Return-Path: X-Original-To: apmail-jackrabbit-oak-commits-archive@minotaur.apache.org Delivered-To: apmail-jackrabbit-oak-commits-archive@minotaur.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id ABA731063B for ; Thu, 12 Dec 2013 14:25:02 +0000 (UTC) Received: (qmail 70067 invoked by uid 500); 12 Dec 2013 14:25:02 -0000 Delivered-To: apmail-jackrabbit-oak-commits-archive@jackrabbit.apache.org Received: (qmail 70023 invoked by uid 500); 12 Dec 2013 14:25:01 -0000 Mailing-List: contact oak-commits-help@jackrabbit.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: oak-dev@jackrabbit.apache.org Delivered-To: mailing list oak-commits@jackrabbit.apache.org Received: (qmail 69982 invoked by uid 99); 12 Dec 2013 14:24:58 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 12 Dec 2013 14:24:58 +0000 X-ASF-Spam-Status: No, hits=-2000.0 required=5.0 tests=ALL_TRUSTED X-Spam-Check-By: apache.org Received: from [140.211.11.4] (HELO eris.apache.org) (140.211.11.4) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 12 Dec 2013 14:24:55 +0000 Received: from eris.apache.org (localhost [127.0.0.1]) by eris.apache.org (Postfix) with ESMTP id EB9DB238890D; Thu, 12 Dec 2013 14:24:33 +0000 (UTC) Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Subject: svn commit: r1550423 - /jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/authorization/SessionMoveTest.java Date: Thu, 12 Dec 2013 14:24:33 -0000 To: oak-commits@jackrabbit.apache.org From: angela@apache.org X-Mailer: svnmailer-1.0.9 Message-Id: <20131212142433.EB9DB238890D@eris.apache.org> X-Virus-Checked: Checked by ClamAV on apache.org Author: angela Date: Thu Dec 12 14:24:33 2013 New Revision: 1550423 URL: http://svn.apache.org/r1550423 Log: OAK-710 : PermissionValidator: Proper permission evaluation for moving/renaming nodes (tests) Modified: jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/authorization/SessionMoveTest.java Modified: jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/authorization/SessionMoveTest.java URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/authorization/SessionMoveTest.java?rev=1550423&r1=1550422&r2=1550423&view=diff ============================================================================== --- jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/authorization/SessionMoveTest.java (original) +++ jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/authorization/SessionMoveTest.java Thu Dec 12 14:24:33 2013 @@ -43,6 +43,17 @@ public class SessionMoveTest extends Abs session.save(); } + private void setupMovePermissions() throws Exception { + allow(path, privilegesFromNames(new String[]{ + Privilege.JCR_REMOVE_NODE, + Privilege.JCR_REMOVE_CHILD_NODES + })); + allow(siblingPath, privilegesFromNames(new String[] { + Privilege.JCR_ADD_CHILD_NODES, + Privilege.JCR_NODE_TYPE_MANAGEMENT})); + + } + @Test public void testMoveAndRemoveSubTree() throws Exception { allow(path, privilegesFromName(Privilege.JCR_REMOVE_CHILD_NODES)); @@ -315,12 +326,7 @@ public class SessionMoveTest extends Abs @Test public void testMoveAndAddProperty() throws Exception { - allow(path, privilegesFromNames(new String[]{ - Privilege.JCR_REMOVE_NODE, - Privilege.JCR_REMOVE_CHILD_NODES, - Privilege.JCR_ADD_CHILD_NODES, - Privilege.JCR_NODE_TYPE_MANAGEMENT - })); + setupMovePermissions(); testSession.move(nodePath3, siblingDestPath); Node destNode = testSession.getNode(siblingDestPath); @@ -331,20 +337,23 @@ public class SessionMoveTest extends Abs } catch (AccessDeniedException e) { // success } + } + + @Test + public void testMoveAndAddProperty2() throws Exception { + setupMovePermissions(); + allow(childNPath, privilegesFromName(PrivilegeConstants.REP_ADD_PROPERTIES)); - allow(siblingPath, privilegesFromName(PrivilegeConstants.REP_ADD_PROPERTIES)); + testSession.move(nodePath3, siblingDestPath); + Node destNode = testSession.getNode(siblingDestPath); + Property p = destNode.setProperty("newProp", "val"); // now save must succeed testSession.save(); } @Test public void testMoveAndModifyProperty() throws Exception { - allow(path, privilegesFromNames(new String[]{ - Privilege.JCR_REMOVE_NODE, - Privilege.JCR_REMOVE_CHILD_NODES, - Privilege.JCR_ADD_CHILD_NODES, - Privilege.JCR_NODE_TYPE_MANAGEMENT - })); + setupMovePermissions(); testSession.move(nodePath3, siblingDestPath); Node destNode = testSession.getNode(siblingDestPath); @@ -355,19 +364,37 @@ public class SessionMoveTest extends Abs } catch (AccessDeniedException e) { // success } + } + @Test + public void testMoveAndModifyProperty2() throws Exception { + setupMovePermissions(); allow(siblingPath, privilegesFromName(PrivilegeConstants.REP_ALTER_PROPERTIES)); - testSession.save(); + + testSession.move(nodePath3, siblingDestPath); + Node destNode = testSession.getNode(siblingDestPath); + destNode.setProperty("movedProp", "modified"); + try { + testSession.save(); + fail("Missing MODIFY_PROPERTY permission."); + } catch (AccessDeniedException e) { + // success + } + } + + @Test + public void testMoveAndModifyProperty3() throws Exception { + setupMovePermissions(); + allow(childNPath, privilegesFromName(PrivilegeConstants.REP_ALTER_PROPERTIES)); + + testSession.move(nodePath3, siblingDestPath); + Node destNode = testSession.getNode(siblingDestPath); + destNode.setProperty("movedProp", "modified"); } @Test public void testMoveAndRemoveProperty() throws Exception { - allow(path, privilegesFromNames(new String[]{ - Privilege.JCR_REMOVE_NODE, - Privilege.JCR_REMOVE_CHILD_NODES, - Privilege.JCR_ADD_CHILD_NODES, - Privilege.JCR_NODE_TYPE_MANAGEMENT - })); + setupMovePermissions(); testSession.move(nodePath3, siblingDestPath); Node destNode = testSession.getNode(siblingDestPath); @@ -378,19 +405,28 @@ public class SessionMoveTest extends Abs } catch (AccessDeniedException e) { // success } - - allow(siblingPath, privilegesFromName(PrivilegeConstants.REP_REMOVE_PROPERTIES)); - testSession.save(); } @Test - public void testMoveAndAddPropertyAtSource() throws Exception { + public void testMoveAndRemoveProperty2() throws Exception { allow(path, privilegesFromNames(new String[]{ Privilege.JCR_REMOVE_NODE, Privilege.JCR_REMOVE_CHILD_NODES, - Privilege.JCR_ADD_CHILD_NODES, - Privilege.JCR_NODE_TYPE_MANAGEMENT + PrivilegeConstants.REP_REMOVE_PROPERTIES })); + allow(siblingPath, privilegesFromNames(new String[] { + Privilege.JCR_ADD_CHILD_NODES, + Privilege.JCR_NODE_TYPE_MANAGEMENT})); + + testSession.move(nodePath3, siblingDestPath); + Node destNode = testSession.getNode(siblingDestPath); + destNode.getProperty("movedProp").remove(); + testSession.save(); + } + + @Test + public void testMoveAndAddPropertyAtSource() throws Exception { + setupMovePermissions(); testSession.move(nodePath3, siblingDestPath); Node n = testSession.getNode(childNPath); @@ -401,19 +437,22 @@ public class SessionMoveTest extends Abs } catch (AccessDeniedException e) { // success } + } + @Test + public void testMoveAndAddPropertyAtSource2() throws Exception { + setupMovePermissions(); allow(childNPath, privilegesFromName(PrivilegeConstants.REP_ADD_PROPERTIES)); + + testSession.move(nodePath3, siblingDestPath); + Node n = testSession.getNode(childNPath); + Property p = n.setProperty("newProp", "val"); testSession.save(); } @Test public void testMoveAndModifyPropertyAtSource() throws Exception { - allow(path, privilegesFromNames(new String[]{ - Privilege.JCR_REMOVE_NODE, - Privilege.JCR_REMOVE_CHILD_NODES, - Privilege.JCR_ADD_CHILD_NODES, - Privilege.JCR_NODE_TYPE_MANAGEMENT - })); + setupMovePermissions(); testSession.move(nodePath3, siblingDestPath); Node n = testSession.getNode(childNPath); @@ -431,13 +470,20 @@ public class SessionMoveTest extends Abs } @Test + public void testMoveAndModifyPropertyAtSource2() throws Exception { + setupMovePermissions(); + allow(childNPath, privilegesFromName(PrivilegeConstants.REP_ALTER_PROPERTIES)); + + testSession.move(nodePath3, siblingDestPath); + Node n = testSession.getNode(childNPath); + assertTrue(n.hasProperty(propertyName1)); + n.setProperty(propertyName1, "modified"); + testSession.save(); + } + + @Test public void testMoveAndRemovePropertyAtSource() throws Exception { - allow(path, privilegesFromNames(new String[]{ - Privilege.JCR_REMOVE_NODE, - Privilege.JCR_REMOVE_CHILD_NODES, - Privilege.JCR_ADD_CHILD_NODES, - Privilege.JCR_NODE_TYPE_MANAGEMENT - })); + setupMovePermissions(); testSession.move(nodePath3, siblingDestPath); Node n = testSession.getNode(childNPath); @@ -449,14 +495,33 @@ public class SessionMoveTest extends Abs } catch (AccessDeniedException e) { // success } + } + @Test + public void testMoveAndRemovePropertyAtSource2() throws Exception { + setupMovePermissions(); allow(childNPath, privilegesFromName(PrivilegeConstants.REP_REMOVE_PROPERTIES)); + + testSession.move(nodePath3, siblingDestPath); + Node n = testSession.getNode(childNPath); + assertTrue(n.hasProperty(propertyName1)); + n.getProperty(propertyName1).remove(); testSession.save(); } + /** + * Moving and removing the moved node at destination should be treated like + * a simple removal at the original position. + */ @Test public void testMoveAndRemoveDestination() throws Exception { - // TODO + allow(path, privilegesFromName(Privilege.JCR_REMOVE_CHILD_NODES)); + allow(childNPath, privilegesFromName(Privilege.JCR_REMOVE_NODE)); + + testSession.move(nodePath3, siblingDestPath); + Node destNode = testSession.getNode(siblingDestPath); + destNode.remove(); + testSession.save(); } @Test