directory-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From elecha...@apache.org
Subject svn commit: r1052799 - in /directory/apacheds/branches/apacheds-AP: core-integ/src/test/java/org/apache/directory/server/core/subtree/ core/src/main/java/org/apache/directory/server/core/subtree/
Date Sat, 25 Dec 2010 19:20:01 GMT
Author: elecharny
Date: Sat Dec 25 19:20:01 2010
New Revision: 1052799

URL: http://svn.apache.org/viewvc?rev=1052799&view=rev
Log:
o Implemented the Del operation for APs
o Added some tests for the AP Del operation

Added:
    directory/apacheds/branches/apacheds-AP/core-integ/src/test/java/org/apache/directory/server/core/subtree/SubentryDeleteOperationIT.java
Modified:
    directory/apacheds/branches/apacheds-AP/core-integ/src/test/java/org/apache/directory/server/core/subtree/SubentryAddOperationIT.java
    directory/apacheds/branches/apacheds-AP/core/src/main/java/org/apache/directory/server/core/subtree/SubentryInterceptor.java

Modified: directory/apacheds/branches/apacheds-AP/core-integ/src/test/java/org/apache/directory/server/core/subtree/SubentryAddOperationIT.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/apacheds-AP/core-integ/src/test/java/org/apache/directory/server/core/subtree/SubentryAddOperationIT.java?rev=1052799&r1=1052798&r2=1052799&view=diff
==============================================================================
--- directory/apacheds/branches/apacheds-AP/core-integ/src/test/java/org/apache/directory/server/core/subtree/SubentryAddOperationIT.java
(original)
+++ directory/apacheds/branches/apacheds-AP/core-integ/src/test/java/org/apache/directory/server/core/subtree/SubentryAddOperationIT.java
Sat Dec 25 19:20:01 2010
@@ -43,7 +43,7 @@ import org.junit.runner.RunWith;
 
 
 /**
- * Test cases for the AdministrativePoint interceptor.
+ * Test cases for the AdministrativePoint interceptor Add operation.
  *
  * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
  */

Added: directory/apacheds/branches/apacheds-AP/core-integ/src/test/java/org/apache/directory/server/core/subtree/SubentryDeleteOperationIT.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/apacheds-AP/core-integ/src/test/java/org/apache/directory/server/core/subtree/SubentryDeleteOperationIT.java?rev=1052799&view=auto
==============================================================================
--- directory/apacheds/branches/apacheds-AP/core-integ/src/test/java/org/apache/directory/server/core/subtree/SubentryDeleteOperationIT.java
(added)
+++ directory/apacheds/branches/apacheds-AP/core-integ/src/test/java/org/apache/directory/server/core/subtree/SubentryDeleteOperationIT.java
Sat Dec 25 19:20:01 2010
@@ -0,0 +1,275 @@
+/*
+ *  Licensed to the Apache Software Foundation (ASF) under one
+ *  or more contributor license agreements.  See the NOTICE file
+ *  distributed with this work for additional information
+ *  regarding copyright ownership.  The ASF licenses this file
+ *  to you under the Apache License, Version 2.0 (the
+ *  "License"); you may not use this file except in compliance
+ *  with the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing,
+ *  software distributed under the License is distributed on an
+ *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *  KIND, either express or implied.  See the License for the
+ *  specific language governing permissions and limitations
+ *  under the License.
+ *
+ */
+package org.apache.directory.server.core.subtree;
+
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertNotNull;
+import static org.junit.Assert.assertNull;
+
+import org.apache.directory.ldap.client.api.LdapConnection;
+import org.apache.directory.server.core.annotations.ApplyLdifs;
+import org.apache.directory.server.core.annotations.CreateDS;
+import org.apache.directory.server.core.integ.AbstractLdapTestUnit;
+import org.apache.directory.server.core.integ.FrameworkRunner;
+import org.apache.directory.server.core.integ.IntegrationUtils;
+import org.apache.directory.shared.ldap.entry.Entry;
+import org.apache.directory.shared.ldap.ldif.LdifUtils;
+import org.apache.directory.shared.ldap.message.AddResponse;
+import org.apache.directory.shared.ldap.message.DeleteResponse;
+import org.apache.directory.shared.ldap.message.ResultCodeEnum;
+import org.junit.After;
+import org.junit.Before;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+
+
+/**
+ * Test cases for the AdministrativePoint interceptor delete operation.
+ *
+ * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
+ */
+@RunWith(FrameworkRunner.class)
+@CreateDS(name = "AdministrativePointServiceIT")
+@ApplyLdifs(
+    {
+        // A test branch
+        "dn: cn=test,ou=system",
+        "objectClass: top",
+        "objectClass: person",
+        "cn: test",
+        "sn: test",
+        "userpassword: test"
+    })
+public class SubentryDeleteOperationIT extends AbstractLdapTestUnit
+{
+    // The shared LDAP admin connection
+    private static LdapConnection adminConnection;
+
+    // The shared LDAP user connection
+    private static LdapConnection userConnection;
+
+
+    @Before
+    public void init() throws Exception
+    {
+        adminConnection = IntegrationUtils.getAdminConnection( service );
+        userConnection = IntegrationUtils.getConnectionAs( service, "cn=test,ou=system",
"test" );
+    }
+
+
+    @After
+    public void shutdown() throws Exception
+    {
+        adminConnection.close();
+        userConnection.close();
+    }
+
+
+    // ===================================================================
+    // Test the Delete operation
+    // -------------------------------------------------------------------
+    // Failure expected
+    // -------------------------------------------------------------------
+    /**
+     * Test the deletion of an AP with children
+     */
+    @Test
+    public void testDeleteAPWithChildren() throws Exception
+    {
+        Entry autonomousArea = LdifUtils.createEntry( 
+            "ou=AAP,ou=system", 
+            "ObjectClass: top",
+            "ObjectClass: organizationalUnit", 
+            "ou: AAP", 
+            "administrativeRole: autonomousArea" );
+
+        // It should succeed
+        AddResponse response = adminConnection.add( autonomousArea );
+
+        assertEquals( ResultCodeEnum.SUCCESS, response.getLdapResult().getResultCode() );
+
+        // Add a subentry now
+        Entry subentry = LdifUtils.createEntry( 
+            "cn=test,ou=AAP,ou=system", 
+            "ObjectClass: top",
+            "ObjectClass: subentry", 
+            "ObjectClass: collectiveAttributeSubentry",
+            "cn: test",
+            "subtreeSpecification: {}", 
+            "c-o: Test Org" );
+
+        response = adminConnection.add( subentry );
+        assertEquals( ResultCodeEnum.SUCCESS, response.getLdapResult().getResultCode() );
+        
+        Entry subentryEntry = adminConnection.lookup( "cn=test,ou=AAP,ou=system", "+", "*"
);
+        assertNotNull( subentryEntry );
+
+        Entry ap = adminConnection.lookup( "ou=AAP,ou=system", "+", "*" );
+        assertNotNull( ap );
+        assertEquals( "0", ap.get( "APSeqNumber" ).getString() );
+        
+        // Now try to delete the AP
+        DeleteResponse delResponse = adminConnection.delete( "ou=AAP,ou=system" );
+        
+        assertEquals( ResultCodeEnum.NOT_ALLOWED_ON_NON_LEAF, delResponse.getLdapResult().getResultCode()
);
+    }
+    
+    
+    @Test
+    public void testDeleteSAPNonAdmin() throws Exception
+    {
+        Entry sap = LdifUtils.createEntry( 
+            "ou=SAP,ou=system", 
+            "ObjectClass: top",
+            "ObjectClass: organizationalUnit", 
+            "ou: SAP", 
+            "administrativeRole: collectiveAttributeSpecificArea" );
+
+        // It should succeed
+        AddResponse response = adminConnection.add( sap );
+
+        assertEquals( ResultCodeEnum.SUCCESS, response.getLdapResult().getResultCode() );
+
+        // Now try to delete the AP with another user
+        DeleteResponse delResponse = userConnection.delete( "ou=SAP,ou=system" );
+        
+        assertEquals( ResultCodeEnum.UNWILLING_TO_PERFORM, delResponse.getLdapResult().getResultCode()
);
+        
+        // Check that the SAP is still present
+        Entry entry = adminConnection.lookup( "ou=SAP,ou=system" );
+        
+        assertNotNull( entry );
+    }
+
+    
+    // -------------------------------------------------------------------
+    // Success expected
+    // -------------------------------------------------------------------
+    @Test
+    public void testDeleteAAP() throws Exception
+    {
+        Entry autonomousArea = LdifUtils.createEntry( 
+            "ou=AAP2,ou=system", 
+            "ObjectClass: top",
+            "ObjectClass: organizationalUnit", 
+            "ou: AAP", 
+            "administrativeRole: autonomousArea" );
+
+        // It should succeed
+        AddResponse response = adminConnection.add( autonomousArea );
+
+        assertEquals( ResultCodeEnum.SUCCESS, response.getLdapResult().getResultCode() );
+
+        // Now try to delete the AP
+        DeleteResponse delResponse = adminConnection.delete( "ou=AAP2,ou=system" );
+        
+        assertEquals( ResultCodeEnum.SUCCESS, delResponse.getLdapResult().getResultCode()
);
+        
+        // Check that the AAP is not anymore present
+        Entry aap = adminConnection.lookup( "ou=AAP2,ou=system" );
+        
+        assertNull( aap );
+    }
+    
+    
+    @Test
+    public void testDeleteSAP() throws Exception
+    {
+        Entry sap = LdifUtils.createEntry( 
+            "ou=SAP,ou=system", 
+            "ObjectClass: top",
+            "ObjectClass: organizationalUnit", 
+            "ou: SAP", 
+            "administrativeRole: collectiveAttributeSpecificArea" );
+
+        // It should succeed
+        AddResponse response = adminConnection.add( sap );
+
+        assertEquals( ResultCodeEnum.SUCCESS, response.getLdapResult().getResultCode() );
+
+        // Now try to delete the AP
+        DeleteResponse delResponse = adminConnection.delete( "ou=SAP,ou=system" );
+        
+        assertEquals( ResultCodeEnum.SUCCESS, delResponse.getLdapResult().getResultCode()
);
+        
+        // Check that the SAP is not anymore present
+        Entry aap = adminConnection.lookup( "ou=SAP,ou=system" );
+        
+        assertNull( aap );
+    }
+
+
+    
+    
+    @Test
+    public void testDeleteIAP() throws Exception
+    {
+        Entry sap = LdifUtils.createEntry( 
+            "ou=SAP1,ou=system", 
+            "ObjectClass: top",
+            "ObjectClass: organizationalUnit", 
+            "ou: SAP1", 
+            "administrativeRole: collectiveAttributeSpecificArea" );
+
+        // It should succeed
+        AddResponse response = adminConnection.add( sap );
+
+        assertEquals( ResultCodeEnum.SUCCESS, response.getLdapResult().getResultCode() );
+        
+        // Add the IAP
+        Entry iap = LdifUtils.createEntry( 
+            "ou=IAP1,ou=SAP1,ou=system", 
+            "ObjectClass: top",
+            "ObjectClass: organizationalUnit", 
+            "ou: IAP1", 
+            "administrativeRole: collectiveAttributeInnerArea" );
+
+        // It should succeed
+        response = adminConnection.add( iap );
+
+        assertEquals( ResultCodeEnum.SUCCESS, response.getLdapResult().getResultCode() );
+
+        // Now try to delete the SAP (it should fail)
+        DeleteResponse delResponse = adminConnection.delete( "ou=SAP1,ou=system" );
+        
+        assertEquals( ResultCodeEnum.NOT_ALLOWED_ON_NON_LEAF, delResponse.getLdapResult().getResultCode()
);
+        
+        // Remove the IAP first
+        delResponse = adminConnection.delete( "ou=IAP1,ou=SAP1,ou=system" );
+        
+        assertEquals( ResultCodeEnum.SUCCESS, delResponse.getLdapResult().getResultCode()
);
+        
+        // Check that the IAP is not anymore present
+        Entry iapDel = adminConnection.lookup( "ou=IA1P,ou=SAP1,ou=system" );
+        
+        assertNull( iapDel );
+        
+        // Remove the SAP
+        delResponse = adminConnection.delete( "ou=SAP1,ou=system" );
+        
+        assertEquals( ResultCodeEnum.SUCCESS, delResponse.getLdapResult().getResultCode()
);
+        
+        // Check that the SAP is not anymore present
+        Entry sapDel = adminConnection.lookup( "ou=SAP1,ou=system" );
+        
+        assertNull( sapDel );
+    }
+}

Modified: directory/apacheds/branches/apacheds-AP/core/src/main/java/org/apache/directory/server/core/subtree/SubentryInterceptor.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/apacheds-AP/core/src/main/java/org/apache/directory/server/core/subtree/SubentryInterceptor.java?rev=1052799&r1=1052798&r2=1052799&view=diff
==============================================================================
--- directory/apacheds/branches/apacheds-AP/core/src/main/java/org/apache/directory/server/core/subtree/SubentryInterceptor.java
(original)
+++ directory/apacheds/branches/apacheds-AP/core/src/main/java/org/apache/directory/server/core/subtree/SubentryInterceptor.java
Sat Dec 25 19:20:01 2010
@@ -1503,6 +1503,88 @@ public class SubentryInterceptor extends
     
     
     /**
+     * Delete the list of AP for a given entry. We can update the cache for each role,
+     * as if the AP doe snot have such a role, it won't do anythig anyway
+     */
+    private void deleteAdministrativePoints( EntryAttribute adminPoint, DN dn ) throws LdapException
+    {
+        // The AC SAP
+        directoryService.getAccessControlAPCache().remove( dn );
+
+        // The CA SAP
+        directoryService.getCollectiveAttributeAPCache().remove( dn );
+
+        // The TE SAP
+        directoryService.getTriggerExecutionAPCache().remove( dn );
+
+        // The SS SAP
+        directoryService.getSubschemaAPCache().remove( dn );
+        // If it's an AAP, we can get out immediately
+        return;
+
+        /*
+        if ( isAAP( adminPoint ) )
+        {
+            // The AC AAP
+            directoryService.getAccessControlAPCache().remove( dn );
+
+            // The CA AAP
+            directoryService.getCollectiveAttributeAPCache().remove( dn );
+
+            // The TE AAP
+            directoryService.getTriggerExecutionAPCache().remove( dn );
+
+            // The SS AAP
+            directoryService.getSubschemaAPCache().remove( dn );
+
+            // If it's an AAP, we can get out immediately
+            return;
+        }
+
+        // Not an AAP
+        for ( Value<?> value : adminPoint )
+        {
+            String role = value.getString();
+
+            // Deal with AccessControl AP
+            if ( isAccessControlSpecificRole( role ) || isAccessControlInnerRole( role )
)
+            {
+                directoryService.getAccessControlAPCache().remove( dn );
+
+                continue;
+            }
+
+            // Deal with CollectiveAttribute AP
+            if ( isCollectiveAttributeSpecificRole( role ) || isCollectiveAttributeInnerRole(
role ) )
+            {
+                directoryService.getCollectiveAttributeAPCache().remove( dn );
+
+                continue;
+            }
+
+            // Deal with SubSchema AP
+            if ( isSubschemaSpecficRole( role ) )
+            {
+                directoryService.getSubschemaAPCache().remove( dn );
+
+                continue;
+            }
+
+            // Deal with TriggerExecution AP
+            if ( isTriggerExecutionSpecificRole( role ) || isTriggerExecutionInnerRole( role
) )
+            {
+                directoryService.getTriggerExecutionAPCache().remove( dn );
+
+                continue;
+            }
+        }
+
+        return;
+        */
+    }
+    
+    
+    /**
      * Get the AdministrativePoint associated with a subentry
      * @param apDn
      * @return
@@ -1908,18 +1990,27 @@ public class SubentryInterceptor extends
         // First, deal with an AP deletion
         if ( adminPointAT != null )
         {
+            if ( !isAdmin )
+            {
+                String message = "Cannot delete the given AdministrativePoint, user is not
an Admin";
+                LOG.error( message );
+                
+                throw new LdapUnwillingToPerformException( message );
+            }
+            
             // It's an AP : we can delete the entry, and if done successfully,
             // we can update the APCache for each role
             next.delete( deleteContext );
             
             // Now, update the AP cache
+            deleteAdministrativePoints( adminPointAT, dn );
         }
         else if ( entry.contains( OBJECT_CLASS_AT, SchemaConstants.SUBENTRY_OC ) )
         {
             // It's a subentry
             if ( !isAdmin )
             {
-                String message = "Cannot add the given Subentry, user is not an Admin";
+                String message = "Cannot delete the given Subentry, user is not an Admin";
                 LOG.error( message );
                 
                 throw new LdapUnwillingToPerformException( message );



Mime
View raw message