Added: chemistry/site/trunk/content/java/0.7.0/maven/chemistry-opencmis-server/chemistry-opencmis-server-inmemory/xref-test/org/apache/chemistry/opencmis/inmemory/AclPermissionsTest.html URL: http://svn.apache.org/viewvc/chemistry/site/trunk/content/java/0.7.0/maven/chemistry-opencmis-server/chemistry-opencmis-server-inmemory/xref-test/org/apache/chemistry/opencmis/inmemory/AclPermissionsTest.html?rev=1308692&view=auto ============================================================================== --- chemistry/site/trunk/content/java/0.7.0/maven/chemistry-opencmis-server/chemistry-opencmis-server-inmemory/xref-test/org/apache/chemistry/opencmis/inmemory/AclPermissionsTest.html (added) +++ chemistry/site/trunk/content/java/0.7.0/maven/chemistry-opencmis-server/chemistry-opencmis-server-inmemory/xref-test/org/apache/chemistry/opencmis/inmemory/AclPermissionsTest.html Tue Apr 3 05:14:48 2012 @@ -0,0 +1,1284 @@ + + + + +AclPermissionsTest xref + + + +
+
+1   package org.apache.chemistry.opencmis.inmemory;
+2   
+3   import static org.junit.Assert.assertTrue;
+4   import static org.junit.Assert.fail;
+5   
+6   import java.math.BigInteger;
+7   import java.util.ArrayList;
+8   import java.util.Arrays;
+9   import java.util.Collections;
+10  import java.util.GregorianCalendar;
+11  import java.util.HashMap;
+12  import java.util.List;
+13  import java.util.Map;
+14  
+15  import junit.framework.Assert;
+16  
+17  import org.apache.chemistry.opencmis.commons.PropertyIds;
+18  import org.apache.chemistry.opencmis.commons.data.Ace;
+19  import org.apache.chemistry.opencmis.commons.data.Acl;
+20  import org.apache.chemistry.opencmis.commons.data.ContentStream;
+21  import org.apache.chemistry.opencmis.commons.data.ExtensionsData;
+22  import org.apache.chemistry.opencmis.commons.data.ObjectData;
+23  import org.apache.chemistry.opencmis.commons.data.ObjectInFolderContainer;
+24  import org.apache.chemistry.opencmis.commons.data.ObjectInFolderData;
+25  import org.apache.chemistry.opencmis.commons.data.ObjectInFolderList;
+26  import org.apache.chemistry.opencmis.commons.data.ObjectList;
+27  import org.apache.chemistry.opencmis.commons.data.ObjectParentData;
+28  import org.apache.chemistry.opencmis.commons.data.Properties;
+29  import org.apache.chemistry.opencmis.commons.data.PropertyData;
+30  import org.apache.chemistry.opencmis.commons.data.RenditionData;
+31  import org.apache.chemistry.opencmis.commons.enums.AclPropagation;
+32  import org.apache.chemistry.opencmis.commons.enums.BaseTypeId;
+33  import org.apache.chemistry.opencmis.commons.enums.IncludeRelationships;
+34  import org.apache.chemistry.opencmis.commons.enums.VersioningState;
+35  import org.apache.chemistry.opencmis.commons.exceptions.CmisPermissionDeniedException;
+36  import org.apache.chemistry.opencmis.commons.impl.jaxb.EnumBaseObjectTypeIds;
+37  import org.apache.chemistry.opencmis.commons.impl.jaxb.EnumBasicPermissions;
+38  import org.apache.chemistry.opencmis.commons.server.CallContext;
+39  import org.apache.chemistry.opencmis.commons.spi.Holder;
+40  import org.apache.chemistry.opencmis.inmemory.storedobj.api.ObjectStore;
+41  import org.apache.chemistry.opencmis.inmemory.storedobj.impl.InMemoryAce;
+42  import org.apache.chemistry.opencmis.server.support.query.CalendarHelper;
+43  import org.apache.commons.logging.Log;
+44  import org.apache.commons.logging.LogFactory;
+45  import org.junit.After;
+46  import org.junit.Before;
+47  import org.junit.Test;
+48  
+49  public class AclPermissionsTest extends AbstractServiceTest  {
+50  
+51  	private static Log LOG = LogFactory.getLog(AclPermissionsTest.class);
+52  	private static final BigInteger MINUS_ONE = BigInteger.valueOf(-1L);
+53  	
+54      protected ObjectCreator fCreator;
+55  	protected ObjectStore objectStore = null;
+56  	protected List<Ace> addACEs = null;
+57  	protected Acl addAcl = null;
+58  	protected List<Ace> standardACEs = null;
+59  	protected Acl standardAcl = null;
+60  	protected List<Ace> noReadACEs = null;
+61  	protected Acl noReadAcl = null;
+62  	protected List<Ace>readACEs = null;
+63  	protected Acl readAcl = null;
+64  	protected List<Ace>readWriteACEs = null;
+65  	protected Acl readWriteAcl = null;
+66  	protected List<Ace> writerReadACEs = null;
+67  	protected Acl writerReadAcl = null;
+68  	protected List<Ace> adminACEs = null;
+69  	protected Acl adminAcl = null;
+70  	protected List<Ace> testUserACEs = null;
+71  	protected Acl testUserAcl = null;
+72  	protected Acl defaultAcl = null;
+73  	
+74  	protected static Map<String, String> idMap = new HashMap<String, String>();
+75  	
+76      @Override
+77      @After
+78      public void tearDown() {
+79          super.tearDown();
+80      }
+81  
+82      @Override
+83      @Before
+84      public void setUp() {
+85          super.setTypeCreatorClass(UnitTestTypeSystemCreator.class.getName());
+86          super.setUp();
+87          fCreator = new ObjectCreator(fFactory, fObjSvc, fRepositoryId);
+88  		 List<String> principalIds = new ArrayList<String>(3);
+89  		 principalIds.add("TestAdmin");
+90  		 principalIds.add("Writer");
+91  		 principalIds.add("Reader");
+92  		 principalIds.add("TestUser");
+93  		addACEs = new ArrayList<Ace>(4);
+94  		addACEs.add(createAce("TestAdmin", EnumBasicPermissions.CMIS_ALL));
+95  		addACEs.add(createAce("Writer", EnumBasicPermissions.CMIS_WRITE));
+96  		addACEs.add(createAce("TestUser", EnumBasicPermissions.CMIS_WRITE));
+97  		addACEs.add(createAce("Reader", EnumBasicPermissions.CMIS_READ));
+98  		addAcl = fFactory.createAccessControlList(addACEs);
+99  		
+100 		standardACEs = new ArrayList<Ace>(3);
+101 		standardACEs.add(createAce("TestAdmin", EnumBasicPermissions.CMIS_ALL));
+102 		standardACEs.add(createAce("Writer", EnumBasicPermissions.CMIS_WRITE));
+103 		standardACEs.add(createAce("Reader", EnumBasicPermissions.CMIS_READ));
+104 		standardAcl = fFactory.createAccessControlList(standardACEs);	
+105 		
+106 		noReadACEs = new ArrayList<Ace>(2);
+107 		noReadACEs.add(createAce("TestAdmin", EnumBasicPermissions.CMIS_ALL));
+108 		noReadACEs.add(createAce("Writer", EnumBasicPermissions.CMIS_WRITE));
+109 		noReadAcl = fFactory.createAccessControlList(noReadACEs);	
+110 		
+111 		readACEs = new ArrayList<Ace>(1);
+112 		readACEs.add(createAce("Reader", EnumBasicPermissions.CMIS_READ));
+113 		readAcl = fFactory.createAccessControlList(readACEs);	
+114 		
+115 		readWriteACEs = new ArrayList<Ace>(2);
+116 		readWriteACEs.add(createAce("Reader", EnumBasicPermissions.CMIS_READ));
+117 		readWriteACEs.add(createAce("Writer", EnumBasicPermissions.CMIS_WRITE));
+118 		readWriteAcl = fFactory.createAccessControlList(readWriteACEs);	
+119 		
+120 		testUserACEs = new ArrayList<Ace>(1);
+121 		testUserACEs.add(createAce("TestUser", EnumBasicPermissions.CMIS_WRITE));
+122 		testUserAcl = fFactory.createAccessControlList(testUserACEs);	
+123 		
+124 		writerReadACEs = new ArrayList<Ace>(1);
+125 		writerReadACEs.add(createAce("Writer", EnumBasicPermissions.CMIS_READ));
+126 		writerReadAcl = fFactory.createAccessControlList(writerReadACEs);	
+127 		
+128 		adminACEs = new ArrayList<Ace>(1);
+129 		adminACEs.add(createAce("TestAdmin", EnumBasicPermissions.CMIS_ALL));
+130 		adminAcl = fFactory.createAccessControlList(adminACEs);	
+131 		
+132 		List<Ace> defaultACEs = new ArrayList<Ace>(1);
+133         defaultACEs.add(createAce(InMemoryAce.getAnyoneUser(), EnumBasicPermissions.CMIS_ALL));
+134         defaultAcl = fFactory.createAccessControlList(defaultACEs); 
+135 	}
+136 
+137 	@Test
+138 	public void testCreateObjectsWithAcl()
+139 	{
+140 		// create a document with initial ACL
+141 		String docId = createDocumentWithAcls("complexDocument",  fRootFolderId, UnitTestTypeSystemCreator.COMPLEX_TYPE,
+142 				addAcl, defaultAcl);
+143 		Acl acl1 = fAclSvc.getAcl(fRepositoryId, docId, true, null);
+144 		assertTrue(aclEquals(addAcl, acl1));
+145 		
+146 		// create a folder with initial ACL
+147 		String folderId = createFolderWithAcls("folderWithAcl", fRootFolderId, BaseTypeId.CMIS_FOLDER.value(),
+148 				addAcl, defaultAcl);
+149 		Acl acl2 = fAclSvc.getAcl(fRepositoryId, folderId, true, null);
+150 		assertTrue(aclEquals(addAcl, acl2));
+151 		
+152 		// add acl later
+153 		String docId2 = createVersionedDocument("complexDocument2",  fRootFolderId);
+154         Acl acl = fAclSvc.applyAcl(fRepositoryId, docId2, addAcl, defaultAcl, AclPropagation.OBJECTONLY, null);
+155 		assertTrue(aclEquals(addAcl, acl));
+156 		
+157 		String folderId2 = createFolder("folder2", fRootFolderId, "cmis:folder");
+158 		acl2 = fAclSvc.applyAcl(fRepositoryId, folderId2, addAcl, defaultAcl, AclPropagation.OBJECTONLY, null);
+159 		assertTrue(aclEquals(addAcl, acl2));
+160 		
+161 		// add a subfolder
+162 		String subFolderId = createFolder("subFolder", folderId,  BaseTypeId.CMIS_FOLDER.value());
+163 		// folder should inherit acl
+164 		Acl subAcl = fAclSvc.getAcl(fRepositoryId, subFolderId, true, null);
+165 		assertTrue(aclEquals(addAcl, subAcl));
+166 		
+167 		// add a document
+168 		String subDocId = createVersionedDocument("subDoc", subFolderId);
+169 		// document should inherit acl
+170 		Acl subAclDoc = fAclSvc.getAcl(fRepositoryId, subDocId, true, null);
+171 		assertTrue(aclEquals(addAcl, subAclDoc));
+172 		
+173 		// remove an ace, no permission is left for TestUser
+174 		Acl removeAcl = createAcl("TestUser", EnumBasicPermissions.CMIS_WRITE);
+175 		Acl acl3 = fAclSvc.applyAcl(fRepositoryId, docId2, null, removeAcl, AclPropagation.OBJECTONLY, null);
+176 		
+177 		List<Ace> compareRemoveACEs = new ArrayList<Ace>(3);
+178 		compareRemoveACEs.add(createAce("TestAdmin", EnumBasicPermissions.CMIS_ALL));
+179 		compareRemoveACEs.add(createAce("Writer", EnumBasicPermissions.CMIS_WRITE));
+180 		compareRemoveACEs.add(createAce("Reader", EnumBasicPermissions.CMIS_READ));
+181 		Acl compareRemoveAcl = fFactory.createAccessControlList(compareRemoveACEs);
+182 		
+183 		assertTrue(aclEquals(compareRemoveAcl, acl3));
+184 		
+185 		// addACE not propagated
+186 		Acl addPropAcl = createAcl("TestUser", EnumBasicPermissions.CMIS_WRITE);
+187 		
+188 		Acl acl4 = fAclSvc.applyAcl(fRepositoryId, subFolderId, addPropAcl, null, AclPropagation.OBJECTONLY, null);
+189 		Acl subAclDoc2 = fAclSvc.getAcl(fRepositoryId, subDocId, true, null);
+190 		assertTrue(aclEquals(addAcl, subAclDoc2));  // acl of doc did not change
+191 		
+192 		List<Ace> compareRemoveACEs2 = new ArrayList<Ace>(4);
+193 		compareRemoveACEs2.add(createAce("TestAdmin", EnumBasicPermissions.CMIS_ALL));
+194 		compareRemoveACEs2.add(createAce("Writer", EnumBasicPermissions.CMIS_WRITE));
+195 		compareRemoveACEs2.add(createAce("TestUser", EnumBasicPermissions.CMIS_ALL));
+196 		compareRemoveACEs2.add(createAce("Reader", EnumBasicPermissions.CMIS_READ));
+197 		Acl compareRemoveAcl2 = fFactory.createAccessControlList(compareRemoveACEs2);
+198 		assertTrue(aclEquals(compareRemoveAcl2, acl4)); 
+199 		
+200 		// addACE propagated
+201 		Acl acl5 = fAclSvc.applyAcl(fRepositoryId, subFolderId, addPropAcl, null, AclPropagation.PROPAGATE, null);
+202 		Acl subAclDoc3 = fAclSvc.getAcl(fRepositoryId, subDocId, true, null);
+203 		assertTrue(aclEquals(compareRemoveAcl2, subAclDoc3));  // acl of doc did change
+204 		assertTrue(aclEquals(compareRemoveAcl2, acl5)); 
+205 	}
+206 		
+207 	
+208 	@Test
+209 	public void checkNavigationServiceGeneralAccess()
+210 	{
+211 		// starts with call context TestUser
+212 		switchCallContext("TestAdmin");
+213 		String docId = createDocumentWithAcls("doc",  fRootFolderId, "ComplexType",
+214 				standardAcl, defaultAcl);
+215 		String folderId = createFolderWithAcls("folder", fRootFolderId, "cmis:folder", standardAcl, defaultAcl);
+216 //		fTestCallContext = new DummyCallContext("Writer");
+217 		String subFolderId = createFolderWithAcls("subFolder", folderId, "cmis:folder", standardAcl, null);
+218 		
+219 		
+220 		// TestUser has no permission at all
+221 		switchCallContext("TestUser");
+222 		boolean exceptionThrown = false;
+223 		try
+224 		{
+225 			ObjectInFolderList list = fNavSvc.getChildren(fRepositoryId, folderId, null, null, false, IncludeRelationships.NONE, null, null, 
+226 					BigInteger.ZERO , BigInteger.ZERO, null);
+227 		}
+228 		catch (CmisPermissionDeniedException e)
+229 		{
+230 			exceptionThrown = true;
+231 		}
+232 		if (!exceptionThrown)
+233 			Assert.fail("TestUser has no permissions)");
+234 		
+235 		switchCallContext("Reader");
+236 		ObjectInFolderList list = fNavSvc.getChildren(fRepositoryId, folderId, null, null, false, IncludeRelationships.NONE, null, null,
+237 				BigInteger.ZERO , BigInteger.ZERO, null);
+238 		
+239 		
+240 		switchCallContext("TestUser");
+241 		exceptionThrown = false;
+242 		try
+243 		{
+244 			List<ObjectInFolderContainer> list2 = fNavSvc.getDescendants(fRepositoryId, folderId, MINUS_ONE, null, null, null, null, null, null);
+245 		}
+246 		catch (CmisPermissionDeniedException e)
+247 		{
+248 			exceptionThrown = true;
+249 		}
+250 		if (!exceptionThrown)
+251 			Assert.fail("TestUser has no permissions)");
+252 		
+253 		switchCallContext("Reader");
+254 		List<ObjectInFolderContainer> list2 = fNavSvc.getDescendants(fRepositoryId, folderId, MINUS_ONE, null, null, null, null, null, null);
+255 		
+256 		
+257 		switchCallContext("TestUser");
+258 		exceptionThrown = false;
+259 		try
+260 		{
+261 			List<ObjectInFolderContainer> list3 = fNavSvc.getFolderTree(fRepositoryId, folderId, BigInteger.ONE, null, null, null, null, null, null);
+262 		}
+263 		catch (CmisPermissionDeniedException e)
+264 		{
+265 			exceptionThrown = true;
+266 		}
+267 		if (!exceptionThrown)
+268 			Assert.fail("TestUser has no permissions)");
+269 		
+270 		switchCallContext("Reader");
+271 		List<ObjectInFolderContainer> list3 = fNavSvc.getFolderTree(fRepositoryId, folderId, BigInteger.ONE, null, null, null, null, null, null);
+272 		
+273 		switchCallContext("TestUser");
+274 		exceptionThrown = false;
+275 		try
+276 		{
+277 			List<ObjectParentData> list4 = fNavSvc.getObjectParents(fRepositoryId, folderId, null, null, null, null, null, null);
+278 		}
+279 		catch (CmisPermissionDeniedException e)
+280 		{
+281 			exceptionThrown = true;
+282 		}
+283 		if (!exceptionThrown)
+284 			Assert.fail("TestUser has no permissions)");
+285 		
+286 		switchCallContext("Reader");
+287 		List<ObjectParentData> list4 = fNavSvc.getObjectParents(fRepositoryId, folderId, null, null, null, null, null, null);
+288 		
+289 		switchCallContext("TestUser");
+290 		exceptionThrown = false;
+291 		try
+292 		{
+293 			ObjectData list5 = fNavSvc.getFolderParent(fRepositoryId, folderId, null, null);
+294 		}
+295 		catch (CmisPermissionDeniedException e)
+296 		{
+297 			exceptionThrown = true;
+298 		}
+299 		if (!exceptionThrown)
+300 			Assert.fail("TestUser has no permissions)");
+301 		
+302 		switchCallContext("Reader");
+303 		ObjectData list5 = fNavSvc.getFolderParent(fRepositoryId, folderId, null, null);
+304 	
+305 		switchCallContext("TestUser");
+306 		exceptionThrown = false;
+307 		try
+308 		{
+309 			ObjectList list6 = fNavSvc.getCheckedOutDocs(fRepositoryId, folderId, null, null, null, IncludeRelationships.NONE, 
+310 					null, MINUS_ONE, MINUS_ONE, null);
+311 		}
+312 		catch (CmisPermissionDeniedException e)
+313 		{
+314 			exceptionThrown = true;
+315 		}
+316 		if (!exceptionThrown)
+317 			Assert.fail("TestUser has no permissions)");
+318 		
+319 		switchCallContext("Reader");
+320 		ObjectList list6 = fNavSvc.getCheckedOutDocs(fRepositoryId, folderId, null, null, null, IncludeRelationships.NONE, 
+321 				null, MINUS_ONE, MINUS_ONE, null);
+322 	}
+323 	
+324 	@Test
+325 	public void testAclServiceGeneralAccess()
+326 	{
+327 	    List<Ace> initialACEs = new ArrayList<Ace>(4);
+328 	    initialACEs.addAll(standardACEs);
+329 	    initialACEs.add(createAce("Admin2", EnumBasicPermissions.CMIS_ALL));
+330         Acl initialAcl = fFactory.createAccessControlList(initialACEs);   
+331         
+332         List<Ace> expectedACEs = new ArrayList<Ace>(5);
+333         expectedACEs.addAll(initialACEs);
+334         expectedACEs.addAll(testUserACEs);
+335         Acl expectedAcl = fFactory.createAccessControlList(expectedACEs);   
+336         
+337 	    List<Ace> removeACEs = new ArrayList<Ace>(1);
+338         removeACEs.add(createAce("TestAdmin", EnumBasicPermissions.CMIS_ALL));
+339 		Acl removeAcl = fFactory.createAccessControlList(removeACEs);
+340 		
+341 		List<Ace> removeACEs2 = new ArrayList<Ace>(2);
+342 		removeACEs2.add(createAce("TestAdmin", EnumBasicPermissions.CMIS_ALL));
+343 		removeACEs2.add(createAce("Reader", EnumBasicPermissions.CMIS_READ));
+344 		Acl removeAcl2 = fFactory.createAccessControlList(removeACEs2);
+345 		
+346 		List<Ace> testUserACEs = new ArrayList<Ace>(1);
+347 		testUserACEs.add(createAce("TestUser", EnumBasicPermissions.CMIS_WRITE));
+348 		Acl testUserAcl = fFactory.createAccessControlList(testUserACEs);
+349 		
+350 		switchCallContext("TestAdmin");
+351 		String docId = createDocumentWithAcls("doc",  fRootFolderId, "ComplexType",
+352 		        initialAcl, defaultAcl);
+353 		String folderId = createFolderWithAcls("folder", fRootFolderId, "cmis:folder", initialAcl, defaultAcl);
+354 		String subFolderId = createFolderWithAcls("subFolder", folderId, "cmis:folder", initialAcl, defaultAcl);
+355 		
+356 		// getAcl of a folder
+357 		switchCallContext("TestUser");
+358 		boolean exceptionThrown = false;
+359 		try
+360 		{
+361 			Acl acl = fAclSvc.getAcl(fRepositoryId, folderId, null, null); 
+362 		}
+363 		catch (CmisPermissionDeniedException e)
+364 		{
+365 			exceptionThrown = true;
+366 		}
+367 		if (!exceptionThrown)
+368 			Assert.fail("TestUser has no permissions to get acl of folder");
+369 		
+370 		switchCallContext("Reader");
+371 		Acl acl = fAclSvc.getAcl(fRepositoryId, folderId, null, null);
+372 		
+373 		// getAcl of a document
+374 		switchCallContext("TestUser");
+375 		exceptionThrown = false;
+376 		try
+377 		{
+378 			Acl docAcl = fAclSvc.getAcl(fRepositoryId, docId, true, null); 
+379 		}
+380 		catch (CmisPermissionDeniedException e)
+381 		{
+382 			exceptionThrown = true;
+383 		}
+384 		if (!exceptionThrown)
+385 			Assert.fail("TestUser has no permissions to get acl of doc)");
+386 		
+387 		switchCallContext("Reader");
+388 		Acl docAcl = fAclSvc.getAcl(fRepositoryId, docId, true, null);
+389 		
+390 		// applyAcl
+391 		switchCallContext("Reader");
+392 		exceptionThrown = false;
+393 		try
+394 		{
+395 			Acl docAcl2 = fAclSvc.applyAcl(fRepositoryId, docId, initialAcl, null, AclPropagation.OBJECTONLY, null);
+396 		}
+397 		catch (CmisPermissionDeniedException e)
+398 		{
+399 			exceptionThrown = true;
+400 		}
+401 		if (!exceptionThrown)
+402 			Assert.fail("TestUser has no permissions)");
+403 		
+404 //		switchCallContext("Writer");
+405         switchCallContext("TestAdmin");
+406 		Acl docAcl2 = fAclSvc.applyAcl(fRepositoryId, docId, initialAcl, null, AclPropagation.OBJECTONLY, null);
+407 		
+408 		// applyAcl when not allowed to subItem
+409 		switchCallContext("TestAdmin");
+410 		Acl docAcl4 = fAclSvc.applyAcl(fRepositoryId, subFolderId, null, removeAcl, AclPropagation.OBJECTONLY, null);
+411 		
+412 //        switchCallContext("Writer");
+413         switchCallContext("TestAdmin");
+414         // apply an ACL where the current user has permission to modify ACL on folder but not on sub-folder:
+415 		Acl docAcl5 = fAclSvc.applyAcl(fRepositoryId, folderId, testUserAcl, null, AclPropagation.PROPAGATE, null);
+416 		switchCallContext("Admin");
+417 		Acl docAcl6 = fAclSvc.getAcl(fRepositoryId, folderId, true, null);
+418 		assertTrue(aclEquals(expectedAcl, docAcl6)); 
+419 		Acl docAcl7 = fAclSvc.getAcl(fRepositoryId, subFolderId, true, null);
+420 		assertTrue(aclEquals(standardAcl, docAcl7)); 
+421 	}
+422 	
+423 	@Test
+424 	public void testObjectServiceGeneralAccess()
+425 	{
+426 			
+427 		// starts with call context TestUser
+428 		switchCallContext("TestAdmin");
+429 		String docId = createDocumentWithAcls("doc",  fRootFolderId, "ComplexType",
+430 				standardAcl, defaultAcl);
+431 		String folderId = createFolderWithAcls("folder", fRootFolderId, "cmis:folder", standardAcl, defaultAcl);
+432 //		fTestCallContext = new DummyCallContext("Writer");
+433 		String subFolderId = createFolderWithAcls("subFolder", folderId, "cmis:folder", standardAcl, null);
+434 		String noReadFolderId = createFolderWithAcls("noReadFolder", folderId, "cmis:folder", null, readAcl);
+435 		String adminFolderId = createFolderWithAcls("adminFolder", folderId, "cmis:folder", null, readWriteAcl);
+436 		
+437 		// TestUser has no permission at all
+438 		switchCallContext("TestUser");
+439 		boolean exceptionThrown = false;
+440 		try
+441 		{
+442 			Properties properties = createDocumentProperties("doc", "ComplexType");
+443 			String id = fObjSvc.createDocument(fRepositoryId, properties, folderId, null, null, null, null,
+444 					null, null);
+445 		}
+446 		catch (CmisPermissionDeniedException e)
+447 		{
+448 			exceptionThrown = true;
+449 		}
+450 		if (!exceptionThrown)
+451 			Assert.fail("TestUser has no permissions to create a document");
+452 		
+453 		exceptionThrown = false;
+454 		try
+455 		{
+456 			String id = fObjSvc.createFolder(fRepositoryId, null, folderId, null, null, null, null);
+457 		}
+458 		catch (CmisPermissionDeniedException e)
+459 		{
+460 			exceptionThrown = true;
+461 		}
+462 		if (!exceptionThrown)
+463 			Assert.fail("TestUser has no permissions to create a folder");
+464 		
+465 		/*
+466 		exceptionThrown = false;
+467 		try
+468 		{
+469 			Properties properties = createRelationshipProperties(folderId, fRootFolderId);
+470 			String id1 = fObjSvc.createRelationship(fRepositoryId, properties, null, null, null, null);
+471 		}
+472 		catch (CmisPermissionDeniedException e)
+473 		{
+474 			exceptionThrown = true;
+475 		}
+476 		if (!exceptionThrown)
+477 			Assert.fail("TestUser has no permissions to create a relationship: missing read permission for source id");
+478 		
+479 		exceptionThrown = false;
+480 		Properties properties = createRelationshipProperties( fRootFolderId, folderId);
+481 		try
+482 		{
+483 			String id2 = fObjSvc.createRelationship(fRepositoryId, properties, null, null, null, null);
+484 		}
+485 		catch (CmisPermissionDeniedException e)
+486 		{
+487 			exceptionThrown = true;
+488 		}
+489 		if (!exceptionThrown)
+490 			Assert.fail("TestUser has no permissions to create a relationship: missing read permission for destination");
+491 		*/
+492 		
+493 		exceptionThrown = false;
+494 		try
+495 		{
+496 			Properties props = fObjSvc.getProperties(fRepositoryId,  folderId, null, null);
+497 		}
+498 		catch (CmisPermissionDeniedException e)
+499 		{
+500 			exceptionThrown = true;
+501 		}
+502 		if (!exceptionThrown)
+503 			Assert.fail("TestUser has no permissions to get properties of the folder");
+504 		
+505 		exceptionThrown = false;
+506 		try
+507 		{
+508 			Properties props = fObjSvc.getProperties(fRepositoryId,  docId, null, null);
+509 		}
+510 		catch (CmisPermissionDeniedException e)
+511 		{
+512 			exceptionThrown = true;
+513 		}
+514 		if (!exceptionThrown)
+515 			Assert.fail("TestUser has no permissions to get properties of the document");
+516 		
+517 		exceptionThrown = false;
+518 		try
+519 		{
+520 			List<RenditionData> renditions = fObjSvc.getRenditions(fRepositoryId,  docId, null, BigInteger.valueOf(-1),
+521 					BigInteger.valueOf(-1), null);
+522 		}
+523 		catch (CmisPermissionDeniedException e)
+524 		{
+525 			exceptionThrown = true;
+526 		}
+527 		if (!exceptionThrown)
+528 			Assert.fail("TestUser has no permissions to get renditions of the document");
+529 		
+530 		exceptionThrown = false;
+531 		try
+532 		{
+533 			ContentStream contentStream =  fObjSvc.getContentStream(fRepositoryId,  docId, null, BigInteger.valueOf(-1),
+534 					BigInteger.valueOf(-1), null);
+535 		}
+536 		catch (CmisPermissionDeniedException e)
+537 		{
+538 			exceptionThrown = true;
+539 		}
+540 		if (!exceptionThrown)
+541 			Assert.fail("TestUser has no permissions to get contentStream of the document");
+542 		
+543 		switchCallContext("Reader");
+544 		exceptionThrown = false;
+545 		Properties properties = createDocumentProperties( "name", "typeId");
+546 		try
+547 		{	
+548 			fObjSvc.updateProperties(fRepositoryId,
+549 					new Holder<String>(docId), new Holder<String>("changeToken"), properties, null);
+550 		}
+551 		catch (CmisPermissionDeniedException e)
+552 		{
+553 			exceptionThrown = true;
+554 		}
+555 		if (!exceptionThrown)
+556 			Assert.fail("Reader has no permissions to update properties of the document");
+557 		
+558 		exceptionThrown = false;
+559 		properties = createDocumentProperties( "name", "typeId");
+560 		try
+561 		{	
+562 			fObjSvc.updateProperties(fRepositoryId,
+563 					new Holder<String>(docId), new Holder<String>("changeToken"), properties, null);
+564 		}
+565 		catch (CmisPermissionDeniedException e)
+566 		{
+567 			exceptionThrown = true;
+568 		}
+569 		if (!exceptionThrown)
+570 			Assert.fail("Reader has no permissions to update properties of the document");
+571 		
+572 		exceptionThrown = false;
+573 		try
+574 		{	
+575 			fObjSvc.moveObject(fRepositoryId, new Holder<String>(docId), subFolderId,
+576 					fRootFolderId, null);
+577 		}
+578 		catch (CmisPermissionDeniedException e)
+579 		{
+580 			exceptionThrown = true;
+581 		}
+582 		if (!exceptionThrown)
+583 			Assert.fail("Reader has no permissions to move document");
+584 		
+585 		switchCallContext("Writer");
+586 		exceptionThrown = false;
+587 		try
+588 		{	
+589 			fObjSvc.moveObject(fRepositoryId,new Holder<String>(docId), adminFolderId,
+590 					fRootFolderId, null);
+591 		}
+592 		catch (CmisPermissionDeniedException e)
+593 		{
+594 			exceptionThrown = true;
+595 		}
+596 		if (!exceptionThrown)
+597 			Assert.fail("Writer has no permissions to move document to admin folder");
+598 		
+599 		switchCallContext("Reader");
+600 		exceptionThrown = false;
+601 		try
+602 		{	
+603 			fObjSvc.deleteObject(fRepositoryId, docId, true, null);
+604 		}
+605 		catch (CmisPermissionDeniedException e)
+606 		{
+607 			exceptionThrown = true;
+608 		}
+609 		if (!exceptionThrown)
+610 			Assert.fail("Reader has no permissions to delete document ");
+611 		
+612 		exceptionThrown = false;
+613 		try
+614 		{	
+615 			fObjSvc.deleteObject(fRepositoryId, adminFolderId, true, null);
+616 		}
+617 		catch (CmisPermissionDeniedException e)
+618 		{
+619 			exceptionThrown = true;
+620 		}
+621 		if (!exceptionThrown)
+622 			Assert.fail("Reader has no permissions to delete admin folder ");
+623 		
+624 		exceptionThrown = false;
+625 		try
+626 		{	
+627 			fObjSvc.setContentStream(fRepositoryId, new Holder<String> (docId), true,
+628 					new Holder<String>("changeToken"), null, null);
+629 		}
+630 		catch (CmisPermissionDeniedException e)
+631 		{
+632 			exceptionThrown = true;
+633 		}
+634 		if (!exceptionThrown)
+635 			Assert.fail("Reader has no permissions to set content ");
+636 		
+637 		exceptionThrown = false;
+638 		try
+639 		{	
+640 			fObjSvc.deleteContentStream(fRepositoryId, new Holder<String> (docId), 
+641 					new Holder<String>("changeToken"), null);
+642 		}
+643 		catch (CmisPermissionDeniedException e)
+644 		{
+645 			exceptionThrown = true;
+646 		}
+647 		if (!exceptionThrown)
+648 			Assert.fail("Reader has no permissions to delete content ");
+649 		
+650 		exceptionThrown = false;
+651 		try
+652 		{	
+653 			fObjSvc.deleteTree(fRepositoryId, folderId, true,
+654 					 null, false, null);
+655 		}
+656 		catch (CmisPermissionDeniedException e)
+657 		{
+658 			exceptionThrown = true;
+659 		}
+660 		if (!exceptionThrown)
+661 			Assert.fail("Reader has no permissions to delete tree ");
+662 	}
+663 	
+664 	@Test
+665 	public void testMultiFilingServiceGeneralAccess()
+666 	{
+667 		// starts with call context TestUser
+668 		switchCallContext("TestAdmin");
+669 		String docId = createDocumentWithAcls("doc",  fRootFolderId, "ComplexType",
+670 				standardAcl, defaultAcl);
+671 		String folderId = createFolderWithAcls("folder", fRootFolderId, "cmis:folder", 
+672 				addAcl, defaultAcl);
+673 		String noReadFolderId = createFolderWithAcls("noReadFolder", folderId, "cmis:folder", 
+674 				null, readAcl);
+675 		
+676 		// TestUser has no permission at the document
+677 		switchCallContext("TestUser");
+678 		boolean exceptionThrown = false;
+679 		try
+680 		{
+681 			
+682 			fMultiSvc.addObjectToFolder(fRepositoryId, docId, folderId, true, null);
+683 		}
+684 		catch (CmisPermissionDeniedException e)
+685 		{
+686 			exceptionThrown = true;
+687 		}
+688 		if (!exceptionThrown)
+689 			Assert.fail("TestUser has no permissions at the document to add a parent");
+690 		
+691 		exceptionThrown = false;
+692 		switchCallContext("Reader");  // has no permission at the folder
+693 		try
+694 		{
+695 			
+696 			fMultiSvc.addObjectToFolder(fRepositoryId, docId, noReadFolderId, true, null);
+697 		}
+698 		catch (CmisPermissionDeniedException e)
+699 		{
+700 			exceptionThrown = true;
+701 		}
+702 		if (!exceptionThrown)
+703 			Assert.fail("Reader has no permission at the folder to add a parent");
+704 		
+705 		switchCallContext("TestAdmin");
+706 		fMultiSvc.addObjectToFolder(fRepositoryId, docId, noReadFolderId, true, null);
+707 		fMultiSvc.addObjectToFolder(fRepositoryId, docId, folderId, true, null);
+708 		
+709 		switchCallContext("Reader");  
+710 		try
+711 		{
+712 			
+713 			fMultiSvc.removeObjectFromFolder(fRepositoryId, docId, noReadFolderId, null);
+714 		}
+715 		catch (CmisPermissionDeniedException e)
+716 		{
+717 			exceptionThrown = true;
+718 		}
+719 		if (!exceptionThrown)
+720 			Assert.fail("Reader has no permission at the folder to remove a parent");
+721 		
+722 		switchCallContext("TestUser"); 
+723 		try
+724 		{
+725 			
+726 			fMultiSvc.removeObjectFromFolder(fRepositoryId, docId, folderId, null);
+727 		}
+728 		catch (CmisPermissionDeniedException e)
+729 		{
+730 			exceptionThrown = true;
+731 		}
+732 		if (!exceptionThrown)
+733 			Assert.fail("TestUser has no permission at the object to remove a parent");
+734 	}
+735 	
+736 	@Test
+737 	public void testVersioningServiceGeneralAccess()
+738 	{
+739 		// starts with call context TestUser
+740 		switchCallContext("TestAdmin");
+741 		String docId = createDocumentWithAcls("doc",  fRootFolderId, UnitTestTypeSystemCreator.VERSIONED_TYPE,
+742 		        VersioningState.MAJOR, standardAcl, defaultAcl);
+743 	
+744 		// TestUser has no permission at all
+745 		switchCallContext("TestUser");
+746 		boolean exceptionThrown = false;
+747 		try
+748 		{
+749 			Holder<String> docIdHolder = new Holder<String>(docId);
+750 			fVerSvc.checkOut(fRepositoryId, docIdHolder, null, 
+751 					new Holder<Boolean>(false));
+752 		}
+753 		catch (CmisPermissionDeniedException e)
+754 		{
+755 			exceptionThrown = true;
+756 		}
+757 		if (!exceptionThrown)
+758 			Assert.fail("TestUser has no permission to checkout)");
+759 		
+760 		// Reader has only read permission
+761 		switchCallContext("Reader");
+762 		exceptionThrown = false;
+763 		try
+764 		{
+765 			fVerSvc.checkOut(fRepositoryId, new Holder<String>(docId), null, 
+766 					new Holder<Boolean>(false));
+767 		}
+768 		catch (CmisPermissionDeniedException e)
+769 		{
+770 			exceptionThrown = true;
+771 		}
+772 		if (!exceptionThrown)
+773 			Assert.fail("Reader has not enough permission to checkout)");
+774 		
+775 		// checkout
+776 		switchCallContext("TestAdmin");
+777 		fAclSvc.applyAcl(fRepositoryId, docId, testUserAcl, null, AclPropagation.OBJECTONLY, null);
+778 		switchCallContext("TestUser");
+779 		Holder<String> docIdHolder = new Holder<String>(docId);
+780 		fVerSvc.checkOut(fRepositoryId, docIdHolder, null, 
+781 				new Holder<Boolean>(false));
+782 	
+783         switchCallContext("TestAdmin");
+784 		fAclSvc.applyAcl(fRepositoryId, docId, null, testUserAcl, AclPropagation.OBJECTONLY, null);
+785 		
+786 		// TestUser has no permission at all, only checkout user can checkin
+787 		switchCallContext("TestUser");
+788 		exceptionThrown = false;
+789 		try
+790 		{
+791 			fVerSvc.cancelCheckOut(fRepositoryId, docId, null);
+792 		}
+793 		catch (CmisPermissionDeniedException e)
+794 		{
+795 			exceptionThrown = true;
+796 		}
+797 		if (!exceptionThrown)
+798 			Assert.fail("TestUser has no permission to cancelCheckOut)");
+799 		switchCallContext("TestAdmin");
+800 		fAclSvc.applyAcl(fRepositoryId, docId, testUserAcl, null, AclPropagation.OBJECTONLY, null);
+801 		switchCallContext("TestUser");
+802 		fVerSvc.cancelCheckOut(fRepositoryId, docId, null);
+803 		
+804 		// writer looses write permission
+805 		switchCallContext("Writer");
+806 		fVerSvc.checkOut(fRepositoryId, new Holder<String>(docId), null, 
+807 				new Holder<Boolean>(false));
+808 
+809 		switchCallContext("TestAdmin");
+810 		fAclSvc.applyAcl(fRepositoryId, docId, null, readWriteAcl, AclPropagation.OBJECTONLY, null);
+811 	
+812 		switchCallContext("Writer");
+813         exceptionThrown = false;
+814 		try
+815 		{
+816 			fVerSvc.cancelCheckOut(fRepositoryId, docId, null);
+817 		}
+818 		catch (CmisPermissionDeniedException e)
+819 		{
+820 			exceptionThrown = true;
+821 		}
+822 		if (!exceptionThrown)
+823 			Assert.fail("Reader has not enough permission to cancelCheckOut)");
+824 		switchCallContext("TestAdmin");
+825 		fAclSvc.applyAcl(fRepositoryId, docId, readWriteAcl, null, AclPropagation.OBJECTONLY, null);
+826 		switchCallContext("Writer");
+827 		fVerSvc.cancelCheckOut(fRepositoryId, docId, null);
+828 				
+829 		// TestUser has no permission at all
+830 		switchCallContext("TestAdmin");
+831 		fAclSvc.applyAcl(fRepositoryId, docId, testUserAcl, null, AclPropagation.OBJECTONLY, null);
+832 		switchCallContext("TestUser");
+833 		fVerSvc.checkOut(fRepositoryId, new Holder<String>(docId), null, 
+834 				new Holder<Boolean>(false));
+835 
+836 		switchCallContext("TestAdmin");
+837 		fAclSvc.applyAcl(fRepositoryId, docId, null, testUserAcl, AclPropagation.OBJECTONLY, null);
+838 	
+839 		switchCallContext("TestUser");
+840 		exceptionThrown = false;
+841 		try
+842 		{
+843 			fVerSvc.checkIn(fRepositoryId, new Holder<String>(docId), true,  null, null, null, null,
+844 					null, null, null);
+845 		}
+846 		catch (CmisPermissionDeniedException e)
+847 		{
+848 			exceptionThrown = true;
+849 		}
+850 		if (!exceptionThrown)
+851 			Assert.fail("TestUser has no permission to checkIn)");
+852 		switchCallContext("TestAdmin");
+853 		fAclSvc.applyAcl(fRepositoryId, docId, testUserAcl, null, AclPropagation.OBJECTONLY, null);
+854 		switchCallContext("TestUser");
+855 		fVerSvc.checkIn(fRepositoryId, new Holder<String>(docId), true,  null, null, null, null,
+856 				null, null, null);
+857 
+858 		switchCallContext("TestAdmin");
+859 		fAclSvc.applyAcl(fRepositoryId, docId, null, testUserAcl, AclPropagation.OBJECTONLY, null);
+860 		
+861 		// writer looses write permission
+862 		switchCallContext("Writer");
+863 		fVerSvc.checkOut(fRepositoryId, new Holder<String>(docId), null, 
+864 				new Holder<Boolean>(false));
+865         
+866 		switchCallContext("TestAdmin");
+867 		fAclSvc.applyAcl(fRepositoryId, docId, null, readWriteAcl, AclPropagation.OBJECTONLY, null);
+868 
+869 		switchCallContext("Writer");	
+870 		exceptionThrown = false;
+871 		try
+872 		{
+873 			fVerSvc.checkIn(fRepositoryId, new Holder<String>(docId), true,  null, null, null, null,
+874 					null, null, null);
+875 		}
+876 		catch (CmisPermissionDeniedException e)
+877 		{
+878 			exceptionThrown = true;
+879 		}
+880 		if (!exceptionThrown)
+881 			Assert.fail("Writer has not enough permission to checkIn)");
+882 		switchCallContext("TestAdmin");
+883 		fAclSvc.applyAcl(fRepositoryId, docId, readWriteAcl, null, AclPropagation.OBJECTONLY, null);
+884 		switchCallContext("Writer");
+885 		fVerSvc.checkIn(fRepositoryId, new Holder<String>(docId), true,  null, null, null, null,

[... 390 lines stripped ...]