Google Git
Sign in
apache / jackrabbit-oak / 89773459d65d1753f05feecbae18333d42e4d775 / . / trunk / oak-security-spi / src / test / java / org / apache / jackrabbit / oak / spi / security / privilege / PrivilegeBitsTest.java
blob: d192e57b26f406820a0a59d9d016f62f3a07d377 [file] [log] [blame]
/*
* Licensed to the Apache Software Foundation (ASF) under one or more
* contributor license agreements. See the NOTICE file distributed with
* this work for additional information regarding copyright ownership.
* The ASF licenses this file to You under the Apache License, Version 2.0
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.apache.jackrabbit.oak.spi.security.privilege;
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Random;
import com.google.common.collect.ImmutableSet;
import org.apache.jackrabbit.oak.api.PropertyState;
import org.apache.jackrabbit.oak.api.Root;
import org.apache.jackrabbit.oak.api.Tree;
import org.apache.jackrabbit.oak.api.Type;
import org.apache.jackrabbit.oak.plugins.memory.PropertyStates;
import org.apache.jackrabbit.oak.spi.security.authorization.permission.Permissions;
import org.junit.Test;
import org.mockito.Mockito;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertFalse;
import static org.junit.Assert.assertNotEquals;
import static org.junit.Assert.assertNotSame;
import static org.junit.Assert.assertSame;
import static org.junit.Assert.assertTrue;
import static org.junit.Assert.fail;
import static org.mockito.Mockito.when;
public class PrivilegeBitsTest implements PrivilegeConstants {
private static final long NO_PRIVILEGE = 0;
private static final PrivilegeBits READ_NODES_PRIVILEGE_BITS = PrivilegeBits.BUILT_IN.get(REP_READ_NODES);
private static final long[] LONGS = new long[]{1, 2, 13, 199, 512, Long.MAX_VALUE / 2, Long.MAX_VALUE - 1, Long.MAX_VALUE};
private static long getLongValue(PrivilegeBits bits) {
String s = bits.toString();
if (s.indexOf('[') == -1) {
return Long.parseLong(s.substring(15));
} else {
return Long.parseLong(s.substring(s.indexOf('[') + 1, s.indexOf(',')));
}
}
private static PropertyState createPropertyState(long l) {
return PropertyStates.createProperty("name", Collections.singleton(l), Type.LONGS);
}
private static void assertEquivalent(PrivilegeBits a, PrivilegeBits b) {
assertEquals(a.toString(), b.toString());
}
@Test
public void testLongValue() {
// empty
assertEquals(NO_PRIVILEGE, getLongValue(PrivilegeBits.EMPTY));
// long based privilege bits
for (long l : LONGS) {
PrivilegeBits bits = PrivilegeBits.getInstance(createPropertyState(l));
assertEquals(l, getLongValue(bits));
}
// long based privilege bits
PrivilegeBits pb = READ_NODES_PRIVILEGE_BITS;
long l = getLongValue(pb);
while (l < Long.MAX_VALUE / 2) {
l = l << 1;
pb = pb.nextBits();
assertEquals(l, getLongValue(pb));
}
// other privilege bits: long value not available.
for (int i = 0; i < 10; i++) {
pb = pb.nextBits();
assertEquals(0, getLongValue(pb));
}
// modifiable privilege bits
pb = READ_NODES_PRIVILEGE_BITS;
for (int i = 0; i < 100; i++) {
PrivilegeBits modifiable = PrivilegeBits.getInstance(pb);
assertEquals(getLongValue(pb), getLongValue(modifiable));
pb = pb.nextBits();
}
}
@Test
public void testNextBitsFromEmpty() {
// empty
assertSame(PrivilegeBits.EMPTY, PrivilegeBits.EMPTY.nextBits());
PrivilegeBits bits = PrivilegeBits.getInstance().unmodifiable();
assertSame(bits, bits.nextBits());
}
@Test
public void testNextBits() {
// long based privilege bits
PrivilegeBits pb = READ_NODES_PRIVILEGE_BITS;
long l = getLongValue(pb);
while (l < Long.MAX_VALUE / 2) {
l = l << 1;
pb = pb.nextBits();
assertEquals(l, getLongValue(pb));
}
// other privilege bits: long value not available.
for (int i = 0; i < 10; i++) {
PrivilegeBits nxt = pb.nextBits();
assertEquals(nxt, pb.nextBits());
assertFalse(pb.equals(nxt));
pb = nxt;
}
// modifiable privilege bits
pb = READ_NODES_PRIVILEGE_BITS;
for (int i = 0; i < 100; i++) {
PrivilegeBits modifiable = PrivilegeBits.getInstance(pb);
try {
modifiable.nextBits();
fail("UnsupportedOperation expected");
} catch (UnsupportedOperationException e) {
// success
}
pb = pb.nextBits();
}
}
@Test
public void testUnmodifiable() {
assertSame(PrivilegeBits.EMPTY, PrivilegeBits.EMPTY.unmodifiable());
// other privilege bits
PrivilegeBits pb = READ_NODES_PRIVILEGE_BITS;
PrivilegeBits mod = PrivilegeBits.getInstance(pb);
for (int i = 0; i < 100; i++) {
PrivilegeBits nxt = pb.nextBits();
assertSame(nxt, nxt.unmodifiable());
assertEquals(nxt, nxt.unmodifiable());
mod.add(nxt);
assertNotSame(mod, mod.unmodifiable());
pb = nxt;
}
}
@Test
public void testModifiable() {
assertNotSame(PrivilegeBits.EMPTY, PrivilegeBits.EMPTY.modifiable());
// other privilege bits
PrivilegeBits mod = PrivilegeBits.getInstance(READ_NODES_PRIVILEGE_BITS);
assertSame(mod, mod.modifiable());
assertNotSame(mod, mod.unmodifiable());
assertNotEquals(mod, mod.unmodifiable());
}
@Test
public void testIncludes() {
// empty
assertTrue(PrivilegeBits.EMPTY.includes(PrivilegeBits.EMPTY));
// other privilege bits
PrivilegeBits pb = READ_NODES_PRIVILEGE_BITS;
PrivilegeBits mod = PrivilegeBits.getInstance();
for (int i = 0; i < 100; i++) {
assertFalse(PrivilegeBits.EMPTY.includes(pb));
assertTrue(pb.includes(PrivilegeBits.EMPTY));
mod.add(pb);
assertTrue(mod.includes(pb));
PrivilegeBits nxt = pb.nextBits();
assertTrue(nxt.includes(nxt));
assertTrue(nxt.includes(PrivilegeBits.getInstance(nxt)));
assertFalse(pb + " should not include " + nxt, pb.includes(nxt));
assertFalse(nxt + " should not include " + pb, nxt.includes(pb));
assertFalse(mod.includes(nxt));
assertFalse(nxt.includes(mod));
pb = nxt;
}
}
@Test
public void testIsEmpty() {
// empty
assertTrue(PrivilegeBits.EMPTY.isEmpty());
// any other bits should not be empty
PrivilegeBits pb = READ_NODES_PRIVILEGE_BITS;
PrivilegeBits mod = PrivilegeBits.getInstance(pb);
for (int i = 0; i < 100; i++) {
assertFalse(pb.isEmpty());
assertFalse(PrivilegeBits.getInstance(pb).isEmpty());
pb = pb.nextBits();
mod.add(pb);
assertFalse(mod.isEmpty());
PrivilegeBits tmp = PrivilegeBits.getInstance(pb);
tmp.diff(pb);
assertTrue(tmp.toString(), tmp.isEmpty());
}
}
@Test
public void testAdd() {
// empty
try {
PrivilegeBits.EMPTY.add(PrivilegeBits.EMPTY);
fail("UnsupportedOperation expected");
} catch (UnsupportedOperationException e) {
// success
}
// other privilege bits
PrivilegeBits pb = READ_NODES_PRIVILEGE_BITS;
PrivilegeBits mod = PrivilegeBits.getInstance(pb);
for (int i = 0; i < 100; i++) {
try {
pb.add(PrivilegeBits.EMPTY);
fail("UnsupportedOperation expected");
} catch (UnsupportedOperationException e) {
// success
}
try {
pb.add(mod);
fail("UnsupportedOperation expected");
} catch (UnsupportedOperationException e) {
// success
}
PrivilegeBits nxt = pb.nextBits();
try {
pb.add(nxt);
fail("UnsupportedOperation expected");
} catch (UnsupportedOperationException e) {
// success
}
long before = getLongValue(mod);
long nxtLong = getLongValue(nxt);
mod.add(nxt);
if (getLongValue(nxt) != 0) {
assertEquals(before | nxtLong, getLongValue(mod));
}
assertTrue(mod.includes(nxt));
PrivilegeBits tmp = PrivilegeBits.getInstance(pb);
assertTrue(tmp.includes(pb));
assertFalse(tmp.includes(nxt));
if (READ_NODES_PRIVILEGE_BITS.equals(pb)) {
assertTrue(tmp.includes(PrivilegeBits.BUILT_IN.get(PrivilegeConstants.REP_READ_NODES)));
} else {
assertFalse(tmp.includes(PrivilegeBits.BUILT_IN.get(PrivilegeConstants.REP_READ_NODES)));
}
tmp.add(nxt);
assertTrue(tmp.includes(pb) && tmp.includes(nxt));
if (READ_NODES_PRIVILEGE_BITS.equals(pb)) {
assertTrue(tmp.includes(READ_NODES_PRIVILEGE_BITS));
} else {
assertFalse(tmp.includes(READ_NODES_PRIVILEGE_BITS));
}
tmp.add(READ_NODES_PRIVILEGE_BITS);
assertTrue(tmp.includes(READ_NODES_PRIVILEGE_BITS));
pb = nxt;
}
}
@Test
public void testDiff() {
// empty
try {
PrivilegeBits.EMPTY.diff(PrivilegeBits.EMPTY);
fail("UnsupportedOperation expected");
} catch (UnsupportedOperationException e) {
// success
}
// other privilege bits
PrivilegeBits pb = READ_NODES_PRIVILEGE_BITS;
PrivilegeBits mod = PrivilegeBits.getInstance(pb);
for (int i = 0; i < 100; i++) {
PrivilegeBits nxt = pb.nextBits();
try {
pb.diff(nxt);
fail("UnsupportedOperation expected");
} catch (UnsupportedOperationException e) {
// success
}
try {
pb.diff(mod);
fail("UnsupportedOperation expected");
} catch (UnsupportedOperationException e) {
// success
}
PrivilegeBits before = PrivilegeBits.getInstance(mod);
mod.diff(nxt);
assertEquivalent(before, mod);
mod.add(nxt);
assertFalse(before.equals(mod));
mod.diff(nxt);
assertEquivalent(before, mod);
mod.add(nxt);
// diff with same pb must leave original bits empty
PrivilegeBits tmp = PrivilegeBits.getInstance(pb);
tmp.add(nxt);
tmp.add(READ_NODES_PRIVILEGE_BITS);
tmp.diff(tmp);
assertEquivalent(PrivilegeBits.EMPTY, tmp);
tmp = PrivilegeBits.getInstance(pb);
tmp.add(nxt);
tmp.add(READ_NODES_PRIVILEGE_BITS);
tmp.diff(PrivilegeBits.getInstance(tmp));
assertEquivalent(PrivilegeBits.EMPTY, tmp);
// diff without intersection -> leave privilege unmodified.
tmp = PrivilegeBits.getInstance(pb);
tmp.diff(nxt);
assertEquivalent(PrivilegeBits.getInstance(pb), tmp);
// diff with intersection -> privilege must be modified accordingly.
tmp = PrivilegeBits.getInstance(nxt);
tmp.add(READ_NODES_PRIVILEGE_BITS);
assertTrue(tmp.includes(READ_NODES_PRIVILEGE_BITS));
assertTrue(tmp.includes(nxt));
tmp.diff(nxt);
assertEquivalent(READ_NODES_PRIVILEGE_BITS, tmp);
assertTrue(tmp.includes(READ_NODES_PRIVILEGE_BITS));
assertFalse(tmp.includes(nxt));
tmp = PrivilegeBits.getInstance(pb);
tmp.add(READ_NODES_PRIVILEGE_BITS);
PrivilegeBits tmp2 = PrivilegeBits.getInstance(pb);
tmp2.add(nxt);
PrivilegeBits tmp3 = PrivilegeBits.getInstance(tmp2);
assertEquivalent(tmp2, tmp3);
tmp.diff(tmp2);
if (READ_NODES_PRIVILEGE_BITS.equals(pb)) {
assertEquivalent(PrivilegeBits.EMPTY, tmp);
} else {
assertEquivalent(READ_NODES_PRIVILEGE_BITS, tmp);
}
// but pb passed to the diff call must not be modified.
assertEquivalent(tmp3, tmp2);
pb = nxt;
}
}
@Test
public void testAddDifference() {
// empty
try {
PrivilegeBits.EMPTY.addDifference(PrivilegeBits.EMPTY, PrivilegeBits.EMPTY);
fail("UnsupportedOperation expected");
} catch (UnsupportedOperationException e) {
// success
}
// other privilege bits
PrivilegeBits pb = READ_NODES_PRIVILEGE_BITS;
PrivilegeBits mod = PrivilegeBits.getInstance(pb);
for (int i = 0; i < 100; i++) {
PrivilegeBits nxt = pb.nextBits();
try {
pb.addDifference(nxt, mod);
fail("UnsupportedOperation expected");
} catch (UnsupportedOperationException e) {
// success
}
try {
pb.addDifference(nxt, READ_NODES_PRIVILEGE_BITS);
fail("UnsupportedOperation expected");
} catch (UnsupportedOperationException e) {
// success
}
PrivilegeBits tmp = PrivilegeBits.getInstance(mod);
tmp.addDifference(nxt, READ_NODES_PRIVILEGE_BITS);
mod.add(nxt);
assertEquivalent(mod, tmp); // since there is diff(nxt, read) which results in nxt
if (!pb.equals(READ_NODES_PRIVILEGE_BITS)) {
tmp = PrivilegeBits.getInstance(nxt);
PrivilegeBits mod2 = PrivilegeBits.getInstance(mod);
tmp.addDifference(mod2, READ_NODES_PRIVILEGE_BITS);
assertFalse(nxt.equals(tmp)); // tmp should be modified by addDifference call.
assertEquivalent(mod2, mod); // mod2 should not be modified here
assertTrue(tmp.includes(pb));
assertFalse(tmp.includes(READ_NODES_PRIVILEGE_BITS));
assertFalse(tmp.includes(mod));
}
tmp = PrivilegeBits.getInstance(nxt);
PrivilegeBits mod2 = PrivilegeBits.getInstance(mod);
tmp.addDifference(READ_NODES_PRIVILEGE_BITS, mod2);
assertEquivalent(nxt, tmp); // tmp not modified by addDifference call.
assertEquivalent(mod2, mod); // mod2 should not be modified here
assertFalse(tmp.includes(pb));
assertFalse(tmp.includes(READ_NODES_PRIVILEGE_BITS));
assertFalse(tmp.includes(mod));
tmp = PrivilegeBits.getInstance(nxt);
tmp.addDifference(READ_NODES_PRIVILEGE_BITS, READ_NODES_PRIVILEGE_BITS);
assertEquivalent(nxt, tmp); // tmp not modified by addDifference call.
assertFalse(tmp.includes(READ_NODES_PRIVILEGE_BITS));
tmp = PrivilegeBits.getInstance(mod);
tmp.addDifference(READ_NODES_PRIVILEGE_BITS, READ_NODES_PRIVILEGE_BITS);
assertEquivalent(mod, tmp); // tmp not modified by addDifference call.
assertTrue(tmp.includes(READ_NODES_PRIVILEGE_BITS));
pb = nxt;
}
}
@Test
public void testRetainUnmodifiable() {
PrivilegeBits unmodifiable = READ_NODES_PRIVILEGE_BITS;
try {
unmodifiable.retain(PrivilegeBits.getInstance());
fail();
} catch (UnsupportedOperationException e) {
// success
}
}
@Test
public void testRetainSimple() {
PrivilegeBits pb = PrivilegeBits.getInstance(READ_NODES_PRIVILEGE_BITS);
assertEquals(pb, pb.retain(pb));
assertEquals(pb, pb.retain(READ_NODES_PRIVILEGE_BITS));
pb = PrivilegeBits.getInstance(READ_NODES_PRIVILEGE_BITS);
pb.retain(PrivilegeBits.getInstance());
assertTrue(pb.isEmpty());
pb = PrivilegeBits.getInstance(READ_NODES_PRIVILEGE_BITS);
pb.retain(PrivilegeBits.EMPTY);
assertTrue(pb.isEmpty());
PrivilegeBits write = PrivilegeBits.BUILT_IN.get(PrivilegeBits.REP_WRITE);
pb = PrivilegeBits.getInstance().add(write);
assertEquals(pb, pb.retain(pb));
assertEquals(pb, pb.retain(write));
pb.retain(READ_NODES_PRIVILEGE_BITS);
assertTrue(pb.isEmpty());
pb.add(READ_NODES_PRIVILEGE_BITS).add(write);
pb.retain(write);
assertEquivalent(write, pb);
assertFalse(pb.includes(READ_NODES_PRIVILEGE_BITS));
PrivilegeBits lock = PrivilegeBits.BUILT_IN.get(PrivilegeBits.JCR_LOCK_MANAGEMENT);
PrivilegeBits lw = PrivilegeBits.getInstance(write, lock);
pb.add(READ_NODES_PRIVILEGE_BITS).add(write).add(lock);
pb.retain(lw);
assertEquivalent(lw, pb);
assertFalse(pb.includes(READ_NODES_PRIVILEGE_BITS));
}
@Test
public void testRetain() {
PrivilegeBits pb = READ_NODES_PRIVILEGE_BITS;
List<PrivilegeBits> pbs = new ArrayList<PrivilegeBits>();
pbs.add(pb);
Random random = new Random();
for (int i = 0; i < 100; i++) {
PrivilegeBits nxt = pb.nextBits();
PrivilegeBits mod = PrivilegeBits.getInstance(nxt, pb);
mod.retain(nxt);
assertEquivalent(nxt, mod);
mod = PrivilegeBits.getInstance(nxt);
mod.retain(pb);
assertTrue(nxt.toString(), mod.isEmpty());
mod = PrivilegeBits.getInstance(nxt);
mod.retain(READ_NODES_PRIVILEGE_BITS);
assertTrue(nxt.toString(), mod.isEmpty());
mod = PrivilegeBits.getInstance(nxt, READ_NODES_PRIVILEGE_BITS);
mod.retain(nxt);
assertEquivalent(nxt, mod);
mod = PrivilegeBits.getInstance(nxt, pb, READ_NODES_PRIVILEGE_BITS);
mod.retain(READ_NODES_PRIVILEGE_BITS);
assertEquivalent(READ_NODES_PRIVILEGE_BITS, mod);
mod = PrivilegeBits.getInstance(nxt);
PrivilegeBits other = PrivilegeBits.getInstance();
for (int j = 0; j < pbs.size()/2; j++) {
other.add(pbs.get(random.nextInt(pbs.size()-1)));
}
mod.add(other);
mod.retain(other);
assertEquivalent(other, mod);
other.retain(nxt);
assertTrue(other.isEmpty());
pbs.add(nxt);
pb = nxt;
}
}
@Test
public void testGetInstance() {
PrivilegeBits pb = PrivilegeBits.getInstance();
assertEquivalent(PrivilegeBits.EMPTY, pb);
assertNotSame(PrivilegeBits.EMPTY, pb);
assertNotSame(pb, pb.unmodifiable());
pb.add(READ_NODES_PRIVILEGE_BITS);
pb.addDifference(READ_NODES_PRIVILEGE_BITS, READ_NODES_PRIVILEGE_BITS);
pb.diff(READ_NODES_PRIVILEGE_BITS);
pb = PrivilegeBits.getInstance(PrivilegeBits.EMPTY);
assertEquivalent(PrivilegeBits.EMPTY, pb);
assertNotSame(PrivilegeBits.EMPTY, pb);
assertNotSame(pb, pb.unmodifiable());
pb.add(READ_NODES_PRIVILEGE_BITS);
pb.addDifference(READ_NODES_PRIVILEGE_BITS, READ_NODES_PRIVILEGE_BITS);
pb.diff(READ_NODES_PRIVILEGE_BITS);
pb = PrivilegeBits.getInstance(READ_NODES_PRIVILEGE_BITS);
assertEquivalent(READ_NODES_PRIVILEGE_BITS, pb);
assertNotSame(READ_NODES_PRIVILEGE_BITS, pb);
assertNotSame(pb, pb.unmodifiable());
pb.add(READ_NODES_PRIVILEGE_BITS);
pb.addDifference(READ_NODES_PRIVILEGE_BITS, PrivilegeBits.EMPTY);
pb.diff(READ_NODES_PRIVILEGE_BITS);
pb = PrivilegeBits.EMPTY;
assertEquivalent(pb, PrivilegeBits.EMPTY);
assertSame(pb, PrivilegeBits.EMPTY);
assertSame(pb, pb.unmodifiable());
try {
pb.add(READ_NODES_PRIVILEGE_BITS);
fail("UnsupportedOperation expected");
} catch (UnsupportedOperationException e) {
// success
}
try {
pb.addDifference(READ_NODES_PRIVILEGE_BITS, READ_NODES_PRIVILEGE_BITS);
fail("UnsupportedOperation expected");
} catch (UnsupportedOperationException e) {
// success
}
try {
pb.diff(READ_NODES_PRIVILEGE_BITS);
fail("UnsupportedOperation expected");
} catch (UnsupportedOperationException e) {
// success
}
}
@Test
public void testGetInstanceFromBase() {
PrivilegeBits pb = PrivilegeBits.getInstance(READ_NODES_PRIVILEGE_BITS);
pb.add(PrivilegeBits.BUILT_IN.get(PrivilegeConstants.JCR_READ_ACCESS_CONTROL));
pb.add(PrivilegeBits.BUILT_IN.get(PrivilegeConstants.JCR_NODE_TYPE_MANAGEMENT));
PrivilegeBits pb2 = PrivilegeBits.getInstance(READ_NODES_PRIVILEGE_BITS,
PrivilegeBits.BUILT_IN.get(PrivilegeConstants.JCR_READ_ACCESS_CONTROL),
PrivilegeBits.BUILT_IN.get(PrivilegeConstants.JCR_NODE_TYPE_MANAGEMENT));
assertEquivalent(pb, pb2);
}
@Test
public void testGetInstanceFromPropertyState() {
for (long l : LONGS) {
PropertyState property = createPropertyState(l);
PrivilegeBits pb = PrivilegeBits.getInstance(property);
assertEquivalent(pb, PrivilegeBits.getInstance(property));
assertSame(pb, pb.unmodifiable());
assertEquivalent(pb, PrivilegeBits.getInstance(pb));
assertEquivalent(PrivilegeBits.getInstance(pb), pb);
assertNotSame(pb, PrivilegeBits.getInstance(pb));
try {
pb.add(READ_NODES_PRIVILEGE_BITS);
fail("UnsupportedOperation expected");
} catch (UnsupportedOperationException e) {
// success
}
try {
pb.addDifference(READ_NODES_PRIVILEGE_BITS, READ_NODES_PRIVILEGE_BITS);
fail("UnsupportedOperation expected");
} catch (UnsupportedOperationException e) {
// success
}
try {
pb.diff(READ_NODES_PRIVILEGE_BITS);
fail("UnsupportedOperation expected");
} catch (UnsupportedOperationException e) {
// success
}
}
}
@Test
public void testGetInstanceFromMvPropertyState() {
PropertyState property = PropertyStates.createProperty("name", ImmutableSet.of(Long.MAX_VALUE, Long.MIN_VALUE / 2), Type.LONGS);
PrivilegeBits pb = PrivilegeBits.getInstance(property);
assertEquivalent(pb, PrivilegeBits.getInstance(property));
assertSame(pb, pb.unmodifiable());
assertEquivalent(pb, PrivilegeBits.getInstance(pb));
assertEquivalent(PrivilegeBits.getInstance(pb), pb);
assertNotSame(pb, PrivilegeBits.getInstance(pb));
try {
pb.add(READ_NODES_PRIVILEGE_BITS);
fail("UnsupportedOperation expected");
} catch (UnsupportedOperationException e) {
// success
}
try {
pb.addDifference(READ_NODES_PRIVILEGE_BITS, READ_NODES_PRIVILEGE_BITS);
fail("UnsupportedOperation expected");
} catch (UnsupportedOperationException e) {
// success
}
try {
pb.diff(READ_NODES_PRIVILEGE_BITS);
fail("UnsupportedOperation expected");
} catch (UnsupportedOperationException e) {
// success
}
}
@Test
public void testGetInstanceFromNullPropertyState() {
assertSame(PrivilegeBits.EMPTY, PrivilegeBits.getInstance((PropertyState) null));
}
@Test
public void testGetInstanceFromTreeCustomPriv() {
PrivilegeBits next = PrivilegeBits.NEXT_AFTER_BUILT_INS;
Tree tmp = Mockito.mock(Tree.class);
when(tmp.getName()).thenReturn("tmpPrivilege");
when(tmp.getProperty(REP_BITS)).thenReturn(next.asPropertyState(REP_BITS));
assertEquals(next, PrivilegeBits.getInstance(tmp));
}
@Test
public void testGetInstanceFromTreeJcrRead() {
Tree readPrivTree = Mockito.mock(Tree.class);
when(readPrivTree.getName()).thenReturn(JCR_READ);
assertEquals(PrivilegeBits.BUILT_IN.get(JCR_READ), PrivilegeBits.getInstance(readPrivTree));
}
@Test
public void testGetInstanceFromNullTree() {
assertSame(PrivilegeBits.EMPTY, PrivilegeBits.getInstance((Tree) null));
}
@Test
public void testCalculatePermissions() {
PrivilegeBitsProvider provider = new PrivilegeBitsProvider(Mockito.mock(Root.class));
Map<PrivilegeBits, Long> simple = new HashMap<PrivilegeBits, Long>();
simple.put(PrivilegeBits.EMPTY, Permissions.NO_PERMISSION);
simple.put(provider.getBits(JCR_READ), Permissions.READ);
simple.put(provider.getBits(JCR_LOCK_MANAGEMENT), Permissions.LOCK_MANAGEMENT);
simple.put(provider.getBits(JCR_VERSION_MANAGEMENT), Permissions.VERSION_MANAGEMENT);
simple.put(provider.getBits(JCR_READ_ACCESS_CONTROL), Permissions.READ_ACCESS_CONTROL);
simple.put(provider.getBits(JCR_MODIFY_ACCESS_CONTROL), Permissions.MODIFY_ACCESS_CONTROL);
simple.put(provider.getBits(REP_READ_NODES), Permissions.READ_NODE);
simple.put(provider.getBits(REP_READ_PROPERTIES), Permissions.READ_PROPERTY);
simple.put(provider.getBits(REP_USER_MANAGEMENT), Permissions.USER_MANAGEMENT);
simple.put(provider.getBits(JCR_MODIFY_PROPERTIES), Permissions.SET_PROPERTY);
simple.put(provider.getBits(REP_ADD_PROPERTIES), Permissions.ADD_PROPERTY);
simple.put(provider.getBits(REP_ALTER_PROPERTIES), Permissions.MODIFY_PROPERTY);
simple.put(provider.getBits(REP_REMOVE_PROPERTIES), Permissions.REMOVE_PROPERTY);
simple.put(provider.getBits(REP_INDEX_DEFINITION_MANAGEMENT), Permissions.INDEX_DEFINITION_MANAGEMENT);
for (PrivilegeBits pb : simple.keySet()) {
long expected = simple.get(pb).longValue();
assertTrue(expected == PrivilegeBits.calculatePermissions(pb, PrivilegeBits.EMPTY, true));
assertTrue(expected == PrivilegeBits.calculatePermissions(pb, pb, true));
}
// jcr:modifyProperty aggregate
PrivilegeBits add_change = provider.getBits(REP_ADD_PROPERTIES, REP_ALTER_PROPERTIES);
long permissions = (Permissions.ADD_PROPERTY | Permissions.MODIFY_PROPERTY);
assertTrue(permissions == PrivilegeBits.calculatePermissions(add_change, PrivilegeBits.EMPTY, true));
assertTrue(permissions == PrivilegeBits.calculatePermissions(add_change, add_change, true));
PrivilegeBits add_rm = provider.getBits(REP_ADD_PROPERTIES, REP_REMOVE_PROPERTIES);
permissions = (Permissions.ADD_PROPERTY | Permissions.REMOVE_PROPERTY);
assertTrue(permissions == PrivilegeBits.calculatePermissions(add_rm, PrivilegeBits.EMPTY, true));
assertTrue(permissions == PrivilegeBits.calculatePermissions(add_rm, add_rm, true));
PrivilegeBits ch_rm = provider.getBits(REP_ALTER_PROPERTIES, REP_REMOVE_PROPERTIES);
permissions = (Permissions.MODIFY_PROPERTY | Permissions.REMOVE_PROPERTY);
assertTrue(permissions == PrivilegeBits.calculatePermissions(ch_rm, PrivilegeBits.EMPTY, true));
assertTrue(permissions == PrivilegeBits.calculatePermissions(ch_rm, add_rm, true));
}
@Test
public void testCalculatePermissionsParentAwareAllow() {
PrivilegeBitsProvider provider = new PrivilegeBitsProvider(Mockito.mock(Root.class));
// parent aware permissions
// a) jcr:addChildNodes
PrivilegeBits addChild = provider.getBits(JCR_ADD_CHILD_NODES);
assertFalse(Permissions.ADD_NODE == PrivilegeBits.calculatePermissions(addChild, PrivilegeBits.EMPTY, true));
assertTrue(Permissions.ADD_NODE == PrivilegeBits.calculatePermissions(PrivilegeBits.EMPTY, addChild, true));
// b) jcr:removeChildNodes and jcr:removeNode
PrivilegeBits removeChild = provider.getBits(JCR_REMOVE_CHILD_NODES);
assertFalse(Permissions.REMOVE_NODE == PrivilegeBits.calculatePermissions(removeChild, PrivilegeBits.EMPTY, true));
assertFalse(Permissions.REMOVE_NODE == PrivilegeBits.calculatePermissions(PrivilegeBits.EMPTY, removeChild, true));
PrivilegeBits removeNode = provider.getBits(JCR_REMOVE_NODE);
assertFalse(Permissions.REMOVE_NODE == PrivilegeBits.calculatePermissions(removeNode, PrivilegeBits.EMPTY, true));
assertFalse(Permissions.REMOVE_NODE == PrivilegeBits.calculatePermissions(PrivilegeBits.EMPTY, removeNode, true));
PrivilegeBits remove = provider.getBits(JCR_REMOVE_CHILD_NODES, JCR_REMOVE_NODE);
assertFalse(Permissions.REMOVE_NODE == PrivilegeBits.calculatePermissions(remove, PrivilegeBits.EMPTY, true));
assertFalse(Permissions.REMOVE_NODE == PrivilegeBits.calculatePermissions(PrivilegeBits.EMPTY, remove, true));
assertTrue(Permissions.REMOVE_NODE == PrivilegeBits.calculatePermissions(remove, remove, true));
}
@Test
public void testCalculatePermissionsParentAwareDeny() {
PrivilegeBitsProvider provider = new PrivilegeBitsProvider(Mockito.mock(Root.class));
// parent aware permissions
// a) jcr:addChildNodes
PrivilegeBits addChild = provider.getBits(JCR_ADD_CHILD_NODES);
assertNotEquals(Permissions.ADD_NODE, PrivilegeBits.calculatePermissions(addChild, PrivilegeBits.EMPTY, false));
assertEquals(Permissions.ADD_NODE, PrivilegeBits.calculatePermissions(PrivilegeBits.EMPTY, addChild, false));
// b) jcr:removeChildNodes and jcr:removeNode
PrivilegeBits removeChild = provider.getBits(JCR_REMOVE_CHILD_NODES);
assertEquals(Permissions.NO_PERMISSION, PrivilegeBits.calculatePermissions(removeChild, PrivilegeBits.EMPTY, false));
assertEquals(Permissions.REMOVE_NODE, PrivilegeBits.calculatePermissions(PrivilegeBits.EMPTY, removeChild, false));
PrivilegeBits removeNode = provider.getBits(JCR_REMOVE_NODE);
assertEquals(Permissions.REMOVE_NODE, PrivilegeBits.calculatePermissions(removeNode, PrivilegeBits.EMPTY, false));
assertNotEquals(Permissions.REMOVE_NODE, PrivilegeBits.calculatePermissions(PrivilegeBits.EMPTY, removeNode, false));
PrivilegeBits remove = provider.getBits(JCR_REMOVE_CHILD_NODES, JCR_REMOVE_NODE);
assertEquals(Permissions.REMOVE_NODE, PrivilegeBits.calculatePermissions(remove, PrivilegeBits.EMPTY, false));
assertEquals(Permissions.REMOVE_NODE, PrivilegeBits.calculatePermissions(PrivilegeBits.EMPTY, remove, false));
assertEquals(Permissions.REMOVE_NODE, PrivilegeBits.calculatePermissions(remove, remove, false));
}
@Test
public void testEquals() {
assertEquals(READ_NODES_PRIVILEGE_BITS, READ_NODES_PRIVILEGE_BITS);
assertEquals(READ_NODES_PRIVILEGE_BITS, PrivilegeBits.getInstance(READ_NODES_PRIVILEGE_BITS).unmodifiable());
assertNotEquals(READ_NODES_PRIVILEGE_BITS, PrivilegeBits.getInstance(READ_NODES_PRIVILEGE_BITS));
assertNotEquals(PrivilegeBits.getInstance(READ_NODES_PRIVILEGE_BITS), READ_NODES_PRIVILEGE_BITS);
}
}