@Test public void testValidateRestrictionsAtEntryNode() throws Exception { NodeUtil aceNode = new NodeUtil(root.getTree("/")).addChild("test", NT_REP_GRANT_ACE); aceNode.setBoolean("boolean", true); aceNode.setValues("longs", new Value[] {vf.createValue(10), vf.createValue(290)}); aceNode.setString(REP_GLOB, "*"); aceNode.setNames(REP_NT_NAMES); // empty array provider.validateRestrictions("/test", aceNode.getTree()); }
@Test public void testRemoveExternalPrincipalNamesAsSystem() throws Exception { Root systemRoot = getSystemRoot(); NodeUtil n = new NodeUtil(systemRoot.getTree(externalUserPath)); // removal with system root must succeed n.removeProperty(ExternalIdentityConstants.REP_EXTERNAL_PRINCIPAL_NAMES); systemRoot.commit(); }
static void createCug(@NotNull Root root, @NotNull String path, @NotNull String principalName) throws RepositoryException { Tree tree = root.getTree(path); Preconditions.checkState(tree.exists()); TreeUtil.addMixin(tree, MIX_REP_CUG_MIXIN, root.getTree(NODE_TYPES_PATH), null); new NodeUtil(tree).addChild(REP_CUG_POLICY, NT_REP_CUG_POLICY).setStrings(REP_PRINCIPAL_NAMES, principalName); }
private static NodeUtil createACE(NodeUtil acl, String aceName, String ntName, String principalName, String... privilegeNames) throws AccessDeniedException { NodeUtil ace = acl.addChild(aceName, ntName); ace.setString(REP_PRINCIPAL_NAME, principalName); ace.setNames(REP_PRIVILEGES, privilegeNames); return ace; }
private Tree getAceTree(Restriction... restrictions) throws Exception { NodeUtil rootNode = new NodeUtil(root.getTree("/")); NodeUtil tmp = rootNode.addChild("testRoot", JcrConstants.NT_UNSTRUCTURED); Tree ace = tmp.addChild("rep:policy", NT_REP_ACL).addChild("ace0", NT_REP_GRANT_ACE).getTree(); restrictionProvider.writeRestrictions(tmp.getTree().getPath(), ace, ImmutableSet.copyOf(restrictions)); return ace; }
@Test public void testGetTokenInfoFromRegularNode() throws Exception { NodeUtil node = new NodeUtil(root.getTree("/")).addChild("testNode", JcrConstants.NT_UNSTRUCTURED); NodeUtil parent = node.addChild(TokenConstants.TOKENS_NODE_NAME, TokenConstants.TOKENS_NT_NAME); NodeUtil tokenNode = parent.addChild("tokenName", TokenConstants.TOKEN_NT_NAME); String tokenUUID = UUID.randomUUID().toString(); tokenNode.setString(JcrConstants.JCR_UUID, tokenUUID); String token = tokenUUID + "_generatedKey"; tokenNode.setString(TokenConstants.TOKEN_ATTRIBUTE_KEY, token); assertNull(tokenProvider.getTokenInfo(token)); }
@Test public void testValidateUnsupportedRestriction() throws Exception { RestrictionProvider rp = CompositeRestrictionProvider.newInstance(rp1, rp3); NodeUtil aceNode = new NodeUtil(root.getTree("/")).addChild("test", NT_REP_GRANT_ACE); NodeUtil rNode = aceNode.addChild(REP_RESTRICTIONS, NT_REP_RESTRICTIONS); rNode.setString("unsupported", "value"); try { rp.validateRestrictions("/test", aceNode.getTree()); fail("Validation must detect unsupported restriction"); } catch (AccessControlException e) { // success } }
@Before @Override public void before() throws Exception { super.before(); NodeUtil rootNode = new NodeUtil(root.getTree("/")); testRootNode = rootNode.addChild("testRoot", NT_UNSTRUCTURED); testRootNode.addChild("child", NT_UNSTRUCTURED); root.commit(); testPrincipal = getTestUser().getPrincipal(); }
@Test public void uuidIndexInListQuery() throws Exception{ NodeUtil node = new NodeUtil(root.getTree("/")); String uuid = UUID.randomUUID().toString(); String uuid2 = UUID.randomUUID().toString(); node.setString(JcrConstants.JCR_UUID, uuid); root.commit(); assertQuery("SELECT * FROM [nt:base] WHERE [jcr:uuid] in('" + uuid + "', '" + uuid2 + "')", ImmutableList.of("/")); assertEquals("Test index plan should be invoked", 1, testIndexProvider.index.invocationCount); }
@Test public void testModifyExternalPrincipalNamesAsSystem() throws Exception { Root systemRoot = getSystemRoot(); NodeUtil n = new NodeUtil(systemRoot.getTree(externalUserPath)); // changing with system root must succeed n.setStrings(ExternalIdentityConstants.REP_EXTERNAL_PRINCIPAL_NAMES, "principalNames"); systemRoot.commit(); }
@Test public void testCreateNestedUser2Steps() throws Exception { Tree userTree = root.getTree(getTestUser().getPath()); NodeUtil userNode = new NodeUtil(userTree); NodeUtil profile = userNode.addChild("profile", JcrConstants.NT_UNSTRUCTURED); NodeUtil nested = profile.addChild("nested", JcrConstants.NT_UNSTRUCTURED); nested.setString(UserConstants.REP_PRINCIPAL_NAME, "nested"); nested.setString(UserConstants.REP_AUTHORIZABLE_ID, "nested"); nested.setString(JcrConstants.JCR_UUID, UUIDUtils.generateUUID("nested")); root.commit(); try { nested.setName(JcrConstants.JCR_PRIMARYTYPE, UserConstants.NT_REP_USER); root.commit(); fail("Creating nested users must be detected."); } catch (CommitFailedException e) { // success assertEquals(29, e.getCode()); } finally { root.refresh(); } }
@Test public void testValidateInvalidRestrictionDef() throws Exception { RestrictionProvider rp = CompositeRestrictionProvider.newInstance(rp1, rp3); NodeUtil aceNode = new NodeUtil(root.getTree("/")).addChild("test", NT_REP_GRANT_ACE); NodeUtil rNode = aceNode.addChild(REP_RESTRICTIONS, NT_REP_RESTRICTIONS); rNode.setValues(REP_GLOB, new Value[]{vf.createValue(10), vf.createValue(290)}); try { rp.validateRestrictions("/test", aceNode.getTree()); fail("Validation must detect invalid restriction definition"); } catch (AccessControlException e) { // success } }
@Test public void testInvalidDeclaredAggregate() throws Exception { NodeUtil privilegeDefs = new NodeUtil(root.getTree(PRIVILEGES_PATH)); NodeUtil privDef = privilegeDefs.addChild("test", NT_REP_PRIVILEGE); privDef.setNames(REP_AGGREGATES, JCR_READ, "invalid"); Privilege p = getPrivilegeManager(root).getPrivilege("test"); assertAggregation(p.getDeclaredAggregatePrivileges(), JCR_READ); }
Tree createGroupTree() throws Exception { String groupPath = getUserConfiguration().getParameters().getConfigValue(PARAM_GROUP_PATH, DEFAULT_GROUP_PATH); NodeUtil node = new NodeUtil(root.getTree(PathUtils.ROOT_PATH)); NodeUtil groupRoot = node.getOrAddTree(PathUtils.relativize(PathUtils.ROOT_PATH, groupPath), NT_REP_AUTHORIZABLE_FOLDER); Tree groupTree = groupRoot.addChild("testGroup", NT_REP_GROUP).getTree(); groupTree.setProperty(JcrConstants.JCR_UUID, new UserProvider(root, ConfigurationParameters.EMPTY).getContentID(TEST_GROUP_ID)); return groupTree; }
@Test public void testRemoveMixin() throws Exception { node.setNames(JcrConstants.JCR_MIXINTYPES, MIX_REP_CUG_MIXIN); NodeUtil cug = node.addChild(REP_CUG_POLICY, NT_REP_CUG_POLICY); cug.setStrings(REP_PRINCIPAL_NAMES, EveryonePrincipal.NAME); root.commit(); try { node.removeProperty(JcrConstants.JCR_MIXINTYPES); root.commit(); fail(); } catch (CommitFailedException e) { assertTrue(e.isAccessControlViolation()); assertEquals(22, e.getCode()); } finally { root.refresh(); } }
@Test public void testAddExternalPrincipalNamesAsSystem() throws Exception { Root systemRoot = getSystemRoot(); NodeUtil n = new NodeUtil(systemRoot.getTree(testUserPath)); n.setString(ExternalIdentityConstants.REP_EXTERNAL_ID, "externalId"); n.setStrings(ExternalIdentityConstants.REP_EXTERNAL_PRINCIPAL_NAMES, "principalName"); systemRoot.commit(); }
@Test public void testChangePrimaryTypeOfCug() throws Exception { node.setNames(JcrConstants.JCR_MIXINTYPES, MIX_REP_CUG_MIXIN); NodeUtil cug = node.addChild(REP_CUG_POLICY, NT_REP_CUG_POLICY); cug.setStrings(REP_PRINCIPAL_NAMES, EveryonePrincipal.NAME); root.commit(); try { cug.setName(JcrConstants.JCR_PRIMARYTYPE, NodeTypeConstants.NT_OAK_UNSTRUCTURED); root.commit(); fail(); } catch (CommitFailedException e) { assertTrue(e.isAccessControlViolation()); assertEquals(21, e.getCode()); } }
@Test public void testChangePrimaryType() throws RepositoryException { for (Authorizable a : authorizables) { try { NodeUtil node = new NodeUtil(getAuthorizableTree(a)); NodeUtil cache = node.addChild("childNode", JcrConstants.NT_UNSTRUCTURED); root.commit(); cache.setName(JcrConstants.JCR_PRIMARYTYPE, CacheConstants.NT_REP_CACHE); cache.setLong(CacheConstants.REP_EXPIRATION, 1); root.commit(); fail("Changing primary type of residual node below an user/group to rep:Cache must fail."); } catch (CommitFailedException e) { assertTrue(e.isConstraintViolation()); assertEquals(34, e.getCode()); } finally { root.refresh(); } } }
@Test public void testChangeToReservedTokenNodeType() throws Exception { String parentPath = getTestUser().getPath() + "/"+TokenConstants.TOKENS_NODE_NAME; String path = parentPath+"/node"; try { Tree t = root.getTree(getTestUser().getPath()).addChild(TokenConstants.TOKENS_NODE_NAME); t.setProperty(JcrConstants.JCR_PRIMARYTYPE, JcrConstants.NT_UNSTRUCTURED, Type.NAME); t.addChild("node").setProperty(JcrConstants.JCR_PRIMARYTYPE, JcrConstants.NT_UNSTRUCTURED, Type.NAME); root.commit(); NodeUtil node = new NodeUtil(root.getTree(path)); node.setName(JcrConstants.JCR_PRIMARYTYPE, TokenConstants.TOKEN_NT_NAME); node.setString(JcrConstants.JCR_UUID, UUID.randomUUID().toString()); node.setString(TokenConstants.TOKEN_ATTRIBUTE_KEY, PasswordUtil.buildPasswordHash("key")); node.setDate(TokenConstants.TOKEN_ATTRIBUTE_EXPIRY, new Date().getTime()); root.commit(CommitMarker.asCommitAttributes()); } catch (CommitFailedException e) { assertEquals(62, e.getCode()); } finally { root.refresh(); root.getTree(parentPath).remove(); root.commit(); } } }
@NotNull Tree createTokenTree(@NotNull TokenInfo base, @NotNull NodeUtil parent, @NotNull String ntName) throws AccessDeniedException { Tree tokenTree = getTokenTree(base); Tree tree = parent.addChild("token", ntName).getTree(); tree.setProperty(tokenTree.getProperty(JcrConstants.JCR_UUID)); tree.setProperty(tokenTree.getProperty(TOKEN_ATTRIBUTE_KEY)); tree.setProperty(tokenTree.getProperty(TOKEN_ATTRIBUTE_EXPIRY)); return tree; } }