Package org.apache.sling.launchpad.webapp.integrationtest.accessManager

Source Code of org.apache.sling.launchpad.webapp.integrationtest.accessManager.ModifyAceTest

/*
* Licensed to the Apache Software Foundation (ASF) under one or more
* contributor license agreements.  See the NOTICE file distributed with
* this work for additional information regarding copyright ownership.
* The ASF licenses this file to You under the Apache License, Version 2.0
* (the "License"); you may not use this file except in compliance with
* the License.  You may obtain a copy of the License at
*
*      http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.apache.sling.launchpad.webapp.integrationtest.accessManager;

import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertNotNull;
import static org.junit.Assert.assertNull;
import static org.junit.Assert.assertFalse;

import java.io.IOException;
import java.util.ArrayList;
import java.util.HashSet;
import java.util.List;
import java.util.Set;

import javax.servlet.http.HttpServletResponse;

import org.apache.commons.httpclient.Credentials;
import org.apache.commons.httpclient.NameValuePair;
import org.apache.commons.httpclient.UsernamePasswordCredentials;
import org.apache.sling.commons.json.JSONArray;
import org.apache.sling.commons.json.JSONException;
import org.apache.sling.commons.json.JSONObject;
import org.apache.sling.commons.testing.integration.HttpTest;
import org.junit.After;
import org.junit.Before;
import org.junit.Test;
import org.junit.experimental.categories.Category;

/**
* Tests for the 'modifyAce' Sling Post Operation
*/
public class ModifyAceTest {

  String testUserId = null;
  String testUserId2 = null;
  String testGroupId = null;
  String testFolderUrl = null;
 
  private final AccessManagerTestUtil H = new AccessManagerTestUtil()
 
  @Before
    public void setup() throws Exception {
      H.setUp();
  }
  @After
  public void cleanup() throws Exception {
    H.tearDown();

    Credentials creds = new UsernamePasswordCredentials("admin", "admin");

    if (testFolderUrl != null) {
      //remove the test user if it exists.
      String postUrl = testFolderUrl;
      List<NameValuePair> postParams = new ArrayList<NameValuePair>();
      postParams.add(new NameValuePair(":operation", "delete"));
      H.assertAuthenticatedPostStatus(creds, postUrl, HttpServletResponse.SC_OK, postParams, null);
    }
    if (testGroupId != null) {
      //remove the test user if it exists.
      String postUrl = HttpTest.HTTP_BASE_URL + "/system/userManager/group/" + testGroupId + ".delete.html";
      List<NameValuePair> postParams = new ArrayList<NameValuePair>();
      H.assertAuthenticatedPostStatus(creds, postUrl, HttpServletResponse.SC_OK, postParams, null);
    }
    if (testUserId != null) {
      //remove the test user if it exists.
      String postUrl = HttpTest.HTTP_BASE_URL + "/system/userManager/user/" + testUserId + ".delete.html";
      List<NameValuePair> postParams = new ArrayList<NameValuePair>();
      H.assertAuthenticatedPostStatus(creds, postUrl, HttpServletResponse.SC_OK, postParams, null);
    }
    if (testUserId2 != null) {
      //remove the test user if it exists.
      String postUrl = HttpTest.HTTP_BASE_URL + "/system/userManager/user/" + testUserId2 + ".delete.html";
      List<NameValuePair> postParams = new ArrayList<NameValuePair>();
      H.assertAuthenticatedPostStatus(creds, postUrl, HttpServletResponse.SC_OK, postParams, null);
    }
  }

  @Test
  public void testModifyAceForUser() throws IOException, JSONException {
    testUserId = H.createTestUser();
   
    testFolderUrl = H.createTestFolder();
   
        String postUrl = testFolderUrl + ".modifyAce.html";

    List<NameValuePair> postParams = new ArrayList<NameValuePair>();
    postParams.add(new NameValuePair("principalId", testUserId));
    postParams.add(new NameValuePair("privilege@jcr:read", "granted"));
    postParams.add(new NameValuePair("privilege@jcr:write", "denied"));
    postParams.add(new NameValuePair("privilege@jcr:modifyAccessControl", "bogus")); //invalid value should be ignored.
   
    Credentials creds = new UsernamePasswordCredentials("admin", "admin");
    H.assertAuthenticatedPostStatus(creds, postUrl, HttpServletResponse.SC_OK, postParams, null);
   
   
    //fetch the JSON for the acl to verify the settings.
    String getUrl = testFolderUrl + ".acl.json";

    String json = H.getAuthenticatedContent(creds, getUrl, HttpTest.CONTENT_TYPE_JSON, null, HttpServletResponse.SC_OK);
    assertNotNull(json);
    JSONObject jsonObject = new JSONObject(json);
    assertEquals(1, jsonObject.length());
   
    JSONObject aceObject = jsonObject.optJSONObject(testUserId);
    assertNotNull(aceObject);
   
    String principalString = aceObject.optString("principal");
    assertEquals(testUserId, principalString);

          int order = aceObject.optInt("order");
          assertEquals(0, order);

    JSONArray grantedArray = aceObject.optJSONArray("granted");
    assertNotNull(grantedArray);
    assertEquals(1, grantedArray.length());
    assertEquals("jcr:read", grantedArray.getString(0));

    JSONArray deniedArray = aceObject.optJSONArray("denied");
    assertNotNull(deniedArray);
    assertEquals(1, deniedArray.length());
    assertEquals("jcr:write", deniedArray.getString(0));
  }

  @Test
  public void testModifyAceForGroup() throws IOException, JSONException {
    testGroupId = H.createTestGroup();

    testFolderUrl = H.createTestFolder();

        String postUrl = testFolderUrl + ".modifyAce.html";

    List<NameValuePair> postParams = new ArrayList<NameValuePair>();
    postParams.add(new NameValuePair("principalId", testGroupId));
    postParams.add(new NameValuePair("privilege@jcr:read", "granted"));
    postParams.add(new NameValuePair("privilege@jcr:write", "denied"));
    postParams.add(new NameValuePair("privilege@jcr:modifyAccessControl", "bogus")); //invalid value should be ignored.
   
    Credentials creds = new UsernamePasswordCredentials("admin", "admin");
    H.assertAuthenticatedPostStatus(creds, postUrl, HttpServletResponse.SC_OK, postParams, null);
   
   
    //fetch the JSON for the acl to verify the settings.
    String getUrl = testFolderUrl + ".acl.json";

    String json = H.getAuthenticatedContent(creds, getUrl, HttpTest.CONTENT_TYPE_JSON, null, HttpServletResponse.SC_OK);
    assertNotNull(json);
    JSONObject jsonObject = new JSONObject(json);
    assertEquals(1, jsonObject.length());
   
    JSONObject aceObject = jsonObject.optJSONObject(testGroupId);
    assertNotNull(aceObject);

          int order = aceObject.optInt("order");
          assertEquals(0, order);

    String principalString = aceObject.optString("principal");
    assertEquals(testGroupId, principalString);
   
    JSONArray grantedArray = aceObject.optJSONArray("granted");
    assertNotNull(grantedArray);
    assertEquals(1, grantedArray.length());
    assertEquals("jcr:read", grantedArray.getString(0));

    JSONArray deniedArray = aceObject.optJSONArray("denied");
    assertNotNull(deniedArray);
    assertEquals("jcr:write", deniedArray.getString(0));
  }
 
  /**
   * Test for SLING-997, preserve privileges that were not posted with the modifyAce
   * request.
   */
  @Test
  public void testMergeAceForUser() throws IOException, JSONException {
    testUserId = H.createTestUser();
    testFolderUrl = H.createTestFolder();
   
        String postUrl = testFolderUrl + ".modifyAce.html";

        //1. create an initial set of privileges
    List<NameValuePair> postParams = new ArrayList<NameValuePair>();
    postParams.add(new NameValuePair("principalId", testUserId));
    postParams.add(new NameValuePair("privilege@jcr:read", "granted"));
    postParams.add(new NameValuePair("privilege@jcr:readAccessControl", "granted"));
    postParams.add(new NameValuePair("privilege@jcr:addChildNodes", "granted"));
    postParams.add(new NameValuePair("privilege@jcr:modifyAccessControl", "denied"));
    postParams.add(new NameValuePair("privilege@jcr:removeChildNodes", "denied"));
   
    Credentials creds = new UsernamePasswordCredentials("admin", "admin");
    H.assertAuthenticatedPostStatus(creds, postUrl, HttpServletResponse.SC_OK, postParams, null);
   
    //fetch the JSON for the acl to verify the settings.
    String getUrl = testFolderUrl + ".acl.json";

    String json = H.getAuthenticatedContent(creds, getUrl, HttpTest.CONTENT_TYPE_JSON, null, HttpServletResponse.SC_OK);
    assertNotNull(json);
    JSONObject jsonObject = new JSONObject(json);
    assertEquals(1, jsonObject.length());
   
    JSONObject aceObject = jsonObject.optJSONObject(testUserId);
    assertNotNull(aceObject);

    String principalString = aceObject.optString("principal");
    assertEquals(testUserId, principalString);
   
          int order = aceObject.optInt("order");
          assertEquals(0, order);

    JSONArray grantedArray = aceObject.optJSONArray("granted");
    assertNotNull(grantedArray);
    assertEquals(3, grantedArray.length());
    Set<String> grantedPrivilegeNames = new HashSet<String>();
    for (int i=0; i < grantedArray.length(); i++) {
      grantedPrivilegeNames.add(grantedArray.getString(i));
    }
    H.assertPrivilege(grantedPrivilegeNames, true, "jcr:read");
    H.assertPrivilege(grantedPrivilegeNames, true, "jcr:readAccessControl");
    H.assertPrivilege(grantedPrivilegeNames, true, "jcr:addChildNodes");

    JSONArray deniedArray = aceObject.optJSONArray("denied");
    assertNotNull(deniedArray);
    assertEquals(2, deniedArray.length());
    Set<String> deniedPrivilegeNames = new HashSet<String>();
    for (int i=0; i < deniedArray.length(); i++) {
      deniedPrivilegeNames.add(deniedArray.getString(i));
    }
    H.assertPrivilege(deniedPrivilegeNames, true, "jcr:modifyAccessControl");
    H.assertPrivilege(deniedPrivilegeNames, true, "jcr:removeChildNodes");
   
   
   
        //2. post a new set of privileges to merge with the existing privileges
    List<NameValuePair> postParams2 = new ArrayList<NameValuePair>();
    postParams2.add(new NameValuePair("principalId", testUserId));
    //jcr:read and jcr:addChildNodes are not posted, so they should remain in the granted ACE
    postParams2.add(new NameValuePair("privilege@jcr:readAccessControl", "none")); //clear the existing privilege
    postParams2.add(new NameValuePair("privilege@jcr:modifyProperties", "granted")); //add a new privilege
    //jcr:modifyAccessControl is not posted, so it should remain in the denied ACE
    postParams2.add(new NameValuePair("privilege@jcr:modifyAccessControl", "denied")); //deny the modifyAccessControl privilege
    postParams2.add(new NameValuePair("privilege@jcr:removeChildNodes", "none")); //clear the existing privilege
    postParams2.add(new NameValuePair("privilege@jcr:removeNode", "denied")); //deny a new privilege
   
    H.assertAuthenticatedPostStatus(creds, postUrl, HttpServletResponse.SC_OK, postParams2, null);
   
   
    //fetch the JSON for the acl to verify the settings.
    String json2 = H.getAuthenticatedContent(creds, getUrl, HttpTest.CONTENT_TYPE_JSON, null, HttpServletResponse.SC_OK);
    assertNotNull(json2);
    JSONObject jsonObject2 = new JSONObject(json2);
    assertEquals(1, jsonObject2.length());
   
    JSONObject aceObject2 = jsonObject2.optJSONObject(testUserId);
    assertNotNull(aceObject2);

    String principalString2 = aceObject2.optString("principal");
    assertEquals(testUserId, principalString2);
   
    JSONArray grantedArray2 = aceObject2.optJSONArray("granted");
    assertNotNull(grantedArray2);
    assertEquals(3, grantedArray2.length());
    Set<String> grantedPrivilegeNames2 = new HashSet<String>();
    for (int i=0; i < grantedArray2.length(); i++) {
      grantedPrivilegeNames2.add(grantedArray2.getString(i));
    }
    H.assertPrivilege(grantedPrivilegeNames2, true, "jcr:read");
    H.assertPrivilege(grantedPrivilegeNames2, true, "jcr:addChildNodes");
    H.assertPrivilege(grantedPrivilegeNames2, true, "jcr:modifyProperties");

    JSONArray deniedArray2 = aceObject2.optJSONArray("denied");
    assertNotNull(deniedArray2);
    assertEquals(2, deniedArray2.length());
    Set<String> deniedPrivilegeNames2 = new HashSet<String>();
    for (int i=0; i < deniedArray2.length(); i++) {
      deniedPrivilegeNames2.add(deniedArray2.getString(i));
    }
    H.assertPrivilege(deniedPrivilegeNames2, true, "jcr:modifyAccessControl");
    H.assertPrivilege(deniedPrivilegeNames2, true, "jcr:removeNode");
  }

 
  /**
   * Test for SLING-997, preserve privileges that were not posted with the modifyAce
   * request.
   */
  @Test
  public void testMergeAceForUserSplitAggregatePrincipal() throws IOException, JSONException {
    testUserId = H.createTestUser();
    testFolderUrl = H.createTestFolder();
   
        String postUrl = testFolderUrl + ".modifyAce.html";

        //1. create an initial set of privileges
    List<NameValuePair> postParams = new ArrayList<NameValuePair>();
    postParams.add(new NameValuePair("principalId", testUserId));
    postParams.add(new NameValuePair("privilege@jcr:read", "granted"));
    postParams.add(new NameValuePair("privilege@jcr:write", "denied"));
   
    Credentials creds = new UsernamePasswordCredentials("admin", "admin");
    H.assertAuthenticatedPostStatus(creds, postUrl, HttpServletResponse.SC_OK, postParams, null);
   
    //fetch the JSON for the acl to verify the settings.
    String getUrl = testFolderUrl + ".acl.json";

    String json = H.getAuthenticatedContent(creds, getUrl, HttpTest.CONTENT_TYPE_JSON, null, HttpServletResponse.SC_OK);
    assertNotNull(json);
   
    JSONObject jsonObject = new JSONObject(json);
    assertEquals(1, jsonObject.length());
   
    JSONObject aceObject = jsonObject.optJSONObject(testUserId);
    assertNotNull(aceObject);
   
    assertEquals(testUserId, aceObject.optString("principal"));
   
    JSONArray grantedArray = aceObject.optJSONArray("granted");
    assertNotNull(grantedArray);
    assertEquals(1, grantedArray.length());
    Set<String> grantedPrivilegeNames = new HashSet<String>();
    for (int i=0; i < grantedArray.length(); i++) {
      grantedPrivilegeNames.add(grantedArray.getString(i));
    }
    H.assertPrivilege(grantedPrivilegeNames, true, "jcr:read");

    JSONArray deniedArray = aceObject.optJSONArray("denied");
    assertNotNull(deniedArray);
    assertEquals(1, deniedArray.length());
    Set<String> deniedPrivilegeNames = new HashSet<String>();
    for (int i=0; i < deniedArray.length(); i++) {
      deniedPrivilegeNames.add(deniedArray.getString(i));
    }
    H.assertPrivilege(deniedPrivilegeNames, true, "jcr:write");
   
   
   
        //2. post a new set of privileges to merge with the existing privileges
    List<NameValuePair> postParams2 = new ArrayList<NameValuePair>();
    postParams2.add(new NameValuePair("principalId", testUserId));
    //jcr:read is not posted, so it should remain in the granted ACE
    postParams2.add(new NameValuePair("privilege@jcr:modifyProperties", "granted")); //add a new privilege
    //jcr:write is not posted, but one of the aggregate privileges is now granted, so the aggregate priviledge should be disagreaged into
    //  the remaining denied privileges in the denied ACE
   
    H.assertAuthenticatedPostStatus(creds, postUrl, HttpServletResponse.SC_OK, postParams2, null);
   
   
    //fetch the JSON for the acl to verify the settings.
    String json2 = H.getAuthenticatedContent(creds, getUrl, HttpTest.CONTENT_TYPE_JSON, null, HttpServletResponse.SC_OK);
    assertNotNull(json2);
   
    JSONObject jsonObject2 = new JSONObject(json2);
    assertEquals(1, jsonObject2.length());
   
    JSONObject aceObject2 = jsonObject2.optJSONObject(testUserId);
    assertNotNull(aceObject2);
   
    assertEquals(testUserId, aceObject2.optString("principal"));
   
    JSONArray grantedArray2 = aceObject2.optJSONArray("granted");
    assertNotNull(grantedArray2);
    assertEquals(2, grantedArray2.length());
    Set<String> grantedPrivilegeNames2 = new HashSet<String>();
    for (int i=0; i < grantedArray2.length(); i++) {
      grantedPrivilegeNames2.add(grantedArray2.getString(i));
    }
    H.assertPrivilege(grantedPrivilegeNames2, true, "jcr:read");
    H.assertPrivilege(grantedPrivilegeNames2, true, "jcr:modifyProperties");

    JSONArray deniedArray2 = aceObject2.optJSONArray("denied");
    assertNotNull(deniedArray2);
    assertEquals(3, deniedArray2.length());
    Set<String> deniedPrivilegeNames2 = new HashSet<String>();
    for (int i=0; i < deniedArray2.length(); i++) {
      deniedPrivilegeNames2.add(deniedArray2.getString(i));
    }
    H.assertPrivilege(deniedPrivilegeNames2, false, "jcr:write");
    //only the remaining privileges from the disaggregated jcr:write collection should remain.
    H.assertPrivilege(deniedPrivilegeNames2, true, "jcr:addChildNodes");
    H.assertPrivilege(deniedPrivilegeNames2, true, "jcr:removeNode");
    H.assertPrivilege(deniedPrivilegeNames2, true, "jcr:removeChildNodes");
  }

  /**
   * Test for SLING-997, preserve privileges that were not posted with the modifyAce
   * request.
   */
  @Test
  public void testMergeAceForUserCombineAggregatePrivilege() throws IOException, JSONException {
    testUserId = H.createTestUser();
    testFolderUrl = H.createTestFolder();
   
        String postUrl = testFolderUrl + ".modifyAce.html";

        //1. create an initial set of privileges
    List<NameValuePair> postParams = new ArrayList<NameValuePair>();
    postParams.add(new NameValuePair("principalId", testUserId));
    postParams.add(new NameValuePair("privilege@jcr:read", "granted"));
    postParams.add(new NameValuePair("privilege@jcr:removeNode", "denied"));
   
    Credentials creds = new UsernamePasswordCredentials("admin", "admin");
    H.assertAuthenticatedPostStatus(creds, postUrl, HttpServletResponse.SC_OK, postParams, null);
   
    //fetch the JSON for the acl to verify the settings.
    String getUrl = testFolderUrl + ".acl.json";

    String json = H.getAuthenticatedContent(creds, getUrl, HttpTest.CONTENT_TYPE_JSON, null, HttpServletResponse.SC_OK);
    assertNotNull(json);
   
    JSONObject jsonObject = new JSONObject(json);
    assertEquals(1, jsonObject.length());
   
    JSONObject aceObject = jsonObject.optJSONObject(testUserId);
    assertNotNull(aceObject);
   
    assertEquals(testUserId, aceObject.optString("principal"));
   
    JSONArray grantedArray = aceObject.getJSONArray("granted");
    assertNotNull(grantedArray);
    assertEquals(1, grantedArray.length());
    Set<String> grantedPrivilegeNames = new HashSet<String>();
    for (int i=0; i < grantedArray.length(); i++) {
      grantedPrivilegeNames.add(grantedArray.getString(i));
    }
    H.assertPrivilege(grantedPrivilegeNames, true, "jcr:read");

    JSONArray deniedArray = aceObject.getJSONArray("denied");
    assertNotNull(deniedArray);
    assertEquals(1, deniedArray.length());
    Set<String> deniedPrivilegeNames = new HashSet<String>();
    for (int i=0; i < deniedArray.length(); i++) {
      deniedPrivilegeNames.add(deniedArray.getString(i));
    }
    H.assertPrivilege(deniedPrivilegeNames, true, "jcr:removeNode");
   
   
   
        //2. post a new set of privileges to merge with the existing privileges
    List<NameValuePair> postParams2 = new ArrayList<NameValuePair>();
    postParams2.add(new NameValuePair("principalId", testUserId));
    //jcr:read is not posted, so it should remain in the granted ACE
   
    //deny the full jcr:write aggregate privilege, which should merge with the
    //existing part.
    postParams2.add(new NameValuePair("privilege@jcr:write", "denied")); //add a new privilege
   
    H.assertAuthenticatedPostStatus(creds, postUrl, HttpServletResponse.SC_OK, postParams2, null);
   
   
    //fetch the JSON for the acl to verify the settings.
    String json2 = H.getAuthenticatedContent(creds, getUrl, HttpTest.CONTENT_TYPE_JSON, null, HttpServletResponse.SC_OK);
    assertNotNull(json2);
   
    JSONObject jsonObject2 = new JSONObject(json2);
    assertEquals(1, jsonObject2.length());
   
    JSONObject aceObject2 = jsonObject2.optJSONObject(testUserId);
    assertNotNull(aceObject2);
   
    assertEquals(testUserId, aceObject.optString("principal"));
   
    JSONArray grantedArray2 = aceObject2.optJSONArray("granted");
    assertNotNull(grantedArray2);
    assertEquals(1, grantedArray2.length());
    Set<String> grantedPrivilegeNames2 = new HashSet<String>();
    for (int i=0; i < grantedArray2.length(); i++) {
      grantedPrivilegeNames2.add(grantedArray2.getString(i));
    }
    H.assertPrivilege(grantedPrivilegeNames2, true, "jcr:read");

    JSONArray deniedArray2 = aceObject2.optJSONArray("denied");
    assertNotNull(deniedArray2);
    assertEquals(1, deniedArray2.length());
    Set<String> deniedPrivilegeNames2 = new HashSet<String>();
    for (int i=0; i < deniedArray2.length(); i++) {
      deniedPrivilegeNames2.add(deniedArray2.getString(i));
    }
    H.assertPrivilege(deniedPrivilegeNames2, true, "jcr:write");
  }

 
  /**
   * Test ACE update with a deny privilege for an ACE that already contains
   * a grant privilege
   */
  @Test
  public void testMergeAceForUserDenyPrivilegeAfterGrantPrivilege() throws IOException, JSONException {
    testUserId = H.createTestUser();
    testFolderUrl = H.createTestFolder();
   
        String postUrl = testFolderUrl + ".modifyAce.html";

        //1. create an initial set of privileges
    List<NameValuePair> postParams = new ArrayList<NameValuePair>();
    postParams.add(new NameValuePair("principalId", testUserId));
    postParams.add(new NameValuePair("privilege@jcr:write", "granted"));
   
    Credentials creds = new UsernamePasswordCredentials("admin", "admin");
    H.assertAuthenticatedPostStatus(creds, postUrl, HttpServletResponse.SC_OK, postParams, null);
   
    //fetch the JSON for the acl to verify the settings.
    String getUrl = testFolderUrl + ".acl.json";

    String json = H.getAuthenticatedContent(creds, getUrl, HttpTest.CONTENT_TYPE_JSON, null, HttpServletResponse.SC_OK);
    assertNotNull(json);
   
    JSONObject jsonObject = new JSONObject(json);
    assertEquals(1, jsonObject.length());

    JSONObject aceObject = jsonObject.optJSONObject(testUserId);
    assertNotNull(aceObject);
   
    assertEquals(testUserId, aceObject.optString("principal"));
   
    JSONArray grantedArray = aceObject.optJSONArray("granted");
    assertNotNull(grantedArray);
    assertEquals(1, grantedArray.length());
    Set<String> grantedPrivilegeNames = new HashSet<String>();
    for (int i=0; i < grantedArray.length(); i++) {
      grantedPrivilegeNames.add(grantedArray.getString(i));
    }
    H.assertPrivilege(grantedPrivilegeNames, true, "jcr:write");

    assertFalse(aceObject.has("denied"));
   
   
        //2. post a new set of privileges to merge with the existing privileges
    List<NameValuePair> postParams2 = new ArrayList<NameValuePair>();
    postParams2.add(new NameValuePair("principalId", testUserId));
    //jcr:write is not posted, so it should remain in the granted ACE
   
    //deny the jcr:nodeTypeManagement privilege, which should merge with the
    //existing ACE.
    postParams2.add(new NameValuePair("privilege@jcr:nodeTypeManagement", "denied")); //add a new privilege
   
    H.assertAuthenticatedPostStatus(creds, postUrl, HttpServletResponse.SC_OK, postParams2, null);
   
   
    //fetch the JSON for the acl to verify the settings.
    String json2 = H.getAuthenticatedContent(creds, getUrl, HttpTest.CONTENT_TYPE_JSON, null, HttpServletResponse.SC_OK);
    assertNotNull(json2);

    JSONObject jsonObject2 = new JSONObject(json2);
    assertEquals(1, jsonObject2.length());
   
    JSONObject aceObject2 = jsonObject2.optJSONObject(testUserId);
    assertNotNull(aceObject2);
   
    assertEquals(testUserId, aceObject2.optString("principal"));
   
    JSONArray grantedArray2 = aceObject2.optJSONArray("granted");
    assertNotNull(grantedArray2);
    assertEquals(1, grantedArray2.length());
    Set<String> grantedPrivilegeNames2 = new HashSet<String>();
    for (int i=0; i < grantedArray2.length(); i++) {
      grantedPrivilegeNames2.add(grantedArray2.getString(i));
    }
    H.assertPrivilege(grantedPrivilegeNames2, true, "jcr:write");

    JSONArray deniedArray2 = aceObject2.optJSONArray("denied");
    assertNotNull(deniedArray2);
    assertEquals(1, deniedArray2.length());
    Set<String> deniedPrivilegeNames2 = new HashSet<String>();
    for (int i=0; i < deniedArray2.length(); i++) {
      deniedPrivilegeNames2.add(deniedArray2.getString(i));
    }
    H.assertPrivilege(deniedPrivilegeNames2, true, "jcr:nodeTypeManagement");
  }


 
  /**
   * Test to verify adding an ACE in the first position of
   * the ACL
   */
  @Test
  public void testAddAceOrderByFirst() throws IOException, JSONException {
    createAceOrderTestFolderWithOneAce();
   
    testGroupId = H.createTestGroup();

    addOrUpdateAce(testFolderUrl, testGroupId, true, "first");

    //fetch the JSON for the acl to verify the settings.
    String getUrl = testFolderUrl + ".acl.json";

    Credentials creds = new UsernamePasswordCredentials("admin", "admin");
    String json = H.getAuthenticatedContent(creds, getUrl, HttpTest.CONTENT_TYPE_JSON, null, HttpServletResponse.SC_OK);
    assertNotNull(json);

    JSONObject jsonObject = new JSONObject(json);
    assertEquals(2, jsonObject.length());

    JSONObject group = jsonObject.getJSONObject(testGroupId);
    assertNotNull(group);
    assertEquals(testGroupId, group.getString("principal"));
                assertEquals(0, group.getInt("order"));
    JSONObject user =  jsonObject.getJSONObject(testUserId);
                assertNotNull(user);
                assertEquals(testUserId, user.getString("principal"));
                assertEquals(1, user.getInt("order"));
 

  /**
   * Test to verify adding an ACE at the end
   * the ACL
   */
  @Test
  public void testAddAceOrderByLast() throws IOException, JSONException {
    createAceOrderTestFolderWithOneAce();
   
    testGroupId = H.createTestGroup();

    addOrUpdateAce(testFolderUrl, testGroupId, true, "last");

    //fetch the JSON for the acl to verify the settings.
    String getUrl = testFolderUrl + ".acl.json";

    Credentials creds = new UsernamePasswordCredentials("admin", "admin");
    String json = H.getAuthenticatedContent(creds, getUrl, HttpTest.CONTENT_TYPE_JSON, null, HttpServletResponse.SC_OK);
    assertNotNull(json);

    JSONObject jsonObject = new JSONObject(json);
    assertEquals(2, jsonObject.length());
   
                JSONObject user =  jsonObject.getJSONObject(testUserId);
                assertNotNull(user);
                assertEquals(testUserId, user.getString("principal"));
                assertEquals(0, user.getInt("order"));
                JSONObject group = jsonObject.getJSONObject(testGroupId);
                assertNotNull(group);
                assertEquals(testGroupId, group.getString("principal"));
                assertEquals(1, group.getInt("order"));

 

  /**
   * Test to verify adding an ACE before an existing ACE
   * the ACL
   */
  @Test
  public void testAddAceOrderByBefore() throws IOException, JSONException {
    createAceOrderTestFolderWithOneAce();
   
    testGroupId = H.createTestGroup();

    addOrUpdateAce(testFolderUrl, testGroupId, true, "before " + testUserId);

    //fetch the JSON for the acl to verify the settings.
    String getUrl = testFolderUrl + ".acl.json";

    Credentials creds = new UsernamePasswordCredentials("admin", "admin");
    String json = H.getAuthenticatedContent(creds, getUrl, HttpTest.CONTENT_TYPE_JSON, null, HttpServletResponse.SC_OK);
    assertNotNull(json);

   
                JSONObject jsonObject = new JSONObject(json);
                assertEquals(2, jsonObject.length());


                JSONObject group = jsonObject.getJSONObject(testGroupId);
                assertNotNull(group);
                assertEquals(testGroupId, group.getString("principal"));
                assertEquals(0, group.getInt("order"));
                JSONObject user =  jsonObject.getJSONObject(testUserId);
                assertNotNull(user);
                assertEquals(testUserId, user.getString("principal"));
                assertEquals(1, user.getInt("order"));

 

  /**
   * Test to verify adding an ACE after an existing ACE
   * the ACL
   */
  @Test
  public void testAddAceOrderByAfter() throws IOException, JSONException {
    createAceOrderTestFolderWithOneAce();
   
    testGroupId = H.createTestGroup();

    addOrUpdateAce(testFolderUrl, testGroupId, true, "after " + testUserId);

    //fetch the JSON for the acl to verify the settings.
    String getUrl = testFolderUrl + ".acl.json";

    Credentials creds = new UsernamePasswordCredentials("admin", "admin");
    String json = H.getAuthenticatedContent(creds, getUrl, HttpTest.CONTENT_TYPE_JSON, null, HttpServletResponse.SC_OK);
    assertNotNull(json);

                JSONObject jsonObject = new JSONObject(json);
                assertEquals(2, jsonObject.length());

                JSONObject user =  jsonObject.getJSONObject(testUserId);
                assertNotNull(user);
                assertEquals(testUserId, user.getString("principal"));
                assertEquals(0, user.getInt("order"));
                JSONObject group = jsonObject.getJSONObject(testGroupId);
                assertNotNull(group);
                assertEquals(testGroupId, group.getString("principal"));
                assertEquals(1, group.getInt("order"));

 

  /**
   * Test to verify adding an ACE at a specific index inside
   * the ACL
   */
  @Test
  public void testAddAceOrderByNumeric() throws IOException, JSONException {
    createAceOrderTestFolderWithOneAce();
   
    testGroupId = H.createTestGroup();
    addOrUpdateAce(testFolderUrl, testGroupId, true, "0");

    //fetch the JSON for the acl to verify the settings.
    String getUrl = testFolderUrl + ".acl.json";

    Credentials creds = new UsernamePasswordCredentials("admin", "admin");
    String json = H.getAuthenticatedContent(creds, getUrl, HttpTest.CONTENT_TYPE_JSON, null, HttpServletResponse.SC_OK);
    assertNotNull(json);

   
                JSONObject jsonObject = new JSONObject(json);
                assertEquals(2, jsonObject.length());

                JSONObject group = jsonObject.getJSONObject(testGroupId);
                assertNotNull(group);
                assertEquals(testGroupId, group.getString("principal"));
                assertEquals(0, group.getInt("order"));

                JSONObject user =  jsonObject.getJSONObject(testUserId);
                assertNotNull(user);
                assertEquals(testUserId, user.getString("principal"));
                assertEquals(1, user.getInt("order"));



    //add another principal between the testGroupId and testUserId
    testUserId2 = H.createTestUser();
    addOrUpdateAce(testFolderUrl, testUserId2, true, "1");

    String json2 = H.getAuthenticatedContent(creds, getUrl, HttpTest.CONTENT_TYPE_JSON, null, HttpServletResponse.SC_OK);
    assertNotNull(json2);

                JSONObject jsonObject2 = new JSONObject(json2);
                assertEquals(3, jsonObject2.length());

                JSONObject group2 = jsonObject2.getJSONObject(testGroupId);
                assertNotNull(group2);
                assertEquals(testGroupId, group2.getString("principal"));
                assertEquals(0, group2.getInt("order"));

                JSONObject user3 =  jsonObject2.getJSONObject(testUserId2);
                assertNotNull(user3);
                assertEquals(testUserId2, user3.getString("principal"));
                assertEquals(1, user3.getInt("order"));

                JSONObject user2 =  jsonObject2.getJSONObject(testUserId);
                assertNotNull(user2);
                assertEquals(testUserId, user2.getString("principal"));
                assertEquals(2, user2.getInt("order"));

 

  /**
   * Test to make sure modifying an existing ace without changing the order
   * leaves the ACE in the same position in the ACL
   */
  @Test
  public void testUpdateAcePreservePosition() throws IOException, JSONException {
    createAceOrderTestFolderWithOneAce();
   
    testGroupId = H.createTestGroup();

    addOrUpdateAce(testFolderUrl, testGroupId, true, "first");

    //update the ace to make sure the update does not change the ACE order
    addOrUpdateAce(testFolderUrl, testGroupId, false, null);
   
   
    //fetch the JSON for the acl to verify the settings.
    String getUrl = testFolderUrl + ".acl.json";

    Credentials creds = new UsernamePasswordCredentials("admin", "admin");
    String json = H.getAuthenticatedContent(creds, getUrl, HttpTest.CONTENT_TYPE_JSON, null, HttpServletResponse.SC_OK);
    assertNotNull(json);
   
                JSONObject jsonObject = new JSONObject(json);
                assertEquals(2, jsonObject.length());

                JSONObject group = jsonObject.getJSONObject(testGroupId);
                assertNotNull(group);
                assertEquals(testGroupId, group.getString("principal"));
                assertEquals(0, group.getInt("order"));
                JSONObject user =  jsonObject.getJSONObject(testUserId);
                assertNotNull(user);
                assertEquals(testUserId, user.getString("principal"));
                assertEquals(1, user.getInt("order"));

 

 
  /**
   * Helper to create a test folder with a single ACE pre-created
   */
  private void createAceOrderTestFolderWithOneAce() throws IOException, JSONException {
    testUserId = H.createTestUser();
   
    testFolderUrl = H.createTestFolder();

    addOrUpdateAce(testFolderUrl, testUserId, true, null);

    //fetch the JSON for the acl to verify the settings.
    String getUrl = testFolderUrl + ".acl.json";

    Credentials creds = new UsernamePasswordCredentials("admin", "admin");
    String json = H.getAuthenticatedContent(creds, getUrl, HttpTest.CONTENT_TYPE_JSON, null, HttpServletResponse.SC_OK);
    assertNotNull(json);
   
                JSONObject jsonObject = new JSONObject(json);
                assertEquals(1, jsonObject.length());

                JSONObject user = jsonObject.getJSONObject(testUserId);
                assertNotNull(user);
                assertEquals(testUserId, user.getString("principal"));
                assertEquals(0, user.getInt("order"));

  }
 
  /**
   * Helper to add or update an ace for testing
   */
  private void addOrUpdateAce(String folderUrl, String principalId, boolean readGranted, String order) throws IOException, JSONException {
        String postUrl = folderUrl + ".modifyAce.html";

    //1. create an initial set of privileges
    List<NameValuePair> postParams = new ArrayList<NameValuePair>();
    postParams.add(new NameValuePair("principalId", principalId));
    postParams.add(new NameValuePair("privilege@jcr:read", readGranted ? "granted" : "denied"));
    postParams.add(new NameValuePair("privilege@jcr:write", "denied"));
    if (order != null) {
      postParams.add(new NameValuePair("order", order));
    }
   
    Credentials creds = new UsernamePasswordCredentials("admin", "admin");
    H.assertAuthenticatedPostStatus(creds, postUrl, HttpServletResponse.SC_OK, postParams, null);
  }
 
  /**
   * Test for SLING-1677
   */
  @Test
  public void testModifyAceResponseAsJSON() throws IOException, JSONException {
    testUserId = H.createTestUser();
   
    testFolderUrl = H.createTestFolder();
   
        String postUrl = testFolderUrl + ".modifyAce.json";

    List<NameValuePair> postParams = new ArrayList<NameValuePair>();
    postParams.add(new NameValuePair("principalId", testUserId));
    postParams.add(new NameValuePair("privilege@jcr:read", "granted"));
    postParams.add(new NameValuePair("privilege@jcr:write", "denied"));
    postParams.add(new NameValuePair("privilege@jcr:modifyAccessControl", "bogus")); //invalid value should be ignored.
   
    Credentials creds = new UsernamePasswordCredentials("admin", "admin");
    String json = H.getAuthenticatedPostContent(creds, postUrl, HttpTest.CONTENT_TYPE_JSON, postParams, HttpServletResponse.SC_OK);

        //make sure the json response can be parsed as a JSON object
        JSONObject jsonObject = new JSONObject(json);
    assertNotNull(jsonObject);
  }
 
 
  /**
   * Test for SLING-3010
   */
  @Test
  public void testMergeAceForUserGrantNestedAggregatePrivilegeAfterDenySuperAggregatePrivilege() throws IOException, JSONException {
    testUserId = H.createTestUser();
   
    testFolderUrl = H.createTestFolder();
   
        String postUrl = testFolderUrl + ".modifyAce.json";

        //1. setup an initial set of denied privileges for the test user
        List<NameValuePair> postParams = new ArrayList<NameValuePair>();
    postParams.add(new NameValuePair("principalId", testUserId));
    postParams.add(new NameValuePair("privilege@jcr:versionManagement", "denied"));
    postParams.add(new NameValuePair("privilege@jcr:read", "denied"));
    postParams.add(new NameValuePair("privilege@jcr:modifyAccessControl", "denied"));
    postParams.add(new NameValuePair("privilege@rep:write", "denied"));
   
    Credentials creds = new UsernamePasswordCredentials("admin", "admin");
    /*String json = */H.getAuthenticatedPostContent(creds, postUrl, HttpTest.CONTENT_TYPE_JSON, postParams, HttpServletResponse.SC_OK);

   
        //2. now grant the jcr:write subset from the rep:write aggregate privilege
    postParams = new ArrayList<NameValuePair>();
    postParams.add(new NameValuePair("principalId", testUserId));
    postParams.add(new NameValuePair("privilege@jcr:versionManagement", "granted"));
    postParams.add(new NameValuePair("privilege@jcr:read", "granted"));
    postParams.add(new NameValuePair("privilege@jcr:modifyAccessControl", "granted"));
    postParams.add(new NameValuePair("privilege@jcr:write", "granted")); //sub-aggregate of rep:write 
   
    /*String json = */H.getAuthenticatedPostContent(creds, postUrl, HttpTest.CONTENT_TYPE_JSON, postParams, HttpServletResponse.SC_OK);
   
    //3. verify that the acl has the correct values
    //fetch the JSON for the acl to verify the settings.
    String getUrl = testFolderUrl + ".acl.json";

    String json = H.getAuthenticatedContent(creds, getUrl, HttpTest.CONTENT_TYPE_JSON, null, HttpServletResponse.SC_OK);
    assertNotNull(json);
   
    JSONObject jsonObject = new JSONObject(json);
    assertEquals(1, jsonObject.length());
   
    JSONObject aceObject = jsonObject.optJSONObject(testUserId);
    assertNotNull(aceObject);
   
    assertEquals(testUserId, aceObject.optString("principal"));
   
    JSONArray grantedArray = aceObject.getJSONArray("granted");
    assertNotNull(grantedArray);
    assertEquals(4, grantedArray.length());
    Set<String> grantedPrivilegeNames = new HashSet<String>();
    for (int i=0; i < grantedArray.length(); i++) {
      grantedPrivilegeNames.add(grantedArray.getString(i));
    }
    H.assertPrivilege(grantedPrivilegeNames, true, "jcr:versionManagement");
    H.assertPrivilege(grantedPrivilegeNames, true, "jcr:read");
    H.assertPrivilege(grantedPrivilegeNames, true, "jcr:modifyAccessControl");
    H.assertPrivilege(grantedPrivilegeNames, true, "jcr:write");

    JSONArray deniedArray = aceObject.getJSONArray("denied");
    assertNotNull(deniedArray);
    assertEquals(1, deniedArray.length());
    Set<String> deniedPrivilegeNames = new HashSet<String>();
    for (int i=0; i < deniedArray.length(); i++) {
      deniedPrivilegeNames.add(deniedArray.getString(i));
    }
    //the leftovers from the denied rep:write that were not granted with jcr:write
    H.assertPrivilege(deniedPrivilegeNames, true, "jcr:nodeTypeManagement");
  }

  /**
   * Test for SLING-3010
   */
  @Test
  public void testMergeAceForUserGrantAggregatePrivilegePartsAfterDenyAggregatePrivilege() throws IOException, JSONException {
    testUserId = H.createTestUser();
   
    testFolderUrl = H.createTestFolder();
   
        String postUrl = testFolderUrl + ".modifyAce.json";

        //1. setup an initial set of denied privileges for the test user
        List<NameValuePair> postParams = new ArrayList<NameValuePair>();
    postParams.add(new NameValuePair("principalId", testUserId));
    postParams.add(new NameValuePair("privilege@jcr:versionManagement", "denied"));
    postParams.add(new NameValuePair("privilege@jcr:read", "denied"));
    postParams.add(new NameValuePair("privilege@jcr:modifyAccessControl", "denied"));
    postParams.add(new NameValuePair("privilege@rep:write", "denied"));
   
    Credentials creds = new UsernamePasswordCredentials("admin", "admin");
    /*String json = */H.getAuthenticatedPostContent(creds, postUrl, HttpTest.CONTENT_TYPE_JSON, postParams, HttpServletResponse.SC_OK);

        //2. now grant the all the privileges contained in the rep:write privilege
    postParams = new ArrayList<NameValuePair>();
    postParams.add(new NameValuePair("principalId", testUserId));
    postParams.add(new NameValuePair("privilege@jcr:versionManagement", "granted"));
    postParams.add(new NameValuePair("privilege@jcr:read", "granted"));
    postParams.add(new NameValuePair("privilege@jcr:modifyAccessControl", "granted"));
    postParams.add(new NameValuePair("privilege@jcr:nodeTypeManagement", "granted")); //sub-privilege of rep:write 
    postParams.add(new NameValuePair("privilege@jcr:write", "granted")); //sub-aggregate of rep:write 
   
    /*String json = */H.getAuthenticatedPostContent(creds, postUrl, HttpTest.CONTENT_TYPE_JSON, postParams, HttpServletResponse.SC_OK);
   
    //3. verify that the acl has the correct values
    //fetch the JSON for the acl to verify the settings.
    String getUrl = testFolderUrl + ".acl.json";

    String json = H.getAuthenticatedContent(creds, getUrl, HttpTest.CONTENT_TYPE_JSON, null, HttpServletResponse.SC_OK);
    assertNotNull(json);
   
    JSONObject jsonObject = new JSONObject(json);
    assertEquals(1, jsonObject.length());
   
    JSONObject aceObject = jsonObject.optJSONObject(testUserId);
    assertNotNull(aceObject);
   
    assertEquals(testUserId, aceObject.optString("principal"));
   
    JSONArray grantedArray = aceObject.getJSONArray("granted");
    assertNotNull(grantedArray);
    Set<String> grantedPrivilegeNames = new HashSet<String>();
    for (int i=0; i < grantedArray.length(); i++) {
      grantedPrivilegeNames.add(grantedArray.getString(i));
    }
    H.assertPrivilege(grantedPrivilegeNames, true, "jcr:versionManagement");
    H.assertPrivilege(grantedPrivilegeNames, true, "jcr:read");
    H.assertPrivilege(grantedPrivilegeNames, true, "jcr:modifyAccessControl");
    H.assertPrivilege(grantedPrivilegeNames, true, "rep:write"); //jcr:nodeTypeManagement + jcr:write
        assertEquals("Expecting the correct number of privileges in " + grantedPrivilegeNames, 4, grantedPrivilegeNames.size());

    //should be nothing left in the denied set.
    JSONArray deniedArray = aceObject.optJSONArray("denied");
    assertNull(deniedArray);
  }
 
}
TOP

Related Classes of org.apache.sling.launchpad.webapp.integrationtest.accessManager.ModifyAceTest

TOP
Copyright © 2018 www.massapi.com. All rights reserved.
All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.