@NotNull @Override public PermissionProvider getPermissionProvider(@NotNull Root root, @NotNull String workspaceName, @NotNull Set<Principal> principals) { if (supportedPath == null) { return EmptyPermissionProvider.getInstance(); } else { return new ThreeRolesPermissionProvider(root, principals, supportedPath, getContext(), getRootProvider()); } }
public PermissionProvider getPermissionProvider(@NotNull Root root, @NotNull String workspaceName, @NotNull Set<Principal> principals) { if (principals.contains(SystemPrincipal.INSTANCE)) { return EmptyPermissionProvider.getInstance(); } else { return new AggregatedPermissionProvider() {
switch (aggrPermissionProviders.size()) { case 0 : pp = EmptyPermissionProvider.getInstance(); break; case 1 :
switch (aggrPermissionProviders.size()) { case 0 : pp = EmptyPermissionProvider.getInstance(); break; case 1 :
switch (aggrPermissionProviders.size()) { case 0 : pp = EmptyPermissionProvider.getInstance(); break; case 1 :
@NotNull @Override public PermissionProvider getPermissionProvider(@NotNull Root root, @NotNull String workspaceName, @NotNull Set<Principal> principals) { ConfigurationParameters params = getParameters(); boolean enabled = params.getConfigValue(CugConstants.PARAM_CUG_ENABLED, false); if (!enabled || supportedPaths.isEmpty() || getExclude().isExcluded(principals)) { return EmptyPermissionProvider.getInstance(); } else { return new CugPermissionProvider(root, workspaceName, principals, supportedPaths, getSecurityProvider().getConfiguration(AuthorizationConfiguration.class).getContext(), getRootProvider(), getTreeProvider()); } }
@NotNull @Override public PermissionProvider getPermissionProvider(@NotNull Root root, @NotNull String workspaceName, @NotNull Set<Principal> principals) { ConfigurationParameters params = getParameters(); boolean enabled = params.getConfigValue(CugConstants.PARAM_CUG_ENABLED, false); if (!enabled || supportedPaths.isEmpty() || getExclude().isExcluded(principals)) { return EmptyPermissionProvider.getInstance(); } else { return new CugPermissionProvider(root, workspaceName, principals, supportedPaths, getSecurityProvider().getConfiguration(AuthorizationConfiguration.class).getContext(), getRootProvider(), getTreeProvider()); } }
@Test public void testNotEnabled() { context.registerInjectActivateService(cugExclude, ImmutableMap.of("principalNames", new String[] {ANY_PRINCIPAL_NAME})); context.registerInjectActivateService(cugConfiguration, ImmutableMap.of( CugConstants.PARAM_CUG_ENABLED, false, CugConstants.PARAM_CUG_SUPPORTED_PATHS, new String[]{"/"})); AuthorizationConfiguration config = context.getService(AuthorizationConfiguration.class); PermissionProvider permissionProvider = config.getPermissionProvider(root, wspName, ImmutableSet.of(new PrincipalImpl(ANY_PRINCIPAL_NAME))); assertSame(EmptyPermissionProvider.getInstance(), permissionProvider); }
@Test public void testNoSupportedPaths() { context.registerInjectActivateService(cugExclude, ImmutableMap.of("principalNames", new String[] {ANY_PRINCIPAL_NAME})); context.registerInjectActivateService(cugConfiguration, ImmutableMap.of( CugConstants.PARAM_CUG_ENABLED, true, CugConstants.PARAM_CUG_SUPPORTED_PATHS, new String[0])); AuthorizationConfiguration config = context.getService(AuthorizationConfiguration.class); PermissionProvider permissionProvider = config.getPermissionProvider(root, wspName, ImmutableSet.of(new PrincipalImpl(ANY_PRINCIPAL_NAME))); assertSame(EmptyPermissionProvider.getInstance(), permissionProvider); } }
when(authorizationConfiguration.getPermissionProvider(root, WSP_NAME, getEveryonePrincipalSet())).thenReturn(EmptyPermissionProvider.getInstance()); when(authorizationConfiguration.getPermissionProvider(root, WSP_NAME, testPrincipals)).thenReturn(OpenPermissionProvider.getInstance()); when(authorizationConfiguration.getPermissionProvider(root, WSP_NAME, ImmutableSet.of())).thenReturn(EmptyPermissionProvider.getInstance()); when(authorizationConfiguration.getContext()).thenReturn(Context.DEFAULT);
@Test public void testGetPermissionProviderDisabled3() { CugConfiguration cc = createConfiguration(ConfigurationParameters.EMPTY); PermissionProvider pp = cc.getPermissionProvider(root, "default", ImmutableSet.<Principal>of(EveryonePrincipal.getInstance())); assertSame(EmptyPermissionProvider.getInstance(), pp); }
@Test public void testCugExcludeExcludedPrincipal() { context.registerInjectActivateService(cugExclude, ImmutableMap.of("principalNames", new String[] {EXCLUDED_PRINCIPAL_NAME})); context.registerInjectActivateService(cugConfiguration, PROPERTIES); AuthorizationConfiguration config = context.getService(AuthorizationConfiguration.class); PermissionProvider permissionProvider = config.getPermissionProvider(root, wspName, ImmutableSet.of(new PrincipalImpl(EXCLUDED_PRINCIPAL_NAME))); assertSame(EmptyPermissionProvider.getInstance(), permissionProvider); }
@Test public void testGetPermissionProviderDisabled2() { ConfigurationParameters params = ConfigurationParameters.of( CugConstants.PARAM_CUG_ENABLED, false, CugConstants.PARAM_CUG_SUPPORTED_PATHS, "/content"); CugConfiguration cc = createConfiguration(params); PermissionProvider pp = cc.getPermissionProvider(root, "default", ImmutableSet.<Principal>of(EveryonePrincipal.getInstance())); assertSame(EmptyPermissionProvider.getInstance(), pp); }
@Test public void testGetPermissionProviderNoSupportedPaths() { // enabled but no supported paths specified CugConfiguration cc = createConfiguration(ConfigurationParameters.of(CugConstants.PARAM_CUG_ENABLED, true)); PermissionProvider pp = cc.getPermissionProvider(root, "default", ImmutableSet.<Principal>of(EveryonePrincipal.getInstance())); assertSame(EmptyPermissionProvider.getInstance(), pp); }
@Test public void testExcludedPrincipals() { ConfigurationParameters params = ConfigurationParameters.of( CugConstants.PARAM_CUG_ENABLED, true, CugConstants.PARAM_CUG_SUPPORTED_PATHS, "/content"); CugConfiguration cc = createConfiguration(params); List<Principal> excluded = ImmutableList.of( SystemPrincipal.INSTANCE, new AdminPrincipal() { @Override public String getName() { return "admin"; } }, new SystemUserPrincipal() { @Override public String getName() { return "systemUser"; } }); for (Principal p : excluded) { Set<Principal> principals = ImmutableSet.of(p, EveryonePrincipal.getInstance()); PermissionProvider pp = cc.getPermissionProvider(root, "default", principals); assertSame(EmptyPermissionProvider.getInstance(), pp); } }
@Test public void testCugExcludeExcludedDefault() { context.registerInjectActivateService(cugExclude); context.registerInjectActivateService(cugConfiguration, PROPERTIES); // default exclusion AdminPrincipal admin = () -> "name"; SystemUserPrincipal suPrincipal = () -> "name"; AuthorizationConfiguration config = context.getService(AuthorizationConfiguration.class); for (Principal p : new Principal[] {SystemPrincipal.INSTANCE, admin, suPrincipal}) { PermissionProvider permissionProvider = config.getPermissionProvider(root, wspName, ImmutableSet.of(p)); assertSame(EmptyPermissionProvider.getInstance(), permissionProvider); } // however, other principals must not be excluded PermissionProvider permissionProvider = config.getPermissionProvider(root, wspName, ImmutableSet.of(new PrincipalImpl(EXCLUDED_PRINCIPAL_NAME))); assertTrue(permissionProvider instanceof CugPermissionProvider); }
@Test public void testGetPermissionProviderDisabled() { CugConfiguration cc = createConfiguration(ConfigurationParameters.of(CugConstants.PARAM_CUG_ENABLED, false)); PermissionProvider pp = cc.getPermissionProvider(root, root.getContentSession().getWorkspaceName(), ImmutableSet.<Principal>of(EveryonePrincipal.getInstance())); assertSame(EmptyPermissionProvider.getInstance(), pp); }
@Test public void testMultipleGetPermissionProvider3() { CompositeAuthorizationConfiguration cc = getCompositeConfiguration( new OpenAuthorizationConfiguration(), new OpenAuthorizationConfiguration()); PermissionProvider pp = cc.getPermissionProvider(root, root.getContentSession().getWorkspaceName(), Collections.<Principal>emptySet()); assertFalse(pp instanceof CompositePermissionProvider); assertSame(EmptyPermissionProvider.getInstance(), pp); }