@Test public void testModifiable() { assertNotSame(PrivilegeBits.EMPTY, PrivilegeBits.EMPTY.modifiable()); // other privilege bits PrivilegeBits mod = PrivilegeBits.getInstance(READ_NODES_PRIVILEGE_BITS); assertSame(mod, mod.modifiable()); assertNotSame(mod, mod.unmodifiable()); assertNotEquals(mod, mod.unmodifiable()); }
@NotNull @Override public Set<String> getPrivileges(@Nullable Tree tree) { Tree immutableTree = PermissionUtil.getReadOnlyTree(tree, immutableRoot); PrivilegeBits result = PrivilegeBits.getInstance(); PrivilegeBits denied = PrivilegeBits.getInstance(); for (AggregatedPermissionProvider aggregatedPermissionProvider : pps) { PrivilegeBits supported = aggregatedPermissionProvider.supportedPrivileges(immutableTree, null).modifiable(); if (doEvaluate(supported)) { PrivilegeBits granted = privilegeBitsProvider.getBits(aggregatedPermissionProvider.getPrivileges(immutableTree)); // add the granted privileges to the result if (!granted.isEmpty()) { result.add(granted); } if (compositionType == AND) { // update the set of denied privs by comparing the granted privs // with the complete set of supported privileges denied.add(supported.diff(granted)); } } } // subtract all denied privileges from the result if (!denied.isEmpty()) { result.diff(denied); } return privilegeBitsProvider.getPrivilegeNames(result); }
@Nonnull @Override public Set<String> getPrivileges(@Nullable Tree tree) { Tree immutableTree = PermissionUtil.getImmutableTree(tree, immutableRoot); PrivilegeBits result = PrivilegeBits.getInstance(); PrivilegeBits denied = PrivilegeBits.getInstance(); for (AggregatedPermissionProvider aggregatedPermissionProvider : pps) { PrivilegeBits supported = aggregatedPermissionProvider.supportedPrivileges(immutableTree, null).modifiable(); if (doEvaluate(supported)) { PrivilegeBits granted = privilegeBitsProvider.getBits(aggregatedPermissionProvider.getPrivileges(immutableTree)); // add the granted privileges to the result if (!granted.isEmpty()) { result.add(granted); } if (compositionType == AND) { // update the set of denied privs by comparing the granted privs // with the complete set of supported privileges denied.add(supported.diff(granted)); } } } // subtract all denied privileges from the result if (!denied.isEmpty()) { result.diff(denied); } return privilegeBitsProvider.getPrivilegeNames(result); }
@NotNull @Override public Set<String> getPrivileges(@Nullable Tree tree) { Tree immutableTree = PermissionUtil.getReadOnlyTree(tree, immutableRoot); PrivilegeBits result = PrivilegeBits.getInstance(); PrivilegeBits denied = PrivilegeBits.getInstance(); for (AggregatedPermissionProvider aggregatedPermissionProvider : pps) { PrivilegeBits supported = aggregatedPermissionProvider.supportedPrivileges(immutableTree, null).modifiable(); if (doEvaluate(supported)) { PrivilegeBits granted = privilegeBitsProvider.getBits(aggregatedPermissionProvider.getPrivileges(immutableTree)); // add the granted privileges to the result if (!granted.isEmpty()) { result.add(granted); } if (compositionType == AND) { // update the set of denied privs by comparing the granted privs // with the complete set of supported privileges denied.add(supported.diff(granted)); } } } // subtract all denied privileges from the result if (!denied.isEmpty()) { result.diff(denied); } return privilegeBitsProvider.getPrivilegeNames(result); }
@Test public void testHasPrivileges() throws Exception { for (String path : defPrivileges.keySet()) { Set<String> defaultPrivs = defPrivileges.get(path); Tree tree = readOnlyRoot.getTree(path); if (testProvider.isSupported(path)) { Set<String> expected = pbp.getPrivilegeNames(pbp.getBits(defaultPrivs).modifiable().diff(denied)); assertTrue(path, cppTestUser.hasPrivileges(tree, expected.toArray(new String[expected.size()]))); assertFalse(path, cppTestUser.hasPrivileges(tree, JCR_ADD_CHILD_NODES)); assertFalse(path, cppTestUser.hasPrivileges(tree, REP_ADD_PROPERTIES)); assertFalse(path, cppTestUser.hasPrivileges(tree, JCR_MODIFY_PROPERTIES)); } else { assertTrue(path, cppTestUser.hasPrivileges(tree, defaultPrivs.toArray(new String[defaultPrivs.size()]))); } } }
@Test public void testGetPrivilegesAdmin() throws Exception { for (String path : NODE_PATHS) { Tree tree = readOnlyRoot.getTree(path); Set<String> privNames = cppAdminUser.getPrivileges(tree); if (testProvider.isSupported(path)) { PrivilegeBits expected = pbp.getBits(JCR_ALL).modifiable().diff(denied).unmodifiable(); assertEquals(expected, pbp.getBits(privNames)); } else { assertEquals(path, ImmutableSet.of(JCR_ALL), privNames); } } }
@Test public void testGetPrivileges() throws Exception { PrivilegeBitsProvider pbp = new PrivilegeBitsProvider(readOnlyRoot); for (String path : defPrivileges.keySet()) { Tree tree = readOnlyRoot.getTree(path); Set<String> defaultPrivs = defPrivileges.get(path); Set<String> privNames = cppTestUser.getPrivileges(tree); if (testProvider.isSupported(path)) { PrivilegeBits expected = pbp.getBits(defaultPrivs).modifiable().diff(denied).unmodifiable(); assertEquals(expected, pbp.getBits(privNames)); } else { assertEquals(path, defaultPrivs, privNames); } } }
@Test public void testGetPrivilegesOnRepoAdmin() throws Exception { PrivilegeBits expected = pbp.getBits(JCR_ALL).modifiable().diff(pbp.getBits(JCR_NAMESPACE_MANAGEMENT)).unmodifiable(); assertEquals(expected, pbp.getBits(cppAdminUser.getPrivileges(null))); }
@Test public void testHasPrivilegeOnRepoAdmin() throws Exception { assertFalse(cppAdminUser.hasPrivileges(null, JCR_NAMESPACE_MANAGEMENT)); assertFalse(cppAdminUser.hasPrivileges(null, JCR_NAMESPACE_MANAGEMENT, JCR_NODE_TYPE_DEFINITION_MANAGEMENT)); assertFalse(cppAdminUser.hasPrivileges(null, JCR_ALL)); assertTrue(cppAdminUser.hasPrivileges(null, JCR_NODE_TYPE_DEFINITION_MANAGEMENT)); Set<String> expected = pbp.getPrivilegeNames(pbp.getBits(JCR_ALL).modifiable().diff(pbp.getBits(JCR_NAMESPACE_MANAGEMENT))); assertTrue(cppAdminUser.hasPrivileges(null, expected.toArray(new String[expected.size()]))); assertTrue(cppAdminUser.hasPrivileges(null)); }
@Test public void testHasPrivilegesAdmin() throws Exception { Set<String> expectedAllowed = pbp.getPrivilegeNames(pbp.getBits(JCR_ALL).modifiable().diff(pbp.getBits(JCR_ADD_CHILD_NODES, REP_ADD_PROPERTIES))); for (String path : NODE_PATHS) { Tree tree = readOnlyRoot.getTree(path); if (testProvider.isSupported(path)) { assertTrue(cppAdminUser.hasPrivileges(tree, expectedAllowed.toArray(new String[expectedAllowed.size()]))); assertFalse(cppAdminUser.hasPrivileges(tree, JCR_ADD_CHILD_NODES)); assertFalse(cppAdminUser.hasPrivileges(tree, REP_ADD_PROPERTIES)); assertFalse(cppAdminUser.hasPrivileges(tree, JCR_WRITE)); } else { assertTrue(cppAdminUser.hasPrivileges(tree, JCR_ALL)); } } }