jackrabbit-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ang...@apache.org
Subject svn commit: r1177668 [2/2] - in /jackrabbit/trunk: jackrabbit-core/src/main/java/org/apache/jackrabbit/core/ jackrabbit-core/src/main/java/org/apache/jackrabbit/core/nodetype/ jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/ jackrabbi...
Date Fri, 30 Sep 2011 14:03:12 GMT
Added: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/AbstractRepositoryOperationTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/AbstractRepositoryOperationTest.java?rev=1177668&view=auto
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/AbstractRepositoryOperationTest.java
(added)
+++ jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/AbstractRepositoryOperationTest.java
Fri Sep 30 14:03:11 2011
@@ -0,0 +1,485 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.core.security.authorization;
+
+import org.apache.jackrabbit.api.JackrabbitWorkspace;
+import org.apache.jackrabbit.api.security.JackrabbitAccessControlPolicy;
+import org.apache.jackrabbit.core.SessionImpl;
+import org.apache.jackrabbit.core.security.AccessManager;
+import org.apache.jackrabbit.spi.Name;
+import org.apache.jackrabbit.spi.commons.name.NameConstants;
+import org.apache.jackrabbit.test.NotExecutableException;
+
+import javax.jcr.AccessDeniedException;
+import javax.jcr.RepositoryException;
+import javax.jcr.UnsupportedRepositoryOperationException;
+import javax.jcr.Workspace;
+import javax.jcr.nodetype.NodeTypeManager;
+import javax.jcr.nodetype.NodeTypeTemplate;
+import javax.jcr.security.AccessControlEntry;
+import javax.jcr.security.AccessControlList;
+import javax.jcr.security.AccessControlManager;
+import javax.jcr.security.AccessControlPolicy;
+import javax.jcr.security.AccessControlPolicyIterator;
+import javax.jcr.security.Privilege;
+import java.util.Arrays;
+import java.util.List;
+
+/**
+ * <code>AbstractRepositoryOperationTest</code>...
+ */
+public abstract class AbstractRepositoryOperationTest extends AbstractEvaluationTest {
+
+    @Override
+    protected void setUp() throws Exception {
+        super.setUp();
+    }
+
+    private Workspace getTestWorkspace() throws RepositoryException {
+        return getTestSession().getWorkspace();
+    }
+
+    private void assertDefaultPrivileges(Name privName) throws Exception {
+        Privilege[] privs = privilegesFromName(privName.toString());
+        // admin must be allowed
+        assertTrue(superuser.getAccessControlManager().hasPrivileges(null, privs));
+        // test user must not be allowed
+        assertFalse(getTestACManager().hasPrivileges(null, privs));
+    }
+
+    private void assertPrivilege(Name privName, boolean isAllow) throws Exception {
+        Privilege[] privs = privilegesFromName(privName.toString());
+        assertEquals(isAllow, getTestACManager().hasPrivileges(null, privs));
+    }
+
+    private void assertPermission(int permission, boolean isAllow) throws Exception {
+        AccessManager acMgr = ((SessionImpl) getTestSession()).getAccessManager();
+        try {
+            acMgr.checkRepositoryPermission(permission);
+            if (!isAllow) {
+                fail();
+            }
+        } catch (AccessDeniedException e) {
+            if (isAllow) {
+                fail();
+            }
+        }
+    }
+
+    private String getNewWorkspaceName(Workspace wsp) throws RepositoryException {
+        List<String> awn = Arrays.asList(wsp.getAccessibleWorkspaceNames());
+        String workspaceName = "new";
+        int i = 0;
+        while (awn.contains(workspaceName)) {
+            workspaceName =  "new_" + i++;
+        }
+        return workspaceName;
+    }
+
+    private String getNewNamespacePrefix(Workspace wsp) throws RepositoryException {
+        String prefix = "prefix";
+        List<String> pfcs = Arrays.asList(wsp.getNamespaceRegistry().getPrefixes());
+        int i = 0;
+        while (pfcs.contains(prefix)) {
+            prefix = "prefix" + i++;
+        }
+        return prefix;
+    }
+
+    private String getNewNamespaceURI(Workspace wsp) throws RepositoryException {
+        String uri = "http://jackrabbit.apache.org/uri";
+        List<String> uris = Arrays.asList(wsp.getNamespaceRegistry().getURIs());
+        int i = 0;
+        while (uris.contains(uri)) {
+            uri = "http://jackrabbit.apache.org/uri_" + i++;
+        }
+        return uri;
+    }
+
+    private String getNewPrivilegeName(Workspace wsp) throws RepositoryException, NotExecutableException
{
+        String privName = null;
+        AccessControlManager acMgr = wsp.getSession().getAccessControlManager();
+        for (int i = 0; i < 100; i++) {
+            try {
+                Privilege p = acMgr.privilegeFromName(privName);
+                privName = "privilege-" + i;
+            } catch (Exception e) {
+                break;
+            }
+        }
+
+        if (privName == null) {
+            throw new NotExecutableException("failed to define new privilege name.");
+        }
+        return privName;
+    }
+
+    public void testWorkspaceCreation() throws Exception {
+        assertDefaultPrivileges(NameConstants.JCR_WORKSPACE_MANAGEMENT);
+
+        String wspName = getNewWorkspaceName(superuser.getWorkspace());
+        try {
+            getTestWorkspace().createWorkspace(wspName);
+            fail("Workspace creation should be denied.");
+        } catch (AccessDeniedException e) {
+            // success
+        }
+
+        wspName = getNewWorkspaceName(superuser.getWorkspace());
+        try {
+            Workspace wsp = getTestWorkspace();
+            wsp.createWorkspace(wspName, wsp.getName());
+            fail("Workspace creation should be denied.");
+        } catch (AccessDeniedException e) {
+            // success
+        }
+    }
+
+    public void testWorkspaceCreationWithPrivilege() throws Exception {
+        assertDefaultPrivileges(NameConstants.JCR_WORKSPACE_MANAGEMENT);
+        assertPermission(Permission.WORKSPACE_MNGMT, false);
+
+        modifyPrivileges(null, NameConstants.JCR_WORKSPACE_MANAGEMENT.toString(), true);
+        // assert that permission have changed:
+        assertPrivilege(NameConstants.JCR_WORKSPACE_MANAGEMENT, true);
+        assertPermission(Permission.WORKSPACE_MNGMT, true);
+
+        try {
+            Workspace testWsp = getTestWorkspace();
+            testWsp.createWorkspace(getNewWorkspaceName(superuser.getWorkspace()));
+        } finally {
+            modifyPrivileges(null, NameConstants.JCR_WORKSPACE_MANAGEMENT.toString(), false);
+        }
+
+        assertPrivilege(NameConstants.JCR_WORKSPACE_MANAGEMENT, false);
+        assertPermission(Permission.WORKSPACE_MNGMT, false);
+    }
+
+    public void testWorkspaceDeletion() throws Exception {
+        assertDefaultPrivileges(NameConstants.JCR_WORKSPACE_MANAGEMENT);
+        assertPermission(Permission.WORKSPACE_MNGMT, false);
+
+        Workspace wsp = superuser.getWorkspace();
+        String workspaceName = getNewWorkspaceName(wsp);
+
+        wsp.createWorkspace(workspaceName);
+        try {
+            Workspace testWsp = getTestWorkspace();
+            List<String> wspNames = Arrays.asList(testWsp.getAccessibleWorkspaceNames());
+            if (wspNames.contains(workspaceName)) {
+                testWsp.deleteWorkspace(workspaceName);
+                fail("Workspace deletion should be denied.");
+            }
+        } catch (AccessDeniedException e) {
+            // success
+        } finally {
+            // clean up (not supported by jackrabbit-core)
+            try {
+                superuser.getWorkspace().deleteWorkspace(workspaceName);
+            } catch (Exception e) {
+                // workspace removal is not supported by jackrabbit-core.
+            }
+        }
+    }
+
+    public void testRegisterNodeType() throws Exception {
+        assertDefaultPrivileges(NameConstants.JCR_NODE_TYPE_DEFINITION_MANAGEMENT);
+        assertPermission(Permission.NODE_TYPE_DEF_MNGMT, false);
+
+        Workspace testWsp = getTestWorkspace();
+        NodeTypeManager ntm = testWsp.getNodeTypeManager();
+        NodeTypeTemplate ntd = ntm.createNodeTypeTemplate();
+        ntd.setName("testNodeType");
+        ntd.setMixin(true);
+
+        try {
+            ntm.registerNodeType(ntd, true);
+            fail("Node type registration should be denied.");
+        } catch (AccessDeniedException e) {
+            // success
+        }
+        try {
+            ntm.registerNodeType(ntd, false);
+            fail("Node type registration should be denied.");
+        } catch (AccessDeniedException e) {
+            // success
+        }
+
+        NodeTypeTemplate[] ntds = new NodeTypeTemplate[2];
+        ntds[0] = ntd;
+        ntds[1] = ntm.createNodeTypeTemplate();
+        ntds[1].setName("anotherNodeType");
+        ntds[1].setDeclaredSuperTypeNames(new String[] {"nt:file"});
+        try {
+            ntm.registerNodeTypes(ntds, true);
+            fail("Node type registration should be denied.");
+        } catch (AccessDeniedException e) {
+            // success
+        }
+
+        try {
+            ntm.registerNodeTypes(ntds, false);
+            fail("Node type registration should be denied.");
+        } catch (AccessDeniedException e) {
+            // success
+        }
+    }
+
+    public void testRegisterNodeTypeWithPrivilege() throws Exception {
+        assertDefaultPrivileges(NameConstants.JCR_NODE_TYPE_DEFINITION_MANAGEMENT);
+        assertPermission(Permission.NODE_TYPE_DEF_MNGMT, false);
+
+        modifyPrivileges(null, NameConstants.JCR_NODE_TYPE_DEFINITION_MANAGEMENT.toString(),
true);
+        assertPrivilege(NameConstants.JCR_NODE_TYPE_DEFINITION_MANAGEMENT, true);
+        assertPermission(Permission.NODE_TYPE_DEF_MNGMT, true);
+
+        try {
+            Workspace testWsp = getTestWorkspace();
+            NodeTypeManager ntm = testWsp.getNodeTypeManager();
+            NodeTypeTemplate ntd = ntm.createNodeTypeTemplate();
+            ntd.setName("testNodeType");
+            ntd.setMixin(true);
+            ntm.registerNodeType(ntd, true);
+
+            NodeTypeTemplate[] ntds = new NodeTypeTemplate[2];
+            ntds[0] = ntd;
+            ntds[1] = ntm.createNodeTypeTemplate();
+            ntds[1].setName("anotherNodeType");
+            ntds[1].setDeclaredSuperTypeNames(new String[] {"nt:file"});
+            ntm.registerNodeTypes(ntds, true);
+        } finally {
+            modifyPrivileges(null, NameConstants.JCR_NODE_TYPE_DEFINITION_MANAGEMENT.toString(),
false);
+        }
+
+        assertPrivilege(NameConstants.JCR_NODE_TYPE_DEFINITION_MANAGEMENT, false);
+        assertPermission(Permission.NODE_TYPE_DEF_MNGMT, false);
+    }
+
+    public void testUnRegisterNodeType() throws Exception {
+        assertDefaultPrivileges(NameConstants.JCR_NODE_TYPE_DEFINITION_MANAGEMENT);
+        assertPermission(Permission.NODE_TYPE_DEF_MNGMT, false);
+
+        NodeTypeManager ntm = superuser.getWorkspace().getNodeTypeManager();
+        NodeTypeTemplate ntd = ntm.createNodeTypeTemplate();
+        ntd.setName("testNodeType");
+        ntd.setMixin(true);
+        ntm.registerNodeType(ntd, true);
+
+        Workspace testWsp = getTestWorkspace();
+        try {
+            try {
+                NodeTypeManager testNtm = testWsp.getNodeTypeManager();
+                testNtm.unregisterNodeType(ntd.getName());
+                fail("Namespace unregistration should be denied.");
+            } catch (AccessDeniedException e) {
+                // success
+            }
+            try {
+                NodeTypeManager testNtm = testWsp.getNodeTypeManager();
+                testNtm.unregisterNodeTypes(new String[] {ntd.getName()});
+                fail("Namespace unregistration should be denied.");
+            } catch (AccessDeniedException e) {
+                // success
+            }
+        } finally {
+            // clean up (not supported by jackrabbit-core)
+            try {
+                ntm.unregisterNodeType(ntd.getName());
+            } catch (Exception e) {
+                // ns unregistration is not supported by jackrabbit-core.
+            }
+        }
+
+    }
+
+    public void testRegisterNamespace() throws Exception {
+        assertDefaultPrivileges(NameConstants.JCR_NAMESPACE_MANAGEMENT);
+        assertPermission(Permission.NODE_TYPE_DEF_MNGMT, false);
+
+        try {
+            Workspace testWsp = getTestWorkspace();
+            testWsp.getNamespaceRegistry().registerNamespace(getNewNamespacePrefix(testWsp),
getNewNamespaceURI(testWsp));
+            fail("Namespace registration should be denied.");
+        } catch (AccessDeniedException e) {
+            // success
+        }
+    }
+
+    public void testRegisterNamespaceWithPrivilege() throws Exception {
+        assertDefaultPrivileges(NameConstants.JCR_NAMESPACE_MANAGEMENT);
+        assertPermission(Permission.NAMESPACE_MNGMT, false);
+
+        modifyPrivileges(null, NameConstants.JCR_NAMESPACE_MANAGEMENT.toString(), true);
+        assertPrivilege(NameConstants.JCR_NAMESPACE_MANAGEMENT, true);
+        assertPermission(Permission.NAMESPACE_MNGMT, true);
+
+        try {
+            Workspace testWsp = getTestWorkspace();
+            testWsp.getNamespaceRegistry().registerNamespace(getNewNamespacePrefix(testWsp),
getNewNamespaceURI(testWsp));
+        } finally {
+            modifyPrivileges(null, NameConstants.JCR_NAMESPACE_MANAGEMENT.toString(), false);
+        }
+
+        assertPrivilege(NameConstants.JCR_NAMESPACE_MANAGEMENT, false);
+        assertPermission(Permission.NAMESPACE_MNGMT, false);
+    }
+
+    public void testUnregisterNamespace() throws Exception {
+        assertDefaultPrivileges(NameConstants.JCR_NAMESPACE_MANAGEMENT);
+        assertPermission(Permission.NAMESPACE_MNGMT, false);
+
+        Workspace wsp = superuser.getWorkspace();
+        String pfx = getNewNamespacePrefix(wsp);
+        wsp.getNamespaceRegistry().registerNamespace(pfx, getNewNamespaceURI(wsp));
+
+        try {
+            Workspace testWsp = getTestWorkspace();
+            testWsp.getNamespaceRegistry().unregisterNamespace(pfx);
+            fail("Namespace unregistration should be denied.");
+        } catch (AccessDeniedException e) {
+            // success
+        } finally {
+            // clean up (not supported by jackrabbit-core)
+            try {
+                superuser.getWorkspace().getNamespaceRegistry().unregisterNamespace(pfx);
+            } catch (Exception e) {
+                // ns unregistration is not supported by jackrabbit-core.
+            }
+        }
+    }
+
+    public void testRegisterPrivilege() throws Exception {
+        assertDefaultPrivileges(PrivilegeRegistry.REP_PRIVILEGE_MANAGEMENT_NAME);
+        assertPermission(Permission.PRIVILEGE_MNGMT, false);
+
+        try {
+            Workspace testWsp = getTestWorkspace();
+            ((JackrabbitWorkspace) testWsp).getPrivilegeManager().registerPrivilege(getNewPrivilegeName(testWsp),
false, new String[0]);
+            fail("Privilege registration should be denied.");
+        } catch (AccessDeniedException e) {
+            // success
+        }
+    }
+
+    public void testRegisterPrivilegeWithPrivilege() throws Exception {
+        assertDefaultPrivileges(PrivilegeRegistry.REP_PRIVILEGE_MANAGEMENT_NAME);
+        assertPermission(Permission.PRIVILEGE_MNGMT, false);
+
+        modifyPrivileges(null, PrivilegeRegistry.REP_PRIVILEGE_MANAGEMENT_NAME.toString(),
true);
+        assertPrivilege(PrivilegeRegistry.REP_PRIVILEGE_MANAGEMENT_NAME, true);
+        assertPermission(Permission.PRIVILEGE_MNGMT, true);
+
+        try {
+            Workspace testWsp = getTestWorkspace();
+            ((JackrabbitWorkspace) testWsp).getPrivilegeManager().registerPrivilege(getNewPrivilegeName(testWsp),
false, new String[0]);        } finally {
+            modifyPrivileges(null, PrivilegeRegistry.REP_PRIVILEGE_MANAGEMENT_NAME.toString(),
false);
+        }
+
+        assertPrivilege(PrivilegeRegistry.REP_PRIVILEGE_MANAGEMENT_NAME, false);
+        assertPermission(Permission.PRIVILEGE_MNGMT, false);
+    }
+
+    public void testRepoPolicyAPI() throws Exception {
+        try {
+            // initial state: no repo level policy
+            AccessControlPolicy[] policies = acMgr.getPolicies(null);
+            assertNotNull(policies);
+            assertEquals(0, policies.length);
+
+            AccessControlPolicy[] effective = acMgr.getEffectivePolicies(null);
+            assertNotNull(effective);
+            assertEquals(0, effective.length);
+
+            AccessControlPolicyIterator it = acMgr.getApplicablePolicies(null);
+            assertNotNull(it);
+            assertTrue(it.hasNext());
+            AccessControlPolicy acp = it.nextAccessControlPolicy();
+            assertNotNull(acp);
+            assertTrue(acp instanceof JackrabbitAccessControlPolicy);
+
+            // modify the repo level policy
+            modifyPrivileges(null, NameConstants.JCR_NODE_TYPE_DEFINITION_MANAGEMENT.toString(),
false);
+            modifyPrivileges(null, NameConstants.JCR_NAMESPACE_MANAGEMENT.toString(), true);
+
+            AccessControlPolicy[] plcs = acMgr.getPolicies(null);
+            assertNotNull(plcs);
+            assertEquals(1, plcs.length);
+            assertTrue(plcs[0] instanceof AccessControlList);
+
+            AccessControlList acl = (AccessControlList) plcs[0];
+            AccessControlEntry[] aces = acl.getAccessControlEntries();
+            assertNotNull(aces);
+            assertEquals(2, aces.length);
+
+            assertPrivilege(NameConstants.JCR_NAMESPACE_MANAGEMENT, true);
+            assertPermission(Permission.NAMESPACE_MNGMT, true);
+
+            assertPrivilege(NameConstants.JCR_NODE_TYPE_DEFINITION_MANAGEMENT, false);
+            assertPermission(Permission.NODE_TYPE_DEF_MNGMT, false);
+
+            effective = acMgr.getEffectivePolicies(null);
+            assertNotNull(effective);
+            assertEquals(1, effective.length);
+            assertTrue(effective[0] instanceof AccessControlList);
+
+            acl = (AccessControlList) effective[0];
+            aces = acl.getAccessControlEntries();
+            assertNotNull(aces);
+            assertEquals(2, aces.length);
+
+            // change the policy
+            acl = (AccessControlList) acMgr.getPolicies(null)[0];
+            acl.removeAccessControlEntry(aces[0]);
+            acMgr.setPolicy(null, acl);
+            superuser.save();
+
+            acl = (AccessControlList) acMgr.getPolicies(null)[0];
+            aces = acl.getAccessControlEntries();
+            assertNotNull(aces);
+            assertEquals(1, aces.length);
+
+            assertPrivilege(NameConstants.JCR_NAMESPACE_MANAGEMENT, false);
+            assertPermission(Permission.NAMESPACE_MNGMT, false);
+
+            assertPrivilege(NameConstants.JCR_NODE_TYPE_DEFINITION_MANAGEMENT, false);
+            assertPermission(Permission.NODE_TYPE_DEF_MNGMT, false);
+
+
+            // remove it again
+            acMgr.removePolicy(null, acl);
+            superuser.save();
+
+            // back to initial state: no repo level policy
+            policies = acMgr.getPolicies(null);
+            assertNotNull(policies);
+            assertEquals(0, policies.length);
+
+            effective = acMgr.getEffectivePolicies(null);
+            assertNotNull(effective);
+            assertEquals(0, effective.length);
+
+            it = acMgr.getApplicablePolicies(null);
+            assertNotNull(it);
+            assertTrue(it.hasNext());
+            acp = it.nextAccessControlPolicy();
+            assertNotNull(acp);
+            assertTrue(acp instanceof JackrabbitAccessControlPolicy);
+        } catch (UnsupportedRepositoryOperationException e) {
+            throw new NotExecutableException();
+        }
+    }
+}

Propchange: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/AbstractRepositoryOperationTest.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/AbstractRepositoryOperationTest.java
------------------------------------------------------------------------------
    svn:keywords = Author Date Id Revision Rev URL

Modified: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/CustomPrivilegeTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/CustomPrivilegeTest.java?rev=1177668&r1=1177667&r2=1177668&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/CustomPrivilegeTest.java
(original)
+++ jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/CustomPrivilegeTest.java
Fri Sep 30 14:03:11 2011
@@ -401,4 +401,4 @@ public class CustomPrivilegeTest extends
             previous = bits;
         }
     }
-}
\ No newline at end of file
+}

Modified: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/PermissionTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/PermissionTest.java?rev=1177668&r1=1177667&r2=1177668&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/PermissionTest.java
(original)
+++ jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/PermissionTest.java
Fri Sep 30 14:03:11 2011
@@ -45,6 +45,9 @@ public class PermissionTest extends Test
         assertEquals(1024, Permission.LIFECYCLE_MNGMT);
         assertEquals(2048, Permission.RETENTION_MNGMT);
         assertEquals(4096, Permission.MODIFY_CHILD_NODE_COLLECTION);        
-        assertEquals(8192, Permission.PRIVILEGE_MNGMT);        
+        assertEquals(8192, Permission.NODE_TYPE_DEF_MNGMT);        
+        assertEquals(16384, Permission.NAMESPACE_MNGMT);
+        assertEquals(32768, Permission.WORKSPACE_MNGMT);
+        assertEquals(65536, Permission.PRIVILEGE_MNGMT);
     }
 }
\ No newline at end of file

Modified: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/PrivilegeManagerImplTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/PrivilegeManagerImplTest.java?rev=1177668&r1=1177667&r2=1177668&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/PrivilegeManagerImplTest.java
(original)
+++ jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/PrivilegeManagerImplTest.java
Fri Sep 30 14:03:11 2011
@@ -20,6 +20,7 @@ import org.apache.jackrabbit.api.Jackrab
 import org.apache.jackrabbit.api.security.authorization.PrivilegeManagerTest;
 import org.apache.jackrabbit.core.SessionImpl;
 import org.apache.jackrabbit.spi.commons.conversion.IllegalNameException;
+import org.apache.jackrabbit.spi.commons.name.NameConstants;
 import org.apache.jackrabbit.test.NotExecutableException;
 
 import javax.jcr.AccessDeniedException;
@@ -71,7 +72,7 @@ public class PrivilegeManagerImplTest ex
             fail();
         }
     }
-
+    
     public void testGetRegisteredPrivileges() throws RepositoryException {
         Privilege[] registered = privilegeMgr.getRegisteredPrivileges();
         Set<Privilege> set = new HashSet<Privilege>();
@@ -99,6 +100,12 @@ public class PrivilegeManagerImplTest ex
         assertPrivilege(privilegeMgr.getPrivilege(Privilege.JCR_RETENTION_MANAGEMENT), Privilege.JCR_RETENTION_MANAGEMENT,
false, false);
         assertPrivilege(privilegeMgr.getPrivilege(Privilege.JCR_VERSION_MANAGEMENT), Privilege.JCR_VERSION_MANAGEMENT,
false, false);
 
+        // repo-level operation privileges
+        assertPrivilege(privilegeMgr.getPrivilege(NameConstants.JCR_NAMESPACE_MANAGEMENT.toString()),
NameConstants.JCR_NAMESPACE_MANAGEMENT.toString() , false, false);
+        assertPrivilege(privilegeMgr.getPrivilege(NameConstants.JCR_NODE_TYPE_DEFINITION_MANAGEMENT.toString()),
NameConstants.JCR_NODE_TYPE_DEFINITION_MANAGEMENT.toString(), false, false);
+        assertPrivilege(privilegeMgr.getPrivilege(NameConstants.JCR_WORKSPACE_MANAGEMENT.toString()),
NameConstants.JCR_WORKSPACE_MANAGEMENT.toString(), false, false);
+
+        // aggregates
         assertPrivilege(privilegeMgr.getPrivilege(Privilege.JCR_ALL), Privilege.JCR_ALL,
true, false);
         assertPrivilege(privilegeMgr.getPrivilege(Privilege.JCR_WRITE), Privilege.JCR_WRITE,
true, false);
         assertPrivilege(privilegeMgr.getPrivilege(PrivilegeRegistry.REP_WRITE), PrivilegeRegistry.REP_WRITE,
true, false);
@@ -278,4 +285,4 @@ public class PrivilegeManagerImplTest ex
             }
         };
     }
-}
\ No newline at end of file
+}

Modified: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/PrivilegeRegistryTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/PrivilegeRegistryTest.java?rev=1177668&r1=1177667&r2=1177668&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/PrivilegeRegistryTest.java
(original)
+++ jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/PrivilegeRegistryTest.java
Fri Sep 30 14:03:11 2011
@@ -66,9 +66,14 @@ public class PrivilegeRegistryTest exten
         assertTrue(l.remove(privilegeRegistry.get(NameConstants.JCR_NODE_TYPE_MANAGEMENT)));
         assertTrue(l.remove(privilegeRegistry.get(NameConstants.JCR_RETENTION_MANAGEMENT)));
         assertTrue(l.remove(privilegeRegistry.get(NameConstants.JCR_VERSION_MANAGEMENT)));
-        assertTrue(l.remove(privilegeRegistry.get(resolver.getQName(PrivilegeRegistry.REP_WRITE))));
+        // including repo-level operation privileges
+        assertTrue(l.remove(privilegeRegistry.get(NameConstants.JCR_NAMESPACE_MANAGEMENT)));
+        assertTrue(l.remove(privilegeRegistry.get(NameConstants.JCR_NODE_TYPE_DEFINITION_MANAGEMENT)));
+        assertTrue(l.remove(privilegeRegistry.get(NameConstants.JCR_WORKSPACE_MANAGEMENT)));
         assertTrue(l.remove(privilegeRegistry.get(resolver.getQName(PrivilegeRegistry.REP_PRIVILEGE_MANAGEMENT))));
-
+        // and aggregates
+        assertTrue(l.remove(privilegeRegistry.get(resolver.getQName(PrivilegeRegistry.REP_WRITE))));
+                
         assertTrue(l.isEmpty());
     }
 
@@ -131,8 +136,7 @@ public class PrivilegeRegistryTest exten
         Set<Name> l = new HashSet<Name>(p.getDeclaredAggregateNames());
         assertTrue(l.remove(NameConstants.JCR_READ));
         assertTrue(l.remove(NameConstants.JCR_WRITE));
-        assertTrue(l.remove(resolver.getQName(PrivilegeRegistry.REP_WRITE)));
-        assertTrue(l.remove(resolver.getQName(PrivilegeRegistry.REP_PRIVILEGE_MANAGEMENT)));
+        assertTrue(l.remove(resolver.getQName(PrivilegeRegistry.REP_WRITE)));        
         assertTrue(l.remove(NameConstants.JCR_READ_ACCESS_CONTROL));
         assertTrue(l.remove(NameConstants.JCR_MODIFY_ACCESS_CONTROL));
         assertTrue(l.remove(NameConstants.JCR_LIFECYCLE_MANAGEMENT));
@@ -140,6 +144,11 @@ public class PrivilegeRegistryTest exten
         assertTrue(l.remove(NameConstants.JCR_NODE_TYPE_MANAGEMENT));
         assertTrue(l.remove(NameConstants.JCR_RETENTION_MANAGEMENT));
         assertTrue(l.remove(NameConstants.JCR_VERSION_MANAGEMENT));
+        // including repo-level operation privileges
+        assertTrue(l.remove(NameConstants.JCR_NAMESPACE_MANAGEMENT));
+        assertTrue(l.remove(NameConstants.JCR_NODE_TYPE_DEFINITION_MANAGEMENT));
+        assertTrue(l.remove(NameConstants.JCR_WORKSPACE_MANAGEMENT));
+        assertTrue(l.remove(resolver.getQName(PrivilegeRegistry.REP_PRIVILEGE_MANAGEMENT)));
         assertTrue(l.isEmpty());
     }
 
@@ -203,6 +212,10 @@ public class PrivilegeRegistryTest exten
         assertTrue(l.remove(privilegeRegistry.getPrivilege(Privilege.JCR_RETENTION_MANAGEMENT)));
         assertTrue(l.remove(privilegeRegistry.getPrivilege(Privilege.JCR_VERSION_MANAGEMENT)));
         assertTrue(l.remove(privilegeRegistry.getPrivilege(PrivilegeRegistry.REP_WRITE)));
+        // including repo-level operation privileges
+        assertTrue(l.remove(privilegeRegistry.getPrivilege(NameConstants.JCR_NAMESPACE_MANAGEMENT.toString())));
+        assertTrue(l.remove(privilegeRegistry.getPrivilege(NameConstants.JCR_NODE_TYPE_DEFINITION_MANAGEMENT.toString())));
+        assertTrue(l.remove(privilegeRegistry.getPrivilege(NameConstants.JCR_WORKSPACE_MANAGEMENT.toString())));
       
         assertTrue(l.remove(privilegeRegistry.getPrivilege(PrivilegeRegistry.REP_PRIVILEGE_MANAGEMENT)));
         assertTrue(l.isEmpty());
     }
@@ -228,6 +241,10 @@ public class PrivilegeRegistryTest exten
         assertTrue(l.remove(privilegeRegistry.getPrivilege(Privilege.JCR_VERSION_MANAGEMENT)));
         assertTrue(l.remove(privilegeRegistry.getPrivilege(Privilege.JCR_WRITE)));
         assertTrue(l.remove(privilegeRegistry.getPrivilege(PrivilegeRegistry.REP_WRITE)));
+        // including repo-level operation privileges
+        assertTrue(l.remove(privilegeRegistry.getPrivilege(NameConstants.JCR_NAMESPACE_MANAGEMENT.toString())));
+        assertTrue(l.remove(privilegeRegistry.getPrivilege(NameConstants.JCR_NODE_TYPE_DEFINITION_MANAGEMENT.toString())));
+        assertTrue(l.remove(privilegeRegistry.getPrivilege(NameConstants.JCR_WORKSPACE_MANAGEMENT.toString())));
       
         assertTrue(l.remove(privilegeRegistry.getPrivilege(PrivilegeRegistry.REP_PRIVILEGE_MANAGEMENT)));
         assertTrue(l.isEmpty());
 
@@ -243,6 +260,10 @@ public class PrivilegeRegistryTest exten
         assertTrue(l.remove(privilegeRegistry.getPrivilege(Privilege.JCR_RETENTION_MANAGEMENT)));
         assertTrue(l.remove(privilegeRegistry.getPrivilege(Privilege.JCR_VERSION_MANAGEMENT)));
         assertTrue(l.remove(privilegeRegistry.getPrivilege(Privilege.JCR_NODE_TYPE_MANAGEMENT)));
+        // including repo-level operation privileges
+        assertTrue(l.remove(privilegeRegistry.getPrivilege(NameConstants.JCR_NAMESPACE_MANAGEMENT.toString())));
+        assertTrue(l.remove(privilegeRegistry.getPrivilege(NameConstants.JCR_NODE_TYPE_DEFINITION_MANAGEMENT.toString())));
+        assertTrue(l.remove(privilegeRegistry.getPrivilege(NameConstants.JCR_WORKSPACE_MANAGEMENT.toString())));
         assertTrue(l.isEmpty());
     }
 

Added: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/acl/RepositoryOperationTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/acl/RepositoryOperationTest.java?rev=1177668&view=auto
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/acl/RepositoryOperationTest.java
(added)
+++ jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/acl/RepositoryOperationTest.java
Fri Sep 30 14:03:11 2011
@@ -0,0 +1,48 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.core.security.authorization.acl;
+
+import org.apache.jackrabbit.api.security.JackrabbitAccessControlList;
+import org.apache.jackrabbit.core.security.authorization.AbstractRepositoryOperationTest;
+import org.apache.jackrabbit.test.NotExecutableException;
+
+import javax.jcr.RepositoryException;
+import javax.jcr.Session;
+import javax.jcr.Value;
+import javax.jcr.security.AccessControlManager;
+import java.security.Principal;
+import java.util.Map;
+
+/**
+ * <code>RepositoryOperationTest</code>...
+ */
+public class RepositoryOperationTest extends AbstractRepositoryOperationTest {
+    
+    @Override
+    protected boolean isExecutable() {
+        return EvaluationUtil.isExecutable(acMgr);
+    }
+    @Override
+    protected JackrabbitAccessControlList getPolicy(AccessControlManager acMgr, String path,
Principal princ) throws
+            RepositoryException, NotExecutableException {
+        return EvaluationUtil.getPolicy(acMgr, path, princ);
+    }
+    @Override
+    protected Map<String, Value> getRestrictions(Session s, String path) throws RepositoryException,
NotExecutableException {
+        return EvaluationUtil.getRestrictions(s, path);
+    }
+}

Propchange: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/acl/RepositoryOperationTest.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/acl/RepositoryOperationTest.java
------------------------------------------------------------------------------
    svn:keywords = Author Date Id Revision Rev URL

Modified: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/acl/TestAll.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/acl/TestAll.java?rev=1177668&r1=1177667&r2=1177668&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/acl/TestAll.java
(original)
+++ jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/acl/TestAll.java
Fri Sep 30 14:03:11 2011
@@ -49,7 +49,8 @@ public class TestAll extends TestCase {
         suite.addTestSuite(NodeTypeTest.class);
         suite.addTestSuite(EffectivePolicyTest.class);
         suite.addTestSuite(ACLEditorTest.class);
-        
+        suite.addTestSuite(RepositoryOperationTest.class);
+
         return suite;
     }
 

Modified: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/principalbased/EvaluationUtil.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/principalbased/EvaluationUtil.java?rev=1177668&r1=1177667&r2=1177668&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/principalbased/EvaluationUtil.java
(original)
+++ jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/principalbased/EvaluationUtil.java
Fri Sep 30 14:03:11 2011
@@ -65,7 +65,7 @@ class EvaluationUtil {
                                                  String path,
                                                  Principal principal)
             throws RepositoryException, AccessDeniedException, NotExecutableException {
-        if (acM instanceof JackrabbitAccessControlManager) {
+        if (acM instanceof JackrabbitAccessControlManager && path != null) {
             // first try applicable policies
             AccessControlPolicy[] policies = ((JackrabbitAccessControlManager) acM).getApplicablePolicies(principal);
             for (AccessControlPolicy policy : policies) {
@@ -86,7 +86,7 @@ class EvaluationUtil {
     }
 
     static  Map<String, Value> getRestrictions(Session s, String path) throws RepositoryException,
NotExecutableException {
-        if (s instanceof SessionImpl) {
+        if (s instanceof SessionImpl && path != null) {
             Map<String, Value> restr = new HashMap<String, Value>();
             restr.put(((SessionImpl) s).getJCRName(ACLTemplate.P_NODE_PATH), s.getValueFactory().createValue(path,
PropertyType.PATH));
             return restr;

Added: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/principalbased/RepositoryOperationTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/principalbased/RepositoryOperationTest.java?rev=1177668&view=auto
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/principalbased/RepositoryOperationTest.java
(added)
+++ jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/principalbased/RepositoryOperationTest.java
Fri Sep 30 14:03:11 2011
@@ -0,0 +1,48 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.core.security.authorization.principalbased;
+
+import org.apache.jackrabbit.api.security.JackrabbitAccessControlList;
+import org.apache.jackrabbit.core.SessionImpl;
+import org.apache.jackrabbit.core.security.authorization.AbstractRepositoryOperationTest;
+import org.apache.jackrabbit.test.NotExecutableException;
+
+import javax.jcr.RepositoryException;
+import javax.jcr.Session;
+import javax.jcr.Value;
+import javax.jcr.security.AccessControlManager;
+import java.security.Principal;
+import java.util.Map;
+
+/**
+ * <code>RepositoryOperationTest</code>...
+ */
+public class RepositoryOperationTest extends AbstractRepositoryOperationTest {
+
+    protected boolean isExecutable() {
+        return EvaluationUtil.isExecutable((SessionImpl) superuser, acMgr);
+    }
+
+    protected JackrabbitAccessControlList getPolicy(AccessControlManager acMgr, String path,
Principal princ) throws
+            RepositoryException, NotExecutableException {
+        return EvaluationUtil.getPolicy(acMgr, path, princ);
+    }
+    
+    protected Map<String, Value> getRestrictions(Session s, String path) throws RepositoryException,
NotExecutableException {
+        return EvaluationUtil.getRestrictions(s, path);
+    }
+}

Propchange: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/principalbased/RepositoryOperationTest.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/principalbased/RepositoryOperationTest.java
------------------------------------------------------------------------------
    svn:keywords = Author Date Id Revision Rev URL

Modified: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/principalbased/TestAll.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/principalbased/TestAll.java?rev=1177668&r1=1177667&r2=1177668&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/principalbased/TestAll.java
(original)
+++ jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/principalbased/TestAll.java
Fri Sep 30 14:03:11 2011
@@ -43,6 +43,7 @@ public class TestAll extends TestCase {
         suite.addTestSuite(VersionTest.class);
         suite.addTestSuite(NodeTypeTest.class);
         suite.addTestSuite(EffectivePolicyTest.class);
+        suite.addTestSuite(RepositoryOperationTest.class);
 
         return suite;
     }

Modified: jackrabbit/trunk/jackrabbit-spi-commons/src/main/java/org/apache/jackrabbit/spi/commons/name/NameConstants.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-spi-commons/src/main/java/org/apache/jackrabbit/spi/commons/name/NameConstants.java?rev=1177668&r1=1177667&r2=1177668&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-spi-commons/src/main/java/org/apache/jackrabbit/spi/commons/name/NameConstants.java
(original)
+++ jackrabbit/trunk/jackrabbit-spi-commons/src/main/java/org/apache/jackrabbit/spi/commons/name/NameConstants.java
Fri Sep 30 14:03:11 2011
@@ -603,6 +603,9 @@ public class NameConstants {
     /** rep:policy */
     public static final Name REP_POLICY = rep("policy");
 
+    /** rep:repoPolicy */
+    public static final Name REP_REPO_POLICY = rep("repoPolicy");
+
     /** rep:accesscontrol */
     public static final Name REP_ACCESSCONTROL = rep("accesscontrol");
 
@@ -618,6 +621,9 @@ public class NameConstants {
     /** rep:AccessControllable */
     public static final Name REP_ACCESS_CONTROLLABLE = rep("AccessControllable");
 
+    /** rep:RepoAccessControllable */
+    public static final Name REP_REPO_ACCESS_CONTROLLABLE = rep("RepoAccessControllable");
+
     /** rep:ACL */
     public static final Name REP_ACL = rep("ACL");
 
@@ -721,12 +727,24 @@ public class NameConstants {
     public static final Name JCR_RETENTION_MANAGEMENT =
         FACTORY.create(Privilege.JCR_RETENTION_MANAGEMENT);
 
+    /** jcr:workspaceManagement */
+    // TODO replace with Privilege constant once next JCR version is released
+    public static final Name JCR_WORKSPACE_MANAGEMENT =
+        FACTORY.create("{http://www.jcp.org/jcr/1.0}workspaceManagement");
+
+    /** jcr:nodeTypeDefinitionManagement */
+    // TODO replace with Privilege constant once next JCR version is released
+    public static final Name JCR_NODE_TYPE_DEFINITION_MANAGEMENT =
+        FACTORY.create("{http://www.jcp.org/jcr/1.0}nodeTypeDefinitionManagement");
+
+    /** jcr:namespaceManagement */
+    // TODO replace with Privilege constant once next JCR version is released
+    public static final Name JCR_NAMESPACE_MANAGEMENT =
+        FACTORY.create("{http://www.jcp.org/jcr/1.0}namespaceManagement");
+
     /** jcr:write */
-    public static final Name JCR_WRITE =
-        FACTORY.create(Privilege.JCR_WRITE);
+    public static final Name JCR_WRITE = FACTORY.create(Privilege.JCR_WRITE);
 
     /** jcr:all */
-    public static final Name JCR_ALL =
-        FACTORY.create(Privilege.JCR_ALL);
-
-}
\ No newline at end of file
+    public static final Name JCR_ALL = FACTORY.create(Privilege.JCR_ALL);
+}



Mime
View raw message