oak-authorization-principalbased/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/principalbased/impl/EntryCacheTest.java - jackrabbit-oak - Git at Google

 /*
  * Licensed to the Apache Software Foundation (ASF) under one or more
  * contributor license agreements.  See the NOTICE file distributed with
  * this work for additional information regarding copyright ownership.
  * The ASF licenses this file to You under the Apache License, Version 2.0
  * (the "License"); you may not use this file except in compliance with
  * the License.  You may obtain a copy of the License at
  *
  *      http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
 package org.apache.jackrabbit.oak.spi.security.authorization.principalbased.impl;

 import org.apache.jackrabbit.guava.common.collect.ImmutableSet;
 import org.apache.jackrabbit.oak.api.Tree;
 import org.apache.jackrabbit.oak.api.Type;
 import org.apache.jackrabbit.oak.commons.PathUtils;
 import org.apache.jackrabbit.oak.plugins.tree.TreeUtil;
 import org.apache.jackrabbit.oak.spi.nodetype.NodeTypeConstants;
 import org.apache.jackrabbit.oak.spi.security.authorization.AuthorizationConfiguration;
 import org.apache.jackrabbit.oak.spi.security.authorization.restriction.RestrictionProvider;
 import org.junit.After;
 import org.junit.Before;
 import org.junit.Test;

 import java.util.Collections;
 import java.util.Set;

 import static org.apache.jackrabbit.oak.spi.nodetype.NodeTypeConstants.NT_OAK_UNSTRUCTURED;
 import static org.apache.jackrabbit.oak.spi.security.authorization.accesscontrol.AccessControlConstants.REP_GLOB;
 import static org.apache.jackrabbit.oak.spi.security.authorization.principalbased.impl.Constants.MIX_REP_PRINCIPAL_BASED_MIXIN;
 import static org.apache.jackrabbit.oak.spi.security.authorization.principalbased.impl.Constants.NT_REP_PRINCIPAL_ENTRY;
 import static org.apache.jackrabbit.oak.spi.security.authorization.principalbased.impl.Constants.NT_REP_PRINCIPAL_POLICY;
 import static org.apache.jackrabbit.oak.spi.security.authorization.principalbased.impl.Constants.REP_EFFECTIVE_PATH;
 import static org.apache.jackrabbit.oak.spi.security.authorization.principalbased.impl.Constants.REP_PRINCIPAL_POLICY;
 import static org.apache.jackrabbit.oak.spi.security.authorization.principalbased.impl.Constants.REP_PRIVILEGES;
 import static org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeConstants.JCR_READ;
 import static org.junit.Assert.assertFalse;
 import static org.junit.Assert.assertTrue;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.ArgumentMatchers.eq;
 import static org.mockito.Mockito.reset;
 import static org.mockito.Mockito.spy;
 import static org.mockito.Mockito.verify;
 import static org.mockito.Mockito.verifyNoInteractions;

 public class EntryCacheTest extends AbstractPrincipalBasedTest {

     private RestrictionProvider restrictionProvider;
     private String accessControlledPath;
     private Tree policyTree;

     @Before
     public void before() throws Exception {
         super.before();

         restrictionProvider = spy(getConfig(AuthorizationConfiguration.class).getRestrictionProvider());
         accessControlledPath = getNamePathMapper().getOakPath(getTestSystemUser().getPath());
         Tree accessControlledTree = root.getTree(accessControlledPath);
         TreeUtil.addMixin(accessControlledTree, MIX_REP_PRINCIPAL_BASED_MIXIN, root.getTree(NodeTypeConstants.NODE_TYPES_PATH), "uid");
         policyTree = TreeUtil.addChild(accessControlledTree, REP_PRINCIPAL_POLICY, NT_REP_PRINCIPAL_POLICY);
     }

     @After
     public void after() throws Exception {
         try {
             reset(restrictionProvider);
         } finally {
             super.after();
         }
     }

     @Test
     public void testNoEntries() {
         EntryCache cache = new EntryCache(root, ImmutableSet.of(accessControlledPath), restrictionProvider);
         assertFalse(cache.getEntries(TEST_OAK_PATH).hasNext());
     }

     @Test
     public void testNonEntryChild() throws Exception {
         TreeUtil.addChild(policyTree, "invalidChild", NT_OAK_UNSTRUCTURED);
         EntryCache cache = new EntryCache(root, ImmutableSet.of(accessControlledPath), restrictionProvider);
         assertFalse(cache.getEntries(TEST_OAK_PATH).hasNext());
     }

     @Test
     public void testMissingEntriesForTestPath() throws Exception {
         Tree entry = TreeUtil.addChild(policyTree, "entry1", NT_REP_PRINCIPAL_ENTRY);
         entry.setProperty(REP_EFFECTIVE_PATH, PathUtils.ROOT_PATH, Type.PATH);
         entry.setProperty(REP_PRIVILEGES, ImmutableSet.of(JCR_READ), Type.NAMES);

         EntryCache cache = new EntryCache(root, ImmutableSet.of(accessControlledPath), restrictionProvider);
         assertFalse(cache.getEntries(TEST_OAK_PATH).hasNext());
     }

     @Test
     public void testEntriesForTestPath() throws Exception {
         Tree entry = TreeUtil.addChild(policyTree, "entry1", NT_REP_PRINCIPAL_ENTRY);
         entry.setProperty(REP_EFFECTIVE_PATH, TEST_OAK_PATH, Type.PATH);
         entry.setProperty(REP_PRIVILEGES, ImmutableSet.of(JCR_READ), Type.NAMES);

         EntryCache cache = new EntryCache(root, ImmutableSet.of(accessControlledPath), restrictionProvider);
         assertTrue(cache.getEntries(TEST_OAK_PATH).hasNext());
         verifyNoInteractions(restrictionProvider);
     }

     @Test
     public void testEntriesWithRestrictionsForTestPath() throws Exception {
         Tree entry = TreeUtil.addChild(policyTree, "entry1", NT_REP_PRINCIPAL_ENTRY);
         entry.setProperty(REP_EFFECTIVE_PATH, TEST_OAK_PATH, Type.PATH);
         entry.setProperty(REP_PRIVILEGES, ImmutableSet.of(JCR_READ), Type.NAMES);
         restrictionProvider.writeRestrictions(TEST_OAK_PATH, entry,
                 Collections.singleton(restrictionProvider.createRestriction(TEST_OAK_PATH, REP_GLOB, getValueFactory(root).createValue("test"))));

         EntryCache cache = new EntryCache(root, ImmutableSet.of(accessControlledPath), restrictionProvider);
         assertTrue(cache.getEntries(TEST_OAK_PATH).hasNext());

         verify(restrictionProvider).readRestrictions(eq(TEST_OAK_PATH), any(Tree.class));
         verify(restrictionProvider).getPattern(eq(TEST_OAK_PATH), any(Set.class));
     }
 }
	/*
	* Licensed to the Apache Software Foundation (ASF) under one or more
	* contributor license agreements. See the NOTICE file distributed with
	* this work for additional information regarding copyright ownership.
	* The ASF licenses this file to You under the Apache License, Version 2.0
	* (the "License"); you may not use this file except in compliance with
	* the License. You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing, software
	* distributed under the License is distributed on an "AS IS" BASIS,
	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	* See the License for the specific language governing permissions and
	* limitations under the License.
	*/
	package org.apache.jackrabbit.oak.spi.security.authorization.principalbased.impl;

	import org.apache.jackrabbit.guava.common.collect.ImmutableSet;
	import org.apache.jackrabbit.oak.api.Tree;
	import org.apache.jackrabbit.oak.api.Type;
	import org.apache.jackrabbit.oak.commons.PathUtils;
	import org.apache.jackrabbit.oak.plugins.tree.TreeUtil;
	import org.apache.jackrabbit.oak.spi.nodetype.NodeTypeConstants;
	import org.apache.jackrabbit.oak.spi.security.authorization.AuthorizationConfiguration;
	import org.apache.jackrabbit.oak.spi.security.authorization.restriction.RestrictionProvider;
	import org.junit.After;
	import org.junit.Before;
	import org.junit.Test;

	import java.util.Collections;
	import java.util.Set;

	import static org.apache.jackrabbit.oak.spi.nodetype.NodeTypeConstants.NT_OAK_UNSTRUCTURED;
	import static org.apache.jackrabbit.oak.spi.security.authorization.accesscontrol.AccessControlConstants.REP_GLOB;
	import static org.apache.jackrabbit.oak.spi.security.authorization.principalbased.impl.Constants.MIX_REP_PRINCIPAL_BASED_MIXIN;
	import static org.apache.jackrabbit.oak.spi.security.authorization.principalbased.impl.Constants.NT_REP_PRINCIPAL_ENTRY;
	import static org.apache.jackrabbit.oak.spi.security.authorization.principalbased.impl.Constants.NT_REP_PRINCIPAL_POLICY;
	import static org.apache.jackrabbit.oak.spi.security.authorization.principalbased.impl.Constants.REP_EFFECTIVE_PATH;
	import static org.apache.jackrabbit.oak.spi.security.authorization.principalbased.impl.Constants.REP_PRINCIPAL_POLICY;
	import static org.apache.jackrabbit.oak.spi.security.authorization.principalbased.impl.Constants.REP_PRIVILEGES;
	import static org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeConstants.JCR_READ;
	import static org.junit.Assert.assertFalse;
	import static org.junit.Assert.assertTrue;
	import static org.mockito.ArgumentMatchers.any;
	import static org.mockito.ArgumentMatchers.eq;
	import static org.mockito.Mockito.reset;
	import static org.mockito.Mockito.spy;
	import static org.mockito.Mockito.verify;
	import static org.mockito.Mockito.verifyNoInteractions;

	public class EntryCacheTest extends AbstractPrincipalBasedTest {

	private RestrictionProvider restrictionProvider;
	private String accessControlledPath;
	private Tree policyTree;

	@Before
	public void before() throws Exception {
	super.before();

	restrictionProvider = spy(getConfig(AuthorizationConfiguration.class).getRestrictionProvider());
	accessControlledPath = getNamePathMapper().getOakPath(getTestSystemUser().getPath());
	Tree accessControlledTree = root.getTree(accessControlledPath);
	TreeUtil.addMixin(accessControlledTree, MIX_REP_PRINCIPAL_BASED_MIXIN, root.getTree(NodeTypeConstants.NODE_TYPES_PATH), "uid");
	policyTree = TreeUtil.addChild(accessControlledTree, REP_PRINCIPAL_POLICY, NT_REP_PRINCIPAL_POLICY);
	}

	@After
	public void after() throws Exception {
	try {
	reset(restrictionProvider);
	} finally {
	super.after();
	}
	}

	@Test
	public void testNoEntries() {
	EntryCache cache = new EntryCache(root, ImmutableSet.of(accessControlledPath), restrictionProvider);
	assertFalse(cache.getEntries(TEST_OAK_PATH).hasNext());
	}

	@Test
	public void testNonEntryChild() throws Exception {
	TreeUtil.addChild(policyTree, "invalidChild", NT_OAK_UNSTRUCTURED);
	EntryCache cache = new EntryCache(root, ImmutableSet.of(accessControlledPath), restrictionProvider);
	assertFalse(cache.getEntries(TEST_OAK_PATH).hasNext());
	}

	@Test
	public void testMissingEntriesForTestPath() throws Exception {
	Tree entry = TreeUtil.addChild(policyTree, "entry1", NT_REP_PRINCIPAL_ENTRY);
	entry.setProperty(REP_EFFECTIVE_PATH, PathUtils.ROOT_PATH, Type.PATH);
	entry.setProperty(REP_PRIVILEGES, ImmutableSet.of(JCR_READ), Type.NAMES);

	EntryCache cache = new EntryCache(root, ImmutableSet.of(accessControlledPath), restrictionProvider);
	assertFalse(cache.getEntries(TEST_OAK_PATH).hasNext());
	}

	@Test
	public void testEntriesForTestPath() throws Exception {
	Tree entry = TreeUtil.addChild(policyTree, "entry1", NT_REP_PRINCIPAL_ENTRY);
	entry.setProperty(REP_EFFECTIVE_PATH, TEST_OAK_PATH, Type.PATH);
	entry.setProperty(REP_PRIVILEGES, ImmutableSet.of(JCR_READ), Type.NAMES);

	EntryCache cache = new EntryCache(root, ImmutableSet.of(accessControlledPath), restrictionProvider);
	assertTrue(cache.getEntries(TEST_OAK_PATH).hasNext());
	verifyNoInteractions(restrictionProvider);
	}

	@Test
	public void testEntriesWithRestrictionsForTestPath() throws Exception {
	Tree entry = TreeUtil.addChild(policyTree, "entry1", NT_REP_PRINCIPAL_ENTRY);
	entry.setProperty(REP_EFFECTIVE_PATH, TEST_OAK_PATH, Type.PATH);
	entry.setProperty(REP_PRIVILEGES, ImmutableSet.of(JCR_READ), Type.NAMES);
	restrictionProvider.writeRestrictions(TEST_OAK_PATH, entry,
	Collections.singleton(restrictionProvider.createRestriction(TEST_OAK_PATH, REP_GLOB, getValueFactory(root).createValue("test"))));

	EntryCache cache = new EntryCache(root, ImmutableSet.of(accessControlledPath), restrictionProvider);
	assertTrue(cache.getEntries(TEST_OAK_PATH).hasNext());

	verify(restrictionProvider).readRestrictions(eq(TEST_OAK_PATH), any(Tree.class));
	verify(restrictionProvider).getPattern(eq(TEST_OAK_PATH), any(Set.class));
	}
	}