jackrabbit-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ang...@apache.org
Subject svn commit: r732693 [4/6] - in /jackrabbit/trunk: jackrabbit-api/src/main/java/org/apache/jackrabbit/api/jsr283/security/ jackrabbit-core/src/main/java/org/apache/jackrabbit/core/ jackrabbit-core/src/main/java/org/apache/jackrabbit/core/cluster/ jackra...
Date Thu, 08 Jan 2009 11:52:45 GMT
Modified: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/AbstractEvaluationTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/AbstractEvaluationTest.java?rev=732693&r1=732692&r2=732693&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/AbstractEvaluationTest.java (original)
+++ jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/AbstractEvaluationTest.java Thu Jan  8 03:52:38 2009
@@ -16,110 +16,80 @@
  */
 package org.apache.jackrabbit.core.security.authorization;
 
-import org.apache.jackrabbit.api.JackrabbitSession;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
 import org.apache.jackrabbit.api.jsr283.security.AbstractAccessControlTest;
+import org.apache.jackrabbit.api.jsr283.security.AccessControlPolicy;
 import org.apache.jackrabbit.api.jsr283.security.AccessControlManager;
 import org.apache.jackrabbit.api.jsr283.security.Privilege;
-import org.apache.jackrabbit.api.jsr283.security.AccessControlPolicy;
 import org.apache.jackrabbit.api.security.user.User;
 import org.apache.jackrabbit.api.security.user.UserManager;
-import org.apache.jackrabbit.api.security.user.Group;
-import org.apache.jackrabbit.core.SessionImpl;
-import org.apache.jackrabbit.core.security.TestPrincipal;
-import org.apache.jackrabbit.test.JUnitTest;
-import org.apache.jackrabbit.test.NotExecutableException;
-import org.apache.jackrabbit.test.api.observation.EventResult;
-import org.apache.jackrabbit.util.Text;
+import org.apache.jackrabbit.api.JackrabbitSession;
 import org.apache.jackrabbit.uuid.UUID;
+import org.apache.jackrabbit.test.NotExecutableException;
+import org.apache.jackrabbit.core.SessionImpl;
 
-import javax.jcr.AccessDeniedException;
-import javax.jcr.Credentials;
-import javax.jcr.Node;
-import javax.jcr.NodeIterator;
-import javax.jcr.PathNotFoundException;
-import javax.jcr.Property;
-import javax.jcr.RepositoryException;
 import javax.jcr.Session;
+import javax.jcr.Node;
+import javax.jcr.Credentials;
 import javax.jcr.SimpleCredentials;
-import javax.jcr.nodetype.ConstraintViolationException;
-import javax.jcr.observation.Event;
-import javax.jcr.observation.ObservationManager;
-import java.security.Principal;
+import javax.jcr.RepositoryException;
+import java.util.Set;
+import java.util.HashSet;
+import java.util.Iterator;
 import java.util.Map;
+import java.security.Principal;
 
-/**
- * <code>AbstractEvaluationTest</code>...
- */
+/** <code>AbstractEvaluationTest</code>... */
 public abstract class AbstractEvaluationTest extends AbstractAccessControlTest {
 
-    protected static final long DEFAULT_WAIT_TIMEOUT = 5000;
-
-    private Credentials creds;
-    private User testUser;
-    private Group testGroup;
+    private static Logger log = LoggerFactory.getLogger(AbstractEvaluationTest.class);
 
+    protected User testUser;
+    protected Credentials creds;
+    
     private SessionImpl testSession;
     private AccessControlManager testAccessControlManager;
-
-    protected String path;
-    protected String childNPath;
-    protected String childNPath2;
-    protected String childPPath;
-    protected String childchildPPath;
-    protected String siblingPath;
-
-    // TODO: test AC for moved node
-    // TODO: test AC for moved AC-controlled node
-    // TODO: test if combination of group and user permissions are properly evaluated
+    private Node trn;
+    private Set toClear = new HashSet();
 
     protected void setUp() throws Exception {
         super.setUp();
-
         UserManager uMgr = getUserManager(superuser);
-        // create the testUser
-        Principal principal = new TestPrincipal("testUser" + UUID.randomUUID());
-        String uid = principal.getName();
-        String pw = principal.getName();
-        creds = new SimpleCredentials(uid, pw.toCharArray());
-        testUser = uMgr.createUser(uid, pw);
-
-        // create some nodes below the test root in order to apply ac-stuff
-        Node node = testRootNode.addNode(nodeName1, testNodeType);
-        Node cn1 = node.addNode(nodeName2, testNodeType);
-        Property cp1 = node.setProperty(propertyName1, "anyValue");
-        Node cn2 = node.addNode(nodeName3, testNodeType);
-
-        Property ccp1 = cn1.setProperty(propertyName1, "childNodeProperty");
 
-        Node n2 = testRootNode.addNode(nodeName2, testNodeType);
-        superuser.save();
+        // create the testUser
+        String uid = "testUser" + UUID.randomUUID();
+        creds = new SimpleCredentials(uid, uid.toCharArray());
 
-        path = node.getPath();
-        childNPath = cn1.getPath();
-        childNPath2 = cn2.getPath();
-        childPPath = cp1.getPath();
-        childchildPPath = ccp1.getPath();
-        siblingPath = n2.getPath();
+        testUser = uMgr.createUser(uid, uid);
     }
 
     protected void tearDown() throws Exception {
+        for (Iterator it = toClear.iterator(); it.hasNext();) {
+            String path = it.next().toString();
+            try {
+                AccessControlPolicy[] policies = acMgr.getPolicies(path);
+                for (int i = 0; i < policies.length; i++) {
+                    acMgr.removePolicy(path, policies[i]);
+                    superuser.save();
+                }
+            } catch (RepositoryException e) {
+                // log error and ignore
+                log.error(e.getMessage());
+            }
+        }
+
         if (testSession != null && testSession.isLive()) {
             testSession.logout();
         }
-        // make sure all ac info is removed
-        clearACInfo();
-        if (testGroup != null && testUser != null) {
-            testGroup.removeMember(testUser);
-            testGroup.remove();
-        }
-        // remove the test user again.
         if (testUser != null) {
             testUser.remove();
         }
         super.tearDown();
     }
 
-    private static UserManager getUserManager(Session session) throws NotExecutableException {
+    protected static UserManager getUserManager(Session session) throws
+            NotExecutableException {
         if (!(session instanceof JackrabbitSession)) {
             throw new NotExecutableException();
         }
@@ -130,60 +100,6 @@
         }
     }
 
-    protected abstract void clearACInfo();
-
-    protected abstract Map getRestrictions(String path)
-            throws RepositoryException,
-            NotExecutableException;
-
-    protected abstract JackrabbitAccessControlList getPolicy(AccessControlManager acM, String path, Principal principal) throws RepositoryException, AccessDeniedException, NotExecutableException;
-
-    protected JackrabbitAccessControlList givePrivileges(String nPath, Privilege[] privileges,
-                                                         Map restrictions) throws NotExecutableException, RepositoryException {
-        return givePrivileges(nPath, testUser.getPrincipal(), privileges, restrictions);
-    }
-
-    protected JackrabbitAccessControlList givePrivileges(String nPath, Principal principal,
-                                                         Privilege[] privileges, Map restrictions) throws NotExecutableException, RepositoryException {
-        JackrabbitAccessControlList tmpl = getPolicy(acMgr, nPath, principal);
-        tmpl.addEntry(principal, privileges, true, restrictions);
-        acMgr.setPolicy(tmpl.getPath(), tmpl);
-        superuser.save();
-        return tmpl;
-    }
-
-    protected JackrabbitAccessControlList withdrawPrivileges(String nPath, Privilege[] privileges, Map restrictions) throws NotExecutableException, RepositoryException {
-        return withdrawPrivileges(nPath, testUser.getPrincipal(), privileges, restrictions);
-    }
-
-    protected JackrabbitAccessControlList withdrawPrivileges(String nPath, Principal principal, Privilege[] privileges, Map restrictions) throws NotExecutableException, RepositoryException {
-        JackrabbitAccessControlList tmpl = getPolicy(acMgr, nPath, principal);
-        tmpl.addEntry(principal, privileges, false, restrictions);
-        acMgr.setPolicy(tmpl.getPath(), tmpl);
-        superuser.save();
-        return tmpl;
-    }
-
-    protected void checkReadOnly(String path) throws RepositoryException, NotExecutableException {
-        Privilege[] privs = getTestACManager().getPrivileges(path);
-        assertTrue(privs.length == 1);
-        assertEquals(privilegesFromName(Privilege.JCR_READ)[0], privs[0]);
-    }
-
-    protected User getTestUser() {
-        return testUser;
-    }
-
-    protected Group getTestGroup() throws RepositoryException, NotExecutableException {
-        if (testGroup == null) {
-            // create the testGroup
-            Principal principal = new TestPrincipal("testGroup" + UUID.randomUUID());
-            testGroup = getUserManager(superuser).createGroup(principal);
-            testGroup.addMember(testUser);
-        }
-        return testGroup;
-    }
-
     protected SessionImpl getTestSession() throws RepositoryException {
         if (testSession == null) {
             // TODO: remove cast once 283 is released.
@@ -198,834 +114,32 @@
         }
         return testAccessControlManager;
     }
-
-    public void testGrantedPermissions() throws RepositoryException, AccessDeniedException, NotExecutableException {
-        SessionImpl testSession = getTestSession();
-        /* precondition:
-           testuser must have READ-only permission on test-node and below
-         */
-        checkReadOnly(path);
-
-        // give 'testUser' ADD_CHILD_NODES|MODIFY_PROPERTIES privileges at 'path'
-        Privilege[] privileges = privilegesFromNames(new String[] {
-                Privilege.JCR_ADD_CHILD_NODES,
-                Privilege.JCR_MODIFY_PROPERTIES
-        });
-        givePrivileges(path, privileges, getRestrictions(path));
-        /*
-         testuser must now have
-         - ADD_NODE permission for child node
-         - SET_PROPERTY permission for child props
-         - REMOVE permission for child-props
-         - READ-only permission for the node at 'path'
-
-         testuser must not have
-         - REMOVE permission for child node
-        */
-        String nonExChildPath = path + "/anyItem";
-        assertTrue(testSession.hasPermission(nonExChildPath, "read,add_node,set_property"));
-        assertFalse(testSession.hasPermission(nonExChildPath, "remove"));
-
-        Node testN = testSession.getNode(path);
-
-        // must be allowed to add child node
-        testN.addNode(nodeName3, testNodeType);
-        testSession.save();
-
-        // must be allowed to remove child-property
-        testSession.getProperty(childPPath).remove();
-        testSession.save();
-
-        // must be allowed to set child property again
-        testN.setProperty(Text.getName(childPPath), "othervalue");
-        testSession.save();
-
-        // must not be allowed to remove child nodes
-        try {
-            testSession.getNode(childNPath).remove();
-            testSession.save();
-            fail("test-user is not allowed to remove a node below " + path);
-        } catch (AccessDeniedException e) {
-            // success
+    
+    protected Node getTestNode() throws RepositoryException {
+        if (trn == null) {
+            trn = (Node) getTestSession().getItem(testRootNode.getPath());
         }
-
-        // must have read-only access on 'testN' and it's sibling
-        assertTrue(testSession.hasPermission(path, "read"));
-        assertFalse(testSession.hasPermission(path, "add_node,set_property,remove"));
-        checkReadOnly(siblingPath);
+        return trn;
     }
 
-    public void testDeniedPermission() throws RepositoryException, NotExecutableException, InterruptedException {
-        SessionImpl testSession = getTestSession();
-        /* precondition:
-           testuser must have READ-only permission on test-node and below
-         */
-        checkReadOnly(path);
-
-        // withdraw READ privilege to 'testUser' at 'path'
-        Privilege[] privileges = privilegesFromName(Privilege.JCR_READ);
-        withdrawPrivileges(childNPath, privileges, getRestrictions(childNPath));
-        /*
-         testuser must now have
-         - READ-only permission at path
-         - READ-only permission for the child-props of path
-
-         testuser must not have
-         - any permission on child-node and all its subtree
-        */
-
-        // must still have read-access to path, ...
-        assertTrue(testSession.hasPermission(path, "read"));
-        Node n = testSession.getNode(path);
-        // ... siblings of childN
-        testSession.getNode(childNPath2);
-        // ... and props of path
-        assertTrue(n.getProperties().hasNext());
-
-        //testSession must not have access to 'childNPath'
-        assertFalse(testSession.itemExists(childNPath));
-        try {
-            testSession.getNode(childNPath);
-            fail("Read access has been denied -> cannot retrieve child node.");
-        } catch (PathNotFoundException e) {
-            // ok.
-        }
-        /*
-        -> must not have access to subtree below 'childNPath'
-        */
-        assertFalse(testSession.itemExists(childchildPPath));
-        try {
-            testSession.getItem(childchildPPath);
-            fail("Read access has been denied -> cannot retrieve prop below child node.");
-        } catch (PathNotFoundException e) {
-            // ok.
-        }
-    }
-
-    public void testAccessControlRead() throws NotExecutableException, RepositoryException {
-        SessionImpl testSession = getTestSession();
-        AccessControlManager testAcMgr = getTestACManager();
-        checkReadOnly(path);
-
-        // re-grant READ in order to have an ACL-node
-        Privilege[] privileges = privilegesFromName(Privilege.JCR_READ);
-        JackrabbitAccessControlList tmpl = givePrivileges(path, privileges, getRestrictions(path));
-        // make sure the 'rep:policy' node has been created.
-        assertTrue(superuser.itemExists(tmpl.getPath() + "/rep:policy"));
-
-        /*
-         Testuser must still have READ-only access only and must not be
-         allowed to view the acl-node that has been created.
-        */
-        assertFalse(testAcMgr.hasPrivileges(path, privilegesFromName(Privilege.JCR_READ_ACCESS_CONTROL)));
-        assertFalse(testSession.itemExists(path + "/rep:policy"));
-
-        Node n = testSession.getNode(tmpl.getPath());
-        assertFalse(n.hasNode("rep:policy"));
-        try {
-            n.getNode("rep:policy");
-            fail("Accessing the rep:policy node must throw PathNotFoundException.");
-        } catch (PathNotFoundException e) {
-            // ok.
-        }
-
-        /* Finally the test user must not be allowed to remove the policy. */
-        try {
-            testAcMgr.removePolicy(path, new AccessControlPolicy() {});
-            fail("Test user must not be allowed to remove the access control policy.");
-        } catch (AccessDeniedException e) {
-            // success
-        }
-    }
-
-    public void testAccessControlModification() throws RepositoryException, NotExecutableException {
-        SessionImpl testSession = getTestSession();
-        AccessControlManager testAcMgr = getTestACManager();
-        /* precondition:
-          testuser must have READ-only permission on test-node and below
-        */
-        checkReadOnly(path);
-
-        // give 'testUser' ADD_CHILD_NODES|MODIFY_PROPERTIES| REMOVE_CHILD_NODES privileges at 'path'
-        Privilege[] privileges = privilegesFromNames(new String[] {
-                Privilege.JCR_ADD_CHILD_NODES,
-                Privilege.JCR_REMOVE_CHILD_NODES,
-                Privilege.JCR_MODIFY_PROPERTIES
-        });
-        JackrabbitAccessControlList tmpl = givePrivileges(path, privileges, getRestrictions(path));
-        /*
-         testuser must not have
-         - permission to view AC items
-         - permission to modify AC items
-        */
-
-        // make sure the 'rep:policy' node has been created.
-        assertTrue(superuser.itemExists(tmpl.getPath() + "/rep:policy"));
-        // the policy node however must not be visible to the test-user
-        assertFalse(testSession.itemExists(tmpl.getPath() + "/rep:policy"));
-        try {
-            testAcMgr.getPolicies(tmpl.getPath());
-            fail("test user must not have READ_AC privilege.");
-        } catch (AccessDeniedException e) {
-            // success
-        }
-        try {
-            testAcMgr.getEffectivePolicies(tmpl.getPath());
-            fail("test user must not have READ_AC privilege.");
-        } catch (AccessDeniedException e) {
-            // success
-        }
-        try {
-            testAcMgr.getEffectivePolicies(path);
-            fail("test user must not have READ_AC privilege.");
-        } catch (AccessDeniedException e) {
-            // success
-        }
-        try {
-            testAcMgr.removePolicy(tmpl.getPath(), new AccessControlPolicy() {});
-            fail("test user must not have MODIFY_AC privilege.");
-        } catch (AccessDeniedException e) {
-            // success
-        }
-    }
-
-    public void testWithDrawRead() throws RepositoryException, NotExecutableException {
-        /*
-         precondition:
-         testuser must have READ-only permission on test-node and below
-        */
-        checkReadOnly(path);
-
-        // give 'testUser' READ_AC|MODIFY_AC privileges at 'path'
-        Privilege[] grPrivs = privilegesFromName(Privilege.JCR_WRITE);
-        givePrivileges(path, grPrivs, getRestrictions(path));
-        // withdraw the READ privilege
-        Privilege[] dnPrivs = privilegesFromName(Privilege.JCR_READ);
-        withdrawPrivileges(path, dnPrivs, getRestrictions(path));
-
-        // test if login as testuser -> item at path must not exist.
-        Session s = null;
-        try {
-            s = helper.getRepository().login(creds);
-            assertFalse(s.itemExists(path));
-        } finally {
-            if (s != null) {
-                s.logout();
-            }
-        }
-    }
-
-    public void testEventGeneration() throws RepositoryException, NotExecutableException {
-        SessionImpl testSession = getTestSession();
-        /*
-         precondition:
-         testuser must have READ-only permission on test-node and below
-        */
-        checkReadOnly(path);
-
-        // withdraw the READ privilege
-        Privilege[] dnPrivs = privilegesFromName(Privilege.JCR_READ);
-        withdrawPrivileges(path, dnPrivs, getRestrictions(path));
-
-        // testUser registers a eventlistener for 'path
-        ObservationManager obsMgr = testSession.getWorkspace().getObservationManager();
-        EventResult listener = new EventResult(((JUnitTest) this).log);
-        try {
-            obsMgr.addEventListener(listener, Event.NODE_REMOVED, path, true, new String[0], new String[0], true);
-
-            // superuser removes the node with childNPath in order to provoke
-            // events being generated
-            superuser.getItem(childNPath).remove();
-            superuser.save();
-
-            obsMgr.removeEventListener(listener);
-            // since the testUser does not have read-permission on the removed
-            // node, no corresponding event must be generated.
-            Event[] evts = listener.getEvents(DEFAULT_WAIT_TIMEOUT);
-            for (int i = 0; i < evts.length; i++) {
-                if (evts[i].getType() == Event.NODE_REMOVED &&
-                        evts[i].getPath().equals(childNPath)) {
-                    fail("TestUser does not have READ permission below " + path + " -> events below must not show up.");
-                }
-            }
-        } finally {
-            obsMgr.removeEventListener(listener);
-        }
-    }
-
-    public void testInheritance() throws RepositoryException, NotExecutableException {
-        SessionImpl testSession = getTestSession();
-        AccessControlManager testAcMgr = getTestACManager();
-        /* precondition:
-          testuser must have READ-only permission on test-node and below
-        */
-        checkReadOnly(path);
-        checkReadOnly(childNPath);
-
-        // give 'modify_properties' and 'remove_node' privilege on 'path'
-        Privilege[] privileges = privilegesFromNames(new String[] {
-                Privilege.JCR_REMOVE_NODE, Privilege.JCR_MODIFY_PROPERTIES});
-        givePrivileges(path, privileges, getRestrictions(path));
-        // give 'add-child-nodes', remove_child_nodes' on 'childNPath'
-        privileges = privilegesFromNames(new String[] {
-                Privilege.JCR_ADD_CHILD_NODES, Privilege.JCR_REMOVE_CHILD_NODES});
-        givePrivileges(childNPath, privileges, getRestrictions(childNPath));
-
-        /*
-        since evaluation respects inheritance through the node
-        hierarchy, the following privileges must now be given at 'childNPath':
-        - jcr:read
-        - jcr:modifyProperties
-        - jcr:addChildNodes
-        - jcr:removeChildNodes
-        - jcr:removeNode
-        */
-        privileges =  privilegesFromNames(new String[] {
-                Privilege.JCR_READ,
-                Privilege.JCR_WRITE,
-                Privilege.JCR_REMOVE_NODE
-        });
-        assertTrue(testAcMgr.hasPrivileges(childNPath, privileges));
-
-        /*
-         ... permissions granted at childNPath:
-         - read
-         - set-property
-
-         BUT NOT:
-         - add-node
-         - remove.
-         */
-        String aActions = org.apache.jackrabbit.api.jsr283.Session.ACTION_SET_PROPERTY + "," + org.apache.jackrabbit.api.jsr283.Session.ACTION_READ;
-        assertTrue(testSession.hasPermission(childNPath, aActions));
-        String dActions = org.apache.jackrabbit.api.jsr283.Session.ACTION_REMOVE + "," + org.apache.jackrabbit.api.jsr283.Session.ACTION_ADD_NODE;
-        assertFalse(testSession.hasPermission(childNPath, dActions));
-
-        /*
-        ... permissions granted at any child item of child-path:
-        - read
-        - set-property
-        - add-node
-        - remove
-        */
-        String nonExistingItemPath = childNPath + "/anyItem";
-        assertTrue(testSession.hasPermission(nonExistingItemPath, aActions + "," + dActions));
-
-        /* try adding a new child node -> must succeed. */
-        Node childN = testSession.getNode(childNPath);
-        String testPath = childN.addNode(nodeName2, testNodeType).getPath();
-
-        /* test privileges on the 'new' child node */
-        Privilege[] expectedPrivs = privilegesFromNames(new String[] {
-                Privilege.JCR_READ, Privilege.JCR_WRITE, Privilege.JCR_REMOVE_NODE});
-        assertTrue(testAcMgr.hasPrivileges(testPath, expectedPrivs));
-
-        /* repeat test after save. */
-        testSession.save();
-        assertTrue(testAcMgr.hasPrivileges(testPath, expectedPrivs));
-    }
-
-    public void testRemovePermission() throws NotExecutableException, RepositoryException {
-        SessionImpl testSession = getTestSession();
-        /*
-          precondition:
-          testuser must have READ-only permission on test-node and below
-        */
-        checkReadOnly(path);
-        checkReadOnly(childNPath);
-
-        Privilege[] rmChildNodes = privilegesFromName(Privilege.JCR_REMOVE_CHILD_NODES);
-
-        // add 'remove_child_nodes' privilge at 'path'
-        givePrivileges(path, rmChildNodes, getRestrictions(path));
-        /*
-         expected result:
-         - neither node at path nor at childNPath can be removed since
-           REMOVE_NODE privilege is missing.
-         */
-        assertFalse(testSession.hasPermission(path, org.apache.jackrabbit.api.jsr283.Session.ACTION_REMOVE));
-        assertFalse(testSession.hasPermission(childNPath, org.apache.jackrabbit.api.jsr283.Session.ACTION_REMOVE));
-    }
-
-    public void testRemovePermission2() throws NotExecutableException, RepositoryException {
-        SessionImpl testSession = getTestSession();
-        /*
-          precondition:
-          testuser must have READ-only permission on test-node and below
-        */
-        checkReadOnly(path);
-        checkReadOnly(childNPath);
-
-        Privilege[] rmChildNodes = privilegesFromName(Privilege.JCR_REMOVE_NODE);
-
-        // add 'remove_node' privilege at 'path'
-        givePrivileges(path, rmChildNodes, getRestrictions(path));
-        /*
-         expected result:
-         - neither node at path nor at childNPath can be removed permission
-           due to missing remove_child_nodes privilege.
-         */
-        assertFalse(testSession.hasPermission(path, org.apache.jackrabbit.api.jsr283.Session.ACTION_REMOVE));
-        assertFalse(testSession.hasPermission(childNPath, org.apache.jackrabbit.api.jsr283.Session.ACTION_REMOVE));
-    }
-
-   public void testRemovePermission3() throws NotExecutableException, RepositoryException {
-       SessionImpl testSession = getTestSession();
-       AccessControlManager testAcMgr = getTestACManager();
-       /*
-          precondition:
-          testuser must have READ-only permission on test-node and below
-        */
-        checkReadOnly(path);
-        checkReadOnly(childNPath);
-
-        Privilege[] privs = privilegesFromNames(new String[] {
-                Privilege.JCR_REMOVE_CHILD_NODES, Privilege.JCR_REMOVE_NODE
-        });
-        // add 'remove_node' and 'remove_child_nodes' privilge at 'path'
-        givePrivileges(path, privs, getRestrictions(path));
-        /*
-         expected result:
-         - missing remove permission at path since REMOVE_CHILD_NODES present
-           at path only applies for nodes below. REMOVE_CHILD_NODES must
-           be present at the parent instead (which isn't)
-         - remove permission is however granted at childNPath.
-         - privileges: both at path and at childNPath 'remove_node' and
-           'remove_child_nodes' are present.
-        */
-       assertFalse(testSession.hasPermission(path, org.apache.jackrabbit.api.jsr283.Session.ACTION_REMOVE));
-       assertTrue(testSession.hasPermission(childNPath, org.apache.jackrabbit.api.jsr283.Session.ACTION_REMOVE));
-
-       assertTrue(testAcMgr.hasPrivileges(path, privs));
-       assertTrue(testAcMgr.hasPrivileges(childNPath, privs));
-   }
-
-    public void testRemovePermission4() throws NotExecutableException, RepositoryException {
-        SessionImpl testSession = getTestSession();
-        AccessControlManager testAcMgr = getTestACManager();
-        /*
-          precondition:
-          testuser must have READ-only permission on test-node and below
-        */
-        checkReadOnly(path);
-        checkReadOnly(childNPath);
-
-        Privilege[] rmChildNodes = privilegesFromName(Privilege.JCR_REMOVE_CHILD_NODES);
-        Privilege[] rmNode = privilegesFromName(Privilege.JCR_REMOVE_NODE);
-
-        // add 'remove_child_nodes' privilge at 'path'...
-        givePrivileges(path, rmChildNodes, getRestrictions(path));
-        // ... and add 'remove_node' privilge at 'childNPath'
-        givePrivileges(childNPath, rmNode, getRestrictions(childNPath));
-        /*
-         expected result:
-         - remove not allowed for node at path
-         - remove-permission present for node at childNPath
-         - both remove_node and remove_childNodes privilege present at childNPath
-         */
-        assertFalse(testSession.hasPermission(path, org.apache.jackrabbit.api.jsr283.Session.ACTION_REMOVE));
-        assertTrue(testSession.hasPermission(childNPath, org.apache.jackrabbit.api.jsr283.Session.ACTION_REMOVE));
-        assertTrue(testAcMgr.hasPrivileges(childNPath, new Privilege[] {rmChildNodes[0], rmNode[0]}));
-    }
-
-    public void testRemovePermission5() throws NotExecutableException, RepositoryException {
-        SessionImpl testSession = getTestSession();
-        /*
-          precondition:
-          testuser must have READ-only permission on test-node and below
-        */
-        checkReadOnly(path);
-        checkReadOnly(childNPath);
-
-        Privilege[] rmNode = privilegesFromName(Privilege.JCR_REMOVE_NODE);
-
-        // add 'remove_node' privilege at 'childNPath'
-        givePrivileges(childNPath, rmNode, getRestrictions(childNPath));
-        /*
-         expected result:
-         - node at childNPath can't be removed since REMOVE_CHILD_NODES is missing.
-         */
-        assertFalse(testSession.hasPermission(childNPath, org.apache.jackrabbit.api.jsr283.Session.ACTION_REMOVE));
-    }
-
-    public void testRemovePermission6() throws NotExecutableException, RepositoryException {
-        SessionImpl testSession = getTestSession();
-        AccessControlManager testAcMgr = getTestACManager();
-        /*
-          precondition:
-          testuser must have READ-only permission on test-node and below
-        */
-        checkReadOnly(path);
-        checkReadOnly(childNPath);
-
-        Privilege[] privs = privilegesFromNames(new String[] {
-                Privilege.JCR_REMOVE_CHILD_NODES, Privilege.JCR_REMOVE_NODE
-        });
-        Privilege[] rmNode = privilegesFromName(Privilege.JCR_REMOVE_NODE);
-
-        // add 'remove_child_nodes' and 'remove_node' privilge at 'path'
-        givePrivileges(path, privs, getRestrictions(path));
-        // ... but deny 'remove_node' at childNPath
-        withdrawPrivileges(childNPath, rmNode, getRestrictions(childNPath));
-        /*
-         expected result:
-         - neither node at path nor at childNPath could be removed.
-         - no remove_node privilege at childNPath
-         - read, remove_child_nodes privilege at childNPath
-         */
-        assertFalse(testSession.hasPermission(path, org.apache.jackrabbit.api.jsr283.Session.ACTION_REMOVE));
-        assertFalse(testSession.hasPermission(childNPath, org.apache.jackrabbit.api.jsr283.Session.ACTION_REMOVE));
-        assertTrue(testAcMgr.hasPrivileges(childNPath, privilegesFromNames(new String[] {Privilege.JCR_READ, Privilege.JCR_REMOVE_CHILD_NODES})));
-        assertFalse(testAcMgr.hasPrivileges(childNPath, privilegesFromName(Privilege.JCR_REMOVE_NODE)));
-    }
-
-    public void testRemovePermission7() throws NotExecutableException, RepositoryException {
-        SessionImpl testSession = getTestSession();
-        AccessControlManager testAcMgr = getTestACManager();
-        /*
-          precondition:
-          testuser must have READ-only permission on test-node and below
-        */
-        checkReadOnly(path);
-        checkReadOnly(childNPath);
-
-        Privilege[] rmChildNodes = privilegesFromName(Privilege.JCR_REMOVE_CHILD_NODES);
-        Privilege[] rmNode = privilegesFromName(Privilege.JCR_REMOVE_NODE);
-
-        // deny 'remove_child_nodes' at 'path'
-        withdrawPrivileges(path, rmChildNodes, getRestrictions(path));
-        // ... but allow 'remove_node' at childNPath
-        givePrivileges(childNPath, rmNode, getRestrictions(childNPath));
-        /*
-         expected result:
-         - node at childNPath can't be removed.
-         */
-        assertFalse(testSession.hasPermission(childNPath, org.apache.jackrabbit.api.jsr283.Session.ACTION_REMOVE));
-
-        // additionally add remove_child_nodes priv at 'childNPath'
-        givePrivileges(childNPath, rmChildNodes, getRestrictions(childNPath));
-        /*
-         expected result:
-         - node at childNPath still can't be removed.
-         - but both privileges (remove_node, remove_child_nodes) are present.
-         */
-        assertFalse(testSession.hasPermission(childNPath, org.apache.jackrabbit.api.jsr283.Session.ACTION_REMOVE));
-        assertTrue(testAcMgr.hasPrivileges(childNPath, new Privilege[] {rmChildNodes[0], rmNode[0]}));
-    }
-
-    public void testRemovePermission8() throws NotExecutableException, RepositoryException {
-        SessionImpl testSession = getTestSession();
-        AccessControlManager testAcMgr = getTestACManager();
-        /*
-          precondition:
-          testuser must have READ-only permission on test-node and below
-        */
-        checkReadOnly(path);
-        checkReadOnly(childNPath);
-
-        Privilege[] rmChildNodes = privilegesFromName(Privilege.JCR_REMOVE_CHILD_NODES);
-        Privilege[] rmNode = privilegesFromName(Privilege.JCR_REMOVE_NODE);
-
-        // add 'remove_child_nodes' at 'path
-        givePrivileges(path, rmChildNodes, getRestrictions(path));
-        // deny 'remove_node' at 'path'
-        withdrawPrivileges(path, rmNode, getRestrictions(path));
-        // and allow 'remove_node' at childNPath
-        givePrivileges(childNPath, rmNode, getRestrictions(childNPath));
-        /*
-         expected result:
-         - remove permission must be granted at childNPath
-         */
-        assertTrue(testSession.hasPermission(childNPath, org.apache.jackrabbit.api.jsr283.Session.ACTION_REMOVE));
-        assertTrue(testAcMgr.hasPrivileges(childNPath, new Privilege[] {rmChildNodes[0], rmNode[0]}));
-    }
-
-    public void testSessionMove() throws RepositoryException, NotExecutableException {
-        SessionImpl testSession = getTestSession();
-        AccessControlManager testAcMgr = getTestACManager();
-        /*
-          precondition:
-          testuser must have READ-only permission on test-node and below
-        */
-        checkReadOnly(path);
-        checkReadOnly(childNPath);
-
-        String destPath = path + "/" + nodeName1;
-
-        // give 'add_child_nodes' privilege
-        // -> not sufficient privileges for a move
-        givePrivileges(path, privilegesFromName(Privilege.JCR_ADD_CHILD_NODES), getRestrictions(path));
-        try {
-            testSession.move(childNPath, destPath);
-            testSession.save();
-            fail("Move requires add and remove permission.");
-        } catch (AccessDeniedException e) {
-            // success.
-        }
-
-        // add 'remove_child_nodes' at 'path
-        // -> not sufficient for a move since 'remove_node' privilege is missing
-        //    on the move-target
-        givePrivileges(path, privilegesFromName(Privilege.JCR_REMOVE_CHILD_NODES), getRestrictions(path));
-        try {
-            testSession.move(childNPath, destPath);
-            testSession.save();
-            fail("Move requires add and remove permission.");
-        } catch (AccessDeniedException e) {
-            // success.
-        }
-
-        // allow 'remove_node' at childNPath
-        // -> now move must succeed
-        givePrivileges(childNPath, privilegesFromName(Privilege.JCR_REMOVE_NODE), getRestrictions(childNPath));
-        testSession.move(childNPath, destPath);
-        testSession.save();
-
-        // withdraw  'add_child_nodes' privilege on former src-parent
-        // -> moving child-node back must fail
-        withdrawPrivileges(path, privilegesFromName(Privilege.JCR_ADD_CHILD_NODES), getRestrictions(path));
-        try {
-            testSession.move(destPath, childNPath);
-            testSession.save();
-            fail("Move requires add and remove permission.");
-        } catch (AccessDeniedException e) {
-            // success.
-        }
-    }
-
-    public void testWorkspaceMove() throws RepositoryException, NotExecutableException {
-        SessionImpl testSession = getTestSession();
-        AccessControlManager testAcMgr = getTestACManager();
-        /*
-          precondition:
-          testuser must have READ-only permission on test-node and below
-        */
-        checkReadOnly(path);
-        checkReadOnly(childNPath);
-
-        String destPath = path + "/" + nodeName1;
-
-        // give 'add_child_nodes' privilege
-        // -> not sufficient privileges for a move.
-        givePrivileges(path, privilegesFromName(Privilege.JCR_ADD_CHILD_NODES), getRestrictions(path));
-        try {
-            testSession.getWorkspace().move(childNPath, destPath);
-            fail("Move requires add and remove permission.");
-        } catch (AccessDeniedException e) {
-            // success.
-        }
-
-        // add 'remove_child_nodes' at 'path
-        // -> no sufficient for a move since 'remove_node' privilege is missing
-        //    on the move-target
-        givePrivileges(path, privilegesFromName(Privilege.JCR_REMOVE_CHILD_NODES), getRestrictions(path));
-        try {
-            testSession.getWorkspace().move(childNPath, destPath);
-            fail("Move requires add and remove permission.");
-        } catch (AccessDeniedException e) {
-            // success.
-        }
-
-        // allow 'remove_node' at childNPath
-        // -> now move must succeed
-        givePrivileges(childNPath, privilegesFromName(Privilege.JCR_REMOVE_NODE), getRestrictions(childNPath));
-        testSession.getWorkspace().move(childNPath, destPath);
-
-        // withdraw  'add_child_nodes' privilege on former src-parent
-        // -> moving child-node back must fail
-        withdrawPrivileges(path, privilegesFromName(Privilege.JCR_ADD_CHILD_NODES), getRestrictions(path));
-        try {
-            testSession.getWorkspace().move(destPath, childNPath);
-            fail("Move requires add and remove permission.");
-        } catch (AccessDeniedException e) {
-            // success.
-        }
-    }
-
-    public void testGroupPermissions() throws NotExecutableException, RepositoryException {
-        Group testGroup = getTestGroup();
-        SessionImpl testSession = getTestSession();
-        AccessControlManager testAcMgr = getTestACManager();
-        /*
-         precondition:
-         testuser must have READ-only permission on test-node and below
-        */
-        checkReadOnly(path);
-
-        /* add privileges for the Group the test-user is member of */
-        Privilege[] privileges = privilegesFromName(Privilege.JCR_MODIFY_PROPERTIES);
-        givePrivileges(path, testGroup.getPrincipal(), privileges, getRestrictions(path));
-
-        /* testuser must get the permissions/privileges inherited from
-           the group it is member of.
-         */
-        String actions = org.apache.jackrabbit.api.jsr283.Session.ACTION_SET_PROPERTY + "," + org.apache.jackrabbit.api.jsr283.Session.ACTION_READ;
-        assertTrue(testSession.hasPermission(path, actions));
-        Privilege[] privs = privilegesFromName(Privilege.JCR_MODIFY_PROPERTIES);
-        assertTrue(testAcMgr.hasPrivileges(path, privs));
-    }
-
-    public void testMixedUserGroupPermissions() throws NotExecutableException, RepositoryException {
-        Group testGroup = getTestGroup();
-        SessionImpl testSession = getTestSession();
-        AccessControlManager testAcMgr = getTestACManager();
-        /*
-         precondition:
-         testuser must have READ-only permission on test-node and below
-        */
-        checkReadOnly(path);
-
-        /* explicitely withdraw MODIFY_PROPERTIES for the user */
-        Privilege[] privileges = privilegesFromName(Privilege.JCR_MODIFY_PROPERTIES);
-        withdrawPrivileges(path, testUser.getPrincipal(), privileges, getRestrictions(path));
-        /* give MODIFY_PROPERTIES privilege for a Group the test-user is member of */
-        givePrivileges(path, testGroup.getPrincipal(), privileges, getRestrictions(path));
-        /*
-         since user-permissions overrule the group permissions, testuser must
-         not have set_property action / modify_properties privilege.
-         */
-        String actions = org.apache.jackrabbit.api.jsr283.Session.ACTION_SET_PROPERTY;
-        assertFalse(testSession.hasPermission(path, actions));
-        assertFalse(testAcMgr.hasPrivileges(path, privilegesFromName(Privilege.JCR_MODIFY_PROPERTIES)));
-    }
-
-    public void testNewNodes() throws RepositoryException, NotExecutableException {
-        SessionImpl testSession = getTestSession();
-        AccessControlManager testAcMgr = getTestACManager();
-        /*
-         precondition:
-         testuser must have READ-only permission on test-node and below
-        */
-        checkReadOnly(path);
-
-        /* create some new nodes below 'path' */
-        Node n = ((SessionImpl) superuser).getNode(path);
-        for (int i = 0; i < 5; i++) {
-            n = n.addNode(nodeName2, testNodeType);
-        }
-        superuser.save();
-
-        /* make sure the same privileges/permissions are granted as at path. */
-        String childPath = n.getPath();
-        Privilege[] privs = testAcMgr.getPrivileges(childPath);
-        assertTrue(PrivilegeRegistry.READ == PrivilegeRegistry.getBits(privs));
-        testSession.checkPermission(childPath, org.apache.jackrabbit.api.jsr283.Session.ACTION_READ);
-    }
-
-    public void testNonExistingItem() throws RepositoryException, NotExecutableException {
-        SessionImpl testSession = getTestSession();
-        /*
-          precondition:
-          testuser must have READ-only permission on the root node and below
-        */
-        String rootPath = getTestSession().getRootNode().getPath();
-        checkReadOnly(rootPath);
-        testSession.checkPermission(rootPath + "nonExistingItem", org.apache.jackrabbit.api.jsr283.Session.ACTION_READ);
+    
+    protected void checkReadOnly(String path) throws RepositoryException, NotExecutableException {
+        Privilege[] privs = getTestACManager().getPrivileges(path);
+        assertTrue(privs.length == 1);
+        assertEquals(privilegesFromName(Privilege.JCR_READ)[0], privs[0]);
     }
 
-    public void testACItemsAreProtected() throws NotExecutableException, RepositoryException {
-        // search for a rep:policy node
-        Node policyNode = findPolicyNode(superuser.getRootNode());
-        if (policyNode == null) {
-            throw new NotExecutableException("no policy node found.");
-        }
-
-        assertTrue("The rep:Policy node must be protected", policyNode.getDefinition().isProtected());
-        try {
-            policyNode.remove();
-            fail("rep:Policy node must be protected.");
-        } catch (ConstraintViolationException e) {
-            // success
-        }
+    protected abstract JackrabbitAccessControlList getPolicy(AccessControlManager acMgr, String path, Principal princ) throws RepositoryException, NotExecutableException;
+    protected abstract Map getRestrictions(Session session, String path) throws RepositoryException, NotExecutableException;
 
-        for (NodeIterator it = policyNode.getNodes(); it.hasNext();) {
-            Node n = it.nextNode();
-            if (n.isNodeType("rep:ACE")) {
-                try {
-                    n.remove();
-                    fail("ACE node must be protected.");
-                } catch (ConstraintViolationException e) {
-                    // success
-                }
-                break;
-            }
-        }
-
-        try {
-            policyNode.setProperty("test", "anyvalue");
-            fail("rep:policy node must be protected.");
-        } catch (ConstraintViolationException e) {
-            // success
-        }
-        try {
-            policyNode.addNode("test", "rep:ACE");
-            fail("rep:policy node must be protected.");
-        } catch (ConstraintViolationException e) {
-            // success
-        }
-    }
-
-    /**
-     * the ADD_CHILD_NODES privileges assigned on a node to a specific principal
-     * grants the corresponding user the permission to add nodes below the
-     * target node but not 'at' the target node.
-     *
-     * @throws RepositoryException
-     * @throws NotExecutableException
-     */
-    public void testAddChildNodePrivilege() throws RepositoryException, NotExecutableException {
-        SessionImpl testSession = getTestSession();
-        /*
-         precondition:
-         testuser must have READ-only permission on test-node and below
-        */
-        checkReadOnly(path);
-
-        /* create a child node below node at 'path' */
-        Node n = ((SessionImpl) superuser).getNode(path);
-        n = n.addNode(nodeName2, testNodeType);
+    protected JackrabbitAccessControlList modifyPrivileges(String path, String privilege, boolean isAllow) throws NotExecutableException, RepositoryException {
+        JackrabbitAccessControlList tmpl = getPolicy(acMgr, path, testUser.getPrincipal());
+        tmpl.addEntry(testUser.getPrincipal(), privilegesFromName(privilege), isAllow, getRestrictions(superuser, path));
+        acMgr.setPolicy(tmpl.getPath(), tmpl);
         superuser.save();
 
-        /* add 'add_child_nodes' privilege for testSession at path. */
-        Privilege[] privileges = privilegesFromName(Privilege.JCR_ADD_CHILD_NODES);
-        givePrivileges(path, privileges, getRestrictions(path));
-
-        /* test permissions. expected result:
-           - testSession cannot add child-nodes at 'path'
-           - testSession can add child-nodes below path
-         */
-        assertFalse(testSession.hasPermission(path, org.apache.jackrabbit.api.jsr283.Session.ACTION_ADD_NODE));
-        assertTrue(testSession.hasPermission(path+"/anychild", org.apache.jackrabbit.api.jsr283.Session.ACTION_ADD_NODE));
-        String childPath = n.getPath();
-        assertTrue(testSession.hasPermission(childPath, org.apache.jackrabbit.api.jsr283.Session.ACTION_ADD_NODE));
-    }
-
-    public void testAclReferingToRemovedPrincipal() throws
-            NotExecutableException, RepositoryException {
-
-        JackrabbitAccessControlList acl = givePrivileges(path, privilegesFromName(Privilege.JCR_WRITE), getRestrictions(path));
-        String acPath = acl.getPath();
-
-        // remove the test user
-        testUser.remove();
-        testUser = null;
-
-        // try to retrieve the acl again
-        AccessControlManager acMgr = getAccessControlManager(helper.getSuperuserSession());
-        acMgr.getPolicies(acPath);
-    }
-
-    private static Node findPolicyNode(Node start) throws RepositoryException {
-        Node policyNode = null;
-        if (start.isNodeType("rep:Policy")) {
-            policyNode = start;
-        }
-        for (NodeIterator it = start.getNodes(); it.hasNext() && policyNode == null;) {
-            Node n = it.nextNode();
-            if (!"jcr:system".equals(n.getName())) {
-                policyNode = findPolicyNode(n);
-            }
-        }
-        return policyNode;
+        // remember for clean up during teardown
+        toClear.add(tmpl.getPath());
+        return tmpl;
     }
 }
\ No newline at end of file

Added: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/AbstractLockManagementTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/AbstractLockManagementTest.java?rev=732693&view=auto
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/AbstractLockManagementTest.java (added)
+++ jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/AbstractLockManagementTest.java Thu Jan  8 03:52:38 2009
@@ -0,0 +1,129 @@
+/*
+ * $Id$
+ *
+ * Copyright 1997-2005 Day Management AG
+ * Barfuesserplatz 6, 4001 Basel, Switzerland
+ * All Rights Reserved.
+ *
+ * This software is the confidential and proprietary information of
+ * Day Management AG, ("Confidential Information"). You shall not
+ * disclose such Confidential Information and shall use it only in
+ * accordance with the terms of the license agreement you entered into
+ * with Day.
+ */
+package org.apache.jackrabbit.core.security.authorization;
+
+import org.apache.jackrabbit.api.jsr283.security.Privilege;
+import org.apache.jackrabbit.test.NotExecutableException;
+
+import javax.jcr.AccessDeniedException;
+import javax.jcr.Node;
+import javax.jcr.RepositoryException;
+import javax.jcr.lock.Lock;
+
+/** <code>AbstractVersionAccessTest</code>... */
+public abstract class AbstractLockManagementTest extends AbstractEvaluationTest {
+
+    private Node createLockableNode(Node parent) throws RepositoryException, NotExecutableException {
+        Node n = parent.addNode(nodeName1);
+        if (!n.isNodeType(mixLockable)) {
+            if (n.canAddMixin(mixLockable)) {
+                n.addMixin(mixLockable);
+            } else {
+                throw new NotExecutableException();
+            }
+            parent.save();
+        }
+        return n;
+    }
+
+    private Node createLockedNode(Node parent) throws RepositoryException, NotExecutableException {
+        Node n = createLockableNode(parent);
+        // create a deep, session scoped lock
+        n.lock(true, true);
+        return n;
+    }
+
+    public void testReadLockContent() throws RepositoryException, NotExecutableException {
+        Node n = createLockedNode(testRootNode);
+        Node childN = n.addNode(nodeName2);
+        modifyPrivileges(n.getPath(), Privilege.JCR_READ, false);
+        modifyPrivileges(childN.getPath(), Privilege.JCR_READ, true);
+
+        Node childN2 = (Node) getTestSession().getItem(childN.getPath());
+        try {
+            childN2.getLock();
+            fail("TestUser doesn't have permission to read the jcr:lockIsDeep property.");
+        } catch (AccessDeniedException e) {
+            // success
+        }
+    }
+
+    public void testLock2() throws RepositoryException, NotExecutableException {
+        Node n = createLockableNode(testRootNode);
+
+        modifyPrivileges(n.getPath(), PrivilegeRegistry.REP_WRITE, false);
+        modifyPrivileges(n.getPath(), Privilege.JCR_LOCK_MANAGEMENT, true);
+
+        Node n2 = getTestNode().getNode(nodeName1);
+
+        // all lock operations must succeed
+        Lock l = n2.lock(true, true);
+        l.refresh();
+        n2.unlock();
+    }
+
+    public void testLock3() throws RepositoryException, NotExecutableException {
+        Node n = createLockableNode(testRootNode);
+
+        Node trn = getTestNode();
+        modifyPrivileges(trn.getPath(), Privilege.JCR_READ, true);
+        modifyPrivileges(trn.getPath(), PrivilegeRegistry.REP_WRITE, true);
+        modifyPrivileges(trn.getPath(), Privilege.JCR_LOCK_MANAGEMENT, true);
+
+        Node n2 = trn.getNode(n.getName());
+        n2.lock(true, true);
+        Lock l = n2.getLock();
+
+        // withdraw lock-mgmt -> must not be able to refresh the lock or
+        // unlock the node
+        modifyPrivileges(trn.getPath(), Privilege.JCR_LOCK_MANAGEMENT, false);
+
+        try {
+            l.refresh();
+            fail("TestUser doesn't have permission to refresh the lock.");
+        } catch (AccessDeniedException e) {
+            // success
+        }
+        try {
+            n2.unlock();
+            fail("TestUser doesn't have permission to unlock the node.");
+        } catch (AccessDeniedException e) {
+            // success
+        }
+
+        // make sure the lock can be removed upon session.logout.
+        modifyPrivileges(trn.getPath(), Privilege.JCR_LOCK_MANAGEMENT, true);
+    }
+
+    public void testLock4() throws RepositoryException, NotExecutableException {
+        Node n = createLockableNode(testRootNode);
+
+        Node trn = getTestNode();
+        modifyPrivileges(trn.getPath(), Privilege.JCR_READ, true);
+        modifyPrivileges(trn.getPath(), PrivilegeRegistry.REP_WRITE, true);
+        modifyPrivileges(trn.getPath(), Privilege.JCR_LOCK_MANAGEMENT, true);
+
+        Node n2 = trn.getNode(n.getName());
+        n2.lock(true, true);
+        Lock l = n2.getLock();
+        String lt = l.getLockToken();
+
+        // withdraw lock-mgmt -> logout of session must still remove the lock
+        modifyPrivileges(trn.getPath(), Privilege.JCR_LOCK_MANAGEMENT, false);
+
+        getTestSession().logout();
+        boolean isLocked = n.isLocked();
+        assertFalse(isLocked);
+    }
+}

Propchange: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/AbstractLockManagementTest.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/AbstractLockManagementTest.java
------------------------------------------------------------------------------
    svn:keywords = author date id revision url

Added: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/AbstractNodeTypeManagementTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/AbstractNodeTypeManagementTest.java?rev=732693&view=auto
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/AbstractNodeTypeManagementTest.java (added)
+++ jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/AbstractNodeTypeManagementTest.java Thu Jan  8 03:52:38 2009
@@ -0,0 +1,350 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.core.security.authorization;
+
+import org.apache.jackrabbit.api.jsr283.security.Privilege;
+import org.apache.jackrabbit.test.NotExecutableException;
+
+import javax.jcr.AccessDeniedException;
+import javax.jcr.ImportUUIDBehavior;
+import javax.jcr.Node;
+import javax.jcr.RepositoryException;
+import javax.jcr.Session;
+import javax.jcr.Workspace;
+import java.io.ByteArrayInputStream;
+import java.io.IOException;
+import java.io.InputStream;
+
+/** <code>AbstractNodeTypeManagementTest</code>... */
+public abstract class AbstractNodeTypeManagementTest extends AbstractEvaluationTest {
+
+    private Node childNode;
+    private String mixinName;
+
+    protected void setUp() throws Exception {
+        super.setUp();
+
+        Node child = testRootNode.addNode(nodeName2);
+        if (child.isNodeType(mixReferenceable) || !child.canAddMixin(mixReferenceable)) {
+            throw new NotExecutableException();
+        }
+        superuser.save();
+        
+        mixinName = getTestSession().getNamespacePrefix(NS_MIX_URI) + ":referenceable";
+        childNode = getTestSession().getNode(child.getPath());
+    }
+
+    public void testCanAddMixin() throws RepositoryException, NotExecutableException {
+        checkReadOnly(childNode.getPath());
+
+        assertFalse(childNode.canAddMixin(mixinName));
+
+        modifyPrivileges(childNode.getPath(), Privilege.JCR_NODE_TYPE_MANAGEMENT, true);
+        assertTrue(childNode.canAddMixin(mixinName));
+
+        modifyPrivileges(childNode.getPath(), Privilege.JCR_NODE_TYPE_MANAGEMENT, false);
+        assertFalse(childNode.canAddMixin(mixinName));
+    }
+
+    public void testAddMixin() throws RepositoryException, NotExecutableException {
+        checkReadOnly(childNode.getPath());
+
+        try {
+            childNode.addMixin(mixinName);
+            childNode.save();
+            fail("TestSession does not have sufficient privileges to add a mixin type.");
+        } catch (AccessDeniedException e) {
+            // success
+        }
+
+        modifyPrivileges(childNode.getPath(), Privilege.JCR_NODE_TYPE_MANAGEMENT, true);
+        childNode.addMixin(mixinName);
+        childNode.save();
+    }
+
+    public void testRemoveMixin() throws RepositoryException, NotExecutableException {
+        ((Node) superuser.getItem(childNode.getPath())).addMixin(mixinName);
+        superuser.save();
+
+        checkReadOnly(childNode.getPath());
+
+        try {
+            childNode.removeMixin(mixinName);
+            childNode.save();
+            fail("TestSession does not have sufficient privileges to remove a mixin type.");
+        } catch (AccessDeniedException e) {
+            // success
+        }
+
+        modifyPrivileges(childNode.getPath(), Privilege.JCR_NODE_TYPE_MANAGEMENT, true);
+        childNode.removeMixin(mixinName);
+        childNode.save();
+    }
+
+    public void testSetPrimaryType() throws RepositoryException, NotExecutableException {
+        Node child = (Node) superuser.getItem(childNode.getPath());
+        String ntName = child.getPrimaryNodeType().getName();
+
+        // TODO: remove casts once jsr 283 is released.        
+        String changedNtName = "nt:folder";
+        ((org.apache.jackrabbit.api.jsr283.Node) child).setPrimaryType(changedNtName);
+        child.save();
+
+        try {
+            checkReadOnly(childNode.getPath());
+
+            try {
+                ((org.apache.jackrabbit.api.jsr283.Node) childNode).setPrimaryType(ntName);
+                childNode.save();
+                fail("TestSession does not have sufficient privileges to change the primary type.");
+            } catch (AccessDeniedException e) {
+                // success
+                getTestSession().refresh(false); // TODO: see JCR-1916
+            }
+
+            /* for nt:folder set_property permission is required in addition
+               in order to be able to create jcr:created
+               TODO: check again with jsr 283 jcr:created was redesigned
+             */
+            modifyPrivileges(childNode.getPath(), Privilege.JCR_NODE_TYPE_MANAGEMENT, true);
+            try {
+                ((org.apache.jackrabbit.api.jsr283.Node) childNode).setPrimaryType(ntName);
+                childNode.save();
+                fail("TestSession does not have sufficient privileges to change the primary type.");
+            } catch (AccessDeniedException e) {
+                // success
+                getTestSession().refresh(false); // TODO: see JCR-1916
+            }
+
+            // with complete write permission the call must succeed.
+            modifyPrivileges(childNode.getPath(), Privilege.JCR_MODIFY_PROPERTIES, true);
+            ((org.apache.jackrabbit.api.jsr283.Node) childNode).setPrimaryType(ntName);
+            childNode.save();
+
+        } finally {
+            if (!ntName.equals(child.getPrimaryNodeType().getName())) {
+                ((org.apache.jackrabbit.api.jsr283.Node) child).setPrimaryType(ntName);
+                child.save();
+            }
+        }
+    }
+
+    /**
+     * Test difference between common jcr:write privilege an rep:write privilege
+     * that includes the ability to set the primary node type upon child node
+     * creation.
+     * 
+     * @throws RepositoryException
+     * @throws NotExecutableException
+     */
+    public void testAddNode() throws RepositoryException, NotExecutableException {
+        checkReadOnly(childNode.getPath());
+
+        // with simple write privilege a child node can be added BUT no
+        // node type must be specified.
+        modifyPrivileges(childNode.getPath(), Privilege.JCR_WRITE, true);
+        addChildNode(false);
+        try {
+            addChildNode(true);
+            fail("Missing privilege jcr:nodeTypeManagement.");
+        } catch (AccessDeniedException e) {
+            // success
+        }
+
+        // adding jcr:nodeTypeManagement privilege will allow to use any
+        // variant of Node.addNode.
+        modifyPrivileges(childNode.getPath(), Privilege.JCR_NODE_TYPE_MANAGEMENT, true);
+        addChildNode(false);
+        addChildNode(true);
+    }
+
+    private void addChildNode(boolean specifyNodeType) throws RepositoryException {
+        Node n = null;
+        try {
+            n = (specifyNodeType) ? childNode.addNode(nodeName3, testNodeType) : childNode.addNode(nodeName3);
+        } finally {
+            if (n != null) {
+                n.remove();
+                childNode.save();
+            }
+        }
+    }
+
+    public void testCopy() throws RepositoryException, NotExecutableException {
+        Workspace wsp = getTestSession().getWorkspace();
+        String parentPath = childNode.getParent().getPath();
+        String srcPath = childNode.getPath();
+        String destPath = parentPath + "/"+ nodeName3;
+
+        checkReadOnly(parentPath);
+        try {
+            wsp.copy(srcPath, destPath);
+            fail("Missing write privilege.");
+        } catch (AccessDeniedException e) {
+            // success
+        }
+
+        // with simple write privilege copying a node is not allowed.
+        modifyPrivileges(parentPath, Privilege.JCR_WRITE, true);
+        try {
+            wsp.copy(srcPath, destPath);
+            fail("Missing privilege jcr:nodeTypeManagement.");
+        } catch (AccessDeniedException e) {
+            // success
+        }
+
+        // adding jcr:nodeTypeManagement privilege will grant permission to copy.
+        modifyPrivileges(parentPath, PrivilegeRegistry.REP_WRITE, true);
+        wsp.copy(srcPath, destPath);
+    }
+
+    public void testWorkspaceMove() throws RepositoryException, NotExecutableException {
+        Workspace wsp = getTestSession().getWorkspace();
+        String parentPath = childNode.getParent().getPath();
+        String srcPath = childNode.getPath();
+        String destPath = parentPath + "/"+ nodeName3;
+
+        checkReadOnly(parentPath);
+        try {
+            wsp.move(srcPath, destPath);
+            fail("Missing write privilege.");
+        } catch (AccessDeniedException e) {
+            // success
+        }
+
+        // with simple write privilege moving a node is not allowed.
+        modifyPrivileges(parentPath, Privilege.JCR_WRITE, true);
+        try {
+            wsp.move(srcPath, destPath);
+            fail("Missing privilege jcr:nodeTypeManagement.");
+        } catch (AccessDeniedException e) {
+            // success
+        }
+
+        // adding jcr:nodeTypeManagement privilege will grant permission to move.
+        modifyPrivileges(parentPath, PrivilegeRegistry.REP_WRITE, true);
+        wsp.move(srcPath, destPath);
+    }
+
+    public void testSessionMove() throws RepositoryException, NotExecutableException {
+        Session s = getTestSession();
+        String parentPath = childNode.getParent().getPath();
+        String srcPath = childNode.getPath();
+        String destPath = parentPath + "/"+ nodeName3;
+
+        checkReadOnly(parentPath);
+        try {
+            s.move(srcPath, destPath);
+            s.save();
+            fail("Missing write privilege.");
+        } catch (AccessDeniedException e) {
+            // success
+        }
+
+        // with simple write privilege moving a node is not allowed.
+        modifyPrivileges(parentPath, Privilege.JCR_WRITE, true);
+        try {
+            s.move(srcPath, destPath);
+            s.save();
+            fail("Missing privilege jcr:nodeTypeManagement.");
+        } catch (AccessDeniedException e) {
+            // success
+        }
+
+        // adding jcr:nodeTypeManagement privilege will grant permission to move.
+        modifyPrivileges(parentPath, PrivilegeRegistry.REP_WRITE, true);
+        s.move(srcPath, destPath);
+        s.save();
+    }
+       
+    public void testSessionImportXML() throws RepositoryException, NotExecutableException, IOException {
+        Session s = getTestSession();
+        String parentPath = childNode.getPath();
+
+        checkReadOnly(parentPath);
+        try {
+            s.importXML(parentPath, getXmlForImport(), ImportUUIDBehavior.IMPORT_UUID_CREATE_NEW);
+            s.save();
+            fail("Missing write privilege.");
+        } catch (AccessDeniedException e) {
+            // success
+        } finally {
+            s.refresh(false);
+        }
+
+        // with simple write privilege moving a node is not allowed.
+        modifyPrivileges(parentPath, Privilege.JCR_WRITE, true);
+        try {
+            s.importXML(parentPath, getXmlForImport(), ImportUUIDBehavior.IMPORT_UUID_CREATE_NEW);
+            s.save();
+            fail("Missing privilege jcr:nodeTypeManagement.");
+        } catch (AccessDeniedException e) {
+            // success
+        } finally {
+            s.refresh(false);
+        }
+
+        // adding jcr:nodeTypeManagement privilege will grant permission to move.
+        modifyPrivileges(parentPath, PrivilegeRegistry.REP_WRITE, true);
+        s.importXML(parentPath, getXmlForImport(), ImportUUIDBehavior.IMPORT_UUID_CREATE_NEW);
+        s.save();
+    }
+
+    public void testWorkspaceImportXML() throws RepositoryException, NotExecutableException, IOException {
+        Workspace wsp = getTestSession().getWorkspace();
+        String parentPath = childNode.getPath();
+
+        checkReadOnly(parentPath);
+        try {
+            wsp.importXML(parentPath, getXmlForImport(), ImportUUIDBehavior.IMPORT_UUID_CREATE_NEW);
+            fail("Missing write privilege.");
+        } catch (AccessDeniedException e) {
+            // success
+        }
+
+        // with simple write privilege moving a node is not allowed.
+        modifyPrivileges(parentPath, Privilege.JCR_WRITE, true);
+        try {
+            wsp.importXML(parentPath, getXmlForImport(), ImportUUIDBehavior.IMPORT_UUID_CREATE_NEW);
+            fail("Missing privilege jcr:nodeTypeManagement.");
+        } catch (AccessDeniedException e) {
+            // success
+        }
+
+        // adding jcr:nodeTypeManagement privilege will grant permission to move.
+        modifyPrivileges(parentPath, PrivilegeRegistry.REP_WRITE, true);
+        wsp.importXML(parentPath, getXmlForImport(), ImportUUIDBehavior.IMPORT_UUID_CREATE_NEW);
+    }
+
+    /**
+     * Simple XML for testing permissions upon import.
+     * 
+     * @return
+     */
+    private InputStream getXmlForImport() {
+        String xml = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>" +
+                "<sv:node xmlns:nt=\"http://www.jcp.org/jcr/nt/1.0\"" +
+                "         xmlns:sv=\"http://www.jcp.org/jcr/sv/1.0\"" +
+                "         xmlns:jcr=\"http://www.jcp.org/jcr/1.0\"" +
+                "         sv:name=\"" + nodeName3 + "\">" +
+                "    <sv:property sv:name=\"jcr:primaryType\" sv:type=\"Name\">" +
+                "        <sv:value>" + testNodeType + "</sv:value>" +
+                "    </sv:property>" +
+                "</sv:node>";
+        return new ByteArrayInputStream(xml.getBytes());
+    }
+}
\ No newline at end of file

Propchange: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/AbstractNodeTypeManagementTest.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/AbstractNodeTypeManagementTest.java
------------------------------------------------------------------------------
    svn:keywords = author date id revision url

Added: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/AbstractVersionManagementTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/AbstractVersionManagementTest.java?rev=732693&view=auto
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/AbstractVersionManagementTest.java (added)
+++ jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/AbstractVersionManagementTest.java Thu Jan  8 03:52:38 2009
@@ -0,0 +1,181 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.core.security.authorization;
+
+import org.apache.jackrabbit.api.jsr283.security.Privilege;
+import org.apache.jackrabbit.api.jsr283.security.AccessControlEntry;
+import org.apache.jackrabbit.test.NotExecutableException;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import javax.jcr.AccessDeniedException;
+import javax.jcr.ItemNotFoundException;
+import javax.jcr.Node;
+import javax.jcr.Property;
+import javax.jcr.RepositoryException;
+import javax.jcr.version.Version;
+
+/** <code>AbstractVersionAccessTest</code>... */
+public abstract class AbstractVersionManagementTest extends AbstractEvaluationTest {
+
+    private static Logger log = LoggerFactory.getLogger(AbstractVersionManagementTest.class);
+
+    protected Node createVersionableNode(Node parent) throws RepositoryException, NotExecutableException {
+        Node n = parent.addNode(nodeName1);
+        if (n.canAddMixin(mixVersionable)) {
+            n.addMixin(mixVersionable);
+        } else {
+            throw new NotExecutableException();
+        }
+        parent.save();
+        return n;
+    }
+
+    public void testAddMixVersionable() throws RepositoryException, NotExecutableException {
+        Node trn = getTestNode();
+        modifyPrivileges(trn.getPath(), PrivilegeRegistry.REP_WRITE, true);
+        modifyPrivileges(trn.getPath(), Privilege.JCR_VERSION_MANAGEMENT, false);
+        Node n = trn.addNode(nodeName1);
+        try {
+            if (n.canAddMixin(mixVersionable)) {
+                n.addMixin(mixVersionable);
+            } else {
+                throw new NotExecutableException();
+            }
+            trn.save();
+            fail("Test session does not have write permission in the version storage -> adding mixin must fail.");
+        } catch (AccessDeniedException e) {
+            // success
+            log.debug(e.getMessage());
+            // ... but autocreated versionable node properties must not be present
+            assertFalse(n.isNodeType(mixVersionable));
+            assertFalse(n.hasProperty("jcr:isCheckedOut"));
+            assertFalse(n.hasProperty(jcrVersionHistory));
+        }
+    }
+
+    public void testAddMixVersionable2() throws RepositoryException, NotExecutableException {
+        Node trn = getTestNode();
+        modifyPrivileges(trn.getPath(), PrivilegeRegistry.REP_WRITE, true);
+        modifyPrivileges(trn.getPath(), Privilege.JCR_NODE_TYPE_MANAGEMENT, true);
+        modifyPrivileges(trn.getPath(), Privilege.JCR_VERSION_MANAGEMENT, true);
+
+        Node n = createVersionableNode(trn);
+        Version v = n.checkin();
+        n.checkout();
+    }
+
+    public void testWriteVersionStore() throws RepositoryException, NotExecutableException {
+        Node trn = getTestNode();
+        modifyPrivileges(trn.getPath(), PrivilegeRegistry.REP_WRITE, true);
+        modifyPrivileges(trn.getPath(), Privilege.JCR_VERSION_MANAGEMENT, false);
+
+        Node n = createVersionableNode(testRootNode);
+        try {
+            Node n2 = trn.getNode(nodeName1);
+            n2.checkin();
+            fail("No write permission in the version storage.");
+        } catch (AccessDeniedException e) {
+            // success
+            log.debug(e.getMessage());
+            // ... but the property must not be modified nor indicating
+            // checkedIn status
+            Property p = n.getProperty("jcr:isCheckedOut");
+            assertFalse(p.isModified());
+            assertTrue(n.getProperty("jcr:isCheckedOut").getValue().getBoolean());
+        }
+    }
+
+    public void testRemoveVersion() throws RepositoryException, NotExecutableException {
+        Node trn = getTestNode();
+        Node n = createVersionableNode(testRootNode);
+        modifyPrivileges(trn.getPath(), Privilege.JCR_VERSION_MANAGEMENT, true);
+
+        // test session should now be able to create versionable nodes, checkout
+        // and checkin them, read the version/v-histories.
+
+        Node testNode = trn.getNode(nodeName1);
+        Version v = testNode.checkin();
+        testNode.checkout();
+        testNode.checkin();
+
+        // remove ability to edit version information
+        // -> VersionHistory.removeVersion must not be allowed.
+        modifyPrivileges(trn.getPath(), Privilege.JCR_VERSION_MANAGEMENT, false);
+        try {
+            testNode.getVersionHistory().removeVersion(v.getName());
+            fail("TestSession without remove privilege on the v-storage must not be able to remove a version.");
+        } catch (AccessDeniedException e) {
+            // success
+            log.debug(e.getMessage());
+        }
+    }
+
+    public void testRemoveVersion2() throws RepositoryException, NotExecutableException {
+        Node trn = getTestNode();
+        Node n = createVersionableNode(testRootNode);
+        modifyPrivileges(trn.getPath(), Privilege.JCR_VERSION_MANAGEMENT, true);
+
+        Node testNode = trn.getNode(nodeName1);
+        Version v = testNode.checkin();
+        testNode.checkout();
+        testNode.checkin();
+
+        // -> VersionHistory.removeVersion must not be allowed.
+        try {
+            testNode.getVersionHistory().removeVersion(v.getName());
+            fail("TestSession without remove privilege on the v-storage must not be able to remove a version.");
+        } catch (AccessDeniedException e) {
+            // success
+            log.debug(e.getMessage());
+        }        
+    }
+
+    public void testRemoveVersion3() throws RepositoryException, NotExecutableException {
+        Node trn = getTestNode();
+        Node n = createVersionableNode(testRootNode);
+
+        String path = getTestSession().getRootNode().getPath();        
+        JackrabbitAccessControlList tmpl = getPolicy(acMgr, path, testUser.getPrincipal());
+        AccessControlEntry entry;
+        try {
+            // NOTE: don't use 'modifyPrivileges' in order not to have the
+            // root-policy cleared on tear-down.
+            tmpl.addEntry(testUser.getPrincipal(), privilegesFromName(Privilege.JCR_VERSION_MANAGEMENT), true, getRestrictions(superuser, path));
+            acMgr.setPolicy(tmpl.getPath(), tmpl);
+            superuser.save();
+
+            Node testNode = trn.getNode(nodeName1);
+            Version v = testNode.checkin();
+            testNode.checkout();
+            testNode.checkin();
+
+            // -> VersionHistory.removeVersion must be allowed            
+            testNode.getVersionHistory().removeVersion(v.getName());
+        } finally {
+            // revert privilege modification (manually remove the ACE added)
+            AccessControlEntry[] entries = tmpl.getAccessControlEntries();
+            for (int i = 0; i < entries.length; i++) {
+                if (entries[i].getPrincipal().equals(testUser.getPrincipal())) {
+                    tmpl.removeAccessControlEntry(entries[i]);
+                }
+            }
+            acMgr.setPolicy(tmpl.getPath(), tmpl);
+            superuser.save();
+        }
+    }
+}
\ No newline at end of file

Propchange: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/AbstractVersionManagementTest.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/AbstractVersionManagementTest.java
------------------------------------------------------------------------------
    svn:keywords = author date id revision url



Mime
View raw message