Return-Path: Delivered-To: apmail-directory-commits-archive@www.apache.org Received: (qmail 56074 invoked from network); 2 Jul 2010 13:54:37 -0000 Received: from unknown (HELO mail.apache.org) (140.211.11.3) by 140.211.11.9 with SMTP; 2 Jul 2010 13:54:37 -0000 Received: (qmail 40107 invoked by uid 500); 2 Jul 2010 13:54:37 -0000 Delivered-To: apmail-directory-commits-archive@directory.apache.org Received: (qmail 40046 invoked by uid 500); 2 Jul 2010 13:54:35 -0000 Mailing-List: contact commits-help@directory.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@directory.apache.org Delivered-To: mailing list commits@directory.apache.org Received: (qmail 40039 invoked by uid 99); 2 Jul 2010 13:54:35 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 02 Jul 2010 13:54:35 +0000 X-ASF-Spam-Status: No, hits=-2000.0 required=10.0 tests=ALL_TRUSTED X-Spam-Check-By: apache.org Received: from [140.211.11.4] (HELO eris.apache.org) (140.211.11.4) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 02 Jul 2010 13:54:32 +0000 Received: by eris.apache.org (Postfix, from userid 65534) id 5F20223889F1; Fri, 2 Jul 2010 13:53:39 +0000 (UTC) Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Subject: svn commit: r959986 - in /directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/authz: AuthzAuthnIT.java CompareAuthorizationIT.java Date: Fri, 02 Jul 2010 13:53:39 -0000 To: commits@directory.apache.org From: elecharny@apache.org X-Mailer: svnmailer-1.0.8 Message-Id: <20100702135339.5F20223889F1@eris.apache.org> X-Virus-Checked: Checked by ClamAV on apache.org Author: elecharny Date: Fri Jul 2 13:53:38 2010 New Revision: 959986 URL: http://svn.apache.org/viewvc?rev=959986&view=rev Log: Some more ACI formating Modified: directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/authz/AuthzAuthnIT.java directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/authz/CompareAuthorizationIT.java Modified: directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/authz/AuthzAuthnIT.java URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/authz/AuthzAuthnIT.java?rev=959986&r1=959985&r2=959986&view=diff ============================================================================== --- directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/authz/AuthzAuthnIT.java (original) +++ directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/authz/AuthzAuthnIT.java Fri Jul 2 13:53:38 2010 @@ -124,11 +124,22 @@ public class AuthzAuthnIT extends Abstra createAccessControlSubentry( "grantBrowseForTheWholeNamingContext", "{ maximum 0 }", // !!!!! Replace this with "{ minimum 1 }" for practicing ! - "{ " + "identificationTag \"browseACI\", " - + "precedence 14, " + "authenticationLevel none, " + "itemOrUserFirst userFirst: { " - + "userClasses { name { \"uid=billyd,ou=users,ou=system\" } }, " + "userPermissions { { " - + "protectedItems { entry }, " - + "grantsAndDenials { grantBrowse } } } } }" ); + "{ " + + " identificationTag \"browseACI\", " + + " precedence 14, " + + " authenticationLevel none, " + + " itemOrUserFirst userFirst: " + + " { " + + " userClasses { name { \"uid=billyd,ou=users,ou=system\" } }, " + + " userPermissions " + + " { " + + " { " + + " protectedItems { entry }, " + + " grantsAndDenials { grantBrowse } " + + " } " + + " } " + + " } " + + "}" ); DN userName = new DN( "uid=billyd,ou=users,ou=system" ); Modified: directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/authz/CompareAuthorizationIT.java URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/authz/CompareAuthorizationIT.java?rev=959986&r1=959985&r2=959986&view=diff ============================================================================== --- directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/authz/CompareAuthorizationIT.java (original) +++ directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/authz/CompareAuthorizationIT.java Fri Jul 2 13:53:38 2010 @@ -142,16 +142,15 @@ public class CompareAuthorizationIT exte // Gives grantCompare, and grantRead perm to all users in the Administrators group for // entries and all attribute types and values createAccessControlSubentry( "administratorAdd", - "{ identificationTag \"addAci\", " + + "{ " + + " identificationTag \"addAci\", " + " precedence 14, " + " authenticationLevel none, " + - " itemOrUserFirst userFirst: { " + - " userClasses { " + - " userGroup { " + - " \"cn=Administrators,ou=groups,ou=system\" " + - " } " + - " }, " + - " userPermissions { " + + " itemOrUserFirst userFirst: " + + " { " + + " userClasses { userGroup { \"cn=Administrators,ou=groups,ou=system\" } }" + + " userPermissions " + + " { " + " { " + " protectedItems { entry, allUserAttributeTypesAndValues }, " + " grantsAndDenials { grantCompare, grantRead, grantBrowse } " + @@ -189,26 +188,17 @@ public class CompareAuthorizationIT exte // now add a subentry that enables user billyd to compare an entry below ou=system createAccessControlSubentry( "billydAdd", "{ " + - " identificationTag \"addAci\", precedence 14, authenticationLevel none, itemOrUserFirst userFirst: " + + " identificationTag \"addAci\", " + + " precedence 14, " + + " authenticationLevel none, " + + " itemOrUserFirst userFirst: " + " { " + - " userClasses " + - " { " + - " name " + - " { " + - " \"uid=billyd,ou=users,ou=system\" " + - " } " + - " }, " + + " userClasses { name { \"uid=billyd,ou=users,ou=system\" } }, " + " userPermissions " + " { " + " { " + - " protectedItems " + - " {" + - " entry, allUserAttributeTypesAndValues" + - " }, " + - " grantsAndDenials " + - " { " + - " grantCompare, grantRead, grantBrowse " + - " } " + + " protectedItems { entry, allUserAttributeTypesAndValues }, " + + " grantsAndDenials { grantCompare, grantRead, grantBrowse } " + " } " + " } " + " } " + @@ -234,11 +224,27 @@ public class CompareAuthorizationIT exte assertFalse( checkCanCompareTelephoneNumberAs( "billyd", "billyd", "ou=testou", "867-5309" ) ); // now add a subentry that enables user billyd to compare an entry below ou=system - createAccessControlSubentry( "billyAddBySubtree", "{ " + "identificationTag \"addAci\", " + "precedence 14, " - + "authenticationLevel none, " + "itemOrUserFirst userFirst: { " - + "userClasses { subtree { { base \"ou=users,ou=system\" } } }, " + "userPermissions { { " - + "protectedItems {entry, allUserAttributeTypesAndValues}, " - + "grantsAndDenials { grantCompare, grantRead, grantBrowse } } } } }" ); + createAccessControlSubentry( + "billyAddBySubtree", + "{ " + + " identificationTag \"addAci\", " + + " precedence 14, " + + " authenticationLevel none, " + + " itemOrUserFirst userFirst: " + + " { " + + " userClasses " + + " { " + + " subtree { { base \"ou=users,ou=system\" } } " + + " }, " + + " userPermissions " + + " { " + + " { " + + " protectedItems {entry, allUserAttributeTypesAndValues}, " + + " grantsAndDenials { grantCompare, grantRead, grantBrowse } " + + " } " + + " } " + + " } " + + "}" ); // should work now that billyd is authorized by the subtree userClass assertTrue( checkCanCompareTelephoneNumberAs( "billyd", "billyd", "ou=testou", "867-5309" ) ); @@ -260,10 +266,24 @@ public class CompareAuthorizationIT exte assertFalse( checkCanCompareTelephoneNumberAs( "billyd", "billyd", "ou=testou", "867-5309" ) ); // now add a subentry that enables anyone to add an entry below ou=system - createAccessControlSubentry( "anybodyAdd", "{ " + "identificationTag \"addAci\", " + "precedence 14, " - + "authenticationLevel none, " + "itemOrUserFirst userFirst: { " + "userClasses { allUsers }, " - + "userPermissions { { " + "protectedItems {entry, allUserAttributeTypesAndValues}, " - + "grantsAndDenials { grantCompare, grantRead, grantBrowse } } } } }" ); + createAccessControlSubentry( + "anybodyAdd", + "{ " + + " identificationTag \"addAci\", " + + " precedence 14, " + + " authenticationLevel none, " + + " itemOrUserFirst userFirst: " + + " { " + + " userClasses { allUsers }, " + + " userPermissions " + + " { " + + " { " + + " protectedItems {entry, allUserAttributeTypesAndValues}, " + + " grantsAndDenials { grantCompare, grantRead, grantBrowse } " + + " } " + + " } " + + " } " + + "}" ); // see if we can now compare that test entry's number which we could not before // should work with billyd now that all users are authorized