Modified: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/JackrabbitAccessControlListTest.java URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/JackrabbitAccessControlListTest.java?rev=1072154&r1=1072153&r2=1072154&view=diff ============================================================================== --- jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/JackrabbitAccessControlListTest.java (original) +++ jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/JackrabbitAccessControlListTest.java Fri Feb 18 21:24:10 2011 @@ -21,6 +21,8 @@ import org.apache.jackrabbit.api.securit import org.apache.jackrabbit.api.security.JackrabbitAccessControlList; import org.apache.jackrabbit.api.security.principal.PrincipalIterator; import org.apache.jackrabbit.api.security.principal.PrincipalManager; +import org.apache.jackrabbit.core.SessionImpl; +import org.apache.jackrabbit.core.WorkspaceImpl; import org.apache.jackrabbit.test.NotExecutableException; import org.apache.jackrabbit.test.api.security.AbstractAccessControlTest; @@ -43,6 +45,7 @@ import java.util.List; public class JackrabbitAccessControlListTest extends AbstractAccessControlTest { private JackrabbitAccessControlList templ; + private PrivilegeManager privilegeMgr; @Override protected void setUp() throws Exception { @@ -62,6 +65,8 @@ public class JackrabbitAccessControlList superuser.logout(); throw new NotExecutableException("No JackrabbitAccessControlList to test."); } + + privilegeMgr = ((WorkspaceImpl) superuser.getWorkspace()).getPrivilegeManager(); } @Override @@ -117,7 +122,7 @@ public class JackrabbitAccessControlList Principal princ = getValidPrincipal(); Privilege[] priv = privilegesFromName(Privilege.JCR_ALL); - List entriesBefore = Arrays.asList(templ.getAccessControlEntries()); + List entriesBefore = Arrays.asList(templ.getAccessControlEntries()); if (templ.addEntry(princ, priv, true, Collections.emptyMap())) { AccessControlEntry[] entries = templ.getAccessControlEntries(); if (entries.length == 0) { @@ -125,12 +130,12 @@ public class JackrabbitAccessControlList } int allows = 0; for (AccessControlEntry en : entries) { - int bits = PrivilegeRegistry.getBits(en.getPrivileges()); + int bits = privilegeMgr.getBits(en.getPrivileges()); if (en instanceof JackrabbitAccessControlEntry && ((JackrabbitAccessControlEntry) en).isAllow()) { allows |= bits; } } - assertEquals(PrivilegeRegistry.getBits(priv), allows); + assertEquals(privilegeMgr.getBits(priv), allows); } else { AccessControlEntry[] entries = templ.getAccessControlEntries(); assertEquals("Grant ALL not successful -> entries must not have changed.", entriesBefore, Arrays.asList(entries)); @@ -147,12 +152,12 @@ public class JackrabbitAccessControlList assertTrue("GrantPrivileges was successful -> at least 1 entry for principal.", entries.length > 0); for (AccessControlEntry en : entries) { - int bits = PrivilegeRegistry.getBits(en.getPrivileges()); + int bits = privilegeMgr.getBits(en.getPrivileges()); if (en instanceof JackrabbitAccessControlEntry && ((JackrabbitAccessControlEntry) en).isAllow()) { allows |= bits; } } - assertTrue("After successfully granting WRITE, the entries must reflect this", allows >= PrivilegeRegistry.getBits(privs)); + assertTrue("After successfully granting WRITE, the entries must reflect this", allows >= privilegeMgr.getBits(privs)); } public void testAllowWriteDenyRemove() throws NotExecutableException, RepositoryException { @@ -169,7 +174,7 @@ public class JackrabbitAccessControlList for (AccessControlEntry en : entries) { if (princ.equals(en.getPrincipal()) && en instanceof JackrabbitAccessControlEntry) { JackrabbitAccessControlEntry ace = (JackrabbitAccessControlEntry) en; - int entryBits = PrivilegeRegistry.getBits(ace.getPrivileges()); + int entryBits = privilegeMgr.getBits(ace.getPrivileges()); if (ace.isAllow()) { allows |= Permission.diff(entryBits, denies); } else { @@ -178,9 +183,9 @@ public class JackrabbitAccessControlList } } - int expectedAllows = PrivilegeRegistry.getBits(grPriv) ^ PrivilegeRegistry.getBits(dePriv); + int expectedAllows = privilegeMgr.getBits(grPriv) ^ privilegeMgr.getBits(dePriv); assertEquals(expectedAllows, allows); - int expectedDenies = PrivilegeRegistry.getBits(dePriv); + int expectedDenies = privilegeMgr.getBits(dePriv); assertEquals(expectedDenies, denies); } Copied: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/PrivilegeManagerTest.java (from r1066459, jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/PrivilegeRegistryTest.java) URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/PrivilegeManagerTest.java?p2=jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/PrivilegeManagerTest.java&p1=jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/PrivilegeRegistryTest.java&r1=1066459&r2=1072154&rev=1072154&view=diff ============================================================================== --- jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/PrivilegeRegistryTest.java (original) +++ jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/PrivilegeManagerTest.java Fri Feb 18 21:24:10 2011 @@ -16,60 +16,40 @@ */ package org.apache.jackrabbit.core.security.authorization; -import junit.framework.TestCase; -import javax.jcr.security.AccessControlException; -import javax.jcr.security.Privilege; -import org.apache.jackrabbit.spi.commons.conversion.ParsingNameResolver; +import org.apache.jackrabbit.core.SessionImpl; +import org.apache.jackrabbit.core.WorkspaceImpl; +import org.apache.jackrabbit.spi.commons.conversion.IllegalNameException; import org.apache.jackrabbit.spi.commons.conversion.NameResolver; -import org.apache.jackrabbit.spi.commons.name.NameFactoryImpl; -import org.apache.jackrabbit.spi.commons.namespace.NamespaceResolver; -import org.apache.jackrabbit.spi.Name; +import org.apache.jackrabbit.test.AbstractJCRTest; +import javax.jcr.AccessDeniedException; import javax.jcr.NamespaceException; import javax.jcr.RepositoryException; +import javax.jcr.Session; +import javax.jcr.security.AccessControlException; +import javax.jcr.security.Privilege; import java.util.ArrayList; import java.util.Arrays; +import java.util.HashMap; import java.util.List; +import java.util.Map; /** - * PrivilegeRegistryTest... + * PrivilegeManagerTest... */ -public class PrivilegeRegistryTest extends TestCase { +public class PrivilegeManagerTest extends AbstractJCRTest { private NameResolver resolver; - private PrivilegeRegistry privilegeRegistry; + private PrivilegeManager privilegeMgr; + @Override protected void setUp() throws Exception { super.setUp(); - NamespaceResolver nsResolver = new NamespaceResolver() { - public String getURI(String prefix) throws NamespaceException { - if (Name.NS_JCR_PREFIX.equals(prefix)) { - return Name.NS_JCR_URI; - } else if (Name.NS_EMPTY_PREFIX.equals(prefix)) { - return Name.NS_DEFAULT_URI; - } else if (Name.NS_REP_PREFIX.equals(prefix)) { - return Name.NS_REP_URI; - } else { - throw new NamespaceException(); - } - } - public String getPrefix(String uri) throws NamespaceException { - if (Name.NS_JCR_URI.equals(uri)) { - return Name.NS_JCR_PREFIX; - } else if (Name.NS_DEFAULT_URI.equals(uri)) { - return Name.NS_EMPTY_PREFIX; - } else if (Name.NS_REP_URI.equals(uri)) { - return Name.NS_REP_PREFIX; - } else { - throw new NamespaceException(); - } - } - }; - resolver = new ParsingNameResolver(NameFactoryImpl.getInstance(), nsResolver); - privilegeRegistry = new PrivilegeRegistry(resolver); + resolver = (SessionImpl) superuser; + privilegeMgr = ((WorkspaceImpl) superuser.getWorkspace()).getPrivilegeManager(); } - private void assertSamePrivilegeName(String expected, String present) throws RepositoryException { + private void assertSamePrivilegeName(String expected, String present) throws NamespaceException, IllegalNameException { assertEquals("Privilege names are not the same", resolver.getQName(expected), resolver.getQName(present)); } @@ -77,82 +57,85 @@ public class PrivilegeRegistryTest exten throws RepositoryException { Privilege[] privs = new Privilege[privNames.length]; for (int i = 0; i < privNames.length; i++) { - privs[i] = privilegeRegistry.getPrivilege(privNames[i]); + privs[i] = privilegeMgr.getPrivilege(privNames[i]); } return privs; } public void testRegisteredPrivileges() throws RepositoryException { - Privilege[] ps = privilegeRegistry.getRegisteredPrivileges(); + Privilege[] ps = privilegeMgr.getRegisteredPrivileges(); List l = new ArrayList(Arrays.asList(ps)); - assertTrue(l.remove(privilegeRegistry.getPrivilege(Privilege.JCR_READ))); - assertTrue(l.remove(privilegeRegistry.getPrivilege(Privilege.JCR_ADD_CHILD_NODES))); - assertTrue(l.remove(privilegeRegistry.getPrivilege(Privilege.JCR_REMOVE_CHILD_NODES))); - assertTrue(l.remove(privilegeRegistry.getPrivilege(Privilege.JCR_MODIFY_PROPERTIES))); - assertTrue(l.remove(privilegeRegistry.getPrivilege(Privilege.JCR_REMOVE_NODE))); - assertTrue(l.remove(privilegeRegistry.getPrivilege(Privilege.JCR_READ_ACCESS_CONTROL))); - assertTrue(l.remove(privilegeRegistry.getPrivilege(Privilege.JCR_MODIFY_ACCESS_CONTROL))); - assertTrue(l.remove(privilegeRegistry.getPrivilege(Privilege.JCR_WRITE))); - assertTrue(l.remove(privilegeRegistry.getPrivilege(Privilege.JCR_ALL))); - assertTrue(l.remove(privilegeRegistry.getPrivilege(Privilege.JCR_LIFECYCLE_MANAGEMENT))); - assertTrue(l.remove(privilegeRegistry.getPrivilege(Privilege.JCR_LOCK_MANAGEMENT))); - assertTrue(l.remove(privilegeRegistry.getPrivilege(Privilege.JCR_NODE_TYPE_MANAGEMENT))); - assertTrue(l.remove(privilegeRegistry.getPrivilege(Privilege.JCR_RETENTION_MANAGEMENT))); - assertTrue(l.remove(privilegeRegistry.getPrivilege(Privilege.JCR_VERSION_MANAGEMENT))); - assertTrue(l.remove(privilegeRegistry.getPrivilege(PrivilegeRegistry.REP_WRITE))); + assertTrue(l.remove(privilegeMgr.getPrivilege(Privilege.JCR_READ))); + assertTrue(l.remove(privilegeMgr.getPrivilege(Privilege.JCR_ADD_CHILD_NODES))); + assertTrue(l.remove(privilegeMgr.getPrivilege(Privilege.JCR_REMOVE_CHILD_NODES))); + assertTrue(l.remove(privilegeMgr.getPrivilege(Privilege.JCR_MODIFY_PROPERTIES))); + assertTrue(l.remove(privilegeMgr.getPrivilege(Privilege.JCR_REMOVE_NODE))); + assertTrue(l.remove(privilegeMgr.getPrivilege(Privilege.JCR_READ_ACCESS_CONTROL))); + assertTrue(l.remove(privilegeMgr.getPrivilege(Privilege.JCR_MODIFY_ACCESS_CONTROL))); + assertTrue(l.remove(privilegeMgr.getPrivilege(Privilege.JCR_WRITE))); + assertTrue(l.remove(privilegeMgr.getPrivilege(Privilege.JCR_ALL))); + assertTrue(l.remove(privilegeMgr.getPrivilege(Privilege.JCR_LIFECYCLE_MANAGEMENT))); + assertTrue(l.remove(privilegeMgr.getPrivilege(Privilege.JCR_LOCK_MANAGEMENT))); + assertTrue(l.remove(privilegeMgr.getPrivilege(Privilege.JCR_NODE_TYPE_MANAGEMENT))); + assertTrue(l.remove(privilegeMgr.getPrivilege(Privilege.JCR_RETENTION_MANAGEMENT))); + assertTrue(l.remove(privilegeMgr.getPrivilege(Privilege.JCR_VERSION_MANAGEMENT))); + assertTrue(l.remove(privilegeMgr.getPrivilege(PrivilegeRegistry.REP_WRITE))); assertTrue(l.isEmpty()); } public void testAllPrivilege() throws RepositoryException { - Privilege p = privilegeRegistry.getPrivilege(Privilege.JCR_ALL); + Privilege p = privilegeMgr.getPrivilege(Privilege.JCR_ALL); assertSamePrivilegeName(p.getName(), Privilege.JCR_ALL); assertTrue(p.isAggregate()); assertFalse(p.isAbstract()); List l = new ArrayList(Arrays.asList(p.getAggregatePrivileges())); - assertTrue(l.remove(privilegeRegistry.getPrivilege(Privilege.JCR_READ))); - assertTrue(l.remove(privilegeRegistry.getPrivilege(Privilege.JCR_ADD_CHILD_NODES))); - assertTrue(l.remove(privilegeRegistry.getPrivilege(Privilege.JCR_REMOVE_CHILD_NODES))); - assertTrue(l.remove(privilegeRegistry.getPrivilege(Privilege.JCR_MODIFY_PROPERTIES))); - assertTrue(l.remove(privilegeRegistry.getPrivilege(Privilege.JCR_REMOVE_NODE))); - assertTrue(l.remove(privilegeRegistry.getPrivilege(Privilege.JCR_READ_ACCESS_CONTROL))); - assertTrue(l.remove(privilegeRegistry.getPrivilege(Privilege.JCR_MODIFY_ACCESS_CONTROL))); - assertTrue(l.remove(privilegeRegistry.getPrivilege(Privilege.JCR_LIFECYCLE_MANAGEMENT))); - assertTrue(l.remove(privilegeRegistry.getPrivilege(Privilege.JCR_LOCK_MANAGEMENT))); - assertTrue(l.remove(privilegeRegistry.getPrivilege(Privilege.JCR_NODE_TYPE_MANAGEMENT))); - assertTrue(l.remove(privilegeRegistry.getPrivilege(Privilege.JCR_RETENTION_MANAGEMENT))); - assertTrue(l.remove(privilegeRegistry.getPrivilege(Privilege.JCR_VERSION_MANAGEMENT))); + assertTrue(l.remove(privilegeMgr.getPrivilege(Privilege.JCR_READ))); + assertTrue(l.remove(privilegeMgr.getPrivilege(Privilege.JCR_ADD_CHILD_NODES))); + assertTrue(l.remove(privilegeMgr.getPrivilege(Privilege.JCR_REMOVE_CHILD_NODES))); + assertTrue(l.remove(privilegeMgr.getPrivilege(Privilege.JCR_MODIFY_PROPERTIES))); + assertTrue(l.remove(privilegeMgr.getPrivilege(Privilege.JCR_REMOVE_NODE))); + assertTrue(l.remove(privilegeMgr.getPrivilege(Privilege.JCR_READ_ACCESS_CONTROL))); + assertTrue(l.remove(privilegeMgr.getPrivilege(Privilege.JCR_MODIFY_ACCESS_CONTROL))); + assertTrue(l.remove(privilegeMgr.getPrivilege(Privilege.JCR_LIFECYCLE_MANAGEMENT))); + assertTrue(l.remove(privilegeMgr.getPrivilege(Privilege.JCR_LOCK_MANAGEMENT))); + assertTrue(l.remove(privilegeMgr.getPrivilege(Privilege.JCR_NODE_TYPE_MANAGEMENT))); + assertTrue(l.remove(privilegeMgr.getPrivilege(Privilege.JCR_RETENTION_MANAGEMENT))); + assertTrue(l.remove(privilegeMgr.getPrivilege(Privilege.JCR_VERSION_MANAGEMENT))); + assertTrue(l.remove(privilegeMgr.getPrivilege(Privilege.JCR_WRITE))); + assertTrue(l.remove(privilegeMgr.getPrivilege(PrivilegeRegistry.REP_WRITE))); assertTrue(l.isEmpty()); l = new ArrayList(Arrays.asList(p.getDeclaredAggregatePrivileges())); - assertTrue(l.remove(privilegeRegistry.getPrivilege(Privilege.JCR_READ))); - assertTrue(l.remove(privilegeRegistry.getPrivilege(Privilege.JCR_WRITE))); - assertTrue(l.remove(privilegeRegistry.getPrivilege(PrivilegeRegistry.REP_WRITE))); - assertTrue(l.remove(privilegeRegistry.getPrivilege(Privilege.JCR_READ_ACCESS_CONTROL))); - assertTrue(l.remove(privilegeRegistry.getPrivilege(Privilege.JCR_MODIFY_ACCESS_CONTROL))); - assertTrue(l.remove(privilegeRegistry.getPrivilege(Privilege.JCR_LIFECYCLE_MANAGEMENT))); - assertTrue(l.remove(privilegeRegistry.getPrivilege(Privilege.JCR_LOCK_MANAGEMENT))); - assertTrue(l.remove(privilegeRegistry.getPrivilege(Privilege.JCR_RETENTION_MANAGEMENT))); - assertTrue(l.remove(privilegeRegistry.getPrivilege(Privilege.JCR_VERSION_MANAGEMENT))); + assertTrue(l.remove(privilegeMgr.getPrivilege(Privilege.JCR_READ))); + assertTrue(l.remove(privilegeMgr.getPrivilege(Privilege.JCR_WRITE))); + assertTrue(l.remove(privilegeMgr.getPrivilege(PrivilegeRegistry.REP_WRITE))); + assertTrue(l.remove(privilegeMgr.getPrivilege(Privilege.JCR_READ_ACCESS_CONTROL))); + assertTrue(l.remove(privilegeMgr.getPrivilege(Privilege.JCR_MODIFY_ACCESS_CONTROL))); + assertTrue(l.remove(privilegeMgr.getPrivilege(Privilege.JCR_LIFECYCLE_MANAGEMENT))); + assertTrue(l.remove(privilegeMgr.getPrivilege(Privilege.JCR_LOCK_MANAGEMENT))); + assertTrue(l.remove(privilegeMgr.getPrivilege(Privilege.JCR_RETENTION_MANAGEMENT))); + assertTrue(l.remove(privilegeMgr.getPrivilege(Privilege.JCR_VERSION_MANAGEMENT))); + assertTrue(l.remove(privilegeMgr.getPrivilege(Privilege.JCR_NODE_TYPE_MANAGEMENT))); assertTrue(l.isEmpty()); } public void testGetBits() throws RepositoryException { - Privilege p1 = privilegeRegistry.getPrivilege(Privilege.JCR_ADD_CHILD_NODES); - Privilege p2 = privilegeRegistry.getPrivilege(Privilege.JCR_REMOVE_CHILD_NODES); + Privilege p1 = privilegeMgr.getPrivilege(Privilege.JCR_ADD_CHILD_NODES); + Privilege p2 = privilegeMgr.getPrivilege(Privilege.JCR_REMOVE_CHILD_NODES); Privilege[] privs = new Privilege[] {p1, p2}; - int bits = PrivilegeRegistry.getBits(privs); + int bits = privilegeMgr.getBits(privs); assertTrue(bits > PrivilegeRegistry.NO_PRIVILEGE); - assertTrue(bits == (PrivilegeRegistry.getBits(new Privilege[] {p1}) | - PrivilegeRegistry.getBits(new Privilege[] {p2}))); + assertTrue(bits == (privilegeMgr.getBits(new Privilege[] {p1}) | + privilegeMgr.getBits(new Privilege[] {p2}))); } public void testGetBitsFromCustomPrivilege() throws AccessControlException { Privilege p = buildCustomPrivilege(Privilege.JCR_READ, null); try { - int bits = PrivilegeRegistry.getBits(new Privilege[] {p}); + privilegeMgr.getBits(new Privilege[] {p}); fail("Retrieving bits from unknown privilege should fail."); } catch (AccessControlException e) { // ok @@ -160,9 +143,9 @@ public class PrivilegeRegistryTest exten } public void testGetBitsFromCustomAggregatePrivilege() throws RepositoryException { - Privilege p = buildCustomPrivilege("anyName", privilegeRegistry.getPrivilege(Privilege.JCR_WRITE)); + Privilege p = buildCustomPrivilege("anyName", privilegeMgr.getPrivilege(Privilege.JCR_WRITE)); try { - int bits = PrivilegeRegistry.getBits(new Privilege[] {p}); + privilegeMgr.getBits(new Privilege[] {p}); fail("Retrieving bits from unknown privilege should fail."); } catch (AccessControlException e) { // ok @@ -171,16 +154,34 @@ public class PrivilegeRegistryTest exten public void testGetBitsFromNull() { try { - PrivilegeRegistry.getBits(null); + privilegeMgr.getBits((Privilege[]) null); fail("Should throw AccessControlException"); } catch (AccessControlException e) { // ok } } - public void testGetBitsFromEmptyArray() { + public void testGetBitsFromNullString() { try { - PrivilegeRegistry.getBits(new Privilege[0]); + privilegeMgr.getBits((String[]) null); + fail("Should throw AccessControlException"); + } catch (AccessControlException e) { + // ok + } + } + + public void testGetBitsFromEmptyArray() throws AccessControlException { + try { + privilegeMgr.getBits(new Privilege[0]); + fail("Should throw AccessControlException"); + } catch (AccessControlException e) { + // ok + } + } + + public void testGetBitsFromEmptyStringArray() throws AccessControlException { + try { + privilegeMgr.getBits(new String[0]); fail("Should throw AccessControlException"); } catch (AccessControlException e) { // ok @@ -190,7 +191,7 @@ public class PrivilegeRegistryTest exten public void testGetBitsWithInvalidPrivilege() { Privilege p = buildCustomPrivilege("anyName", null); try { - PrivilegeRegistry.getBits(new Privilege[] {p}); + privilegeMgr.getBits(new Privilege[] {p}); fail(); } catch (AccessControlException e) { // ok @@ -198,7 +199,7 @@ public class PrivilegeRegistryTest exten } public void testGetPrivilegesFromBits() throws RepositoryException { - Privilege[] pvs = privilegeRegistry.getPrivileges(PrivilegeRegistry.getBits(privilegesFromNames(new String[] {Privilege.JCR_READ_ACCESS_CONTROL}))); + Privilege[] pvs = privilegeMgr.getPrivileges(privilegeMgr.getBits(privilegesFromNames(new String[] {Privilege.JCR_READ_ACCESS_CONTROL}))); assertTrue(pvs != null); assertTrue(pvs.length == 1); @@ -212,8 +213,8 @@ public class PrivilegeRegistryTest exten Privilege.JCR_REMOVE_NODE, Privilege.JCR_MODIFY_PROPERTIES }; - int writeBits = PrivilegeRegistry.getBits(privilegesFromNames(names)); - Privilege[] pvs = privilegeRegistry.getPrivileges(writeBits); + int writeBits = privilegeMgr.getBits(privilegesFromNames(names)); + Privilege[] pvs = privilegeMgr.getPrivileges(writeBits); assertTrue(pvs != null); assertTrue(pvs.length == 1); @@ -226,8 +227,8 @@ public class PrivilegeRegistryTest exten String[] names = new String[] { PrivilegeRegistry.REP_WRITE }; - int writeBits = PrivilegeRegistry.getBits(privilegesFromNames(names)); - Privilege[] pvs = privilegeRegistry.getPrivileges(writeBits); + int writeBits = privilegeMgr.getBits(privilegesFromNames(names)); + Privilege[] pvs = privilegeMgr.getPrivileges(writeBits); assertTrue(pvs != null); assertTrue(pvs.length == 1); @@ -238,8 +239,8 @@ public class PrivilegeRegistryTest exten PrivilegeRegistry.REP_WRITE, Privilege.JCR_WRITE }; - writeBits = PrivilegeRegistry.getBits(privilegesFromNames(names)); - pvs = privilegeRegistry.getPrivileges(writeBits); + writeBits = privilegeMgr.getBits(privilegesFromNames(names)); + pvs = privilegeMgr.getPrivileges(writeBits); assertTrue(pvs != null); assertTrue(pvs.length == 1); @@ -253,21 +254,21 @@ public class PrivilegeRegistryTest exten PrivilegeRegistry.REP_WRITE, Privilege.JCR_LIFECYCLE_MANAGEMENT }; - int writeBits = PrivilegeRegistry.getBits(privilegesFromNames(names)); - Privilege[] pvs = privilegeRegistry.getPrivileges(writeBits); + int writeBits = privilegeMgr.getBits(privilegesFromNames(names)); + Privilege[] pvs = privilegeMgr.getPrivileges(writeBits); assertTrue(pvs != null); assertTrue(pvs.length == 2); } public void testGetPrivilegeFromName() throws AccessControlException, RepositoryException { - Privilege p = privilegeRegistry.getPrivilege(Privilege.JCR_READ); + Privilege p = privilegeMgr.getPrivilege(Privilege.JCR_READ); assertTrue(p != null); assertSamePrivilegeName(Privilege.JCR_READ, p.getName()); assertFalse(p.isAggregate()); - p = privilegeRegistry.getPrivilege(Privilege.JCR_WRITE); + p = privilegeMgr.getPrivilege(Privilege.JCR_WRITE); assertTrue(p != null); assertSamePrivilegeName(p.getName(), Privilege.JCR_WRITE); @@ -276,7 +277,7 @@ public class PrivilegeRegistryTest exten public void testGetPrivilegesFromInvalidName() throws RepositoryException { try { - privilegeRegistry.getPrivilege("unknown"); + privilegeMgr.getPrivilege("unknown"); fail("invalid privilege name"); } catch (AccessControlException e) { // OK @@ -285,7 +286,7 @@ public class PrivilegeRegistryTest exten public void testGetPrivilegesFromEmptyNames() { try { - privilegeRegistry.getPrivilege(""); + privilegeMgr.getPrivilege(""); fail("invalid privilege name array"); } catch (AccessControlException e) { // OK @@ -296,14 +297,45 @@ public class PrivilegeRegistryTest exten public void testGetPrivilegesFromNullNames() { try { - privilegeRegistry.getPrivilege(null); + privilegeMgr.getPrivilege(null); fail("invalid privilege name (null)"); } catch (Exception e) { // OK } } - private Privilege buildCustomPrivilege(final String name, final Privilege declaredAggr) { + public void testRegisterPrivilegeWithIllegalName() throws RepositoryException { + Map illegal = new HashMap(); + illegal.put("invalid:privilegeName", new String[0]); + illegal.put("jcr:newPrivilege", new String[] {"invalid:privilegeName"}); + illegal.put(".e:privilegeName", new String[0]); + illegal.put("jcr:newPrivilege", new String[] {".e:privilegeName"}); + + for (String illegalName : illegal.keySet()) { + try { + privilegeMgr.registerPrivilege(illegalName, true, illegal.get(illegalName)); + fail("Illegal name -> Exception expected"); + } catch (NamespaceException e) { + // success + } catch (IllegalNameException e) { + // success + } + } + } + + public void testRegisterPrivilegeAsNonAdmin() throws RepositoryException { + Session s = getHelper().getReadOnlySession(); + try { + ((WorkspaceImpl) s.getWorkspace()).getPrivilegeManager().registerPrivilege("test", true, new String[0]); + fail("Only admin is allowed to register privileges."); + } catch (AccessDeniedException e) { + // success + } finally { + s.logout(); + } + } + + private Privilege buildCustomPrivilege(final String name, final Privilege declaredAggr) { return new Privilege() { public String getName() { Modified: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/PrivilegeRegistryTest.java URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/PrivilegeRegistryTest.java?rev=1072154&r1=1072153&r2=1072154&view=diff ============================================================================== --- jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/PrivilegeRegistryTest.java (original) +++ jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/PrivilegeRegistryTest.java Fri Feb 18 21:24:10 2011 @@ -16,57 +16,179 @@ */ package org.apache.jackrabbit.core.security.authorization; -import junit.framework.TestCase; -import javax.jcr.security.AccessControlException; -import javax.jcr.security.Privilege; -import org.apache.jackrabbit.spi.commons.conversion.ParsingNameResolver; -import org.apache.jackrabbit.spi.commons.conversion.NameResolver; -import org.apache.jackrabbit.spi.commons.name.NameFactoryImpl; -import org.apache.jackrabbit.spi.commons.namespace.NamespaceResolver; +import org.apache.jackrabbit.core.RepositoryImpl; +import org.apache.jackrabbit.core.SessionImpl; +import org.apache.jackrabbit.core.fs.FileSystem; +import org.apache.jackrabbit.core.fs.FileSystemException; +import org.apache.jackrabbit.core.fs.FileSystemResource; import org.apache.jackrabbit.spi.Name; +import org.apache.jackrabbit.spi.commons.conversion.IllegalNameException; +import org.apache.jackrabbit.spi.commons.conversion.NameResolver; +import org.apache.jackrabbit.spi.commons.name.NameConstants; +import org.apache.jackrabbit.test.AbstractJCRTest; import javax.jcr.NamespaceException; import javax.jcr.RepositoryException; +import javax.jcr.security.AccessControlException; +import javax.jcr.security.Privilege; +import java.io.IOException; +import java.io.OutputStreamWriter; +import java.io.Writer; import java.util.ArrayList; import java.util.Arrays; +import java.util.Collections; +import java.util.HashMap; +import java.util.HashSet; import java.util.List; +import java.util.Map; +import java.util.Set; /** * PrivilegeRegistryTest... */ -public class PrivilegeRegistryTest extends TestCase { +public class PrivilegeRegistryTest extends AbstractJCRTest { private NameResolver resolver; private PrivilegeRegistry privilegeRegistry; + @Override protected void setUp() throws Exception { super.setUp(); - NamespaceResolver nsResolver = new NamespaceResolver() { - public String getURI(String prefix) throws NamespaceException { - if (Name.NS_JCR_PREFIX.equals(prefix)) { - return Name.NS_JCR_URI; - } else if (Name.NS_EMPTY_PREFIX.equals(prefix)) { - return Name.NS_DEFAULT_URI; - } else if (Name.NS_REP_PREFIX.equals(prefix)) { - return Name.NS_REP_URI; - } else { - throw new NamespaceException(); - } + resolver = ((SessionImpl) superuser); + privilegeRegistry = new PrivilegeRegistry(resolver); + } + + public void testGetAll() throws RepositoryException { + + PrivilegeRegistry.PrivilegeDefinition[] defs = privilegeRegistry.getAll(); + + List l = new ArrayList(Arrays.asList(defs)); + assertTrue(l.remove(privilegeRegistry.get(NameConstants.JCR_READ))); + assertTrue(l.remove(privilegeRegistry.get(NameConstants.JCR_ADD_CHILD_NODES))); + assertTrue(l.remove(privilegeRegistry.get(NameConstants.JCR_REMOVE_CHILD_NODES))); + assertTrue(l.remove(privilegeRegistry.get(NameConstants.JCR_MODIFY_PROPERTIES))); + assertTrue(l.remove(privilegeRegistry.get(NameConstants.JCR_REMOVE_NODE))); + assertTrue(l.remove(privilegeRegistry.get(NameConstants.JCR_READ_ACCESS_CONTROL))); + assertTrue(l.remove(privilegeRegistry.get(NameConstants.JCR_MODIFY_ACCESS_CONTROL))); + assertTrue(l.remove(privilegeRegistry.get(NameConstants.JCR_WRITE))); + assertTrue(l.remove(privilegeRegistry.get(NameConstants.JCR_ALL))); + assertTrue(l.remove(privilegeRegistry.get(NameConstants.JCR_LIFECYCLE_MANAGEMENT))); + assertTrue(l.remove(privilegeRegistry.get(NameConstants.JCR_LOCK_MANAGEMENT))); + assertTrue(l.remove(privilegeRegistry.get(NameConstants.JCR_NODE_TYPE_MANAGEMENT))); + assertTrue(l.remove(privilegeRegistry.get(NameConstants.JCR_RETENTION_MANAGEMENT))); + assertTrue(l.remove(privilegeRegistry.get(NameConstants.JCR_VERSION_MANAGEMENT))); + assertTrue(l.remove(privilegeRegistry.get(resolver.getQName(PrivilegeRegistry.REP_WRITE)))); + + assertTrue(l.isEmpty()); + } + + + public void testGet() throws RepositoryException { + + for (PrivilegeRegistry.PrivilegeDefinition def : privilegeRegistry.getAll()) { + + PrivilegeRegistry.PrivilegeDefinition d = privilegeRegistry.get(def.name); + assertEquals(def, d); + + assertNotNull(d.name); + assertEquals(d.name, d.getName()); + + assertFalse(d.isAbstract); + assertEquals(d.isAbstract, d.isAbstract()); + + assertNotNull(d.declaredAggregateNames); + List l = Arrays.asList(d.getDeclaredAggregateNames()); + assertTrue(d.declaredAggregateNames.containsAll(l)); + assertTrue(l.containsAll(d.declaredAggregateNames)); + + assertTrue(d.getBits() > PrivilegeRegistry.NO_PRIVILEGE); + } + } + + public void testAggregates() throws RepositoryException { + + for (PrivilegeRegistry.PrivilegeDefinition def : privilegeRegistry.getAll()) { + if (def.declaredAggregateNames.isEmpty()) { + continue; // ignore non aggregate } - public String getPrefix(String uri) throws NamespaceException { - if (Name.NS_JCR_URI.equals(uri)) { - return Name.NS_JCR_PREFIX; - } else if (Name.NS_DEFAULT_URI.equals(uri)) { - return Name.NS_EMPTY_PREFIX; - } else if (Name.NS_REP_URI.equals(uri)) { - return Name.NS_REP_PREFIX; - } else { - throw new NamespaceException(); - } + + List l = Arrays.asList(def.getDeclaredAggregateNames()); + for (Name n : l) { + PrivilegeRegistry.PrivilegeDefinition d = privilegeRegistry.get(n); + assertNotNull(d); + Name[] names = privilegeRegistry.getNames(d.getBits()); + assertNotNull(names); + assertEquals(1, names.length); + assertEquals(d.name, names[0]); } - }; - resolver = new ParsingNameResolver(NameFactoryImpl.getInstance(), nsResolver); - privilegeRegistry = new PrivilegeRegistry(resolver); + } + } + + public void testPrivilegeDefinition() throws RepositoryException { + + for (PrivilegeRegistry.PrivilegeDefinition def : privilegeRegistry.getAll()) { + + assertNotNull(def.name); + assertEquals(def.name, def.getName()); + + assertFalse(def.isAbstract); + assertEquals(def.isAbstract, def.isAbstract()); + + assertNotNull(def.declaredAggregateNames); + List l = Arrays.asList(def.getDeclaredAggregateNames()); + assertTrue(def.declaredAggregateNames.containsAll(l)); + assertTrue(l.containsAll(def.declaredAggregateNames)); + + assertTrue(def.getBits() > PrivilegeRegistry.NO_PRIVILEGE); + } + } + + public void testJcrAll() throws RepositoryException { + PrivilegeRegistry.PrivilegeDefinition p = privilegeRegistry.get(NameConstants.JCR_ALL); + assertEquals(p.getName(), NameConstants.JCR_ALL); + assertFalse(p.declaredAggregateNames.isEmpty()); + assertFalse(p.isAbstract()); + + Set l = new HashSet(p.declaredAggregateNames); + assertTrue(l.remove(NameConstants.JCR_READ)); + assertTrue(l.remove(NameConstants.JCR_WRITE)); + assertTrue(l.remove(resolver.getQName(PrivilegeRegistry.REP_WRITE))); + assertTrue(l.remove(NameConstants.JCR_READ_ACCESS_CONTROL)); + assertTrue(l.remove(NameConstants.JCR_MODIFY_ACCESS_CONTROL)); + assertTrue(l.remove(NameConstants.JCR_LIFECYCLE_MANAGEMENT)); + assertTrue(l.remove(NameConstants.JCR_LOCK_MANAGEMENT)); + assertTrue(l.remove(NameConstants.JCR_NODE_TYPE_MANAGEMENT)); + assertTrue(l.remove(NameConstants.JCR_RETENTION_MANAGEMENT)); + assertTrue(l.remove(NameConstants.JCR_VERSION_MANAGEMENT)); + assertTrue(l.isEmpty()); + } + + public void testJcrWrite() throws RepositoryException { + Name rw = resolver.getQName(PrivilegeRegistry.REP_WRITE); + PrivilegeRegistry.PrivilegeDefinition p = privilegeRegistry.get(rw); + + assertEquals(p.getName(), rw); + assertFalse(p.declaredAggregateNames.isEmpty()); + assertFalse(p.isAbstract()); + + Set l = new HashSet(p.declaredAggregateNames); + assertTrue(l.remove(NameConstants.JCR_WRITE)); + assertTrue(l.remove(NameConstants.JCR_NODE_TYPE_MANAGEMENT)); + assertTrue(l.isEmpty()); + } + + public void testRepWrite() throws RepositoryException { + PrivilegeRegistry.PrivilegeDefinition p = privilegeRegistry.get(NameConstants.JCR_WRITE); + assertEquals(p.getName(), NameConstants.JCR_WRITE); + assertFalse(p.declaredAggregateNames.isEmpty()); + assertFalse(p.isAbstract()); + + Set l = new HashSet(p.declaredAggregateNames); + assertTrue(l.remove(NameConstants.JCR_MODIFY_PROPERTIES)); + assertTrue(l.remove(NameConstants.JCR_ADD_CHILD_NODES)); + assertTrue(l.remove(NameConstants.JCR_REMOVE_CHILD_NODES)); + assertTrue(l.remove(NameConstants.JCR_REMOVE_NODE)); + assertTrue(l.isEmpty()); } private void assertSamePrivilegeName(String expected, String present) throws RepositoryException { @@ -100,7 +222,7 @@ public class PrivilegeRegistryTest exten assertTrue(l.remove(privilegeRegistry.getPrivilege(Privilege.JCR_NODE_TYPE_MANAGEMENT))); assertTrue(l.remove(privilegeRegistry.getPrivilege(Privilege.JCR_RETENTION_MANAGEMENT))); assertTrue(l.remove(privilegeRegistry.getPrivilege(Privilege.JCR_VERSION_MANAGEMENT))); - assertTrue(l.remove(privilegeRegistry.getPrivilege(PrivilegeRegistry.REP_WRITE))); + assertTrue(l.remove(privilegeRegistry.getPrivilege(PrivilegeRegistry.REP_WRITE))); assertTrue(l.isEmpty()); } @@ -123,6 +245,8 @@ public class PrivilegeRegistryTest exten assertTrue(l.remove(privilegeRegistry.getPrivilege(Privilege.JCR_NODE_TYPE_MANAGEMENT))); assertTrue(l.remove(privilegeRegistry.getPrivilege(Privilege.JCR_RETENTION_MANAGEMENT))); assertTrue(l.remove(privilegeRegistry.getPrivilege(Privilege.JCR_VERSION_MANAGEMENT))); + assertTrue(l.remove(privilegeRegistry.getPrivilege(Privilege.JCR_WRITE))); + assertTrue(l.remove(privilegeRegistry.getPrivilege(PrivilegeRegistry.REP_WRITE))); assertTrue(l.isEmpty()); l = new ArrayList(Arrays.asList(p.getDeclaredAggregatePrivileges())); @@ -135,6 +259,7 @@ public class PrivilegeRegistryTest exten assertTrue(l.remove(privilegeRegistry.getPrivilege(Privilege.JCR_LOCK_MANAGEMENT))); assertTrue(l.remove(privilegeRegistry.getPrivilege(Privilege.JCR_RETENTION_MANAGEMENT))); assertTrue(l.remove(privilegeRegistry.getPrivilege(Privilege.JCR_VERSION_MANAGEMENT))); + assertTrue(l.remove(privilegeRegistry.getPrivilege(Privilege.JCR_NODE_TYPE_MANAGEMENT))); assertTrue(l.isEmpty()); } @@ -152,7 +277,7 @@ public class PrivilegeRegistryTest exten public void testGetBitsFromCustomPrivilege() throws AccessControlException { Privilege p = buildCustomPrivilege(Privilege.JCR_READ, null); try { - int bits = PrivilegeRegistry.getBits(new Privilege[] {p}); + PrivilegeRegistry.getBits(new Privilege[] {p}); fail("Retrieving bits from unknown privilege should fail."); } catch (AccessControlException e) { // ok @@ -162,7 +287,7 @@ public class PrivilegeRegistryTest exten public void testGetBitsFromCustomAggregatePrivilege() throws RepositoryException { Privilege p = buildCustomPrivilege("anyName", privilegeRegistry.getPrivilege(Privilege.JCR_WRITE)); try { - int bits = PrivilegeRegistry.getBits(new Privilege[] {p}); + PrivilegeRegistry.getBits(new Privilege[] {p}); fail("Retrieving bits from unknown privilege should fail."); } catch (AccessControlException e) { // ok @@ -303,7 +428,190 @@ public class PrivilegeRegistryTest exten } } - private Privilege buildCustomPrivilege(final String name, final Privilege declaredAggr) { + public void testInvalidCustomDefinitions() throws RepositoryException, FileSystemException, IOException { + // setup the custom privilege file with cyclic references + FileSystem fs = ((RepositoryImpl) superuser.getRepository()).getConfig().getFileSystem(); + FileSystemResource resource = new FileSystemResource(fs, "/privileges/custom_privileges.xml"); + if (!resource.exists()) { + resource.makeParentDirs(); + } + StringBuilder sb = new StringBuilder(); + sb.append("test;;test2\n"); + + Writer writer = new OutputStreamWriter(resource.getOutputStream(), "utf-8"); + writer.write(sb.toString()); + writer.flush(); + writer.close(); + + try { + new PrivilegeRegistry(superuser.getWorkspace().getNamespaceRegistry(), fs); + fail("Invalid names must be detected upon registry startup."); + } catch (IllegalArgumentException e) { + // success + } finally { + fs.deleteFolder("/privileges"); + } + } + + public void testCustomDefinitionsWithCyclicReferences() throws RepositoryException, FileSystemException, IOException { + // setup the custom privilege file with cyclic references + FileSystem fs = ((RepositoryImpl) superuser.getRepository()).getConfig().getFileSystem(); + FileSystemResource resource = new FileSystemResource(fs, "/privileges/custom_privileges.xml"); + if (!resource.exists()) { + resource.makeParentDirs(); + } + StringBuilder sb = new StringBuilder(); + sb.append("{}test;;{}test2\n"); + sb.append("{}test4;abstract;{}test5\n"); + sb.append("{}test5;;{}test3\n"); + sb.append("{}test3;;{}test\n"); + sb.append("{}test2;;{}test4"); + + Writer writer = new OutputStreamWriter(resource.getOutputStream(), "utf-8"); + writer.write(sb.toString()); + writer.flush(); + writer.close(); + + try { + new PrivilegeRegistry(superuser.getWorkspace().getNamespaceRegistry(), fs); + fail("Cyclic definitions must be detected upon registry startup."); + } catch (RepositoryException e) { + // success + } finally { + fs.deleteFolder("/privileges"); + } + } + + public void testRegisterBuiltInPrivilege() throws RepositoryException, IllegalNameException, FileSystemException { + FileSystem fs = ((RepositoryImpl) superuser.getRepository()).getConfig().getFileSystem(); + try { + PrivilegeRegistry pr = new PrivilegeRegistry(superuser.getWorkspace().getNamespaceRegistry(), fs); + + Map> builtIns = new HashMap>(); + builtIns.put(NameConstants.JCR_READ, Collections.emptySet()); + builtIns.put(NameConstants.JCR_LIFECYCLE_MANAGEMENT, Collections.singleton(NameConstants.JCR_ADD_CHILD_NODES)); + builtIns.put(PrivilegeRegistry.REP_WRITE_NAME, Collections.emptySet()); + builtIns.put(NameConstants.JCR_ALL, Collections.emptySet()); + + for (Name builtInName : builtIns.keySet()) { + try { + pr.registerDefinition(builtInName, false, builtIns.get(builtInName)); + fail("Privilege name already in use -> Exception expected"); + } catch (RepositoryException e) { + // success + } + } + } finally { + fs.deleteFolder("/privileges"); + } + } + + public void testRegisterInvalidNewAggregate() throws RepositoryException, IllegalNameException, FileSystemException { + FileSystem fs = ((RepositoryImpl) superuser.getRepository()).getConfig().getFileSystem(); + try { + PrivilegeRegistry pr = new PrivilegeRegistry(superuser.getWorkspace().getNamespaceRegistry(), fs); + + Map> newAggregates = new HashMap>(); + newAggregates.put(resolver.getQName("jcr:newAggregate"), Collections.singleton(NameConstants.JCR_READ)); + newAggregates.put(resolver.getQName("jcr:newAggregate"), createNameSet(NameConstants.JCR_READ, resolver.getQName("unknownPrivilege"))); + newAggregates.put(resolver.getQName("newAggregate"), createNameSet(NameConstants.JCR_READ, resolver.getQName("unknownPrivilege"))); + newAggregates.put(resolver.getQName("newAggregate"), createNameSet(resolver.getQName("newAggregate"))); + + for (Name name : newAggregates.keySet()) { + try { + pr.registerDefinition(name, true, newAggregates.get(name)); + fail("New aggregate referring to unknown Privilege -> Exception expected"); + } catch (RepositoryException e) { + // success + } + } + } finally { + fs.deleteFolder("/privileges"); + } + } + + public void testRegisterCustomPrivileges() throws RepositoryException, FileSystemException { + FileSystem fs = ((RepositoryImpl) superuser.getRepository()).getConfig().getFileSystem(); + try { + PrivilegeRegistry pr = new PrivilegeRegistry(superuser.getWorkspace().getNamespaceRegistry(), fs); + + Map> newCustomPrivs = new HashMap>(); + newCustomPrivs.put(resolver.getQName("new"), Collections.emptySet()); + + for (Name name : newCustomPrivs.keySet()) { + boolean isAbstract = true; + Set aggrNames = newCustomPrivs.get(name); + pr.registerDefinition(name, isAbstract, aggrNames); + PrivilegeRegistry.PrivilegeDefinition definition = pr.get(name); + + assertNotNull(definition); + assertEquals(name, definition.getName()); + assertTrue(definition.isAbstract()); + assertTrue(definition.declaredAggregateNames.isEmpty()); + assertEquals(aggrNames.size(), definition.declaredAggregateNames.size()); + for (Name n : aggrNames) { + assertTrue(definition.declaredAggregateNames.contains(n)); + } + + List allAgg = Arrays.asList(pr.get(NameConstants.JCR_ALL).getDeclaredAggregateNames()); + assertTrue(allAgg.contains(name)); + + // re-read the filesystem resource and check if definition is correct + PrivilegeRegistry registry = new PrivilegeRegistry(superuser.getWorkspace().getNamespaceRegistry(), fs); + PrivilegeRegistry.PrivilegeDefinition def = registry.get(name); + assertEquals(isAbstract, def.isAbstract); + assertEquals(aggrNames.size(), def.declaredAggregateNames.size()); + for (Name n : aggrNames) { + assertTrue(def.declaredAggregateNames.contains(n)); + } + } + + Map> newAggregates = new HashMap>(); + // a new aggregate of existing built-in privileges + newAggregates.put(resolver.getQName("newA1"), createNameSet(NameConstants.JCR_READ, NameConstants.JCR_RETENTION_MANAGEMENT)); + // a new aggregate of custom and built-in privilege + newAggregates.put(resolver.getQName("newA2"), createNameSet(resolver.getQName("new"), NameConstants.JCR_READ)); + + for (Name name : newAggregates.keySet()) { + boolean isAbstract = false; + Set aggrNames = newAggregates.get(name); + pr.registerDefinition(name, isAbstract, aggrNames); + PrivilegeRegistry.PrivilegeDefinition definition = pr.get(name); + + assertNotNull(definition); + assertEquals(name, definition.getName()); + assertFalse(definition.isAbstract()); + assertFalse(definition.declaredAggregateNames.isEmpty()); + assertEquals(aggrNames.size(), definition.declaredAggregateNames.size()); + for (Name n : aggrNames) { + assertTrue(definition.declaredAggregateNames.contains(n)); + } + + List allAgg = Arrays.asList(pr.get(NameConstants.JCR_ALL).getDeclaredAggregateNames()); + assertTrue(allAgg.contains(name)); + + // re-read the filesystem resource and check if definition is correct + PrivilegeRegistry registry = new PrivilegeRegistry(superuser.getWorkspace().getNamespaceRegistry(), fs); + PrivilegeRegistry.PrivilegeDefinition def = registry.get(name); + assertEquals(isAbstract, def.isAbstract); + assertEquals(isAbstract, def.isAbstract); + assertEquals(aggrNames.size(), def.declaredAggregateNames.size()); + for (Name n : aggrNames) { + assertTrue(def.declaredAggregateNames.contains(n)); + } + } + } finally { + fs.deleteFolder("/privileges"); + } + } + + private static Set createNameSet(Name... names) { + Set set = new HashSet(); + set.addAll(Arrays.asList(names)); + return set; + } + + private Privilege buildCustomPrivilege(final String name, final Privilege declaredAggr) { return new Privilege() { public String getName() { Modified: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/TestAll.java URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/TestAll.java?rev=1072154&r1=1072153&r2=1072154&view=diff ============================================================================== --- jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/TestAll.java (original) +++ jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/TestAll.java Fri Feb 18 21:24:10 2011 @@ -36,6 +36,7 @@ public class TestAll extends TestCase { TestSuite suite = new TestSuite("core.security.authorization tests"); suite.addTestSuite(PrivilegeRegistryTest.class); + suite.addTestSuite(PrivilegeManagerTest.class); suite.addTestSuite(JackrabbitAccessControlListTest.class); suite.addTestSuite(GlobPatternTest.class); suite.addTestSuite(PermissionTest.class); Modified: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/acl/ACLTemplateTest.java URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/acl/ACLTemplateTest.java?rev=1072154&r1=1072153&r2=1072154&view=diff ============================================================================== --- jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/acl/ACLTemplateTest.java (original) +++ jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/acl/ACLTemplateTest.java Fri Feb 18 21:24:10 2011 @@ -53,14 +53,12 @@ public class ACLTemplateTest extends Abs @Override protected JackrabbitAccessControlList createEmptyTemplate(String path) throws RepositoryException { SessionImpl sImpl = (SessionImpl) superuser; - PrincipalManager princicipalMgr = sImpl.getPrincipalManager(); - PrivilegeRegistry privilegeRegistry = new PrivilegeRegistry(sImpl); - return new ACLTemplate(path, princicipalMgr, privilegeRegistry, sImpl.getValueFactory(), sImpl); + return new ACLTemplate(path, principalMgr, privilegeMgr, sImpl.getValueFactory(), sImpl); } @Override protected Principal getSecondPrincipal() throws Exception { - return pMgr.getEveryone(); + return principalMgr.getEveryone(); } public void testMultipleEntryEffect() throws RepositoryException, NotExecutableException { @@ -124,10 +122,10 @@ public class ACLTemplateTest extends Abs ACLTemplate.Entry entry = (ACLTemplate.Entry) entry1; int privs = entry.getPrivilegeBits(); if (entry.isAllow()) { - int bits = PrivilegeRegistry.getBits(privileges) ^ PrivilegeRegistry.getBits(privileges2); + int bits = privilegeMgr.getBits(privileges) ^ privilegeMgr.getBits(privileges2); assertEquals(privs, bits); } else { - assertEquals(privs, PrivilegeRegistry.getBits(privileges2)); + assertEquals(privs, privilegeMgr.getBits(privileges2)); } } } @@ -161,7 +159,7 @@ public class ACLTemplateTest extends Abs public void testSetEntryForGroupPrincipal() throws RepositoryException, NotExecutableException { JackrabbitAccessControlList pt = createEmptyTemplate(getTestPath()); Privilege[] privs = privilegesFromName(Privilege.JCR_READ); - Group grPrincipal = (Group) pMgr.getEveryone(); + Group grPrincipal = (Group) principalMgr.getEveryone(); // adding allow-entry must succeed assertTrue(pt.addAccessControlEntry(grPrincipal, privs)); @@ -190,7 +188,7 @@ public class ACLTemplateTest extends Abs Privilege[] readPriv = privilegesFromName(Privilege.JCR_READ); Privilege[] writePriv = privilegesFromName(Privilege.JCR_WRITE); - Principal principal2 = pMgr.getEveryone(); + Principal principal2 = principalMgr.getEveryone(); pt.addEntry(testPrincipal, readPriv, true, emptyRestrictions); pt.addEntry(principal2, readPriv, true, emptyRestrictions); @@ -212,7 +210,7 @@ public class ACLTemplateTest extends Abs Privilege[] readPriv = privilegesFromName(Privilege.JCR_READ); Privilege[] writePriv = privilegesFromName(Privilege.JCR_WRITE); - Principal principal2 = pMgr.getEveryone(); + Principal principal2 = principalMgr.getEveryone(); pt.addEntry(testPrincipal, readPriv, true, emptyRestrictions); pt.addEntry(principal2, readPriv, true, emptyRestrictions); @@ -271,7 +269,7 @@ public class ACLTemplateTest extends Abs Privilege[] writePriv = privilegesFromName(Privilege.JCR_WRITE); pt.addEntry(testPrincipal, readPriv, true, emptyRestrictions); - pt.addEntry(pMgr.getEveryone(), readPriv, true, emptyRestrictions); + pt.addEntry(principalMgr.getEveryone(), readPriv, true, emptyRestrictions); pt.addEntry(testPrincipal, writePriv, false, emptyRestrictions); AccessControlEntry[] entries = pt.getAccessControlEntries(); Modified: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/acl/EntryTest.java URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/acl/EntryTest.java?rev=1072154&r1=1072153&r2=1072154&view=diff ============================================================================== --- jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/acl/EntryTest.java (original) +++ jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/acl/EntryTest.java Fri Feb 18 21:24:10 2011 @@ -19,9 +19,10 @@ package org.apache.jackrabbit.core.secur import org.apache.jackrabbit.api.security.JackrabbitAccessControlEntry; import org.apache.jackrabbit.core.NodeImpl; import org.apache.jackrabbit.core.SessionImpl; +import org.apache.jackrabbit.core.WorkspaceImpl; import org.apache.jackrabbit.core.id.NodeId; import org.apache.jackrabbit.core.security.authorization.AbstractEntryTest; -import org.apache.jackrabbit.core.security.authorization.PrivilegeRegistry; +import org.apache.jackrabbit.core.security.authorization.PrivilegeManager; import org.apache.jackrabbit.test.NotExecutableException; import javax.jcr.RepositoryException; @@ -46,8 +47,9 @@ public class EntryTest extends AbstractE super.setUp(); SessionImpl s = (SessionImpl) superuser; + PrivilegeManager privMgr = ((WorkspaceImpl) superuser.getWorkspace()).getPrivilegeManager(); - acl = new ACLTemplate(testPath, s.getPrincipalManager(), new PrivilegeRegistry(s), s.getValueFactory(), s); + acl = new ACLTemplate(testPath, s.getPrincipalManager(), privMgr, s.getValueFactory(), s); } @Override Modified: jackrabbit/trunk/jackrabbit-spi-commons/src/main/java/org/apache/jackrabbit/spi/commons/name/NameConstants.java URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-spi-commons/src/main/java/org/apache/jackrabbit/spi/commons/name/NameConstants.java?rev=1072154&r1=1072153&r2=1072154&view=diff ============================================================================== --- jackrabbit/trunk/jackrabbit-spi-commons/src/main/java/org/apache/jackrabbit/spi/commons/name/NameConstants.java (original) +++ jackrabbit/trunk/jackrabbit-spi-commons/src/main/java/org/apache/jackrabbit/spi/commons/name/NameConstants.java Fri Feb 18 21:24:10 2011 @@ -721,4 +721,12 @@ public class NameConstants { public static final Name JCR_RETENTION_MANAGEMENT = FACTORY.create(Privilege.JCR_RETENTION_MANAGEMENT); + /** jcr:write */ + public static final Name JCR_WRITE = + FACTORY.create(Privilege.JCR_WRITE); + + /** jcr:all */ + public static final Name JCR_ALL = + FACTORY.create(Privilege.JCR_ALL); + } \ No newline at end of file