Google Git
Sign in
apache / directory-ldap-api / 4d3633225c18fe7349d346ea7b54d13337050f50 / . / integ / src / test / java / org / apache / directory / api / ldap / aci / ACIItemParserTest.java
blob: 92218e6958f71a79ac94eef1c8760d854a17102b [file] [log] [blame]
/*
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. The ASF licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* https://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*
*/
package org.apache.directory.api.ldap.aci;
import static org.junit.jupiter.api.Assertions.assertEquals;
import static org.junit.jupiter.api.Assertions.assertNotNull;
import static org.junit.jupiter.api.Assertions.fail;
import java.text.ParseException;
import org.apache.directory.api.ldap.model.schema.SchemaManager;
import org.apache.directory.api.ldap.schema.loader.JarLdifSchemaLoader;
import org.apache.directory.api.ldap.schema.manager.impl.DefaultSchemaManager;
import org.junit.jupiter.api.BeforeAll;
import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.parallel.Execution;
import org.junit.jupiter.api.parallel.ExecutionMode;
/**
* Unit tests class for ACIItem parser (wrapper).
*
* @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
*/
@Execution( ExecutionMode.CONCURRENT )
public class ACIItemParserTest
{
/** the ACIItem parser wrapper */
private static ACIItemParser parser;
/**
* Initialization
*/
@BeforeAll
public static void init() throws Exception
{
JarLdifSchemaLoader loader = new JarLdifSchemaLoader();
SchemaManager schemaManager = new DefaultSchemaManager( loader );
schemaManager.loadAllEnabled();
parser = new ACIItemParser( schemaManager );
}
private void checkItemToString( String spec, ACIItem item ) throws Exception
{
// try to parse the result of item.toString() again
parser.parse( item.toString() );
}
/**
* Tests the parser with a rangeOfValues with a nested filter.
*/
@Test
public void testRangeOfValues() throws Exception
{
String spec = " { identificationTag \"id1\" , precedence 114 , authenticationLevel simple , "
+ "itemOrUserFirst itemFirst :{ protectedItems "
+ "{ rangeOfValues (&(&(|(|(cn=ccc)(!(cn=ddd))(&(cn=aaa)(cn=bbb)))))) " + "} , itemPermissions { } } }";
ACIItem item = parser.parse( spec );
checkItemToString( spec, item );
spec = " { identificationTag \"id8\", precedence 0, authenticationLevel simple "
+ ", itemOrUserFirst userFirst: { userClasses { allUsers }, userPermissions { "
+ " { protectedItems { rangeOfValues (&(cn=test)(sn=test)) }, grantsAndDenials { grantAdd } }, "
+ "{ protectedItems { rangeOfValues (|(!(cn=aaa))(sn=bbb)) }, grantsAndDenials { grantAdd } } "
+ " } } }";
item = parser.parse( spec );
checkItemToString( spec, item );
}
/**
* Tests the parser with an ACIItem of ItemFirst main component.
*/
@Test
public void testItemFirst() throws Exception
{
String spec =
"{ "
+ " identificationTag \"id1\" , "
+ " precedence 114 , "
+ " authenticationLevel simple , "
+ " itemOrUserFirst itemFirst :"
+ " { "
+ " protectedItems { entry , attributeType { 2.5.4.3 , ou } , "
+ " attributeValue { ou=people , cn=Ersin } , "
+ " rangeOfValues (cn=ErsinEr) , "
+ " classes and : { item: xyz , or:{item:X,item:Y} }"
+ " } , "
+ " itemPermissions "
+ " { "
+ " { "
+ " userClasses "
+ " {"
+ " allUsers , "
+ " userGroup { \"2.5.4.3=y,dc=t\" , \"cn=b,dc=d\" } , "
+ " subtree { { base \"ou=people\" } } "
+ " } , "
+ " grantsAndDenials { denyCompare , grantModify } "
+ " },"
+ " { "
+ " precedence 10, "
+ " userClasses "
+ " {"
+ " allUsers , "
+ " userGroup { \"2.5.4.3=y,dc=t\" , \"cn=b,dc=d\" } ,"
+ " subtree { { base \"ou=people\" } } "
+ " } , "
+ " grantsAndDenials { denyCompare , grantModify } } "
+ " } "
+ " }"
+ "}";
ACIItem item = parser.parse( spec );
checkItemToString( spec, item );
}
/**
* Tests the parser with an ACIItem of UserFirst main component.
*/
@Test
public void testUserFirst() throws Exception
{
String spec =
"{ "
+ " identificationTag \"id2\" , "
+ " precedence 14, "
+ " authenticationLevel none , "
+ " itemOrUserFirst userFirst: "
+ " { "
+ " userClasses "
+ " { "
+ " allUsers , "
+ " name { \"ou=people,cn=ersin\" }, "
+ " subtree "
+ " {"
+ " { base \"ou=system\" }, "
+ " { "
+ " base \"ou=ORGANIZATIONUNIT\","
+ " minimum 1, "
+ " maximum 2 "
+ " } "
+ " } "
+ " } , "
+ " userPermissions "
+ " { "
+ " { "
+ " protectedItems"
+ " { "
+ " entry , "
+ " attributeType { cn , ou } , "
+ " attributeValue {cn=y,sn=n,dc=l} , "
+ " rangeOfValues (cn=ErsinEr) "
+ " } , "
+ " grantsAndDenials { grantBrowse } "
+ " } "
+ " } "
+ " } "
+ "} ";
ACIItem item = parser.parse( spec );
checkItemToString( spec, item );
}
@Test
public void testAllowAddAllUsers() throws Exception
{
String spec = "{ identificationTag \"addAci\", " + "precedence 14, " + "authenticationLevel none, "
+ "itemOrUserFirst userFirst: { " + "userClasses { allUsers }, "
+ "userPermissions { { protectedItems {entry}, " + "grantsAndDenials { grantAdd } } } } }";
ACIItem item = parser.parse( spec );
checkItemToString( spec, item );
}
@Test
public void testCombo() throws Exception
{
String spec = "{ identificationTag \"addAci\", " + "precedence 14, " + "authenticationLevel none, "
+ "itemOrUserFirst userFirst: { " + "userClasses { allUsers, name { \"ou=blah\" } }, "
+ "userPermissions { { protectedItems {entry}, " + "grantsAndDenials { grantAdd } } } } }";
ACIItem item = parser.parse( spec );
checkItemToString( spec, item );
}
@Test
public void testOrderOfProtectedItemsDoesNotMatter() throws Exception
{
String spec =
" { "
+ " identificationTag \"id1\" , "
+ " precedence 114 , "
+ " authenticationLevel simple , "
+ " itemOrUserFirst itemFirst :"
+ " { "
+ " protectedItems "
+ " { "
+ " attributeType { 2.5.4.3 , ou }, "
+ " entry , "
+ " rangeOfValues (cn=ErsinEr) , "
+ " attributeValue { ou=people , cn=Ersin },"
+ " classes and : "
+ " { item: xyz , or:{item:X,item:Y} }"
+ " } , "
+ " itemPermissions "
+ " { "
+ " { "
+ " userClasses "
+ " {"
+ " allUsers , "
+ " userGroup { \"2.5.4.3=y,dc=t\" , \"cn=b,sn=d\" } "
+ " , "
+ " subtree "
+ " { "
+ " { base \"ou=people\" } "
+ " } "
+ " } , "
+ " grantsAndDenials "
+ " { "
+ " denyCompare , "
+ " grantModify "
+ " } "
+ " },"
+ " { "
+ " precedence 10, "
+ " userClasses "
+ " {"
+ " allUsers , "
+ " userGroup { \"2.5.4.3=y,dc=t\" , \"cn=b,dc=d\" } "
+ " , subtree { { base \"ou=people\" } } "
+ " } , "
+ " grantsAndDenials { denyCompare , grantModify } "
+ " } "
+ " } "
+ " }"
+ " }";
ACIItem item = parser.parse( spec );
checkItemToString( spec, item );
}
@Test
public void testOrderOfUserClassesDoesNotMatter() throws Exception
{
String spec =
"{ "
+ " identificationTag \"id2\" , "
+ " precedence 14, "
+ " authenticationLevel none , "
+ " itemOrUserFirst userFirst: "
+ " { "
+ " userClasses "
+ " { "
+ " name { \"ou=people,cn=ersin\" }, "
+ " allUsers, "
+ " subtree "
+ " {"
+ " { base \"ou=system\" }, "
+ " { "
+ " base \"ou=ORGANIZATIONUNIT\","
+ " minimum 1, "
+ " maximum 2 "
+ " } "
+ " } "
+ " } , "
+ " userPermissions "
+ " { "
+ " { "
+ " protectedItems"
+ " { "
+ " entry , "
+ " attributeType { cn , ou } , "
+ " attributeValue {cn=y,sn=n,dc=l} , "
+ " rangeOfValues (cn=ErsinEr) "
+ " } , "
+ " grantsAndDenials { grantBrowse } "
+ " } "
+ " } "
+ " } "
+ "}";
ACIItem item = parser.parse( spec );
checkItemToString( spec, item );
}
@Test
public void testOrderOfProtectedItemsDoesNotMatterButDuplicatesMatter() throws Exception
{
String spec = " { identificationTag \"id1\" , precedence 114 , authenticationLevel simple , "
+ "itemOrUserFirst itemFirst :{ protectedItems { attributeType { 1.2.3 , ou }, entry, entry , "
+ " rangeOfValues (cn=ErsinEr) , attributeValue { ou=people , cn=Ersin },"
+ "classes and : { item: xyz , or:{item:X,item:Y} }} , "
+ "itemPermissions { { userClasses {allUsers , userGroup { \"1.2=y,z=t\" , \"a=b,c=d\" } "
+ " , subtree { { base \"ou=people\" } } } , grantsAndDenials { denyCompare , grantModify } },"
+ "{ precedence 10, userClasses {allUsers , userGroup { \"1.2=y,z=t\" , \"a=b,c=d\" } "
+ " , subtree { { base \"ou=people\" } } } , grantsAndDenials { denyCompare , grantModify } } } }}";
try
{
parser.parse( spec );
fail( "testItemFirstOrderOfProtectedItemsDoesNotMatterButDuplicatesMatter() should not have run this line." );
}
catch ( ParseException e )
{
assertNotNull( e );
}
}
@Test
public void testOrderOfUserClassesDoesNotMatterButDuplicatesMatter() throws Exception
{
String spec = "{ identificationTag \"id2\" , precedence 14, authenticationLevel none , "
+ "itemOrUserFirst userFirst: { userClasses { name { \"ou=people,cn=ersin\" }, allUsers, allUsers, "
+ "subtree {{ base \"ou=system\" }, { base \"ou=ORGANIZATIONUNIT\","
+ "minimum 1, maximum 2 } } } , "
+ "userPermissions { { protectedItems{ entry , attributeType { cn , ou } , attributeValue {x=y,m=n,k=l} , "
+ "rangeOfValues (cn=ErsinEr) } , grantsAndDenials { grantBrowse } } } } } ";
try
{
parser.parse( spec );
fail( "testUserFirstOrderOfUserClassesDoesNotMatterButDuplicatesMatter() should not have run this line." );
}
catch ( ParseException e )
{
assertNotNull( e );
}
}
@Test
public void testItemPermissionComponentsOrderDoesNotMatter() throws Exception
{
String spec =
" { "
+ " identificationTag \"id1\" , "
+ " precedence 114 , "
+ " authenticationLevel simple , "
+ " itemOrUserFirst itemFirst :"
+ " { "
+ " protectedItems "
+ " { "
+ " attributeType { 2.5.4.3 , ou }, "
+ " entry , "
+ " rangeOfValues (cn=ErsinEr) , "
+ " attributeValue { ou=people , cn=Ersin },"
+ " classes and : { item: xyz , or:{item:X,item:Y} }"
+ " } , "
+ " itemPermissions "
+ " { "
+ " { "
+ " grantsAndDenials "
+ " { "
+ " denyCompare , grantModify "
+ " }, "
+ " userClasses "
+ " {"
+ " allUsers , "
+ " userGroup { \"2.5.4.3=y,dc=t\" , \"cn=b,dc=d\" } "
+ " , subtree { { base \"ou=people\" } } "
+ " } "
+ " },"
+ " { "
+ " precedence 10, "
+ " userClasses "
+ " {"
+ " allUsers , "
+ " userGroup { \"2.5.4.3=y,dc=t\" , \"cn=b,dc=d\" } "
+ " , subtree { { base \"ou=people\" } } "
+ " } , "
+ " grantsAndDenials { denyCompare , grantModify } "
+ " } "
+ " } "
+ " }"
+ " }";
ACIItem item = parser.parse( spec );
checkItemToString( spec, item );
}
@Test
public void testItemPermissionComponentsOrderDoesNotMatterButDuplicatesMatter() throws Exception
{
String spec = " { identificationTag \"id1\" , precedence 114 , authenticationLevel simple , "
+ "itemOrUserFirst itemFirst :{ protectedItems { attributeType { 1.2.3 , ou }, entry , "
+ " rangeOfValues (cn=ErsinEr) , attributeValue { ou=people , cn=Ersin },"
+ "classes and : { item: xyz , or:{item:X,item:Y} }} , "
+ "itemPermissions { { userClasses {allUsers , userGroup { \"1.2=y,z=t\" , \"a=b,c=d\" } "
+ " , subtree { { base \"ou=people\" } } }, grantsAndDenials { denyCompare , grantModify }, userClasses {allUsers , userGroup { \"1.2=y,z=t\" , \"a=b,c=d\" } "
+ " , subtree { { base \"ou=people\" } } } },"
+ "{ precedence 10, userClasses {allUsers , userGroup { \"1.2=y,z=t\" , \"a=b,c=d\" } "
+ " , subtree { { base \"ou=people\" } } } , grantsAndDenials { denyCompare , grantModify } } } }}";
try
{
parser.parse( spec );
fail( "testItemPermissionComponentsOrderDoesNotMatterButDuplicatesMatter() should not have run this line." );
}
catch ( ParseException e )
{
assertNotNull( e );
}
}
@Test
public void testUserPermissionComponentsOrderDoesNotMatter() throws Exception
{
String spec =
"{ "
+ " identificationTag \"id2\" , "
+ " precedence 14, "
+ " authenticationLevel none , "
+ " itemOrUserFirst userFirst: "
+ " { "
+ " userClasses "
+ " { "
+ " allUsers , "
+ " name { \"ou=people,cn=ersin\" }, "
+ " subtree "
+ " {"
+ " { base \"ou=system\" }, "
+ " { "
+ " base \"ou=ORGANIZATIONUNIT\","
+ " minimum 1, "
+ " maximum 2 "
+ " } "
+ " } "
+ " } , "
+ " userPermissions "
+ " { "
+ " { "
+ " grantsAndDenials { grantBrowse }, "
+ " protectedItems"
+ " { "
+ " entry , "
+ " attributeType { cn , ou } , "
+ " attributeValue {cn=y,sn=n,dc=l} , "
+ " rangeOfValues (cn=ErsinEr) "
+ " } "
+ " } "
+ " } "
+ " } "
+ "} ";
ACIItem item = parser.parse( spec );
checkItemToString( spec, item );
}
@Test
public void testUserPermissionComponentsOrderDoesNotMatterButDuplicatesMatter() throws Exception
{
String spec = "{ identificationTag \"id2\" , precedence 14, authenticationLevel none , "
+ "itemOrUserFirst userFirst: { userClasses { allUsers , name { \"ou=people,cn=ersin\" }, "
+ "subtree {{ base \"ou=system\" }, { base \"ou=ORGANIZATIONUNIT\","
+ "minimum 1, maximum 2 } } } , "
+ "userPermissions { { grantsAndDenials { grantBrowse }, grantsAndDenials { grantBrowse }, protectedItems{ entry , attributeType { cn , ou } , attributeValue {x=y,m=n,k=l} , "
+ "rangeOfValues (cn=ErsinEr) } } } } } ";
try
{
parser.parse( spec );
fail( "testUserPermissionComponentsOrderDoesNotMatterButDuplicatesMatter() should not have run this line." );
}
catch ( ParseException e )
{
assertNotNull( e );
}
}
@Test
public void testOrderOfMainACIComponentsDoesNotMatter() throws Exception
{
String spec =
"{ "
+ " itemOrUserFirst userFirst: "
+ " { "
+ " userClasses "
+ " { "
+ " allUsers , "
+ " name { \"ou=people,cn=ersin\" }, "
+ " subtree "
+ " {"
+ " { base \"ou=system\" }, "
+ " { "
+ " base \"ou=ORGANIZATIONUNIT\","
+ " minimum 1, "
+ " maximum 2 "
+ " } "
+ " } "
+ " } , "
+ " userPermissions "
+ " { "
+ " { "
+ " protectedItems"
+ " { "
+ " entry , "
+ " attributeType { cn , ou } , "
+ " attributeValue {cn=y,sn=n,dc=l} , "
+ " rangeOfValues (cn=ErsinEr) "
+ " } , "
+ " grantsAndDenials { grantBrowse } "
+ " } "
+ " } "
+ " }, "
+ " identificationTag \"id2\" , "
+ " authenticationLevel none, "
+ " precedence 14 "
+ "} ";
ACIItem item = parser.parse( spec );
checkItemToString( spec, item );
}
@Test
public void testOrderOfMainACIComponentsDoesNotMatterButDuplicatesMatter() throws Exception
{
String spec = "{ itemOrUserFirst userFirst: { userClasses { allUsers , name { \"ou=people,cn=ersin\" }, "
+ "subtree {{ base \"ou=system\" }, { base \"ou=ORGANIZATIONUNIT\","
+ "minimum 1, maximum 2 } } } , "
+ "userPermissions { { protectedItems{ entry , attributeType { cn , ou } , attributeValue {x=y,m=n,k=l} , "
+ "rangeOfValues (cn=ErsinEr) } , grantsAndDenials { grantBrowse } } } }, "
+ " identificationTag \"id2\" , authenticationLevel none, authenticationLevel simple, precedence 14 } ";
try
{
parser.parse( spec );
fail( "testOrderOfMainACIComponentsDoesNotMatterButDuplicatesMatter() should not have run this line." );
}
catch ( ParseException e )
{
assertNotNull( e );
}
}
@Test
public void testOrderOfMainACIComponentsDoesNotMatterButMissingsMatter() throws Exception
{
String spec = "{ itemOrUserFirst userFirst: { userClasses { allUsers , name { \"ou=people,cn=ersin\" }, "
+ "subtree {{ base \"ou=system\" }, { base \"ou=ORGANIZATIONUNIT\","
+ "minimum 1, maximum 2 } } } , "
+ "userPermissions { { protectedItems{ entry , attributeType { cn , ou } , attributeValue {x=y,m=n,k=l} , "
+ "rangeOfValues (cn=ErsinEr) } , grantsAndDenials { grantBrowse } } } }, "
+ " identificationTag \"id2\" , precedence 14 } ";
try
{
parser.parse( spec );
fail( "testOrderOfMainACIComponentsDoesNotMatterButMissingsMatter() should not have run this line." );
}
catch ( ParseException e )
{
assertNotNull( e );
}
}
@Test
public void testGrantAndDenialBitsOrderDoesNotMatterButDuplicatesMatter() throws Exception
{
String spec = "{ identificationTag \"id2\" , precedence 14, authenticationLevel none , "
+ "itemOrUserFirst userFirst: { userClasses { allUsers } , "
+ "userPermissions { { protectedItems{ entry } , grantsAndDenials { grantBrowse, grantInvoke, denyAdd, grantBrowse } } } } }";
try
{
parser.parse( spec );
fail( "testGrantAndDenialBitsOrderDoesNotMatterButDuplicatesMatter() should not have run this line." );
}
catch ( ParseException e )
{
assertNotNull( e );
}
}
@Test
public void testMaxValueCountComponentsOrderDoesNotMatter() throws Exception
{
String spec =
"{ "
+ " identificationTag \"id2\" , "
+ " precedence 14, "
+ " authenticationLevel none , "
+ " itemOrUserFirst userFirst: "
+ " { "
+ " userClasses "
+ " { "
+ " allUsers , "
+ " name { \"ou=people,cn=ersin\" }, "
+ " subtree "
+ " {"
+ " { base \"ou=system\"}, "
+ " { base \"ou=ORGANIZATIONUNIT\", minimum 1, maximum 2 } "
+ " } "
+ " } , "
+ " userPermissions "
+ " { "
+ " { "
+ " protectedItems"
+ " { "
+ " entry , "
+ " maxValueCount "
+ " { "
+ " { type 2.5.4.3, maxCount 10 }, "
+ " { maxCount 20, type 2.5.4.3 } "
+ " } "
+ " } , "
+ " grantsAndDenials { grantBrowse } "
+ " } "
+ " } "
+ " } "
+ "} ";
ACIItem item = parser.parse( spec );
checkItemToString( spec, item );
}
@Test
public void testRestrictedValueComponentsOrderDoesNotMatter() throws Exception
{
String spec = "{ identificationTag \"id2\" , precedence 14, authenticationLevel none , "
+ "itemOrUserFirst userFirst: { userClasses { allUsers , name { \"ou=people,cn=ersin\" }, "
+ "subtree {{ base \"ou=system\" }, { base \"ou=ORGANIZATIONUNIT\"," + "minimum 1, maximum 2 } } } , "
+ "userPermissions { { protectedItems{ entry , "
+ "restrictedBy { { type 2.5.4.3, valuesIn ou }, { valuesIn cn, type 2.5.4.3 } } "
+ " } , grantsAndDenials { grantBrowse } } } } } ";
ACIItem item = parser.parse( spec );
checkItemToString( spec, item );
}
@Test
public void testMaxImmSubComponentsOrderDoesNotMatter() throws Exception
{
String spec = "{ identificationTag \"id2\" , precedence 14, authenticationLevel none , "
+ "itemOrUserFirst userFirst: { userClasses { allUsers , name { \"ou=people,cn=ersin\" }, "
+ "subtree {{ base \"ou=system\" }, { base \"ou=ORGANIZATIONUNIT\"," + "minimum 1, maximum 2 } } } , "
+ "userPermissions { { protectedItems{ entry , maxImmSub 5 "
+ " } , grantsAndDenials { grantBrowse } } } } } ";
ACIItem item = parser.parse( spec );
checkItemToString( spec, item );
}
/**
* Test case for DIRSERVER-891
*/
@Test
public void testInvalidAttributeValue()
{
String spec;
// no name-value-pair
spec = "{ identificationTag \"id2\" , precedence 14, authenticationLevel none , "
+ "itemOrUserFirst userFirst: { userPermissions { { protectedItems{ entry , attributeType { cn , ou } , attributeValue { must_be_a_name_value_pair } , "
+ "rangeOfValues (cn=ErsinEr) } , grantsAndDenials { grantBrowse } } }, userClasses { allUsers , name { \"ou=people,cn=ersin\" }, "
+ "subtree {{ minimum 7, maximum 9, base \"ou=system\" }, { base \"ou=ORGANIZATIONUNIT\","
+ " maximum 2, minimum 1 } } } } } ";
try
{
parser.parse( spec );
fail( "Expected ParseException, invalid protected item 'attributeValue { must_be_a_name_value_pair }'" );
}
catch ( ParseException e )
{
// Expected
}
// no name-value-pair
spec = "{ identificationTag \"id2\" , precedence 14, authenticationLevel none , "
+ "itemOrUserFirst userFirst: { userPermissions { { protectedItems{ entry , attributeType { cn , ou } , attributeValue { x=y,m=n,k=l,x } , "
+ "rangeOfValues (cn=ErsinEr) } , grantsAndDenials { grantBrowse } } }, userClasses { allUsers , name { \"ou=people,cn=ersin\" }, "
+ "subtree {{ minimum 7, maximum 9, base \"ou=system\" }, { base \"ou=ORGANIZATIONUNIT\","
+ " maximum 2, minimum 1 } } } } } ";
try
{
parser.parse( spec );
fail( "Expected ParseException, invalid protected item 'attributeValue { x=y,m=n,k=l,x }'" );
}
catch ( ParseException e )
{
// Expected
}
}
@Test
public void testUserClassParentOfEntry() throws Exception
{
String spec =
"{ "
+ " identificationTag \"id\" , "
+ " precedence 10, "
+ " authenticationLevel none , "
+ " itemOrUserFirst userFirst: "
+ " { "
+ " userClasses "
+ " { "
+ " parentOfEntry , "
+ " name { \"cn=ersin,ou=people\" }, "
+ " subtree "
+ " {"
+ " { base \"ou=system\" }, "
+ " { "
+ " base \"ou=ORGANIZATIONUNIT\","
+ " minimum 1, "
+ " maximum 2 "
+ " } "
+ " } "
+ " } , "
+ " userPermissions "
+ " { "
+ " { "
+ " protectedItems"
+ " { "
+ " entry , "
+ " attributeType { cn , ou } , "
+ " attributeValue {cn=y,sn=n,dc=l} , "
+ " rangeOfValues (cn=ErsinEr) "
+ " } , "
+ " grantsAndDenials { grantBrowse } "
+ " } "
+ " } "
+ " } "
+ "} ";
ACIItem item = parser.parse( spec );
checkItemToString( spec, item );
}
/**
* Test case for DIRSTUDIO-440
*/
@Test
public void testPrecedenceOfUserFirst() throws Exception
{
String spec = "{ identificationTag \"test\", precedence 14, authenticationLevel simple, "
+ "itemOrUserFirst userFirst: { userClasses { allUsers }, userPermissions { { "
+ "precedence 1, protectedItems { attributeType { userPassword } }, grantsAndDenials "
+ "{ denyRead, denyReturnDN, denyBrowse } }, { precedence 2, protectedItems "
+ "{ entry, allUserAttributeTypesAndValues }, grantsAndDenials "
+ "{ grantReturnDN, grantRead, grantBrowse } } } } }";
ACIItem item = parser.parse( spec );
checkItemToString( spec, item );
UserFirstACIItem userFirstItem = ( UserFirstACIItem ) item;
int aciPrecedence = userFirstItem.getPrecedence();
assertEquals( 14, aciPrecedence );
for ( UserPermission permission : userFirstItem.getUserPermission() )
{
int precedence = permission.getPrecedence();
if ( precedence == 1 )
{
assertEquals( 1, precedence );
}
else if ( precedence == 2 )
{
assertEquals( 2, precedence );
}
else
{
fail( "Got precedence " + precedence + ", expected precedence 1 or 2." );
}
}
}
/**
* Test case for DIRSERVER-891
*/
@Test
public void testIncomplete()
{
String spec;
spec = "{ }";
try
{
parser.parse( spec );
fail( "Expected ParseException, ACIItem is incomplete'" );
}
catch ( ParseException e )
{
// Expected
}
spec = "{ identificationTag \"id2\" }";
try
{
parser.parse( spec );
fail( "Expected ParseException, ACIItem is incomplete'" );
}
catch ( ParseException e )
{
// Expected
}
spec = "{ identificationTag \"id2\", precedence 14 } ";
try
{
parser.parse( spec );
fail( "Expected ParseException, ACIItem is incomplete'" );
}
catch ( ParseException e )
{
// Expected
}
spec = "{ identificationTag \"id2\", precedence 14, authenticationLevel none } ";
try
{
parser.parse( spec );
fail( "Expected ParseException, ACIItem is incomplete'" );
}
catch ( ParseException e )
{
// Expected
}
}
}