@Nonnull @Override public Boolean perform() { return permissionProvider.isGranted(oakPath, actions); } });
@NotNull @Override public Set<String> getPrivileges(@Nullable Tree tree) { return BASE.getPrivileges(tree); }
@Test public void testHasPrivilegesTestGroup() { // testGroup PermissionProvider pp = createPermissionProvider(testGroupPrincipal); assertTrue(pp.hasPrivileges(content, PrivilegeConstants.JCR_READ)); assertTrue(pp.hasPrivileges(a, PrivilegeConstants.JCR_READ)); assertFalse(pp.hasPrivileges(c, PrivilegeConstants.JCR_READ)); assertTrue(pp.hasPrivileges(content, PrivilegeConstants.REP_WRITE, PrivilegeConstants.JCR_READ_ACCESS_CONTROL)); assertTrue(pp.hasPrivileges(a, PrivilegeConstants.REP_WRITE, PrivilegeConstants.JCR_READ_ACCESS_CONTROL)); assertTrue(pp.hasPrivileges(c, PrivilegeConstants.REP_WRITE, PrivilegeConstants.JCR_READ_ACCESS_CONTROL)); }
private void checkPermissions(@Nullable Tree tree, long permissions) throws AccessDeniedException { boolean isGranted; if (tree == null) { isGranted = getPermissionProvider().getRepositoryPermission().isGranted(permissions); } else { isGranted = getPermissionProvider().isGranted(tree, null, permissions); } if (!isGranted) { throw new AccessDeniedException("Access denied."); } }
@Test public void testCombinedSetup() throws Exception { AccessControlManager acMgr = getAccessControlManager(root); JackrabbitAccessControlList acl = AccessControlUtils.getAccessControlList(acMgr, "/content"); acl.addAccessControlEntry(getTestGroupPrincipal(), AccessControlUtils.privilegesFromNames(acMgr, PrivilegeConstants.JCR_READ_ACCESS_CONTROL)); acMgr.setPolicy(acl.getPath(), acl); root.commit(); PermissionProvider combined = getConfig(AuthorizationConfiguration.class).getPermissionProvider(root, root.getContentSession().getWorkspaceName(), ImmutableSet.of(getTestGroupPrincipal())); for (String acPath : acPaths) { boolean canReadAc = Text.isDescendantOrEqual("/content", acPath); Tree acTree = root.getTree(acPath); assertEquals(canReadAc, combined.hasPrivileges(acTree, PrivilegeConstants.JCR_READ_ACCESS_CONTROL)); assertEquals(canReadAc, combined.getPrivileges(acTree).contains(PrivilegeConstants.JCR_READ_ACCESS_CONTROL)); assertEquals(canReadAc, combined.isGranted(acPath, JackrabbitSession.ACTION_READ_ACCESS_CONTROL)); assertEquals(canReadAc, combined.isGranted(acTree, null, Permissions.READ_ACCESS_CONTROL)); Tree t = root.getTree("/"); TreePermission tp = combined.getTreePermission(t, TreePermission.EMPTY); for (String name : PathUtils.elements(acPath)) { t = t.getChild(name); tp = combined.getTreePermission(t, tp); } assertEquals(canReadAc, tp.canRead()); assertEquals(canReadAc, tp.isGranted(Permissions.READ_ACCESS_CONTROL)); } } }
@NotNull @Override public TreePermission getTreePermission(@NotNull Tree tree, @NotNull TreePermission parentPermission) { return BASE.getTreePermission(tree, parentPermission); }
private void commit(Root root, String path) throws CommitFailedException { ImmutableMap.Builder<String, Object> info = ImmutableMap.builder(); if (path != null && !denotesRoot(path)) { info.put(Root.COMMIT_PATH, path); } if (userData != null) { info.put(EventFactory.USER_DATA, userData); } root.commit(info.build()); if (permissionProvider != null) { permissionProvider.refresh(); } }
@Test public void testAdministrativeAccess() { for (String path : getTreePaths()) { Tree t = root.getTree(path); assertFalse(t.exists()); } PermissionProvider pp = getPermissionProvider(adminSession.getAuthInfo().getPrincipals()); for (Tree t : trees) { pp.getPrivileges(t).contains(PrivilegeConstants.JCR_ALL); assertTrue(pp.isGranted(t, null, Permissions.ALL)); assertTrue(pp.isGranted(t, prop, Permissions.ALL)); String treePath = t.getPath(); String allActions = Text.implode(ACTION_NAMES, ","); assertTrue(pp.isGranted(treePath, allActions)); assertTrue(pp.isGranted(PathUtils.concat(treePath, prop.getName()), allActions)); } }
@NotNull @Override public RepositoryPermission getRepositoryPermission() { return BASE.getRepositoryPermission(); }
private void checkPermissions(@Nullable Tree tree, long permissions) throws AccessDeniedException { boolean isGranted; if (tree == null) { isGranted = getPermissionProvider().getRepositoryPermission().isGranted(permissions); } else { isGranted = getPermissionProvider().isGranted(tree, null, permissions); } if (!isGranted) { throw new AccessDeniedException("Access denied."); } }
@NotNull @Override public TreePermission getTreePermission(@NotNull Tree tree, @NotNull TreePermission parentPermission) { return BASE.getTreePermission(tree, parentPermission); }
private void commit(Root root, String path) throws CommitFailedException { ImmutableMap.Builder<String, Object> info = ImmutableMap.builder(); if (path != null && !denotesRoot(path)) { info.put(Root.COMMIT_PATH, path); } if (userData != null) { info.put(EventFactory.USER_DATA, userData); } root.commit(info.build()); if (permissionProvider != null) { permissionProvider.refresh(); } }
@Test public void testGuestAccess() throws Exception { try (ContentSession guest = login(new GuestCredentials())) { Root r = guest.getLatestRoot(); for (String path : getTreePaths()) { Tree t = r.getTree(path); assertFalse(t.exists()); } PermissionProvider pp = getPermissionProvider(guest.getAuthInfo().getPrincipals()); for (Tree t : trees) { pp.getPrivileges(t).isEmpty(); for (long permission : Permissions.aggregates(Permissions.ALL)) { assertFalse(pp.isGranted(t, null, permission)); assertFalse(pp.isGranted(t, prop, permission)); } for (String action : ACTION_NAMES) { String treePath = t.getPath(); assertFalse(pp.isGranted(treePath, action)); assertFalse(pp.isGranted(PathUtils.concat(treePath, prop.getName()), action)); } } } }
@NotNull @Override public RepositoryPermission getRepositoryPermission() { return BASE.getRepositoryPermission(); }
@NotNull @Override public Boolean perform() { return permissionProvider.isGranted(oakPath, actions); } });
@Test public void testHasPrivilegesTestGroupEveryone() { // testGroup + everyone PermissionProvider pp = createPermissionProvider(testGroupPrincipal, EveryonePrincipal.getInstance()); assertTrue(pp.hasPrivileges(content, PrivilegeConstants.JCR_READ)); assertTrue(pp.hasPrivileges(a, PrivilegeConstants.JCR_READ)); assertTrue(pp.hasPrivileges(c, PrivilegeConstants.JCR_READ)); assertTrue(pp.hasPrivileges(content, PrivilegeConstants.REP_WRITE, PrivilegeConstants.JCR_READ_ACCESS_CONTROL)); assertTrue(pp.hasPrivileges(a, PrivilegeConstants.REP_WRITE, PrivilegeConstants.JCR_READ_ACCESS_CONTROL)); assertTrue(pp.hasPrivileges(c, PrivilegeConstants.REP_WRITE, PrivilegeConstants.JCR_READ_ACCESS_CONTROL)); }
@NotNull @Override public Set<String> getPrivileges(@Nullable Tree tree) { return BASE.getPrivileges(tree); }
@Test public void testIsGrantedForReadPaths() throws Exception { ContentSession testSession = createTestSession(); try { PermissionProvider pp = createPermissionProvider(testSession) ; for (String path : READ_PATHS) { assertTrue(pp.isGranted(path, Permissions.getString(Permissions.READ))); assertTrue(pp.isGranted(path, Permissions.getString(Permissions.READ_NODE))); assertTrue(pp.isGranted(path + '/' + JcrConstants.JCR_PRIMARYTYPE, Permissions.getString(Permissions.READ_PROPERTY))); assertFalse(pp.isGranted(path, Permissions.getString(Permissions.READ_ACCESS_CONTROL))); } for (String path : READ_PATHS) { Tree tree = root.getTree(path); assertTrue(pp.isGranted(tree, null, Permissions.READ)); assertTrue(pp.isGranted(tree, null, Permissions.READ_NODE)); assertTrue(pp.isGranted(tree, tree.getProperty(JcrConstants.JCR_PRIMARYTYPE), Permissions.READ_PROPERTY)); assertFalse(pp.isGranted(tree, null, Permissions.READ_ACCESS_CONTROL)); } RepositoryPermission rp = pp.getRepositoryPermission(); assertFalse(rp.isGranted(Permissions.READ)); assertFalse(rp.isGranted(Permissions.READ_NODE)); assertFalse(rp.isGranted(Permissions.READ_PROPERTY)); assertFalse(rp.isGranted(Permissions.READ_ACCESS_CONTROL)); } finally { testSession.close(); } }
static TreePermission getTreePermission(@NotNull Root root, @NotNull String path, @NotNull PermissionProvider pp) { Tree t = root.getTree("/"); TreePermission tp = pp.getTreePermission(t, TreePermission.EMPTY); for (String segm : PathUtils.elements(path)) { t = t.getChild(segm); tp = pp.getTreePermission(t, tp); } return tp; } }
private void commit(Root root, String path) throws CommitFailedException { ImmutableMap.Builder<String, Object> info = ImmutableMap.builder(); if (path != null && !denotesRoot(path)) { info.put(Root.COMMIT_PATH, path); } if (userData != null) { info.put(EventFactory.USER_DATA, userData); } root.commit(info.build()); if (permissionProvider != null) { permissionProvider.refresh(); } }