sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/privilege/solr/TestCommonPrivilegeForSolr.java - sentry - Git at Google

 /*
  * Licensed to the Apache Software Foundation (ASF) under one or more
  * contributor license agreements.  See the NOTICE file distributed with
  * this work for additional information regarding copyright ownership.
  * The ASF licenses this file to You under the Apache License, Version 2.0
  * (the "License"); you may not use this file except in compliance with
  * the License.  You may obtain a copy of the License at
  *
  *      http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
 package org.apache.sentry.privilege.solr;

 import org.apache.sentry.core.common.Model;
 import org.apache.sentry.core.common.utils.KeyValue;
 import org.apache.sentry.core.common.utils.SentryConstants;
 import org.apache.sentry.core.model.solr.SolrConstants;
 import org.apache.sentry.core.model.solr.SolrPrivilegeModel;
 import org.apache.sentry.policy.common.CommonPrivilege;
 import org.apache.sentry.policy.common.Privilege;
 import org.junit.Before;
 import org.junit.Test;

 import java.util.List;

 import static junit.framework.Assert.assertFalse;
 import static junit.framework.Assert.assertTrue;

 /**
  * This class implements a set of unit tests designed to verify {@linkplain SolrPrivilegeModel}
  */
 public class TestCommonPrivilegeForSolr {

   private Model solrPrivilegeModel;

   private static final String ALL = SolrConstants.ALL;

   @Before
   public void prepareData() {
     solrPrivilegeModel = SolrPrivilegeModel.getInstance();
   }

   @Test
   public void testSimpleNoAction() throws Exception {
     CommonPrivilege collection1 = create(new KeyValue("collection", "coll1"));
     CommonPrivilege collection2 = create(new KeyValue("collection", "coll2"));
     CommonPrivilege collection1Case = create(new KeyValue("colleCtIon", "coLl1"));

     assertTrue(collection1.implies(collection1, solrPrivilegeModel));
     assertTrue(collection2.implies(collection2, solrPrivilegeModel));
     assertTrue(collection1.implies(collection1Case, solrPrivilegeModel));
     assertTrue(collection1Case.implies(collection1, solrPrivilegeModel));

     assertFalse(collection1.implies(collection2, solrPrivilegeModel));
     assertFalse(collection1Case.implies(collection2, solrPrivilegeModel));
     assertFalse(collection2.implies(collection1, solrPrivilegeModel));
     assertFalse(collection2.implies(collection1Case, solrPrivilegeModel));
   }

   @Test
   public void testAdminNoAction() throws Exception {
     CommonPrivilege globalAdmin = create(new KeyValue("admin", SolrConstants.ALL));
     CommonPrivilege coreAdmin = create(new KeyValue("admin", "core"));
     CommonPrivilege collectionAdmin = create(new KeyValue("admin", "collection"));
     CommonPrivilege securityAdmin = create(new KeyValue("admin", "security"));

     assertTrue(coreAdmin.implies(coreAdmin, solrPrivilegeModel));
     assertFalse(coreAdmin.implies(collectionAdmin, solrPrivilegeModel));
     assertFalse(coreAdmin.implies(securityAdmin, solrPrivilegeModel));
     // TODO - Check if this is a bug ?
     // assertFalse(coreAdmin.implies(globalAdmin, solrPrivilegeModel));

     assertTrue(collectionAdmin.implies(collectionAdmin, solrPrivilegeModel));
     assertFalse(collectionAdmin.implies(coreAdmin, solrPrivilegeModel));
     assertFalse(collectionAdmin.implies(securityAdmin, solrPrivilegeModel));
     // TODO - Check if this is a bug ?
     // assertFalse(collectionAdmin.implies(globalAdmin, solrPrivilegeModel));

     assertTrue(securityAdmin.implies(securityAdmin, solrPrivilegeModel));
     assertFalse(securityAdmin.implies(collectionAdmin, solrPrivilegeModel));
     assertFalse(securityAdmin.implies(coreAdmin, solrPrivilegeModel));
     // TODO - Check if this is a bug ?
     // assertFalse(securityAdmin.implies(globalAdmin, solrPrivilegeModel));

     assertTrue(globalAdmin.implies(globalAdmin, solrPrivilegeModel));
     assertTrue(globalAdmin.implies(collectionAdmin, solrPrivilegeModel));
     assertTrue(globalAdmin.implies(coreAdmin, solrPrivilegeModel));
     assertTrue(globalAdmin.implies(securityAdmin, solrPrivilegeModel));
   }

   @Test
   public void testSimpleAction() throws Exception {
     CommonPrivilege query =
         create(new KeyValue("collection", "coll1"), new KeyValue("action", "query"));
     CommonPrivilege update =
         create(new KeyValue("collection", "coll1"), new KeyValue("action", "update"));
     CommonPrivilege queryCase =
         create(new KeyValue("colleCtIon", "coLl1"), new KeyValue("AcTiOn", "QuERy"));

     assertTrue(query.implies(query, solrPrivilegeModel));
     assertTrue(update.implies(update, solrPrivilegeModel));
     assertTrue(query.implies(queryCase, solrPrivilegeModel));
     assertTrue(queryCase.implies(query, solrPrivilegeModel));

     assertFalse(query.implies(update, solrPrivilegeModel));
     assertFalse(queryCase.implies(update, solrPrivilegeModel));
     assertFalse(update.implies(query, solrPrivilegeModel));
     assertFalse(update.implies(queryCase, solrPrivilegeModel));
   }

   @Test
   public void testAdminAction() throws Exception {
     CommonPrivilege query =
         create(new KeyValue("admin", SolrConstants.ALL), new KeyValue("action", "query"));
     CommonPrivilege update =
         create(new KeyValue("admin", SolrConstants.ALL), new KeyValue("action", "update"));
     CommonPrivilege queryCase =
         create(new KeyValue("admin", SolrConstants.ALL), new KeyValue("AcTiOn", "QuERy"));

     assertTrue(query.implies(query, solrPrivilegeModel));
     assertTrue(update.implies(update, solrPrivilegeModel));
     assertTrue(query.implies(queryCase, solrPrivilegeModel));
     assertTrue(queryCase.implies(query, solrPrivilegeModel));

     assertFalse(query.implies(update, solrPrivilegeModel));
     assertFalse(queryCase.implies(update, solrPrivilegeModel));
     assertFalse(update.implies(query, solrPrivilegeModel));
     assertFalse(update.implies(queryCase, solrPrivilegeModel));
   }

   @Test
   public void testRoleShorterThanRequest() throws Exception {
     CommonPrivilege collection1 = create(new KeyValue("collection", "coll1"));
     CommonPrivilege query =
         create(new KeyValue("collection", "coll1"), new KeyValue("action", "query"));
     CommonPrivilege update =
         create(new KeyValue("collection", "coll1"), new KeyValue("action", "update"));
     CommonPrivilege all =
         create(new KeyValue("collection", "coll1"), new KeyValue("action", ALL));

     assertTrue(collection1.implies(query, solrPrivilegeModel));
     assertTrue(collection1.implies(update, solrPrivilegeModel));
     assertTrue(collection1.implies(all, solrPrivilegeModel));

     assertFalse(query.implies(collection1, solrPrivilegeModel));
     assertFalse(update.implies(collection1, solrPrivilegeModel));
     assertTrue(all.implies(collection1, solrPrivilegeModel));
   }

   @Test
   public void testAdminRoleShorterThanRequest() throws Exception {
     CommonPrivilege globalAdmin = create(new KeyValue("admin", "*"));
     CommonPrivilege query =
         create(new KeyValue("admin", "core"), new KeyValue("action", "query"));
     CommonPrivilege update =
         create(new KeyValue("admin", "core"), new KeyValue("action", "update"));
     CommonPrivilege all = create(new KeyValue("admin", "*"), new KeyValue("action", ALL));

     assertTrue(globalAdmin.implies(query, solrPrivilegeModel));
     assertTrue(globalAdmin.implies(update, solrPrivilegeModel));
     assertTrue(globalAdmin.implies(all, solrPrivilegeModel));

     assertFalse(query.implies(globalAdmin, solrPrivilegeModel));
     assertFalse(update.implies(globalAdmin, solrPrivilegeModel));
     assertTrue(all.implies(globalAdmin, solrPrivilegeModel));
   }

   @Test
   public void testCollectionAll() throws Exception {
     CommonPrivilege collectionAll = create(new KeyValue("collection", ALL));
     CommonPrivilege collection1 = create(new KeyValue("collection", "coll1"));
     assertTrue(collectionAll.implies(collection1, solrPrivilegeModel));
     assertTrue(collection1.implies(collectionAll, solrPrivilegeModel));

     CommonPrivilege allUpdate =
         create(new KeyValue("collection", ALL), new KeyValue("action", "update"));
     CommonPrivilege allQuery =
         create(new KeyValue("collection", ALL), new KeyValue("action", "query"));
     CommonPrivilege coll1Update =
         create(new KeyValue("collection", "coll1"), new KeyValue("action", "update"));
     CommonPrivilege coll1Query =
         create(new KeyValue("collection", "coll1"), new KeyValue("action", "query"));
     assertTrue(allUpdate.implies(coll1Update, solrPrivilegeModel));
     assertTrue(allQuery.implies(coll1Query, solrPrivilegeModel));
     assertTrue(coll1Update.implies(allUpdate, solrPrivilegeModel));
     assertTrue(coll1Query.implies(allQuery, solrPrivilegeModel));
     assertFalse(allUpdate.implies(coll1Query, solrPrivilegeModel));
     assertFalse(coll1Update.implies(coll1Query, solrPrivilegeModel));
     assertFalse(allQuery.implies(coll1Update, solrPrivilegeModel));
     assertFalse(coll1Query.implies(allUpdate, solrPrivilegeModel));
     assertFalse(allUpdate.implies(allQuery, solrPrivilegeModel));
     assertFalse(allQuery.implies(allUpdate, solrPrivilegeModel));
     assertFalse(coll1Update.implies(coll1Query, solrPrivilegeModel));
     assertFalse(coll1Query.implies(coll1Update, solrPrivilegeModel));

     // test different length paths
     assertTrue(collectionAll.implies(allUpdate, solrPrivilegeModel));
     assertTrue(collectionAll.implies(allQuery, solrPrivilegeModel));
     assertTrue(collectionAll.implies(coll1Update, solrPrivilegeModel));
     assertTrue(collectionAll.implies(coll1Query, solrPrivilegeModel));
     assertFalse(allUpdate.implies(collectionAll, solrPrivilegeModel));
     assertFalse(allQuery.implies(collectionAll, solrPrivilegeModel));
     assertFalse(coll1Update.implies(collectionAll, solrPrivilegeModel));
     assertFalse(coll1Query.implies(collectionAll, solrPrivilegeModel));
   }

   @Test
   public void testActionAll() throws Exception {
     CommonPrivilege coll1All =
         create(new KeyValue("collection", "coll1"), new KeyValue("action", ALL));
     CommonPrivilege coll1Update =
         create(new KeyValue("collection", "coll1"), new KeyValue("action", "update"));
     CommonPrivilege coll1Query =
         create(new KeyValue("collection", "coll1"), new KeyValue("action", "query"));
     assertTrue(coll1All.implies(coll1All, solrPrivilegeModel));
     assertTrue(coll1All.implies(coll1Update, solrPrivilegeModel));
     assertTrue(coll1All.implies(coll1Query, solrPrivilegeModel));
     assertFalse(coll1Update.implies(coll1All, solrPrivilegeModel));
     assertFalse(coll1Query.implies(coll1All, solrPrivilegeModel));

     // test different lengths
     CommonPrivilege coll1 =
         create(new KeyValue("collection", "coll1"));
     assertTrue(coll1All.implies(coll1, solrPrivilegeModel));
     assertTrue(coll1.implies(coll1All, solrPrivilegeModel));
   }

   @Test
   public void testUnexpected() throws Exception {
     Privilege p = new Privilege() {
       @Override
       public boolean implies(Privilege p, Model m) {
         return false;
       }

       @Override
       public List<KeyValue> getAuthorizable() {
         return null;
       }

       @Override
       public List<KeyValue> getParts() { return null; }
     };
     Privilege collection1 = create(new KeyValue("collection", "coll1"));
     assertFalse(collection1.implies(null, solrPrivilegeModel));
     assertFalse(collection1.implies(p, solrPrivilegeModel));
     assertFalse(collection1.equals(null));
     assertFalse(collection1.equals(p));
   }

   @Test(expected=IllegalArgumentException.class)
   public void testNullString() throws Exception {
     System.out.println(create((String)null));
   }

   @Test(expected=IllegalArgumentException.class)
   public void testEmptyString() throws Exception {
     System.out.println(create(""));
   }

   @Test(expected=IllegalArgumentException.class)
   public void testEmptyKey() throws Exception {
     System.out.println(create(SentryConstants.KV_JOINER.join("collection", "")));
   }

   @Test(expected=IllegalArgumentException.class)
   public void testEmptyValue() throws Exception {
     System.out.println(create(SentryConstants.KV_JOINER.join("", "coll1")));
   }

   @Test(expected=IllegalArgumentException.class)
   public void testEmptyPart() throws Exception {
     System.out.println(create(SentryConstants.AUTHORIZABLE_JOINER.
         join(SentryConstants.KV_JOINER.join("collection1", "coll1"), "")));
   }

   @Test(expected=IllegalArgumentException.class)
   public void testOnlySeperators() throws Exception {
     System.out.println(create(SentryConstants.AUTHORIZABLE_JOINER.
         join(SentryConstants.KV_SEPARATOR, SentryConstants.KV_SEPARATOR,
             SentryConstants.KV_SEPARATOR)));
   }

   static CommonPrivilege create(KeyValue... keyValues) {
     return create(SentryConstants.AUTHORIZABLE_JOINER.join(keyValues));
   }

   static CommonPrivilege create(String s) {
     return new CommonPrivilege(s);
   }
 }
	/*
	* Licensed to the Apache Software Foundation (ASF) under one or more
	* contributor license agreements. See the NOTICE file distributed with
	* this work for additional information regarding copyright ownership.
	* The ASF licenses this file to You under the Apache License, Version 2.0
	* (the "License"); you may not use this file except in compliance with
	* the License. You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing, software
	* distributed under the License is distributed on an "AS IS" BASIS,
	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	* See the License for the specific language governing permissions and
	* limitations under the License.
	*/
	package org.apache.sentry.privilege.solr;

	import org.apache.sentry.core.common.Model;
	import org.apache.sentry.core.common.utils.KeyValue;
	import org.apache.sentry.core.common.utils.SentryConstants;
	import org.apache.sentry.core.model.solr.SolrConstants;
	import org.apache.sentry.core.model.solr.SolrPrivilegeModel;
	import org.apache.sentry.policy.common.CommonPrivilege;
	import org.apache.sentry.policy.common.Privilege;
	import org.junit.Before;
	import org.junit.Test;

	import java.util.List;

	import static junit.framework.Assert.assertFalse;
	import static junit.framework.Assert.assertTrue;

	/**
	* This class implements a set of unit tests designed to verify {@linkplain SolrPrivilegeModel}
	*/
	public class TestCommonPrivilegeForSolr {

	private Model solrPrivilegeModel;

	private static final String ALL = SolrConstants.ALL;

	@Before
	public void prepareData() {
	solrPrivilegeModel = SolrPrivilegeModel.getInstance();
	}

	@Test
	public void testSimpleNoAction() throws Exception {
	CommonPrivilege collection1 = create(new KeyValue("collection", "coll1"));
	CommonPrivilege collection2 = create(new KeyValue("collection", "coll2"));
	CommonPrivilege collection1Case = create(new KeyValue("colleCtIon", "coLl1"));

	assertTrue(collection1.implies(collection1, solrPrivilegeModel));
	assertTrue(collection2.implies(collection2, solrPrivilegeModel));
	assertTrue(collection1.implies(collection1Case, solrPrivilegeModel));
	assertTrue(collection1Case.implies(collection1, solrPrivilegeModel));

	assertFalse(collection1.implies(collection2, solrPrivilegeModel));
	assertFalse(collection1Case.implies(collection2, solrPrivilegeModel));
	assertFalse(collection2.implies(collection1, solrPrivilegeModel));
	assertFalse(collection2.implies(collection1Case, solrPrivilegeModel));
	}

	@Test
	public void testAdminNoAction() throws Exception {
	CommonPrivilege globalAdmin = create(new KeyValue("admin", SolrConstants.ALL));
	CommonPrivilege coreAdmin = create(new KeyValue("admin", "core"));
	CommonPrivilege collectionAdmin = create(new KeyValue("admin", "collection"));
	CommonPrivilege securityAdmin = create(new KeyValue("admin", "security"));

	assertTrue(coreAdmin.implies(coreAdmin, solrPrivilegeModel));
	assertFalse(coreAdmin.implies(collectionAdmin, solrPrivilegeModel));
	assertFalse(coreAdmin.implies(securityAdmin, solrPrivilegeModel));
	// TODO - Check if this is a bug ?
	// assertFalse(coreAdmin.implies(globalAdmin, solrPrivilegeModel));

	assertTrue(collectionAdmin.implies(collectionAdmin, solrPrivilegeModel));
	assertFalse(collectionAdmin.implies(coreAdmin, solrPrivilegeModel));
	assertFalse(collectionAdmin.implies(securityAdmin, solrPrivilegeModel));
	// TODO - Check if this is a bug ?
	// assertFalse(collectionAdmin.implies(globalAdmin, solrPrivilegeModel));

	assertTrue(securityAdmin.implies(securityAdmin, solrPrivilegeModel));
	assertFalse(securityAdmin.implies(collectionAdmin, solrPrivilegeModel));
	assertFalse(securityAdmin.implies(coreAdmin, solrPrivilegeModel));
	// TODO - Check if this is a bug ?
	// assertFalse(securityAdmin.implies(globalAdmin, solrPrivilegeModel));

	assertTrue(globalAdmin.implies(globalAdmin, solrPrivilegeModel));
	assertTrue(globalAdmin.implies(collectionAdmin, solrPrivilegeModel));
	assertTrue(globalAdmin.implies(coreAdmin, solrPrivilegeModel));
	assertTrue(globalAdmin.implies(securityAdmin, solrPrivilegeModel));
	}

	@Test
	public void testSimpleAction() throws Exception {
	CommonPrivilege query =
	create(new KeyValue("collection", "coll1"), new KeyValue("action", "query"));
	CommonPrivilege update =
	create(new KeyValue("collection", "coll1"), new KeyValue("action", "update"));
	CommonPrivilege queryCase =
	create(new KeyValue("colleCtIon", "coLl1"), new KeyValue("AcTiOn", "QuERy"));

	assertTrue(query.implies(query, solrPrivilegeModel));
	assertTrue(update.implies(update, solrPrivilegeModel));
	assertTrue(query.implies(queryCase, solrPrivilegeModel));
	assertTrue(queryCase.implies(query, solrPrivilegeModel));

	assertFalse(query.implies(update, solrPrivilegeModel));
	assertFalse(queryCase.implies(update, solrPrivilegeModel));
	assertFalse(update.implies(query, solrPrivilegeModel));
	assertFalse(update.implies(queryCase, solrPrivilegeModel));
	}

	@Test
	public void testAdminAction() throws Exception {
	CommonPrivilege query =
	create(new KeyValue("admin", SolrConstants.ALL), new KeyValue("action", "query"));
	CommonPrivilege update =
	create(new KeyValue("admin", SolrConstants.ALL), new KeyValue("action", "update"));
	CommonPrivilege queryCase =
	create(new KeyValue("admin", SolrConstants.ALL), new KeyValue("AcTiOn", "QuERy"));

	assertTrue(query.implies(query, solrPrivilegeModel));
	assertTrue(update.implies(update, solrPrivilegeModel));
	assertTrue(query.implies(queryCase, solrPrivilegeModel));
	assertTrue(queryCase.implies(query, solrPrivilegeModel));

	assertFalse(query.implies(update, solrPrivilegeModel));
	assertFalse(queryCase.implies(update, solrPrivilegeModel));
	assertFalse(update.implies(query, solrPrivilegeModel));
	assertFalse(update.implies(queryCase, solrPrivilegeModel));
	}

	@Test
	public void testRoleShorterThanRequest() throws Exception {
	CommonPrivilege collection1 = create(new KeyValue("collection", "coll1"));
	CommonPrivilege query =
	create(new KeyValue("collection", "coll1"), new KeyValue("action", "query"));
	CommonPrivilege update =
	create(new KeyValue("collection", "coll1"), new KeyValue("action", "update"));
	CommonPrivilege all =
	create(new KeyValue("collection", "coll1"), new KeyValue("action", ALL));

	assertTrue(collection1.implies(query, solrPrivilegeModel));
	assertTrue(collection1.implies(update, solrPrivilegeModel));
	assertTrue(collection1.implies(all, solrPrivilegeModel));

	assertFalse(query.implies(collection1, solrPrivilegeModel));
	assertFalse(update.implies(collection1, solrPrivilegeModel));
	assertTrue(all.implies(collection1, solrPrivilegeModel));
	}

	@Test
	public void testAdminRoleShorterThanRequest() throws Exception {
	CommonPrivilege globalAdmin = create(new KeyValue("admin", "*"));
	CommonPrivilege query =
	create(new KeyValue("admin", "core"), new KeyValue("action", "query"));
	CommonPrivilege update =
	create(new KeyValue("admin", "core"), new KeyValue("action", "update"));
	CommonPrivilege all = create(new KeyValue("admin", "*"), new KeyValue("action", ALL));

	assertTrue(globalAdmin.implies(query, solrPrivilegeModel));
	assertTrue(globalAdmin.implies(update, solrPrivilegeModel));
	assertTrue(globalAdmin.implies(all, solrPrivilegeModel));

	assertFalse(query.implies(globalAdmin, solrPrivilegeModel));
	assertFalse(update.implies(globalAdmin, solrPrivilegeModel));
	assertTrue(all.implies(globalAdmin, solrPrivilegeModel));
	}

	@Test
	public void testCollectionAll() throws Exception {
	CommonPrivilege collectionAll = create(new KeyValue("collection", ALL));
	CommonPrivilege collection1 = create(new KeyValue("collection", "coll1"));
	assertTrue(collectionAll.implies(collection1, solrPrivilegeModel));
	assertTrue(collection1.implies(collectionAll, solrPrivilegeModel));

	CommonPrivilege allUpdate =
	create(new KeyValue("collection", ALL), new KeyValue("action", "update"));
	CommonPrivilege allQuery =
	create(new KeyValue("collection", ALL), new KeyValue("action", "query"));
	CommonPrivilege coll1Update =
	create(new KeyValue("collection", "coll1"), new KeyValue("action", "update"));
	CommonPrivilege coll1Query =
	create(new KeyValue("collection", "coll1"), new KeyValue("action", "query"));
	assertTrue(allUpdate.implies(coll1Update, solrPrivilegeModel));
	assertTrue(allQuery.implies(coll1Query, solrPrivilegeModel));
	assertTrue(coll1Update.implies(allUpdate, solrPrivilegeModel));
	assertTrue(coll1Query.implies(allQuery, solrPrivilegeModel));
	assertFalse(allUpdate.implies(coll1Query, solrPrivilegeModel));
	assertFalse(coll1Update.implies(coll1Query, solrPrivilegeModel));
	assertFalse(allQuery.implies(coll1Update, solrPrivilegeModel));
	assertFalse(coll1Query.implies(allUpdate, solrPrivilegeModel));
	assertFalse(allUpdate.implies(allQuery, solrPrivilegeModel));
	assertFalse(allQuery.implies(allUpdate, solrPrivilegeModel));
	assertFalse(coll1Update.implies(coll1Query, solrPrivilegeModel));
	assertFalse(coll1Query.implies(coll1Update, solrPrivilegeModel));

	// test different length paths
	assertTrue(collectionAll.implies(allUpdate, solrPrivilegeModel));
	assertTrue(collectionAll.implies(allQuery, solrPrivilegeModel));
	assertTrue(collectionAll.implies(coll1Update, solrPrivilegeModel));
	assertTrue(collectionAll.implies(coll1Query, solrPrivilegeModel));
	assertFalse(allUpdate.implies(collectionAll, solrPrivilegeModel));
	assertFalse(allQuery.implies(collectionAll, solrPrivilegeModel));
	assertFalse(coll1Update.implies(collectionAll, solrPrivilegeModel));
	assertFalse(coll1Query.implies(collectionAll, solrPrivilegeModel));
	}

	@Test
	public void testActionAll() throws Exception {
	CommonPrivilege coll1All =
	create(new KeyValue("collection", "coll1"), new KeyValue("action", ALL));
	CommonPrivilege coll1Update =
	create(new KeyValue("collection", "coll1"), new KeyValue("action", "update"));
	CommonPrivilege coll1Query =
	create(new KeyValue("collection", "coll1"), new KeyValue("action", "query"));
	assertTrue(coll1All.implies(coll1All, solrPrivilegeModel));
	assertTrue(coll1All.implies(coll1Update, solrPrivilegeModel));
	assertTrue(coll1All.implies(coll1Query, solrPrivilegeModel));
	assertFalse(coll1Update.implies(coll1All, solrPrivilegeModel));
	assertFalse(coll1Query.implies(coll1All, solrPrivilegeModel));

	// test different lengths
	CommonPrivilege coll1 =
	create(new KeyValue("collection", "coll1"));
	assertTrue(coll1All.implies(coll1, solrPrivilegeModel));
	assertTrue(coll1.implies(coll1All, solrPrivilegeModel));
	}

	@Test
	public void testUnexpected() throws Exception {
	Privilege p = new Privilege() {
	@Override
	public boolean implies(Privilege p, Model m) {
	return false;
	}

	@Override
	public List<KeyValue> getAuthorizable() {
	return null;
	}

	@Override
	public List<KeyValue> getParts() { return null; }
	};
	Privilege collection1 = create(new KeyValue("collection", "coll1"));
	assertFalse(collection1.implies(null, solrPrivilegeModel));
	assertFalse(collection1.implies(p, solrPrivilegeModel));
	assertFalse(collection1.equals(null));
	assertFalse(collection1.equals(p));
	}

	@Test(expected=IllegalArgumentException.class)
	public void testNullString() throws Exception {
	System.out.println(create((String)null));
	}

	@Test(expected=IllegalArgumentException.class)
	public void testEmptyString() throws Exception {
	System.out.println(create(""));
	}

	@Test(expected=IllegalArgumentException.class)
	public void testEmptyKey() throws Exception {
	System.out.println(create(SentryConstants.KV_JOINER.join("collection", "")));
	}

	@Test(expected=IllegalArgumentException.class)
	public void testEmptyValue() throws Exception {
	System.out.println(create(SentryConstants.KV_JOINER.join("", "coll1")));
	}

	@Test(expected=IllegalArgumentException.class)
	public void testEmptyPart() throws Exception {
	System.out.println(create(SentryConstants.AUTHORIZABLE_JOINER.
	join(SentryConstants.KV_JOINER.join("collection1", "coll1"), "")));
	}

	@Test(expected=IllegalArgumentException.class)
	public void testOnlySeperators() throws Exception {
	System.out.println(create(SentryConstants.AUTHORIZABLE_JOINER.
	join(SentryConstants.KV_SEPARATOR, SentryConstants.KV_SEPARATOR,
	SentryConstants.KV_SEPARATOR)));
	}

	static CommonPrivilege create(KeyValue... keyValues) {
	return create(SentryConstants.AUTHORIZABLE_JOINER.join(keyValues));
	}

	static CommonPrivilege create(String s) {
	return new CommonPrivilege(s);
	}
	}