jackrabbit-oak-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ang...@apache.org
Subject svn commit: r1466859 - in /jackrabbit/oak/trunk/oak-jcr: pom.xml src/test/java/org/apache/jackrabbit/oak/jcr/security/authorization/InheritanceTest.java
Date Thu, 11 Apr 2013 12:52:01 GMT
Author: angela
Date: Thu Apr 11 12:52:01 2013
New Revision: 1466859

URL: http://svn.apache.org/r1466859
Log:
OAK-527: permissions (WIP: tests)

Modified:
    jackrabbit/oak/trunk/oak-jcr/pom.xml
    jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/authorization/InheritanceTest.java

Modified: jackrabbit/oak/trunk/oak-jcr/pom.xml
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-jcr/pom.xml?rev=1466859&r1=1466858&r2=1466859&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-jcr/pom.xml (original)
+++ jackrabbit/oak/trunk/oak-jcr/pom.xml Thu Apr 11 12:52:01 2013
@@ -261,6 +261,8 @@
 
       org.apache.jackrabbit.oak.jcr.security.authorization.AccessControlManagementTest#testRemoveMixin
      <!-- OAK-767 -->
       org.apache.jackrabbit.oak.jcr.security.authorization.ReadTest#testReadDenied      
                    <!-- OAK-766 -->
+      org.apache.jackrabbit.oak.jcr.security.authorization.InheritanceTest#testReorderGroupPermissions
      <!-- OAK-526 -->
+
     </known.issues>
   </properties>
 

Modified: jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/authorization/InheritanceTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/authorization/InheritanceTest.java?rev=1466859&r1=1466858&r2=1466859&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/authorization/InheritanceTest.java
(original)
+++ jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/authorization/InheritanceTest.java
Thu Apr 11 12:52:01 2013
@@ -25,7 +25,6 @@ import javax.jcr.security.Privilege;
 
 import org.apache.jackrabbit.api.security.JackrabbitAccessControlList;
 import org.apache.jackrabbit.api.security.user.Group;
-import org.apache.jackrabbit.api.security.user.UserManager;
 import org.apache.jackrabbit.oak.spi.security.principal.EveryonePrincipal;
 import org.junit.Ignore;
 import org.junit.Test;
@@ -33,18 +32,39 @@ import org.junit.Test;
 /**
  * InheritanceTest... TODO
  */
-@Ignore("OAK-51")
 public class InheritanceTest extends AbstractEvaluationTest {
 
+    private Group group2;
+
+    @Override
+    protected void setUp() throws Exception {
+        super.setUp();
+
+        /* create a second group the test user is member of */
+        group2 = getUserManager(superuser).createGroup("testGroup" + UUID.randomUUID());
+        group2.addMember(testUser);
+        superuser.save();
+
+        // recreate test session
+        testSession.logout();
+        testSession = createTestSession();
+        testAcMgr = testSession.getAccessControlManager();
+    }
+
+    @Override
+    protected void tearDown() throws Exception {
+        group2.remove();
+        superuser.save();
+        super.tearDown();
+    }
+
     @Test
     public void testInheritance() throws Exception {
         // give 'modify_properties' and 'remove_node' privilege on 'path'
-        Privilege[] privileges = privilegesFromNames(new String[] {
-                Privilege.JCR_REMOVE_NODE, Privilege.JCR_MODIFY_PROPERTIES});
+        Privilege[] privileges = privilegesFromNames(new String[] {Privilege.JCR_REMOVE_NODE,
Privilege.JCR_MODIFY_PROPERTIES});
         allow(path, privileges);
         // give 'add-child-nodes', remove_child_nodes' on 'childNPath'
-        privileges = privilegesFromNames(new String[] {
-                Privilege.JCR_ADD_CHILD_NODES, Privilege.JCR_REMOVE_CHILD_NODES});
+        privileges = privilegesFromNames(new String[] {Privilege.JCR_ADD_CHILD_NODES, Privilege.JCR_REMOVE_CHILD_NODES});
         allow(childNPath, privileges);
 
         /*
@@ -139,8 +159,6 @@ public class InheritanceTest extends Abs
 
     @Test
     public void testInheritedGroupPermissions() throws Exception {
-        Group testGroup = getTestGroup();
-
         /* allow MODIFY_PROPERTIES privilege for testGroup at 'path' */
         allow(path, testGroup.getPrincipal(), modPropPrivileges);
         /* deny MODIFY_PROPERTIES privilege for everyone at 'childNPath' */
@@ -152,8 +170,6 @@ public class InheritanceTest extends Abs
 
     @Test
     public void testInheritedGroupPermissions2() throws Exception {
-        Group testGroup = getTestGroup();
-
         // NOTE: same as testInheritedGroupPermissions above but using
         // everyone on path, testgroup on childpath -> result must be the same
 
@@ -168,123 +184,77 @@ public class InheritanceTest extends Abs
 
     @Test
     public void testMultipleGroupPermissionsOnNode() throws Exception {
-        Group testGroup = getTestGroup();
-
-        /* create a second group the test user is member of */
-        UserManager umgr = getUserManager(superuser);
-        Group group2 = umgr.createGroup("testGroup" + UUID.randomUUID());
-        try {
-            group2.addMember(testUser);
-            superuser.save();
-
-            /* add privileges for the Group the test-user is member of */
-            allow(path, testGroup.getPrincipal(), modPropPrivileges);
-            deny(path, group2.getPrincipal(), modPropPrivileges);
-
-            /*
-             testuser must get the permissions/privileges inherited from
-             the group it is member of.
-             the denial of group2 must succeed
-            */
-            String actions = getActions(Session.ACTION_SET_PROPERTY, Session.ACTION_READ);
-            assertFalse(testSession.hasPermission(path, actions));
-            assertFalse(testAcMgr.hasPrivileges(path, modPropPrivileges));
+        /* add privileges for the Group the test-user is member of */
+        allow(path, testGroup.getPrincipal(), modPropPrivileges);
+        deny(path, group2.getPrincipal(), modPropPrivileges);
 
-        } finally {
-            group2.remove();
-        }
+        /*
+         testuser must get the permissions/privileges inherited from
+         the group it is member of.
+         the denial of group2 must succeed
+        */
+        String actions = getActions(Session.ACTION_SET_PROPERTY, Session.ACTION_READ);
+        assertFalse(testSession.hasPermission(path, actions));
+        assertFalse(testAcMgr.hasPrivileges(path, modPropPrivileges));
     }
 
     @Test
     public void testMultipleGroupPermissionsOnNode2() throws Exception {
-        Group testGroup = getTestGroup();
+        /* add privileges for the Group the test-user is member of */
+        deny(path, testGroup.getPrincipal(), modPropPrivileges);
+        allow(path, group2.getPrincipal(), modPropPrivileges);
 
-        /* create a second group the test user is member of */
-        UserManager umgr = getUserManager(superuser);
-        Group group2 = umgr.createGroup("testGroup" + UUID.randomUUID());
-
-        try {
-            group2.addMember(testUser);
-            if (!umgr.isAutoSave() && superuser.hasPendingChanges()) {
-                superuser.save();
-            }
-
-            /* add privileges for the Group the test-user is member of */
-            deny(path, testGroup.getPrincipal(), modPropPrivileges);
-            allow(path, group2.getPrincipal(), modPropPrivileges);
-
-            /*
-             testuser must get the permissions/privileges inherited from
-             the group it is member of.
-             granting permissions for group2 must be effective
-            */
-            String actions = getActions(Session.ACTION_SET_PROPERTY, Session.ACTION_READ);
-            assertTrue(testSession.hasPermission(path, actions));
-
-            assertTrue(testAcMgr.hasPrivileges(path, modPropPrivileges));
-        } finally {
-            group2.remove();
-        }
+        /*
+         testuser must get the permissions/privileges inherited from
+         the group it is member of.
+         granting permissions for group2 must be effective
+        */
+        String actions = getActions(Session.ACTION_SET_PROPERTY, Session.ACTION_READ);
+        assertTrue(testSession.hasPermission(path, actions));
+        assertTrue(testAcMgr.hasPrivileges(path, modPropPrivileges));
     }
 
+    @Ignore("OAK-526 : missing handling for reorder in PermissionHook")
     @Test
     public void testReorderGroupPermissions() throws Exception {
-        Group testGroup = getTestGroup();
-
-        /* create a second group the test user is member of */
-        UserManager umgr = getUserManager(superuser);
-        Group group2 = umgr.createGroup("testGroup" + UUID.randomUUID());
-
-        try {
-            group2.addMember(testUser);
-            superuser.save();
-
-            /* add privileges for the Group the test-user is member of */
-            deny(path, testGroup.getPrincipal(), modPropPrivileges);
-            allow(path, group2.getPrincipal(), modPropPrivileges);
-
-            /*
-             testuser must get the permissions/privileges inherited from
-             the group it is member of.
-             granting permissions for group2 must be effective
-            */
-            String actions = getActions(Session.ACTION_SET_PROPERTY, Session.ACTION_READ);
-
-            assertTrue(testSession.hasPermission(path, actions));
-            Privilege[] privs = privilegesFromName(Privilege.JCR_MODIFY_PROPERTIES);
-            assertTrue(testAcMgr.hasPrivileges(path, privs));
-
-            // reorder the ACEs
-            AccessControlEntry srcEntry = null;
-            AccessControlEntry destEntry = null;
-            JackrabbitAccessControlList acl = (JackrabbitAccessControlList) acMgr.getPolicies(path)[0];
-            for (AccessControlEntry entry : acl.getAccessControlEntries()) {
-                Principal princ = entry.getPrincipal();
-                if (testGroup.getPrincipal().equals(princ)) {
-                    destEntry = entry;
-                } else if (group2.getPrincipal().equals(princ)) {
-                    srcEntry = entry;
-                }
+        /* add privileges for the Group the test-user is member of */
+        deny(path, testGroup.getPrincipal(), modPropPrivileges);
+        allow(path, group2.getPrincipal(), modPropPrivileges);
 
+        /*
+         testuser must get the permissions/privileges inherited from
+         the group it is member of.
+         granting permissions for group2 must be effective
+        */
+        String actions = getActions(Session.ACTION_SET_PROPERTY, Session.ACTION_READ);
+        assertTrue(testSession.hasPermission(path, actions));
+        Privilege[] privs = privilegesFromName(Privilege.JCR_MODIFY_PROPERTIES);
+        assertTrue(testAcMgr.hasPrivileges(path, privs));
+
+        // reorder the ACEs
+        AccessControlEntry srcEntry = null;
+        AccessControlEntry destEntry = null;
+        JackrabbitAccessControlList acl = (JackrabbitAccessControlList) acMgr.getPolicies(path)[0];
+        for (AccessControlEntry entry : acl.getAccessControlEntries()) {
+            Principal princ = entry.getPrincipal();
+            if (testGroup.getPrincipal().equals(princ)) {
+                destEntry = entry;
+            } else if (group2.getPrincipal().equals(princ)) {
+                srcEntry = entry;
             }
-
-            acl.orderBefore(srcEntry, destEntry);
-            acMgr.setPolicy(path, acl);
-            superuser.save();
-
-            /* after reordering the permissions must be denied */
-            assertFalse(testSession.hasPermission(path, actions));
-            assertFalse(testAcMgr.hasPrivileges(path, privs));
-
-        } finally {
-            group2.remove();
         }
+        acl.orderBefore(srcEntry, destEntry);
+        acMgr.setPolicy(path, acl);
+        superuser.save();
+        testSession.refresh(false);
+
+        /* after reordering the permissions must be denied */
+        assertFalse(testSession.hasPermission(path, actions));
+        assertFalse(testAcMgr.hasPrivileges(path, privs));
     }
 
     @Test
     public void testInheritanceAndMixedUserGroupPermissions() throws Exception {
-        Group testGroup = getTestGroup();
-
         /* give MODIFY_PROPERTIES privilege for testGroup at 'path' */
         allow(path, testGroup.getPrincipal(), modPropPrivileges);
 



Mime
View raw message