private static final boolean onlyReadPermissions(long permissions) { return Permissions.diff(permissions, READ_PERMISSIONS) == Permissions.NO_PERMISSION; }
@Override public boolean isGranted(long permissions) { if (Permissions.includes(permissions, DENIED_PERMS)) { return false; } else { return Permissions.diff(permissions, GRANTED_PERMS) == Permissions.NO_PERMISSION; } }
@Test public void testDiff() { assertEquals(Permissions.NO_PERMISSION, Permissions.diff(Permissions.ADD_NODE, Permissions.ADD_NODE)); assertEquals(Permissions.READ_PROPERTY, Permissions.diff(Permissions.READ, Permissions.READ_NODE)); assertEquals(Permissions.WRITE, Permissions.diff(Permissions.WRITE, Permissions.MODIFY_ACCESS_CONTROL)); assertEquals(Permissions.WRITE, Permissions.diff(Permissions.WRITE, Permissions.NO_PERMISSION)); assertEquals(Permissions.NO_PERMISSION, Permissions.diff(Permissions.WRITE, Permissions.WRITE)); assertEquals(Permissions.SET_PROPERTY | Permissions.REMOVE_NODE | Permissions.LOCK_MANAGEMENT, Permissions.diff(Permissions.WRITE | Permissions.LOCK_MANAGEMENT, Permissions.ADD_NODE)); assertEquals(Permissions.LOCK_MANAGEMENT, Permissions.diff(Permissions.LOCK_MANAGEMENT | Permissions.ADD_PROPERTY, Permissions.ADD_PROPERTY)); }
@Override public boolean isGranted(long permissions, @NotNull PropertyState property) { if (Permissions.includes(permissions, DENIED_PERMS)) { return false; } else { return Permissions.diff(permissions, GRANTED_PERMS) == Permissions.NO_PERMISSION; } } }
@Test public void testDiffFromNoPermissions() { assertEquals(Permissions.NO_PERMISSION, Permissions.diff(Permissions.NO_PERMISSION, Permissions.ADD_NODE)); assertEquals(Permissions.NO_PERMISSION, Permissions.diff(Permissions.NO_PERMISSION, Permissions.ALL)); assertEquals(Permissions.NO_PERMISSION, Permissions.diff(Permissions.NO_PERMISSION, Permissions.NO_PERMISSION)); }
@Override public boolean isGranted(@NotNull Tree tree, @Nullable PropertyState property, long permissions) { if (isSupported(tree)) { if (Permissions.includes(permissions, DENIED_PERMS)) { return false; } else { return Permissions.diff(permissions, GRANTED_PERMS) == Permissions.NO_PERMISSION; } } else { return false; } }
@Test public void testDiffFromAllPermissions() { assertEquals(Permissions.ALL, Permissions.diff(Permissions.ALL, Permissions.NO_PERMISSION)); assertEquals(Permissions.NO_PERMISSION, Permissions.diff(Permissions.ALL, Permissions.ALL)); long expected = (Permissions.READ_ACCESS_CONTROL | Permissions.MODIFY_ACCESS_CONTROL | Permissions.NODE_TYPE_MANAGEMENT | Permissions.VERSION_MANAGEMENT | Permissions.LOCK_MANAGEMENT | Permissions.LIFECYCLE_MANAGEMENT | Permissions.RETENTION_MANAGEMENT | Permissions.MODIFY_CHILD_NODE_COLLECTION | Permissions.NODE_TYPE_DEFINITION_MANAGEMENT | Permissions.NAMESPACE_MANAGEMENT | Permissions.WORKSPACE_MANAGEMENT | Permissions.PRIVILEGE_MANAGEMENT | Permissions.USER_MANAGEMENT | Permissions.INDEX_DEFINITION_MANAGEMENT ); assertEquals(expected, Permissions.diff(Permissions.ALL, Permissions.READ|Permissions.WRITE)); }
@Override public boolean isGranted(@NotNull TreeLocation location, long permissions) { if (isSupported(location.getPath())) { if (Permissions.includes(permissions, DENIED_PERMS)) { return false; } else { return Permissions.diff(permissions, GRANTED_PERMS) == Permissions.NO_PERMISSION; } } else { return false; } }
long permissions, @Nullable String path) { boolean isReadable = Permissions.diff(Permissions.READ, permissions) != Permissions.READ && readPolicy.isReadablePath(path, false); if (!entries.hasNext() && !isReadable) { return false; allows |= Permissions.diff(ap, denies); if ((allows | ~permissions) == -1) { return true; denies |= Permissions.diff(dp, allows); if (Permissions.includes(denies, permissions)) { return false;
long permissions, @Nullable String path) { boolean isReadable = Permissions.diff(Permissions.READ, permissions) != Permissions.READ && readPolicy.isReadablePath(path, false); if (!entries.hasNext() && !isReadable) { return false; allows |= Permissions.diff(ap, denies); if ((allows | ~permissions) == -1) { return true; denies |= Permissions.diff(dp, allows); if (Permissions.includes(denies, permissions)) { return false;
@Override public boolean isGranted(@NotNull String oakPath, @NotNull String jcrActions) { if (isSupported(oakPath)) { Tree tree = root.getTree(oakPath); long perms = Permissions.getPermissions(jcrActions, TreeLocation.create(tree), false); if (Permissions.includes(perms, DENIED_PERMS)) { return false; } else { return Permissions.diff(perms, GRANTED_PERMS) == Permissions.NO_PERMISSION; } } else { return false; } }
@Test public void testTreePermissionIsGrantedProperty() throws Exception { TreePermission parentPermission = TreePermission.EMPTY; for (String path : TP_PATHS) { TreePermission tp = cppTestUser.getTreePermission(readOnlyRoot.getTree(path), parentPermission); Long toTest = (defPermissions.containsKey(path)) ? defPermissions.get(path) : defPermissions.get(PathUtils.getAncestorPath(path, 1)); if (toTest != null) { if (testProvider.isSupported(path)) { assertTrue(tp.isGranted(Permissions.diff(toTest, Permissions.ADD_NODE|Permissions.ADD_PROPERTY), PROPERTY_STATE)); assertFalse(tp.isGranted(Permissions.ADD_PROPERTY, PROPERTY_STATE)); } else { assertTrue(tp.isGranted(toTest, PROPERTY_STATE)); } } parentPermission = tp; } }
@Test public void testTreePermissionIsGranted() throws Exception { TreePermission parentPermission = TreePermission.EMPTY; for (String path : TP_PATHS) { TreePermission tp = cppTestUser.getTreePermission(readOnlyRoot.getTree(path), parentPermission); Long toTest = (defPermissions.containsKey(path)) ? defPermissions.get(path) : defPermissions.get(PathUtils.getAncestorPath(path, 1)); if (toTest != null) { if (testProvider.isSupported(path)) { assertTrue(tp.isGranted(Permissions.diff(toTest, Permissions.ADD_NODE|Permissions.ADD_PROPERTY))); assertFalse(tp.isGranted(Permissions.ADD_PROPERTY | Permissions.ADD_NODE)); } else { assertTrue(tp.isGranted(toTest)); } } parentPermission = tp; } }
@Test public void testIsGrantedProperty() throws Exception { for (String p : defPermissions.keySet()) { long defaultPerms = defPermissions.get(p); Tree tree = readOnlyRoot.getTree(p); if (testProvider.isSupported(p)) { long expected = Permissions.diff(defaultPerms, Permissions.ADD_NODE|Permissions.ADD_PROPERTY); assertTrue(cppTestUser.isGranted(tree, PROPERTY_STATE, expected)); assertFalse(cppTestUser.isGranted(tree, PROPERTY_STATE, Permissions.ADD_PROPERTY)); assertFalse(cppTestUser.isGranted(tree, PROPERTY_STATE, Permissions.SET_PROPERTY)); assertFalse(cppTestUser.isGranted(tree, PROPERTY_STATE, Permissions.WRITE)); } else { assertTrue(cppTestUser.isGranted(tree, PROPERTY_STATE, defaultPerms)); } } }
@Test public void testIsGranted() throws Exception { for (String p : defPermissions.keySet()) { long defaultPerms = defPermissions.get(p); Tree tree = readOnlyRoot.getTree(p); if (testProvider.isSupported(p)) { long expected = Permissions.diff(defaultPerms, Permissions.ADD_NODE|Permissions.ADD_PROPERTY); assertTrue(cppTestUser.isGranted(tree, null, expected)); assertFalse(cppTestUser.isGranted(tree, null, Permissions.ADD_NODE)); assertFalse(cppTestUser.isGranted(tree, null, Permissions.ADD_PROPERTY)); assertFalse(cppTestUser.isGranted(tree, null, Permissions.SET_PROPERTY)); assertFalse(cppTestUser.isGranted(tree, null, Permissions.WRITE)); } else { assertTrue(cppTestUser.isGranted(tree, null, defaultPerms)); } } }
@Test public void testIsGrantedAdmin() throws Exception { for (String path : NODE_PATHS) { Tree tree = readOnlyRoot.getTree(path); if (testProvider.isSupported(path)) { assertTrue(cppAdminUser.isGranted(tree, null, Permissions.diff(Permissions.ALL, Permissions.ADD_NODE|Permissions.ADD_PROPERTY))); assertFalse(cppAdminUser.isGranted(tree, null, Permissions.ADD_NODE)); assertFalse(cppAdminUser.isGranted(tree, null, Permissions.ADD_PROPERTY)); assertFalse(cppAdminUser.isGranted(tree, null, Permissions.ADD_NODE | Permissions.ADD_PROPERTY)); assertFalse(cppAdminUser.isGranted(tree, null, Permissions.WRITE)); } else { assertTrue(cppAdminUser.isGranted(tree, null, Permissions.ALL)); } } }
@Test public void testIsGrantedPropertyAdmin() throws Exception { for (String p : NODE_PATHS) { Tree tree = readOnlyRoot.getTree(p); if (testProvider.isSupported(p)) { assertTrue(cppAdminUser.isGranted(tree, PROPERTY_STATE, Permissions.diff(Permissions.ALL, Permissions.ADD_NODE|Permissions.ADD_PROPERTY))); assertFalse(cppAdminUser.isGranted(tree, PROPERTY_STATE, Permissions.ADD_NODE)); assertFalse(cppAdminUser.isGranted(tree, PROPERTY_STATE, Permissions.ADD_PROPERTY)); assertFalse(cppAdminUser.isGranted(tree, PROPERTY_STATE, Permissions.ADD_NODE | Permissions.ADD_PROPERTY)); assertFalse(cppAdminUser.isGranted(tree, PROPERTY_STATE, Permissions.WRITE)); } else { assertTrue(cppAdminUser.isGranted(tree, PROPERTY_STATE, Permissions.ALL)); } } }
@Test public void testTreePermissionIsGrantedAdmin( ) { TreePermission parentPermission = TreePermission.EMPTY; for (String path : TP_PATHS) { TreePermission tp = cppAdminUser.getTreePermission(readOnlyRoot.getTree(path), parentPermission); if (testProvider.isSupported(path)) { assertTrue(path, tp.isGranted(Permissions.diff(Permissions.ALL, Permissions.ADD_NODE|Permissions.ADD_PROPERTY))); assertFalse(path, tp.isGranted(Permissions.ADD_PROPERTY | Permissions.ADD_NODE)); assertFalse(path, tp.isGranted(Permissions.ALL)); } else { assertTrue(path, tp.isGranted(Permissions.ALL)); } parentPermission = tp; } parentPermission = TreePermission.EMPTY; for (String nodePath : PATH_OUTSIDE_SCOPE) { Tree tree = readOnlyRoot.getTree(nodePath); TreePermission tp = cppAdminUser.getTreePermission(tree, parentPermission); assertTrue(nodePath, tp.isGranted(Permissions.ALL)); parentPermission = tp; } }
long diff = Permissions.diff(Permissions.ALL, Permissions.REMOVE_NODE|Permissions.ADD_NODE); assertFalse(permissionProvider.isGranted(childTree, null, Permissions.REMOVE_NODE)); assertFalse(permissionProvider.isGranted(childTree, null, Permissions.ADD_NODE));