Author: elecharny Date: Fri Jul 2 13:53:38 2010 New Revision: 959986 URL: http://svn.apache.org/viewvc?rev=959986&view=rev Log: Some more ACI formating Modified: directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/authz/AuthzAuthnIT.java directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/authz/CompareAuthorizationIT.java Modified: directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/authz/AuthzAuthnIT.java URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/authz/AuthzAuthnIT.java?rev=959986&r1=959985&r2=959986&view=diff ============================================================================== --- directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/authz/AuthzAuthnIT.java (original) +++ directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/authz/AuthzAuthnIT.java Fri Jul 2 13:53:38 2010 @@ -124,11 +124,22 @@ public class AuthzAuthnIT extends Abstra createAccessControlSubentry( "grantBrowseForTheWholeNamingContext", "{ maximum 0 }", // !!!!! Replace this with "{ minimum 1 }" for practicing ! - "{ " + "identificationTag \"browseACI\", " - + "precedence 14, " + "authenticationLevel none, " + "itemOrUserFirst userFirst: { " - + "userClasses { name { \"uid=billyd,ou=users,ou=system\" } }, " + "userPermissions { { " - + "protectedItems { entry }, " - + "grantsAndDenials { grantBrowse } } } } }" ); + "{ " + + " identificationTag \"browseACI\", " + + " precedence 14, " + + " authenticationLevel none, " + + " itemOrUserFirst userFirst: " + + " { " + + " userClasses { name { \"uid=billyd,ou=users,ou=system\" } }, " + + " userPermissions " + + " { " + + " { " + + " protectedItems { entry }, " + + " grantsAndDenials { grantBrowse } " + + " } " + + " } " + + " } " + + "}" ); DN userName = new DN( "uid=billyd,ou=users,ou=system" ); Modified: directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/authz/CompareAuthorizationIT.java URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/authz/CompareAuthorizationIT.java?rev=959986&r1=959985&r2=959986&view=diff ============================================================================== --- directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/authz/CompareAuthorizationIT.java (original) +++ directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/authz/CompareAuthorizationIT.java Fri Jul 2 13:53:38 2010 @@ -142,16 +142,15 @@ public class CompareAuthorizationIT exte // Gives grantCompare, and grantRead perm to all users in the Administrators group for // entries and all attribute types and values createAccessControlSubentry( "administratorAdd", - "{ identificationTag \"addAci\", " + + "{ " + + " identificationTag \"addAci\", " + " precedence 14, " + " authenticationLevel none, " + - " itemOrUserFirst userFirst: { " + - " userClasses { " + - " userGroup { " + - " \"cn=Administrators,ou=groups,ou=system\" " + - " } " + - " }, " + - " userPermissions { " + + " itemOrUserFirst userFirst: " + + " { " + + " userClasses { userGroup { \"cn=Administrators,ou=groups,ou=system\" } }" + + " userPermissions " + + " { " + " { " + " protectedItems { entry, allUserAttributeTypesAndValues }, " + " grantsAndDenials { grantCompare, grantRead, grantBrowse } " + @@ -189,26 +188,17 @@ public class CompareAuthorizationIT exte // now add a subentry that enables user billyd to compare an entry below ou=system createAccessControlSubentry( "billydAdd", "{ " + - " identificationTag \"addAci\", precedence 14, authenticationLevel none, itemOrUserFirst userFirst: " + + " identificationTag \"addAci\", " + + " precedence 14, " + + " authenticationLevel none, " + + " itemOrUserFirst userFirst: " + " { " + - " userClasses " + - " { " + - " name " + - " { " + - " \"uid=billyd,ou=users,ou=system\" " + - " } " + - " }, " + + " userClasses { name { \"uid=billyd,ou=users,ou=system\" } }, " + " userPermissions " + " { " + " { " + - " protectedItems " + - " {" + - " entry, allUserAttributeTypesAndValues" + - " }, " + - " grantsAndDenials " + - " { " + - " grantCompare, grantRead, grantBrowse " + - " } " + + " protectedItems { entry, allUserAttributeTypesAndValues }, " + + " grantsAndDenials { grantCompare, grantRead, grantBrowse } " + " } " + " } " + " } " + @@ -234,11 +224,27 @@ public class CompareAuthorizationIT exte assertFalse( checkCanCompareTelephoneNumberAs( "billyd", "billyd", "ou=testou", "867-5309" ) ); // now add a subentry that enables user billyd to compare an entry below ou=system - createAccessControlSubentry( "billyAddBySubtree", "{ " + "identificationTag \"addAci\", " + "precedence 14, " - + "authenticationLevel none, " + "itemOrUserFirst userFirst: { " - + "userClasses { subtree { { base \"ou=users,ou=system\" } } }, " + "userPermissions { { " - + "protectedItems {entry, allUserAttributeTypesAndValues}, " - + "grantsAndDenials { grantCompare, grantRead, grantBrowse } } } } }" ); + createAccessControlSubentry( + "billyAddBySubtree", + "{ " + + " identificationTag \"addAci\", " + + " precedence 14, " + + " authenticationLevel none, " + + " itemOrUserFirst userFirst: " + + " { " + + " userClasses " + + " { " + + " subtree { { base \"ou=users,ou=system\" } } " + + " }, " + + " userPermissions " + + " { " + + " { " + + " protectedItems {entry, allUserAttributeTypesAndValues}, " + + " grantsAndDenials { grantCompare, grantRead, grantBrowse } " + + " } " + + " } " + + " } " + + "}" ); // should work now that billyd is authorized by the subtree userClass assertTrue( checkCanCompareTelephoneNumberAs( "billyd", "billyd", "ou=testou", "867-5309" ) ); @@ -260,10 +266,24 @@ public class CompareAuthorizationIT exte assertFalse( checkCanCompareTelephoneNumberAs( "billyd", "billyd", "ou=testou", "867-5309" ) ); // now add a subentry that enables anyone to add an entry below ou=system - createAccessControlSubentry( "anybodyAdd", "{ " + "identificationTag \"addAci\", " + "precedence 14, " - + "authenticationLevel none, " + "itemOrUserFirst userFirst: { " + "userClasses { allUsers }, " - + "userPermissions { { " + "protectedItems {entry, allUserAttributeTypesAndValues}, " - + "grantsAndDenials { grantCompare, grantRead, grantBrowse } } } } }" ); + createAccessControlSubentry( + "anybodyAdd", + "{ " + + " identificationTag \"addAci\", " + + " precedence 14, " + + " authenticationLevel none, " + + " itemOrUserFirst userFirst: " + + " { " + + " userClasses { allUsers }, " + + " userPermissions " + + " { " + + " { " + + " protectedItems {entry, allUserAttributeTypesAndValues}, " + + " grantsAndDenials { grantCompare, grantRead, grantBrowse } " + + " } " + + " } " + + " } " + + "}" ); // see if we can now compare that test entry's number which we could not before // should work with billyd now that all users are authorized