PrivilegeBits updated = PrivilegeBits.getInstance(existingBits).diff(entryBits); if (updated.isEmpty()) {
PrivilegeBits updated = PrivilegeBits.getInstance(existingBits).diff(entryBits); if (updated.isEmpty()) {
PrivilegeBits updated = PrivilegeBits.getInstance(existingBits).diff(entryBits); if (updated.isEmpty()) {
@NotNull @Override public Set<String> getPrivileges(@Nullable Tree tree) { Tree immutableTree = PermissionUtil.getReadOnlyTree(tree, immutableRoot); PrivilegeBits result = PrivilegeBits.getInstance(); PrivilegeBits denied = PrivilegeBits.getInstance(); for (AggregatedPermissionProvider aggregatedPermissionProvider : pps) { PrivilegeBits supported = aggregatedPermissionProvider.supportedPrivileges(immutableTree, null).modifiable(); if (doEvaluate(supported)) { PrivilegeBits granted = privilegeBitsProvider.getBits(aggregatedPermissionProvider.getPrivileges(immutableTree)); // add the granted privileges to the result if (!granted.isEmpty()) { result.add(granted); } if (compositionType == AND) { // update the set of denied privs by comparing the granted privs // with the complete set of supported privileges denied.add(supported.diff(granted)); } } } // subtract all denied privileges from the result if (!denied.isEmpty()) { result.diff(denied); } return privilegeBitsProvider.getPrivilegeNames(result); }
@Nonnull @Override public Set<String> getPrivileges(@Nullable Tree tree) { Tree immutableTree = PermissionUtil.getImmutableTree(tree, immutableRoot); PrivilegeBits result = PrivilegeBits.getInstance(); PrivilegeBits denied = PrivilegeBits.getInstance(); for (AggregatedPermissionProvider aggregatedPermissionProvider : pps) { PrivilegeBits supported = aggregatedPermissionProvider.supportedPrivileges(immutableTree, null).modifiable(); if (doEvaluate(supported)) { PrivilegeBits granted = privilegeBitsProvider.getBits(aggregatedPermissionProvider.getPrivileges(immutableTree)); // add the granted privileges to the result if (!granted.isEmpty()) { result.add(granted); } if (compositionType == AND) { // update the set of denied privs by comparing the granted privs // with the complete set of supported privileges denied.add(supported.diff(granted)); } } } // subtract all denied privileges from the result if (!denied.isEmpty()) { result.diff(denied); } return privilegeBitsProvider.getPrivilegeNames(result); }
@NotNull @Override public Set<String> getPrivileges(@Nullable Tree tree) { Tree immutableTree = PermissionUtil.getReadOnlyTree(tree, immutableRoot); PrivilegeBits result = PrivilegeBits.getInstance(); PrivilegeBits denied = PrivilegeBits.getInstance(); for (AggregatedPermissionProvider aggregatedPermissionProvider : pps) { PrivilegeBits supported = aggregatedPermissionProvider.supportedPrivileges(immutableTree, null).modifiable(); if (doEvaluate(supported)) { PrivilegeBits granted = privilegeBitsProvider.getBits(aggregatedPermissionProvider.getPrivileges(immutableTree)); // add the granted privileges to the result if (!granted.isEmpty()) { result.add(granted); } if (compositionType == AND) { // update the set of denied privs by comparing the granted privs // with the complete set of supported privileges denied.add(supported.diff(granted)); } } } // subtract all denied privileges from the result if (!denied.isEmpty()) { result.diff(denied); } return privilegeBitsProvider.getPrivilegeNames(result); }
@Test public void testHasPrivileges() throws Exception { for (String path : defPrivileges.keySet()) { Set<String> defaultPrivs = defPrivileges.get(path); Tree tree = readOnlyRoot.getTree(path); if (testProvider.isSupported(path)) { Set<String> expected = pbp.getPrivilegeNames(pbp.getBits(defaultPrivs).modifiable().diff(denied)); assertTrue(path, cppTestUser.hasPrivileges(tree, expected.toArray(new String[expected.size()]))); assertFalse(path, cppTestUser.hasPrivileges(tree, JCR_ADD_CHILD_NODES)); assertFalse(path, cppTestUser.hasPrivileges(tree, REP_ADD_PROPERTIES)); assertFalse(path, cppTestUser.hasPrivileges(tree, JCR_MODIFY_PROPERTIES)); } else { assertTrue(path, cppTestUser.hasPrivileges(tree, defaultPrivs.toArray(new String[defaultPrivs.size()]))); } } }
@Test public void testGetPrivileges() throws Exception { PrivilegeBitsProvider pbp = new PrivilegeBitsProvider(readOnlyRoot); for (String path : defPrivileges.keySet()) { Tree tree = readOnlyRoot.getTree(path); Set<String> defaultPrivs = defPrivileges.get(path); Set<String> privNames = cppTestUser.getPrivileges(tree); if (testProvider.isSupported(path)) { PrivilegeBits expected = pbp.getBits(defaultPrivs).modifiable().diff(denied).unmodifiable(); assertEquals(expected, pbp.getBits(privNames)); } else { assertEquals(path, defaultPrivs, privNames); } } }
@Test public void testGetPrivilegesAdmin() throws Exception { for (String path : NODE_PATHS) { Tree tree = readOnlyRoot.getTree(path); Set<String> privNames = cppAdminUser.getPrivileges(tree); if (testProvider.isSupported(path)) { PrivilegeBits expected = pbp.getBits(JCR_ALL).modifiable().diff(denied).unmodifiable(); assertEquals(expected, pbp.getBits(privNames)); } else { assertEquals(path, ImmutableSet.of(JCR_ALL), privNames); } } }
@Test public void testGetPrivilegesOnRepoAdmin() throws Exception { PrivilegeBits expected = pbp.getBits(JCR_ALL).modifiable().diff(pbp.getBits(JCR_NAMESPACE_MANAGEMENT)).unmodifiable(); assertEquals(expected, pbp.getBits(cppAdminUser.getPrivileges(null))); }
@Test public void testHasPrivilegeOnRepoAdmin() throws Exception { assertFalse(cppAdminUser.hasPrivileges(null, JCR_NAMESPACE_MANAGEMENT)); assertFalse(cppAdminUser.hasPrivileges(null, JCR_NAMESPACE_MANAGEMENT, JCR_NODE_TYPE_DEFINITION_MANAGEMENT)); assertFalse(cppAdminUser.hasPrivileges(null, JCR_ALL)); assertTrue(cppAdminUser.hasPrivileges(null, JCR_NODE_TYPE_DEFINITION_MANAGEMENT)); Set<String> expected = pbp.getPrivilegeNames(pbp.getBits(JCR_ALL).modifiable().diff(pbp.getBits(JCR_NAMESPACE_MANAGEMENT))); assertTrue(cppAdminUser.hasPrivileges(null, expected.toArray(new String[expected.size()]))); assertTrue(cppAdminUser.hasPrivileges(null)); }
PrivilegeBits.EMPTY.diff(PrivilegeBits.EMPTY); fail("UnsupportedOperation expected"); } catch (UnsupportedOperationException e) { PrivilegeBits nxt = pb.nextBits(); try { pb.diff(nxt); fail("UnsupportedOperation expected"); } catch (UnsupportedOperationException e) { pb.diff(mod); fail("UnsupportedOperation expected"); } catch (UnsupportedOperationException e) { mod.diff(nxt); assertEquivalent(before, mod); mod.add(nxt); assertFalse(before.equals(mod)); mod.diff(nxt); assertEquivalent(before, mod); mod.add(nxt); tmp.add(nxt); tmp.add(READ_NODES_PRIVILEGE_BITS); tmp.diff(tmp); assertEquivalent(PrivilegeBits.EMPTY, tmp); tmp.add(nxt); tmp.add(READ_NODES_PRIVILEGE_BITS);
@Test public void testHasPrivilegesAdmin() throws Exception { Set<String> expectedAllowed = pbp.getPrivilegeNames(pbp.getBits(JCR_ALL).modifiable().diff(pbp.getBits(JCR_ADD_CHILD_NODES, REP_ADD_PROPERTIES))); for (String path : NODE_PATHS) { Tree tree = readOnlyRoot.getTree(path); if (testProvider.isSupported(path)) { assertTrue(cppAdminUser.hasPrivileges(tree, expectedAllowed.toArray(new String[expectedAllowed.size()]))); assertFalse(cppAdminUser.hasPrivileges(tree, JCR_ADD_CHILD_NODES)); assertFalse(cppAdminUser.hasPrivileges(tree, REP_ADD_PROPERTIES)); assertFalse(cppAdminUser.hasPrivileges(tree, JCR_WRITE)); } else { assertTrue(cppAdminUser.hasPrivileges(tree, JCR_ALL)); } } }
pb.add(READ_NODES_PRIVILEGE_BITS); pb.addDifference(READ_NODES_PRIVILEGE_BITS, READ_NODES_PRIVILEGE_BITS); pb.diff(READ_NODES_PRIVILEGE_BITS); pb.add(READ_NODES_PRIVILEGE_BITS); pb.addDifference(READ_NODES_PRIVILEGE_BITS, READ_NODES_PRIVILEGE_BITS); pb.diff(READ_NODES_PRIVILEGE_BITS); pb.add(READ_NODES_PRIVILEGE_BITS); pb.addDifference(READ_NODES_PRIVILEGE_BITS, PrivilegeBits.EMPTY); pb.diff(READ_NODES_PRIVILEGE_BITS); pb.diff(READ_NODES_PRIVILEGE_BITS); fail("UnsupportedOperation expected"); } catch (UnsupportedOperationException e) {
@Test public void testGetInstanceFromMvPropertyState() { PropertyState property = PropertyStates.createProperty("name", ImmutableSet.of(Long.MAX_VALUE, Long.MIN_VALUE / 2), Type.LONGS); PrivilegeBits pb = PrivilegeBits.getInstance(property); assertEquivalent(pb, PrivilegeBits.getInstance(property)); assertSame(pb, pb.unmodifiable()); assertEquivalent(pb, PrivilegeBits.getInstance(pb)); assertEquivalent(PrivilegeBits.getInstance(pb), pb); assertNotSame(pb, PrivilegeBits.getInstance(pb)); try { pb.add(READ_NODES_PRIVILEGE_BITS); fail("UnsupportedOperation expected"); } catch (UnsupportedOperationException e) { // success } try { pb.addDifference(READ_NODES_PRIVILEGE_BITS, READ_NODES_PRIVILEGE_BITS); fail("UnsupportedOperation expected"); } catch (UnsupportedOperationException e) { // success } try { pb.diff(READ_NODES_PRIVILEGE_BITS); fail("UnsupportedOperation expected"); } catch (UnsupportedOperationException e) { // success } }
@Test public void testIsEmpty() { // empty assertTrue(PrivilegeBits.EMPTY.isEmpty()); // any other bits should not be empty PrivilegeBits pb = READ_NODES_PRIVILEGE_BITS; PrivilegeBits mod = PrivilegeBits.getInstance(pb); for (int i = 0; i < 100; i++) { assertFalse(pb.isEmpty()); assertFalse(PrivilegeBits.getInstance(pb).isEmpty()); pb = pb.nextBits(); mod.add(pb); assertFalse(mod.isEmpty()); PrivilegeBits tmp = PrivilegeBits.getInstance(pb); tmp.diff(pb); assertTrue(tmp.toString(), tmp.isEmpty()); } }
@Test public void testGetInstanceFromPropertyState() { for (long l : LONGS) { PropertyState property = createPropertyState(l); PrivilegeBits pb = PrivilegeBits.getInstance(property); assertEquivalent(pb, PrivilegeBits.getInstance(property)); assertSame(pb, pb.unmodifiable()); assertEquivalent(pb, PrivilegeBits.getInstance(pb)); assertEquivalent(PrivilegeBits.getInstance(pb), pb); assertNotSame(pb, PrivilegeBits.getInstance(pb)); try { pb.add(READ_NODES_PRIVILEGE_BITS); fail("UnsupportedOperation expected"); } catch (UnsupportedOperationException e) { // success } try { pb.addDifference(READ_NODES_PRIVILEGE_BITS, READ_NODES_PRIVILEGE_BITS); fail("UnsupportedOperation expected"); } catch (UnsupportedOperationException e) { // success } try { pb.diff(READ_NODES_PRIVILEGE_BITS); fail("UnsupportedOperation expected"); } catch (UnsupportedOperationException e) { // success } } }