jackrabbit-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ang...@apache.org
Subject svn commit: r983906 [2/2] - in /jackrabbit/trunk: jackrabbit-api/src/main/java/org/apache/jackrabbit/api/security/ jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/ jackrabbit-core/src/main/java/org/apache/jackrabbit/core...
Date Tue, 10 Aug 2010 09:58:04 GMT
Copied: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/GlobPatternTest.java
(from r954954, jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/principalbased/GlobPatternTest.java)
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/GlobPatternTest.java?p2=jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/GlobPatternTest.java&p1=jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/principalbased/GlobPatternTest.java&r1=954954&r2=983906&rev=983906&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/principalbased/GlobPatternTest.java
(original)
+++ jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/GlobPatternTest.java
Tue Aug 10 09:58:03 2010
@@ -14,12 +14,15 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
-package org.apache.jackrabbit.core.security.authorization.principalbased;
+package org.apache.jackrabbit.core.security.authorization;
 
 import org.apache.jackrabbit.test.JUnitTest;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
+import java.util.HashMap;
+import java.util.Map;
+
 /**
  * <code>GlobPatternTest</code>...
  */
@@ -27,8 +30,234 @@ public class GlobPatternTest extends JUn
 
     private static Logger log = LoggerFactory.getLogger(GlobPatternTest.class);
 
-    public void testMatches() {
-        // TODO
+    public void testMatchesNoMetaChar() {
+        GlobPattern gp = GlobPattern.create("/a/b/c");
+
+        Map<String,Boolean> tests = new HashMap<String,Boolean>();
+        tests.put("/a/b/c", true);
+        tests.put("/a/b/c/d", true);
+        tests.put("/a/b/c/d/e", true);
+        tests.put("/a/b/c/d/e/f", true);
+
+        tests.put("/", false);
+        tests.put("/a", false);
+        tests.put("/b/c", false);
+        for (String toTest : tests.keySet()) {
+            log.info(gp + " - " + toTest + " : " + tests.get(toTest));
+            assertTrue(tests.get(toTest) == gp.matches(toTest));
+        }
+    }
+
+    public void testMatchesWildcardAll() {
+
+        Map<String,Boolean> tests = new HashMap<String,Boolean>();
+
+        // restriction "*" matches /foo, all siblings of foo and foo's and the siblings'
descendants
+        GlobPattern gp = GlobPattern.create("/a/b/c", "*");
+        tests.put("/a/b/c", true);        // foo itself
+        tests.put("/a/b/c/d", true);      // child of foo
+        tests.put("/a/b/c/d/e", true);    // child of foo
+        tests.put("/a/b/c/d/e/f", true);  // child of foo
+        tests.put("/a/b/cde", true);      // sibling
+        tests.put("/a/b/cde/e/f", true);  // child of the sibling
+
+        tests.put("/", false);
+        tests.put("/a", false);
+        tests.put("/b/c", false);
+
+        for (String toTest : tests.keySet()) {
+            log.info(gp + " - " + toTest + " : " + tests.get(toTest));
+            assertTrue(gp + " : " + toTest, tests.get(toTest) == gp.matches(toTest));
+        }
+
+        // restriction "*cat" matches all siblings and descendants of /foo that have a name
ending with cat
+        gp = GlobPattern.create("/a/b/c", "*e");
+        tests = new HashMap<String,Boolean>();
+        tests.put("/a/b/c/e", true);      // descendant with name segment 'e'
+        tests.put("/a/b/c/d/e", true);    // descendant with name segment 'e'
+        tests.put("/a/b/c/gge", true);    // descendant with name segment ending with 'e'
+        tests.put("/a/b/c/d/gge", true);  // descendant with name segment ending with 'e'
+        tests.put("/a/b/ce", true);       // sibling whose name ends with 'e'
+        tests.put("/a/b/chee", true);     // sibling whose name ends with 'e'
+        tests.put("/a/b/cd/e", true);     // descendant of sibling named 'e'
+        tests.put("/a/b/cd/f/e", true);   // descendant of sibling named 'e'
+        tests.put("/a/b/cd/e", true);     // descendant of sibling with name ending with
'e'
+        tests.put("/a/b/cd/f/e", true);   // descendant of sibling with name ending with
'e'
+
+        tests.put("/", false);
+        tests.put("/a", false);
+        tests.put("/b/c", false);
+        tests.put("/a/b/c", false);
+        tests.put("/a/b/c/d", false);
+        tests.put("/a/b/c/d/e/f", false);
+        tests.put("/a/b/c/d/f/e/f", false);
+        tests.put("/a/b/c/d/f/efg", false);
+        tests.put("/a/b/c/d/f/f", false);
+        tests.put("/a/b/c/e/f", false);
+        tests.put("/a/b/ce/", false);
+        tests.put("/a/b/ceg", false);
+        
+        for (String toTest : tests.keySet()) {
+            log.info(gp + " - " + toTest + " : " + tests.get(toTest));
+            assertTrue(gp + " : " + toTest, tests.get(toTest) == gp.matches(toTest));
+        }
+
+        // restriction "*/cat" matches all descendants of /foo and foo's siblings that have
a name segment "cat"
+        gp = GlobPattern.create("/a/b/c", "*/e");
+        tests = new HashMap<String,Boolean>();
+        tests.put("/a/b/c/e", true);      // descendant with name segment 'e'
+        tests.put("/a/b/c/d/e", true);    // descendant with name segment 'e'
+        tests.put("/a/b/cd/e", true);     // descendant of sibling named 'e'
+        tests.put("/a/b/cd/f/e", true);   // descendant of sibling named 'e'
+
+        tests.put("/", false);
+        tests.put("/a", false);
+        tests.put("/b/c", false);
+        tests.put("/a/b/c", false);
+        tests.put("/a/b/c/d", false);
+        tests.put("/a/b/c/d/e/f", false);
+        tests.put("/a/b/c/d/f/e/f", false);
+        tests.put("/a/b/c/d/f/efg", false);
+        tests.put("/a/b/c/d/f/f", false);
+        tests.put("/a/b/c/e/f", false);
+        tests.put("/a/b/ce/", false);
+        for (String toTest : tests.keySet()) {
+            log.info(gp + " - " + toTest + " : " + tests.get(toTest));
+            assertTrue(gp + " : " + toTest, tests.get(toTest) == gp.matches(toTest));
+        }
+
+        // all descendants of '/a/b/c/e'
+        gp = GlobPattern.create("/a/b/c", "e/*");
+        tests = new HashMap<String,Boolean>();
+        tests.put("/a/b/ce/", true);
+        tests.put("/a/b/ce/f/g/h", true);
+        tests.put("/a/b/ce/d/e/f", true);
+
+        tests.put("/a/b/c", false);
+        tests.put("/a/b/c/d", false);
+        tests.put("/a/b/c/d/e", false);
+        tests.put("/a/b/c/d/e/f", false);
+        tests.put("/a/b/c/d/f/f", false);
+        tests.put("/a/b/c/d/f/e/f", false);
+        tests.put("/a/b/cee/d/e/f", false);
+        for (String toTest : tests.keySet()) {
+            log.info(gp + " - " + toTest + " : " + tests.get(toTest));
+            assertTrue(gp + " : " + toTest, tests.get(toTest) == gp.matches(toTest));
+        }
+
+        // restriction "*e/*" matches all descendants of /foo that have an intermediate segment
ending with 'e'
+        gp = GlobPattern.create("/a/b/c", "*e/*");
+        tests = new HashMap<String,Boolean>();
+        tests.put("/a/b/ce/", true);
+        tests.put("/a/b/ceeeeeee/f/g/h", true);
+        tests.put("/a/b/cde/d/e/f", true);
+        tests.put("/a/b/c/d/e/f", true);
+        tests.put("/a/b/c/d/e/", true);
+        tests.put("/a/b/ced/d/e/f", true);        
+        
+        tests.put("/a/b/c/d", false);
+        tests.put("/a/b/c/d/e", false);
+        tests.put("/a/b/c/d/f/f", false);
+        tests.put("/a/b/c/ed/f/f", false);
+        for (String toTest : tests.keySet()) {
+            log.info(gp + " - " + toTest + " : " + tests.get(toTest));
+            assertTrue(gp + " : " + toTest, tests.get(toTest) == gp.matches(toTest));
+        }
+
+        //  restriction /*cat  matches all children of /a/b/c whose path ends with "cat"
+        gp = GlobPattern.create("/a/b/c", "/*cat");
+        tests = new HashMap<String,Boolean>();
+        tests.put("/a/b/c/cat", true);
+        tests.put("/a/b/c/acat", true);
+        tests.put("/a/b/c/f/cat", true);
+        tests.put("/a/b/c/f/acat", true);
+
+        tests.put("/a/b/c/d", false);
+        tests.put("/a/b/c/d/cat/e", false);  // cat only intermediate segment
+        tests.put("/a/b/c/d/acat/e", false);  // cat only intermediate segment
+        tests.put("/a/b/c/d/cata/e", false);  // cat only intermediate segment
+        tests.put("/a/b/c/d/cate", false);
+        tests.put("/a/b/cat", false);        // siblings do no match
+        tests.put("/a/b/cat/ed/f/f", false); // ... nor do siblings' children
+        tests.put("/a/b/ced/cat", false);    // ... nor do siblings' children
+
+        for (String toTest : tests.keySet()) {
+            log.info(gp + " - " + toTest + " : " + tests.get(toTest));
+            assertTrue(gp + " : " + toTest, tests.get(toTest) == gp.matches(toTest));
+        }
+
+        //  restriction /*/cat  matches all non-direct descendants of /foo named "cat"
+        gp = GlobPattern.create("/a/b/c", "/*/cat");
+        tests = new HashMap<String,Boolean>();
+        tests.put("/a/b/c/a/cat", true);
+        tests.put("/a/b/c/d/e/f/cat", true);
+
+        tests.put("/a/b/c/cat", false);
+        tests.put("/a/b/c/cate", false);
+        tests.put("/a/b/c/acat", false);
+        tests.put("/a/b/c/cat/d", false);
+        tests.put("/a/b/c/d/acat", false);
+        tests.put("/a/b/c/d/cate", false);        
+        tests.put("/a/b/c/d/cat/e", false);   // cat only intermediate segment
+        tests.put("/a/b/c/d/acat/e", false);  // cat only intermediate segment
+        tests.put("/a/b/c/d/cata/e", false);  // cat only intermediate segment
+        tests.put("/a/b/cat", false);        // siblings do no match
+        tests.put("/a/b/cat/ed/f/f", false); // ... nor do siblings' children
+        tests.put("/a/b/ced/cat", false);    // ... nor do siblings' children
+        tests.put("/a/b/ced/f/cat", false);  // ... nor do siblings' children
+        
+        for (String toTest : tests.keySet()) {
+            log.info(gp + " - " + toTest + " : " + tests.get(toTest));
+            assertTrue(gp + " : " + toTest, tests.get(toTest) == gp.matches(toTest));
+        }
+
+        //  restriction /cat* matches all descendant paths of /foo that have the
+        //  direct foo-descendant segment starting with "cat"
+        gp = GlobPattern.create("/a/b/c", "/cat*");
+        tests = new HashMap<String,Boolean>();
+        tests.put("/a/b/c/cat", true);
+        tests.put("/a/b/c/cats", true);
+        tests.put("/a/b/c/cat/s", true);
+        tests.put("/a/b/c/cats/d/e/f", true);
+
+
+        tests.put("/a/b/c/d/cat", false);
+        tests.put("/a/b/c/d/cats", false);
+        tests.put("/a/b/c/d/e/cat", false);
+        tests.put("/a/b/c/d/e/cats", false);
+        tests.put("/a/b/c/acat", false);
+        tests.put("/a/b/c/d/acat", false);
+        tests.put("/a/b/c/d/cat/e", false);
+        tests.put("/a/b/c/d/acat/e", false);
+        tests.put("/a/b/c/d/cata/e", false);  
+        tests.put("/a/b/cat", false);        // siblings do no match
+        tests.put("/a/b/cat/ed/f/f", false); // ... nor do siblings' children
+        tests.put("/a/b/ced/cat", false);    // ... nor do siblings' children
+        tests.put("/a/b/ced/f/cat", false);  // ... nor do siblings' children
+
+        for (String toTest : tests.keySet()) {
+            log.info(gp + " - " + toTest + " : " + tests.get(toTest));
+            assertTrue(gp + " : " + toTest, tests.get(toTest) == gp.matches(toTest));
+        }
+    }
+
+    public void testEmptyRestriction() {
+        GlobPattern gp = GlobPattern.create("/a/b/c", "");
+
+        Map<String,Boolean> tests = new HashMap<String,Boolean>();
+        tests.put("/a/b/c", true);
+
+        tests.put("/a/b/c/d", false);
+        tests.put("/a/b/c/d/e", false);
+        tests.put("/a/b/c/d/e/f", false);
+        tests.put("/", false);
+        tests.put("/a", false);
+        tests.put("/a/b/cde", false);
+
+        for (String toTest : tests.keySet()) {
+            log.info(gp + " - " + toTest + " : " + tests.get(toTest));
+            assertTrue(gp + " : " + toTest, tests.get(toTest) == gp.matches(toTest));
+        }
     }
 
     public void testMatchesItem() {

Propchange: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/GlobPatternTest.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/GlobPatternTest.java
------------------------------------------------------------------------------
    svn:keywords = author date id revision url

Modified: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/TestAll.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/TestAll.java?rev=983906&r1=983905&r2=983906&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/TestAll.java
(original)
+++ jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/TestAll.java
Tue Aug 10 09:58:03 2010
@@ -37,6 +37,7 @@ public class TestAll extends TestCase {
 
         suite.addTestSuite(PrivilegeRegistryTest.class);
         suite.addTestSuite(JackrabbitAccessControlListTest.class);
+        suite.addTestSuite(GlobPatternTest.class);
 
         return suite;
     }

Modified: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/acl/ACLTemplateTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/acl/ACLTemplateTest.java?rev=983906&r1=983905&r2=983906&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/acl/ACLTemplateTest.java
(original)
+++ jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/acl/ACLTemplateTest.java
Tue Aug 10 09:58:03 2010
@@ -27,6 +27,7 @@ import org.apache.jackrabbit.core.securi
 import org.apache.jackrabbit.core.security.principal.PrincipalImpl;
 import org.apache.jackrabbit.test.NotExecutableException;
 
+import javax.jcr.PropertyType;
 import javax.jcr.RepositoryException;
 import javax.jcr.Value;
 import javax.jcr.security.AccessControlEntry;
@@ -51,7 +52,7 @@ public class ACLTemplateTest extends Abs
         SessionImpl sImpl = (SessionImpl) superuser;
         PrincipalManager princicipalMgr = sImpl.getPrincipalManager();
         PrivilegeRegistry privilegeRegistry = new PrivilegeRegistry(sImpl);
-        return new ACLTemplate(path, princicipalMgr, privilegeRegistry, sImpl.getValueFactory());
+        return new ACLTemplate(path, princicipalMgr, privilegeRegistry, sImpl.getValueFactory(),
sImpl);
     }
 
     protected Principal getSecondPrincipal() throws Exception {
@@ -278,4 +279,47 @@ public class ACLTemplateTest extends Abs
         assertEquals(false, last.isAllow());
         assertEquals(writePriv[0], last.getPrivileges()[0]);
     }
+
+    public void testRestrictions() throws RepositoryException, NotExecutableException {
+        JackrabbitAccessControlList pt = createEmptyTemplate(getTestPath());
+
+        String restrName = ((SessionImpl) superuser).getJCRName(ACLTemplate.P_GLOB);
+        
+        String[] names = pt.getRestrictionNames();
+        assertNotNull(names);
+        assertEquals(1, names.length);
+        assertEquals(restrName, names[0]);
+        assertEquals(PropertyType.STRING, pt.getRestrictionType(names[0]));
+
+        Privilege[] writePriv = privilegesFromName(Privilege.JCR_WRITE);
+
+        // add entry without restr. -> must succeed
+        assertTrue(pt.addAccessControlEntry(testPrincipal, writePriv));
+        assertEquals(1, pt.getAccessControlEntries().length);
+
+        // ... again -> no modification.
+        assertFalse(pt.addAccessControlEntry(testPrincipal, writePriv));
+        assertEquals(1, pt.getAccessControlEntries().length);
+
+        // ... again using different method -> no modification.
+        assertFalse(pt.addEntry(testPrincipal, writePriv, true));
+        assertEquals(1, pt.getAccessControlEntries().length);
+
+        // ... complementary entry -> must modify the acl
+        assertTrue(pt.addEntry(testPrincipal, writePriv, false));
+        assertEquals(1, pt.getAccessControlEntries().length);
+
+        // add an entry with a restrictions:
+        Map<String,Value> restrictions = Collections.singletonMap(restrName, superuser.getValueFactory().createValue("/.*"));
+        assertTrue(pt.addEntry(testPrincipal, writePriv, false, restrictions));
+        assertEquals(2, pt.getAccessControlEntries().length);
+
+        // ... same again -> no modification.
+        assertFalse(pt.addEntry(testPrincipal, writePriv, false, restrictions));
+        assertEquals(2, pt.getAccessControlEntries().length);
+
+        // ... complementary entry -> must modify the acl.
+        assertTrue(pt.addEntry(testPrincipal, writePriv, true, restrictions));
+        assertEquals(2, pt.getAccessControlEntries().length);        
+    }
 }
\ No newline at end of file

Modified: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/acl/EntryTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/acl/EntryTest.java?rev=983906&r1=983905&r2=983906&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/acl/EntryTest.java
(original)
+++ jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/acl/EntryTest.java
Tue Aug 10 09:58:03 2010
@@ -25,10 +25,14 @@ import org.apache.jackrabbit.core.securi
 import org.apache.jackrabbit.test.NotExecutableException;
 
 import javax.jcr.RepositoryException;
+import javax.jcr.Value;
 import javax.jcr.security.AccessControlPolicy;
 import javax.jcr.security.AccessControlPolicyIterator;
 import javax.jcr.security.Privilege;
 import java.security.Principal;
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.Map;
 
 /**
  * <code>EntryTest</code>...
@@ -43,13 +47,13 @@ public class EntryTest extends AbstractE
 
         SessionImpl s = (SessionImpl) superuser;
 
-        acl = new ACLTemplate(testPath, s.getPrincipalManager(), new PrivilegeRegistry(s),
s.getValueFactory());
+        acl = new ACLTemplate(testPath, s.getPrincipalManager(), new PrivilegeRegistry(s),
s.getValueFactory(), s);
     }
 
     @Override
     protected JackrabbitAccessControlEntry createEntry(Principal principal, Privilege[] privileges,
boolean isAllow)
             throws RepositoryException {
-        return acl.createEntry(principal, privileges, isAllow);
+        return acl.createEntry(principal, privileges, isAllow, Collections.<String, Value>emptyMap());
     }
 
     public void testIsLocal() throws NotExecutableException, RepositoryException {
@@ -78,11 +82,36 @@ public class EntryTest extends AbstractE
         ACLTemplate acl = (ACLTemplate) acls[0];
         assertEquals(path, acl.getPath());       
 
-        ACLTemplate.Entry entry = acl.createEntry(testPrincipal, new Privilege[] {acMgr.privilegeFromName(Privilege.JCR_READ)},
true);
+        ACLTemplate.Entry entry = acl.createEntry(testPrincipal, new Privilege[] {acMgr.privilegeFromName(Privilege.JCR_READ)},
true, Collections.<String,Value>emptyMap());
 
         // node is must be present + must match to testrootnodes id.
         assertTrue(entry.isLocal(((NodeImpl) testRootNode).getNodeId()));
         // but not to a random id.
         assertFalse(entry.isLocal(new NodeId()));
     }
+
+    public void testRestrictions() throws RepositoryException {
+        // test if restrictions with expanded name are properly resolved
+        Map<String, Value> restrictions = new HashMap<String,Value>();
+        restrictions.put(ACLTemplate.P_GLOB.toString(), superuser.getValueFactory().createValue("*/test"));
+
+        Privilege[] privs = new Privilege[] {acMgr.privilegeFromName(Privilege.JCR_ALL)};
+        ACLTemplate.Entry ace = acl.createEntry(testPrincipal, privs, true, restrictions);
+
+        Value v = ace.getRestriction(ACLTemplate.P_GLOB.toString());
+        Value v2 = ace.getRestriction(((SessionImpl) superuser).getJCRName(ACLTemplate.P_GLOB));
+        assertEquals(v, v2);
+
+        Map<String, Boolean> toMatch = new HashMap<String, Boolean>();
+        toMatch.put(acl.getPath(), false);
+        toMatch.put(acl.getPath() + "test", false);
+
+        toMatch.put(acl.getPath() + "/test", true);
+        toMatch.put(acl.getPath() + "/something/test", true);
+        toMatch.put(acl.getPath() + "de/test", true);
+
+        for (String str : toMatch.keySet()) {
+            assertEquals("Path to match : " + str, toMatch.get(str).booleanValue(), ace.matches(str));
+        }
+    }
 }
\ No newline at end of file

Modified: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/acl/ReadTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/acl/ReadTest.java?rev=983906&r1=983905&r2=983906&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/acl/ReadTest.java
(original)
+++ jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/acl/ReadTest.java
Tue Aug 10 09:58:03 2010
@@ -18,6 +18,7 @@ package org.apache.jackrabbit.core.secur
 
 import org.apache.jackrabbit.api.security.JackrabbitAccessControlList;
 import org.apache.jackrabbit.core.security.authorization.AbstractEvaluationTest;
+import org.apache.jackrabbit.core.security.authorization.AccessControlConstants;
 import org.apache.jackrabbit.test.NotExecutableException;
 
 import javax.jcr.AccessDeniedException;
@@ -25,10 +26,12 @@ import javax.jcr.Node;
 import javax.jcr.RepositoryException;
 import javax.jcr.Session;
 import javax.jcr.Value;
+import javax.jcr.ValueFactory;
 import javax.jcr.security.AccessControlManager;
 import javax.jcr.security.Privilege;
 import java.security.Principal;
 import java.util.Collections;
+import java.util.HashMap;
 import java.util.Map;
 
 /**
@@ -36,8 +39,8 @@ import java.util.Map;
  */
 public class ReadTest extends AbstractEvaluationTest {
 
-    protected String path;
-    protected String childNPath;
+    private String path;
+    private String childNPath;
 
     protected void setUp() throws Exception {
         super.setUp();
@@ -81,4 +84,43 @@ public class ReadTest extends AbstractEv
         Node n = testSession.getNode(childNPath);
         n.getDefinition();
     }
+
+    public void testGlobRestriction() throws Exception {
+        Session testSession = getTestSession();
+        AccessControlManager testAcMgr = getTestACManager();
+        ValueFactory vf = superuser.getValueFactory();
+        /*
+          precondition:
+          testuser must have READ-only permission on test-node and below
+        */
+        checkReadOnly(path);
+        checkReadOnly(childNPath);
+
+        Node child = superuser.getNode(childNPath).addNode(nodeName3);
+        superuser.save();
+        String childchildPath = child.getPath();
+
+        Privilege[] read = privilegesFromName(Privilege.JCR_READ);
+
+        Map<String, Value> restrictions = new HashMap(getRestrictions(superuser, path));
+        restrictions.put(AccessControlConstants.P_GLOB.toString(), vf.createValue("*/"+jcrPrimaryType));
+
+        withdrawPrivileges(path, read, restrictions);
+
+        assertTrue(testAcMgr.hasPrivileges(path, read));
+        assertTrue(testSession.hasPermission(path, javax.jcr.Session.ACTION_READ));
+        testSession.getNode(path);
+
+        assertTrue(testAcMgr.hasPrivileges(childNPath, read));
+        assertTrue(testSession.hasPermission(childNPath, javax.jcr.Session.ACTION_READ));
+        testSession.getNode(childNPath);
+
+        String propPath = path + "/" + jcrPrimaryType;
+        assertFalse(testSession.hasPermission(propPath, javax.jcr.Session.ACTION_READ));
+        assertFalse(testSession.propertyExists(propPath));
+
+        propPath = childNPath + "/" + jcrPrimaryType;
+        assertFalse(testSession.hasPermission(propPath, javax.jcr.Session.ACTION_READ));
+        assertFalse(testSession.propertyExists(propPath));
+    }
 }
\ No newline at end of file

Modified: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/principalbased/EntryTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/principalbased/EntryTest.java?rev=983906&r1=983905&r2=983906&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/principalbased/EntryTest.java
(original)
+++ jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/principalbased/EntryTest.java
Tue Aug 10 09:58:03 2010
@@ -164,4 +164,33 @@ public class EntryTest extends AbstractE
             assertFalse("Restrictions shouldn't match " + str, ace.matches(str));
         }
     }
+
+    public void testRestrictions() throws RepositoryException {
+        // test if restrictions with expanded name are properly resolved
+        Map<String, Value> restrictions = new HashMap<String,Value>();
+        restrictions.put(ACLTemplate.P_GLOB.toString(), superuser.getValueFactory().createValue("*/test"));
+        restrictions.put(ACLTemplate.P_NODE_PATH.toString(), superuser.getValueFactory().createValue("/a/b/c"));
+
+        Privilege[] privs = new Privilege[] {acMgr.privilegeFromName(Privilege.JCR_ALL)};
+        ACLTemplate.Entry ace = (ACLTemplate.Entry) createEntry(testPrincipal, privs, true,
restrictions);
+
+        Value v = ace.getRestriction(ACLTemplate.P_GLOB.toString());
+        Value v2 = ace.getRestriction(glob);
+        assertEquals(v, v2);
+
+        v = ace.getRestriction(ACLTemplate.P_NODE_PATH.toString());
+        v2 = ace.getRestriction(nodePath);
+        assertEquals(v, v2);
+
+        Map<String, Boolean> toMatch = new HashMap<String, Boolean>();
+        toMatch.put("/a/b/c", false);
+        toMatch.put("/a/b/ctest", false);
+        toMatch.put("/a/b/c/test", true);
+        toMatch.put("/a/b/c/something/test", true);
+        toMatch.put("/a/b/cde/test", true);
+
+        for (String str : toMatch.keySet()) {
+            assertEquals("Path to match : " + str, toMatch.get(str).booleanValue(), ace.matches(str));
+        }
+    }
 }
\ No newline at end of file

Modified: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/principalbased/TestAll.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/principalbased/TestAll.java?rev=983906&r1=983905&r2=983906&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/principalbased/TestAll.java
(original)
+++ jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/principalbased/TestAll.java
Tue Aug 10 09:58:03 2010
@@ -37,7 +37,6 @@ public class TestAll extends TestCase {
 
         suite.addTestSuite(ACLTemplateTest.class);
         suite.addTestSuite(EntryTest.class);
-        suite.addTestSuite(GlobPatternTest.class);
 
         suite.addTestSuite(WriteTest.class);
         suite.addTestSuite(LockTest.class);



Mime
View raw message