Google Git
Sign in
apache / chemistry-opencmis / 869dcb3abd8eb9b50e56996cfb04b8ecb7d87bb2 / . / trunk / chemistry-opencmis-server / chemistry-opencmis-server-inmemory / src / test / java / org / apache / chemistry / opencmis / inmemory / AclServiceTest.java
blob: eeb6c403a3580922aac602432e7b70cb352a3431 [file] [log] [blame]
/*
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. The ASF licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
package org.apache.chemistry.opencmis.inmemory;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertFalse;
import static org.junit.Assert.assertNotNull;
import static org.junit.Assert.assertTrue;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.List;
import org.apache.chemistry.opencmis.commons.data.Ace;
import org.apache.chemistry.opencmis.commons.data.Acl;
import org.apache.chemistry.opencmis.commons.data.ObjectData;
import org.apache.chemistry.opencmis.commons.enums.AclPropagation;
import org.apache.chemistry.opencmis.commons.enums.IncludeRelationships;
import org.apache.chemistry.opencmis.commons.enums.VersioningState;
import org.apache.chemistry.opencmis.commons.impl.jaxb.EnumBasicPermissions;
import org.apache.chemistry.opencmis.inmemory.ObjectServiceTest.ObjectTestTypeSystemCreator;
import org.apache.chemistry.opencmis.inmemory.storedobj.impl.InMemoryAce;
import org.apache.chemistry.opencmis.inmemory.types.DocumentTypeCreationHelper;
import org.junit.After;
import org.junit.Before;
import org.junit.Test;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
public class AclServiceTest extends AbstractServiceTest {
private static final Logger LOG = LoggerFactory.getLogger(AclServiceTest.class);
private ObjectCreator fCreator;
private static final String DOCUMENT_NAME = "DocumentWithAcl";
private static final String FOLDER_NAME = "FolderWithAcl";
private static final String DOCUMENT_TYPE_ID = DocumentTypeCreationHelper.getCmisDocumentType().getId();
private static final String FOLDER_TYPE_ID = DocumentTypeCreationHelper.getCmisFolderType().getId();
private static final String USER = "user";
private static final String ALICE = "alice";
private static final String BOB = "bob";
private static final String CHRIS = "chris";
private static final String DAN = "dan";
private Acl defaultAcl = null;
@Override
@Before
public void setUp() {
super.setTypeCreatorClass(ObjectTestTypeSystemCreator.class.getName());
super.setUp();
fCreator = new ObjectCreator(fFactory, fObjSvc, fRepositoryId);
List<Ace> defaultACEs = new ArrayList<Ace>(1);
defaultACEs.add(fFactory.createAccessControlEntry(InMemoryAce.getAnyoneUser(),
Collections.singletonList(EnumBasicPermissions.CMIS_ALL.value())));
defaultAcl = fFactory.createAccessControlList(defaultACEs);
}
@Override
@After
public void tearDown() {
super.tearDown();
}
@Test
public void testCreateDocumentWithAcl() {
LOG.info("starting testCreateDocumentWithAcl() ...");
Acl removeAces = defaultAcl;
Acl acl = createSimpleTestAcl();
String id = createDocument(fRootFolderId, acl, removeAces);
LOG.debug("created document with id: " + id);
// get ACL using AclService
Acl aclReturn = fAclSvc.getAcl(fRepositoryId, id, true, null);
checkSimpleTestAcl(acl, aclReturn);
// get ACL using ObjectService getObject
ObjectData objData = fObjSvc.getObject(fRepositoryId, id, "*", false, IncludeRelationships.NONE, null, false,
true, null);
checkSimpleTestAcl(acl, aclReturn);
// get ACL using ObjectService getObjectByPath
objData = fObjSvc.getObjectByPath(fRepositoryId, "/" + DOCUMENT_NAME, "*", false, IncludeRelationships.NONE,
null, false, true, null);
assertNotNull(objData);
aclReturn = objData.getAcl();
checkSimpleTestAcl(acl, aclReturn);
LOG.info("... testCreateDocumentWithAcl() finished.");
}
@Test
public void testCreateFolderWithAcl() {
LOG.info("starting testCreateFolderWithAcl() ...");
Acl removeAces = defaultAcl;
Acl acl = createSimpleTestAcl();
String id = createFolder(fRootFolderId, acl, removeAces);
LOG.debug("created folder with id: " + id);
// get ACL using AclService
Acl aclReturn = fAclSvc.getAcl(fRepositoryId, id, true, null);
checkSimpleTestAcl(acl, aclReturn);
// get ACL using ObjectService getObject
ObjectData objData = fObjSvc.getObject(fRepositoryId, id, "*", false, IncludeRelationships.NONE, null, false,
true, null);
checkSimpleTestAcl(acl, aclReturn);
// get ACL using ObjectService getObjectByPath
objData = fObjSvc.getObjectByPath(fRepositoryId, "/" + FOLDER_NAME, "*", false, IncludeRelationships.NONE,
null, false, true, null);
assertNotNull(objData);
aclReturn = objData.getAcl();
checkSimpleTestAcl(acl, aclReturn);
LOG.info("... testCreateFolderWithAcl() finished.");
}
@Test
public void testApplyAcl() {
LOG.info("starting testApplyAcl() ...");
Acl acl = createSimpleTestAcl();
String id = createDocument(fRootFolderId, null, null);
LOG.debug("created document with id: " + id);
// apply absolute ACL using AclService
Acl acl1 = fAclSvc.applyAcl(fRepositoryId, id, acl, defaultAcl, AclPropagation.OBJECTONLY, null);
checkSimpleTestAcl(acl, acl1);
// get ACL using AclService
Acl aclReturn = fAclSvc.getAcl(fRepositoryId, id, true, null);
checkSimpleTestAcl(acl, aclReturn);
LOG.info("... testApplyAcl() finished.");
}
@Test
public void testAddRemoveAcl() {
LOG.info("starting testAddRemoveAcl() ...");
Acl acl = createAdvancedTestAcl();
String id = createDocument(fRootFolderId, acl, defaultAcl);
LOG.debug("created document with id: " + id);
Acl aclAdd = createAclAdd();
Acl aclRemove = createAclRemove();
// apply absolute ACL using AclService
Acl aclReturn = fAclSvc.applyAcl(fRepositoryId, id, aclAdd, aclRemove, AclPropagation.OBJECTONLY, null);
checkAclAfterAddRemove(aclReturn);
LOG.info("... testAddRemoveAcl() finished.");
}
@Test
public void testAddRemoveDuplicatedAcl() {
final String DOCUMENT_NAME_1 = "DocumentWithAcl-1";
final String DOCUMENT_NAME_2 = "DocumentWithAcl-2";
LOG.info("starting testAddRemoveDuplicatedAcl() ...");
Acl acl = createAdvancedTestAcl();
String id1 = createDocument(DOCUMENT_NAME_1, fRootFolderId, acl, defaultAcl);
String id2 = createDocument(DOCUMENT_NAME_2, fRootFolderId, acl, defaultAcl);
// // modify ACL of first doc
// List<Ace> acesRemove = Arrays.asList(new Ace[] {
// createAce(BOB, EnumBasicPermissions.CMIS_WRITE.value()),
// });
// Acl aclRemove = new AccessControlListImpl(acesRemove);
// List<Ace> acesAdd = Arrays.asList(new Ace[] {
// createAce(DAN, EnumBasicPermissions.CMIS_WRITE.value()),
// });
// Acl aclAdd = new AccessControlListImpl(acesAdd);
Acl aclAdd = createAclAdd();
Acl aclRemove = createAclRemove();
Acl aclReturn = fAclSvc.applyAcl(fRepositoryId, id1, aclAdd, aclRemove, AclPropagation.OBJECTONLY, null);
checkAclAfterAddRemove(aclReturn);
// Ensure that ACL of second doc is unchanged
aclReturn = fAclSvc.getAcl(fRepositoryId, id2, true, null);
checkAdvancedTestAcl(acl, aclReturn);
LOG.info("... testAddRemoveDuplicatedAcl() finished.");
}
@Test
public void testApplyAclRecursiveSimple() {
LOG.info("starting testApplyAclRecursiveSimple() ...");
Acl acl = createSimpleTestAcl();
String[] ids = createHierarchy(acl, defaultAcl);
fAclSvc.applyAcl(fRepositoryId, ids[0], acl, null, AclPropagation.PROPAGATE, null);
checkAclRecursiveSimple(ids, acl);
LOG.info("... testApplyAclRecursiveSimple() finished.");
}
@Test
public void testApplyAclRecursiveIncremental() {
LOG.info("starting testApplyAclRecursiveIncremental() ...");
Acl acl = createAdvancedTestAcl();
String[] ids = createHierarchy(acl, defaultAcl);
Acl aclRemove = createAclRemove();
Acl aclAdd = createAclAdd();
Acl aclReturn = fAclSvc.applyAcl(fRepositoryId, ids[0], aclAdd, aclRemove, AclPropagation.PROPAGATE, null);
checkAclAfterAddRemove(aclReturn);
for (String id : ids) {
aclReturn = fAclSvc.getAcl(fRepositoryId, id, true, null);
checkAclAfterAddRemove(aclReturn);
}
LOG.info("... testApplyAclRecursiveIncremental() finished.");
}
@Test
public void testRemoveAllAcls() {
LOG.info("starting testRemoveAllAcls() ...");
Acl acl = createAdvancedTestAcl();
String id = createDocument(fRootFolderId, acl, defaultAcl);
LOG.debug("created document with id: " + id);
Acl aclReturn = fAclSvc.applyAcl(fRepositoryId, id, null, acl, AclPropagation.OBJECTONLY, null);
assertNotNull(aclReturn);
assertEquals(1, aclReturn.getAces().size());
assertTrue(aclHasPermission(aclReturn, "anyone", EnumBasicPermissions.CMIS_ALL.value()));
LOG.info("... testRemoveAllAcls() finished.");
}
private String createDocument(String name, String folderId, Acl addAces, Acl removeAces) {
return createDocumentNoCatch(name, folderId, DOCUMENT_TYPE_ID, VersioningState.NONE, false, addAces, removeAces);
}
private String createDocument(String folderId, Acl addAces, Acl removeAces) {
return createDocumentNoCatch(DOCUMENT_NAME, folderId, DOCUMENT_TYPE_ID, VersioningState.NONE, false, addAces,
removeAces);
}
private String createFolder(String folderId, Acl addAces, Acl removeAces) {
return createFolderNoCatch(FOLDER_NAME, folderId, FOLDER_TYPE_ID, addAces, removeAces);
}
private String[] createHierarchy(Acl addAces, Acl removeAces) {
String result[] = new String[6];
String rootFolderId = createFolderNoCatch(FOLDER_NAME, fRootFolderId, FOLDER_TYPE_ID, addAces, removeAces);
result[0] = rootFolderId;
result[1] = createDocument(DOCUMENT_NAME + "-1", rootFolderId, addAces, removeAces);
result[2] = createDocument(DOCUMENT_NAME + "-2", rootFolderId, addAces, removeAces);
String subFolderId = createFolderNoCatch(FOLDER_NAME, rootFolderId, FOLDER_TYPE_ID, addAces, removeAces);
result[3] = subFolderId;
result[4] = createDocument(DOCUMENT_NAME + "-1", subFolderId, addAces, removeAces);
result[5] = createDocument(DOCUMENT_NAME + "-2", subFolderId, addAces, removeAces);
return result;
}
private void checkAclRecursiveSimple(String[] ids, Acl acl) {
// get ACL using ObjectService getObject
for (String id : ids) {
ObjectData objData = fObjSvc.getObject(fRepositoryId, id, "*", false, IncludeRelationships.NONE, null,
false, true, null);
checkSimpleTestAcl(acl, objData.getAcl());
}
}
private Acl createSimpleTestAcl() {
List<Ace> aces = Arrays.asList(new Ace[] { createAce(USER, EnumBasicPermissions.CMIS_READ.value()) });
return fFactory.createAccessControlList(aces);
}
private void checkSimpleTestAcl(Acl acl, Acl aclReturn) {
assertNotNull(aclReturn);
assertEquals(acl.getAces().size(), aclReturn.getAces().size());
assertTrue(aclHasPermission(aclReturn, USER, EnumBasicPermissions.CMIS_READ.value()));
}
private Acl createAdvancedTestAcl() {
List<Ace> aces = Arrays.asList(new Ace[] { createAce(ALICE, EnumBasicPermissions.CMIS_READ.value()),
createAce(BOB, EnumBasicPermissions.CMIS_WRITE.value()),
createAce(CHRIS, EnumBasicPermissions.CMIS_ALL.value()), });
return fFactory.createAccessControlList(aces);
}
private Acl createAclAdd() {
List<Ace> acesAdd = Arrays.asList(new Ace[] { createAce(DAN, EnumBasicPermissions.CMIS_WRITE.value()), });
return fFactory.createAccessControlList(acesAdd);
}
private Acl createAclRemove() {
List<Ace> acesRemove = Arrays.asList(new Ace[] { createAce(BOB, EnumBasicPermissions.CMIS_WRITE.value()),
createAce(CHRIS, EnumBasicPermissions.CMIS_ALL.value()) });
return fFactory.createAccessControlList(acesRemove);
}
private void checkAclAfterAddRemove(Acl aclReturn) {
assertNotNull(aclReturn);
assertEquals(2, aclReturn.getAces().size());
assertTrue(aclHasPermission(aclReturn, ALICE, EnumBasicPermissions.CMIS_READ.value()));
assertTrue(aclHasPermission(aclReturn, DAN, EnumBasicPermissions.CMIS_WRITE.value()));
assertFalse(aclHasPermission(aclReturn, BOB, EnumBasicPermissions.CMIS_WRITE.value()));
assertFalse(aclHasPermission(aclReturn, CHRIS, EnumBasicPermissions.CMIS_ALL.value()));
assertTrue(aclHasNoPermission(aclReturn, BOB));
assertTrue(aclHasNoPermission(aclReturn, CHRIS));
}
private void checkAdvancedTestAcl(Acl acl, Acl aclReturn) {
assertNotNull(aclReturn);
assertEquals(acl.getAces().size(), aclReturn.getAces().size());
assertTrue(aclHasPermission(aclReturn, ALICE, EnumBasicPermissions.CMIS_READ.value()));
assertTrue(aclHasPermission(aclReturn, BOB, EnumBasicPermissions.CMIS_WRITE.value()));
assertTrue(aclHasPermission(aclReturn, CHRIS, EnumBasicPermissions.CMIS_ALL.value()));
}
private Ace createAce(String principalId, String permission) {
return fFactory.createAccessControlEntry(principalId, Collections.singletonList(permission));
}
private boolean aclHasPermission(Acl acl, String principalId, String permission) {
for (Ace ace : acl.getAces()) {
if (ace.getPrincipalId().equals(principalId) && aceContainsPermission(ace, permission)) {
return true;
}
}
return false;
}
private boolean aclHasNoPermission(Acl acl, String principalId) {
if (null == acl) {
return false;
}
for (Ace ace : acl.getAces()) {
if (ace.getPrincipalId().equals(principalId)) {
return false;
}
}
return true;
}
private boolean aceContainsPermission(Ace ace, String permission) {
for (String acePerm : ace.getPermissions()) {
if (permission.equals(acePerm)) {
return true;
}
}
return false;
}
}