jackrabbit-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ang...@apache.org
Subject svn commit: r1072154 [3/3] - in /jackrabbit/trunk: jackrabbit-core/src/main/java/org/apache/jackrabbit/core/ jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/ jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorizat...
Date Fri, 18 Feb 2011 21:24:12 GMT
Modified: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/JackrabbitAccessControlListTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/JackrabbitAccessControlListTest.java?rev=1072154&r1=1072153&r2=1072154&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/JackrabbitAccessControlListTest.java (original)
+++ jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/JackrabbitAccessControlListTest.java Fri Feb 18 21:24:10 2011
@@ -21,6 +21,8 @@ import org.apache.jackrabbit.api.securit
 import org.apache.jackrabbit.api.security.JackrabbitAccessControlList;
 import org.apache.jackrabbit.api.security.principal.PrincipalIterator;
 import org.apache.jackrabbit.api.security.principal.PrincipalManager;
+import org.apache.jackrabbit.core.SessionImpl;
+import org.apache.jackrabbit.core.WorkspaceImpl;
 import org.apache.jackrabbit.test.NotExecutableException;
 import org.apache.jackrabbit.test.api.security.AbstractAccessControlTest;
 
@@ -43,6 +45,7 @@ import java.util.List;
 public class JackrabbitAccessControlListTest extends AbstractAccessControlTest {
 
     private JackrabbitAccessControlList templ;
+    private PrivilegeManager privilegeMgr;
 
     @Override
     protected void setUp() throws Exception {
@@ -62,6 +65,8 @@ public class JackrabbitAccessControlList
             superuser.logout();
             throw new NotExecutableException("No JackrabbitAccessControlList to test.");
         }
+
+        privilegeMgr = ((WorkspaceImpl) superuser.getWorkspace()).getPrivilegeManager();
     }
 
     @Override
@@ -117,7 +122,7 @@ public class JackrabbitAccessControlList
         Principal princ = getValidPrincipal();
         Privilege[] priv = privilegesFromName(Privilege.JCR_ALL);
 
-        List entriesBefore = Arrays.asList(templ.getAccessControlEntries());
+        List<AccessControlEntry> entriesBefore = Arrays.asList(templ.getAccessControlEntries());
         if (templ.addEntry(princ, priv, true, Collections.<String, Value>emptyMap())) {
             AccessControlEntry[] entries = templ.getAccessControlEntries();
             if (entries.length == 0) {
@@ -125,12 +130,12 @@ public class JackrabbitAccessControlList
             }
             int allows = 0;
             for (AccessControlEntry en : entries) {
-                int bits = PrivilegeRegistry.getBits(en.getPrivileges());
+                int bits = privilegeMgr.getBits(en.getPrivileges());
                 if (en instanceof JackrabbitAccessControlEntry && ((JackrabbitAccessControlEntry) en).isAllow()) {
                     allows |= bits;
                 }
             }
-            assertEquals(PrivilegeRegistry.getBits(priv), allows);
+            assertEquals(privilegeMgr.getBits(priv), allows);
         } else {
             AccessControlEntry[] entries = templ.getAccessControlEntries();
             assertEquals("Grant ALL not successful -> entries must not have changed.", entriesBefore, Arrays.asList(entries));
@@ -147,12 +152,12 @@ public class JackrabbitAccessControlList
         assertTrue("GrantPrivileges was successful -> at least 1 entry for principal.", entries.length > 0);
 
         for (AccessControlEntry en : entries) {
-            int bits = PrivilegeRegistry.getBits(en.getPrivileges());
+            int bits = privilegeMgr.getBits(en.getPrivileges());
             if (en instanceof JackrabbitAccessControlEntry && ((JackrabbitAccessControlEntry) en).isAllow()) {
                 allows |= bits;
             }
         }
-        assertTrue("After successfully granting WRITE, the entries must reflect this", allows >= PrivilegeRegistry.getBits(privs));
+        assertTrue("After successfully granting WRITE, the entries must reflect this", allows >= privilegeMgr.getBits(privs));
     }
 
     public void testAllowWriteDenyRemove() throws NotExecutableException, RepositoryException {
@@ -169,7 +174,7 @@ public class JackrabbitAccessControlList
         for (AccessControlEntry en : entries) {
             if (princ.equals(en.getPrincipal()) && en instanceof JackrabbitAccessControlEntry) {
                 JackrabbitAccessControlEntry ace = (JackrabbitAccessControlEntry) en;
-                int entryBits = PrivilegeRegistry.getBits(ace.getPrivileges());
+                int entryBits = privilegeMgr.getBits(ace.getPrivileges());
                 if (ace.isAllow()) {
                     allows |= Permission.diff(entryBits, denies);
                 } else {
@@ -178,9 +183,9 @@ public class JackrabbitAccessControlList
             }
         }
 
-        int expectedAllows = PrivilegeRegistry.getBits(grPriv) ^ PrivilegeRegistry.getBits(dePriv);
+        int expectedAllows = privilegeMgr.getBits(grPriv) ^ privilegeMgr.getBits(dePriv);
         assertEquals(expectedAllows, allows);
-        int expectedDenies = PrivilegeRegistry.getBits(dePriv);
+        int expectedDenies = privilegeMgr.getBits(dePriv);
         assertEquals(expectedDenies, denies);
     }
 

Copied: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/PrivilegeManagerTest.java (from r1066459, jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/PrivilegeRegistryTest.java)
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/PrivilegeManagerTest.java?p2=jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/PrivilegeManagerTest.java&p1=jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/PrivilegeRegistryTest.java&r1=1066459&r2=1072154&rev=1072154&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/PrivilegeRegistryTest.java (original)
+++ jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/PrivilegeManagerTest.java Fri Feb 18 21:24:10 2011
@@ -16,60 +16,40 @@
  */
 package org.apache.jackrabbit.core.security.authorization;
 
-import junit.framework.TestCase;
-import javax.jcr.security.AccessControlException;
-import javax.jcr.security.Privilege;
-import org.apache.jackrabbit.spi.commons.conversion.ParsingNameResolver;
+import org.apache.jackrabbit.core.SessionImpl;
+import org.apache.jackrabbit.core.WorkspaceImpl;
+import org.apache.jackrabbit.spi.commons.conversion.IllegalNameException;
 import org.apache.jackrabbit.spi.commons.conversion.NameResolver;
-import org.apache.jackrabbit.spi.commons.name.NameFactoryImpl;
-import org.apache.jackrabbit.spi.commons.namespace.NamespaceResolver;
-import org.apache.jackrabbit.spi.Name;
+import org.apache.jackrabbit.test.AbstractJCRTest;
 
+import javax.jcr.AccessDeniedException;
 import javax.jcr.NamespaceException;
 import javax.jcr.RepositoryException;
+import javax.jcr.Session;
+import javax.jcr.security.AccessControlException;
+import javax.jcr.security.Privilege;
 import java.util.ArrayList;
 import java.util.Arrays;
+import java.util.HashMap;
 import java.util.List;
+import java.util.Map;
 
 /**
- * <code>PrivilegeRegistryTest</code>...
+ * <code>PrivilegeManagerTest</code>...
  */
-public class PrivilegeRegistryTest extends TestCase {
+public class PrivilegeManagerTest extends AbstractJCRTest {
 
     private NameResolver resolver;
-    private PrivilegeRegistry privilegeRegistry;
+    private PrivilegeManager privilegeMgr;
 
+    @Override
     protected void setUp() throws Exception {
         super.setUp();
-        NamespaceResolver nsResolver = new NamespaceResolver() {
-            public String getURI(String prefix) throws NamespaceException {
-                if (Name.NS_JCR_PREFIX.equals(prefix)) {
-                    return Name.NS_JCR_URI;
-                } else if (Name.NS_EMPTY_PREFIX.equals(prefix)) {
-                    return Name.NS_DEFAULT_URI;
-                } else if (Name.NS_REP_PREFIX.equals(prefix)) {
-                    return Name.NS_REP_URI;
-                } else {
-                    throw new NamespaceException();
-                }
-            }
-            public String getPrefix(String uri) throws NamespaceException {
-                if (Name.NS_JCR_URI.equals(uri)) {
-                    return Name.NS_JCR_PREFIX;
-                } else if (Name.NS_DEFAULT_URI.equals(uri)) {
-                    return Name.NS_EMPTY_PREFIX;
-                } else if (Name.NS_REP_URI.equals(uri)) {
-                    return Name.NS_REP_PREFIX;
-                } else {
-                    throw new NamespaceException();
-                }
-            }
-        };
-        resolver = new ParsingNameResolver(NameFactoryImpl.getInstance(), nsResolver);
-        privilegeRegistry = new PrivilegeRegistry(resolver);
+        resolver = (SessionImpl) superuser;
+        privilegeMgr = ((WorkspaceImpl) superuser.getWorkspace()).getPrivilegeManager();
     }
 
-    private void assertSamePrivilegeName(String expected, String present) throws RepositoryException {
+    private void assertSamePrivilegeName(String expected, String present) throws NamespaceException, IllegalNameException {
         assertEquals("Privilege names are not the same", resolver.getQName(expected), resolver.getQName(present));
     }
 
@@ -77,82 +57,85 @@ public class PrivilegeRegistryTest exten
             throws RepositoryException {
         Privilege[] privs = new Privilege[privNames.length];
         for (int i = 0; i < privNames.length; i++) {
-            privs[i] = privilegeRegistry.getPrivilege(privNames[i]);
+            privs[i] = privilegeMgr.getPrivilege(privNames[i]);
         }
         return privs;
     }
 
     public void testRegisteredPrivileges() throws RepositoryException {
-        Privilege[] ps = privilegeRegistry.getRegisteredPrivileges();
+        Privilege[] ps = privilegeMgr.getRegisteredPrivileges();
 
         List<Privilege> l = new ArrayList<Privilege>(Arrays.asList(ps));
-        assertTrue(l.remove(privilegeRegistry.getPrivilege(Privilege.JCR_READ)));
-        assertTrue(l.remove(privilegeRegistry.getPrivilege(Privilege.JCR_ADD_CHILD_NODES)));
-        assertTrue(l.remove(privilegeRegistry.getPrivilege(Privilege.JCR_REMOVE_CHILD_NODES)));
-        assertTrue(l.remove(privilegeRegistry.getPrivilege(Privilege.JCR_MODIFY_PROPERTIES)));
-        assertTrue(l.remove(privilegeRegistry.getPrivilege(Privilege.JCR_REMOVE_NODE)));
-        assertTrue(l.remove(privilegeRegistry.getPrivilege(Privilege.JCR_READ_ACCESS_CONTROL)));
-        assertTrue(l.remove(privilegeRegistry.getPrivilege(Privilege.JCR_MODIFY_ACCESS_CONTROL)));
-        assertTrue(l.remove(privilegeRegistry.getPrivilege(Privilege.JCR_WRITE)));
-        assertTrue(l.remove(privilegeRegistry.getPrivilege(Privilege.JCR_ALL)));
-        assertTrue(l.remove(privilegeRegistry.getPrivilege(Privilege.JCR_LIFECYCLE_MANAGEMENT)));
-        assertTrue(l.remove(privilegeRegistry.getPrivilege(Privilege.JCR_LOCK_MANAGEMENT)));
-        assertTrue(l.remove(privilegeRegistry.getPrivilege(Privilege.JCR_NODE_TYPE_MANAGEMENT)));
-        assertTrue(l.remove(privilegeRegistry.getPrivilege(Privilege.JCR_RETENTION_MANAGEMENT)));
-        assertTrue(l.remove(privilegeRegistry.getPrivilege(Privilege.JCR_VERSION_MANAGEMENT)));
-        assertTrue(l.remove(privilegeRegistry.getPrivilege(PrivilegeRegistry.REP_WRITE)));        
+        assertTrue(l.remove(privilegeMgr.getPrivilege(Privilege.JCR_READ)));
+        assertTrue(l.remove(privilegeMgr.getPrivilege(Privilege.JCR_ADD_CHILD_NODES)));
+        assertTrue(l.remove(privilegeMgr.getPrivilege(Privilege.JCR_REMOVE_CHILD_NODES)));
+        assertTrue(l.remove(privilegeMgr.getPrivilege(Privilege.JCR_MODIFY_PROPERTIES)));
+        assertTrue(l.remove(privilegeMgr.getPrivilege(Privilege.JCR_REMOVE_NODE)));
+        assertTrue(l.remove(privilegeMgr.getPrivilege(Privilege.JCR_READ_ACCESS_CONTROL)));
+        assertTrue(l.remove(privilegeMgr.getPrivilege(Privilege.JCR_MODIFY_ACCESS_CONTROL)));
+        assertTrue(l.remove(privilegeMgr.getPrivilege(Privilege.JCR_WRITE)));
+        assertTrue(l.remove(privilegeMgr.getPrivilege(Privilege.JCR_ALL)));
+        assertTrue(l.remove(privilegeMgr.getPrivilege(Privilege.JCR_LIFECYCLE_MANAGEMENT)));
+        assertTrue(l.remove(privilegeMgr.getPrivilege(Privilege.JCR_LOCK_MANAGEMENT)));
+        assertTrue(l.remove(privilegeMgr.getPrivilege(Privilege.JCR_NODE_TYPE_MANAGEMENT)));
+        assertTrue(l.remove(privilegeMgr.getPrivilege(Privilege.JCR_RETENTION_MANAGEMENT)));
+        assertTrue(l.remove(privilegeMgr.getPrivilege(Privilege.JCR_VERSION_MANAGEMENT)));
+        assertTrue(l.remove(privilegeMgr.getPrivilege(PrivilegeRegistry.REP_WRITE)));
         assertTrue(l.isEmpty());
     }
 
     public void testAllPrivilege() throws RepositoryException {
-        Privilege p = privilegeRegistry.getPrivilege(Privilege.JCR_ALL);
+        Privilege p = privilegeMgr.getPrivilege(Privilege.JCR_ALL);
         assertSamePrivilegeName(p.getName(), Privilege.JCR_ALL);
         assertTrue(p.isAggregate());
         assertFalse(p.isAbstract());
 
         List<Privilege> l = new ArrayList<Privilege>(Arrays.asList(p.getAggregatePrivileges()));
-        assertTrue(l.remove(privilegeRegistry.getPrivilege(Privilege.JCR_READ)));
-        assertTrue(l.remove(privilegeRegistry.getPrivilege(Privilege.JCR_ADD_CHILD_NODES)));
-        assertTrue(l.remove(privilegeRegistry.getPrivilege(Privilege.JCR_REMOVE_CHILD_NODES)));
-        assertTrue(l.remove(privilegeRegistry.getPrivilege(Privilege.JCR_MODIFY_PROPERTIES)));
-        assertTrue(l.remove(privilegeRegistry.getPrivilege(Privilege.JCR_REMOVE_NODE)));
-        assertTrue(l.remove(privilegeRegistry.getPrivilege(Privilege.JCR_READ_ACCESS_CONTROL)));
-        assertTrue(l.remove(privilegeRegistry.getPrivilege(Privilege.JCR_MODIFY_ACCESS_CONTROL)));
-        assertTrue(l.remove(privilegeRegistry.getPrivilege(Privilege.JCR_LIFECYCLE_MANAGEMENT)));
-        assertTrue(l.remove(privilegeRegistry.getPrivilege(Privilege.JCR_LOCK_MANAGEMENT)));
-        assertTrue(l.remove(privilegeRegistry.getPrivilege(Privilege.JCR_NODE_TYPE_MANAGEMENT)));
-        assertTrue(l.remove(privilegeRegistry.getPrivilege(Privilege.JCR_RETENTION_MANAGEMENT)));
-        assertTrue(l.remove(privilegeRegistry.getPrivilege(Privilege.JCR_VERSION_MANAGEMENT)));
+        assertTrue(l.remove(privilegeMgr.getPrivilege(Privilege.JCR_READ)));
+        assertTrue(l.remove(privilegeMgr.getPrivilege(Privilege.JCR_ADD_CHILD_NODES)));
+        assertTrue(l.remove(privilegeMgr.getPrivilege(Privilege.JCR_REMOVE_CHILD_NODES)));
+        assertTrue(l.remove(privilegeMgr.getPrivilege(Privilege.JCR_MODIFY_PROPERTIES)));
+        assertTrue(l.remove(privilegeMgr.getPrivilege(Privilege.JCR_REMOVE_NODE)));
+        assertTrue(l.remove(privilegeMgr.getPrivilege(Privilege.JCR_READ_ACCESS_CONTROL)));
+        assertTrue(l.remove(privilegeMgr.getPrivilege(Privilege.JCR_MODIFY_ACCESS_CONTROL)));
+        assertTrue(l.remove(privilegeMgr.getPrivilege(Privilege.JCR_LIFECYCLE_MANAGEMENT)));
+        assertTrue(l.remove(privilegeMgr.getPrivilege(Privilege.JCR_LOCK_MANAGEMENT)));
+        assertTrue(l.remove(privilegeMgr.getPrivilege(Privilege.JCR_NODE_TYPE_MANAGEMENT)));
+        assertTrue(l.remove(privilegeMgr.getPrivilege(Privilege.JCR_RETENTION_MANAGEMENT)));
+        assertTrue(l.remove(privilegeMgr.getPrivilege(Privilege.JCR_VERSION_MANAGEMENT)));
+        assertTrue(l.remove(privilegeMgr.getPrivilege(Privilege.JCR_WRITE)));
+        assertTrue(l.remove(privilegeMgr.getPrivilege(PrivilegeRegistry.REP_WRITE)));
         assertTrue(l.isEmpty());
 
         l = new ArrayList<Privilege>(Arrays.asList(p.getDeclaredAggregatePrivileges()));
-        assertTrue(l.remove(privilegeRegistry.getPrivilege(Privilege.JCR_READ)));
-        assertTrue(l.remove(privilegeRegistry.getPrivilege(Privilege.JCR_WRITE)));
-        assertTrue(l.remove(privilegeRegistry.getPrivilege(PrivilegeRegistry.REP_WRITE)));
-        assertTrue(l.remove(privilegeRegistry.getPrivilege(Privilege.JCR_READ_ACCESS_CONTROL)));
-        assertTrue(l.remove(privilegeRegistry.getPrivilege(Privilege.JCR_MODIFY_ACCESS_CONTROL)));
-        assertTrue(l.remove(privilegeRegistry.getPrivilege(Privilege.JCR_LIFECYCLE_MANAGEMENT)));
-        assertTrue(l.remove(privilegeRegistry.getPrivilege(Privilege.JCR_LOCK_MANAGEMENT)));
-        assertTrue(l.remove(privilegeRegistry.getPrivilege(Privilege.JCR_RETENTION_MANAGEMENT)));
-        assertTrue(l.remove(privilegeRegistry.getPrivilege(Privilege.JCR_VERSION_MANAGEMENT)));
+        assertTrue(l.remove(privilegeMgr.getPrivilege(Privilege.JCR_READ)));
+        assertTrue(l.remove(privilegeMgr.getPrivilege(Privilege.JCR_WRITE)));
+        assertTrue(l.remove(privilegeMgr.getPrivilege(PrivilegeRegistry.REP_WRITE)));
+        assertTrue(l.remove(privilegeMgr.getPrivilege(Privilege.JCR_READ_ACCESS_CONTROL)));
+        assertTrue(l.remove(privilegeMgr.getPrivilege(Privilege.JCR_MODIFY_ACCESS_CONTROL)));
+        assertTrue(l.remove(privilegeMgr.getPrivilege(Privilege.JCR_LIFECYCLE_MANAGEMENT)));
+        assertTrue(l.remove(privilegeMgr.getPrivilege(Privilege.JCR_LOCK_MANAGEMENT)));
+        assertTrue(l.remove(privilegeMgr.getPrivilege(Privilege.JCR_RETENTION_MANAGEMENT)));
+        assertTrue(l.remove(privilegeMgr.getPrivilege(Privilege.JCR_VERSION_MANAGEMENT)));
+        assertTrue(l.remove(privilegeMgr.getPrivilege(Privilege.JCR_NODE_TYPE_MANAGEMENT)));        
         assertTrue(l.isEmpty());
     }
 
     public void testGetBits() throws RepositoryException {
-        Privilege p1 = privilegeRegistry.getPrivilege(Privilege.JCR_ADD_CHILD_NODES);
-        Privilege p2 = privilegeRegistry.getPrivilege(Privilege.JCR_REMOVE_CHILD_NODES);
+        Privilege p1 = privilegeMgr.getPrivilege(Privilege.JCR_ADD_CHILD_NODES);
+        Privilege p2 = privilegeMgr.getPrivilege(Privilege.JCR_REMOVE_CHILD_NODES);
         Privilege[] privs = new Privilege[] {p1, p2};
 
-        int bits = PrivilegeRegistry.getBits(privs);
+        int bits = privilegeMgr.getBits(privs);
         assertTrue(bits > PrivilegeRegistry.NO_PRIVILEGE);
-        assertTrue(bits == (PrivilegeRegistry.getBits(new Privilege[] {p1}) |
-                PrivilegeRegistry.getBits(new Privilege[] {p2})));
+        assertTrue(bits == (privilegeMgr.getBits(new Privilege[] {p1}) |
+                privilegeMgr.getBits(new Privilege[] {p2})));
     }
 
     public void testGetBitsFromCustomPrivilege() throws AccessControlException {
         Privilege p = buildCustomPrivilege(Privilege.JCR_READ, null);
         try {
-            int bits = PrivilegeRegistry.getBits(new Privilege[] {p});
+            privilegeMgr.getBits(new Privilege[] {p});
             fail("Retrieving bits from unknown privilege should fail.");
         } catch (AccessControlException e) {
             // ok
@@ -160,9 +143,9 @@ public class PrivilegeRegistryTest exten
     }
 
     public void testGetBitsFromCustomAggregatePrivilege() throws RepositoryException {
-        Privilege p = buildCustomPrivilege("anyName", privilegeRegistry.getPrivilege(Privilege.JCR_WRITE));
+        Privilege p = buildCustomPrivilege("anyName", privilegeMgr.getPrivilege(Privilege.JCR_WRITE));
         try {
-            int bits = PrivilegeRegistry.getBits(new Privilege[] {p});
+            privilegeMgr.getBits(new Privilege[] {p});
             fail("Retrieving bits from unknown privilege should fail.");
         } catch (AccessControlException e) {
             // ok
@@ -171,16 +154,34 @@ public class PrivilegeRegistryTest exten
 
     public void testGetBitsFromNull() {
         try {
-            PrivilegeRegistry.getBits(null);
+            privilegeMgr.getBits((Privilege[]) null);
             fail("Should throw AccessControlException");
         } catch (AccessControlException e) {
             // ok
         }
     }
 
-    public void testGetBitsFromEmptyArray() {
+    public void testGetBitsFromNullString() {
         try {
-            PrivilegeRegistry.getBits(new Privilege[0]);
+            privilegeMgr.getBits((String[]) null);
+            fail("Should throw AccessControlException");
+        } catch (AccessControlException e) {
+            // ok
+        }
+    }
+
+    public void testGetBitsFromEmptyArray() throws AccessControlException {
+        try {
+            privilegeMgr.getBits(new Privilege[0]);
+            fail("Should throw AccessControlException");
+        } catch (AccessControlException e) {
+            // ok
+        }
+    }
+
+    public void testGetBitsFromEmptyStringArray() throws AccessControlException {
+        try {
+            privilegeMgr.getBits(new String[0]);
             fail("Should throw AccessControlException");
         } catch (AccessControlException e) {
             // ok
@@ -190,7 +191,7 @@ public class PrivilegeRegistryTest exten
     public void testGetBitsWithInvalidPrivilege() {
         Privilege p = buildCustomPrivilege("anyName", null);
         try {
-            PrivilegeRegistry.getBits(new Privilege[] {p});
+            privilegeMgr.getBits(new Privilege[] {p});
             fail();
         } catch (AccessControlException e) {
             // ok
@@ -198,7 +199,7 @@ public class PrivilegeRegistryTest exten
     }
 
     public void testGetPrivilegesFromBits() throws RepositoryException {
-        Privilege[] pvs = privilegeRegistry.getPrivileges(PrivilegeRegistry.getBits(privilegesFromNames(new String[] {Privilege.JCR_READ_ACCESS_CONTROL})));
+        Privilege[] pvs = privilegeMgr.getPrivileges(privilegeMgr.getBits(privilegesFromNames(new String[] {Privilege.JCR_READ_ACCESS_CONTROL})));
 
         assertTrue(pvs != null);
         assertTrue(pvs.length == 1);
@@ -212,8 +213,8 @@ public class PrivilegeRegistryTest exten
                 Privilege.JCR_REMOVE_NODE,
                 Privilege.JCR_MODIFY_PROPERTIES
         };
-        int writeBits = PrivilegeRegistry.getBits(privilegesFromNames(names));
-        Privilege[] pvs = privilegeRegistry.getPrivileges(writeBits);
+        int writeBits = privilegeMgr.getBits(privilegesFromNames(names));
+        Privilege[] pvs = privilegeMgr.getPrivileges(writeBits);
 
         assertTrue(pvs != null);
         assertTrue(pvs.length == 1);
@@ -226,8 +227,8 @@ public class PrivilegeRegistryTest exten
         String[] names = new String[] {
                 PrivilegeRegistry.REP_WRITE
         };
-        int writeBits = PrivilegeRegistry.getBits(privilegesFromNames(names));
-        Privilege[] pvs = privilegeRegistry.getPrivileges(writeBits);
+        int writeBits = privilegeMgr.getBits(privilegesFromNames(names));
+        Privilege[] pvs = privilegeMgr.getPrivileges(writeBits);
 
         assertTrue(pvs != null);
         assertTrue(pvs.length == 1);
@@ -238,8 +239,8 @@ public class PrivilegeRegistryTest exten
                 PrivilegeRegistry.REP_WRITE,
                 Privilege.JCR_WRITE
         };
-        writeBits = PrivilegeRegistry.getBits(privilegesFromNames(names));
-        pvs = privilegeRegistry.getPrivileges(writeBits);
+        writeBits = privilegeMgr.getBits(privilegesFromNames(names));
+        pvs = privilegeMgr.getPrivileges(writeBits);
 
         assertTrue(pvs != null);
         assertTrue(pvs.length == 1);
@@ -253,21 +254,21 @@ public class PrivilegeRegistryTest exten
                 PrivilegeRegistry.REP_WRITE,
                 Privilege.JCR_LIFECYCLE_MANAGEMENT
         };
-        int writeBits = PrivilegeRegistry.getBits(privilegesFromNames(names));
-        Privilege[] pvs = privilegeRegistry.getPrivileges(writeBits);
+        int writeBits = privilegeMgr.getBits(privilegesFromNames(names));
+        Privilege[] pvs = privilegeMgr.getPrivileges(writeBits);
 
         assertTrue(pvs != null);
         assertTrue(pvs.length == 2);
     }
 
     public void testGetPrivilegeFromName() throws AccessControlException, RepositoryException {
-        Privilege p = privilegeRegistry.getPrivilege(Privilege.JCR_READ);
+        Privilege p = privilegeMgr.getPrivilege(Privilege.JCR_READ);
 
         assertTrue(p != null);
         assertSamePrivilegeName(Privilege.JCR_READ, p.getName());
         assertFalse(p.isAggregate());
 
-        p = privilegeRegistry.getPrivilege(Privilege.JCR_WRITE);
+        p = privilegeMgr.getPrivilege(Privilege.JCR_WRITE);
 
         assertTrue(p != null);
         assertSamePrivilegeName(p.getName(), Privilege.JCR_WRITE);
@@ -276,7 +277,7 @@ public class PrivilegeRegistryTest exten
 
     public void testGetPrivilegesFromInvalidName() throws RepositoryException {
         try {
-            privilegeRegistry.getPrivilege("unknown");
+            privilegeMgr.getPrivilege("unknown");
             fail("invalid privilege name");
         } catch (AccessControlException e) {
             // OK
@@ -285,7 +286,7 @@ public class PrivilegeRegistryTest exten
 
     public void testGetPrivilegesFromEmptyNames() {
         try {
-            privilegeRegistry.getPrivilege("");
+            privilegeMgr.getPrivilege("");
             fail("invalid privilege name array");
         } catch (AccessControlException e) {
             // OK
@@ -296,14 +297,45 @@ public class PrivilegeRegistryTest exten
 
     public void testGetPrivilegesFromNullNames() {
         try {
-            privilegeRegistry.getPrivilege(null);
+            privilegeMgr.getPrivilege(null);
             fail("invalid privilege name (null)");
         } catch (Exception e) {
             // OK
         }
     }
 
-     private Privilege buildCustomPrivilege(final String name, final Privilege declaredAggr) {
+    public void testRegisterPrivilegeWithIllegalName() throws RepositoryException {
+        Map<String, String[]> illegal = new HashMap<String, String[]>();
+        illegal.put("invalid:privilegeName", new String[0]);
+        illegal.put("jcr:newPrivilege", new String[] {"invalid:privilegeName"});
+        illegal.put(".e:privilegeName", new String[0]);
+        illegal.put("jcr:newPrivilege", new String[] {".e:privilegeName"});
+
+        for (String illegalName : illegal.keySet()) {
+            try {
+                privilegeMgr.registerPrivilege(illegalName, true, illegal.get(illegalName));
+                fail("Illegal name -> Exception expected");
+            } catch (NamespaceException e) {
+                // success
+            } catch (IllegalNameException e) {
+                // success
+            }
+        }
+    }
+
+    public void testRegisterPrivilegeAsNonAdmin() throws RepositoryException {
+        Session s = getHelper().getReadOnlySession();
+        try {
+            ((WorkspaceImpl) s.getWorkspace()).getPrivilegeManager().registerPrivilege("test", true, new String[0]);
+            fail("Only admin is allowed to register privileges.");
+        } catch (AccessDeniedException e) {
+            // success
+        } finally {
+            s.logout();
+        }
+    }
+
+    private Privilege buildCustomPrivilege(final String name, final Privilege declaredAggr) {
         return new Privilege() {
 
             public String getName() {

Modified: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/PrivilegeRegistryTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/PrivilegeRegistryTest.java?rev=1072154&r1=1072153&r2=1072154&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/PrivilegeRegistryTest.java (original)
+++ jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/PrivilegeRegistryTest.java Fri Feb 18 21:24:10 2011
@@ -16,57 +16,179 @@
  */
 package org.apache.jackrabbit.core.security.authorization;
 
-import junit.framework.TestCase;
-import javax.jcr.security.AccessControlException;
-import javax.jcr.security.Privilege;
-import org.apache.jackrabbit.spi.commons.conversion.ParsingNameResolver;
-import org.apache.jackrabbit.spi.commons.conversion.NameResolver;
-import org.apache.jackrabbit.spi.commons.name.NameFactoryImpl;
-import org.apache.jackrabbit.spi.commons.namespace.NamespaceResolver;
+import org.apache.jackrabbit.core.RepositoryImpl;
+import org.apache.jackrabbit.core.SessionImpl;
+import org.apache.jackrabbit.core.fs.FileSystem;
+import org.apache.jackrabbit.core.fs.FileSystemException;
+import org.apache.jackrabbit.core.fs.FileSystemResource;
 import org.apache.jackrabbit.spi.Name;
+import org.apache.jackrabbit.spi.commons.conversion.IllegalNameException;
+import org.apache.jackrabbit.spi.commons.conversion.NameResolver;
+import org.apache.jackrabbit.spi.commons.name.NameConstants;
+import org.apache.jackrabbit.test.AbstractJCRTest;
 
 import javax.jcr.NamespaceException;
 import javax.jcr.RepositoryException;
+import javax.jcr.security.AccessControlException;
+import javax.jcr.security.Privilege;
+import java.io.IOException;
+import java.io.OutputStreamWriter;
+import java.io.Writer;
 import java.util.ArrayList;
 import java.util.Arrays;
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.HashSet;
 import java.util.List;
+import java.util.Map;
+import java.util.Set;
 
 /**
  * <code>PrivilegeRegistryTest</code>...
  */
-public class PrivilegeRegistryTest extends TestCase {
+public class PrivilegeRegistryTest extends AbstractJCRTest {
 
     private NameResolver resolver;
     private PrivilegeRegistry privilegeRegistry;
 
+    @Override
     protected void setUp() throws Exception {
         super.setUp();
-        NamespaceResolver nsResolver = new NamespaceResolver() {
-            public String getURI(String prefix) throws NamespaceException {
-                if (Name.NS_JCR_PREFIX.equals(prefix)) {
-                    return Name.NS_JCR_URI;
-                } else if (Name.NS_EMPTY_PREFIX.equals(prefix)) {
-                    return Name.NS_DEFAULT_URI;
-                } else if (Name.NS_REP_PREFIX.equals(prefix)) {
-                    return Name.NS_REP_URI;
-                } else {
-                    throw new NamespaceException();
-                }
+        resolver = ((SessionImpl) superuser);
+        privilegeRegistry = new PrivilegeRegistry(resolver);
+    }
+
+    public void testGetAll() throws RepositoryException {
+
+        PrivilegeRegistry.PrivilegeDefinition[] defs = privilegeRegistry.getAll();
+
+        List<PrivilegeRegistry.PrivilegeDefinition> l = new ArrayList<PrivilegeRegistry.PrivilegeDefinition>(Arrays.asList(defs));
+        assertTrue(l.remove(privilegeRegistry.get(NameConstants.JCR_READ)));
+        assertTrue(l.remove(privilegeRegistry.get(NameConstants.JCR_ADD_CHILD_NODES)));
+        assertTrue(l.remove(privilegeRegistry.get(NameConstants.JCR_REMOVE_CHILD_NODES)));
+        assertTrue(l.remove(privilegeRegistry.get(NameConstants.JCR_MODIFY_PROPERTIES)));
+        assertTrue(l.remove(privilegeRegistry.get(NameConstants.JCR_REMOVE_NODE)));
+        assertTrue(l.remove(privilegeRegistry.get(NameConstants.JCR_READ_ACCESS_CONTROL)));
+        assertTrue(l.remove(privilegeRegistry.get(NameConstants.JCR_MODIFY_ACCESS_CONTROL)));
+        assertTrue(l.remove(privilegeRegistry.get(NameConstants.JCR_WRITE)));
+        assertTrue(l.remove(privilegeRegistry.get(NameConstants.JCR_ALL)));
+        assertTrue(l.remove(privilegeRegistry.get(NameConstants.JCR_LIFECYCLE_MANAGEMENT)));
+        assertTrue(l.remove(privilegeRegistry.get(NameConstants.JCR_LOCK_MANAGEMENT)));
+        assertTrue(l.remove(privilegeRegistry.get(NameConstants.JCR_NODE_TYPE_MANAGEMENT)));
+        assertTrue(l.remove(privilegeRegistry.get(NameConstants.JCR_RETENTION_MANAGEMENT)));
+        assertTrue(l.remove(privilegeRegistry.get(NameConstants.JCR_VERSION_MANAGEMENT)));
+        assertTrue(l.remove(privilegeRegistry.get(resolver.getQName(PrivilegeRegistry.REP_WRITE))));
+
+        assertTrue(l.isEmpty());
+    }
+
+
+    public void testGet() throws RepositoryException {
+
+        for (PrivilegeRegistry.PrivilegeDefinition def : privilegeRegistry.getAll()) {
+
+            PrivilegeRegistry.PrivilegeDefinition d = privilegeRegistry.get(def.name);
+            assertEquals(def, d);
+
+            assertNotNull(d.name);
+            assertEquals(d.name, d.getName());
+
+            assertFalse(d.isAbstract);
+            assertEquals(d.isAbstract, d.isAbstract());
+
+            assertNotNull(d.declaredAggregateNames);
+            List<Name> l = Arrays.asList(d.getDeclaredAggregateNames());
+            assertTrue(d.declaredAggregateNames.containsAll(l));
+            assertTrue(l.containsAll(d.declaredAggregateNames));
+
+            assertTrue(d.getBits() > PrivilegeRegistry.NO_PRIVILEGE);
+        }
+    }
+
+    public void testAggregates() throws RepositoryException {
+
+        for (PrivilegeRegistry.PrivilegeDefinition def : privilegeRegistry.getAll()) {
+            if (def.declaredAggregateNames.isEmpty()) {
+                continue; // ignore non aggregate
             }
-            public String getPrefix(String uri) throws NamespaceException {
-                if (Name.NS_JCR_URI.equals(uri)) {
-                    return Name.NS_JCR_PREFIX;
-                } else if (Name.NS_DEFAULT_URI.equals(uri)) {
-                    return Name.NS_EMPTY_PREFIX;
-                } else if (Name.NS_REP_URI.equals(uri)) {
-                    return Name.NS_REP_PREFIX;
-                } else {
-                    throw new NamespaceException();
-                }
+
+            List<Name> l = Arrays.asList(def.getDeclaredAggregateNames());
+            for (Name n : l) {
+                PrivilegeRegistry.PrivilegeDefinition d = privilegeRegistry.get(n);
+                assertNotNull(d);
+                Name[] names = privilegeRegistry.getNames(d.getBits());
+                assertNotNull(names);
+                assertEquals(1, names.length);
+                assertEquals(d.name, names[0]);
             }
-        };
-        resolver = new ParsingNameResolver(NameFactoryImpl.getInstance(), nsResolver);
-        privilegeRegistry = new PrivilegeRegistry(resolver);
+        }
+    }
+
+    public void testPrivilegeDefinition() throws RepositoryException {
+
+        for (PrivilegeRegistry.PrivilegeDefinition def : privilegeRegistry.getAll()) {
+
+            assertNotNull(def.name);
+            assertEquals(def.name, def.getName());
+
+            assertFalse(def.isAbstract);
+            assertEquals(def.isAbstract, def.isAbstract());
+
+            assertNotNull(def.declaredAggregateNames);
+            List l = Arrays.asList(def.getDeclaredAggregateNames());
+            assertTrue(def.declaredAggregateNames.containsAll(l));
+            assertTrue(l.containsAll(def.declaredAggregateNames));
+
+            assertTrue(def.getBits() > PrivilegeRegistry.NO_PRIVILEGE);
+        }
+    }
+
+    public void testJcrAll() throws RepositoryException {
+        PrivilegeRegistry.PrivilegeDefinition p = privilegeRegistry.get(NameConstants.JCR_ALL);
+        assertEquals(p.getName(), NameConstants.JCR_ALL);
+        assertFalse(p.declaredAggregateNames.isEmpty());
+        assertFalse(p.isAbstract());
+
+        Set<Name> l = new HashSet<Name>(p.declaredAggregateNames);
+        assertTrue(l.remove(NameConstants.JCR_READ));
+        assertTrue(l.remove(NameConstants.JCR_WRITE));
+        assertTrue(l.remove(resolver.getQName(PrivilegeRegistry.REP_WRITE)));
+        assertTrue(l.remove(NameConstants.JCR_READ_ACCESS_CONTROL));
+        assertTrue(l.remove(NameConstants.JCR_MODIFY_ACCESS_CONTROL));
+        assertTrue(l.remove(NameConstants.JCR_LIFECYCLE_MANAGEMENT));
+        assertTrue(l.remove(NameConstants.JCR_LOCK_MANAGEMENT));
+        assertTrue(l.remove(NameConstants.JCR_NODE_TYPE_MANAGEMENT));
+        assertTrue(l.remove(NameConstants.JCR_RETENTION_MANAGEMENT));
+        assertTrue(l.remove(NameConstants.JCR_VERSION_MANAGEMENT));
+        assertTrue(l.isEmpty());
+    }
+
+    public void testJcrWrite() throws RepositoryException {
+        Name rw = resolver.getQName(PrivilegeRegistry.REP_WRITE);
+        PrivilegeRegistry.PrivilegeDefinition p = privilegeRegistry.get(rw);
+
+        assertEquals(p.getName(), rw);
+        assertFalse(p.declaredAggregateNames.isEmpty());
+        assertFalse(p.isAbstract());
+
+        Set<Name> l = new HashSet<Name>(p.declaredAggregateNames);
+        assertTrue(l.remove(NameConstants.JCR_WRITE));
+        assertTrue(l.remove(NameConstants.JCR_NODE_TYPE_MANAGEMENT));
+        assertTrue(l.isEmpty());
+    }
+
+    public void testRepWrite() throws RepositoryException {
+        PrivilegeRegistry.PrivilegeDefinition p = privilegeRegistry.get(NameConstants.JCR_WRITE);
+        assertEquals(p.getName(), NameConstants.JCR_WRITE);
+        assertFalse(p.declaredAggregateNames.isEmpty());
+        assertFalse(p.isAbstract());
+
+        Set<Name> l = new HashSet<Name>(p.declaredAggregateNames);
+        assertTrue(l.remove(NameConstants.JCR_MODIFY_PROPERTIES));
+        assertTrue(l.remove(NameConstants.JCR_ADD_CHILD_NODES));
+        assertTrue(l.remove(NameConstants.JCR_REMOVE_CHILD_NODES));
+        assertTrue(l.remove(NameConstants.JCR_REMOVE_NODE));
+        assertTrue(l.isEmpty());
     }
 
     private void assertSamePrivilegeName(String expected, String present) throws RepositoryException {
@@ -100,7 +222,7 @@ public class PrivilegeRegistryTest exten
         assertTrue(l.remove(privilegeRegistry.getPrivilege(Privilege.JCR_NODE_TYPE_MANAGEMENT)));
         assertTrue(l.remove(privilegeRegistry.getPrivilege(Privilege.JCR_RETENTION_MANAGEMENT)));
         assertTrue(l.remove(privilegeRegistry.getPrivilege(Privilege.JCR_VERSION_MANAGEMENT)));
-        assertTrue(l.remove(privilegeRegistry.getPrivilege(PrivilegeRegistry.REP_WRITE)));        
+        assertTrue(l.remove(privilegeRegistry.getPrivilege(PrivilegeRegistry.REP_WRITE)));
         assertTrue(l.isEmpty());
     }
 
@@ -123,6 +245,8 @@ public class PrivilegeRegistryTest exten
         assertTrue(l.remove(privilegeRegistry.getPrivilege(Privilege.JCR_NODE_TYPE_MANAGEMENT)));
         assertTrue(l.remove(privilegeRegistry.getPrivilege(Privilege.JCR_RETENTION_MANAGEMENT)));
         assertTrue(l.remove(privilegeRegistry.getPrivilege(Privilege.JCR_VERSION_MANAGEMENT)));
+        assertTrue(l.remove(privilegeRegistry.getPrivilege(Privilege.JCR_WRITE)));
+        assertTrue(l.remove(privilegeRegistry.getPrivilege(PrivilegeRegistry.REP_WRITE)));
         assertTrue(l.isEmpty());
 
         l = new ArrayList<Privilege>(Arrays.asList(p.getDeclaredAggregatePrivileges()));
@@ -135,6 +259,7 @@ public class PrivilegeRegistryTest exten
         assertTrue(l.remove(privilegeRegistry.getPrivilege(Privilege.JCR_LOCK_MANAGEMENT)));
         assertTrue(l.remove(privilegeRegistry.getPrivilege(Privilege.JCR_RETENTION_MANAGEMENT)));
         assertTrue(l.remove(privilegeRegistry.getPrivilege(Privilege.JCR_VERSION_MANAGEMENT)));
+        assertTrue(l.remove(privilegeRegistry.getPrivilege(Privilege.JCR_NODE_TYPE_MANAGEMENT)));
         assertTrue(l.isEmpty());
     }
 
@@ -152,7 +277,7 @@ public class PrivilegeRegistryTest exten
     public void testGetBitsFromCustomPrivilege() throws AccessControlException {
         Privilege p = buildCustomPrivilege(Privilege.JCR_READ, null);
         try {
-            int bits = PrivilegeRegistry.getBits(new Privilege[] {p});
+            PrivilegeRegistry.getBits(new Privilege[] {p});
             fail("Retrieving bits from unknown privilege should fail.");
         } catch (AccessControlException e) {
             // ok
@@ -162,7 +287,7 @@ public class PrivilegeRegistryTest exten
     public void testGetBitsFromCustomAggregatePrivilege() throws RepositoryException {
         Privilege p = buildCustomPrivilege("anyName", privilegeRegistry.getPrivilege(Privilege.JCR_WRITE));
         try {
-            int bits = PrivilegeRegistry.getBits(new Privilege[] {p});
+            PrivilegeRegistry.getBits(new Privilege[] {p});
             fail("Retrieving bits from unknown privilege should fail.");
         } catch (AccessControlException e) {
             // ok
@@ -303,7 +428,190 @@ public class PrivilegeRegistryTest exten
         }
     }
 
-     private Privilege buildCustomPrivilege(final String name, final Privilege declaredAggr) {
+    public void testInvalidCustomDefinitions() throws RepositoryException, FileSystemException, IOException {
+        // setup the custom privilege file with cyclic references
+        FileSystem fs = ((RepositoryImpl) superuser.getRepository()).getConfig().getFileSystem();
+        FileSystemResource resource = new FileSystemResource(fs, "/privileges/custom_privileges.xml");
+        if (!resource.exists()) {
+            resource.makeParentDirs();
+        }
+        StringBuilder sb = new StringBuilder();
+        sb.append("test;;test2\n");
+
+        Writer writer = new OutputStreamWriter(resource.getOutputStream(), "utf-8");
+        writer.write(sb.toString());
+        writer.flush();
+        writer.close();
+
+        try {
+            new PrivilegeRegistry(superuser.getWorkspace().getNamespaceRegistry(), fs);
+            fail("Invalid names must be detected upon registry startup.");
+        } catch (IllegalArgumentException e) {
+            // success
+        } finally {
+            fs.deleteFolder("/privileges");
+        }
+    }
+
+    public void testCustomDefinitionsWithCyclicReferences() throws RepositoryException, FileSystemException, IOException {
+        // setup the custom privilege file with cyclic references
+        FileSystem fs = ((RepositoryImpl) superuser.getRepository()).getConfig().getFileSystem();
+        FileSystemResource resource = new FileSystemResource(fs, "/privileges/custom_privileges.xml");
+        if (!resource.exists()) {
+            resource.makeParentDirs();
+        }
+        StringBuilder sb = new StringBuilder();
+        sb.append("{}test;;{}test2\n");
+        sb.append("{}test4;abstract;{}test5\n");
+        sb.append("{}test5;;{}test3\n");
+        sb.append("{}test3;;{}test\n");
+        sb.append("{}test2;;{}test4");
+
+        Writer writer = new OutputStreamWriter(resource.getOutputStream(), "utf-8");
+        writer.write(sb.toString());
+        writer.flush();
+        writer.close();
+
+        try {
+            new PrivilegeRegistry(superuser.getWorkspace().getNamespaceRegistry(), fs);
+            fail("Cyclic definitions must be detected upon registry startup.");
+        } catch (RepositoryException e) {
+            // success
+        } finally {
+            fs.deleteFolder("/privileges");
+        }
+    }
+
+    public void testRegisterBuiltInPrivilege() throws RepositoryException, IllegalNameException, FileSystemException {
+        FileSystem fs = ((RepositoryImpl) superuser.getRepository()).getConfig().getFileSystem();
+        try {
+            PrivilegeRegistry pr = new PrivilegeRegistry(superuser.getWorkspace().getNamespaceRegistry(), fs);
+
+            Map<Name, Set<Name>> builtIns = new HashMap<Name, Set<Name>>();
+            builtIns.put(NameConstants.JCR_READ, Collections.<Name>emptySet());
+            builtIns.put(NameConstants.JCR_LIFECYCLE_MANAGEMENT, Collections.singleton(NameConstants.JCR_ADD_CHILD_NODES));
+            builtIns.put(PrivilegeRegistry.REP_WRITE_NAME, Collections.<Name>emptySet());
+            builtIns.put(NameConstants.JCR_ALL, Collections.<Name>emptySet());
+
+            for (Name builtInName : builtIns.keySet()) {
+                try {
+                    pr.registerDefinition(builtInName, false, builtIns.get(builtInName));
+                    fail("Privilege name already in use -> Exception expected");
+                } catch (RepositoryException e) {
+                    // success
+                }
+            }
+        } finally {
+            fs.deleteFolder("/privileges");
+        }
+    }
+
+    public void testRegisterInvalidNewAggregate() throws RepositoryException, IllegalNameException, FileSystemException {
+        FileSystem fs = ((RepositoryImpl) superuser.getRepository()).getConfig().getFileSystem();
+        try {
+            PrivilegeRegistry pr = new PrivilegeRegistry(superuser.getWorkspace().getNamespaceRegistry(), fs);
+
+            Map<Name, Set<Name>> newAggregates = new HashMap<Name, Set<Name>>();
+            newAggregates.put(resolver.getQName("jcr:newAggregate"), Collections.singleton(NameConstants.JCR_READ));
+            newAggregates.put(resolver.getQName("jcr:newAggregate"), createNameSet(NameConstants.JCR_READ, resolver.getQName("unknownPrivilege")));
+            newAggregates.put(resolver.getQName("newAggregate"), createNameSet(NameConstants.JCR_READ, resolver.getQName("unknownPrivilege")));
+            newAggregates.put(resolver.getQName("newAggregate"), createNameSet(resolver.getQName("newAggregate")));
+
+            for (Name name : newAggregates.keySet()) {
+                try {
+                    pr.registerDefinition(name, true, newAggregates.get(name));
+                    fail("New aggregate referring to unknown Privilege  -> Exception expected");
+                } catch (RepositoryException e) {
+                    // success
+                }
+            }
+        } finally {
+            fs.deleteFolder("/privileges");
+        }
+    }
+
+    public void testRegisterCustomPrivileges() throws RepositoryException, FileSystemException {
+        FileSystem fs = ((RepositoryImpl) superuser.getRepository()).getConfig().getFileSystem();
+        try {
+            PrivilegeRegistry pr = new PrivilegeRegistry(superuser.getWorkspace().getNamespaceRegistry(), fs);
+
+            Map<Name, Set<Name>> newCustomPrivs = new HashMap<Name, Set<Name>>();
+            newCustomPrivs.put(resolver.getQName("new"), Collections.<Name>emptySet());
+
+            for (Name name : newCustomPrivs.keySet()) {
+                boolean isAbstract = true;
+                Set<Name> aggrNames = newCustomPrivs.get(name);
+                pr.registerDefinition(name, isAbstract, aggrNames);
+                PrivilegeRegistry.PrivilegeDefinition definition = pr.get(name);
+
+                assertNotNull(definition);
+                assertEquals(name, definition.getName());
+                assertTrue(definition.isAbstract());
+                assertTrue(definition.declaredAggregateNames.isEmpty());
+                assertEquals(aggrNames.size(), definition.declaredAggregateNames.size());
+                for (Name n : aggrNames) {
+                    assertTrue(definition.declaredAggregateNames.contains(n));
+                }
+
+                List<Name> allAgg = Arrays.asList(pr.get(NameConstants.JCR_ALL).getDeclaredAggregateNames());
+                assertTrue(allAgg.contains(name));
+
+                // re-read the filesystem resource and check if definition is correct
+                PrivilegeRegistry registry = new PrivilegeRegistry(superuser.getWorkspace().getNamespaceRegistry(), fs);
+                PrivilegeRegistry.PrivilegeDefinition def = registry.get(name);
+                assertEquals(isAbstract, def.isAbstract);
+                assertEquals(aggrNames.size(), def.declaredAggregateNames.size());
+                for (Name n : aggrNames) {
+                    assertTrue(def.declaredAggregateNames.contains(n));
+                }
+            }
+
+            Map<Name, Set<Name>> newAggregates = new HashMap<Name, Set<Name>>();
+            // a new aggregate of existing built-in privileges
+            newAggregates.put(resolver.getQName("newA1"), createNameSet(NameConstants.JCR_READ, NameConstants.JCR_RETENTION_MANAGEMENT));
+            // a new aggregate of custom and built-in privilege
+            newAggregates.put(resolver.getQName("newA2"), createNameSet(resolver.getQName("new"), NameConstants.JCR_READ));
+
+            for (Name name : newAggregates.keySet()) {
+                boolean isAbstract = false;
+                Set<Name> aggrNames = newAggregates.get(name);
+                pr.registerDefinition(name, isAbstract, aggrNames);
+                PrivilegeRegistry.PrivilegeDefinition definition = pr.get(name);
+
+                assertNotNull(definition);
+                assertEquals(name, definition.getName());
+                assertFalse(definition.isAbstract());
+                assertFalse(definition.declaredAggregateNames.isEmpty());
+                assertEquals(aggrNames.size(), definition.declaredAggregateNames.size());
+                for (Name n : aggrNames) {
+                    assertTrue(definition.declaredAggregateNames.contains(n));
+                }
+
+                List<Name> allAgg = Arrays.asList(pr.get(NameConstants.JCR_ALL).getDeclaredAggregateNames());
+                assertTrue(allAgg.contains(name));
+
+                // re-read the filesystem resource and check if definition is correct
+                PrivilegeRegistry registry = new PrivilegeRegistry(superuser.getWorkspace().getNamespaceRegistry(), fs);
+                PrivilegeRegistry.PrivilegeDefinition def = registry.get(name);
+                assertEquals(isAbstract, def.isAbstract);
+                assertEquals(isAbstract, def.isAbstract);
+                assertEquals(aggrNames.size(), def.declaredAggregateNames.size());
+                for (Name n : aggrNames) {
+                    assertTrue(def.declaredAggregateNames.contains(n));
+                }
+            }
+        } finally {
+            fs.deleteFolder("/privileges");
+        }
+    }
+
+    private static Set<Name> createNameSet(Name... names) {
+        Set<Name> set = new HashSet<Name>();
+        set.addAll(Arrays.asList(names));
+        return set;
+    }
+
+    private Privilege buildCustomPrivilege(final String name, final Privilege declaredAggr) {
         return new Privilege() {
 
             public String getName() {

Modified: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/TestAll.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/TestAll.java?rev=1072154&r1=1072153&r2=1072154&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/TestAll.java (original)
+++ jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/TestAll.java Fri Feb 18 21:24:10 2011
@@ -36,6 +36,7 @@ public class TestAll extends TestCase {
         TestSuite suite = new TestSuite("core.security.authorization tests");
 
         suite.addTestSuite(PrivilegeRegistryTest.class);
+        suite.addTestSuite(PrivilegeManagerTest.class);
         suite.addTestSuite(JackrabbitAccessControlListTest.class);
         suite.addTestSuite(GlobPatternTest.class);
         suite.addTestSuite(PermissionTest.class);

Modified: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/acl/ACLTemplateTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/acl/ACLTemplateTest.java?rev=1072154&r1=1072153&r2=1072154&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/acl/ACLTemplateTest.java (original)
+++ jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/acl/ACLTemplateTest.java Fri Feb 18 21:24:10 2011
@@ -53,14 +53,12 @@ public class ACLTemplateTest extends Abs
     @Override
     protected JackrabbitAccessControlList createEmptyTemplate(String path) throws RepositoryException {
         SessionImpl sImpl = (SessionImpl) superuser;
-        PrincipalManager princicipalMgr = sImpl.getPrincipalManager();
-        PrivilegeRegistry privilegeRegistry = new PrivilegeRegistry(sImpl);
-        return new ACLTemplate(path, princicipalMgr, privilegeRegistry, sImpl.getValueFactory(), sImpl);
+        return new ACLTemplate(path, principalMgr, privilegeMgr, sImpl.getValueFactory(), sImpl);
     }
 
     @Override
     protected Principal getSecondPrincipal() throws Exception {
-        return pMgr.getEveryone();
+        return principalMgr.getEveryone();
     }
 
     public void testMultipleEntryEffect() throws RepositoryException, NotExecutableException {
@@ -124,10 +122,10 @@ public class ACLTemplateTest extends Abs
             ACLTemplate.Entry entry = (ACLTemplate.Entry) entry1;
             int privs = entry.getPrivilegeBits();
             if (entry.isAllow()) {
-                int bits = PrivilegeRegistry.getBits(privileges) ^ PrivilegeRegistry.getBits(privileges2);
+                int bits = privilegeMgr.getBits(privileges) ^ privilegeMgr.getBits(privileges2);
                 assertEquals(privs, bits);
             } else {
-                assertEquals(privs, PrivilegeRegistry.getBits(privileges2));
+                assertEquals(privs, privilegeMgr.getBits(privileges2));
             }
         }
     }
@@ -161,7 +159,7 @@ public class ACLTemplateTest extends Abs
     public void testSetEntryForGroupPrincipal() throws RepositoryException, NotExecutableException {
         JackrabbitAccessControlList pt = createEmptyTemplate(getTestPath());
         Privilege[] privs = privilegesFromName(Privilege.JCR_READ);
-        Group grPrincipal = (Group) pMgr.getEveryone();
+        Group grPrincipal = (Group) principalMgr.getEveryone();
 
         // adding allow-entry must succeed
         assertTrue(pt.addAccessControlEntry(grPrincipal, privs));
@@ -190,7 +188,7 @@ public class ACLTemplateTest extends Abs
         Privilege[] readPriv = privilegesFromName(Privilege.JCR_READ);
         Privilege[] writePriv = privilegesFromName(Privilege.JCR_WRITE);
 
-        Principal principal2 = pMgr.getEveryone();
+        Principal principal2 = principalMgr.getEveryone();
 
         pt.addEntry(testPrincipal, readPriv, true, emptyRestrictions);
         pt.addEntry(principal2, readPriv, true, emptyRestrictions);
@@ -212,7 +210,7 @@ public class ACLTemplateTest extends Abs
 
         Privilege[] readPriv = privilegesFromName(Privilege.JCR_READ);
         Privilege[] writePriv = privilegesFromName(Privilege.JCR_WRITE);
-        Principal principal2 = pMgr.getEveryone();
+        Principal principal2 = principalMgr.getEveryone();
 
         pt.addEntry(testPrincipal, readPriv, true, emptyRestrictions);
         pt.addEntry(principal2, readPriv, true, emptyRestrictions);
@@ -271,7 +269,7 @@ public class ACLTemplateTest extends Abs
         Privilege[] writePriv = privilegesFromName(Privilege.JCR_WRITE);
 
         pt.addEntry(testPrincipal, readPriv, true, emptyRestrictions);
-        pt.addEntry(pMgr.getEveryone(), readPriv, true, emptyRestrictions);
+        pt.addEntry(principalMgr.getEveryone(), readPriv, true, emptyRestrictions);
         pt.addEntry(testPrincipal, writePriv, false, emptyRestrictions);
 
         AccessControlEntry[] entries = pt.getAccessControlEntries();

Modified: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/acl/EntryTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/acl/EntryTest.java?rev=1072154&r1=1072153&r2=1072154&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/acl/EntryTest.java (original)
+++ jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/acl/EntryTest.java Fri Feb 18 21:24:10 2011
@@ -19,9 +19,10 @@ package org.apache.jackrabbit.core.secur
 import org.apache.jackrabbit.api.security.JackrabbitAccessControlEntry;
 import org.apache.jackrabbit.core.NodeImpl;
 import org.apache.jackrabbit.core.SessionImpl;
+import org.apache.jackrabbit.core.WorkspaceImpl;
 import org.apache.jackrabbit.core.id.NodeId;
 import org.apache.jackrabbit.core.security.authorization.AbstractEntryTest;
-import org.apache.jackrabbit.core.security.authorization.PrivilegeRegistry;
+import org.apache.jackrabbit.core.security.authorization.PrivilegeManager;
 import org.apache.jackrabbit.test.NotExecutableException;
 
 import javax.jcr.RepositoryException;
@@ -46,8 +47,9 @@ public class EntryTest extends AbstractE
         super.setUp();
 
         SessionImpl s = (SessionImpl) superuser;
+        PrivilegeManager privMgr = ((WorkspaceImpl) superuser.getWorkspace()).getPrivilegeManager();
 
-        acl = new ACLTemplate(testPath, s.getPrincipalManager(), new PrivilegeRegistry(s), s.getValueFactory(), s);
+        acl = new ACLTemplate(testPath, s.getPrincipalManager(), privMgr, s.getValueFactory(), s);
     }
 
     @Override

Modified: jackrabbit/trunk/jackrabbit-spi-commons/src/main/java/org/apache/jackrabbit/spi/commons/name/NameConstants.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-spi-commons/src/main/java/org/apache/jackrabbit/spi/commons/name/NameConstants.java?rev=1072154&r1=1072153&r2=1072154&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-spi-commons/src/main/java/org/apache/jackrabbit/spi/commons/name/NameConstants.java (original)
+++ jackrabbit/trunk/jackrabbit-spi-commons/src/main/java/org/apache/jackrabbit/spi/commons/name/NameConstants.java Fri Feb 18 21:24:10 2011
@@ -721,4 +721,12 @@ public class NameConstants {
     public static final Name JCR_RETENTION_MANAGEMENT =
         FACTORY.create(Privilege.JCR_RETENTION_MANAGEMENT);
 
+    /** jcr:write */
+    public static final Name JCR_WRITE =
+        FACTORY.create(Privilege.JCR_WRITE);
+
+    /** jcr:all */
+    public static final Name JCR_ALL =
+        FACTORY.create(Privilege.JCR_ALL);
+
 }
\ No newline at end of file



Mime
View raw message