### Eclipse Workspace Patch 1.0 #P oak Index: oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/RootImplWithACLTest.java =================================================================== --- oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/RootImplWithACLTest.java (revision 0) +++ oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/RootImplWithACLTest.java (revision 0) @@ -0,0 +1,114 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.jackrabbit.oak.security.authorization; + +import static org.apache.jackrabbit.JcrConstants.NT_UNSTRUCTURED; +import static org.junit.Assert.assertNotNull; + +import java.security.Principal; +import java.security.PrivilegedActionException; +import java.util.Collections; +import java.util.Set; +import javax.jcr.NoSuchWorkspaceException; +import javax.jcr.RepositoryException; +import javax.jcr.SimpleCredentials; +import javax.jcr.security.AccessControlManager; +import javax.security.auth.login.LoginException; +import org.apache.jackrabbit.api.security.JackrabbitAccessControlList; +import org.apache.jackrabbit.api.security.user.User; +import org.apache.jackrabbit.commons.jackrabbit.authorization.AccessControlUtils; +import org.apache.jackrabbit.oak.AbstractSecurityTest; +import org.apache.jackrabbit.oak.api.CommitFailedException; +import org.apache.jackrabbit.oak.api.ContentSession; +import org.apache.jackrabbit.oak.api.Root; +import org.apache.jackrabbit.oak.api.TreeLocation; +import org.apache.jackrabbit.oak.security.authorization.permission.PermissionConstants; +import org.apache.jackrabbit.oak.security.privilege.PrivilegeConstants; +import org.apache.jackrabbit.oak.spi.security.authorization.restriction.Restriction; +import org.apache.jackrabbit.oak.util.NodeUtil; +import org.junit.Before; +import org.junit.Test; + +public class RootImplWithACLTest extends AbstractSecurityTest implements PermissionConstants{ + + private String userId = "test"; + private Principal userPrincipal; + + @Before + @Override + public void before() throws Exception { + super.before(); + + User user = getUserManager().createUser(userId, userId); + userPrincipal = user.getPrincipal();; + + NodeUtil rootNode = new NodeUtil(root.getTree("/")); + + NodeUtil testNode = rootNode.addChild("nodeName1", NT_UNSTRUCTURED); + testNode.setString("propName1", "strValue"); + NodeUtil testNode2 = testNode.addChild("nodeName2", NT_UNSTRUCTURED); + testNode2.setString("propName2", "strValue"); + NodeUtil testNode3 = testNode.addChild("nodeName3", NT_UNSTRUCTURED); + testNode3.setString("propName3", "strValue"); + root.commit(); + } + + private void setupPermission(Principal principal, String path, boolean isAllow, + int index, String privilegeName) throws CommitFailedException, RepositoryException { + setupPermission(principal, path, isAllow, index, privilegeName, Collections.emptySet()); + } + + private void setupPermission(Principal principal, String path, boolean isAllow, + int index, String privilegeName, Set restrictions) throws CommitFailedException, RepositoryException { + + AccessControlManager acMgr = getAccessControlManager(root); + JackrabbitAccessControlList acl = AccessControlUtils.getAccessControlList(acMgr, path); + acl.addEntry(principal,AccessControlUtils.privilegesFromNames(acMgr, privilegeName) , isAllow); + acMgr.setPolicy(path, acl); + root.commit(); + } + + private ContentSession createContentSession(final String username) throws LoginException, NoSuchWorkspaceException, PrivilegedActionException { + return login(new SimpleCredentials(userId, userId.toCharArray())); + } + + @Test + public void testGetLocation() throws CommitFailedException, LoginException, PrivilegedActionException, RepositoryException{ + setupPermission(userPrincipal, "/", true, 0, PrivilegeConstants.JCR_ALL); + setupPermission(userPrincipal, "/nodeName1", false, 0, PrivilegeConstants.JCR_READ); + setupPermission(userPrincipal, "/nodeName1/nodeName3", true, 0, PrivilegeConstants.JCR_ALL); + ContentSession session = createContentSession(userId); + Root rootTestUser = session.getLatestRoot(); + TreeLocation treeLocation= rootTestUser.getLocation("/nodeName1/nodeName3"); + assertNotNull( treeLocation.getTree()); + + } + + + @Test + public void testGetTree() throws CommitFailedException, LoginException, PrivilegedActionException, RepositoryException{ + setupPermission(userPrincipal, "/", true, 0, PrivilegeConstants.JCR_ALL); + setupPermission(userPrincipal, "/nodeName1", false, 0, PrivilegeConstants.JCR_READ); + setupPermission(userPrincipal, "/nodeName1/nodeName3", true, 0, PrivilegeConstants.JCR_ALL); + ContentSession session = createContentSession(userId); + Root rootTestUser = session.getLatestRoot(); + assertNotNull(rootTestUser.getTree("/nodeName1/nodeName3")); + } + + + +} Index: oak-core/src/test/java/org/apache/jackrabbit/oak/AbstractSecurityTest.java =================================================================== --- oak-core/src/test/java/org/apache/jackrabbit/oak/AbstractSecurityTest.java (revision 1463955) +++ oak-core/src/test/java/org/apache/jackrabbit/oak/AbstractSecurityTest.java (working copy) @@ -20,9 +20,11 @@ import javax.jcr.Credentials; import javax.jcr.NoSuchWorkspaceException; import javax.jcr.SimpleCredentials; +import javax.jcr.security.AccessControlManager; import javax.security.auth.login.Configuration; import javax.security.auth.login.LoginException; +import org.apache.jackrabbit.api.security.JackrabbitAccessControlManager; import org.apache.jackrabbit.api.security.user.UserManager; import org.apache.jackrabbit.oak.api.ContentRepository; import org.apache.jackrabbit.oak.api.ContentSession; @@ -36,6 +38,7 @@ import org.apache.jackrabbit.oak.spi.security.ConfigurationParameters; import org.apache.jackrabbit.oak.spi.security.SecurityProvider; import org.apache.jackrabbit.oak.spi.security.authentication.ConfigurationUtil; +import org.apache.jackrabbit.oak.spi.security.authorization.permission.PermissionProvider; import org.apache.jackrabbit.oak.spi.security.user.UserConfiguration; import org.apache.jackrabbit.oak.spi.security.user.util.UserUtility; import org.junit.After; @@ -108,4 +111,14 @@ } return userManager; } + + protected JackrabbitAccessControlManager getAccessControlManager(Root root) { + PermissionProvider pp = null; // TODO + AccessControlManager acMgr = securityProvider.getAccessControlConfiguration().getAccessControlManager(root, NamePathMapper.DEFAULT, pp); + if (acMgr instanceof JackrabbitAccessControlManager) { + return (JackrabbitAccessControlManager) acMgr; + } else { + throw new UnsupportedOperationException("Expected JackrabbitAccessControlManager found " + acMgr.getClass()); + } + } } Index: oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/AbstractAccessControlTest.java =================================================================== --- oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/AbstractAccessControlTest.java (revision 1466010) +++ oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/AbstractAccessControlTest.java (working copy) @@ -66,16 +66,6 @@ return privs; } - protected JackrabbitAccessControlManager getAccessControlManager(Root root) { - PermissionProvider pp = null; // TODO - AccessControlManager acMgr = securityProvider.getAccessControlConfiguration().getAccessControlManager(root, NamePathMapper.DEFAULT, pp); - if (acMgr instanceof JackrabbitAccessControlManager) { - return (JackrabbitAccessControlManager) acMgr; - } else { - throw new UnsupportedOperationException("Expected JackrabbitAccessControlManager found " + acMgr.getClass()); - } - } - protected RestrictionProvider getRestrictionProvider() { if (restrictionProvider == null) { restrictionProvider = getSecurityProvider().getAccessControlConfiguration().getRestrictionProvider(getNamePathMapper());