@Test public void testGetStringMultiple() { for (long permissions : TEST.keySet()) { Set<String> expected = new HashSet<>(); for (long p : TEST.get(permissions)) { expected.add(Permissions.PERMISSION_NAMES.get(p)); } assertEquals(expected, Sets.newHashSet(Splitter.on(',').split(Permissions.getString(permissions)))); } }
@Test public void testGetStringAllPermission() { String str = Permissions.getString(Permissions.ALL); assertEquals(Permissions.PERMISSION_NAMES.get(Permissions.ALL), str); }
@Test public void testGetStringNoPermission() { String str = Permissions.getString(Permissions.NO_PERMISSION); assertTrue(str.isEmpty()); }
@Test public void testGetStringAggregates() { Map<Long, Set<Long>> test = ImmutableMap.<Long, Set<Long>>of( Permissions.READ|Permissions.READ_ACCESS_CONTROL, ImmutableSet.of(Permissions.READ, Permissions.READ_NODE, Permissions.READ_PROPERTY, Permissions.READ_ACCESS_CONTROL), Permissions.REMOVE|Permissions.SET_PROPERTY, ImmutableSet.of(Permissions.REMOVE_NODE, Permissions.ADD_PROPERTY, Permissions.MODIFY_PROPERTY, Permissions.REMOVE_PROPERTY, Permissions.SET_PROPERTY, Permissions.REMOVE), Permissions.WRITE|Permissions.SET_PROPERTY, ImmutableSet.of(Permissions.WRITE), Permissions.WRITE|Permissions.VERSION_MANAGEMENT, ImmutableSet.of(Permissions.WRITE, Permissions.VERSION_MANAGEMENT, Permissions.REMOVE_NODE, Permissions.ADD_PROPERTY, Permissions.MODIFY_PROPERTY, Permissions.ADD_NODE, Permissions.REMOVE_PROPERTY, Permissions.SET_PROPERTY, Permissions.REMOVE) ); for (long permissions : test.keySet()) { Set<String> expected = new HashSet<>(); for (long p : test.get(permissions)) { expected.add(Permissions.PERMISSION_NAMES.get(p)); } assertEquals(expected, Sets.newHashSet(Splitter.on(',').split(Permissions.getString(permissions)))); } }
@Test public void testIsAggregate() { List<Long> aggregates = ImmutableList.of(Permissions.ALL, Permissions.WRITE, Permissions.READ, Permissions.SET_PROPERTY, Permissions.REMOVE); for (long permission : Permissions.PERMISSION_NAMES.keySet()) { if (aggregates.contains(permission)) { assertTrue(Permissions.getString(permission), Permissions.isAggregate(permission)); } else { assertFalse(Permissions.getString(permission), Permissions.isAggregate(permission)); } } }
public void testDefaultSetup() throws RepositoryException { assertFalse(testSession.hasPermission(path, Permissions.getString(Permissions.INDEX_DEFINITION_MANAGEMENT))); }
@Test public void testGetStringSinglePermission() { for (long permission : Permissions.aggregates(Permissions.ALL)) { String str = Permissions.getString(permission); assertEquals(Permissions.PERMISSION_NAMES.get(permission), str); } }
@Test public void testIsGrantedPath() { assertTrue(pp.isGranted(SUPPORTED_PATH, Permissions.getString(Permissions.READ))); assertFalse(pp.isGranted(SUPPORTED_PATH + "/:hidden", Permissions.getString(Permissions.READ))); assertFalse(pp.isGranted(SUPPORTED_PATH + "/:hidden/child", Permissions.getString(Permissions.READ))); assertFalse(pp.isGranted(hiddenTree.getPath(), Permissions.getString(Permissions.READ))); }
@Test public void testRespectParentPermissions() { List<Long> permissions = ImmutableList.of( Permissions.ALL, Permissions.ADD_NODE, Permissions.ADD_NODE|Permissions.ADD_PROPERTY, Permissions.ADD_NODE|Permissions.REMOVE_NODE, Permissions.ADD_NODE|Permissions.READ, Permissions.REMOVE_NODE, Permissions.REMOVE_NODE|Permissions.LOCK_MANAGEMENT, Permissions.WRITE, Permissions.REMOVE ); for (long p : permissions) { assertTrue(Permissions.getString(p), Permissions.respectParentPermissions(p)); } }
@Test public void testNotRespectParentPermissions() { List<Long> permissions = ImmutableList.of( Permissions.READ, Permissions.ADD_PROPERTY, Permissions.REMOVE_PROPERTY, Permissions.ADD_PROPERTY|Permissions.REMOVE_PROPERTY, Permissions.MODIFY_CHILD_NODE_COLLECTION|Permissions.MODIFY_PROPERTY, Permissions.NODE_TYPE_MANAGEMENT|Permissions.VERSION_MANAGEMENT, Permissions.SET_PROPERTY, Permissions.WORKSPACE_MANAGEMENT|Permissions.NAMESPACE_MANAGEMENT ); for (long p : permissions) { assertFalse(Permissions.getString(p), Permissions.respectParentPermissions(p)); } }
@Test public void testIsGrantedPath() { for (String acPath : acPaths) { assertFalse(pp.isGranted(acPath, Permissions.getString(Permissions.READ))); } }
public void testDuplicate() throws Exception { Map<String, Boolean> map = Maps.newHashMap(); map.put("/", true); map.put(path, true); map.put(childPPath, true); map.put(path + "/rep:policy", false); map.put("/nonExisting", true); map.put(path + "/nonExisting", true); for (String p : map.keySet()) { boolean expected = map.get(p); assertEquals(p, expected, testSession.hasPermission(p, Session.ACTION_READ + "," + Permissions.getString(Permissions.READ))); assertEquals(p, expected, ((JackrabbitSession) testSession).hasPermission(p, new String[]{Session.ACTION_READ, Session.ACTION_READ})); assertEquals(p, expected, ((JackrabbitSession) testSession).hasPermission(p, Session.ACTION_READ, Session.ACTION_READ)); assertEquals(p, expected, ((JackrabbitSession) testSession).hasPermission(p, new String[]{Session.ACTION_READ, Permissions.PERMISSION_NAMES.get(Permissions.READ)})); assertEquals(p, expected, ((JackrabbitSession) testSession).hasPermission(p, Session.ACTION_READ, Permissions.PERMISSION_NAMES.get(Permissions.READ))); } }
public void testAddProperties() throws Exception { // grant the test principal rep:addProperties privilege at 'childPath' // EXERCISE: explain the difference between rep:addProperites and jcr:modifyProperties privilege! AccessControlUtils.addAccessControlEntry(superuser, childPath, testPrincipal, new String[] {PrivilegeConstants.REP_ADD_PROPERTIES}, true); superuser.save(); // EXERCISE: fill in the expected return values for Session.hasPermission as performed below // EXERCISE: verify that the test passes and explain the individual results Map<String, Boolean[]> pathHasPermissionMap = ImmutableMap.of( propertyPath, new Boolean[]{null, null}, childPath + "/newProp", new Boolean[]{null, null}, childPropertyPath, new Boolean[]{null, null}, grandChildPath + "/" + JcrConstants.JCR_PRIMARYTYPE, new Boolean[]{null, null} ); Session userSession = createTestSession(); for (String path : pathHasPermissionMap.keySet()) { Boolean[] result = pathHasPermissionMap.get(path); boolean setPropertyAction = result[0]; boolean addPropertiesPermission = result[1]; assertEquals(setPropertyAction, userSession.hasPermission(path, Session.ACTION_SET_PROPERTY)); assertEquals(addPropertiesPermission, userSession.hasPermission(path, Permissions.getString(Permissions.ADD_PROPERTY))); } }
/** * @see PermissionProvider#isGranted(String, String) */ @Test public void testIsGrantedJcrActionsNonExistingPath() { String p = "/path/to/non/existing/tree"; assertFalse(cugPermProvider.isGranted(p, Session.ACTION_READ)); assertFalse(cugPermProvider.isGranted(p, Permissions.getString(Permissions.READ_NODE))); assertFalse(cugPermProvider.isGranted(p, Permissions.getString(Permissions.READ_PROPERTY))); assertFalse(cugPermProvider.isGranted(p, Session.ACTION_ADD_NODE)); assertFalse(cugPermProvider.isGranted(p, Session.ACTION_READ + ',' + Session.ACTION_ADD_NODE)); } }
public void testMultiple() throws Exception { List<String> paths = ImmutableList.of( "/", path, childPPath, path + "/rep:policy", "/nonExisting", path + "/nonExisting"); for (String p : paths) { assertFalse(testSession.hasPermission(p, Session.ACTION_READ + "," + Session.ACTION_SET_PROPERTY)); assertFalse(testSession.hasPermission(p, Session.ACTION_READ + "," + Permissions.getString(Permissions.ADD_PROPERTY))); assertFalse(((JackrabbitSession) testSession).hasPermission(p, Session.ACTION_READ, Session.ACTION_SET_PROPERTY)); assertFalse(((JackrabbitSession) testSession).hasPermission(p, Session.ACTION_READ, JackrabbitSession.ACTION_ADD_PROPERTY)); assertFalse(testSession.hasPermission(p, Session.ACTION_READ + "," + JackrabbitSession.ACTION_READ_ACCESS_CONTROL)); assertFalse(((JackrabbitSession) testSession).hasPermission(p, Session.ACTION_READ, JackrabbitSession.ACTION_READ_ACCESS_CONTROL)); } } }
@Test public void testWriteAndCustomPrivilege() throws Exception { Privilege[] privs = privilegesFromNames(new String[] { Privilege.JCR_VERSION_MANAGEMENT, Privilege.JCR_LOCK_MANAGEMENT, "replicate", "rep:write"}); allow(path, testGroup.getPrincipal(), privs); assertTrue(testAcMgr.hasPrivileges(path, privilegesFromName("replicate"))); assertTrue(testSession.hasPermission(path + "/newNode", Session.ACTION_ADD_NODE)); assertTrue(testSession.hasPermission(childPPath, Session.ACTION_SET_PROPERTY)); assertTrue(testSession.hasPermission(path + "/newProperty", Session.ACTION_SET_PROPERTY)); assertTrue(testSession.hasPermission(path + "/newProperty", Permissions.getString(Permissions.ADD_PROPERTY))); testSession.getNode(path).setProperty("newProperty", "value"); testSession.save(); deny(path, testUser.getPrincipal(), privilegesFromName("replicate")); assertFalse(testAcMgr.hasPrivileges(path, privilegesFromName("replicate"))); assertTrue(testSession.hasPermission(childPPath, Session.ACTION_SET_PROPERTY)); assertTrue(testSession.hasPermission(path + "/newProperty2", Session.ACTION_SET_PROPERTY)); assertTrue(testSession.hasPermission(path + "/newProperty2", Permissions.getString(Permissions.ADD_PROPERTY))); testSession.getNode(path).setProperty("newProperty2", "value"); testSession.save(); }
@Test public void testIsGrantedForReadPaths() throws Exception { ContentSession testSession = createTestSession(); try { PermissionProvider pp = createPermissionProvider(testSession) ; for (String path : READ_PATHS) { assertTrue(pp.isGranted(path, Permissions.getString(Permissions.READ))); assertTrue(pp.isGranted(path, Permissions.getString(Permissions.READ_NODE))); assertTrue(pp.isGranted(path + '/' + JcrConstants.JCR_PRIMARYTYPE, Permissions.getString(Permissions.READ_PROPERTY))); assertFalse(pp.isGranted(path, Permissions.getString(Permissions.READ_ACCESS_CONTROL))); } for (String path : READ_PATHS) { Tree tree = root.getTree(path); assertTrue(pp.isGranted(tree, null, Permissions.READ)); assertTrue(pp.isGranted(tree, null, Permissions.READ_NODE)); assertTrue(pp.isGranted(tree, tree.getProperty(JcrConstants.JCR_PRIMARYTYPE), Permissions.READ_PROPERTY)); assertFalse(pp.isGranted(tree, null, Permissions.READ_ACCESS_CONTROL)); } RepositoryPermission rp = pp.getRepositoryPermission(); assertFalse(rp.isGranted(Permissions.READ)); assertFalse(rp.isGranted(Permissions.READ_NODE)); assertFalse(rp.isGranted(Permissions.READ_PROPERTY)); assertFalse(rp.isGranted(Permissions.READ_ACCESS_CONTROL)); } finally { testSession.close(); } }
public void testOakPermissions() throws RepositoryException { String modifyPropertyPermissions = null; // EXERCISE: assertFalse(testSession.hasPermission(propertyPath, modifyPropertyPermissions)); // EXERCISE : modify the permission setup such that the following tests pass testSession.refresh(false); assertTrue(testSession.hasPermission(propertyPath, modifyPropertyPermissions)); assertFalse(testSession.hasPermission(propertyPath, Permissions.getString(Permissions.REMOVE_PROPERTY|Permissions.ADD_PROPERTY))); String addItemPermissions = null; // EXERCISE assertTrue(testSession.hasPermission(childPath, addItemPermissions)); String permissions = null; // EXERCISE assertFalse(testSession.hasPermission(childPath, permissions)); // EXERCISE : modify the permission setup such that the following tests pass assertFalse(testSession.hasPermission(testRoot, permissions)); assertTrue(testSession.hasPermission(childPath, permissions)); Node cNode = testSession.getNode(childPath); cNode.addMixin(mixVersionable); testSession.save(); cNode.checkin(); cNode.checkout(); }
@Test public void testSetModifiedPolicy() throws Exception { AccessControlManager acMgr = getAcManager(root); AccessControlPolicy[] policies = acMgr.getPolicies("/test/a"); // EXERCISE: modify policies such that the testuser principal becomes owner instead of editor // ... write your code here for (AccessControlPolicy policy : policies) { acMgr.setPolicy("/test/a", policy); } root.commit(); try (ContentSession cs = createTestSession()) { Root r = createTestSession().getLatestRoot(); PermissionProvider pp = getConfig(AuthorizationConfiguration.class).getPermissionProvider(r, cs.getWorkspaceName(), cs.getAuthInfo().getPrincipals()); assertTrue(pp.isGranted("/test/a", Permissions.getString(ThreeRolesConstants.SUPPORTED_PERMISSIONS))); } }
assertTrue(combined.isGranted(hiddenTree.getPath(), Permissions.getString(Permissions.ALL)));