableException { /* precondition: testuser must have READ-only permission on test-node and below */ checkReadOnly(path); /* grant 'testUser' rep:write, rep:readAccessControl and rep:modifyAccessControl privileges at 'path' */ Privilege[] privileges = privilegesFromNames(new String[] { PrivilegeRegistry.REP_WRITE, Privilege.JCR_READ_ACCESS_CONTROL, Privilege.JCR_MODIFY_ACCESS_CONTROL }); JackrabbitAccessControlList tmpl = givePrivileges(path, privileges, getRestrictions(superuser, path)); /* testuser must be allowed to set (modified) policy at target node. */ Session testSession = getTestSession(); AccessControlManager testAcMgr = getTestACManager(); AccessControlPolicy[] policies = testAcMgr.getPolicies(path); assertEquals(1, policies.length); assertTrue(policies[0] instanceof AccessControlList); AccessControlList acl = (AccessControlList) policies[0]; if (acl.addAccessControlEntry(testUser.getPrincipal(), new Privilege[] {testAcMgr.privilegeFromName(Privilege.JCR_LOCK_MANAGEMENT)})) { testAcMgr.setPolicy(path, acl); testSession.save(); } }
checkReadOnly(path); Privilege[] privileges = privilegesFromNames(new String[] { PrivilegeRegistry.REP_WRITE, Privilege.JCR_READ_ACCESS_CONTROL, Privilege.JCR_MODIFY_ACCESS_CONTROL }); JackrabbitAccessControlList tmpl = givePrivileges(path, privileges, getRestrictions(superuser, path)); AccessControlManager testAcMgr = getTestACManager();
checkReadOnly(path); Privilege[] privileges = privilegesFromNames(new String[] { Privilege.JCR_READ_ACCESS_CONTROL }); JackrabbitAccessControlList tmpl = givePrivileges(path, privileges, getRestrictions(superuser, path)); Session testSession = getTestSession(); AccessControlManager testAcMgr = getTestACManager(); assertTrue(testAcMgr.hasPrivileges(path, privileges)); assertEquals(1, policies.length); assertTrue(policies[0] instanceof JackrabbitAccessControlList); fail("Expected node at " + path + " to have an ACL child node."); assertTrue(testAcMgr.hasPrivileges(aclNodePath, privileges)); assertTrue(testSession.hasPermission(aclNodePath, Session.ACTION_READ)); assertTrue(testAcMgr.hasPrivileges(aceNodePath, privileges)); assertTrue(testSession.hasPermission(aceNodePath, Session.ACTION_READ));
public void testAccessControlPrivileges() throws RepositoryException, NotExecutableException { /* precondition: testuser must have READ-only permission on test-node and below */ checkReadOnly(path); /* grant 'testUser' rep:write, rep:readAccessControl and rep:modifyAccessControl privileges at 'path' */ Privilege[] privileges = privilegesFromNames(new String[] { PrivilegeRegistry.REP_WRITE, Privilege.JCR_READ_ACCESS_CONTROL, Privilege.JCR_MODIFY_ACCESS_CONTROL }); JackrabbitAccessControlList tmpl = givePrivileges(path, privileges, getRestrictions(superuser, path)); Session testSession = getTestSession(); AccessControlManager testAcMgr = getTestACManager(); /* testuser must have - permission to view AC items - permission to modify AC items */ // the policy node however must be visible to the test-user assertTrue(testSession.itemExists(tmpl.getPath() + "/rep:policy")); testAcMgr.getPolicies(tmpl.getPath()); testAcMgr.removePolicy(tmpl.getPath(), tmpl); }
checkReadOnly(path); Privilege[] privileges = privilegesFromNames(new String[] { Privilege.JCR_READ_ACCESS_CONTROL }); Map<String, Value> restrictions = new HashMap<String, Value>(getRestrictions(superuser, path)); restrictions.put(AccessControlConstants.P_GLOB.toString(), vf.createValue("/" + nodeName2)); JackrabbitAccessControlList tmpl = givePrivileges(path, privileges, restrictions); Session testSession = getTestSession(); AccessControlManager testAcMgr = getTestACManager(); assertFalse(testAcMgr.hasPrivileges(path, privileges)); try { testAcMgr.getPolicies(path); fail("AccessDeniedException expected"); } catch (AccessDeniedException e) { assertTrue(testAcMgr.hasPrivileges(childNPath, privileges)); assertEquals(0, testAcMgr.getPolicies(childNPath).length); fail("Expected node at " + path + " to have an ACL child node."); assertFalse(testSession.nodeExists(aclNodePath)); assertFalse(testSession.nodeExists(aceNodePath)); assertFalse(testSession.propertyExists(it.nextProperty().getPath()));