Google Git
Sign in
apache / jackrabbit-oak / 89773459d65d1753f05feecbae18333d42e4d775 / . / trunk / oak-jcr / src / test / java / org / apache / jackrabbit / oak / jcr / security / authorization / ReadPropertyTest.java
blob: 8eb8762add843d6c9047f2ad6b12b7e2fc04db02 [file] [log] [blame]
/*
* Licensed to the Apache Software Foundation (ASF) under one or more
* contributor license agreements. See the NOTICE file distributed with
* this work for additional information regarding copyright ownership.
* The ASF licenses this file to You under the Apache License, Version 2.0
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.apache.jackrabbit.oak.jcr.security.authorization;
import java.util.ArrayList;
import java.util.List;
import javax.jcr.AccessDeniedException;
import javax.jcr.Node;
import javax.jcr.Property;
import javax.jcr.PropertyIterator;
import org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeConstants;
import org.junit.Test;
/**
* @since OAK 1.0 : jcr:read is an aggregation of read property and node privileges.
*/
public class ReadPropertyTest extends AbstractEvaluationTest {
@Test
public void testReadProperty() throws Exception {
deny(path, privilegesFromName(PrivilegeConstants.JCR_READ));
allow(path, privilegesFromName(PrivilegeConstants.REP_READ_PROPERTIES));
assertFalse(testSession.nodeExists(path));
assertFalse(testSession.itemExists(path));
assertFalse(testSession.nodeExists(childNPath));
List<String> propertyPaths = new ArrayList<String>();
propertyPaths.add(childPPath);
propertyPaths.add(childchildPPath);
propertyPaths.add(path + "/jcr:primaryType");
for (String pPath : propertyPaths) {
assertTrue(testSession.itemExists(pPath));
assertTrue(testSession.propertyExists(pPath));
Property p = testSession.getProperty(pPath);
assertEquals(pPath, p.getPath());
}
}
@Test
public void testReadProperty2() throws Exception {
deny(path, privilegesFromName(PrivilegeConstants.REP_READ_NODES));
assertFalse(testSession.nodeExists(path));
assertFalse(testSession.itemExists(path));
assertFalse(testSession.nodeExists(childNPath));
List<String> propertyPaths = new ArrayList<String>();
propertyPaths.add(childPPath);
propertyPaths.add(childchildPPath);
propertyPaths.add(path + "/jcr:primaryType");
for (String pPath : propertyPaths) {
assertTrue(testSession.itemExists(pPath));
assertTrue(testSession.propertyExists(pPath));
Property p = testSession.getProperty(pPath);
}
}
@Test
public void testDenyReadProperties() throws Exception {
allow(path, privilegesFromName(PrivilegeConstants.JCR_READ));
deny(path, privilegesFromName(PrivilegeConstants.REP_READ_PROPERTIES));
assertTrue(testSession.nodeExists(path));
assertTrue(testSession.itemExists(path));
assertTrue(testSession.nodeExists(childNPath));
List<String> propertyPaths = new ArrayList<String>();
propertyPaths.add(childPPath);
propertyPaths.add(childchildPPath);
propertyPaths.add(path + "/jcr:primaryType");
for (String pPath : propertyPaths) {
assertFalse(testSession.itemExists(pPath));
assertFalse(testSession.propertyExists(pPath));
}
Node target = testSession.getNode(path);
assertFalse(target.getProperties().hasNext());
}
@Test
public void testDenySingleProperty() throws Exception {
allow(path, privilegesFromName(PrivilegeConstants.JCR_READ));
deny(path, privilegesFromName(PrivilegeConstants.REP_READ_PROPERTIES), createGlobRestriction("*/" +propertyName1));
assertTrue(testSession.nodeExists(path));
assertTrue(testSession.itemExists(path));
assertTrue(testSession.nodeExists(childNPath));
List<String> allowed = new ArrayList<String>();
allowed.add(path + "/jcr:primaryType");
allowed.add(childNPath + "/jcr:primaryType");
for (String pPath : allowed) {
assertTrue(testSession.itemExists(pPath));
assertTrue(testSession.propertyExists(pPath));
}
List<String> denied = new ArrayList<String>();
denied.add(childPPath);
denied.add(childchildPPath);
for (String pPath : denied) {
assertFalse(testSession.itemExists(pPath));
assertFalse(testSession.propertyExists(pPath));
}
Node target = testSession.getNode(path);
PropertyIterator pit = target.getProperties();
while (pit.hasNext()) {
assertFalse(propertyName1.equals(pit.nextProperty().getName()));
}
}
@Test
public void testGetParent() throws Exception {
deny(path, privilegesFromName(PrivilegeConstants.REP_READ_NODES));
List<String> propertyPaths = new ArrayList<String>();
propertyPaths.add(childPPath);
propertyPaths.add(childchildPPath);
propertyPaths.add(path + "/jcr:primaryType");
for (String pPath : propertyPaths) {
Property p = testSession.getProperty(pPath);
try {
Node n = p.getParent();
fail();
} catch (AccessDeniedException e) {
// success
}
}
}
@Test
public void testGetPath() throws Exception {
deny(path, privilegesFromName(PrivilegeConstants.JCR_READ));
allow(path, privilegesFromName(PrivilegeConstants.REP_READ_PROPERTIES));
List<String> propertyPaths = new ArrayList<String>();
propertyPaths.add(childPPath);
propertyPaths.add(childchildPPath);
propertyPaths.add(path + "/jcr:primaryType");
for (String pPath : propertyPaths) {
Property p = testSession.getProperty(pPath);
assertEquals(pPath, p.getPath());
}
}
@Test
public void testGetStatus() throws Exception {
deny(path, privilegesFromName(PrivilegeConstants.JCR_READ));
allow(path, privilegesFromName(PrivilegeConstants.REP_READ_PROPERTIES));
List<String> propertyPaths = new ArrayList<String>();
propertyPaths.add(childPPath);
propertyPaths.add(childchildPPath);
propertyPaths.add(path + "/jcr:primaryType");
for (String pPath : propertyPaths) {
Property p = testSession.getProperty(pPath);
assertFalse(p.isModified());
assertFalse(p.isNew());
}
}
}