directory-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From akaras...@apache.org
Subject svn commit: r379013 [3/45] - in /directory/trunks/apacheds: ./ core-plugin/ core-plugin/src/main/java/org/apache/directory/server/core/tools/schema/ core-plugin/src/test/java/org/apache/directory/server/core/tools/schema/ core-shared/ core-shared/src/m...
Date Mon, 20 Feb 2006 03:58:21 GMT
Modified: directory/trunks/apacheds/core-unit/src/test/java/org/apache/directory/server/core/authz/CompareAuthorizationTest.java
URL: http://svn.apache.org/viewcvs/directory/trunks/apacheds/core-unit/src/test/java/org/apache/directory/server/core/authz/CompareAuthorizationTest.java?rev=379013&r1=379012&r2=379013&view=diff
==============================================================================
--- directory/trunks/apacheds/core-unit/src/test/java/org/apache/directory/server/core/authz/CompareAuthorizationTest.java (original)
+++ directory/trunks/apacheds/core-unit/src/test/java/org/apache/directory/server/core/authz/CompareAuthorizationTest.java Sun Feb 19 19:57:02 2006
@@ -53,7 +53,7 @@
      * @throws javax.naming.NamingException if there are problems conducting the test
      */
     public boolean checkCanCompareTelephoneNumberAs( String uid, String password, String entryRdn, String number )
-            throws NamingException
+        throws NamingException
     {
         // create the entry with the telephoneNumber attribute to compare
         Attributes testEntry = new BasicAttributes( "ou", "testou", true );
@@ -61,14 +61,14 @@
         testEntry.put( objectClass );
         objectClass.add( "top" );
         objectClass.add( "organizationalUnit" );
-        testEntry.put( "telephoneNumber", "867-5309" );  // jenny don't change your number
+        testEntry.put( "telephoneNumber", "867-5309" ); // jenny don't change your number
 
         DirContext adminContext = getContextAsAdmin();
 
         try
         {
             // create the entry as admin
-            LdapName userName = new LdapName( "uid="+uid+",ou=users,ou=system" );
+            LdapName userName = new LdapName( "uid=" + uid + ",ou=users,ou=system" );
             adminContext.createSubcontext( entryRdn, testEntry );
 
             // compare the telephone numbers
@@ -106,15 +106,11 @@
 
         // Gives grantCompare, and grantRead perm to all users in the Administrators group for
         // entries and all attribute types and values
-        createAccessControlSubentry( "administratorAdd", "{ " +
-                "identificationTag \"addAci\", " +
-                "precedence 14, " +
-                "authenticationLevel none, " +
-                "itemOrUserFirst userFirst: { " +
-                "userClasses { userGroup { \"cn=Administrators,ou=groups,ou=system\" } }, " +
-                "userPermissions { { " +
-                "protectedItems {entry, allUserAttributeTypesAndValues}, " +
-                "grantsAndDenials { grantCompare, grantRead, grantBrowse } } } } }" );
+        createAccessControlSubentry( "administratorAdd", "{ " + "identificationTag \"addAci\", " + "precedence 14, "
+            + "authenticationLevel none, " + "itemOrUserFirst userFirst: { "
+            + "userClasses { userGroup { \"cn=Administrators,ou=groups,ou=system\" } }, " + "userPermissions { { "
+            + "protectedItems {entry, allUserAttributeTypesAndValues}, "
+            + "grantsAndDenials { grantCompare, grantRead, grantBrowse } } } } }" );
 
         // see if we can now add that test entry which we could not before
         // add op should still fail since billd is not in the admin group
@@ -142,15 +138,11 @@
         assertFalse( checkCanCompareTelephoneNumberAs( "billyd", "billyd", "ou=testou", "867-5309" ) );
 
         // now add a subentry that enables user billyd to compare an entry below ou=system
-        createAccessControlSubentry( "billydAdd", "{ " +
-                "identificationTag \"addAci\", " +
-                "precedence 14, " +
-                "authenticationLevel none, " +
-                "itemOrUserFirst userFirst: { " +
-                "userClasses { name { \"uid=billyd,ou=users,ou=system\" } }, " +
-                "userPermissions { { " +
-                "protectedItems {entry, allUserAttributeTypesAndValues}, " +
-                "grantsAndDenials { grantCompare, grantRead, grantBrowse } } } } }" );
+        createAccessControlSubentry( "billydAdd", "{ " + "identificationTag \"addAci\", " + "precedence 14, "
+            + "authenticationLevel none, " + "itemOrUserFirst userFirst: { "
+            + "userClasses { name { \"uid=billyd,ou=users,ou=system\" } }, " + "userPermissions { { "
+            + "protectedItems {entry, allUserAttributeTypesAndValues}, "
+            + "grantsAndDenials { grantCompare, grantRead, grantBrowse } } } } }" );
 
         // should work now that billyd is authorized by name
         assertTrue( checkCanCompareTelephoneNumberAs( "billyd", "billyd", "ou=testou", "867-5309" ) );
@@ -171,15 +163,11 @@
         assertFalse( checkCanCompareTelephoneNumberAs( "billyd", "billyd", "ou=testou", "867-5309" ) );
 
         // now add a subentry that enables user billyd to compare an entry below ou=system
-        createAccessControlSubentry( "billyAddBySubtree", "{ " +
-                "identificationTag \"addAci\", " +
-                "precedence 14, " +
-                "authenticationLevel none, " +
-                "itemOrUserFirst userFirst: { " +
-                "userClasses { subtree { { base \"ou=users,ou=system\" } } }, " +
-                "userPermissions { { " +
-                "protectedItems {entry, allUserAttributeTypesAndValues}, " +
-                "grantsAndDenials { grantCompare, grantRead, grantBrowse } } } } }" );
+        createAccessControlSubentry( "billyAddBySubtree", "{ " + "identificationTag \"addAci\", " + "precedence 14, "
+            + "authenticationLevel none, " + "itemOrUserFirst userFirst: { "
+            + "userClasses { subtree { { base \"ou=users,ou=system\" } } }, " + "userPermissions { { "
+            + "protectedItems {entry, allUserAttributeTypesAndValues}, "
+            + "grantsAndDenials { grantCompare, grantRead, grantBrowse } } } } }" );
 
         // should work now that billyd is authorized by the subtree userClass
         assertTrue( checkCanCompareTelephoneNumberAs( "billyd", "billyd", "ou=testou", "867-5309" ) );
@@ -200,22 +188,19 @@
         assertFalse( checkCanCompareTelephoneNumberAs( "billyd", "billyd", "ou=testou", "867-5309" ) );
 
         // now add a subentry that enables anyone to add an entry below ou=system
-        createAccessControlSubentry( "anybodyAdd", "{ " +
-                "identificationTag \"addAci\", " +
-                "precedence 14, " +
-                "authenticationLevel none, " +
-                "itemOrUserFirst userFirst: { " +
-                "userClasses { allUsers }, " +
-                "userPermissions { { " +
-                "protectedItems {entry, allUserAttributeTypesAndValues}, " +
-                "grantsAndDenials { grantCompare, grantRead, grantBrowse } } } } }" );
+        createAccessControlSubentry( "anybodyAdd", "{ " + "identificationTag \"addAci\", " + "precedence 14, "
+            + "authenticationLevel none, " + "itemOrUserFirst userFirst: { " + "userClasses { allUsers }, "
+            + "userPermissions { { " + "protectedItems {entry, allUserAttributeTypesAndValues}, "
+            + "grantsAndDenials { grantCompare, grantRead, grantBrowse } } } } }" );
 
         // see if we can now compare that test entry's number which we could not before
         // should work with billyd now that all users are authorized
         assertTrue( checkCanCompareTelephoneNumberAs( "billyd", "billyd", "ou=testou", "867-5309" ) );
     }
-    
-    public void testPasswordCompare() throws NamingException {
+
+
+    public void testPasswordCompare() throws NamingException
+    {
         DirContext adminCtx = getContextAsAdmin();
         Attributes user = new BasicAttributes( "uid", "bob", true );
         user.put( "userPassword", "bobspassword".getBytes() );
@@ -230,7 +215,7 @@
         adminCtx.createSubcontext( "uid=bob,ou=users", user );
 
         ServerLdapContext ctx = ( ServerLdapContext ) adminCtx.lookup( "" );
-        assertTrue(ctx.compare(new LdapName( "uid=bob,ou=users,ou=system"), "userPassword", "bobspassword"));
+        assertTrue( ctx.compare( new LdapName( "uid=bob,ou=users,ou=system" ), "userPassword", "bobspassword" ) );
     }
-    
+
 }

Propchange: directory/trunks/apacheds/core-unit/src/test/java/org/apache/directory/server/core/authz/CompareAuthorizationTest.java
------------------------------------------------------------------------------
--- svn:keywords (added)
+++ svn:keywords Sun Feb 19 19:57:02 2006
@@ -0,0 +1,4 @@
+Rev
+Revision
+Date
+Id

Modified: directory/trunks/apacheds/core-unit/src/test/java/org/apache/directory/server/core/authz/DeleteAuthorizationTest.java
URL: http://svn.apache.org/viewcvs/directory/trunks/apacheds/core-unit/src/test/java/org/apache/directory/server/core/authz/DeleteAuthorizationTest.java?rev=379013&r1=379012&r2=379013&view=diff
==============================================================================
--- directory/trunks/apacheds/core-unit/src/test/java/org/apache/directory/server/core/authz/DeleteAuthorizationTest.java (original)
+++ directory/trunks/apacheds/core-unit/src/test/java/org/apache/directory/server/core/authz/DeleteAuthorizationTest.java Sun Feb 19 19:57:02 2006
@@ -63,7 +63,7 @@
         try
         {
             // create the entry as the admin
-            LdapName userName = new LdapName( "uid="+uid+",ou=users,ou=system" );
+            LdapName userName = new LdapName( "uid=" + uid + ",ou=users,ou=system" );
             adminContext.createSubcontext( entryRdn, testEntry );
 
             // delete the newly created context as the user
@@ -95,15 +95,10 @@
 
         // Gives grantRemove perm to all users in the Administrators group for
         // entries and all attribute types and values
-        createAccessControlSubentry( "administratorAdd", "{ " +
-                "identificationTag \"addAci\", " +
-                "precedence 14, " +
-                "authenticationLevel none, " +
-                "itemOrUserFirst userFirst: { " +
-                "userClasses { userGroup { \"cn=Administrators,ou=groups,ou=system\" } }, " +
-                "userPermissions { { " +
-                "protectedItems {entry}, " +
-                "grantsAndDenials { grantRemove, grantBrowse } } } } }" );
+        createAccessControlSubentry( "administratorAdd", "{ " + "identificationTag \"addAci\", " + "precedence 14, "
+            + "authenticationLevel none, " + "itemOrUserFirst userFirst: { "
+            + "userClasses { userGroup { \"cn=Administrators,ou=groups,ou=system\" } }, " + "userPermissions { { "
+            + "protectedItems {entry}, " + "grantsAndDenials { grantRemove, grantBrowse } } } } }" );
 
         // see if we can now delete that test entry which we could not before
         // delete op should still fail since billd is not in the admin group
@@ -131,15 +126,10 @@
         assertFalse( checkCanDeleteEntryAs( "billyd", "billyd", "ou=testou" ) );
 
         // now add a subentry that enables user billyd to delete an entry below ou=system
-        createAccessControlSubentry( "billydAdd", "{ " +
-                "identificationTag \"addAci\", " +
-                "precedence 14, " +
-                "authenticationLevel none, " +
-                "itemOrUserFirst userFirst: { " +
-                "userClasses { name { \"uid=billyd,ou=users,ou=system\" } }, " +
-                "userPermissions { { " +
-                "protectedItems {entry}, " +
-                "grantsAndDenials { grantRemove, grantBrowse } } } } }" );
+        createAccessControlSubentry( "billydAdd", "{ " + "identificationTag \"addAci\", " + "precedence 14, "
+            + "authenticationLevel none, " + "itemOrUserFirst userFirst: { "
+            + "userClasses { name { \"uid=billyd,ou=users,ou=system\" } }, " + "userPermissions { { "
+            + "protectedItems {entry}, " + "grantsAndDenials { grantRemove, grantBrowse } } } } }" );
 
         // should work now that billyd is authorized by name
         assertTrue( checkCanDeleteEntryAs( "billyd", "billyd", "ou=testou" ) );
@@ -160,15 +150,10 @@
         assertFalse( checkCanDeleteEntryAs( "billyd", "billyd", "ou=testou" ) );
 
         // now add a subentry that enables user billyd to delte an entry below ou=system
-        createAccessControlSubentry( "billyAddBySubtree", "{ " +
-                "identificationTag \"addAci\", " +
-                "precedence 14, " +
-                "authenticationLevel none, " +
-                "itemOrUserFirst userFirst: { " +
-                "userClasses { subtree { { base \"ou=users,ou=system\" } } }, " +
-                "userPermissions { { " +
-                "protectedItems {entry}, " +
-                "grantsAndDenials { grantRemove, grantBrowse } } } } }" );
+        createAccessControlSubentry( "billyAddBySubtree", "{ " + "identificationTag \"addAci\", " + "precedence 14, "
+            + "authenticationLevel none, " + "itemOrUserFirst userFirst: { "
+            + "userClasses { subtree { { base \"ou=users,ou=system\" } } }, " + "userPermissions { { "
+            + "protectedItems {entry}, " + "grantsAndDenials { grantRemove, grantBrowse } } } } }" );
 
         // should work now that billyd is authorized by the subtree userClass
         assertTrue( checkCanDeleteEntryAs( "billyd", "billyd", "ou=testou" ) );
@@ -189,15 +174,10 @@
         assertFalse( checkCanDeleteEntryAs( "billyd", "billyd", "ou=testou" ) );
 
         // now add a subentry that enables anyone to add an entry below ou=system
-        createAccessControlSubentry( "anybodyAdd", "{ " +
-                "identificationTag \"addAci\", " +
-                "precedence 14, " +
-                "authenticationLevel none, " +
-                "itemOrUserFirst userFirst: { " +
-                "userClasses { allUsers }, " +
-                "userPermissions { { " +
-                "protectedItems {entry}, " +
-                "grantsAndDenials { grantRemove, grantBrowse } } } } }" );
+        createAccessControlSubentry( "anybodyAdd", "{ " + "identificationTag \"addAci\", " + "precedence 14, "
+            + "authenticationLevel none, " + "itemOrUserFirst userFirst: { " + "userClasses { allUsers }, "
+            + "userPermissions { { " + "protectedItems {entry}, "
+            + "grantsAndDenials { grantRemove, grantBrowse } } } } }" );
 
         // see if we can now delete that test entry which we could not before
         // should work now with billyd now that all users are authorized

Propchange: directory/trunks/apacheds/core-unit/src/test/java/org/apache/directory/server/core/authz/DeleteAuthorizationTest.java
------------------------------------------------------------------------------
--- svn:keywords (added)
+++ svn:keywords Sun Feb 19 19:57:02 2006
@@ -0,0 +1,4 @@
+Rev
+Revision
+Date
+Id

Modified: directory/trunks/apacheds/core-unit/src/test/java/org/apache/directory/server/core/authz/ModifyAuthorizationTest.java
URL: http://svn.apache.org/viewcvs/directory/trunks/apacheds/core-unit/src/test/java/org/apache/directory/server/core/authz/ModifyAuthorizationTest.java?rev=379013&r1=379012&r2=379013&view=diff
==============================================================================
--- directory/trunks/apacheds/core-unit/src/test/java/org/apache/directory/server/core/authz/ModifyAuthorizationTest.java (original)
+++ directory/trunks/apacheds/core-unit/src/test/java/org/apache/directory/server/core/authz/ModifyAuthorizationTest.java Sun Feb 19 19:57:02 2006
@@ -55,7 +55,7 @@
      * @throws javax.naming.NamingException if there are problems conducting the test
      */
     public boolean checkCanModifyAs( String uid, String password, String entryRdn, ModificationItem[] mods )
-            throws NamingException
+        throws NamingException
     {
         // create the entry with the telephoneNumber attribute to modify
         Attributes testEntry = new BasicAttributes( "ou", "testou", true );
@@ -63,14 +63,14 @@
         testEntry.put( objectClass );
         objectClass.add( "top" );
         objectClass.add( "organizationalUnit" );
-        testEntry.put( "telephoneNumber", "867-5309" );  // jenny don't change your number
+        testEntry.put( "telephoneNumber", "867-5309" ); // jenny don't change your number
 
         DirContext adminContext = getContextAsAdmin();
 
         try
         {
             // create the entry as admin
-            LdapName userName = new LdapName( "uid="+uid+",ou=users,ou=system" );
+            LdapName userName = new LdapName( "uid=" + uid + ",ou=users,ou=system" );
             adminContext.createSubcontext( entryRdn, testEntry );
 
             // modify the entry as the user
@@ -111,7 +111,7 @@
      * @throws javax.naming.NamingException if there are problems conducting the test
      */
     public boolean checkCanModifyAs( String uid, String password, String entryRdn, int modOp, Attributes mods )
-            throws NamingException
+        throws NamingException
     {
         // create the entry with the telephoneNumber attribute to modify
         Attributes testEntry = new BasicAttributes( "ou", "testou", true );
@@ -119,14 +119,14 @@
         testEntry.put( objectClass );
         objectClass.add( "top" );
         objectClass.add( "organizationalUnit" );
-        testEntry.put( "telephoneNumber", "867-5309" );  // jenny don't change your number
+        testEntry.put( "telephoneNumber", "867-5309" ); // jenny don't change your number
 
         DirContext adminContext = getContextAsAdmin();
 
         try
         {
             // create the entry as admin
-            LdapName userName = new LdapName( "uid="+uid+",ou=users,ou=system" );
+            LdapName userName = new LdapName( "uid=" + uid + ",ou=users,ou=system" );
             adminContext.createSubcontext( entryRdn, testEntry );
 
             // modify the entry as the user
@@ -160,13 +160,12 @@
      * false otherwise.
      * @throws javax.naming.NamingException if there are problems conducting the test
      */
-    public boolean checkCanSelfModify( String uid, String password, int modOp, Attributes mods )
-            throws NamingException
+    public boolean checkCanSelfModify( String uid, String password, int modOp, Attributes mods ) throws NamingException
     {
         try
         {
             // modify the entry as the user
-            Name userEntry = new LdapName( "uid="+uid+",ou=users,ou=system" );
+            Name userEntry = new LdapName( "uid=" + uid + ",ou=users,ou=system" );
             DirContext userContext = getContextAs( userEntry, password, userEntry.toString() );
             userContext.modifyAttributes( "", modOp, mods );
             return true;
@@ -190,13 +189,12 @@
      * false otherwise.
      * @throws javax.naming.NamingException if there are problems conducting the test
      */
-    public boolean checkCanSelfModify( String uid, String password, ModificationItem[] mods )
-            throws NamingException
+    public boolean checkCanSelfModify( String uid, String password, ModificationItem[] mods ) throws NamingException
     {
         try
         {
             // modify the entry as the user
-            Name userEntry = new LdapName( "uid="+uid+",ou=users,ou=system" );
+            Name userEntry = new LdapName( "uid=" + uid + ",ou=users,ou=system" );
             DirContext userContext = getContextAs( userEntry, password, userEntry.toString() );
             userContext.modifyAttributes( "", mods );
             return true;
@@ -240,25 +238,20 @@
         createUser( "billyd", "billyd" );
 
         // create the password modification
-        ModificationItem[] mods = toItems( DirContext.REPLACE_ATTRIBUTE,
-                new BasicAttributes( "userPassword", "williams", true ) );
+        ModificationItem[] mods = toItems( DirContext.REPLACE_ATTRIBUTE, new BasicAttributes( "userPassword",
+            "williams", true ) );
 
         // try a modify operation which should fail without any ACI
         assertFalse( checkCanSelfModify( "billyd", "billyd", mods ) );
 
         // Gives grantModify, and grantRead perm to all users in the Administrators group for
         // entries and all attribute types and values
-        createAccessControlSubentry( "selfModifyUserPassword",
-                "{ " +
-                "identificationTag \"addAci\", " +
-                "precedence 14, " +
-                "authenticationLevel none, " +
-                "itemOrUserFirst userFirst: { " +
-                "userClasses { thisEntry }, " +
-                "userPermissions { " +
-                        "{ protectedItems {entry}, grantsAndDenials { grantModify, grantBrowse, grantRead } }, " +
-                        "{ protectedItems {allAttributeValues {userPassword}}, grantsAndDenials { grantAdd, grantRemove } } " +
-                        "} } }" );
+        createAccessControlSubentry( "selfModifyUserPassword", "{ " + "identificationTag \"addAci\", "
+            + "precedence 14, " + "authenticationLevel none, " + "itemOrUserFirst userFirst: { "
+            + "userClasses { thisEntry }, " + "userPermissions { "
+            + "{ protectedItems {entry}, grantsAndDenials { grantModify, grantBrowse, grantRead } }, "
+            + "{ protectedItems {allAttributeValues {userPassword}}, grantsAndDenials { grantAdd, grantRemove } } "
+            + "} } }" );
 
         // try a modify operation which should succeed with ACI
         assertTrue( checkCanSelfModify( "billyd", "billyd", mods ) );
@@ -278,8 +271,8 @@
         // ----------------------------------------------------------------------------------
 
         // create the add modifications
-        ModificationItem[] mods = toItems( DirContext.ADD_ATTRIBUTE,
-                new BasicAttributes( "registeredAddress", "100 Park Ave.", true ) );
+        ModificationItem[] mods = toItems( DirContext.ADD_ATTRIBUTE, new BasicAttributes( "registeredAddress",
+            "100 Park Ave.", true ) );
 
         // create the non-admin user
         createUser( "billyd", "billyd" );
@@ -289,17 +282,11 @@
 
         // Gives grantModify, and grantRead perm to all users in the Administrators group for
         // entries and all attribute types and values
-        createAccessControlSubentry( "administratorModifyAdd",
-                "{ " +
-                "identificationTag \"addAci\", " +
-                "precedence 14, " +
-                "authenticationLevel none, " +
-                "itemOrUserFirst userFirst: { " +
-                "userClasses { userGroup { \"cn=Administrators,ou=groups,ou=system\" } }, " +
-                "userPermissions { " +
-                        "{ protectedItems {entry}, grantsAndDenials { grantModify, grantBrowse } }, " +
-                        "{ protectedItems {allAttributeValues {registeredAddress}}, grantsAndDenials { grantAdd } } " +
-                        "} } }" );
+        createAccessControlSubentry( "administratorModifyAdd", "{ " + "identificationTag \"addAci\", "
+            + "precedence 14, " + "authenticationLevel none, " + "itemOrUserFirst userFirst: { "
+            + "userClasses { userGroup { \"cn=Administrators,ou=groups,ou=system\" } }, " + "userPermissions { "
+            + "{ protectedItems {entry}, grantsAndDenials { grantModify, grantBrowse } }, "
+            + "{ protectedItems {allAttributeValues {registeredAddress}}, grantsAndDenials { grantAdd } } " + "} } }" );
 
         // see if we can now add that test entry which we could not before
         // add op should still fail since billd is not in the admin group
@@ -317,24 +304,18 @@
         // ----------------------------------------------------------------------------------
 
         // now let's test to see if we can perform a modify with a delete op
-        mods = toItems( DirContext.REMOVE_ATTRIBUTE,
-                new BasicAttributes( "telephoneNumber", "867-5309", true ) );
+        mods = toItems( DirContext.REMOVE_ATTRIBUTE, new BasicAttributes( "telephoneNumber", "867-5309", true ) );
 
         // make sure we cannot remove the telephone number from the test entry
         assertFalse( checkCanModifyAs( "billyd", "billyd", "ou=testou", mods ) );
 
         // Gives grantModify, and grantRead perm to all users in the Administrators group for
         // entries and all attribute types and values
-        createAccessControlSubentry( "administratorModifyRemove", "{ " +
-                "identificationTag \"addAci\", " +
-                "precedence 14, " +
-                "authenticationLevel none, " +
-                "itemOrUserFirst userFirst: { " +
-                "userClasses { userGroup { \"cn=Administrators,ou=groups,ou=system\" } }, " +
-                "userPermissions { " +
-                        "{ protectedItems {entry}, grantsAndDenials { grantModify, grantBrowse } }, " +
-                        "{ protectedItems {allAttributeValues {telephoneNumber}}, grantsAndDenials { grantRemove } } " +
-                        "} } }" );
+        createAccessControlSubentry( "administratorModifyRemove", "{ " + "identificationTag \"addAci\", "
+            + "precedence 14, " + "authenticationLevel none, " + "itemOrUserFirst userFirst: { "
+            + "userClasses { userGroup { \"cn=Administrators,ou=groups,ou=system\" } }, " + "userPermissions { "
+            + "{ protectedItems {entry}, grantsAndDenials { grantModify, grantBrowse } }, "
+            + "{ protectedItems {allAttributeValues {telephoneNumber}}, grantsAndDenials { grantRemove } } " + "} } }" );
 
         // try a modify operation which should succeed with ACI and group membership change
         assertTrue( checkCanModifyAs( "billyd", "billyd", "ou=testou", mods ) );
@@ -345,24 +326,19 @@
         // ----------------------------------------------------------------------------------
 
         // now let's test to see if we can perform a modify with a delete op
-        mods = toItems( DirContext.REPLACE_ATTRIBUTE,
-                new BasicAttributes( "telephoneNumber", "867-5309", true ) );
+        mods = toItems( DirContext.REPLACE_ATTRIBUTE, new BasicAttributes( "telephoneNumber", "867-5309", true ) );
 
         // make sure we cannot remove the telephone number from the test entry
         assertFalse( checkCanModifyAs( "billyd", "billyd", "ou=testou", mods ) );
 
         // Gives grantModify, and grantRead perm to all users in the Administrators group for
         // entries and all attribute types and values
-        createAccessControlSubentry( "administratorModifyReplace", "{ " +
-                "identificationTag \"addAci\", " +
-                "precedence 14, " +
-                "authenticationLevel none, " +
-                "itemOrUserFirst userFirst: { " +
-                "userClasses { userGroup { \"cn=Administrators,ou=groups,ou=system\" } }, " +
-                "userPermissions { " +
-                        "{ protectedItems {entry}, grantsAndDenials { grantModify, grantBrowse } }, " +
-                        "{ protectedItems {allAttributeValues {telephoneNumber}}, grantsAndDenials { grantAdd, grantRemove } } " +
-                        "} } }" );
+        createAccessControlSubentry( "administratorModifyReplace", "{ " + "identificationTag \"addAci\", "
+            + "precedence 14, " + "authenticationLevel none, " + "itemOrUserFirst userFirst: { "
+            + "userClasses { userGroup { \"cn=Administrators,ou=groups,ou=system\" } }, " + "userPermissions { "
+            + "{ protectedItems {entry}, grantsAndDenials { grantModify, grantBrowse } }, "
+            + "{ protectedItems {allAttributeValues {telephoneNumber}}, grantsAndDenials { grantAdd, grantRemove } } "
+            + "} } }" );
 
         // try a modify operation which should succeed with ACI and group membership change
         assertTrue( checkCanModifyAs( "billyd", "billyd", "ou=testou", mods ) );
@@ -375,7 +351,6 @@
         // ----------------------------------------------------------------------------------
         // Modify with Attribute Addition
         // ----------------------------------------------------------------------------------
-
         // create the add modifications
         Attributes changes = new BasicAttributes( "registeredAddress", "100 Park Ave.", true );
 
@@ -384,16 +359,11 @@
 
         // Gives grantModify, and grantRead perm to all users in the Administrators group for
         // entries and all attribute types and values
-        createAccessControlSubentry( "administratorModifyAdd", "{ " +
-                "identificationTag \"addAci\", " +
-                "precedence 14, " +
-                "authenticationLevel none, " +
-                "itemOrUserFirst userFirst: { " +
-                "userClasses { userGroup { \"cn=Administrators,ou=groups,ou=system\" } }, " +
-                "userPermissions { " +
-                        "{ protectedItems {entry}, grantsAndDenials { grantModify, grantBrowse } }, " +
-                        "{ protectedItems {allAttributeValues {registeredAddress}}, grantsAndDenials { grantAdd } } " +
-                        "} } }" );
+        createAccessControlSubentry( "administratorModifyAdd", "{ " + "identificationTag \"addAci\", "
+            + "precedence 14, " + "authenticationLevel none, " + "itemOrUserFirst userFirst: { "
+            + "userClasses { userGroup { \"cn=Administrators,ou=groups,ou=system\" } }, " + "userPermissions { "
+            + "{ protectedItems {entry}, grantsAndDenials { grantModify, grantBrowse } }, "
+            + "{ protectedItems {allAttributeValues {registeredAddress}}, grantsAndDenials { grantAdd } } " + "} } }" );
 
         // try a modify operation which should succeed with ACI and group membership change
         assertTrue( checkCanModifyAs( "billyd", "billyd", "ou=testou", DirContext.ADD_ATTRIBUTE, changes ) );
@@ -411,16 +381,11 @@
 
         // Gives grantModify, and grantRead perm to all users in the Administrators group for
         // entries and all attribute types and values
-        createAccessControlSubentry( "administratorModifyRemove", "{ " +
-                "identificationTag \"addAci\", " +
-                "precedence 14, " +
-                "authenticationLevel none, " +
-                "itemOrUserFirst userFirst: { " +
-                "userClasses { userGroup { \"cn=Administrators,ou=groups,ou=system\" } }, " +
-                "userPermissions { " +
-                        "{ protectedItems {entry}, grantsAndDenials { grantModify, grantBrowse } }, " +
-                        "{ protectedItems {allAttributeValues {telephoneNumber}}, grantsAndDenials { grantRemove } } " +
-                        "} } }" );
+        createAccessControlSubentry( "administratorModifyRemove", "{ " + "identificationTag \"addAci\", "
+            + "precedence 14, " + "authenticationLevel none, " + "itemOrUserFirst userFirst: { "
+            + "userClasses { userGroup { \"cn=Administrators,ou=groups,ou=system\" } }, " + "userPermissions { "
+            + "{ protectedItems {entry}, grantsAndDenials { grantModify, grantBrowse } }, "
+            + "{ protectedItems {allAttributeValues {telephoneNumber}}, grantsAndDenials { grantRemove } } " + "} } }" );
 
         // try a modify operation which should succeed with ACI and group membership change
         assertTrue( checkCanModifyAs( "billyd", "billyd", "ou=testou", DirContext.REMOVE_ATTRIBUTE, changes ) );
@@ -438,107 +403,102 @@
 
         // Gives grantModify, and grantRead perm to all users in the Administrators group for
         // entries and all attribute types and values
-        createAccessControlSubentry( "administratorModifyReplace", "{ " +
-                "identificationTag \"addAci\", " +
-                "precedence 14, " +
-                "authenticationLevel none, " +
-                "itemOrUserFirst userFirst: { " +
-                "userClasses { userGroup { \"cn=Administrators,ou=groups,ou=system\" } }, " +
-                "userPermissions { " +
-                        "{ protectedItems {entry}, grantsAndDenials { grantModify, grantBrowse } }, " +
-                        "{ protectedItems {allAttributeValues {telephoneNumber}}, grantsAndDenials { grantAdd, grantRemove } } " +
-                        "} } }" );
+        createAccessControlSubentry( "administratorModifyReplace", "{ " + "identificationTag \"addAci\", "
+            + "precedence 14, " + "authenticationLevel none, " + "itemOrUserFirst userFirst: { "
+            + "userClasses { userGroup { \"cn=Administrators,ou=groups,ou=system\" } }, " + "userPermissions { "
+            + "{ protectedItems {entry}, grantsAndDenials { grantModify, grantBrowse } }, "
+            + "{ protectedItems {allAttributeValues {telephoneNumber}}, grantsAndDenials { grantAdd, grantRemove } } "
+            + "} } }" );
 
         // try a modify operation which should succeed with ACI and group membership change
         assertTrue( checkCanModifyAs( "billyd", "billyd", "ou=testou", DirContext.REPLACE_ATTRIBUTE, changes ) );
         deleteAccessControlSubentry( "administratorModifyReplace" );
     }
 
-
-//    /**
-//     * Checks to make sure name based userClass works for modify operations.
-//     *
-//     * @throws javax.naming.NamingException if the test encounters an error
-//     */
-//    public void testGrantModifyByName() throws NamingException
-//    {
-//        // create the non-admin user
-//        createUser( "billyd", "billyd" );
-//
-//        // try an modify operation which should fail without any ACI
-//        assertFalse( checkCanModifyAs( "billyd", "billyd", "ou=testou", "867-5309" ) );
-//
-//        // now add a subentry that enables user billyd to modify an entry below ou=system
-//        createAccessControlSubentry( "billydAdd", "{ " +
-//                "identificationTag \"addAci\", " +
-//                "precedence 14, " +
-//                "authenticationLevel none, " +
-//                "itemOrUserFirst userFirst: { " +
-//                "userClasses { name { \"uid=billyd,ou=users,ou=system\" } }, " +
-//                "userPermissions { { " +
-//                "protectedItems {entry, allUserAttributeTypesAndValues}, " +
-//                "grantsAndDenials { grantModify, grantRead, grantBrowse } } } } }" );
-//
-//        // should work now that billyd is authorized by name
-//        assertTrue( checkCanModifyAs( "billyd", "billyd", "ou=testou", "867-5309" ) );
-//    }
-//
-//
-//    /**
-//     * Checks to make sure subtree based userClass works for modify operations.
-//     *
-//     * @throws javax.naming.NamingException if the test encounters an error
-//     */
-//    public void testGrantModifyBySubtree() throws NamingException
-//    {
-//        // create the non-admin user
-//        createUser( "billyd", "billyd" );
-//
-//        // try a modify operation which should fail without any ACI
-//        assertFalse( checkCanModifyAs( "billyd", "billyd", "ou=testou", "867-5309" ) );
-//
-//        // now add a subentry that enables user billyd to modify an entry below ou=system
-//        createAccessControlSubentry( "billyAddBySubtree", "{ " +
-//                "identificationTag \"addAci\", " +
-//                "precedence 14, " +
-//                "authenticationLevel none, " +
-//                "itemOrUserFirst userFirst: { " +
-//                "userClasses { subtree { { base \"ou=users,ou=system\" } } }, " +
-//                "userPermissions { { " +
-//                "protectedItems {entry, allUserAttributeTypesAndValues}, " +
-//                "grantsAndDenials { grantModify, grantRead, grantBrowse } } } } }" );
-//
-//        // should work now that billyd is authorized by the subtree userClass
-//        assertTrue( checkCanModifyAs( "billyd", "billyd", "ou=testou", "867-5309" ) );
-//    }
-//
-//
-//    /**
-//     * Checks to make sure <b>allUsers</b> userClass works for modify operations.
-//     *
-//     * @throws javax.naming.NamingException if the test encounters an error
-//     */
-//    public void testGrantModifyAllUsers() throws NamingException
-//    {
-//        // create the non-admin user
-//        createUser( "billyd", "billyd" );
-//
-//        // try an add operation which should fail without any ACI
-//        assertFalse( checkCanModifyAs( "billyd", "billyd", "ou=testou", "867-5309" ) );
-//
-//        // now add a subentry that enables anyone to add an entry below ou=system
-//        createAccessControlSubentry( "anybodyAdd", "{ " +
-//                "identificationTag \"addAci\", " +
-//                "precedence 14, " +
-//                "authenticationLevel none, " +
-//                "itemOrUserFirst userFirst: { " +
-//                "userClasses { allUsers }, " +
-//                "userPermissions { { " +
-//                "protectedItems {entry, allUserAttributeTypesAndValues}, " +
-//                "grantsAndDenials { grantModify, grantRead, grantBrowse } } } } }" );
-//
-//        // see if we can now modify that test entry's number which we could not before
-//        // should work with billyd now that all users are authorized
-//        assertTrue( checkCanModifyAs( "billyd", "billyd", "ou=testou", "867-5309" ) );
-//    }
+    //    /**
+    //     * Checks to make sure name based userClass works for modify operations.
+    //     *
+    //     * @throws javax.naming.NamingException if the test encounters an error
+    //     */
+    //    public void testGrantModifyByName() throws NamingException
+    //    {
+    //        // create the non-admin user
+    //        createUser( "billyd", "billyd" );
+    //
+    //        // try an modify operation which should fail without any ACI
+    //        assertFalse( checkCanModifyAs( "billyd", "billyd", "ou=testou", "867-5309" ) );
+    //
+    //        // now add a subentry that enables user billyd to modify an entry below ou=system
+    //        createAccessControlSubentry( "billydAdd", "{ " +
+    //                "identificationTag \"addAci\", " +
+    //                "precedence 14, " +
+    //                "authenticationLevel none, " +
+    //                "itemOrUserFirst userFirst: { " +
+    //                "userClasses { name { \"uid=billyd,ou=users,ou=system\" } }, " +
+    //                "userPermissions { { " +
+    //                "protectedItems {entry, allUserAttributeTypesAndValues}, " +
+    //                "grantsAndDenials { grantModify, grantRead, grantBrowse } } } } }" );
+    //
+    //        // should work now that billyd is authorized by name
+    //        assertTrue( checkCanModifyAs( "billyd", "billyd", "ou=testou", "867-5309" ) );
+    //    }
+    //
+    //
+    //    /**
+    //     * Checks to make sure subtree based userClass works for modify operations.
+    //     *
+    //     * @throws javax.naming.NamingException if the test encounters an error
+    //     */
+    //    public void testGrantModifyBySubtree() throws NamingException
+    //    {
+    //        // create the non-admin user
+    //        createUser( "billyd", "billyd" );
+    //
+    //        // try a modify operation which should fail without any ACI
+    //        assertFalse( checkCanModifyAs( "billyd", "billyd", "ou=testou", "867-5309" ) );
+    //
+    //        // now add a subentry that enables user billyd to modify an entry below ou=system
+    //        createAccessControlSubentry( "billyAddBySubtree", "{ " +
+    //                "identificationTag \"addAci\", " +
+    //                "precedence 14, " +
+    //                "authenticationLevel none, " +
+    //                "itemOrUserFirst userFirst: { " +
+    //                "userClasses { subtree { { base \"ou=users,ou=system\" } } }, " +
+    //                "userPermissions { { " +
+    //                "protectedItems {entry, allUserAttributeTypesAndValues}, " +
+    //                "grantsAndDenials { grantModify, grantRead, grantBrowse } } } } }" );
+    //
+    //        // should work now that billyd is authorized by the subtree userClass
+    //        assertTrue( checkCanModifyAs( "billyd", "billyd", "ou=testou", "867-5309" ) );
+    //    }
+    //
+    //
+    //    /**
+    //     * Checks to make sure <b>allUsers</b> userClass works for modify operations.
+    //     *
+    //     * @throws javax.naming.NamingException if the test encounters an error
+    //     */
+    //    public void testGrantModifyAllUsers() throws NamingException
+    //    {
+    //        // create the non-admin user
+    //        createUser( "billyd", "billyd" );
+    //
+    //        // try an add operation which should fail without any ACI
+    //        assertFalse( checkCanModifyAs( "billyd", "billyd", "ou=testou", "867-5309" ) );
+    //
+    //        // now add a subentry that enables anyone to add an entry below ou=system
+    //        createAccessControlSubentry( "anybodyAdd", "{ " +
+    //                "identificationTag \"addAci\", " +
+    //                "precedence 14, " +
+    //                "authenticationLevel none, " +
+    //                "itemOrUserFirst userFirst: { " +
+    //                "userClasses { allUsers }, " +
+    //                "userPermissions { { " +
+    //                "protectedItems {entry, allUserAttributeTypesAndValues}, " +
+    //                "grantsAndDenials { grantModify, grantRead, grantBrowse } } } } }" );
+    //
+    //        // see if we can now modify that test entry's number which we could not before
+    //        // should work with billyd now that all users are authorized
+    //        assertTrue( checkCanModifyAs( "billyd", "billyd", "ou=testou", "867-5309" ) );
+    //    }
 }

Propchange: directory/trunks/apacheds/core-unit/src/test/java/org/apache/directory/server/core/authz/ModifyAuthorizationTest.java
------------------------------------------------------------------------------
--- svn:keywords (added)
+++ svn:keywords Sun Feb 19 19:57:02 2006
@@ -0,0 +1,4 @@
+Rev
+Revision
+Date
+Id

Modified: directory/trunks/apacheds/core-unit/src/test/java/org/apache/directory/server/core/authz/MoveRenameAuthorizationTest.java
URL: http://svn.apache.org/viewcvs/directory/trunks/apacheds/core-unit/src/test/java/org/apache/directory/server/core/authz/MoveRenameAuthorizationTest.java?rev=379013&r1=379012&r2=379013&view=diff
==============================================================================
--- directory/trunks/apacheds/core-unit/src/test/java/org/apache/directory/server/core/authz/MoveRenameAuthorizationTest.java (original)
+++ directory/trunks/apacheds/core-unit/src/test/java/org/apache/directory/server/core/authz/MoveRenameAuthorizationTest.java Sun Feb 19 19:57:02 2006
@@ -48,7 +48,7 @@
      * @throws javax.naming.NamingException if there are problems conducting the test
      */
     public boolean checkCanRenameAs( String uid, String password, String entryRdn, String newRdn )
-            throws NamingException
+        throws NamingException
     {
         Attributes testEntry = new BasicAttributes( "ou", "testou", true );
         Attribute objectClass = new BasicAttribute( "objectClass" );
@@ -62,7 +62,7 @@
             // create the new entry as the admin user
             adminContext.createSubcontext( entryRdn, testEntry );
 
-            LdapName userName = new LdapName( "uid="+uid+",ou=users,ou=system" );
+            LdapName userName = new LdapName( "uid=" + uid + ",ou=users,ou=system" );
             DirContext userContext = getContextAs( userName, password );
             userContext.rename( entryRdn, newRdn );
 
@@ -99,15 +99,10 @@
         assertFalse( checkCanRenameAs( "billyd", "billyd", "ou=testou", "ou=newname" ) );
 
         // Gives grantRename perm to all users in the Administrators group for entries
-        createAccessControlSubentry( "grantRenameByAdmin", "{ " +
-                "identificationTag \"addAci\", " +
-                "precedence 14, " +
-                "authenticationLevel none, " +
-                "itemOrUserFirst userFirst: { " +
-                "userClasses { userGroup { \"cn=Administrators,ou=groups,ou=system\" } }, " +
-                "userPermissions { { " +
-                "protectedItems {entry}, " +
-                "grantsAndDenials { grantRename, grantBrowse } } } } }" );
+        createAccessControlSubentry( "grantRenameByAdmin", "{ " + "identificationTag \"addAci\", " + "precedence 14, "
+            + "authenticationLevel none, " + "itemOrUserFirst userFirst: { "
+            + "userClasses { userGroup { \"cn=Administrators,ou=groups,ou=system\" } }, " + "userPermissions { { "
+            + "protectedItems {entry}, " + "grantsAndDenials { grantRename, grantBrowse } } } } }" );
 
         // see if we can now rename that test entry which we could not before
         // rename op should still fail since billyd is not in the admin group
@@ -136,15 +131,11 @@
 
         // Gives grantRename, grantImport, grantExport perm to all users in the Administrators
         // group for entries - browse is needed just to read navigate the tree at root
-        createAccessControlSubentry( "grantRenameMoveByAdmin", "{ " +
-                "identificationTag \"addAci\", " +
-                "precedence 14, " +
-                "authenticationLevel none, " +
-                "itemOrUserFirst userFirst: { " +
-                "userClasses { userGroup { \"cn=Administrators,ou=groups,ou=system\" } }, " +
-                "userPermissions { { " +
-                "protectedItems {entry}, " +
-                "grantsAndDenials { grantExport, grantImport, grantRename, grantBrowse } } } } }" );
+        createAccessControlSubentry( "grantRenameMoveByAdmin", "{ " + "identificationTag \"addAci\", "
+            + "precedence 14, " + "authenticationLevel none, " + "itemOrUserFirst userFirst: { "
+            + "userClasses { userGroup { \"cn=Administrators,ou=groups,ou=system\" } }, " + "userPermissions { { "
+            + "protectedItems {entry}, "
+            + "grantsAndDenials { grantExport, grantImport, grantRename, grantBrowse } } } } }" );
 
         // see if we can move and rename the test entry which we could not before
         // op should still fail since billyd is not in the admin group
@@ -172,15 +163,10 @@
         assertFalse( checkCanRenameAs( "billyd", "billyd", "ou=testou,ou=users", "ou=testou,ou=groups" ) );
 
         // Gives grantImport, and grantExport perm to all users in the Administrators group for entries
-        createAccessControlSubentry( "grantMoveByAdmin", "{ " +
-                "identificationTag \"addAci\", " +
-                "precedence 14, " +
-                "authenticationLevel none, " +
-                "itemOrUserFirst userFirst: { " +
-                "userClasses { userGroup { \"cn=Administrators,ou=groups,ou=system\" } }, " +
-                "userPermissions { { " +
-                "protectedItems {entry}, " +
-                "grantsAndDenials { grantExport, grantImport, grantBrowse } } } } }" );
+        createAccessControlSubentry( "grantMoveByAdmin", "{ " + "identificationTag \"addAci\", " + "precedence 14, "
+            + "authenticationLevel none, " + "itemOrUserFirst userFirst: { "
+            + "userClasses { userGroup { \"cn=Administrators,ou=groups,ou=system\" } }, " + "userPermissions { { "
+            + "protectedItems {entry}, " + "grantsAndDenials { grantExport, grantImport, grantBrowse } } } } }" );
 
         // see if we can now move that test entry which we could not before
         // op should still fail since billyd is not in the admin group
@@ -218,15 +204,10 @@
         assertFalse( checkCanRenameAs( "billyd", "billyd", "ou=testou", "ou=newname" ) );
 
         // Gives grantRename perm specifically to the billyd user
-        createAccessControlSubentry( "grantRenameByName", "{ " +
-                "identificationTag \"addAci\", " +
-                "precedence 14, " +
-                "authenticationLevel none, " +
-                "itemOrUserFirst userFirst: { " +
-                "userClasses { name { \"uid=billyd,ou=users,ou=system\" } }, " +
-                "userPermissions { { " +
-                "protectedItems {entry}, " +
-                "grantsAndDenials { grantRename, grantBrowse } } } } }" );
+        createAccessControlSubentry( "grantRenameByName", "{ " + "identificationTag \"addAci\", " + "precedence 14, "
+            + "authenticationLevel none, " + "itemOrUserFirst userFirst: { "
+            + "userClasses { name { \"uid=billyd,ou=users,ou=system\" } }, " + "userPermissions { { "
+            + "protectedItems {entry}, " + "grantsAndDenials { grantRename, grantBrowse } } } } }" );
 
         // try a rename operation which should succeed with ACI
         assertTrue( checkCanRenameAs( "billyd", "billyd", "ou=testou", "ou=newname" ) );
@@ -246,15 +227,11 @@
         assertFalse( checkCanRenameAs( "billyd", "billyd", "ou=testou,ou=users", "ou=newname,ou=groups" ) );
 
         // Gives grantRename, grantImport, grantExport perm to billyd user on entries
-        createAccessControlSubentry( "grantRenameMoveByName", "{ " +
-                "identificationTag \"addAci\", " +
-                "precedence 14, " +
-                "authenticationLevel none, " +
-                "itemOrUserFirst userFirst: { " +
-                "userClasses { name { \"uid=billyd,ou=users,ou=system\" } }, " +
-                "userPermissions { { " +
-                "protectedItems {entry}, " +
-                "grantsAndDenials { grantExport, grantImport, grantRename, grantBrowse } } } } }" );
+        createAccessControlSubentry( "grantRenameMoveByName", "{ " + "identificationTag \"addAci\", "
+            + "precedence 14, " + "authenticationLevel none, " + "itemOrUserFirst userFirst: { "
+            + "userClasses { name { \"uid=billyd,ou=users,ou=system\" } }, " + "userPermissions { { "
+            + "protectedItems {entry}, "
+            + "grantsAndDenials { grantExport, grantImport, grantRename, grantBrowse } } } } }" );
 
         // try move w/ rdn change which should succeed with ACI
         assertTrue( checkCanRenameAs( "billyd", "billyd", "ou=testou,ou=users", "ou=newname,ou=groups" ) );
@@ -274,15 +251,10 @@
         assertFalse( checkCanRenameAs( "billyd", "billyd", "ou=testou,ou=users", "ou=testou,ou=groups" ) );
 
         // Gives grantImport, and grantExport perm to billyd user for entries
-        createAccessControlSubentry( "grantMoveByName", "{ " +
-                "identificationTag \"addAci\", " +
-                "precedence 14, " +
-                "authenticationLevel none, " +
-                "itemOrUserFirst userFirst: { " +
-                "userClasses { name { \"uid=billyd,ou=users,ou=system\" } }, " +
-                "userPermissions { { " +
-                "protectedItems {entry}, " +
-                "grantsAndDenials { grantExport, grantImport, grantBrowse } } } } }" );
+        createAccessControlSubentry( "grantMoveByName", "{ " + "identificationTag \"addAci\", " + "precedence 14, "
+            + "authenticationLevel none, " + "itemOrUserFirst userFirst: { "
+            + "userClasses { name { \"uid=billyd,ou=users,ou=system\" } }, " + "userPermissions { { "
+            + "protectedItems {entry}, " + "grantsAndDenials { grantExport, grantImport, grantBrowse } } } } }" );
 
         // try move operation which should succeed with ACI
         assertTrue( checkCanRenameAs( "billyd", "billyd", "ou=testou,ou=users", "ou=testou,ou=groups" ) );
@@ -312,15 +284,10 @@
         assertFalse( checkCanRenameAs( "billyd", "billyd", "ou=testou", "ou=newname" ) );
 
         // Gives grantRename perm for entries to those users selected by the subtree
-        createAccessControlSubentry( "grantRenameByTree", "{ " +
-                "identificationTag \"addAci\", " +
-                "precedence 14, " +
-                "authenticationLevel none, " +
-                "itemOrUserFirst userFirst: { " +
-                "userClasses { subtree { { base \"ou=users,ou=system\" } } }, " +
-                "userPermissions { { " +
-                "protectedItems {entry}, " +
-                "grantsAndDenials { grantRename, grantBrowse } } } } }" );
+        createAccessControlSubentry( "grantRenameByTree", "{ " + "identificationTag \"addAci\", " + "precedence 14, "
+            + "authenticationLevel none, " + "itemOrUserFirst userFirst: { "
+            + "userClasses { subtree { { base \"ou=users,ou=system\" } } }, " + "userPermissions { { "
+            + "protectedItems {entry}, " + "grantsAndDenials { grantRename, grantBrowse } } } } }" );
 
         // try a rename operation which should succeed with ACI
         assertTrue( checkCanRenameAs( "billyd", "billyd", "ou=testou", "ou=newname" ) );
@@ -340,15 +307,11 @@
         assertFalse( checkCanRenameAs( "billyd", "billyd", "ou=testou,ou=users", "ou=newname,ou=groups" ) );
 
         // Gives grantRename, grantImport, grantExport for entries to users selected by subtree
-        createAccessControlSubentry( "grantRenameMoveByTree", "{ " +
-                "identificationTag \"addAci\", " +
-                "precedence 14, " +
-                "authenticationLevel none, " +
-                "itemOrUserFirst userFirst: { " +
-                "userClasses { subtree { { base \"ou=users,ou=system\" } } }, " +
-                "userPermissions { { " +
-                "protectedItems {entry}, " +
-                "grantsAndDenials { grantExport, grantImport, grantRename, grantBrowse } } } } }" );
+        createAccessControlSubentry( "grantRenameMoveByTree", "{ " + "identificationTag \"addAci\", "
+            + "precedence 14, " + "authenticationLevel none, " + "itemOrUserFirst userFirst: { "
+            + "userClasses { subtree { { base \"ou=users,ou=system\" } } }, " + "userPermissions { { "
+            + "protectedItems {entry}, "
+            + "grantsAndDenials { grantExport, grantImport, grantRename, grantBrowse } } } } }" );
 
         // try move w/ rdn change which should succeed with ACI
         assertTrue( checkCanRenameAs( "billyd", "billyd", "ou=testou,ou=users", "ou=newname,ou=groups" ) );
@@ -368,15 +331,10 @@
         assertFalse( checkCanRenameAs( "billyd", "billyd", "ou=testou,ou=users", "ou=testou,ou=groups" ) );
 
         // Gives grantImport, and grantExport perm for entries to subtree selected users
-        createAccessControlSubentry( "grantMoveByTree", "{ " +
-                "identificationTag \"addAci\", " +
-                "precedence 14, " +
-                "authenticationLevel none, " +
-                "itemOrUserFirst userFirst: { " +
-                "userClasses { subtree { { base \"ou=users,ou=system\" } } }, " +
-                "userPermissions { { " +
-                "protectedItems {entry}, " +
-                "grantsAndDenials { grantExport, grantImport, grantBrowse } } } } }" );
+        createAccessControlSubentry( "grantMoveByTree", "{ " + "identificationTag \"addAci\", " + "precedence 14, "
+            + "authenticationLevel none, " + "itemOrUserFirst userFirst: { "
+            + "userClasses { subtree { { base \"ou=users,ou=system\" } } }, " + "userPermissions { { "
+            + "protectedItems {entry}, " + "grantsAndDenials { grantExport, grantImport, grantBrowse } } } } }" );
 
         // try move operation which should succeed with ACI
         assertTrue( checkCanRenameAs( "billyd", "billyd", "ou=testou,ou=users", "ou=testou,ou=groups" ) );
@@ -406,15 +364,10 @@
         assertFalse( checkCanRenameAs( "billyd", "billyd", "ou=testou", "ou=newname" ) );
 
         // Gives grantRename perm for entries to any user
-        createAccessControlSubentry( "grantRenameByAny", "{ " +
-                "identificationTag \"addAci\", " +
-                "precedence 14, " +
-                "authenticationLevel none, " +
-                "itemOrUserFirst userFirst: { " +
-                "userClasses { allUsers }, " +
-                "userPermissions { { " +
-                "protectedItems {entry}, " +
-                "grantsAndDenials { grantRename, grantBrowse } } } } }" );
+        createAccessControlSubentry( "grantRenameByAny", "{ " + "identificationTag \"addAci\", " + "precedence 14, "
+            + "authenticationLevel none, " + "itemOrUserFirst userFirst: { " + "userClasses { allUsers }, "
+            + "userPermissions { { " + "protectedItems {entry}, "
+            + "grantsAndDenials { grantRename, grantBrowse } } } } }" );
 
         // try a rename operation which should succeed with ACI
         assertTrue( checkCanRenameAs( "billyd", "billyd", "ou=testou", "ou=newname" ) );
@@ -434,15 +387,10 @@
         assertFalse( checkCanRenameAs( "billyd", "billyd", "ou=testou,ou=users", "ou=newname,ou=groups" ) );
 
         // Gives grantRename, grantImport, grantExport for entries to any user
-        createAccessControlSubentry( "grantRenameMoveByAny", "{ " +
-                "identificationTag \"addAci\", " +
-                "precedence 14, " +
-                "authenticationLevel none, " +
-                "itemOrUserFirst userFirst: { " +
-                "userClasses { allUsers }, " +
-                "userPermissions { { " +
-                "protectedItems {entry}, " +
-                "grantsAndDenials { grantExport, grantImport, grantRename, grantBrowse } } } } }" );
+        createAccessControlSubentry( "grantRenameMoveByAny", "{ " + "identificationTag \"addAci\", "
+            + "precedence 14, " + "authenticationLevel none, " + "itemOrUserFirst userFirst: { "
+            + "userClasses { allUsers }, " + "userPermissions { { " + "protectedItems {entry}, "
+            + "grantsAndDenials { grantExport, grantImport, grantRename, grantBrowse } } } } }" );
 
         // try move w/ rdn change which should succeed with ACI
         assertTrue( checkCanRenameAs( "billyd", "billyd", "ou=testou,ou=users", "ou=newname,ou=groups" ) );
@@ -462,15 +410,10 @@
         assertFalse( checkCanRenameAs( "billyd", "billyd", "ou=testou,ou=users", "ou=testou,ou=groups" ) );
 
         // Gives grantImport, and grantExport perm for entries to any user
-        createAccessControlSubentry( "grantMoveByAny", "{ " +
-                "identificationTag \"addAci\", " +
-                "precedence 14, " +
-                "authenticationLevel none, " +
-                "itemOrUserFirst userFirst: { " +
-                "userClasses { allUsers }, " +
-                "userPermissions { { " +
-                "protectedItems {entry}, " +
-                "grantsAndDenials { grantExport, grantImport, grantBrowse } } } } }" );
+        createAccessControlSubentry( "grantMoveByAny", "{ " + "identificationTag \"addAci\", " + "precedence 14, "
+            + "authenticationLevel none, " + "itemOrUserFirst userFirst: { " + "userClasses { allUsers }, "
+            + "userPermissions { { " + "protectedItems {entry}, "
+            + "grantsAndDenials { grantExport, grantImport, grantBrowse } } } } }" );
 
         // try move operation which should succeed with ACI
         assertTrue( checkCanRenameAs( "billyd", "billyd", "ou=testou,ou=users", "ou=testou,ou=groups" ) );

Propchange: directory/trunks/apacheds/core-unit/src/test/java/org/apache/directory/server/core/authz/MoveRenameAuthorizationTest.java
------------------------------------------------------------------------------
--- svn:keywords (added)
+++ svn:keywords Sun Feb 19 19:57:02 2006
@@ -0,0 +1,4 @@
+Rev
+Revision
+Date
+Id



Mime
View raw message