jackrabbit-oak-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ang...@apache.org
Subject svn commit: r1467254 - in /jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/evaluation: AbstractOakCoreTest.java RootTest.java
Date Fri, 12 Apr 2013 12:49:02 GMT
Author: angela
Date: Fri Apr 12 12:49:01 2013
New Revision: 1467254

URL: http://svn.apache.org/r1467254
Log:
OAK-766: test illustrating the issue; applied and extended patch provided by antonio sanso.
thanks!

Added:
    jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/evaluation/RootTest.java
Modified:
    jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/evaluation/AbstractOakCoreTest.java

Modified: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/evaluation/AbstractOakCoreTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/evaluation/AbstractOakCoreTest.java?rev=1467254&r1=1467253&r2=1467254&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/evaluation/AbstractOakCoreTest.java
(original)
+++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/evaluation/AbstractOakCoreTest.java
Fri Apr 12 12:49:01 2013
@@ -21,6 +21,7 @@ import javax.annotation.Nonnull;
 import javax.annotation.Nullable;
 import javax.jcr.SimpleCredentials;
 import javax.jcr.security.AccessControlManager;
+import javax.jcr.security.AccessControlPolicy;
 
 import org.apache.jackrabbit.api.security.JackrabbitAccessControlList;
 import org.apache.jackrabbit.api.security.user.Authorizable;
@@ -75,12 +76,24 @@ public abstract class AbstractOakCoreTes
     @Override
     public void after() throws Exception {
         try {
+            // remove the test user
             Authorizable testUser = getUserManager().getAuthorizable(TEST_USER_ID);
             if (testUser != null) {
                 testUser.remove();
-                root.commit();
             }
 
+            // clean up policies at the root node
+            AccessControlManager acMgr = getAccessControlManager(root);
+            AccessControlPolicy[] policies = acMgr.getPolicies("/");
+            for (AccessControlPolicy policy : policies) {
+                acMgr.removePolicy("/", policy);
+            }
+
+            // remove all test content
+            root.getTree("/a").remove();
+            root.commit();
+
+            // release test session
             if (testSession != null) {
                 testSession.close();
             }

Added: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/evaluation/RootTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/evaluation/RootTest.java?rev=1467254&view=auto
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/evaluation/RootTest.java
(added)
+++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/evaluation/RootTest.java
Fri Apr 12 12:49:01 2013
@@ -0,0 +1,203 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.oak.security.authorization.evaluation;
+
+import java.util.List;
+
+import com.google.common.collect.ImmutableList;
+import org.apache.jackrabbit.JcrConstants;
+import org.apache.jackrabbit.oak.api.Root;
+import org.apache.jackrabbit.oak.api.TreeLocation;
+import org.apache.jackrabbit.oak.commons.PathUtils;
+import org.apache.jackrabbit.oak.security.privilege.PrivilegeConstants;
+import org.junit.Ignore;
+import org.junit.Test;
+
+import static org.junit.Assert.assertNotNull;
+import static org.junit.Assert.assertNull;
+
+/**
+ * Testing {@link Root} with access control restrictions in place.
+ */
+public class RootTest extends AbstractOakCoreTest {
+
+    // TODO: include acl setup with restrictions
+    // TODO: test location for access control content (with and without JCR_READ_ACCESSCONTROL
privilege)
+
+    @Test
+    public void testGetTree() throws Exception {
+        setupPermission("/", testPrincipal, true, PrivilegeConstants.JCR_READ);
+        setupPermission("/a/bb", testPrincipal, false, PrivilegeConstants.JCR_READ);
+
+        Root testRoot = getTestRoot();
+
+        List<String> accessible = ImmutableList.of("/", "/a", "/a/b", "/a/b/c");
+        for (String path : accessible) {
+            assertNotNull(testRoot.getTree(path));
+        }
+
+        assertNull(testRoot.getTree("/a/bb"));
+    }
+
+    @Ignore("OAK-766") // FIXME
+    @Test
+    public void testGetTree2() throws Exception {
+        setupPermission("/a", testPrincipal, true, PrivilegeConstants.JCR_READ);
+        setupPermission("/a/b", testPrincipal, false, PrivilegeConstants.JCR_READ);
+        setupPermission("/a/b/c", testPrincipal, true, PrivilegeConstants.JCR_READ);
+
+        Root testRoot = getTestRoot();
+
+        List<String> notAccessible = ImmutableList.of("/", "/a/b");
+        for (String path : notAccessible) {
+            assertNull(path, testRoot.getTree(path));
+        }
+
+        List<String> accessible = ImmutableList.of("/a", "/a/bb", "/a/b/c");
+        for (String path : accessible) {
+            assertNotNull(path, testRoot.getTree(path));
+        }
+    }
+
+
+    @Test
+    public void testGetNodeLocation() throws Exception {
+        setupPermission("/", testPrincipal, true, PrivilegeConstants.REP_READ_NODES);
+        setupPermission("/a/bb", testPrincipal, false, PrivilegeConstants.REP_READ_NODES);
+
+        Root testRoot = getTestRoot();
+
+        List<String> accessible = ImmutableList.of("/", "/a", "/a/b", "/a/b/c");
+        for (String path : accessible) {
+            TreeLocation location = testRoot.getLocation(path);
+            assertNotNull(location);
+            assertNotNull(location.getTree());
+        }
+
+        TreeLocation location = testRoot.getLocation("/a/bb");
+        assertNotNull(location);
+        assertNull(location.getTree());
+    }
+
+    @Ignore("OAK-766") // FIXME
+    @Test
+    public void testGetNodeLocation2() throws Exception {
+        setupPermission("/a", testPrincipal, true, PrivilegeConstants.REP_READ_NODES);
+        setupPermission("/a/b", testPrincipal, false, PrivilegeConstants.REP_READ_NODES);
+        setupPermission("/a/b/c", testPrincipal, true, PrivilegeConstants.REP_READ_NODES);
+
+        Root testRoot = getTestRoot();
+
+        List<String> notAccessible = ImmutableList.of("/", "/a/b");
+        for (String path : notAccessible) {
+            TreeLocation location = testRoot.getLocation(path);
+            assertNotNull(path, location);
+            assertNull(location.getTree());
+        }
+
+        List<String> accessible = ImmutableList.of("/a", "/a/bb", "/a/b/c");
+        for (String path : accessible) {
+            TreeLocation location = testRoot.getLocation(path);
+            assertNotNull(path, location);
+            assertNotNull(path, location.getTree());
+        }
+    }
+
+    @Test
+    public void testGetNodeLocation3() throws Exception {
+        // only property reading is allowed
+        setupPermission("/", testPrincipal, true, PrivilegeConstants.REP_READ_PROPERTIES);
+
+        Root testRoot = getTestRoot();
+
+        List<String> notAccessible = ImmutableList.of("/", "/a", "/a/b", "/a/bb", "/a/b/c");
+        for (String path : notAccessible) {
+            TreeLocation location = testRoot.getLocation(path);
+            assertNotNull(path, location);
+            assertNull(location.getTree());
+        }
+    }
+
+    @Test
+    public void testGetPropertyLocation() throws Exception {
+        setupPermission("/", testPrincipal, true, PrivilegeConstants.JCR_READ);
+
+        Root testRoot = getTestRoot();
+
+        List<String> accessible = ImmutableList.of("/", "/a", "/a/b", "/a/bb", "/a/b/c");
+        for (String path : accessible) {
+            String propertyPath = PathUtils.concat(path, JcrConstants.JCR_PRIMARYTYPE);
+            TreeLocation location = testRoot.getLocation(propertyPath);
+            assertNotNull(propertyPath, location);
+            assertNotNull(propertyPath, location.getProperty());
+        }
+
+        List<String> propPaths = ImmutableList.of("/a/aProp", "/a/b/bProp", "/a/bb/bbProp",
"/a/b/c/cProp");
+        for (String path : propPaths) {
+            TreeLocation location = testRoot.getLocation(path);
+            assertNotNull(path, location);
+            assertNotNull(path, location.getProperty());
+        }
+    }
+
+    @Ignore("OAK-766") // FIXME
+    @Test
+    public void testGetPropertyLocation2() throws Exception {
+        setupPermission("/", testPrincipal, true, PrivilegeConstants.REP_READ_PROPERTIES);
+
+        Root testRoot = getTestRoot();
+
+        List<String> accessible = ImmutableList.of("/", "/a", "/a/b", "/a/bb", "/a/b/c");
+        for (String path : accessible) {
+            String propertyPath = PathUtils.concat(path, JcrConstants.JCR_PRIMARYTYPE);
+            TreeLocation location = testRoot.getLocation(propertyPath);
+            assertNotNull(propertyPath, location);
+            assertNotNull(propertyPath, location.getProperty());
+        }
+
+        List<String> propPaths = ImmutableList.of("/a/aProp", "/a/b/bProp", "/a/bb/bbProp",
"/a/b/c/cProp");
+        for (String path : propPaths) {
+            TreeLocation location = testRoot.getLocation(path);
+            assertNotNull(path, location);
+            assertNotNull(path, location.getProperty());
+        }
+    }
+
+    @Ignore("OAK-766") // FIXME
+    @Test
+    public void testGetPropertyLocation3() throws Exception {
+        setupPermission("/a", testPrincipal, true, PrivilegeConstants.REP_READ_PROPERTIES);
+        setupPermission("/a/b", testPrincipal, false, PrivilegeConstants.REP_READ_PROPERTIES);
+        setupPermission("/a/b/c", testPrincipal, true, PrivilegeConstants.REP_READ_PROPERTIES);
+
+        Root testRoot = getTestRoot();
+
+        List<String> accessible = ImmutableList.of("/a/aProp", "/a/bb/bbProp", "/a/b/c/cProp");
+        for (String path : accessible) {
+            TreeLocation location = testRoot.getLocation(path);
+            assertNotNull(path, location);
+            assertNotNull(path, location.getProperty());
+        }
+
+        List<String> notAccessible = ImmutableList.of("/jcr:primaryType", "/a/b/bProp");
+        for (String path : notAccessible) {
+            TreeLocation location = testRoot.getLocation(path);
+            assertNotNull(path, location);
+            assertNull(path, location.getProperty());
+        }
+    }
+}
\ No newline at end of file



Mime
View raw message