@NotNull @Override public Set<String> getPrivileges(@Nullable Tree tree) { return BASE.getPrivileges(tree); }
@NotNull @Override public Set<String> getPrivileges(@Nullable Tree tree) { return BASE.getPrivileges(tree); }
@Nonnull private Privilege[] getPrivileges(@Nullable String absPath, @Nonnull PermissionProvider provider, long permissions) throws RepositoryException { Tree tree; if (absPath == null) { tree = null; if (permissions != Permissions.NO_PERMISSION) { checkPermissions(null, permissions); } } else { tree = getTree(getOakPath(absPath), permissions, false); } Set<String> pNames = provider.getPrivileges(tree); if (pNames.isEmpty()) { return new Privilege[0]; } else { Set<Privilege> privileges = new HashSet<Privilege>(pNames.size()); for (String name : pNames) { privileges.add(privilegeManager.getPrivilege(namePathMapper.getJcrName(name))); } return privileges.toArray(new Privilege[privileges.size()]); } }
@NotNull private Privilege[] getPrivileges(@Nullable String absPath, @NotNull PermissionProvider provider, long permissions) throws RepositoryException { Tree tree; if (absPath == null) { tree = null; if (permissions != Permissions.NO_PERMISSION) { checkPermissions(null, permissions); } } else { tree = getTree(getOakPath(absPath), permissions, false); } Set<String> pNames = provider.getPrivileges(tree); if (pNames.isEmpty()) { return new Privilege[0]; } else { Set<Privilege> privileges = new HashSet<>(pNames.size()); for (String name : pNames) { privileges.add(privilegeManager.getPrivilege(namePathMapper.getJcrName(name))); } return privileges.toArray(new Privilege[0]); } }
@Test public void testGetPrivilegesTestGroup() { Set<String> w_rac = ImmutableSet.of(PrivilegeConstants.REP_WRITE, PrivilegeConstants.JCR_READ_ACCESS_CONTROL); Set<String> r_w_rac = ImmutableSet.of(PrivilegeConstants.JCR_READ, PrivilegeConstants.REP_WRITE, PrivilegeConstants.JCR_READ_ACCESS_CONTROL); // testGroup PermissionProvider pp = createPermissionProvider(testGroupPrincipal); assertEquals(r_w_rac, pp.getPrivileges(content)); assertEquals(r_w_rac, pp.getPrivileges(a)); assertEquals(w_rac, pp.getPrivileges(c)); assertTrue(pp.getPrivileges(content2).isEmpty()); }
@Test public void testGetPrivilegesEveryone() { // everyone PermissionProvider pp = createPermissionProvider(EveryonePrincipal.getInstance()); assertTrue(pp.getPrivileges(content).isEmpty()); assertTrue(pp.getPrivileges(content2).isEmpty()); assertTrue(pp.getPrivileges(a).isEmpty()); assertTrue(pp.getPrivileges(c).isEmpty()); }
@Test public void testGetPrivilegesTestGroupEveryone() { Set<String> r_w_rac = ImmutableSet.of(PrivilegeConstants.JCR_READ, PrivilegeConstants.REP_WRITE, PrivilegeConstants.JCR_READ_ACCESS_CONTROL); // testGroup + everyone PermissionProvider pp = createPermissionProvider(testGroupPrincipal, EveryonePrincipal.getInstance()); assertEquals(r_w_rac, pp.getPrivileges(content)); assertEquals(r_w_rac, pp.getPrivileges(a)); assertEquals(r_w_rac, pp.getPrivileges(c)); assertTrue(pp.getPrivileges(content2).isEmpty()); }
@Test public void testGetPrivileges() { assertTrue(emptyProvider.getPrivileges(tree).isEmpty()); }
@Test public void testGetPrivilegesTestUserEveryone() throws Exception { // testUser + everyone PermissionProvider pp = createPermissionProvider(getTestUser().getPrincipal(), EveryonePrincipal.getInstance()); Set<String> r = ImmutableSet.of(PrivilegeConstants.JCR_READ); assertEquals(r, pp.getPrivileges(content)); assertEquals(r, pp.getPrivileges(c)); assertTrue(pp.getPrivileges(a).isEmpty()); assertTrue(pp.getPrivileges(content2).isEmpty()); } }
@Test public void testGetPrivileges() { Set<String> privs = openProvider.getPrivileges(tree); assertFalse(privs.isEmpty()); assertTrue(privs.contains(PrivilegeConstants.JCR_ALL)); }
/** * @see PermissionProvider#getPrivileges(org.apache.jackrabbit.oak.api.Tree) */ @Test public void testGetPrivilegesAtCug2() { PermissionProvider pp = createCugPermissionProvider(ImmutableSet.of(SUPPORTED_PATH), testGroupPrincipal); Set<String> expected = ImmutableSet.of( PrivilegeConstants.JCR_READ, PrivilegeConstants.REP_READ_NODES, PrivilegeConstants.REP_READ_PROPERTIES); assertEquals(expected, pp.getPrivileges(root.getTree("/content/a"))); assertEquals(expected, pp.getPrivileges(root.getTree("/content/aa/bb"))); assertTrue(pp.getPrivileges(root.getTree("/content/a/b/c")).isEmpty()); }
@Test public void testGetPrivilegesForReadPaths() throws Exception { ContentSession testSession = createTestSession(); try { PermissionProvider pp = createPermissionProvider(testSession) ; for (String path : READ_PATHS) { Tree tree = root.getTree(path); assertEquals(Collections.singleton(PrivilegeConstants.JCR_READ), pp.getPrivileges(tree)); } assertEquals(Collections.<String>emptySet(), pp.getPrivileges(null)); } finally { testSession.close(); } }
@Test public void testGetPrivilege() { PermissionProvider pp = createPermissionProvider(); Tree t = root.getTree(PermissionConstants.PERMISSIONS_STORE_PATH); Set<String> privilegeNames = pp.getPrivileges(t); assertTrue(privilegeNames.isEmpty()); } }
@Test public void testGetPrivileges() throws Exception { for (String p : defPrivileges.keySet()) { Set<String> expected = defPrivileges.get(p); Tree tree = readOnlyRoot.getTree(p); assertEquals(p, expected, cppTestUser.getPrivileges(tree)); assertEquals(p, defTestUser.getPrivileges(tree), cppTestUser.getPrivileges(tree)); } }
@Test public void testGetPrivilegesOnRepoAdmin() throws Exception { Set<String> expected = ImmutableSet.of(JCR_ALL); assertEquals(expected, cppAdminUser.getPrivileges(null)); assertEquals(defAdminUser.getPrivileges(null), cppAdminUser.getPrivileges(null)); }
@Test public void testGetPrivilegesOnRepo() throws Exception { Set<String> expected = ImmutableSet.of(JCR_NAMESPACE_MANAGEMENT, JCR_NODE_TYPE_DEFINITION_MANAGEMENT); assertEquals(expected, cppTestUser.getPrivileges(null)); assertEquals(defTestUser.getPrivileges(null), cppTestUser.getPrivileges(null)); }
@Test public void testGetPrivilegesAdmin() throws Exception { Set<String> expected = ImmutableSet.of(JCR_ALL); for (String p : NODE_PATHS) { Tree tree = readOnlyRoot.getTree(p); assertEquals(p, expected, cppAdminUser.getPrivileges(tree)); assertEquals(p, defAdminUser.getPrivileges(tree), cppAdminUser.getPrivileges(tree)); } }
@Test public void testAdministrativeAccess() { for (String path : getTreePaths()) { Tree t = root.getTree(path); assertFalse(t.exists()); } PermissionProvider pp = getPermissionProvider(adminSession.getAuthInfo().getPrincipals()); for (Tree t : trees) { pp.getPrivileges(t).contains(PrivilegeConstants.JCR_ALL); assertTrue(pp.isGranted(t, null, Permissions.ALL)); assertTrue(pp.isGranted(t, prop, Permissions.ALL)); String treePath = t.getPath(); String allActions = Text.implode(ACTION_NAMES, ","); assertTrue(pp.isGranted(treePath, allActions)); assertTrue(pp.isGranted(PathUtils.concat(treePath, prop.getName()), allActions)); } }
@Test public void testGuestAccess() throws Exception { try (ContentSession guest = login(new GuestCredentials())) { Root r = guest.getLatestRoot(); for (String path : getTreePaths()) { Tree t = r.getTree(path); assertFalse(t.exists()); } PermissionProvider pp = getPermissionProvider(guest.getAuthInfo().getPrincipals()); for (Tree t : trees) { pp.getPrivileges(t).isEmpty(); for (long permission : Permissions.aggregates(Permissions.ALL)) { assertFalse(pp.isGranted(t, null, permission)); assertFalse(pp.isGranted(t, prop, permission)); } for (String action : ACTION_NAMES) { String treePath = t.getPath(); assertFalse(pp.isGranted(treePath, action)); assertFalse(pp.isGranted(PathUtils.concat(treePath, prop.getName()), action)); } } } }
@Test public void testCombinedSetup() throws Exception { AccessControlManager acMgr = getAccessControlManager(root); JackrabbitAccessControlList acl = AccessControlUtils.getAccessControlList(acMgr, "/content"); acl.addAccessControlEntry(getTestGroupPrincipal(), AccessControlUtils.privilegesFromNames(acMgr, PrivilegeConstants.JCR_READ_ACCESS_CONTROL)); acMgr.setPolicy(acl.getPath(), acl); root.commit(); PermissionProvider combined = getConfig(AuthorizationConfiguration.class).getPermissionProvider(root, root.getContentSession().getWorkspaceName(), ImmutableSet.of(getTestGroupPrincipal())); for (String acPath : acPaths) { boolean canReadAc = Text.isDescendantOrEqual("/content", acPath); Tree acTree = root.getTree(acPath); assertEquals(canReadAc, combined.hasPrivileges(acTree, PrivilegeConstants.JCR_READ_ACCESS_CONTROL)); assertEquals(canReadAc, combined.getPrivileges(acTree).contains(PrivilegeConstants.JCR_READ_ACCESS_CONTROL)); assertEquals(canReadAc, combined.isGranted(acPath, JackrabbitSession.ACTION_READ_ACCESS_CONTROL)); assertEquals(canReadAc, combined.isGranted(acTree, null, Permissions.READ_ACCESS_CONTROL)); Tree t = root.getTree("/"); TreePermission tp = combined.getTreePermission(t, TreePermission.EMPTY); for (String name : PathUtils.elements(acPath)) { t = t.getChild(name); tp = combined.getTreePermission(t, tp); } assertEquals(canReadAc, tp.canRead()); assertEquals(canReadAc, tp.isGranted(Permissions.READ_ACCESS_CONTROL)); } } }