jackrabbit-oak-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ang...@apache.org
Subject svn commit: r1478707 - in /jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/authorization: AbstractEvaluationTest.java ReadTest.java
Date Fri, 03 May 2013 10:08:41 GMT
Author: angela
Date: Fri May  3 10:08:41 2013
New Revision: 1478707

URL: http://svn.apache.org/r1478707
Log:
OAK-527: permissions (tests)

Modified:
    jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/authorization/AbstractEvaluationTest.java
    jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/authorization/ReadTest.java

Modified: jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/authorization/AbstractEvaluationTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/authorization/AbstractEvaluationTest.java?rev=1478707&r1=1478706&r2=1478707&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/authorization/AbstractEvaluationTest.java
(original)
+++ jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/authorization/AbstractEvaluationTest.java
Fri May  3 10:08:41 2013
@@ -188,6 +188,7 @@ public abstract class AbstractEvaluation
         }
         return sb.toString();
     }
+
     protected Map<String, Value> createGlobRestriction(String value) throws RepositoryException
{
         return Collections.singletonMap("rep:glob", testSession.getValueFactory().createValue(value));
     }
@@ -223,7 +224,7 @@ public abstract class AbstractEvaluation
         return modify(path, testUser.getPrincipal(), privilegesFromName(privilege), isAllow,
EMPTY_RESTRICTIONS);
     }
 
-    private JackrabbitAccessControlList modify(String path, Principal principal, Privilege[]
privileges, boolean isAllow, Map<String, Value> restrictions) throws Exception {
+    protected JackrabbitAccessControlList modify(String path, Principal principal, Privilege[]
privileges, boolean isAllow, Map<String, Value> restrictions) throws Exception {
         JackrabbitAccessControlList tmpl = AccessControlUtils.getAccessControlList(acMgr,
path);
         tmpl.addEntry(principal, privileges, isAllow, restrictions);
 

Modified: jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/authorization/ReadTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/authorization/ReadTest.java?rev=1478707&r1=1478706&r2=1478707&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/authorization/ReadTest.java
(original)
+++ jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/authorization/ReadTest.java
Fri May  3 10:08:41 2013
@@ -16,12 +16,17 @@
  */
 package org.apache.jackrabbit.oak.jcr.security.authorization;
 
+import java.security.Principal;
+import java.util.HashSet;
+import java.util.Set;
 import javax.jcr.Node;
 import javax.jcr.PathNotFoundException;
 import javax.jcr.Session;
+import javax.jcr.security.Privilege;
 
+import org.apache.jackrabbit.api.security.JackrabbitAccessControlManager;
+import org.apache.jackrabbit.api.security.user.Group;
 import org.apache.jackrabbit.oak.spi.security.principal.EveryonePrincipal;
-import org.junit.Ignore;
 import org.junit.Test;
 
 import static org.junit.Assert.assertArrayEquals;
@@ -319,4 +324,58 @@ public class ReadTest extends AbstractEv
         assertFalse(testSession.hasPermission(propPath, javax.jcr.Session.ACTION_READ));
         assertFalse(testSession.propertyExists(propPath));
     }
+
+    @Test
+    public void testGlobRestriction2() throws Exception {
+        Group group2 = getUserManager(superuser).createGroup("group2");
+        Group group3 = getUserManager(superuser).createGroup("group3");
+        superuser.save();
+
+        try {
+            Privilege[] readPrivs = privilegesFromName(Privilege.JCR_READ);
+
+            modify(path, getTestGroup().getPrincipal(), readPrivs, true, createGlobRestriction("/*"));
+            allow(path, group2.getPrincipal(), readPrivs);
+            deny(path, group3.getPrincipal(), readPrivs);
+
+            Set<Principal> principals = new HashSet();
+            principals.add(getTestGroup().getPrincipal());
+            principals.add(group2.getPrincipal());
+            principals.add(group3.getPrincipal());
+
+            assertFalse(((JackrabbitAccessControlManager) acMgr).hasPrivileges(path, principals,
readPrivs));
+            assertFalse(((JackrabbitAccessControlManager) acMgr).hasPrivileges(childNPath,
principals, readPrivs));
+        } finally {
+            group2.remove();
+            group3.remove();
+            superuser.save();
+        }
+    }
+
+    @Test
+    public void testGlobRestriction3() throws Exception {
+        Group group2 = getUserManager(superuser).createGroup("group2");
+        Group group3 = getUserManager(superuser).createGroup("group3");
+        superuser.save();
+
+        try {
+            Privilege[] readPrivs = privilegesFromName(Privilege.JCR_READ);
+
+            allow(path, group2.getPrincipal(), readPrivs);
+            deny(path, group3.getPrincipal(), readPrivs);
+            modify(path, getTestGroup().getPrincipal(), readPrivs, true, createGlobRestriction("/*"));
+
+            Set<Principal> principals = new HashSet();
+            principals.add(getTestGroup().getPrincipal());
+            principals.add(group2.getPrincipal());
+            principals.add(group3.getPrincipal());
+
+            assertFalse(((JackrabbitAccessControlManager) acMgr).hasPrivileges(path, principals,
readPrivs));
+            assertTrue(((JackrabbitAccessControlManager) acMgr).hasPrivileges(childNPath,
principals, readPrivs));
+        } finally {
+            group2.remove();
+            group3.remove();
+            superuser.save();
+        }
+    }
 }



Mime
View raw message