Package org.apache.jackrabbit.oak.security.authorization.permission

Source Code of org.apache.jackrabbit.oak.security.authorization.permission.TreePermissionImplTest

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
/*
* Licensed to the Apache Software Foundation (ASF) under one or more
* contributor license agreements.  See the NOTICE file distributed with
* this work for additional information regarding copyright ownership.
* The ASF licenses this file to You under the Apache License, Version 2.0
* (the "License"); you may not use this file except in compliance with
* the License.  You may obtain a copy of the License at
*
*      http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.apache.jackrabbit.oak.security.authorization.permission;

import java.security.Principal;
import javax.jcr.security.AccessControlManager;

import org.apache.jackrabbit.JcrConstants;
import org.apache.jackrabbit.api.security.JackrabbitAccessControlList;
import org.apache.jackrabbit.commons.jackrabbit.authorization.AccessControlUtils;
import org.apache.jackrabbit.oak.AbstractSecurityTest;
import org.apache.jackrabbit.oak.api.ContentSession;
import org.apache.jackrabbit.oak.api.Tree;
import org.apache.jackrabbit.oak.spi.security.authorization.AuthorizationConfiguration;
import org.apache.jackrabbit.oak.spi.security.authorization.accesscontrol.AccessControlConstants;
import org.apache.jackrabbit.oak.spi.security.authorization.permission.PermissionProvider;
import org.apache.jackrabbit.oak.spi.security.authorization.permission.TreePermission;
import org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeConstants;
import org.apache.jackrabbit.oak.util.NodeUtil;
import org.junit.Test;

import static org.junit.Assert.assertFalse;
import static org.junit.Assert.assertTrue;

public class TreePermissionImplTest extends AbstractSecurityTest implements AccessControlConstants {

    private AuthorizationConfiguration config;
    private Principal testPrincipal;

    @Override
    public void before() throws Exception {
        super.before();

        new NodeUtil(root.getTree("/")).addChild("test", JcrConstants.NT_UNSTRUCTURED);
        root.commit();
        config = getSecurityProvider().getConfiguration(AuthorizationConfiguration.class);
        testPrincipal = getTestUser().getPrincipal();
    }

    @Override
    public void after() throws Exception {
        try {
            root.getTree("/test").remove();
            if (root.hasPendingChanges()) {
                root.commit();
            }
        } finally {
            super.after();
        }
    }

    private TreePermission getTreePermission(String path) throws Exception {
        ContentSession testSession = createTestSession();
        PermissionProvider pp = config.getPermissionProvider(testSession.getLatestRoot(), testSession.getWorkspaceName(), testSession.getAuthInfo().getPrincipals());

        return pp.getTreePermission(root.getTree(path), TreePermission.EMPTY);
    }

    @Test
    public void testCanReadProperties() throws Exception {
        AccessControlManager acMgr = getAccessControlManager(root);
        JackrabbitAccessControlList acl = AccessControlUtils.getAccessControlList(acMgr, "/test");
        acl.addEntry(testPrincipal, privilegesFromNames(PrivilegeConstants.JCR_READ), true);
        acl.addEntry(testPrincipal, privilegesFromNames(PrivilegeConstants.REP_READ_PROPERTIES), false);
        acMgr.setPolicy("/test", acl);
        root.commit();

        TreePermission tp = getTreePermission("/test");

        assertFalse(tp.canReadProperties());
        assertTrue(tp.canRead());
        assertFalse(tp.canReadProperties());
    }

    @Test
    public void testCanReadProperties2() throws Exception {
        AccessControlManager acMgr = getAccessControlManager(root);
        JackrabbitAccessControlList acl = AccessControlUtils.getAccessControlList(acMgr, "/test");
        acl.addEntry(getTestUser().getPrincipal(), privilegesFromNames(PrivilegeConstants.JCR_READ), true);
        acMgr.setPolicy("/test", acl);
        root.commit();

        Tree policyTree = root.getTree("/test/rep:policy");
        NodeUtil ace = new NodeUtil(policyTree).addChild("ace2", NT_REP_DENY_ACE);
        ace.setNames(REP_PRIVILEGES, PrivilegeConstants.REP_READ_PROPERTIES);
        ace.setString(REP_PRINCIPAL_NAME, getTestUser().getPrincipal().getName());
        root.commit();

        TreePermission tp = getTreePermission("/test");

        assertFalse(tp.canReadProperties());
        assertTrue(tp.canRead());
        assertFalse(tp.canReadProperties());
    }
}
TOP

Related Classes of org.apache.jackrabbit.oak.security.authorization.permission.TreePermissionImplTest

  • org.apache.jackrabbit.api.security.JackrabbitAccessControlList
  • org.apache.jackrabbit.oak.api.ContentSession
  • org.apache.jackrabbit.oak.api.Tree
  • org.apache.jackrabbit.oak.spi.security.authorization.permission.PermissionProvider
  • org.apache.jackrabbit.oak.spi.security.authorization.permission.TreePermission
  • org.apache.jackrabbit.oak.util.NodeUtil
  • javax.jcr.security.AccessControlManager
    • TOP
    Copyright © 2018 www.massapi.com. All rights reserved.
    All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.