jackrabbit-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ang...@apache.org
Subject svn commit: r1082239 [2/2] - in /jackrabbit/trunk/jackrabbit-core/src: main/java/org/apache/jackrabbit/core/ main/java/org/apache/jackrabbit/core/security/ main/java/org/apache/jackrabbit/core/security/authorization/ main/java/org/apache/jackrabbit/cor...
Date Wed, 16 Mar 2011 18:07:08 GMT
Modified: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/AbstractEntryTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/AbstractEntryTest.java?rev=1082239&r1=1082238&r2=1082239&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/AbstractEntryTest.java
(original)
+++ jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/AbstractEntryTest.java
Wed Mar 16 18:07:07 2011
@@ -19,10 +19,14 @@ package org.apache.jackrabbit.core.secur
 import java.security.Principal;
 import java.util.ArrayList;
 import java.util.Arrays;
+import java.util.Collections;
+import java.util.HashMap;
 import java.util.List;
+import java.util.Map;
 
 import javax.jcr.RepositoryException;
 import javax.jcr.Value;
+import javax.jcr.security.AccessControlEntry;
 import javax.jcr.security.AccessControlException;
 import javax.jcr.security.Privilege;
 
@@ -57,6 +61,13 @@ public abstract class AbstractEntryTest 
     protected abstract JackrabbitAccessControlEntry createEntry(Principal principal, Privilege[]
privileges, boolean isAllow)
             throws RepositoryException;
 
+    protected abstract JackrabbitAccessControlEntry createEntry(Principal principal, Privilege[]
privileges, boolean isAllow, Map<String, Value> restrictions)
+            throws RepositoryException;
+    
+    protected abstract JackrabbitAccessControlEntry createEntryFromBase(JackrabbitAccessControlEntry
base, Privilege[] privileges, boolean isAllow) throws RepositoryException, NotExecutableException;
+
+    protected abstract Map<String, Value> getTestRestrictions() throws RepositoryException;
+    
     public void testIsAllow() throws RepositoryException, NotExecutableException {
         JackrabbitAccessControlEntry tmpl = createEntry(new String[] {Privilege.JCR_READ},
true);
         assertTrue(tmpl.isAllow());
@@ -117,18 +128,32 @@ public abstract class AbstractEntryTest 
 
     public void testEquals() throws RepositoryException, NotExecutableException  {
 
-        JackrabbitAccessControlEntry ace = createEntry(new String[] {Privilege.JCR_ALL},
true);
-        List<JackrabbitAccessControlEntry> equalAces = new ArrayList<JackrabbitAccessControlEntry>();
-        equalAces.add(createEntry(new String[] {Privilege.JCR_ALL}, true));
+        Map<AccessControlEntry, AccessControlEntry> equalAces = new HashMap<AccessControlEntry,
AccessControlEntry>();
 
-        Privilege[] privs = acMgr.privilegeFromName(Privilege.JCR_ALL).getDeclaredAggregatePrivileges();
-        equalAces.add(createEntry(testPrincipal, privs, true));
+        JackrabbitAccessControlEntry ace = createEntry(new String[] {Privilege.JCR_ALL},
true);
+        // create same entry again
+        equalAces.put(ace, createEntry(new String[] {Privilege.JCR_ALL}, true));
 
-        privs = acMgr.privilegeFromName(Privilege.JCR_ALL).getAggregatePrivileges();
-        equalAces.add(createEntry(testPrincipal, privs, true));
+        // create entry with declared aggregate privileges
+        Privilege[] declaredAllPrivs = acMgr.privilegeFromName(Privilege.JCR_ALL).getDeclaredAggregatePrivileges();
+        equalAces.put(ace, createEntry(testPrincipal, declaredAllPrivs, true));
+
+        // create entry with aggregate privileges
+        Privilege[] aggregateAllPrivs = acMgr.privilegeFromName(Privilege.JCR_ALL).getAggregatePrivileges();
+        equalAces.put(ace, createEntry(testPrincipal, aggregateAllPrivs, true));
+
+        // create entry with different privilege order
+        List<Privilege> reordered = new ArrayList<Privilege>(Arrays.asList(aggregateAllPrivs));
+        reordered.add(reordered.remove(0));
+        equalAces.put(createEntry(testPrincipal, reordered.toArray(new Privilege[reordered.size()]),
true),
+                      createEntry(testPrincipal, aggregateAllPrivs, true));
+
+        // even if entries are build with aggregated or declared aggregate privileges
+        equalAces.put(createEntry(testPrincipal, declaredAllPrivs, true),
+                      createEntry(testPrincipal, aggregateAllPrivs, true));
 
-        for (JackrabbitAccessControlEntry equalAce : equalAces) {
-            assertEquals(ace, equalAce);
+        for (AccessControlEntry entry : equalAces.keySet()) {
+            assertEquals(entry, equalAces.get(entry));
         }
     }
 
@@ -238,4 +263,31 @@ public abstract class AbstractEntryTest 
             // success
         }
     }
+
+    public void testCreateFromBase() throws RepositoryException, NotExecutableException {
+        Map<String, Value> testRestrictions = getTestRestrictions();
+        JackrabbitAccessControlEntry base = createEntry(testPrincipal, privilegesFromName(Privilege.JCR_READ),
false, testRestrictions);
+        assertEquals(testPrincipal, base.getPrincipal());
+        assertTrue(Arrays.equals(privilegesFromName(Privilege.JCR_READ), base.getPrivileges()));
+        assertFalse(base.isAllow());
+
+        Map<String, Value> baseRestrictions = new HashMap<String, Value>();
+        for (String name : base.getRestrictionNames()) {
+            baseRestrictions.put(name, base.getRestriction(name));
+        }
+        assertEquals(testRestrictions, baseRestrictions);
+
+
+        JackrabbitAccessControlEntry entry = createEntryFromBase(base, privilegesFromName(Privilege.JCR_WRITE),
true);
+        assertEquals(testPrincipal, entry.getPrincipal());
+        assertTrue(Arrays.equals(privilegesFromName(Privilege.JCR_WRITE), entry.getPrivileges()));
+        assertTrue(entry.isAllow());
+
+        Map<String, Value> entryRestrictions = new HashMap<String, Value>();
+        for (String name : entry.getRestrictionNames()) {
+            entryRestrictions.put(name, entry.getRestriction(name));
+        }
+        assertEquals(testRestrictions, entryRestrictions);
+
+    }
 }
\ No newline at end of file

Modified: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/PrivilegeManagerImplTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/PrivilegeManagerImplTest.java?rev=1082239&r1=1082238&r2=1082239&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/PrivilegeManagerImplTest.java
(original)
+++ jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/PrivilegeManagerImplTest.java
Wed Mar 16 18:07:07 2011
@@ -18,13 +18,21 @@ package org.apache.jackrabbit.core.secur
 
 import org.apache.jackrabbit.api.JackrabbitWorkspace;
 import org.apache.jackrabbit.api.security.authorization.PrivilegeManagerTest;
+import org.apache.jackrabbit.core.SessionImpl;
+import org.apache.jackrabbit.spi.commons.conversion.IllegalNameException;
 import org.apache.jackrabbit.test.NotExecutableException;
 
 import javax.jcr.AccessDeniedException;
+import javax.jcr.NamespaceException;
 import javax.jcr.RepositoryException;
 import javax.jcr.Session;
 import javax.jcr.security.AccessControlException;
 import javax.jcr.security.Privilege;
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.HashSet;
+import java.util.List;
+import java.util.Set;
 
 /**
  * <code>PrivilegeManagerTest</code>...
@@ -52,6 +60,57 @@ public class PrivilegeManagerImplTest ex
         }
         return privs;
     }
+    
+    private void assertPrivilege(Privilege priv, String name, boolean isAggregate, boolean
isAbstract) throws NamespaceException, IllegalNameException {
+        assertNotNull(priv);
+        assertPrivilegeName(name, priv.getName());
+        assertEquals(isAggregate, priv.isAggregate());
+        assertEquals(isAbstract, priv.isAbstract());
+    }
+
+    private void assertPrivilegeName(String name, String name2) throws NamespaceException,
IllegalNameException {
+        if (!((SessionImpl) superuser).getQName(name).equals(((SessionImpl) superuser).getQName(name2)))
{
+            fail();
+        }
+    }
+
+    public void testGetRegisteredPrivileges() throws RepositoryException {
+        Privilege[] registered = privilegeMgr.getRegisteredPrivileges();
+        Set<Privilege> set = new HashSet<Privilege>();
+        Privilege all = privilegeMgr.getPrivilege(Privilege.JCR_ALL);
+        set.add(all);
+        set.addAll(Arrays.asList(all.getAggregatePrivileges()));
+
+        for (Privilege p : registered) {
+            assertTrue(set.remove(p));
+        }
+        assertTrue(set.isEmpty());
+    }
+    
+    public void testGetPrivilege() throws RepositoryException {
+        assertPrivilege(privilegeMgr.getPrivilege(Privilege.JCR_READ), Privilege.JCR_READ,
false, false);
+        assertPrivilege(privilegeMgr.getPrivilege(Privilege.JCR_ADD_CHILD_NODES), Privilege.JCR_ADD_CHILD_NODES,
false, false);
+        assertPrivilege(privilegeMgr.getPrivilege(Privilege.JCR_REMOVE_CHILD_NODES), Privilege.JCR_REMOVE_CHILD_NODES,
false, false);
+        assertPrivilege(privilegeMgr.getPrivilege(Privilege.JCR_MODIFY_PROPERTIES), Privilege.JCR_MODIFY_PROPERTIES,
false, false);
+        assertPrivilege(privilegeMgr.getPrivilege(Privilege.JCR_REMOVE_NODE), Privilege.JCR_REMOVE_NODE,
false, false);
+        assertPrivilege(privilegeMgr.getPrivilege(Privilege.JCR_READ_ACCESS_CONTROL), Privilege.JCR_READ_ACCESS_CONTROL,
false, false);
+        assertPrivilege(privilegeMgr.getPrivilege(Privilege.JCR_MODIFY_ACCESS_CONTROL), Privilege.JCR_MODIFY_ACCESS_CONTROL,
false, false);
+        assertPrivilege(privilegeMgr.getPrivilege(Privilege.JCR_LIFECYCLE_MANAGEMENT), Privilege.JCR_LIFECYCLE_MANAGEMENT,
false, false);
+        assertPrivilege(privilegeMgr.getPrivilege(Privilege.JCR_LOCK_MANAGEMENT), Privilege.JCR_LOCK_MANAGEMENT,
false, false);
+        assertPrivilege(privilegeMgr.getPrivilege(Privilege.JCR_NODE_TYPE_MANAGEMENT), Privilege.JCR_NODE_TYPE_MANAGEMENT,
false, false);
+        assertPrivilege(privilegeMgr.getPrivilege(Privilege.JCR_RETENTION_MANAGEMENT), Privilege.JCR_RETENTION_MANAGEMENT,
false, false);
+        assertPrivilege(privilegeMgr.getPrivilege(Privilege.JCR_VERSION_MANAGEMENT), Privilege.JCR_VERSION_MANAGEMENT,
false, false);
+
+        assertPrivilege(privilegeMgr.getPrivilege(Privilege.JCR_ALL), Privilege.JCR_ALL,
true, false);
+        assertPrivilege(privilegeMgr.getPrivilege(Privilege.JCR_WRITE), Privilege.JCR_WRITE,
true, false);
+        assertPrivilege(privilegeMgr.getPrivilege(PrivilegeRegistry.REP_WRITE), PrivilegeRegistry.REP_WRITE,
true, false);
+    }
+
+    public void testIsCustom() throws RepositoryException {
+        for (Privilege builtin : privilegeMgr.getRegisteredPrivileges()) {
+            assertFalse(getPrivilegeManagerImpl().isCustomPrivilege(builtin));
+        }
+    }
 
     public void testGetBits() throws RepositoryException {
         Privilege p1 = privilegeMgr.getPrivilege(Privilege.JCR_ADD_CHILD_NODES);
@@ -86,16 +145,7 @@ public class PrivilegeManagerImplTest ex
 
     public void testGetBitsFromNull() {
         try {
-            getPrivilegeManagerImpl().getBits((Privilege[]) null);
-            fail("Should throw AccessControlException");
-        } catch (AccessControlException e) {
-            // ok
-        }
-    }
-
-    public void testGetBitsFromNullString() {
-        try {
-            getPrivilegeManagerImpl().getBits((String[]) null);
+            getPrivilegeManagerImpl().getBits(null);
             fail("Should throw AccessControlException");
         } catch (AccessControlException e) {
             // ok
@@ -111,15 +161,6 @@ public class PrivilegeManagerImplTest ex
         }
     }
 
-    public void testGetBitsFromEmptyStringArray() throws AccessControlException {
-        try {
-            getPrivilegeManagerImpl().getBits(new String[0]);
-            fail("Should throw AccessControlException");
-        } catch (AccessControlException e) {
-            // ok
-        }
-    }
-
     public void testGetBitsWithInvalidPrivilege() {
         Privilege p = buildCustomPrivilege("anyName", null);
         try {
@@ -131,11 +172,11 @@ public class PrivilegeManagerImplTest ex
     }
 
     public void testGetPrivilegesFromBits() throws RepositoryException {
-        Privilege[] pvs = getPrivilegeManagerImpl().getPrivileges(getPrivilegeManagerImpl().getBits(privilegesFromNames(new
String[] {Privilege.JCR_READ_ACCESS_CONTROL})));
+        Set<Privilege> pvs = getPrivilegeManagerImpl().getPrivileges(getPrivilegeManagerImpl().getBits(privilegesFromNames(new
String[] {Privilege.JCR_READ_ACCESS_CONTROL})));
 
         assertTrue(pvs != null);
-        assertTrue(pvs.length == 1);
-        assertSamePrivilegeName(pvs[0].getName(), Privilege.JCR_READ_ACCESS_CONTROL);
+        assertTrue(pvs.size() == 1);
+        assertSamePrivilegeName(pvs.iterator().next().getName(), Privilege.JCR_READ_ACCESS_CONTROL);
     }
 
     public void testGetPrivilegesFromBits2() throws RepositoryException {
@@ -146,13 +187,14 @@ public class PrivilegeManagerImplTest ex
                 Privilege.JCR_MODIFY_PROPERTIES
         };
         int writeBits = getPrivilegeManagerImpl().getBits(privilegesFromNames(names));
-        Privilege[] pvs = getPrivilegeManagerImpl().getPrivileges(writeBits);
+        Set<Privilege> pvs = getPrivilegeManagerImpl().getPrivileges(writeBits);
 
         assertTrue(pvs != null);
-        assertTrue(pvs.length == 1);
-        assertSamePrivilegeName(pvs[0].getName(), Privilege.JCR_WRITE);
-        assertTrue(pvs[0].isAggregate());
-        assertTrue(pvs[0].getDeclaredAggregatePrivileges().length == names.length);
+        assertTrue(pvs.size() == 1);
+        Privilege p = pvs.iterator().next();
+        assertSamePrivilegeName(p.getName(), Privilege.JCR_WRITE);
+        assertTrue(p.isAggregate());
+        assertTrue(p.getDeclaredAggregatePrivileges().length == names.length);
     }
 
     public void testGetPrivilegesFromBits3() throws RepositoryException {
@@ -160,12 +202,13 @@ public class PrivilegeManagerImplTest ex
                 PrivilegeRegistry.REP_WRITE
         };
         int writeBits = getPrivilegeManagerImpl().getBits(privilegesFromNames(names));
-        Privilege[] pvs = getPrivilegeManagerImpl().getPrivileges(writeBits);
+        Set<Privilege> pvs = getPrivilegeManagerImpl().getPrivileges(writeBits);
 
         assertTrue(pvs != null);
-        assertTrue(pvs.length == 1);
-        assertSamePrivilegeName(pvs[0].getName(), PrivilegeRegistry.REP_WRITE);
-        assertTrue(pvs[0].isAggregate());
+        assertTrue(pvs.size() == 1);
+        Privilege p = pvs.iterator().next();
+        assertSamePrivilegeName(p.getName(), PrivilegeRegistry.REP_WRITE);
+        assertTrue(p.isAggregate());
 
         names = new String[] {
                 PrivilegeRegistry.REP_WRITE,
@@ -175,10 +218,11 @@ public class PrivilegeManagerImplTest ex
         pvs = getPrivilegeManagerImpl().getPrivileges(writeBits);
 
         assertTrue(pvs != null);
-        assertTrue(pvs.length == 1);
-        assertSamePrivilegeName(pvs[0].getName(), PrivilegeRegistry.REP_WRITE);
-        assertTrue(pvs[0].isAggregate());
-        assertTrue(pvs[0].getDeclaredAggregatePrivileges().length == names.length);
+        assertTrue(pvs.size() == 1);
+        p = pvs.iterator().next();
+        assertSamePrivilegeName(p.getName(), PrivilegeRegistry.REP_WRITE);
+        assertTrue(p.isAggregate());
+        assertTrue(p.getDeclaredAggregatePrivileges().length == names.length);
     }
 
     public void testGetPrivilegesFromBits4() throws RepositoryException {
@@ -187,10 +231,10 @@ public class PrivilegeManagerImplTest ex
                 Privilege.JCR_LIFECYCLE_MANAGEMENT
         };
         int writeBits = getPrivilegeManagerImpl().getBits(privilegesFromNames(names));
-        Privilege[] pvs = getPrivilegeManagerImpl().getPrivileges(writeBits);
+        Set<Privilege> pvs = getPrivilegeManagerImpl().getPrivileges(writeBits);
 
         assertTrue(pvs != null);
-        assertTrue(pvs.length == 2);
+        assertTrue(pvs.size() == 2);
     }
 
     public void testRegisterPrivilegeAsNonAdmin() throws RepositoryException {

Modified: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/PrivilegeRegistryTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/PrivilegeRegistryTest.java?rev=1082239&r1=1082238&r2=1082239&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/PrivilegeRegistryTest.java
(original)
+++ jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/PrivilegeRegistryTest.java
Wed Mar 16 18:07:07 2011
@@ -16,6 +16,9 @@
  */
 package org.apache.jackrabbit.core.security.authorization;
 
+import org.apache.jackrabbit.api.security.authorization.PrivilegeManager;
+import org.apache.jackrabbit.commons.privilege.PrivilegeDefinition;
+import org.apache.jackrabbit.commons.privilege.PrivilegeDefinitionWriter;
 import org.apache.jackrabbit.core.RepositoryImpl;
 import org.apache.jackrabbit.core.SessionImpl;
 import org.apache.jackrabbit.core.fs.FileSystem;
@@ -28,9 +31,11 @@ import org.apache.jackrabbit.spi.commons
 import org.apache.jackrabbit.test.AbstractJCRTest;
 
 import javax.jcr.RepositoryException;
+import javax.jcr.Session;
 import javax.jcr.security.AccessControlException;
 import javax.jcr.security.Privilege;
 import java.io.IOException;
+import java.io.OutputStream;
 import java.io.OutputStreamWriter;
 import java.io.Writer;
 import java.util.ArrayList;
@@ -38,6 +43,7 @@ import java.util.Arrays;
 import java.util.Collections;
 import java.util.HashMap;
 import java.util.HashSet;
+import java.util.LinkedHashMap;
 import java.util.List;
 import java.util.Map;
 import java.util.Set;
@@ -57,6 +63,10 @@ public class PrivilegeRegistryTest exten
         privilegeRegistry = new PrivilegeRegistry(resolver);
     }
 
+    private int getBits(PrivilegeRegistry.Definition def) {
+        return privilegeRegistry.getBits(new PrivilegeRegistry.Definition[] {def});
+    }
+
     public void testGetAll() throws RepositoryException {
 
         PrivilegeRegistry.Definition[] defs = privilegeRegistry.getAll();
@@ -100,7 +110,7 @@ public class PrivilegeRegistryTest exten
             assertTrue(d.declaredAggregateNames.containsAll(l));
             assertTrue(l.containsAll(d.declaredAggregateNames));
 
-            assertTrue(d.getBits() > PrivilegeRegistry.NO_PRIVILEGE);
+            assertTrue(getBits(d) > PrivilegeRegistry.NO_PRIVILEGE);
         }
     }
 
@@ -115,7 +125,7 @@ public class PrivilegeRegistryTest exten
             for (Name n : l) {
                 PrivilegeRegistry.Definition d = privilegeRegistry.get(n);
                 assertNotNull(d);
-                Name[] names = privilegeRegistry.getNames(d.getBits());
+                Name[] names = privilegeRegistry.getNames(getBits(d));
                 assertNotNull(names);
                 assertEquals(1, names.length);
                 assertEquals(d.name, names[0]);
@@ -134,11 +144,11 @@ public class PrivilegeRegistryTest exten
             assertEquals(def.isAbstract, def.isAbstract());
 
             assertNotNull(def.declaredAggregateNames);
-            List l = Arrays.asList(def.getDeclaredAggregateNames());
+            List<Name> l = Arrays.asList(def.getDeclaredAggregateNames());
             assertTrue(def.declaredAggregateNames.containsAll(l));
             assertTrue(l.containsAll(def.declaredAggregateNames));
 
-            assertTrue(def.getBits() > PrivilegeRegistry.NO_PRIVILEGE);
+            assertTrue(getBits(def) > PrivilegeRegistry.NO_PRIVILEGE);
         }
     }
 
@@ -295,7 +305,7 @@ public class PrivilegeRegistryTest exten
 
     public void testGetBitsFromNull() {
         try {
-            PrivilegeRegistry.getBits(null);
+            PrivilegeRegistry.getBits((Privilege[]) null);
             fail("Should throw AccessControlException");
         } catch (AccessControlException e) {
             // ok
@@ -459,24 +469,24 @@ public class PrivilegeRegistryTest exten
         if (!resource.exists()) {
             resource.makeParentDirs();
         }
-        StringBuilder sb = new StringBuilder();
-        sb.append("{}test;;{}test2\n");
-        sb.append("{}test4;abstract;{}test5\n");
-        sb.append("{}test5;;{}test3\n");
-        sb.append("{}test3;;{}test\n");
-        sb.append("{}test2;;{}test4");
-
-        Writer writer = new OutputStreamWriter(resource.getOutputStream(), "utf-8");
-        writer.write(sb.toString());
-        writer.flush();
-        writer.close();
 
+        OutputStream out = resource.getOutputStream();
         try {
+            List<PrivilegeDefinition> defs = new ArrayList<PrivilegeDefinition>();
+            defs.add(new PrivilegeDefinition("test", false, new String[] {"test2"}));
+            defs.add(new PrivilegeDefinition("test4", true, new String[] {"test5"}));
+            defs.add(new PrivilegeDefinition("test5", false, new String[] {"test3"}));
+            defs.add(new PrivilegeDefinition("test3", false, new String[] {"test"}));
+            defs.add(new PrivilegeDefinition("test2", false, new String[] {"test4"}));
+            PrivilegeDefinitionWriter pdw = new PrivilegeDefinitionWriter("text/xml");
+            pdw.writeDefinitions(out, defs.toArray(new PrivilegeDefinition[defs.size()]),
Collections.<String, String>emptyMap());
+
             new PrivilegeRegistry(superuser.getWorkspace().getNamespaceRegistry(), fs);
             fail("Cyclic definitions must be detected upon registry startup.");
         } catch (RepositoryException e) {
             // success
         } finally {
+            out.close();
             fs.deleteFolder("/privileges");
         }
     }
@@ -511,10 +521,20 @@ public class PrivilegeRegistryTest exten
             PrivilegeRegistry pr = new PrivilegeRegistry(superuser.getWorkspace().getNamespaceRegistry(),
fs);
 
             Map<Name, Set<Name>> newAggregates = new HashMap<Name, Set<Name>>();
+            // same as jcr:read
             newAggregates.put(resolver.getQName("jcr:newAggregate"), Collections.singleton(NameConstants.JCR_READ));
+            // aggregated combining built-in and an unknown privilege
             newAggregates.put(resolver.getQName("jcr:newAggregate"), createNameSet(NameConstants.JCR_READ,
resolver.getQName("unknownPrivilege")));
+            // aggregate containing unknown privilege
+            newAggregates.put(resolver.getQName("newAggregate"), createNameSet(resolver.getQName("unknownPrivilege")));
+            // aggregated combining built-in and custom
             newAggregates.put(resolver.getQName("newAggregate"), createNameSet(NameConstants.JCR_READ,
resolver.getQName("unknownPrivilege")));
+            // custom aggregated contains itself
             newAggregates.put(resolver.getQName("newAggregate"), createNameSet(resolver.getQName("newAggregate")));
+            // same as rep:write
+            newAggregates.put(resolver.getQName("repWriteAggregate"), createNameSet(NameConstants.JCR_MODIFY_PROPERTIES,
NameConstants.JCR_ADD_CHILD_NODES, NameConstants.JCR_NODE_TYPE_MANAGEMENT, NameConstants.JCR_REMOVE_CHILD_NODES,NameConstants.JCR_REMOVE_NODE));
+            // aggregating built-in -> currently not supported
+            newAggregates.put(resolver.getQName("aggrBuiltIn"), createNameSet(NameConstants.JCR_MODIFY_PROPERTIES,
NameConstants.JCR_READ));
 
             for (Name name : newAggregates.keySet()) {
                 try {
@@ -529,6 +549,44 @@ public class PrivilegeRegistryTest exten
         }
     }
 
+    public void testRegisterInvalidNewAggregate2() throws RepositoryException, FileSystemException
{
+        FileSystem fs = ((RepositoryImpl) superuser.getRepository()).getConfig().getFileSystem();
+        try {
+            PrivilegeRegistry pr = new PrivilegeRegistry(superuser.getWorkspace().getNamespaceRegistry(),
fs);
+
+            Map<Name, Set<Name>> newCustomPrivs = new LinkedHashMap<Name,
Set<Name>>();
+            newCustomPrivs.put(resolver.getQName("new"), Collections.<Name>emptySet());
+            newCustomPrivs.put(resolver.getQName("new2"), Collections.<Name>singleton(resolver.getQName("new")));
+
+            for (Name name : newCustomPrivs.keySet()) {
+                boolean isAbstract = true;
+                Set<Name> aggrNames = newCustomPrivs.get(name);
+                pr.registerDefinition(name, isAbstract, aggrNames);
+            }
+
+            Map<Name, Set<Name>> newAggregates = new HashMap<Name, Set<Name>>();
+            // a new aggregate of custom and built-in privilege
+            newAggregates.put(resolver.getQName("newA1"), createNameSet(resolver.getQName("new"),
NameConstants.JCR_READ));
+            // other illegal aggregates already represented by registered definition.
+            newAggregates.put(resolver.getQName("newA2"), Collections.<Name>singleton(resolver.getQName("new")));
+            newAggregates.put(resolver.getQName("newA3"), Collections.<Name>singleton(resolver.getQName("new2")));
+
+            for (Name name : newAggregates.keySet()) {
+                boolean isAbstract = false;
+                Set<Name> aggrNames = newAggregates.get(name);
+
+                try {
+                    pr.registerDefinition(name, isAbstract, aggrNames);
+                    fail("Invalid aggregation in definition '"+ name.toString()+"' : Exception
expected");
+                } catch (RepositoryException e) {
+                    // success
+                }
+            }
+        } finally {
+            fs.deleteFolder("/privileges");
+        }
+    }
+
     public void testRegisterCustomPrivileges() throws RepositoryException, FileSystemException
{
         FileSystem fs = ((RepositoryImpl) superuser.getRepository()).getConfig().getFileSystem();
         try {
@@ -541,10 +599,13 @@ public class PrivilegeRegistryTest exten
             for (Name name : newCustomPrivs.keySet()) {
                 boolean isAbstract = true;
                 Set<Name> aggrNames = newCustomPrivs.get(name);
+
                 pr.registerDefinition(name, isAbstract, aggrNames);
-                PrivilegeRegistry.Definition definition = pr.get(name);
 
+                // validate definition
+                PrivilegeRegistry.Definition definition = pr.get(name);
                 assertNotNull(definition);
+                assertTrue(definition.isCustom());
                 assertEquals(name, definition.getName());
                 assertTrue(definition.isAbstract());
                 assertTrue(definition.declaredAggregateNames.isEmpty());
@@ -552,6 +613,7 @@ public class PrivilegeRegistryTest exten
                 for (Name n : aggrNames) {
                     assertTrue(definition.declaredAggregateNames.contains(n));
                 }
+                assertEquals(PrivilegeRegistry.NO_PRIVILEGE, getBits(definition));
 
                 List<Name> allAgg = Arrays.asList(pr.get(NameConstants.JCR_ALL).getDeclaredAggregateNames());
                 assertTrue(allAgg.contains(name));
@@ -564,14 +626,13 @@ public class PrivilegeRegistryTest exten
                 for (Name n : aggrNames) {
                     assertTrue(def.declaredAggregateNames.contains(n));
                 }
+
+                assertPrivilege(pr, (SessionImpl) superuser, definition);
             }
 
             Map<Name, Set<Name>> newAggregates = new HashMap<Name, Set<Name>>();
-            // a new aggregate of existing built-in privileges
-            newAggregates.put(resolver.getQName("newA1"), createNameSet(NameConstants.JCR_READ,
NameConstants.JCR_RETENTION_MANAGEMENT));
-            // a new aggregate of custom and built-in privilege
-            newAggregates.put(resolver.getQName("newA2"), createNameSet(resolver.getQName("new"),
NameConstants.JCR_READ));
-            newAggregates.put(resolver.getQName("newA3"), createNameSet(resolver.getQName("test:new"),
resolver.getQName("new")));
+            // a new aggregate of custom privileges
+            newAggregates.put(resolver.getQName("newA2"), createNameSet(resolver.getQName("test:new"),
resolver.getQName("new")));
 
             for (Name name : newAggregates.keySet()) {
                 boolean isAbstract = false;
@@ -580,6 +641,7 @@ public class PrivilegeRegistryTest exten
                 PrivilegeRegistry.Definition definition = pr.get(name);
 
                 assertNotNull(definition);
+                assertTrue(definition.isCustom());                
                 assertEquals(name, definition.getName());
                 assertFalse(definition.isAbstract());
                 assertFalse(definition.declaredAggregateNames.isEmpty());
@@ -588,6 +650,8 @@ public class PrivilegeRegistryTest exten
                     assertTrue(definition.declaredAggregateNames.contains(n));
                 }
 
+                assertEquals(PrivilegeRegistry.NO_PRIVILEGE, getBits(definition));
+
                 List<Name> allAgg = Arrays.asList(pr.get(NameConstants.JCR_ALL).getDeclaredAggregateNames());
                 assertTrue(allAgg.contains(name));
 
@@ -600,6 +664,74 @@ public class PrivilegeRegistryTest exten
                 for (Name n : aggrNames) {
                     assertTrue(def.declaredAggregateNames.contains(n));
                 }
+
+                assertPrivilege(registry, (SessionImpl) superuser, def);
+            }
+        } finally {
+            fs.deleteFolder("/privileges");
+        }
+    }
+
+    private static void assertPrivilege(PrivilegeRegistry registry, SessionImpl session,
PrivilegeRegistry.Definition def) throws RepositoryException {
+
+        PrivilegeManagerImpl pmgr = new PrivilegeManagerImpl(registry, session);
+        Privilege p = pmgr.getPrivilege(session.getJCRName(def.getName()));
+
+        assertNotNull(p);
+        
+        assertEquals(def.isCustom(), pmgr.isCustomPrivilege(p));
+        assertEquals(def.isAbstract(), p.isAbstract());
+        Name[] danames = def.getDeclaredAggregateNames();
+        assertEquals(danames.length > 0, p.isAggregate());
+        assertEquals(danames.length, p.getDeclaredAggregatePrivileges().length);
+    }
+
+    public void testCustomEquivalentDefinitions() throws RepositoryException, FileSystemException,
IOException {
+        // setup the custom privilege file with cyclic references
+        FileSystem fs = ((RepositoryImpl) superuser.getRepository()).getConfig().getFileSystem();
+        FileSystemResource resource = new FileSystemResource(fs, "/privileges/custom_privileges.xml");
+        if (!resource.exists()) {
+            resource.makeParentDirs();
+        }
+
+        OutputStream out = resource.getOutputStream();
+        try {
+            List<PrivilegeDefinition> defs = new ArrayList<PrivilegeDefinition>();
+            defs.add(new PrivilegeDefinition("test", false, new String[] {"test2","test3"}));
+            defs.add(new PrivilegeDefinition("test2", true, new String[] {"test4"}));
+            defs.add(new PrivilegeDefinition("test3", true, new String[] {"test5"}));
+            defs.add(new PrivilegeDefinition("test4", true, new String[0]));
+            defs.add(new PrivilegeDefinition("test5", true, new String[0]));
+
+            // the equivalent definition to 'test'
+            defs.add(new PrivilegeDefinition("test6", false, new String[] {"test2","test5"}));
+            
+            PrivilegeDefinitionWriter pdw = new PrivilegeDefinitionWriter("text/xml");
+            pdw.writeDefinitions(out, defs.toArray(new PrivilegeDefinition[defs.size()]),
Collections.<String, String>emptyMap());
+
+            new PrivilegeRegistry(superuser.getWorkspace().getNamespaceRegistry(), fs);
+            fail("Equivalent definitions must be detected upon registry startup.");
+        } catch (RepositoryException e) {
+            // success
+        } finally {
+            out.close();
+            fs.deleteFolder("/privileges");
+        }
+    }
+
+    public void testRegister100CustomPrivileges() throws RepositoryException, FileSystemException
{
+        FileSystem fs = ((RepositoryImpl) superuser.getRepository()).getConfig().getFileSystem();
+        try {
+            PrivilegeRegistry pr = new PrivilegeRegistry(superuser.getWorkspace().getNamespaceRegistry(),
fs);
+
+            for (int i = 0; i < 100; i++) {
+                boolean isAbstract = true;
+                Name name = ((SessionImpl) superuser).getQName("test"+i);
+                pr.registerDefinition(name, isAbstract, Collections.<Name>emptySet());
+                PrivilegeRegistry.Definition definition = pr.get(name);
+
+                assertNotNull(definition);
+                assertEquals(name, definition.getName());
             }
         } finally {
             fs.deleteFolder("/privileges");

Modified: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/acl/EntryTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/acl/EntryTest.java?rev=1082239&r1=1082238&r2=1082239&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/acl/EntryTest.java
(original)
+++ jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/acl/EntryTest.java
Wed Mar 16 18:07:07 2011
@@ -58,6 +58,26 @@ public class EntryTest extends AbstractE
         return acl.createEntry(principal, privileges, isAllow, Collections.<String, Value>emptyMap());
     }
 
+    @Override
+    protected JackrabbitAccessControlEntry createEntry(Principal principal, Privilege[] privileges,
boolean isAllow, Map<String, Value> restrictions) throws RepositoryException {
+        return acl.createEntry(principal, privileges, isAllow, restrictions);
+    }
+
+    @Override
+    protected JackrabbitAccessControlEntry createEntryFromBase(JackrabbitAccessControlEntry
base, Privilege[] privileges, boolean isAllow) throws RepositoryException, NotExecutableException
{
+        if (base instanceof ACLTemplate.Entry) {
+            return acl.createEntry((ACLTemplate.Entry) base, privileges, isAllow);
+        } else {
+            throw new NotExecutableException();
+        }
+    }
+
+    @Override
+    protected Map<String, Value> getTestRestrictions() throws RepositoryException {
+        String restrName = ((SessionImpl) superuser).getJCRName(ACLTemplate.P_GLOB);
+        return Collections.singletonMap(restrName, superuser.getValueFactory().createValue("/.*"));
       
+    }
+
     public void testIsLocal() throws NotExecutableException, RepositoryException {
         ACLTemplate.Entry entry = (ACLTemplate.Entry) createEntry(new String[] {Privilege.JCR_READ},
true);
 

Modified: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/principalbased/EntryTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/principalbased/EntryTest.java?rev=1082239&r1=1082238&r2=1082239&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/principalbased/EntryTest.java
(original)
+++ jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/principalbased/EntryTest.java
Wed Mar 16 18:07:07 2011
@@ -71,11 +71,26 @@ public class EntryTest extends AbstractE
         return (JackrabbitAccessControlEntry) acl.createEntry(principal, privileges, isAllow,
restrictions);
     }
 
-    private JackrabbitAccessControlEntry createEntry(Principal principal, Privilege[] privileges,
boolean isAllow, Map<String, Value> restrictions)
+    @Override
+    protected JackrabbitAccessControlEntry createEntry(Principal principal, Privilege[] privileges,
boolean isAllow, Map<String, Value> restrictions)
             throws RepositoryException {
         return (JackrabbitAccessControlEntry) acl.createEntry(principal, privileges, isAllow,
restrictions);
     }
 
+    @Override
+    protected JackrabbitAccessControlEntry createEntryFromBase(JackrabbitAccessControlEntry
base, Privilege[] privileges, boolean isAllow) throws RepositoryException, NotExecutableException
{
+        Map<String, Value> restr = new HashMap<String, Value>();
+        for (String name : base.getRestrictionNames()) {
+            restr.put(name, base.getRestriction(name));
+        }
+        return (JackrabbitAccessControlEntry) acl.createEntry(base.getPrincipal(), privileges,
isAllow, restr);
+    }
+
+    @Override
+    protected Map<String, Value> getTestRestrictions() throws RepositoryException {
+        return restrictions;
+    }
+
     public void testNodePathMustNotBeNull() throws RepositoryException, NotExecutableException
{
         try {
             Privilege[] privs = privilegesFromName(Privilege.JCR_ALL);

Modified: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/UserAccessControlProviderTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/UserAccessControlProviderTest.java?rev=1082239&r1=1082238&r2=1082239&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/UserAccessControlProviderTest.java
(original)
+++ jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/UserAccessControlProviderTest.java
Wed Mar 16 18:07:07 2011
@@ -110,7 +110,7 @@ public class UserAccessControlProviderTe
 
             assertFalse(cp.canReadAll());
             assertFalse(cp.grants(rootPath, Permission.READ));
-            assertEquals(PrivilegeRegistry.NO_PRIVILEGE, cp.getPrivileges(rootPath));
+            assertTrue(cp.getPrivilegeSet(rootPath).isEmpty());
             assertSame(CompiledPermissions.NO_PERMISSION, cp);
         }
     }
@@ -139,7 +139,7 @@ public class UserAccessControlProviderTe
             if (cp != null) {
                 assertFalse(cp.canReadAll());
                 assertFalse(cp.grants(rootPath, Permission.READ));
-                assertEquals(PrivilegeRegistry.NO_PRIVILEGE, cp.getPrivileges(rootPath));
+                assertTrue(cp.getPrivilegeSet(rootPath).isEmpty());
             }
         }
     }



Mime
View raw message