oak-authorization-principalbased/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/principalbased/impl/VersionTreePermissionTest.java - jackrabbit-oak - Git at Google

 /*
  * Licensed to the Apache Software Foundation (ASF) under one or more
  * contributor license agreements.  See the NOTICE file distributed with
  * this work for additional information regarding copyright ownership.
  * The ASF licenses this file to You under the Apache License, Version 2.0
  * (the "License"); you may not use this file except in compliance with
  * the License.  You may obtain a copy of the License at
  *
  *      http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
 package org.apache.jackrabbit.oak.spi.security.authorization.principalbased.impl;

 import org.apache.jackrabbit.oak.api.CommitFailedException;
 import org.apache.jackrabbit.oak.api.Tree;
 import org.apache.jackrabbit.oak.commons.PathUtils;
 import org.apache.jackrabbit.oak.namepath.NamePathMapper;
 import org.apache.jackrabbit.oak.plugins.identifier.IdentifierManager;
 import org.apache.jackrabbit.oak.plugins.tree.TreeType;
 import org.apache.jackrabbit.oak.plugins.tree.TreeUtil;
 import org.apache.jackrabbit.oak.plugins.version.ReadOnlyVersionManager;
 import org.apache.jackrabbit.oak.spi.nodetype.NodeTypeConstants;
 import org.apache.jackrabbit.oak.spi.security.authorization.permission.Permissions;
 import org.apache.jackrabbit.oak.spi.security.authorization.permission.TreePermission;
 import org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeConstants;
 import org.apache.jackrabbit.oak.spi.version.VersionConstants;
 import org.jetbrains.annotations.NotNull;
 import org.junit.Before;
 import org.junit.Test;

 import java.security.Principal;

 import static com.google.common.base.Preconditions.checkNotNull;
 import static org.apache.jackrabbit.JcrConstants.JCR_BASEVERSION;
 import static org.apache.jackrabbit.JcrConstants.JCR_FROZENNODE;
 import static org.apache.jackrabbit.JcrConstants.JCR_ISCHECKEDOUT;
 import static org.apache.jackrabbit.JcrConstants.JCR_VERSIONHISTORY;
 import static org.apache.jackrabbit.JcrConstants.NT_VERSIONEDCHILD;
 import static org.apache.jackrabbit.oak.spi.security.authorization.principalbased.impl.MockUtility.mockNodeState;
 import static org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeConstants.JCR_READ;
 import static org.junit.Assert.assertEquals;
 import static org.junit.Assert.assertFalse;
 import static org.junit.Assert.assertNotEquals;
 import static org.junit.Assert.assertSame;
 import static org.junit.Assert.assertTrue;

 public class VersionTreePermissionTest extends AbstractPrincipalBasedTest {
     private Principal testPrincipal;
     private PrincipalBasedPermissionProvider permissionProvider;

     private String contentPath;
     private String childPath;
     private String grandchildPath;

     @Before
     public void before() throws Exception {
         super.before();

         testPrincipal = getTestSystemUser().getPrincipal();
         setupContentTrees(TEST_OAK_PATH);

         contentPath = PathUtils.getAncestorPath(TEST_OAK_PATH, 3);
         childPath = PathUtils.getAncestorPath(TEST_OAK_PATH, 2);
         grandchildPath = PathUtils.getAncestorPath(TEST_OAK_PATH, 1);

         // setup permissions on childPath + TEST_OAK_PATH
         PrincipalPolicyImpl policy = setupPrincipalBasedAccessControl(testPrincipal, getNamePathMapper().getJcrPath(childPath), JCR_READ);
         addPrincipalBasedEntry(policy, getNamePathMapper().getJcrPath(TEST_OAK_PATH), PrivilegeConstants.JCR_VERSION_MANAGEMENT);

         // versionabel nodes: contentPath + grandChildPath + TEST_OAK_PATH
         // -> TEST_OAK_PATH versionable node holds policy, grandchildPath get permissions inherited, and contentPath has no permissions granted
         Tree typeRoot = root.getTree(NodeTypeConstants.NODE_TYPES_PATH);
         for (String path : new String[] {contentPath, grandchildPath, TEST_OAK_PATH}) {
             Tree versionable = root.getTree(path);
             TreeUtil.addMixin(root.getTree(path), NodeTypeConstants.MIX_VERSIONABLE, typeRoot, "uid");
         }
         root.commit();

         // force creation of a new versions (except for TEST_OAK_PATH)
         for (String path : new String[] {contentPath, grandchildPath}) {
             root.getTree(path).setProperty(JCR_ISCHECKEDOUT, false);
             root.commit();
             root.getTree(path).setProperty(JCR_ISCHECKEDOUT, true);
             root.commit();
         }

         permissionProvider = createPermissionProvider(root, testPrincipal);
     }

     @Override
     protected NamePathMapper getNamePathMapper() {
         return NamePathMapper.DEFAULT;
     }

     @NotNull
     private String getPathFromReference(@NotNull String treePath, @NotNull String refProperty) {
         Tree tree = root.getTree(treePath);
         String path = new IdentifierManager(root).getPath(tree.getProperty(refProperty));
         checkNotNull(path);
         return path;
     }

     @NotNull
     private AbstractTreePermission getTreePermission(@NotNull String path) {
         Tree tree = root.getTree(PathUtils.ROOT_PATH);
         TreePermission tp = permissionProvider.getTreePermission(tree, TreePermission.EMPTY);
         for (String elem : PathUtils.elements(path)) {
             tree = tree.getChild(elem);
             tp = permissionProvider.getTreePermission(tree, tp);
         }
         assertTrue(tp instanceof AbstractTreePermission);
         return (AbstractTreePermission) tp;
     }

     @Test
     public void testGetTreePermissionVersionHistory() {
         String vhPath = getPathFromReference(TEST_OAK_PATH, JCR_VERSIONHISTORY);
         AbstractTreePermission tp = getTreePermission(vhPath);

         assertSame(TreeType.VERSION, tp.getType());
         assertNotEquals(vhPath, tp.getTree().getPath());
         assertSame(permissionProvider, tp.getPermissionProvider());
     }

     @Test
     public void testGetTreePermissionVersion() {
         String versionPath = getPathFromReference(TEST_OAK_PATH, JCR_BASEVERSION);
         AbstractTreePermission tp = getTreePermission(versionPath);

         assertSame(TreeType.VERSION, tp.getType());
         assertNotEquals(versionPath, tp.getTree().getPath());
         assertSame(permissionProvider, tp.getPermissionProvider());
     }

     @Test
     public void testGetChildPermissionRootVersionNode() {
         String vhPath = getPathFromReference(contentPath, JCR_VERSIONHISTORY);
         AbstractTreePermission tp = getTreePermission(vhPath);

         TreePermission rootversionTp = tp.getChildPermission(VersionConstants.JCR_ROOTVERSION, mockNodeState(VersionConstants.NT_VERSION));
         assertTrue(rootversionTp instanceof AbstractTreePermission);

         assertSame(tp.getTree(), ((AbstractTreePermission) rootversionTp).getTree());
     }

     @Test
     public void testGetChildPermissionVersion1Node() {
         String vhPath = getPathFromReference(TEST_OAK_PATH, JCR_VERSIONHISTORY);
         AbstractTreePermission tp = getTreePermission(vhPath);

         TreePermission versionTp = tp.getChildPermission("1.0", mockNodeState(VersionConstants.NT_VERSION));
         assertTrue(versionTp instanceof AbstractTreePermission);

         assertSame(tp.getTree(), ((AbstractTreePermission) versionTp).getTree());
     }

     @Test
     public void testGetChildPermissionLabelsNode() {
         String vhPath = getPathFromReference(contentPath, JCR_VERSIONHISTORY);
         AbstractTreePermission tp = getTreePermission(vhPath);

         TreePermission labelsTp = tp.getChildPermission(VersionConstants.JCR_VERSIONLABELS, mockNodeState(VersionConstants.NT_VERSIONLABELS));
         assertTrue(labelsTp instanceof AbstractTreePermission);

         assertSame(tp.getTree(), ((AbstractTreePermission) labelsTp).getTree());
     }

     @Test
     public void testGetChildPermissionFrozenNode() {
         String v1Path = getPathFromReference(grandchildPath, JCR_BASEVERSION);
         Tree v1Tree = root.getTree(v1Path);
         assertTrue(v1Tree.exists());

         AbstractTreePermission tp = getTreePermission(v1Path);
         TreePermission frozenTp = tp.getChildPermission(VersionConstants.JCR_FROZENNODE, getTreeProvider().asNodeState(v1Tree.getChild(JCR_FROZENNODE)));

         assertSame(tp.getTree(), ((AbstractTreePermission) frozenTp).getTree());
     }

     @Test
     public void testVersionedChildNode() {
         String path = PathUtils.concat(getPathFromReference(contentPath, JCR_BASEVERSION), VersionConstants.JCR_FROZENNODE, PathUtils.getName(childPath));
         AbstractTreePermission tp = getTreePermission(path);

         String versionedChildName = PathUtils.getName(grandchildPath);
         String versionedChildPath = PathUtils.concat(path, versionedChildName);
         Tree versionedChildTree = root.getTree(versionedChildPath);
         assertEquals(NT_VERSIONEDCHILD, TreeUtil.getPrimaryTypeName(versionedChildTree));

         TreePermission versionedChildTp = tp.getChildPermission(versionedChildName, getTreeProvider().asNodeState(versionedChildTree));
         assertTrue(versionedChildTp instanceof AbstractTreePermission);

         Tree childVersionHistory = root.getTree(getPathFromReference(versionedChildPath, VersionConstants.JCR_CHILD_VERSION_HISTORY));
         assertTrue(childVersionHistory.exists());
         Tree versionable = ReadOnlyVersionManager.getInstance(root, getNamePathMapper()).getVersionable(childVersionHistory, root.getContentSession().getWorkspaceName());

         assertEquals(versionable.getPath(), ((AbstractTreePermission) versionedChildTp).getTree().getPath());
     }

     @Test
     public void testVersionedChildNodePointingToRemovedVH() throws CommitFailedException {
         root.getTree(TEST_OAK_PATH).remove();
         root.commit();
         permissionProvider.refresh();

         String path = PathUtils.concat(getPathFromReference(grandchildPath, JCR_BASEVERSION), JCR_FROZENNODE);
         AbstractTreePermission tp = getTreePermission(path);

         String versionedChildName = PathUtils.getName(TEST_OAK_PATH);
         String versionedChildPath = PathUtils.concat(path, versionedChildName);
         Tree versionedChildTree = root.getTree(versionedChildPath);
         assertEquals(NT_VERSIONEDCHILD, TreeUtil.getPrimaryTypeName(versionedChildTree));

         TreePermission versionedChildTp = tp.getChildPermission(versionedChildName, getTreeProvider().asNodeState(versionedChildTree));
         assertTrue(versionedChildTp instanceof AbstractTreePermission);

         assertEquals(TEST_OAK_PATH, ((AbstractTreePermission) versionedChildTp).getTree().getPath());
         assertTrue(versionedChildTp.canRead());
         // version-mgt permission still granted because it is not stored on the removed node
         assertTrue(versionedChildTp.isGranted(Permissions.VERSION_MANAGEMENT));
     }


     @Test
     public void testGetChildPermissionCopiedChild() {
         String frozenPath = PathUtils.concat(getPathFromReference(contentPath, JCR_BASEVERSION), JCR_FROZENNODE);
         AbstractTreePermission tp = getTreePermission(frozenPath);

         String copiedChildName = PathUtils.getName(childPath);
         Tree copiedChildTree = root.getTree(PathUtils.concat(frozenPath, copiedChildName));

         TreePermission copiedChildTp = tp.getChildPermission(copiedChildName, getTreeProvider().asNodeState(copiedChildTree));
         assertTrue(copiedChildTp instanceof AbstractTreePermission);

         assertEquals(childPath, ((AbstractTreePermission) copiedChildTp).getTree().getPath());
     }

     @Test
     public void testIsGrantedVersionHistoryNode() {
         String vhPath = getPathFromReference(contentPath, JCR_VERSIONHISTORY);
         AbstractTreePermission tp = getTreePermission(vhPath);
         assertFalse(tp.canRead());
         assertFalse(tp.isGranted(Permissions.VERSION_MANAGEMENT));

         vhPath = getPathFromReference(grandchildPath, JCR_VERSIONHISTORY);
         tp = getTreePermission(vhPath);
         assertTrue(tp.canRead());
         assertFalse(tp.isGranted(Permissions.VERSION_MANAGEMENT));

         vhPath = getPathFromReference(TEST_OAK_PATH, JCR_VERSIONHISTORY);
         tp = getTreePermission(vhPath);
         assertTrue(tp.canRead());
         assertTrue(tp.isGranted(Permissions.VERSION_MANAGEMENT));
     }

     @Test
     public void testIsGrantedVersionNode() {
         String vPath = getPathFromReference(contentPath, JCR_BASEVERSION);
         AbstractTreePermission tp = getTreePermission(vPath);
         assertFalse(tp.canRead());
         assertFalse(tp.isGranted(Permissions.VERSION_MANAGEMENT));

         vPath = getPathFromReference(grandchildPath, JCR_BASEVERSION);
         tp = getTreePermission(vPath);
         assertTrue(tp.canRead());
         assertFalse(tp.isGranted(Permissions.VERSION_MANAGEMENT));

         vPath = getPathFromReference(TEST_OAK_PATH, JCR_BASEVERSION);
         tp = getTreePermission(vPath);
         assertTrue(tp.canRead());
         assertTrue(tp.isGranted(Permissions.VERSION_MANAGEMENT));
     }

     @Test
     public void testIsGrantedFrozenNode() {
         String frozenPath = PathUtils.concat(getPathFromReference(contentPath, JCR_BASEVERSION), JCR_FROZENNODE);
         AbstractTreePermission tp = getTreePermission(frozenPath);
         assertFalse(tp.canRead());
         assertFalse(tp.isGranted(Permissions.VERSION_MANAGEMENT));

         frozenPath = PathUtils.concat(getPathFromReference(grandchildPath, JCR_BASEVERSION), JCR_FROZENNODE);
         tp = getTreePermission(frozenPath);
         assertTrue(tp.canRead());
         assertFalse(tp.isGranted(Permissions.VERSION_MANAGEMENT));

         frozenPath = PathUtils.concat(getPathFromReference(TEST_OAK_PATH, JCR_BASEVERSION), JCR_FROZENNODE);
         tp = getTreePermission(frozenPath);
         assertTrue(tp.canRead());
         assertTrue(tp.isGranted(Permissions.VERSION_MANAGEMENT));
     }

     @Test
     public void testIsGrantedCopiedChild() {
         String copiedChildPath = PathUtils.concat(getPathFromReference(contentPath, JCR_BASEVERSION), JCR_FROZENNODE, PathUtils.getName(childPath));
         assertTrue(root.getTree(copiedChildPath).exists());

         AbstractTreePermission tp = getTreePermission(copiedChildPath);
         assertTrue(tp.canRead());
         assertFalse(tp.isGranted(Permissions.VERSION_MANAGEMENT));
     }

     @Test
     public void testIsGrantedVersionedChild() {
         String versionedChildPath = PathUtils.concat(getPathFromReference(grandchildPath, JCR_BASEVERSION), JCR_FROZENNODE, PathUtils.getName(TEST_OAK_PATH));
         assertTrue(root.getTree(versionedChildPath).exists());

         AbstractTreePermission tp = getTreePermission(versionedChildPath);
         assertTrue(tp.canRead());
         assertTrue(tp.isGranted(Permissions.VERSION_MANAGEMENT));
     }
 }
	/*
	* Licensed to the Apache Software Foundation (ASF) under one or more
	* contributor license agreements. See the NOTICE file distributed with
	* this work for additional information regarding copyright ownership.
	* The ASF licenses this file to You under the Apache License, Version 2.0
	* (the "License"); you may not use this file except in compliance with
	* the License. You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing, software
	* distributed under the License is distributed on an "AS IS" BASIS,
	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	* See the License for the specific language governing permissions and
	* limitations under the License.
	*/
	package org.apache.jackrabbit.oak.spi.security.authorization.principalbased.impl;

	import org.apache.jackrabbit.oak.api.CommitFailedException;
	import org.apache.jackrabbit.oak.api.Tree;
	import org.apache.jackrabbit.oak.commons.PathUtils;
	import org.apache.jackrabbit.oak.namepath.NamePathMapper;
	import org.apache.jackrabbit.oak.plugins.identifier.IdentifierManager;
	import org.apache.jackrabbit.oak.plugins.tree.TreeType;
	import org.apache.jackrabbit.oak.plugins.tree.TreeUtil;
	import org.apache.jackrabbit.oak.plugins.version.ReadOnlyVersionManager;
	import org.apache.jackrabbit.oak.spi.nodetype.NodeTypeConstants;
	import org.apache.jackrabbit.oak.spi.security.authorization.permission.Permissions;
	import org.apache.jackrabbit.oak.spi.security.authorization.permission.TreePermission;
	import org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeConstants;
	import org.apache.jackrabbit.oak.spi.version.VersionConstants;
	import org.jetbrains.annotations.NotNull;
	import org.junit.Before;
	import org.junit.Test;

	import java.security.Principal;

	import static com.google.common.base.Preconditions.checkNotNull;
	import static org.apache.jackrabbit.JcrConstants.JCR_BASEVERSION;
	import static org.apache.jackrabbit.JcrConstants.JCR_FROZENNODE;
	import static org.apache.jackrabbit.JcrConstants.JCR_ISCHECKEDOUT;
	import static org.apache.jackrabbit.JcrConstants.JCR_VERSIONHISTORY;
	import static org.apache.jackrabbit.JcrConstants.NT_VERSIONEDCHILD;
	import static org.apache.jackrabbit.oak.spi.security.authorization.principalbased.impl.MockUtility.mockNodeState;
	import static org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeConstants.JCR_READ;
	import static org.junit.Assert.assertEquals;
	import static org.junit.Assert.assertFalse;
	import static org.junit.Assert.assertNotEquals;
	import static org.junit.Assert.assertSame;
	import static org.junit.Assert.assertTrue;

	public class VersionTreePermissionTest extends AbstractPrincipalBasedTest {
	private Principal testPrincipal;
	private PrincipalBasedPermissionProvider permissionProvider;

	private String contentPath;
	private String childPath;
	private String grandchildPath;

	@Before
	public void before() throws Exception {
	super.before();

	testPrincipal = getTestSystemUser().getPrincipal();
	setupContentTrees(TEST_OAK_PATH);

	contentPath = PathUtils.getAncestorPath(TEST_OAK_PATH, 3);
	childPath = PathUtils.getAncestorPath(TEST_OAK_PATH, 2);
	grandchildPath = PathUtils.getAncestorPath(TEST_OAK_PATH, 1);

	// setup permissions on childPath + TEST_OAK_PATH
	PrincipalPolicyImpl policy = setupPrincipalBasedAccessControl(testPrincipal, getNamePathMapper().getJcrPath(childPath), JCR_READ);
	addPrincipalBasedEntry(policy, getNamePathMapper().getJcrPath(TEST_OAK_PATH), PrivilegeConstants.JCR_VERSION_MANAGEMENT);

	// versionabel nodes: contentPath + grandChildPath + TEST_OAK_PATH
	// -> TEST_OAK_PATH versionable node holds policy, grandchildPath get permissions inherited, and contentPath has no permissions granted
	Tree typeRoot = root.getTree(NodeTypeConstants.NODE_TYPES_PATH);
	for (String path : new String[] {contentPath, grandchildPath, TEST_OAK_PATH}) {
	Tree versionable = root.getTree(path);
	TreeUtil.addMixin(root.getTree(path), NodeTypeConstants.MIX_VERSIONABLE, typeRoot, "uid");
	}
	root.commit();

	// force creation of a new versions (except for TEST_OAK_PATH)
	for (String path : new String[] {contentPath, grandchildPath}) {
	root.getTree(path).setProperty(JCR_ISCHECKEDOUT, false);
	root.commit();
	root.getTree(path).setProperty(JCR_ISCHECKEDOUT, true);
	root.commit();
	}

	permissionProvider = createPermissionProvider(root, testPrincipal);
	}

	@Override
	protected NamePathMapper getNamePathMapper() {
	return NamePathMapper.DEFAULT;
	}

	@NotNull
	private String getPathFromReference(@NotNull String treePath, @NotNull String refProperty) {
	Tree tree = root.getTree(treePath);
	String path = new IdentifierManager(root).getPath(tree.getProperty(refProperty));
	checkNotNull(path);
	return path;
	}

	@NotNull
	private AbstractTreePermission getTreePermission(@NotNull String path) {
	Tree tree = root.getTree(PathUtils.ROOT_PATH);
	TreePermission tp = permissionProvider.getTreePermission(tree, TreePermission.EMPTY);
	for (String elem : PathUtils.elements(path)) {
	tree = tree.getChild(elem);
	tp = permissionProvider.getTreePermission(tree, tp);
	}
	assertTrue(tp instanceof AbstractTreePermission);
	return (AbstractTreePermission) tp;
	}

	@Test
	public void testGetTreePermissionVersionHistory() {
	String vhPath = getPathFromReference(TEST_OAK_PATH, JCR_VERSIONHISTORY);
	AbstractTreePermission tp = getTreePermission(vhPath);

	assertSame(TreeType.VERSION, tp.getType());
	assertNotEquals(vhPath, tp.getTree().getPath());
	assertSame(permissionProvider, tp.getPermissionProvider());
	}

	@Test
	public void testGetTreePermissionVersion() {
	String versionPath = getPathFromReference(TEST_OAK_PATH, JCR_BASEVERSION);
	AbstractTreePermission tp = getTreePermission(versionPath);

	assertSame(TreeType.VERSION, tp.getType());
	assertNotEquals(versionPath, tp.getTree().getPath());
	assertSame(permissionProvider, tp.getPermissionProvider());
	}

	@Test
	public void testGetChildPermissionRootVersionNode() {
	String vhPath = getPathFromReference(contentPath, JCR_VERSIONHISTORY);
	AbstractTreePermission tp = getTreePermission(vhPath);

	TreePermission rootversionTp = tp.getChildPermission(VersionConstants.JCR_ROOTVERSION, mockNodeState(VersionConstants.NT_VERSION));
	assertTrue(rootversionTp instanceof AbstractTreePermission);

	assertSame(tp.getTree(), ((AbstractTreePermission) rootversionTp).getTree());
	}

	@Test
	public void testGetChildPermissionVersion1Node() {
	String vhPath = getPathFromReference(TEST_OAK_PATH, JCR_VERSIONHISTORY);
	AbstractTreePermission tp = getTreePermission(vhPath);

	TreePermission versionTp = tp.getChildPermission("1.0", mockNodeState(VersionConstants.NT_VERSION));
	assertTrue(versionTp instanceof AbstractTreePermission);

	assertSame(tp.getTree(), ((AbstractTreePermission) versionTp).getTree());
	}

	@Test
	public void testGetChildPermissionLabelsNode() {
	String vhPath = getPathFromReference(contentPath, JCR_VERSIONHISTORY);
	AbstractTreePermission tp = getTreePermission(vhPath);

	TreePermission labelsTp = tp.getChildPermission(VersionConstants.JCR_VERSIONLABELS, mockNodeState(VersionConstants.NT_VERSIONLABELS));
	assertTrue(labelsTp instanceof AbstractTreePermission);

	assertSame(tp.getTree(), ((AbstractTreePermission) labelsTp).getTree());
	}

	@Test
	public void testGetChildPermissionFrozenNode() {
	String v1Path = getPathFromReference(grandchildPath, JCR_BASEVERSION);
	Tree v1Tree = root.getTree(v1Path);
	assertTrue(v1Tree.exists());

	AbstractTreePermission tp = getTreePermission(v1Path);
	TreePermission frozenTp = tp.getChildPermission(VersionConstants.JCR_FROZENNODE, getTreeProvider().asNodeState(v1Tree.getChild(JCR_FROZENNODE)));

	assertSame(tp.getTree(), ((AbstractTreePermission) frozenTp).getTree());
	}

	@Test
	public void testVersionedChildNode() {
	String path = PathUtils.concat(getPathFromReference(contentPath, JCR_BASEVERSION), VersionConstants.JCR_FROZENNODE, PathUtils.getName(childPath));
	AbstractTreePermission tp = getTreePermission(path);

	String versionedChildName = PathUtils.getName(grandchildPath);
	String versionedChildPath = PathUtils.concat(path, versionedChildName);
	Tree versionedChildTree = root.getTree(versionedChildPath);
	assertEquals(NT_VERSIONEDCHILD, TreeUtil.getPrimaryTypeName(versionedChildTree));

	TreePermission versionedChildTp = tp.getChildPermission(versionedChildName, getTreeProvider().asNodeState(versionedChildTree));
	assertTrue(versionedChildTp instanceof AbstractTreePermission);

	Tree childVersionHistory = root.getTree(getPathFromReference(versionedChildPath, VersionConstants.JCR_CHILD_VERSION_HISTORY));
	assertTrue(childVersionHistory.exists());
	Tree versionable = ReadOnlyVersionManager.getInstance(root, getNamePathMapper()).getVersionable(childVersionHistory, root.getContentSession().getWorkspaceName());

	assertEquals(versionable.getPath(), ((AbstractTreePermission) versionedChildTp).getTree().getPath());
	}

	@Test
	public void testVersionedChildNodePointingToRemovedVH() throws CommitFailedException {
	root.getTree(TEST_OAK_PATH).remove();
	root.commit();
	permissionProvider.refresh();

	String path = PathUtils.concat(getPathFromReference(grandchildPath, JCR_BASEVERSION), JCR_FROZENNODE);
	AbstractTreePermission tp = getTreePermission(path);

	String versionedChildName = PathUtils.getName(TEST_OAK_PATH);
	String versionedChildPath = PathUtils.concat(path, versionedChildName);
	Tree versionedChildTree = root.getTree(versionedChildPath);
	assertEquals(NT_VERSIONEDCHILD, TreeUtil.getPrimaryTypeName(versionedChildTree));

	TreePermission versionedChildTp = tp.getChildPermission(versionedChildName, getTreeProvider().asNodeState(versionedChildTree));
	assertTrue(versionedChildTp instanceof AbstractTreePermission);

	assertEquals(TEST_OAK_PATH, ((AbstractTreePermission) versionedChildTp).getTree().getPath());
	assertTrue(versionedChildTp.canRead());
	// version-mgt permission still granted because it is not stored on the removed node
	assertTrue(versionedChildTp.isGranted(Permissions.VERSION_MANAGEMENT));
	}


	@Test
	public void testGetChildPermissionCopiedChild() {
	String frozenPath = PathUtils.concat(getPathFromReference(contentPath, JCR_BASEVERSION), JCR_FROZENNODE);
	AbstractTreePermission tp = getTreePermission(frozenPath);

	String copiedChildName = PathUtils.getName(childPath);
	Tree copiedChildTree = root.getTree(PathUtils.concat(frozenPath, copiedChildName));

	TreePermission copiedChildTp = tp.getChildPermission(copiedChildName, getTreeProvider().asNodeState(copiedChildTree));
	assertTrue(copiedChildTp instanceof AbstractTreePermission);

	assertEquals(childPath, ((AbstractTreePermission) copiedChildTp).getTree().getPath());
	}

	@Test
	public void testIsGrantedVersionHistoryNode() {
	String vhPath = getPathFromReference(contentPath, JCR_VERSIONHISTORY);
	AbstractTreePermission tp = getTreePermission(vhPath);
	assertFalse(tp.canRead());
	assertFalse(tp.isGranted(Permissions.VERSION_MANAGEMENT));

	vhPath = getPathFromReference(grandchildPath, JCR_VERSIONHISTORY);
	tp = getTreePermission(vhPath);
	assertTrue(tp.canRead());
	assertFalse(tp.isGranted(Permissions.VERSION_MANAGEMENT));

	vhPath = getPathFromReference(TEST_OAK_PATH, JCR_VERSIONHISTORY);
	tp = getTreePermission(vhPath);
	assertTrue(tp.canRead());
	assertTrue(tp.isGranted(Permissions.VERSION_MANAGEMENT));
	}

	@Test
	public void testIsGrantedVersionNode() {
	String vPath = getPathFromReference(contentPath, JCR_BASEVERSION);
	AbstractTreePermission tp = getTreePermission(vPath);
	assertFalse(tp.canRead());
	assertFalse(tp.isGranted(Permissions.VERSION_MANAGEMENT));

	vPath = getPathFromReference(grandchildPath, JCR_BASEVERSION);
	tp = getTreePermission(vPath);
	assertTrue(tp.canRead());
	assertFalse(tp.isGranted(Permissions.VERSION_MANAGEMENT));

	vPath = getPathFromReference(TEST_OAK_PATH, JCR_BASEVERSION);
	tp = getTreePermission(vPath);
	assertTrue(tp.canRead());
	assertTrue(tp.isGranted(Permissions.VERSION_MANAGEMENT));
	}

	@Test
	public void testIsGrantedFrozenNode() {
	String frozenPath = PathUtils.concat(getPathFromReference(contentPath, JCR_BASEVERSION), JCR_FROZENNODE);
	AbstractTreePermission tp = getTreePermission(frozenPath);
	assertFalse(tp.canRead());
	assertFalse(tp.isGranted(Permissions.VERSION_MANAGEMENT));

	frozenPath = PathUtils.concat(getPathFromReference(grandchildPath, JCR_BASEVERSION), JCR_FROZENNODE);
	tp = getTreePermission(frozenPath);
	assertTrue(tp.canRead());
	assertFalse(tp.isGranted(Permissions.VERSION_MANAGEMENT));

	frozenPath = PathUtils.concat(getPathFromReference(TEST_OAK_PATH, JCR_BASEVERSION), JCR_FROZENNODE);
	tp = getTreePermission(frozenPath);
	assertTrue(tp.canRead());
	assertTrue(tp.isGranted(Permissions.VERSION_MANAGEMENT));
	}

	@Test
	public void testIsGrantedCopiedChild() {
	String copiedChildPath = PathUtils.concat(getPathFromReference(contentPath, JCR_BASEVERSION), JCR_FROZENNODE, PathUtils.getName(childPath));
	assertTrue(root.getTree(copiedChildPath).exists());

	AbstractTreePermission tp = getTreePermission(copiedChildPath);
	assertTrue(tp.canRead());
	assertFalse(tp.isGranted(Permissions.VERSION_MANAGEMENT));
	}

	@Test
	public void testIsGrantedVersionedChild() {
	String versionedChildPath = PathUtils.concat(getPathFromReference(grandchildPath, JCR_BASEVERSION), JCR_FROZENNODE, PathUtils.getName(TEST_OAK_PATH));
	assertTrue(root.getTree(versionedChildPath).exists());

	AbstractTreePermission tp = getTreePermission(versionedChildPath);
	assertTrue(tp.canRead());
	assertTrue(tp.isGranted(Permissions.VERSION_MANAGEMENT));
	}
	}