directory-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From elecha...@apache.org
Subject svn commit: r960013 - in /directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/authz: DeleteAuthorizationIT.java GeneralAuthorizationIT.java ModifyAuthorizationIT.java
Date Fri, 02 Jul 2010 14:48:04 GMT
Author: elecharny
Date: Fri Jul  2 14:48:03 2010
New Revision: 960013

URL: http://svn.apache.org/viewvc?rev=960013&view=rev
Log:
Some more ACI formating

Modified:
    directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/authz/DeleteAuthorizationIT.java
    directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/authz/GeneralAuthorizationIT.java
    directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/authz/ModifyAuthorizationIT.java

Modified: directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/authz/DeleteAuthorizationIT.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/authz/DeleteAuthorizationIT.java?rev=960013&r1=960012&r2=960013&view=diff
==============================================================================
--- directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/authz/DeleteAuthorizationIT.java
(original)
+++ directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/authz/DeleteAuthorizationIT.java
Fri Jul  2 14:48:03 2010
@@ -135,10 +135,24 @@ public class DeleteAuthorizationIT exten
 
         // Gives grantRemove perm to all users in the Administrators group for
         // entries and all attribute types and values
-        createAccessControlSubentry( "administratorAdd", "{ " + "identificationTag \"addAci\",
" + "precedence 14, "
-            + "authenticationLevel none, " + "itemOrUserFirst userFirst: { "
-            + "userClasses { userGroup { \"cn=Administrators,ou=groups,ou=system\" } }, "
+ "userPermissions { { "
-            + "protectedItems {entry}, " + "grantsAndDenials { grantRemove, grantBrowse }
} } } }" );
+        createAccessControlSubentry( 
+            "administratorAdd", 
+            "{ " + 
+            "  identificationTag \"addAci\", " + 
+            "  precedence 14, " +
+            "  authenticationLevel none, " + 
+            "  itemOrUserFirst userFirst: " +
+            "  { " +
+            "    userClasses { userGroup { \"cn=Administrators,ou=groups,ou=system\" } },
" + 
+            "    userPermissions " +
+            "    { " +
+            "      { " +
+            "        protectedItems {entry}, " + 
+            "       grantsAndDenials { grantRemove, grantBrowse } " +
+            "      } " +
+            "    } " +
+            "  } " +
+            "}" );
 
         // see if we can now delete that test entry which we could not before
         // delete op should still fail since billd is not in the admin group
@@ -167,10 +181,24 @@ public class DeleteAuthorizationIT exten
         assertFalse( checkCanDeleteEntryAs( "billyd", "billyd", "ou=testou" ) );
 
         // now add a subentry that enables user billyd to delete an entry below ou=system
-        createAccessControlSubentry( "billydAdd", "{ " + "identificationTag \"addAci\", "
+ "precedence 14, "
-            + "authenticationLevel none, " + "itemOrUserFirst userFirst: { "
-            + "userClasses { name { \"uid=billyd,ou=users,ou=system\" } }, " + "userPermissions
{ { "
-            + "protectedItems {entry}, " + "grantsAndDenials { grantRemove, grantBrowse }
} } } }" );
+        createAccessControlSubentry( 
+            "billydAdd", 
+            "{ " + 
+            "  identificationTag \"addAci\", " + 
+            "  precedence 14, " +
+            "  authenticationLevel none, " + 
+            "  itemOrUserFirst userFirst: " +
+            "  { " +
+            "    userClasses { name { \"uid=billyd,ou=users,ou=system\" } }, " + 
+            "    userPermissions " +
+            "    { " +
+            "      { " +
+            "        protectedItems {entry}, " + 
+            "        grantsAndDenials { grantRemove, grantBrowse } " +
+            "      } " +
+            "    } " +
+            "  } " +
+            "}" );
 
         // should work now that billyd is authorized by name
         assertTrue( checkCanDeleteEntryAs( "billyd", "billyd", "ou=testou" ) );
@@ -192,10 +220,27 @@ public class DeleteAuthorizationIT exten
         assertFalse( checkCanDeleteEntryAs( "billyd", "billyd", "ou=testou" ) );
 
         // now add a subentry that enables user billyd to delte an entry below ou=system
-        createAccessControlSubentry( "billyAddBySubtree", "{ " + "identificationTag \"addAci\",
" + "precedence 14, "
-            + "authenticationLevel none, " + "itemOrUserFirst userFirst: { "
-            + "userClasses { subtree { { base \"ou=users,ou=system\" } } }, " + "userPermissions
{ { "
-            + "protectedItems {entry}, " + "grantsAndDenials { grantRemove, grantBrowse }
} } } }" );
+        createAccessControlSubentry( 
+            "billyAddBySubtree", 
+            "{ " + 
+            "  identificationTag \"addAci\", " + 
+            "  precedence 14, " +
+            "  authenticationLevel none, " + 
+            "  itemOrUserFirst userFirst: " +
+            "  { " +
+            "    userClasses " +
+            "    { " +
+            "      subtree { { base \"ou=users,ou=system\" } } " +
+            "    }, " + 
+            "    userPermissions " +
+            "    { " +
+            "      { " +
+            "        protectedItems {entry}, " + 
+            "        grantsAndDenials { grantRemove, grantBrowse } " +
+            "      } " +
+            "    } " +
+            "  } " +
+            "}" );
 
         // should work now that billyd is authorized by the subtree userClass
         assertTrue( checkCanDeleteEntryAs( "billyd", "billyd", "ou=testou" ) );
@@ -217,10 +262,24 @@ public class DeleteAuthorizationIT exten
         assertFalse( checkCanDeleteEntryAs( "billyd", "billyd", "ou=testou" ) );
 
         // now add a subentry that enables anyone to add an entry below ou=system
-        createAccessControlSubentry( "anybodyAdd", "{ " + "identificationTag \"addAci\",
" + "precedence 14, "
-            + "authenticationLevel none, " + "itemOrUserFirst userFirst: { " + "userClasses
{ allUsers }, "
-            + "userPermissions { { " + "protectedItems {entry}, "
-            + "grantsAndDenials { grantRemove, grantBrowse } } } } }" );
+        createAccessControlSubentry( 
+            "anybodyAdd", 
+            "{ " + 
+            "  identificationTag \"addAci\", " + 
+            "  precedence 14, " +
+            "  authenticationLevel none, " + 
+            "  itemOrUserFirst userFirst: " +
+            "  { " + 
+            "    userClasses { allUsers }, " +
+            "    userPermissions " +
+            "    { " +
+            "      { " + 
+            "        protectedItems {entry}, " +
+            "        grantsAndDenials { grantRemove, grantBrowse } " +
+            "      } " +
+            "    } " +
+            "  } " +
+            "}" );
 
         // see if we can now delete that test entry which we could not before
         // should work now with billyd now that all users are authorized

Modified: directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/authz/GeneralAuthorizationIT.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/authz/GeneralAuthorizationIT.java?rev=960013&r1=960012&r2=960013&view=diff
==============================================================================
--- directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/authz/GeneralAuthorizationIT.java
(original)
+++ directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/authz/GeneralAuthorizationIT.java
Fri Jul  2 14:48:03 2010
@@ -64,10 +64,22 @@ public class GeneralAuthorizationIT exte
     public void testFailureToAddBadACI() throws Exception
     {
         // add a subentry with malformed ACI
-        ResultCodeEnum result = createAccessControlSubentry( "anybodyAdd", "{ " + "identificationTag
\"addAci\", " + "precedence 14, "
-            + "authenticationLevel none, " + "itemOrUserFirst userFirst: { " + "userClasses
{ allUsers }, "
-            + "userPermissions { { " + "protectedItems {entry, allUserAttributeTypesAndValues},
"
-            + "grantsAndDenials { grantAdd, grantBrowse } } }" );
+        ResultCodeEnum result = createAccessControlSubentry( 
+            "anybodyAdd", 
+            "{ " + 
+            "  identificationTag \"addAci\", " + 
+            "  precedence 14, " +
+            "  authenticationLevel none, " + 
+            "  itemOrUserFirst userFirst: " +
+            "  { " + 
+            "    userClasses { allUsers }, " +
+            "    userPermissions " +
+            "    { " +
+            "      { " + 
+            "        protectedItems {entry, allUserAttributeTypesAndValues}, " +
+            "        grantsAndDenials { grantAdd, grantBrowse } " +
+            "      } " +
+            "    }" );
         assertEquals( ResultCodeEnum.INVALID_ATTRIBUTE_SYNTAX, result );
     }
 }

Modified: directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/authz/ModifyAuthorizationIT.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/authz/ModifyAuthorizationIT.java?rev=960013&r1=960012&r2=960013&view=diff
==============================================================================
--- directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/authz/ModifyAuthorizationIT.java
(original)
+++ directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/authz/ModifyAuthorizationIT.java
Fri Jul  2 14:48:03 2010
@@ -40,8 +40,8 @@ import org.apache.directory.server.core.
 import org.apache.directory.server.core.integ.IntegrationUtils;
 import org.apache.directory.shared.ldap.constants.SchemaConstants;
 import org.apache.directory.shared.ldap.entry.DefaultEntry;
-import org.apache.directory.shared.ldap.entry.DefaultModification;
 import org.apache.directory.shared.ldap.entry.DefaultEntryAttribute;
+import org.apache.directory.shared.ldap.entry.DefaultModification;
 import org.apache.directory.shared.ldap.entry.Entry;
 import org.apache.directory.shared.ldap.entry.EntryAttribute;
 import org.apache.directory.shared.ldap.entry.Modification;
@@ -266,12 +266,28 @@ public class ModifyAuthorizationIT exten
 
         // Gives grantModify, and grantRead perm to all users in the Administrators group
for
         // entries and all attribute types and values
-        createAccessControlSubentry( "selfModifyUserPassword", "{ " + "identificationTag
\"addAci\", "
-            + "precedence 14, " + "authenticationLevel none, " + "itemOrUserFirst userFirst:
{ "
-            + "userClasses { thisEntry }, " + "userPermissions { "
-            + "{ protectedItems {entry}, grantsAndDenials { grantModify, grantBrowse, grantRead
} }, "
-            + "{ protectedItems {allAttributeValues {userPassword}}, grantsAndDenials { grantAdd,
grantRemove } } "
-            + "} } }" );
+        createAccessControlSubentry( 
+            "selfModifyUserPassword", 
+            "{ " + 
+            "  identificationTag \"addAci\", " +
+            "  precedence 14, " + 
+            "  authenticationLevel none, " + 
+            "  itemOrUserFirst userFirst: " +
+            "  { " +
+            "    userClasses { thisEntry }, " + 
+            "    userPermissions " +
+            "    { " +
+            "      { " +
+            "        protectedItems {entry}, " +
+            "        grantsAndDenials { grantModify, grantBrowse, grantRead } " +
+            "      }, " +
+            "      { " +
+            "        protectedItems {allAttributeValues {userPassword}}, " +
+            "        grantsAndDenials { grantAdd, grantRemove } " +
+            "      } " +
+            "    } " +
+            "  } " +
+            "}" );
 
         // try a modify operation which should succeed with ACI
         assertTrue( checkCanSelfModify( "billyd", "billyd", mods ) );
@@ -307,16 +323,30 @@ public class ModifyAuthorizationIT exten
         // entries and all attribute types and values
         createAccessControlSubentry(
             "administratorModifyAdd",
-            "{ "
-                + "identificationTag \"addAci\", "
-                + "precedence 14, "
-                + "authenticationLevel none, "
-                + "itemOrUserFirst userFirst: { "
-                + "userClasses { userGroup { \"cn=TestGroup,ou=groups,ou=system\" } }, "
-                + "userPermissions { "
-                + "{ protectedItems {entry}, grantsAndDenials { grantModify, grantBrowse
} }, "
-                + "{ protectedItems {attributeType {registeredAddress}, allAttributeValues
{registeredAddress}}, grantsAndDenials { grantAdd } } "
-                + "} } }" );
+            "{ " +
+            "  identificationTag \"addAci\", " +
+            "  precedence 14, " +
+            "  authenticationLevel none, " +
+            "  itemOrUserFirst userFirst: " +
+            "  { " +
+            "    userClasses { userGroup { \"cn=TestGroup,ou=groups,ou=system\" } }, " +
+            "    userPermissions " +
+            "    { " +
+            "      { " +
+            "        protectedItems {entry}, " +
+            "        grantsAndDenials { grantModify, grantBrowse } " +
+            "      }, " +
+            "      { " +
+            "        protectedItems " +
+            "        {" +
+            "          attributeType {registeredAddress}, " +
+            "          allAttributeValues {registeredAddress}" +
+            "        }, " +
+            "        grantsAndDenials { grantAdd } " +
+            "      } " +
+            "    } " +
+            "  } " +
+            "}" );
 
         // see if we can now add that test entry which we could not before
         // add op should still fail since billd is not in the admin group
@@ -344,16 +374,30 @@ public class ModifyAuthorizationIT exten
         // entries and all attribute types and values
         createAccessControlSubentry(
             "administratorModifyRemove",
-            "{ "
-                + "identificationTag \"addAci\", "
-                + "precedence 14, "
-                + "authenticationLevel none, "
-                + "itemOrUserFirst userFirst: { "
-                + "userClasses { userGroup { \"cn=TestGroup,ou=groups,ou=system\" } }, "
-                + "userPermissions { "
-                + "{ protectedItems {entry}, grantsAndDenials { grantModify, grantBrowse
} }, "
-                + "{ protectedItems {attributeType {telephoneNumber}, allAttributeValues
{telephoneNumber}}, grantsAndDenials { grantRemove } } "
-                + "} } }" );
+            "{ " +
+            "  identificationTag \"addAci\", " +
+            "  precedence 14, " +
+            "  authenticationLevel none, " +
+            "  itemOrUserFirst userFirst: " +
+            "  { " +
+            "    userClasses { userGroup { \"cn=TestGroup,ou=groups,ou=system\" } }, " +
+            "    userPermissions " +
+            "    { " +
+            "      { " +
+            "        protectedItems {entry}, " +
+            "        grantsAndDenials { grantModify, grantBrowse } " +
+            "      }, " +
+            "      { " +
+            "        protectedItems " +
+            "        {" +
+            "          attributeType {telephoneNumber}, " +
+            "          allAttributeValues {telephoneNumber}" +
+            "        }, " +
+            "        grantsAndDenials { grantRemove } " +
+            "      } " +
+            "    } " +
+            "  } " +
+            "}" );
 
         // try a modify operation which should succeed with ACI and group membership change
         assertTrue( checkCanModifyAs( "billyd", "billyd", "ou=testou", mods ) );
@@ -374,16 +418,30 @@ public class ModifyAuthorizationIT exten
         // entries and all attribute types and values
         createAccessControlSubentry(
             "administratorModifyReplace",
-            "{ "
-                + "identificationTag \"addAci\", "
-                + "precedence 14, "
-                + "authenticationLevel none, "
-                + "itemOrUserFirst userFirst: { "
-                + "userClasses { userGroup { \"cn=TestGroup,ou=groups,ou=system\" } }, "
-                + "userPermissions { "
-                + "{ protectedItems {entry}, grantsAndDenials { grantModify, grantBrowse
} }, "
-                + "{ protectedItems {attributeType {registeredAddress}, allAttributeValues
{telephoneNumber}}, grantsAndDenials { grantAdd, grantRemove } } "
-                + "} } }" );
+            "{ " +
+            "  identificationTag \"addAci\", " +
+            "  precedence 14, " +
+            "  authenticationLevel none, " +
+            "  itemOrUserFirst userFirst: " +
+            "  { " +
+            "    userClasses { userGroup { \"cn=TestGroup,ou=groups,ou=system\" } }, " +
+            "    userPermissions " +
+            "    { " +
+            "      { " +
+            "        protectedItems {entry}, " +
+            "        grantsAndDenials { grantModify, grantBrowse } " +
+            "      }, " +
+            "      { " +
+            "        protectedItems " +
+            "        {" +
+            "          attributeType {registeredAddress}, " +
+            "          allAttributeValues {telephoneNumber}" +
+            "        }, " +
+            "        grantsAndDenials { grantAdd, grantRemove } " +
+            "      } " +
+            "    } " +
+            "  } " +
+            "}" );
 
         // try a modify operation which should succeed with ACI and group membership change
         assertTrue( checkCanModifyAs( "billyd", "billyd", "ou=testou", mods ) );
@@ -406,16 +464,30 @@ public class ModifyAuthorizationIT exten
         // entries and all attribute types and values
         createAccessControlSubentry(
             "administratorModifyAdd",
-            "{ "
-                + "identificationTag \"addAci\", "
-                + "precedence 14, "
-                + "authenticationLevel none, "
-                + "itemOrUserFirst userFirst: { "
-                + "userClasses { userGroup { \"cn=TestGroup,ou=groups,ou=system\" } }, "
-                + "userPermissions { "
-                + "{ protectedItems {entry}, grantsAndDenials { grantModify, grantBrowse
} }, "
-                + "{ protectedItems {attributeType {registeredAddress}, allAttributeValues
{registeredAddress}}, grantsAndDenials { grantAdd } } "
-                + "} } }" );
+            "{ " + 
+            "  identificationTag \"addAci\", " + 
+            "  precedence 14, " + 
+            "  authenticationLevel none, " + 
+            "  itemOrUserFirst userFirst: " +
+            "  { " + 
+            "    userClasses { userGroup { \"cn=TestGroup,ou=groups,ou=system\" } }, " +

+            "    userPermissions " +
+            "    { " + 
+            "      { " +
+            "        protectedItems {entry}, " +
+            "        grantsAndDenials { grantModify, grantBrowse } " +
+            "      }, " + 
+            "      { " +
+            "        protectedItems " +
+            "        {" +
+            "          attributeType {registeredAddress}, " +
+            "          allAttributeValues {registeredAddress}" +
+            "        }, " +
+            "        grantsAndDenials { grantAdd } " +
+            "      } " + 
+            "    } " +
+            "  } " +
+            "}" );
 
         // try a modify operation which should succeed with ACI and group membership change
         assertTrue( checkCanModifyAs( "billyd", "billyd", "ou=testou", ModificationOperation.ADD_ATTRIBUTE,
changes ) );
@@ -435,16 +507,30 @@ public class ModifyAuthorizationIT exten
         // entries and all attribute types and values
         createAccessControlSubentry(
             "administratorModifyRemove",
-            "{ "
-                + "identificationTag \"addAci\", "
-                + "precedence 14, "
-                + "authenticationLevel none, "
-                + "itemOrUserFirst userFirst: { "
-                + "userClasses { userGroup { \"cn=TestGroup,ou=groups,ou=system\" } }, "
-                + "userPermissions { "
-                + "{ protectedItems {entry}, grantsAndDenials { grantModify, grantBrowse
} }, "
-                + "{ protectedItems {attributeType {telephoneNumber}, allAttributeValues
{telephoneNumber}}, grantsAndDenials { grantRemove } } "
-                + "} } }" );
+            "{ " +
+            "  identificationTag \"addAci\", " +
+            "  precedence 14, " +
+            "  authenticationLevel none, " +
+            "  itemOrUserFirst userFirst: " +
+            "  { " +
+            "    userClasses { userGroup { \"cn=TestGroup,ou=groups,ou=system\" } }, " +
+            "    userPermissions " +
+            "    { " +
+            "      { " +
+            "        protectedItems {entry}, " +
+            "        grantsAndDenials { grantModify, grantBrowse } " +
+            "      }, " +
+            "      { " +
+            "        protectedItems " +
+            "        {" +
+            "          attributeType {telephoneNumber}, " +
+            "          allAttributeValues {telephoneNumber}" +
+            "        }, " +
+            "        grantsAndDenials { grantRemove } " +
+            "      } " + 
+            "    } " +
+            "  } " +
+            "}" );
 
         // try a modify operation which should succeed with ACI and group membership change
         assertTrue( checkCanModifyAs( "billyd", "billyd", "ou=testou", ModificationOperation.REMOVE_ATTRIBUTE,
changes ) );
@@ -464,16 +550,30 @@ public class ModifyAuthorizationIT exten
         // entries and all attribute types and values
         createAccessControlSubentry(
             "administratorModifyReplace",
-            "{ "
-                + "identificationTag \"addAci\", "
-                + "precedence 14, "
-                + "authenticationLevel none, "
-                + "itemOrUserFirst userFirst: { "
-                + "userClasses { userGroup { \"cn=TestGroup,ou=groups,ou=system\" } }, "
-                + "userPermissions { "
-                + "{ protectedItems {entry}, grantsAndDenials { grantModify, grantBrowse
} }, "
-                + "{ protectedItems {attributeType {registeredAddress}, allAttributeValues
{telephoneNumber}}, grantsAndDenials { grantAdd, grantRemove } } "
-                + "} } }" );
+            "{ " +
+            "  identificationTag \"addAci\", " +
+            "  precedence 14, " +
+            "  authenticationLevel none, " +
+            "  itemOrUserFirst userFirst: " +
+            "  { " +
+            "    userClasses { userGroup { \"cn=TestGroup,ou=groups,ou=system\" } }, " +
+            "    userPermissions " +
+            "    { " +
+            "      { " +
+            "        protectedItems {entry}, " +
+            "        grantsAndDenials { grantModify, grantBrowse } " +
+            "      }, " +
+            "      { " +
+            "        protectedItems " +
+            "        {" +
+            "          attributeType {registeredAddress}, " +
+            "          allAttributeValues {telephoneNumber}" +
+            "        }, " +
+            "        grantsAndDenials { grantAdd, grantRemove } " +
+            "      } " + 
+            "    } " +
+            "  } " +
+            "}" );
 
         // try a modify operation which should succeed with ACI and group membership change
         assertTrue( checkCanModifyAs( "billyd", "billyd", "ou=testou", ModificationOperation.REPLACE_ATTRIBUTE,
changes ) );
@@ -579,24 +679,46 @@ public class ModifyAuthorizationIT exten
 
         createAccessControlSubentry(
             "modifyACI",
-            "{ "
-                + "identificationTag \"modifyAci\", "
-                + "precedence 14, "
-                + "authenticationLevel none, "
-                + "itemOrUserFirst userFirst: { "
-                + "userClasses { allUsers }, "
-                + "userPermissions { "
-                + "{ protectedItems {entry, allUserAttributeTypesAndValues}, grantsAndDenials
{ grantModify, grantBrowse, grantAdd, grantRemove } } } } }" );
+            "{ " +
+            "  identificationTag \"modifyAci\", " +
+            "  precedence 14, " +
+            "  authenticationLevel none, " +
+            "  itemOrUserFirst userFirst: " +
+            "  { " +
+            "    userClasses { allUsers }, " +
+            "    userPermissions " +
+            "    { " +
+            "      { " +
+            "        protectedItems {entry, allUserAttributeTypesAndValues}, " +
+            "        grantsAndDenials { grantModify, grantBrowse, grantAdd, grantRemove }
" +
+            "      } " +
+            "    } " +
+            "  } " +
+            "}" );
 
         assertTrue( checkCanModifyAs( "billyd", "billyd", "ou=testou", mods ) );
 
         mods = toItems( ModificationOperation.REPLACE_ATTRIBUTE, new DefaultEntryAttribute(
"registeredAddress",
             "200 Park Ave." ) );
 
-        changePresciptiveACI( "modifyACI", "{ " + "identificationTag \"modifyAci\", " + "precedence
14, "
-            + "authenticationLevel none, " + "itemOrUserFirst userFirst: { " + "userClasses
{ allUsers }, "
-            + "userPermissions { "
-            + "{ protectedItems {entry, allUserAttributeTypesAndValues}, grantsAndDenials
{ denyModify } } } } }" );
+        changePresciptiveACI( 
+            "modifyACI", 
+            "{ " + 
+            "  identificationTag \"modifyAci\", " + 
+            "  precedence 14, " +
+            "  authenticationLevel none, " + 
+            "  itemOrUserFirst userFirst: " +
+            "  { " + 
+            "    userClasses { allUsers }, " +
+            "    userPermissions " +
+            "    { " +
+            "      { " +
+            "        protectedItems {entry, allUserAttributeTypesAndValues}, " +
+            "        grantsAndDenials { denyModify } " +
+            "      } " +
+            "    } " +
+            "  } " +
+            "}" );
 
         assertFalse( checkCanModifyAs( "billyd", "billyd", "ou=testou", mods ) );
 
@@ -609,13 +731,33 @@ public class ModifyAuthorizationIT exten
     public void testMaxValueCountProtectedItem() throws Exception
     {
         createUser( "billyd", "billyd" );
-        createAccessControlSubentry( "mvcACI", " {" + " identificationTag \"mvcACI\"," +
" precedence 10,"
-            + " authenticationLevel simple," + " itemOrUserFirst userFirst:" + " {" + " userClasses
{ allUsers },"
-            + " userPermissions" + " {" + " {" + " protectedItems { entry },"
-            + " grantsAndDenials { grantModify, grantBrowse }" + " }" + " ," + " {" + " protectedItems"
+ " {"
-            + " attributeType { description }," + " allAttributeValues { description },"
+ " maxValueCount" + " {"
-            + " { type description, maxCount 1 }" + " }" + " }" + " ," + " grantsAndDenials"
+ " {" + " grantRemove,"
-            + " grantAdd" + " }" + " }" + " }" + " }" + " }" );
+        createAccessControlSubentry( 
+            "mvcACI", 
+            "{" + 
+            "  identificationTag \"mvcACI\"," + 
+            "  precedence 10," +
+            "  authenticationLevel simple," + 
+            "  itemOrUserFirst userFirst:" + 
+            "  {" + 
+            "    userClasses { allUsers }," +
+            "    userPermissions" + 
+            "    {" + 
+            "      {" + 
+            "        protectedItems { entry }," +
+            "        grantsAndDenials { grantModify, grantBrowse }" + 
+            "      }," + 
+            "      {" + 
+            "        protectedItems" + 
+            "        {" +
+            "          attributeType { description }," + 
+            "          allAttributeValues { description }," + 
+            "          maxValueCount { { type description, maxCount 1 } }" + 
+            "        } ," + 
+            "        grantsAndDenials { grantRemove, grantAdd }" + 
+            "      }" + 
+            "    }" + 
+            "  }" + 
+            "}" );
 
         Modification[] mods = toItems( ModificationOperation.ADD_ATTRIBUTE, new DefaultEntryAttribute(
"description",
             "description 1" ) );



Mime
View raw message