jackrabbit-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ang...@apache.org
Subject svn commit: r732693 [6/6] - in /jackrabbit/trunk: jackrabbit-api/src/main/java/org/apache/jackrabbit/api/jsr283/security/ jackrabbit-core/src/main/java/org/apache/jackrabbit/core/ jackrabbit-core/src/main/java/org/apache/jackrabbit/core/cluster/ jackra...
Date Thu, 08 Jan 2009 11:52:45 GMT
Added: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/combined/WriteTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/combined/WriteTest.java?rev=732693&view=auto
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/combined/WriteTest.java
(added)
+++ jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/combined/WriteTest.java
Thu Jan  8 03:52:38 2009
@@ -0,0 +1,196 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.core.security.authorization.combined;
+
+import org.apache.jackrabbit.api.jsr283.security.AccessControlManager;
+import org.apache.jackrabbit.api.jsr283.security.AccessControlPolicy;
+import org.apache.jackrabbit.api.jsr283.security.Privilege;
+import org.apache.jackrabbit.api.security.user.Group;
+import org.apache.jackrabbit.core.SessionImpl;
+import org.apache.jackrabbit.core.security.JackrabbitAccessControlManager;
+import org.apache.jackrabbit.core.security.authorization.JackrabbitAccessControlList;
+import org.apache.jackrabbit.core.security.authorization.PrivilegeRegistry;
+import org.apache.jackrabbit.test.NotExecutableException;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import javax.jcr.AccessDeniedException;
+import javax.jcr.RepositoryException;
+import java.security.Principal;
+import java.util.ArrayList;
+import java.util.HashMap;
+import java.util.Iterator;
+import java.util.List;
+import java.util.Map;
+
+/**
+ * <code>EvaluationTest</code>...
+ */
+public class WriteTest extends org.apache.jackrabbit.core.security.authorization.acl.WriteTest
{
+
+    private static Logger log = LoggerFactory.getLogger(WriteTest.class);
+
+    private List toClear = new ArrayList();
+
+    protected void setUp() throws Exception {
+        super.setUp();
+
+        // simple test to check if proper provider is present:
+        getPrincipalBasedPolicy(acMgr, path, getTestUser().getPrincipal());
+    }
+
+    protected void clearACInfo() {
+        for (Iterator it = toClear.iterator(); it.hasNext();) {
+            String path = it.next().toString();
+            try {
+                AccessControlPolicy[] policies = acMgr.getPolicies(path);
+                for (int i = 0; i < policies.length; i++) {
+                    acMgr.removePolicy(path, policies[i]);
+                    superuser.save();
+                }
+            } catch (RepositoryException e) {
+                // log error and ignore
+                log.error(e.getMessage());
+            }
+        }
+    }
+
+    private JackrabbitAccessControlList getPrincipalBasedPolicy(AccessControlManager acM,
String path, Principal principal) throws RepositoryException, AccessDeniedException, NotExecutableException
{
+        if (acM instanceof JackrabbitAccessControlManager) {
+            AccessControlPolicy[] tmpls = ((JackrabbitAccessControlManager) acM).getApplicablePolicies(principal);
+            for (int i = 0; i < tmpls.length; i++) {
+                if (tmpls[i] instanceof JackrabbitAccessControlList) {
+                    JackrabbitAccessControlList acl = (JackrabbitAccessControlList) tmpls[i];
+                    toClear.add(acl.getPath());
+                    return acl;
+                }
+            }
+        }
+        throw new NotExecutableException();
+    }
+
+    private JackrabbitAccessControlList givePrivileges(String nPath,
+                                                       Principal principal,
+                                                       Privilege[] privileges,
+                                                       Map restrictions,
+                                                       boolean nodeBased) throws NotExecutableException,
RepositoryException {
+        if (nodeBased) {
+            return givePrivileges(nPath, principal, privileges, getRestrictions(superuser,
nPath));
+        } else {
+            JackrabbitAccessControlList tmpl = getPrincipalBasedPolicy(acMgr, nPath, principal);
+            tmpl.addEntry(principal, privileges, true, restrictions);
+            acMgr.setPolicy(tmpl.getPath(), tmpl);
+            superuser.save();
+            // remember for teardown
+            toClear.add(tmpl.getPath());
+            return tmpl;
+        }
+    }
+
+    private JackrabbitAccessControlList withdrawPrivileges(String nPath,
+                                                       Principal principal,
+                                                       Privilege[] privileges,
+                                                       Map restrictions,
+                                                       boolean nodeBased) throws NotExecutableException,
RepositoryException {
+        if (nodeBased) {
+            return withdrawPrivileges(nPath, principal, privileges, getRestrictions(superuser,
nPath));
+        } else {
+            JackrabbitAccessControlList tmpl = getPrincipalBasedPolicy(acMgr, nPath, principal);
+            tmpl.addEntry(principal, privileges, false, restrictions);
+            acMgr.setPolicy(tmpl.getPath(), tmpl);
+            superuser.save();
+            // remember for teardown
+            toClear.add(tmpl.getPath());
+            return tmpl;
+        }
+    }
+
+    private Map getPrincipalBasedRestrictions(String path) throws RepositoryException, NotExecutableException
{
+        if (superuser instanceof SessionImpl) {
+            Map restr = new HashMap();
+            restr.put("rep:nodePath", path);
+            return restr;
+        } else {
+            throw new NotExecutableException();
+        }
+    }
+
+    public void testCombinedPolicies() throws RepositoryException, NotExecutableException
{
+        Group testGroup = getTestGroup();
+        SessionImpl testSession = getTestSession();
+        AccessControlManager testAcMgr = getTestACManager();
+
+        /*
+          precondition:
+          testuser must have READ-only permission on test-node and below
+        */
+        checkReadOnly(path);
+
+        Privilege[] readPrivs = privilegesFromName(Privilege.JCR_READ);
+        // nodebased: remove READ privilege for 'testUser' at 'path'
+        withdrawPrivileges(path, readPrivs, getRestrictions(superuser, path));
+        // principalbased: add READ privilege for 'testGroup'
+        givePrivileges(path, testGroup.getPrincipal(), readPrivs, getPrincipalBasedRestrictions(path),
false);
+        /*
+         expected result:
+         - nodebased wins over principalbased -> READ is denied
+         */
+        assertFalse(testSession.itemExists(path));
+        assertFalse(testSession.hasPermission(path, org.apache.jackrabbit.api.jsr283.Session.ACTION_READ));
+        assertFalse(testAcMgr.hasPrivileges(path, readPrivs));
+
+        // remove the nodebased policy
+        JackrabbitAccessControlList policy = getPolicy(acMgr, path, getTestUser().getPrincipal());
+        acMgr.removePolicy(policy.getPath(), policy);
+        superuser.save();
+
+        /*
+         expected result:
+         - READ privilege is present again.
+         */
+        assertTrue(testSession.itemExists(path));
+        assertTrue(testSession.hasPermission(path, org.apache.jackrabbit.api.jsr283.Session.ACTION_READ));
+        assertTrue(testAcMgr.hasPrivileges(path, readPrivs));
+
+        // nodebased: add WRITE privilege for 'testUser' at 'path'
+        Privilege[] wrtPrivileges = privilegesFromName(PrivilegeRegistry.REP_WRITE);
+        givePrivileges(path, wrtPrivileges, getRestrictions(superuser, path));
+        // userbased: deny MODIFY_PROPERTIES privileges for 'testUser'
+        Privilege[] modPropPrivs = privilegesFromName(Privilege.JCR_MODIFY_PROPERTIES);
+        withdrawPrivileges(path, getTestUser().getPrincipal(), modPropPrivs, getPrincipalBasedRestrictions(path),
false);
+        /*
+         expected result:
+         - MODIFY_PROPERTIES privilege still present
+         */
+        assertTrue(testSession.hasPermission(path+"/anyproperty", org.apache.jackrabbit.api.jsr283.Session.ACTION_SET_PROPERTY));
+        assertTrue(testAcMgr.hasPrivileges(path, wrtPrivileges));
+
+        // nodebased: deny MODIFY_PROPERTIES privileges for 'testUser'
+        //            on a child node.
+        withdrawPrivileges(childNPath, getTestUser().getPrincipal(), modPropPrivs, getRestrictions(superuser,
childNPath));
+        /*
+         expected result:
+         - MODIFY_PROPERTIES privilege still present at 'path'
+         - no-MODIFY_PROPERTIES privilege at 'childNPath'
+         */
+        assertTrue(testSession.hasPermission(path+"/anyproperty", org.apache.jackrabbit.api.jsr283.Session.ACTION_SET_PROPERTY));
+        assertTrue(testAcMgr.hasPrivileges(path, modPropPrivs));
+
+        assertFalse(testSession.hasPermission(childNPath+"/anyproperty", org.apache.jackrabbit.api.jsr283.Session.ACTION_SET_PROPERTY));
+        assertFalse(testAcMgr.hasPrivileges(childNPath, modPropPrivs));
+    }
+}
\ No newline at end of file

Propchange: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/combined/WriteTest.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/combined/WriteTest.java
------------------------------------------------------------------------------
    svn:keywords = author date id revision url

Added: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/principalbased/EvaluationUtil.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/principalbased/EvaluationUtil.java?rev=732693&view=auto
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/principalbased/EvaluationUtil.java
(added)
+++ jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/principalbased/EvaluationUtil.java
Thu Jan  8 03:52:38 2009
@@ -0,0 +1,65 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.core.security.authorization.principalbased;
+
+import junit.framework.TestCase;
+import org.apache.jackrabbit.core.security.authorization.AbstractLockManagementTest;
+import org.apache.jackrabbit.core.security.authorization.JackrabbitAccessControlList;
+import org.apache.jackrabbit.core.security.authorization.AbstractVersionManagementTest;
+import org.apache.jackrabbit.core.security.authorization.AbstractNodeTypeManagementTest;
+import org.apache.jackrabbit.core.security.JackrabbitAccessControlManager;
+import org.apache.jackrabbit.core.SessionImpl;
+import org.apache.jackrabbit.api.jsr283.security.AccessControlManager;
+import org.apache.jackrabbit.api.jsr283.security.AccessControlPolicy;
+import org.apache.jackrabbit.test.NotExecutableException;
+
+import javax.jcr.RepositoryException;
+import javax.jcr.Session;
+import javax.jcr.AccessDeniedException;
+import java.security.Principal;
+import java.util.Map;
+import java.util.HashMap;
+
+/**
+ * <code>EvaluationTest</code>...
+ */
+class EvaluationUtil {
+
+   static JackrabbitAccessControlList getPolicy(AccessControlManager acM, String path, Principal
principal) throws RepositoryException,
+                AccessDeniedException, NotExecutableException {
+        if (acM instanceof JackrabbitAccessControlManager) {
+            AccessControlPolicy[] policies = ((JackrabbitAccessControlManager) acM).getApplicablePolicies(principal);
+            for (int i = 0; i < policies.length; i++) {
+                if (policies[i] instanceof ACLTemplate) {
+                    ACLTemplate acl = (ACLTemplate) policies[i];
+                    return acl;
+                }
+            }
+        }
+        throw new NotExecutableException();
+    }
+
+    static  Map getRestrictions(Session s, String path) throws RepositoryException, NotExecutableException
{
+        if (s instanceof SessionImpl) {
+            Map restr = new HashMap();
+            restr.put(((SessionImpl) s).getJCRName(ACLTemplate.P_NODE_PATH), path);
+            return restr;
+        } else {
+            throw new NotExecutableException();
+        }
+    }
+}
\ No newline at end of file

Propchange: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/principalbased/EvaluationUtil.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/principalbased/EvaluationUtil.java
------------------------------------------------------------------------------
    svn:keywords = author date id revision url

Added: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/principalbased/LockTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/principalbased/LockTest.java?rev=732693&view=auto
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/principalbased/LockTest.java
(added)
+++ jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/principalbased/LockTest.java
Thu Jan  8 03:52:38 2009
@@ -0,0 +1,40 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.core.security.authorization.principalbased;
+
+import org.apache.jackrabbit.core.security.authorization.AbstractLockManagementTest;
+import org.apache.jackrabbit.core.security.authorization.JackrabbitAccessControlList;
+import org.apache.jackrabbit.api.jsr283.security.AccessControlManager;
+import org.apache.jackrabbit.test.NotExecutableException;
+
+import javax.jcr.RepositoryException;
+import javax.jcr.Session;
+import java.security.Principal;
+import java.util.Map;
+
+/**
+ * <code>LockTest</code>...
+ */
+public class LockTest extends AbstractLockManagementTest {
+    protected JackrabbitAccessControlList getPolicy(AccessControlManager acMgr, String path,
Principal princ) throws
+            RepositoryException, NotExecutableException {
+        return EvaluationUtil.getPolicy(acMgr, path, princ);
+    }
+    protected Map getRestrictions(Session s, String path) throws RepositoryException, NotExecutableException
{
+        return EvaluationUtil.getRestrictions(s, path);
+    }
+}
\ No newline at end of file

Propchange: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/principalbased/LockTest.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/principalbased/LockTest.java
------------------------------------------------------------------------------
    svn:keywords = author date id revision url

Added: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/principalbased/NodeTypeTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/principalbased/NodeTypeTest.java?rev=732693&view=auto
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/principalbased/NodeTypeTest.java
(added)
+++ jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/principalbased/NodeTypeTest.java
Thu Jan  8 03:52:38 2009
@@ -0,0 +1,40 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.core.security.authorization.principalbased;
+
+import org.apache.jackrabbit.core.security.authorization.AbstractNodeTypeManagementTest;
+import org.apache.jackrabbit.core.security.authorization.JackrabbitAccessControlList;
+import org.apache.jackrabbit.api.jsr283.security.AccessControlManager;
+import org.apache.jackrabbit.test.NotExecutableException;
+
+import javax.jcr.RepositoryException;
+import javax.jcr.Session;
+import java.security.Principal;
+import java.util.Map;
+
+/**
+ * <code>NodeTypeTest</code>...
+ */
+public class NodeTypeTest extends AbstractNodeTypeManagementTest {
+    protected JackrabbitAccessControlList getPolicy(AccessControlManager acMgr, String path,
Principal princ) throws
+            RepositoryException, NotExecutableException {
+        return EvaluationUtil.getPolicy(acMgr, path, princ);
+    }
+    protected Map getRestrictions(Session s, String path) throws RepositoryException, NotExecutableException
{
+        return EvaluationUtil.getRestrictions(s, path);
+    }
+}
\ No newline at end of file

Propchange: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/principalbased/NodeTypeTest.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/principalbased/NodeTypeTest.java
------------------------------------------------------------------------------
    svn:keywords = author date id revision url

Modified: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/principalbased/TestAll.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/principalbased/TestAll.java?rev=732693&r1=732692&r2=732693&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/principalbased/TestAll.java
(original)
+++ jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/principalbased/TestAll.java
Thu Jan  8 03:52:38 2009
@@ -13,8 +13,8 @@
  */
 package org.apache.jackrabbit.core.security.authorization.principalbased;
 
-import junit.framework.TestCase;
 import junit.framework.Test;
+import junit.framework.TestCase;
 import junit.framework.TestSuite;
 
 /**
@@ -30,13 +30,16 @@
      *         package.
      */
     public static Test suite() {
-        TestSuite suite = new TestSuite("security.authorization.combined tests");
+        TestSuite suite = new TestSuite("security.authorization.principalbased tests");
 
         suite.addTestSuite(ACLTemplateTest.class);
         suite.addTestSuite(EntryTest.class);
         suite.addTestSuite(GlobPatternTest.class);
 
-        suite.addTestSuite(EvaluationTest.class);
+        suite.addTestSuite(WriteTest.class);
+        suite.addTestSuite(LockTest.class);
+        suite.addTestSuite(VersionTest.class);
+        suite.addTestSuite(NodeTypeTest.class);
 
         return suite;
     }

Added: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/principalbased/VersionTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/principalbased/VersionTest.java?rev=732693&view=auto
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/principalbased/VersionTest.java
(added)
+++ jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/principalbased/VersionTest.java
Thu Jan  8 03:52:38 2009
@@ -0,0 +1,110 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.core.security.authorization.principalbased;
+
+import org.apache.jackrabbit.core.security.authorization.JackrabbitAccessControlList;
+import org.apache.jackrabbit.core.security.authorization.AbstractVersionManagementTest;
+import org.apache.jackrabbit.core.security.authorization.PrivilegeRegistry;
+import org.apache.jackrabbit.api.jsr283.security.AccessControlManager;
+import org.apache.jackrabbit.api.jsr283.security.Privilege;
+import org.apache.jackrabbit.test.NotExecutableException;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import javax.jcr.RepositoryException;
+import javax.jcr.Session;
+import javax.jcr.Node;
+import javax.jcr.AccessDeniedException;
+import javax.jcr.ItemNotFoundException;
+import javax.jcr.Property;
+import javax.jcr.version.Version;
+import java.security.Principal;
+import java.util.Map;
+
+/**
+ * <code>VersionTest</code>...
+ */
+public class VersionTest extends AbstractVersionManagementTest {
+
+    private static Logger log = LoggerFactory.getLogger(VersionTest.class);
+
+    private static String VERSION_STORAGE_PATH = "/jcr:system/jcr:versionStorage";
+
+    protected JackrabbitAccessControlList getPolicy(AccessControlManager acMgr, String path,
Principal princ) throws
+            RepositoryException, NotExecutableException {
+        return EvaluationUtil.getPolicy(acMgr, path, princ);
+    }
+    protected Map getRestrictions(Session s, String path) throws RepositoryException, NotExecutableException
{
+        return EvaluationUtil.getRestrictions(s, path);
+    }
+
+    public void testReadVersionInfo() throws RepositoryException, NotExecutableException
{
+        Node n = createVersionableNode(testRootNode);
+        modifyPrivileges(VERSION_STORAGE_PATH, Privilege.JCR_READ, false);
+
+        Node n2 = (Node) getTestSession().getItem(n.getPath());
+        try {
+            n2.getVersionHistory();
+            fail();
+        } catch (AccessDeniedException e) {
+            // success
+        } catch (ItemNotFoundException e) {
+            // success as well
+        }
+        try {
+            n2.getBaseVersion();
+            fail();
+        } catch (AccessDeniedException e) {
+            // success
+        } catch (ItemNotFoundException e) {
+            // success as well
+        }
+    }
+
+    public void testReadVersionInfo2() throws RepositoryException, NotExecutableException
{
+        Node n = createVersionableNode(testRootNode);
+        modifyPrivileges(VERSION_STORAGE_PATH, Privilege.JCR_READ, true);
+
+        Node n2 = (Node) getTestSession().getItem(n.getPath());
+        n2.getVersionHistory();
+        n2.getBaseVersion();
+    }
+
+    public void testReadVersionInfo3() throws RepositoryException, NotExecutableException
{
+        Node trn = getTestNode();
+        modifyPrivileges(trn.getPath(), PrivilegeRegistry.REP_WRITE, true);
+        modifyPrivileges(trn.getPath(), Privilege.JCR_NODE_TYPE_MANAGEMENT, true);
+        modifyPrivileges(trn.getPath(), Privilege.JCR_VERSION_MANAGEMENT, true);
+        modifyPrivileges(VERSION_STORAGE_PATH, Privilege.JCR_READ, false);
+
+        Node n = createVersionableNode(trn);
+        assertTrue(n.isNodeType(mixVersionable));
+        assertFalse(n.isModified());
+
+        try {
+            n.getVersionHistory();
+            n.getBaseVersion();
+            fail("No READ permission in the version storage");
+        } catch (AccessDeniedException e) {
+            // success
+            log.debug(e.getMessage());
+        }  catch (ItemNotFoundException e) {
+            // success
+            log.debug(e.getMessage());
+        }
+    }
+}
\ No newline at end of file

Propchange: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/principalbased/VersionTest.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/principalbased/VersionTest.java
------------------------------------------------------------------------------
    svn:keywords = author date id revision url

Added: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/principalbased/WriteTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/principalbased/WriteTest.java?rev=732693&view=auto
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/principalbased/WriteTest.java
(added)
+++ jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/principalbased/WriteTest.java
Thu Jan  8 03:52:38 2009
@@ -0,0 +1,93 @@
+/*
+ * $Id$
+ *
+ * Copyright 1997-2005 Day Management AG
+ * Barfuesserplatz 6, 4001 Basel, Switzerland
+ * All Rights Reserved.
+ *
+ * This software is the confidential and proprietary information of
+ * Day Management AG, ("Confidential Information"). You shall not
+ * disclose such Confidential Information and shall use it only in
+ * accordance with the terms of the license agreement you entered into
+ * with Day.
+ */
+package org.apache.jackrabbit.core.security.authorization.principalbased;
+
+import org.apache.jackrabbit.core.security.authorization.AbstractWriteTest;
+import org.apache.jackrabbit.core.security.authorization.JackrabbitAccessControlList;
+import org.apache.jackrabbit.core.security.JackrabbitAccessControlManager;
+import org.apache.jackrabbit.core.SessionImpl;
+import org.apache.jackrabbit.test.NotExecutableException;
+import org.apache.jackrabbit.api.jsr283.security.AccessControlManager;
+import org.apache.jackrabbit.api.jsr283.security.AccessControlPolicy;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import javax.jcr.RepositoryException;
+import javax.jcr.AccessDeniedException;
+import javax.jcr.Session;
+import java.security.Principal;
+import java.util.Map;
+import java.util.HashMap;
+import java.util.List;
+import java.util.ArrayList;
+import java.util.Iterator;
+
+/**
+ * <code>EvaluationTest</code>...
+ */
+public class WriteTest extends AbstractWriteTest {
+
+    private static Logger log = LoggerFactory.getLogger(WriteTest.class);
+
+    private List toClear = new ArrayList();
+
+    protected void setUp() throws Exception {
+        super.setUp();
+
+        // simple test to check if proper provider is present:
+        getPolicy(acMgr, path, getTestUser().getPrincipal());
+    }
+
+    protected void clearACInfo() {
+        for (Iterator it = toClear.iterator(); it.hasNext();) {
+            String path = it.next().toString();
+            try {
+                AccessControlPolicy[] policies = acMgr.getPolicies(path);
+                for (int i = 0; i < policies.length; i++) {
+                    acMgr.removePolicy(path, policies[i]);
+                    superuser.save();
+                }
+            } catch (RepositoryException e) {
+                // log error and ignore
+                log.error(e.getMessage());
+            }
+        }
+    }
+
+    protected JackrabbitAccessControlList getPolicy(AccessControlManager acM, String path,
Principal principal) throws RepositoryException, AccessDeniedException, NotExecutableException
{
+        if (acM instanceof JackrabbitAccessControlManager) {
+            AccessControlPolicy[] policies = ((JackrabbitAccessControlManager) acM).getApplicablePolicies(principal);
+            for (int i = 0; i < policies.length; i++) {
+                if (policies[i] instanceof ACLTemplate) {
+                    ACLTemplate acl = (ACLTemplate) policies[i];
+                    toClear.add(acl.getPath());
+                    return acl;
+                }
+            }
+        }
+        throw new NotExecutableException();
+    }
+
+    protected Map getRestrictions(Session s, String path) throws RepositoryException, NotExecutableException
{
+        if (s instanceof SessionImpl) {
+            Map restr = new HashMap();
+            restr.put(((SessionImpl) s).getJCRName(ACLTemplate.P_NODE_PATH), path);
+            return restr;
+        } else {
+            throw new NotExecutableException();
+        }
+    }
+
+    // TODO: add specific tests with other restrictions
+}

Propchange: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/principalbased/WriteTest.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/principalbased/WriteTest.java
------------------------------------------------------------------------------
    svn:keywords = author date id revision url



Mime
View raw message