### Eclipse Workspace Patch 1.0 #P oak-core Index: src/test/java/org/apache/jackrabbit/oak/security/authorization/evaluation/TreeTest.java =================================================================== --- src/test/java/org/apache/jackrabbit/oak/security/authorization/evaluation/TreeTest.java (revision 1548041) +++ src/test/java/org/apache/jackrabbit/oak/security/authorization/evaluation/TreeTest.java (working copy) @@ -23,6 +23,7 @@ import org.apache.jackrabbit.oak.api.PropertyState; import org.apache.jackrabbit.oak.api.Root; import org.apache.jackrabbit.oak.api.Tree; +import org.apache.jackrabbit.oak.plugins.memory.StringPropertyState; import org.apache.jackrabbit.oak.spi.security.authorization.accesscontrol.AccessControlConstants; import org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeConstants; import org.junit.Before; @@ -31,12 +32,12 @@ import static org.junit.Assert.assertEquals; import static org.junit.Assert.assertFalse; import static org.junit.Assert.assertNotNull; +import static org.junit.Assert.assertNull; import static org.junit.Assert.assertTrue; public class TreeTest extends AbstractOakCoreTest { - // TODO: add tests for acls withs restrictions - // TODO: add tests with READ_PROPERTIES and READ_NODES privileges + // TODO: add tests READ_NODES privileges private Root testRoot; @@ -46,7 +47,9 @@ setupPermission("/", testPrincipal, true, PrivilegeConstants.JCR_READ); setupPermission("/a/bb", testPrincipal, false, PrivilegeConstants.JCR_READ); - + setupPermission("/a/b/d", testPrincipal, false, PrivilegeConstants.REP_READ_PROPERTIES ); + setupPermission("/a/b/e", testPrincipal, "/*", false,PrivilegeConstants.JCR_READ ); + testRoot = getTestRoot(); } @@ -111,12 +114,22 @@ @Test public void testHasProperty() throws Exception { - // TODO + Tree a = testRoot.getTree("/a"); + assertTrue(a.hasProperty("aProp")); + assertFalse(a.hasProperty("nonExistingaProp")); + + Tree d = a.getChild("b").getChild("d"); + assertFalse(d.hasProperty("dProp")); } @Test public void testGetProperty() throws Exception { - // TODO + Tree a = testRoot.getTree("/a"); + assertNotNull(a.getProperty("aProp")); + assertNull(a.getProperty("nonExistingaProp")); + + Tree d = a.getChild("b").getChild("d"); + assertNull(d.getProperty("dProp")); } @Test @@ -135,11 +148,35 @@ @Test public void testGetPropertyCount() throws Exception { - // TODO + long cntA = root.getTree("/a").getPropertyCount(); + long cntC = root.getTree("/a/b/c").getPropertyCount(); + + Tree a = testRoot.getTree("/a"); + assertEquals(cntA, a.getPropertyCount()); + + Tree c = a.getChild("b").getChild("c"); + assertEquals(cntC, c.getPropertyCount()); + + Tree d = a.getChild("b").getChild("d"); + assertEquals(0, d.getPropertyCount()); } @Test public void testGetProperties() throws Exception { - // TODO + List properties = + ImmutableList.of(new StringPropertyState("aProp","aValue"), + new StringPropertyState("aProp2","aValue2"), + new StringPropertyState("jcr:primaryType","nt:unstructured")); + + assertEquals(properties.toString(), testRoot.getTree("/a").getProperties().toString()); + } + + @Test + public void testWithRestrictions() throws Exception { + Tree a = testRoot.getTree("/a"); + + Tree e = a.getChild("b").getChild("e"); + assertTrue(e.exists()); + assertFalse(e.hasProperty("eProp")); } } Index: src/test/java/org/apache/jackrabbit/oak/security/authorization/evaluation/AbstractOakCoreTest.java =================================================================== --- src/test/java/org/apache/jackrabbit/oak/security/authorization/evaluation/AbstractOakCoreTest.java (revision 1548041) +++ src/test/java/org/apache/jackrabbit/oak/security/authorization/evaluation/AbstractOakCoreTest.java (working copy) @@ -17,11 +17,16 @@ package org.apache.jackrabbit.oak.security.authorization.evaluation; import java.security.Principal; +import java.util.Collections; +import java.util.Map; + import javax.annotation.Nonnull; import javax.annotation.Nullable; +import javax.jcr.Value; import javax.jcr.security.AccessControlManager; import javax.jcr.security.AccessControlPolicy; - +import org.apache.jackrabbit.oak.namepath.NamePathMapper; +import org.apache.jackrabbit.oak.plugins.value.ValueFactoryImpl; import org.apache.jackrabbit.api.security.JackrabbitAccessControlList; import org.apache.jackrabbit.commons.jackrabbit.authorization.AccessControlUtils; import org.apache.jackrabbit.oak.AbstractSecurityTest; @@ -53,6 +58,7 @@ NodeUtil rootNode = new NodeUtil(root.getTree("/")); NodeUtil a = rootNode.addChild("a", NT_UNSTRUCTURED); a.setString("aProp", "aValue"); + a.setString("aProp2", "aValue2"); NodeUtil b = a.addChild("b", NT_UNSTRUCTURED); b.setString("bProp", "bValue"); @@ -62,6 +68,13 @@ NodeUtil c = b.addChild("c", NT_UNSTRUCTURED); c.setString("cProp", "cValue"); + + NodeUtil d = b.addChild("d", NT_UNSTRUCTURED); + d.setString("dProp", "dValue"); + + NodeUtil e = b.addChild("e", NT_UNSTRUCTURED); + e.setString("eProp", "eValue"); + root.commit(); } @@ -117,7 +130,46 @@ @Nonnull Principal principal, boolean isAllow, @Nonnull String... privilegeNames) throws Exception { - setupPermission(root, path, principal, isAllow, privilegeNames); + setupPermission(path, principal, null,isAllow, privilegeNames); + } + + /** + * Same as {@link #setupPermission(org.apache.jackrabbit.oak.api.Root, String, java.security.Principal, boolean, String...)} + * where the specified root is the current root associated with the admin + * session created in the test setup. + * + * @param path The path of the access controlled tree. + * @param principal The principal for which new ACE is being created. + * @param globValue The given globValue + * @param isAllow {@code true} if privileges are granted; {@code false} otherwise. + * @param privilegeNames The privilege names. + * @throws Exception If an error occurs. + */ + protected void setupPermission(@Nullable String path, + @Nonnull Principal principal, + String globValue, + boolean isAllow, + @Nonnull String... privilegeNames) throws Exception { + setupPermission(root, path, principal, globValue, isAllow, privilegeNames); + } + + /** + * Setup simple allow/deny permissions (without restrictions). + * + * @param root The editing root. + * @param path The path of the access controlled tree. + * @param principal The principal for which new ACE is being created. + * @param isAllow {@code true} if privileges are granted; {@code false} otherwise. + * @param privilegeNames The privilege names. + * @throws Exception If an error occurs. + */ + protected void setupPermission(@Nonnull Root root, + @Nullable String path, + @Nonnull Principal principal, + boolean isAllow, + @Nonnull String... privilegeNames) throws Exception { + setupPermission(root, path, principal, null, isAllow, privilegeNames); + } /** @@ -126,6 +178,7 @@ * @param root The editing root. * @param path The path of the access controlled tree. * @param principal The principal for which new ACE is being created. + * @param globValue The given globValue * @param isAllow {@code true} if privileges are granted; {@code false} otherwise. * @param privilegeNames The privilege names. * @throws Exception If an error occurs. @@ -133,11 +186,19 @@ protected void setupPermission(@Nonnull Root root, @Nullable String path, @Nonnull Principal principal, + String globValue, boolean isAllow, @Nonnull String... privilegeNames) throws Exception { AccessControlManager acMgr = getAccessControlManager(root); JackrabbitAccessControlList acl = checkNotNull(AccessControlUtils.getAccessControlList(acMgr, path)); - acl.addEntry(principal, AccessControlUtils.privilegesFromNames(acMgr, privilegeNames), isAllow); + + Map restrictions = null; + + if (globValue!=null){ + restrictions = Collections.singletonMap("rep:glob", new ValueFactoryImpl(root, NamePathMapper.DEFAULT).createValue(globValue)); + } + + acl.addEntry(principal, AccessControlUtils.privilegesFromNames(acMgr, privilegeNames), isAllow,restrictions); acMgr.setPolicy(path, acl); root.commit(); }