oak-authorization-principalbased/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/principalbased/impl/RegularTreePermissionTest.java - jackrabbit-oak - Git at Google

 /*
  * Licensed to the Apache Software Foundation (ASF) under one or more
  * contributor license agreements.  See the NOTICE file distributed with
  * this work for additional information regarding copyright ownership.
  * The ASF licenses this file to You under the Apache License, Version 2.0
  * (the "License"); you may not use this file except in compliance with
  * the License.  You may obtain a copy of the License at
  *
  *      http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
 package org.apache.jackrabbit.oak.spi.security.authorization.principalbased.impl;

 import org.apache.jackrabbit.JcrConstants;
 import org.apache.jackrabbit.oak.api.Tree;
 import org.apache.jackrabbit.oak.commons.PathUtils;
 import org.apache.jackrabbit.oak.namepath.NamePathMapper;
 import org.apache.jackrabbit.oak.plugins.tree.TreeType;
 import org.apache.jackrabbit.oak.spi.nodetype.NodeTypeConstants;
 import org.apache.jackrabbit.oak.spi.security.authorization.permission.Permissions;
 import org.apache.jackrabbit.oak.spi.security.authorization.permission.TreePermission;
 import org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeConstants;
 import org.apache.jackrabbit.oak.spi.state.NodeState;
 import org.junit.Before;
 import org.junit.Test;

 import java.security.Principal;

 import static org.apache.jackrabbit.oak.spi.security.authorization.principalbased.impl.Constants.REP_PRINCIPAL_POLICY;
 import static org.junit.Assert.assertEquals;
 import static org.junit.Assert.assertFalse;
 import static org.junit.Assert.assertNotEquals;
 import static org.junit.Assert.assertSame;
 import static org.junit.Assert.assertTrue;
 import static org.mockito.Mockito.mock;

 public class RegularTreePermissionTest extends AbstractPrincipalBasedTest {

     private PrincipalBasedPermissionProvider permissionProvider;

     @Before
     public void before() throws Exception {
         super.before();

         Principal principal = getTestSystemUser().getPrincipal();
         setupContentTrees(TEST_OAK_PATH);
         setupPrincipalBasedAccessControl(principal, testContentJcrPath, PrivilegeConstants.JCR_READ);
         root.commit();

         permissionProvider = createPermissionProvider(root, principal);
     }

     @Override
     protected NamePathMapper getNamePathMapper() {
         return NamePathMapper.DEFAULT;
     }

     @Test
     public void testGetTreePermissionRootTree() {
         Tree rootTree = root.getTree(PathUtils.ROOT_PATH);
         TreePermission tp = permissionProvider.getTreePermission(rootTree, TreePermission.EMPTY);

         assertTrue(tp instanceof AbstractTreePermission);
         AbstractTreePermission atp = (AbstractTreePermission) tp;
         assertNotEquals(rootTree, atp.getTree());
         assertEquals(TreeType.DEFAULT, atp.getType());
     }

     @Test
     public void testGetTreePermissionReadOnlyRootTree() {
         Tree rootTree = getRootProvider().createReadOnlyRoot(root).getTree(PathUtils.ROOT_PATH);
         TreePermission tp = permissionProvider.getTreePermission(rootTree, TreeType.VERSION, mock(TreePermission.class));

         assertTrue(tp instanceof AbstractTreePermission);
         AbstractTreePermission atp = (AbstractTreePermission) tp;
         assertSame(rootTree, atp.getTree());
         assertEquals(TreeType.DEFAULT, atp.getType());
     }

     @Test
     public void testIsGrantedForRootTree() {
         TreePermission tp = permissionProvider.getTreePermission(root.getTree(PathUtils.ROOT_PATH), TreeType.DEFAULT, mock(TreePermission.class));
         assertFalse(tp.isGranted(Permissions.READ));
     }

     @Test
     public void testCanReadForRootTree() {
         TreePermission tp = permissionProvider.getTreePermission(root.getTree(PathUtils.ROOT_PATH), TreeType.DEFAULT, mock(TreePermission.class));
         assertFalse(tp.canRead());
         assertFalse(tp.canRead(MockUtility.createPrimaryTypeProperty(NodeTypeConstants.NT_REP_ROOT)));
     }

     @Test
     public void testRefreshReflectedOnTreePermission() throws Exception {
         TreePermission tp = permissionProvider.getTreePermission(root.getTree(PathUtils.ROOT_PATH), TreePermission.EMPTY);

         setupPrincipalBasedAccessControl(getTestSystemUser().getPrincipal(), PathUtils.ROOT_PATH, PrivilegeConstants.REP_READ_NODES);
         root.commit();
         permissionProvider.refresh();

         assertTrue(tp.canRead());
         assertFalse(tp.canRead(MockUtility.createPrimaryTypeProperty(NodeTypeConstants.NT_REP_ROOT)));
     }

     @Test
     public void testGetTreePermissionMockedParentPermission() throws Exception {
         Tree tree = getRootProvider().createReadOnlyRoot(root).getTree(getNamePathMapper().getOakPath(getTestSystemUser().getPath())).getChild(REP_PRINCIPAL_POLICY);
         assertTrue(tree.exists());
         TreePermission tp = permissionProvider.getTreePermission(tree, mock(TreePermission.class));

         assertTrue(tp instanceof AbstractTreePermission);
         AbstractTreePermission atp = (AbstractTreePermission) tp;
         assertSame(tree, atp.getTree());
         assertEquals(TreeType.ACCESS_CONTROL, atp.getType());
     }

     @Test
     public void testGetTreePermissionNonExistingTree() {
         Tree tree = getRootProvider().createReadOnlyRoot(root).getTree("/nonExisting");
         assertFalse(tree.exists());

         TreePermission tp = permissionProvider.getTreePermission(tree, permissionProvider.getTreePermission(root.getTree(PathUtils.ROOT_PATH), TreePermission.EMPTY));
         assertTrue(tp instanceof AbstractTreePermission);
     }

     @Test
     public void testIsGrantedForTestTree() {
         Tree tree = root.getTree(PathUtils.ROOT_PATH);
         TreePermission tp = permissionProvider.getTreePermission(tree, TreePermission.EMPTY);
         for (String elem : PathUtils.elements(TEST_OAK_PATH)) {
             tree = tree.getChild(elem);
             tp = permissionProvider.getTreePermission(tree, tp);
         }

         assertTrue(tp.isGranted(Permissions.READ));
         assertTrue(tp.isGranted(Permissions.READ, tree.getProperty(JcrConstants.JCR_PRIMARYTYPE)));

         assertFalse(tp.isGranted(Permissions.READ_ACCESS_CONTROL));
         assertFalse(tp.isGranted(Permissions.WRITE));
     }

     @Test
     public void testCanReadForTestTree() {
         Tree tree = root.getTree(PathUtils.ROOT_PATH);
         TreePermission tp = permissionProvider.getTreePermission(tree, TreePermission.EMPTY);
         for (String elem : PathUtils.elements(TEST_OAK_PATH)) {
             tree = tree.getChild(elem);
             tp = permissionProvider.getTreePermission(tree, tp);
         }

         assertTrue(tp.canRead());
         assertTrue(tp.canRead(tree.getProperty(JcrConstants.JCR_PRIMARYTYPE)));
     }

     @Test
     public void testCanReadForTypeAccessControl() throws Exception {
         String principalPath = getNamePathMapper().getOakPath(getTestSystemUser().getPath());
         String policyPath = PathUtils.concat(principalPath, REP_PRINCIPAL_POLICY);

         Tree tree = root.getTree(PathUtils.ROOT_PATH);
         TreePermission tp = permissionProvider.getTreePermission(tree, TreePermission.EMPTY);
         for (String elem : PathUtils.elements(policyPath)) {
             tree = tree.getChild(elem);
             tp = permissionProvider.getTreePermission(tree, tp);
         }

         assertFalse(tp.canRead());

         setupPrincipalBasedAccessControl(getTestSystemUser().getPrincipal(), getTestSystemUser().getPath(), PrivilegeConstants.JCR_READ_ACCESS_CONTROL);
         root.commit();
         permissionProvider.refresh();

         assertTrue(tp.canRead());
     }

     @Test
     public void testGetChildTreePermission() {
         Tree readOnly = getRootProvider().createReadOnlyRoot(root).getTree(PathUtils.ROOT_PATH);
         TreePermission tp = permissionProvider.getTreePermission(readOnly, TreePermission.EMPTY);
         NodeState ns = getTreeProvider().asNodeState(readOnly);
         for (String elem : PathUtils.elements(TEST_OAK_PATH)) {
             ns = ns.getChildNode(elem);
             tp = permissionProvider.getTreePermission(elem, ns, (AbstractTreePermission) tp);
             assertTrue(tp instanceof AbstractTreePermission);
             assertSame(TreeType.DEFAULT, ((AbstractTreePermission) tp).getType());
         }
     }
 }
	/*
	* Licensed to the Apache Software Foundation (ASF) under one or more
	* contributor license agreements. See the NOTICE file distributed with
	* this work for additional information regarding copyright ownership.
	* The ASF licenses this file to You under the Apache License, Version 2.0
	* (the "License"); you may not use this file except in compliance with
	* the License. You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing, software
	* distributed under the License is distributed on an "AS IS" BASIS,
	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	* See the License for the specific language governing permissions and
	* limitations under the License.
	*/
	package org.apache.jackrabbit.oak.spi.security.authorization.principalbased.impl;

	import org.apache.jackrabbit.JcrConstants;
	import org.apache.jackrabbit.oak.api.Tree;
	import org.apache.jackrabbit.oak.commons.PathUtils;
	import org.apache.jackrabbit.oak.namepath.NamePathMapper;
	import org.apache.jackrabbit.oak.plugins.tree.TreeType;
	import org.apache.jackrabbit.oak.spi.nodetype.NodeTypeConstants;
	import org.apache.jackrabbit.oak.spi.security.authorization.permission.Permissions;
	import org.apache.jackrabbit.oak.spi.security.authorization.permission.TreePermission;
	import org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeConstants;
	import org.apache.jackrabbit.oak.spi.state.NodeState;
	import org.junit.Before;
	import org.junit.Test;

	import java.security.Principal;

	import static org.apache.jackrabbit.oak.spi.security.authorization.principalbased.impl.Constants.REP_PRINCIPAL_POLICY;
	import static org.junit.Assert.assertEquals;
	import static org.junit.Assert.assertFalse;
	import static org.junit.Assert.assertNotEquals;
	import static org.junit.Assert.assertSame;
	import static org.junit.Assert.assertTrue;
	import static org.mockito.Mockito.mock;

	public class RegularTreePermissionTest extends AbstractPrincipalBasedTest {

	private PrincipalBasedPermissionProvider permissionProvider;

	@Before
	public void before() throws Exception {
	super.before();

	Principal principal = getTestSystemUser().getPrincipal();
	setupContentTrees(TEST_OAK_PATH);
	setupPrincipalBasedAccessControl(principal, testContentJcrPath, PrivilegeConstants.JCR_READ);
	root.commit();

	permissionProvider = createPermissionProvider(root, principal);
	}

	@Override
	protected NamePathMapper getNamePathMapper() {
	return NamePathMapper.DEFAULT;
	}

	@Test
	public void testGetTreePermissionRootTree() {
	Tree rootTree = root.getTree(PathUtils.ROOT_PATH);
	TreePermission tp = permissionProvider.getTreePermission(rootTree, TreePermission.EMPTY);

	assertTrue(tp instanceof AbstractTreePermission);
	AbstractTreePermission atp = (AbstractTreePermission) tp;
	assertNotEquals(rootTree, atp.getTree());
	assertEquals(TreeType.DEFAULT, atp.getType());
	}

	@Test
	public void testGetTreePermissionReadOnlyRootTree() {
	Tree rootTree = getRootProvider().createReadOnlyRoot(root).getTree(PathUtils.ROOT_PATH);
	TreePermission tp = permissionProvider.getTreePermission(rootTree, TreeType.VERSION, mock(TreePermission.class));

	assertTrue(tp instanceof AbstractTreePermission);
	AbstractTreePermission atp = (AbstractTreePermission) tp;
	assertSame(rootTree, atp.getTree());
	assertEquals(TreeType.DEFAULT, atp.getType());
	}

	@Test
	public void testIsGrantedForRootTree() {
	TreePermission tp = permissionProvider.getTreePermission(root.getTree(PathUtils.ROOT_PATH), TreeType.DEFAULT, mock(TreePermission.class));
	assertFalse(tp.isGranted(Permissions.READ));
	}

	@Test
	public void testCanReadForRootTree() {
	TreePermission tp = permissionProvider.getTreePermission(root.getTree(PathUtils.ROOT_PATH), TreeType.DEFAULT, mock(TreePermission.class));
	assertFalse(tp.canRead());
	assertFalse(tp.canRead(MockUtility.createPrimaryTypeProperty(NodeTypeConstants.NT_REP_ROOT)));
	}

	@Test
	public void testRefreshReflectedOnTreePermission() throws Exception {
	TreePermission tp = permissionProvider.getTreePermission(root.getTree(PathUtils.ROOT_PATH), TreePermission.EMPTY);

	setupPrincipalBasedAccessControl(getTestSystemUser().getPrincipal(), PathUtils.ROOT_PATH, PrivilegeConstants.REP_READ_NODES);
	root.commit();
	permissionProvider.refresh();

	assertTrue(tp.canRead());
	assertFalse(tp.canRead(MockUtility.createPrimaryTypeProperty(NodeTypeConstants.NT_REP_ROOT)));
	}

	@Test
	public void testGetTreePermissionMockedParentPermission() throws Exception {
	Tree tree = getRootProvider().createReadOnlyRoot(root).getTree(getNamePathMapper().getOakPath(getTestSystemUser().getPath())).getChild(REP_PRINCIPAL_POLICY);
	assertTrue(tree.exists());
	TreePermission tp = permissionProvider.getTreePermission(tree, mock(TreePermission.class));

	assertTrue(tp instanceof AbstractTreePermission);
	AbstractTreePermission atp = (AbstractTreePermission) tp;
	assertSame(tree, atp.getTree());
	assertEquals(TreeType.ACCESS_CONTROL, atp.getType());
	}

	@Test
	public void testGetTreePermissionNonExistingTree() {
	Tree tree = getRootProvider().createReadOnlyRoot(root).getTree("/nonExisting");
	assertFalse(tree.exists());

	TreePermission tp = permissionProvider.getTreePermission(tree, permissionProvider.getTreePermission(root.getTree(PathUtils.ROOT_PATH), TreePermission.EMPTY));
	assertTrue(tp instanceof AbstractTreePermission);
	}

	@Test
	public void testIsGrantedForTestTree() {
	Tree tree = root.getTree(PathUtils.ROOT_PATH);
	TreePermission tp = permissionProvider.getTreePermission(tree, TreePermission.EMPTY);
	for (String elem : PathUtils.elements(TEST_OAK_PATH)) {
	tree = tree.getChild(elem);
	tp = permissionProvider.getTreePermission(tree, tp);
	}

	assertTrue(tp.isGranted(Permissions.READ));
	assertTrue(tp.isGranted(Permissions.READ, tree.getProperty(JcrConstants.JCR_PRIMARYTYPE)));

	assertFalse(tp.isGranted(Permissions.READ_ACCESS_CONTROL));
	assertFalse(tp.isGranted(Permissions.WRITE));
	}

	@Test
	public void testCanReadForTestTree() {
	Tree tree = root.getTree(PathUtils.ROOT_PATH);
	TreePermission tp = permissionProvider.getTreePermission(tree, TreePermission.EMPTY);
	for (String elem : PathUtils.elements(TEST_OAK_PATH)) {
	tree = tree.getChild(elem);
	tp = permissionProvider.getTreePermission(tree, tp);
	}

	assertTrue(tp.canRead());
	assertTrue(tp.canRead(tree.getProperty(JcrConstants.JCR_PRIMARYTYPE)));
	}

	@Test
	public void testCanReadForTypeAccessControl() throws Exception {
	String principalPath = getNamePathMapper().getOakPath(getTestSystemUser().getPath());
	String policyPath = PathUtils.concat(principalPath, REP_PRINCIPAL_POLICY);

	Tree tree = root.getTree(PathUtils.ROOT_PATH);
	TreePermission tp = permissionProvider.getTreePermission(tree, TreePermission.EMPTY);
	for (String elem : PathUtils.elements(policyPath)) {
	tree = tree.getChild(elem);
	tp = permissionProvider.getTreePermission(tree, tp);
	}

	assertFalse(tp.canRead());

	setupPrincipalBasedAccessControl(getTestSystemUser().getPrincipal(), getTestSystemUser().getPath(), PrivilegeConstants.JCR_READ_ACCESS_CONTROL);
	root.commit();
	permissionProvider.refresh();

	assertTrue(tp.canRead());
	}

	@Test
	public void testGetChildTreePermission() {
	Tree readOnly = getRootProvider().createReadOnlyRoot(root).getTree(PathUtils.ROOT_PATH);
	TreePermission tp = permissionProvider.getTreePermission(readOnly, TreePermission.EMPTY);
	NodeState ns = getTreeProvider().asNodeState(readOnly);
	for (String elem : PathUtils.elements(TEST_OAK_PATH)) {
	ns = ns.getChildNode(elem);
	tp = permissionProvider.getTreePermission(elem, ns, (AbstractTreePermission) tp);
	assertTrue(tp instanceof AbstractTreePermission);
	assertSame(TreeType.DEFAULT, ((AbstractTreePermission) tp).getType());
	}
	}
	}