@Test public void testWriteCug() throws Exception { ContentSession cs = createTestSession2(); Root r = cs.getLatestRoot(); try { // modify the existing cug Tree tree = r.getTree("/content/a/rep:cugPolicy"); tree.setProperty(REP_PRINCIPAL_NAMES, ImmutableList.of(EveryonePrincipal.NAME, testGroupPrincipal.getName()), Type.STRINGS); r.commit(); fail(); } catch (CommitFailedException e) { assertTrue(e.isAccessViolation()); } finally { r.refresh(); } }
@Test public void testWrite() throws Exception { List<String> readOnly = ImmutableList.of("/content", "/content/a/b/c"); for (String p : readOnly) { try { NodeUtil content = new NodeUtil(testRoot.getTree(p)); content.addChild("writeTest", NT_OAK_UNSTRUCTURED); testRoot.commit(); fail(); } catch (CommitFailedException e) { assertTrue(e.isAccessViolation()); } finally { testRoot.refresh(); } } }
@Test public void testRemoveTree() throws Exception { Root testRoot = testSession.getLatestRoot(); List<String> paths = ImmutableList.of("/a/d/b/e/c", "/a/d/b", "/a"); for (String p : paths) { try { testRoot.getTree(p).remove(); testRoot.commit(); fail(); } catch (CommitFailedException e) { // success assertTrue(e.isAccessViolation()); } finally { testRoot.refresh(); } } }
@Test public void testWriteAcl() throws Exception { ContentSession cs = createTestSession2(); Root r = cs.getLatestRoot(); try { Tree tree = r.getTree("/content/a/b/c"); tree.setProperty(JCR_MIXINTYPES, ImmutableList.of(MIX_REP_CUG_MIXIN, AccessControlConstants.MIX_REP_ACCESS_CONTROLLABLE), Type.NAMES); tree.addChild(AccessControlConstants.REP_POLICY).setProperty(JCR_PRIMARYTYPE, AccessControlConstants.NT_REP_ACL, Type.NAME); r.commit(); fail(); } catch (CommitFailedException e) { assertTrue(e.isAccessViolation()); } finally { r.refresh(); } }
@Test public void testModifyProperty() throws Exception { Root testRoot = testSession.getLatestRoot(); Tree c = testRoot.getTree("/a/d/b/e/c"); try { c.setProperty("a", "anyvalue"); testRoot.commit(); fail(); } catch (CommitFailedException e) { // success assertTrue(e.isAccessViolation()); } finally { testRoot.refresh(); } }
public void unlock() throws RepositoryException { String path = getPath(); Root root = sessionDelegate.getContentSession().getLatestRoot(); Tree tree = root.getTree(path); if (!tree.exists()) { throw new ItemNotFoundException("Node " + path + " does not exist"); } else if (!isNodeType(tree, MIX_LOCKABLE, root)) { throw new LockException("Node " + path + " is not lockable"); } else if (!tree.hasProperty(JCR_LOCKISDEEP)) { throw new LockException("Node " + path + " is not locked"); } try { tree.removeProperty(JCR_LOCKISDEEP); tree.removeProperty(JCR_LOCKOWNER); sessionDelegate.commit(root); } catch (CommitFailedException e) { if (e.isAccessViolation()) { throw new AccessControlException( "Access denied to unlock node " + path, e); } else { throw new RepositoryException( "Unable to unlock node " + path, e); } } }
public void unlock() throws RepositoryException { String path = getPath(); Root root = sessionDelegate.getContentSession().getLatestRoot(); Tree tree = root.getTree(path); if (!tree.exists()) { throw new ItemNotFoundException("Node " + path + " does not exist"); } else if (!isNodeType(tree, MIX_LOCKABLE, root)) { throw new LockException("Node " + path + " is not lockable"); } else if (!tree.hasProperty(JCR_LOCKISDEEP)) { throw new LockException("Node " + path + " is not locked"); } try { tree.removeProperty(JCR_LOCKISDEEP); tree.removeProperty(JCR_LOCKOWNER); sessionDelegate.commit(root); } catch (CommitFailedException e) { if (e.isAccessViolation()) { throw new AccessControlException( "Access denied to unlock node " + path, e); } else { throw new RepositoryException( "Unable to unlock node " + path, e); } } }
public void unlock() throws RepositoryException { String path = getPath(); Root root = sessionDelegate.getContentSession().getLatestRoot(); Tree tree = root.getTree(path); if (!tree.exists()) { throw new ItemNotFoundException("Node " + path + " does not exist"); } else if (!isNodeType(tree, MIX_LOCKABLE, root)) { throw new LockException("Node " + path + " is not lockable"); } else if (!tree.hasProperty(JCR_LOCKISDEEP)) { throw new LockException("Node " + path + " is not locked"); } try { tree.removeProperty(JCR_LOCKISDEEP); tree.removeProperty(JCR_LOCKOWNER); sessionDelegate.commit(root); } catch (CommitFailedException e) { if (e.isAccessViolation()) { throw new AccessControlException( "Access denied to unlock node " + path, e); } else { throw new RepositoryException( "Unable to unlock node " + path, e); } } }
@Test public void testAddProperty() throws Exception { Root testRoot = testSession.getLatestRoot(); List<String> paths = ImmutableList.of("/a", "/a/d/b", "/a/d/b/e/c"); for (String p : paths) { Tree t = testRoot.getTree(p); t.setProperty("b", "anyvalue"); testRoot.commit(); } for (String p : paths) { Tree t = testRoot.getTree(p); try { t.setProperty("notAllowed", "anyvalue"); testRoot.commit(); fail(); } catch (CommitFailedException e) { // success assertTrue(e.isAccessViolation()); } finally { testRoot.refresh(); } } }
} else if (isOfType(NODE_TYPE)) { return new NoSuchNodeTypeException(message, this); } else if (isAccessViolation()) { return new AccessDeniedException(message, this); } else if (isAccessControlViolation()) {
/** * Creating a non-referenceable tree with an jcr:uuid must fail * with AccessDeniedException unless the REP_ADD_PROPERTY privilege * is granted */ @Test public void testCreateNonReferenceableJcrUuid() throws Exception { setupPermission("/a", testPrincipal, true, PrivilegeConstants.JCR_READ, PrivilegeConstants.JCR_ADD_CHILD_NODES); try { Root testRoot = getTestRoot(); NodeUtil a = new NodeUtil(testRoot.getTree("/a")); a.setString(JCR_UUID, UUIDUtils.generateUUID()); testRoot.commit(); fail("Creating a jcr:uuid property for an unstructured node without ADD_PROPERTY permission must fail."); } catch (CommitFailedException e) { assertTrue(e.isAccessViolation()); } }
} else if (isOfType(NODE_TYPE)) { return new NoSuchNodeTypeException(message, this); } else if (isAccessViolation()) { return new AccessDeniedException(message, this); } else if (isAccessControlViolation()) {
} else if (isOfType(NODE_TYPE)) { return new NoSuchNodeTypeException(message, this); } else if (isAccessViolation()) { return new AccessDeniedException(message, this); } else if (isAccessControlViolation()) {
@Test public void testRemoveTree2() throws Exception { AccessControlManager acMgr = getAccessControlManager(root); JackrabbitAccessControlList acl = AccessControlUtils.getAccessControlList(acMgr, "/a"); acl.addEntry(testPrincipal, privilegesFromNames(PrivilegeConstants.JCR_READ, PrivilegeConstants.JCR_REMOVE_CHILD_NODES), true); acMgr.setPolicy(acl.getPath(), acl); root.commit(); Root testRoot = testSession.getLatestRoot(); List<String> paths = ImmutableList.of("/a/d/b/e/c", "/a/d/b"); for (String p : paths) { testRoot.getTree(p).remove(); testRoot.commit(); } try { testRoot.getTree("/a").remove(); testRoot.commit(); fail(); } catch (CommitFailedException e) { // success assertTrue(e.isAccessViolation()); } finally { testRoot.refresh(); } }
sessionDelegate.commit(root); } catch (CommitFailedException e) { if (e.isAccessViolation()) { throw new AccessControlException( "Access denied to lock node " + path, e);
sessionDelegate.commit(root); } catch (CommitFailedException e) { if (e.isAccessViolation()) { throw new AccessControlException( "Access denied to lock node " + path, e);
fail("Turning a false policy node into access control content requires the ability to write AC content."); } catch (CommitFailedException e) { assertTrue(e.isAccessViolation()); assertEquals(0, e.getCode()); } finally {
/** * Creating a non-referenceable tree with a jcr:uuid must fail * with AccessDeniedException unless the REP_ADD_PROPERTY privilege * is granted */ @Test public void testModifyNonReferenceableJcrUuid() throws Exception { NodeUtil a = new NodeUtil(root.getTree("/a")); a.setString(JCR_UUID, "some-value"); setupPermission("/a", testPrincipal, true, PrivilegeConstants.JCR_READ, PrivilegeConstants.JCR_ADD_CHILD_NODES); try { Root testRoot = getTestRoot(); a = new NodeUtil(testRoot.getTree("/a")); assertNotNull(a.getString(JCR_UUID, null)); a.setString(JCR_UUID, UUIDUtils.generateUUID()); testRoot.commit(); fail("Modifying a jcr:uuid property for an unstructured node without MODIFY_PROPERTY permission must fail."); } catch (CommitFailedException e) { assertTrue(e.isAccessViolation()); } }
@Test public void testRemoveNodeWithJr2Flag() throws Exception { /* allow READ/WRITE privilege for testUser at 'path' */ setupPermission("/a", testPrincipal, true, PrivilegeConstants.JCR_READ, PrivilegeConstants.REP_WRITE); /* deny REMOVE_NODE privilege at subtree. */ setupPermission("/a/b", testPrincipal, false, PrivilegeConstants.JCR_REMOVE_NODE); Root testRoot = getTestRoot(); AccessControlManager acMgr = getAccessControlManager(testRoot); assertTrue(acMgr.hasPrivileges("/a", privilegesFromNames(PrivilegeConstants.REP_WRITE))); assertFalse(acMgr.hasPrivileges("/a/b", privilegesFromNames(PrivilegeConstants.JCR_REMOVE_NODE))); // removing the tree must fail try { testRoot.getTree("/a").remove(); testRoot.commit(); fail(); } catch (CommitFailedException e) { // success assertTrue(e.isAccessViolation()); } }
@Test public void testRemoveNodeWithJr2Flag2() throws Exception { /* allow READ/WRITE privilege for testUser at 'path' */ setupPermission("/a", testPrincipal, true, PrivilegeConstants.JCR_READ, PrivilegeConstants.REP_WRITE); /* deny REP_REMOVE_PROPERTIES privilege at subtree. */ setupPermission("/a/b", testPrincipal, false, PrivilegeConstants.REP_REMOVE_PROPERTIES); Root testRoot = getTestRoot(); AccessControlManager acMgr = getAccessControlManager(testRoot); assertTrue(acMgr.hasPrivileges("/a", privilegesFromNames(PrivilegeConstants.REP_WRITE))); assertFalse(acMgr.hasPrivileges("/a/b", privilegesFromNames(PrivilegeConstants.REP_REMOVE_PROPERTIES))); // removing the tree must fail try { testRoot.getTree("/a").remove(); testRoot.commit(); fail(); } catch (CommitFailedException e) { // success assertTrue(e.isAccessViolation()); } } }