Author: enorman Date: Fri Mar 5 23:21:58 2010 New Revision: 919665 URL: http://svn.apache.org/viewvc?rev=919665&view=rev Log: SLING-1090 fixed return value of PrivilegesInfo.canDelete(..) for children of the root node + added some unit tests
Added: sling/trunk/launchpad/testing/src/test/java/org/apache/sling/launchpad/webapp/integrationtest/accessManager/PrivilegesInfoTest.java (with props) sling/trunk/launchpad/testing/src/test/resources/integration-test/accessmanager/ sling/trunk/launchpad/testing/src/test/resources/integration-test/accessmanager/privileges-info.json.esp Modified: sling/trunk/bundles/jcr/jackrabbit-accessmanager/src/main/java/org/apache/sling/jcr/jackrabbit/accessmanager/PrivilegesInfo.java sling/trunk/launchpad/testing/src/test/java/org/apache/sling/launchpad/webapp/integrationtest/accessManager/AbstractAccessManagerTest.java Modified: sling/trunk/bundles/jcr/jackrabbit-accessmanager/src/main/java/org/apache/sling/jcr/jackrabbit/accessmanager/PrivilegesInfo.java URL: http://svn.apache.org/viewvc/sling/trunk/bundles/jcr/jackrabbit-accessmanager/src/main/java/org/apache/sling/jcr/jackrabbit/accessmanager/PrivilegesInfo.java?rev=919665&r1=919664&r2=919665&view=diff ============================================================================== --- sling/trunk/bundles/jcr/jackrabbit-accessmanager/src/main/java/org/apache/sling/jcr/jackrabbit/accessmanager/PrivilegesInfo.java (original) +++ sling/trunk/bundles/jcr/jackrabbit-accessmanager/src/main/java/org/apache/sling/jcr/jackrabbit/accessmanager/PrivilegesInfo.java Fri Mar 5 23:21:58 2010 @@ -444,7 +444,15 @@ try { AccessControlManager accessControlManager = AccessControlUtil.getAccessControlManager(session); - String parentPath = absPath.substring(0, absPath.lastIndexOf('/')); + String parentPath; + int lastSlash = absPath.lastIndexOf('/'); + if (lastSlash == 0) { + //the parent is the root folder. + parentPath = "/"; + } else { + //strip the last segment + parentPath = absPath.substring(0, lastSlash); + } boolean canDelete = accessControlManager.hasPrivileges(absPath, new Privilege[] { accessControlManager.privilegeFromName(Privilege.JCR_REMOVE_NODE) }) && canDeleteChildren(session, parentPath); Modified: sling/trunk/launchpad/testing/src/test/java/org/apache/sling/launchpad/webapp/integrationtest/accessManager/AbstractAccessManagerTest.java URL: http://svn.apache.org/viewvc/sling/trunk/launchpad/testing/src/test/java/org/apache/sling/launchpad/webapp/integrationtest/accessManager/AbstractAccessManagerTest.java?rev=919665&r1=919664&r2=919665&view=diff ============================================================================== --- sling/trunk/launchpad/testing/src/test/java/org/apache/sling/launchpad/webapp/integrationtest/accessManager/AbstractAccessManagerTest.java (original) +++ sling/trunk/launchpad/testing/src/test/java/org/apache/sling/launchpad/webapp/integrationtest/accessManager/AbstractAccessManagerTest.java Fri Mar 5 23:21:58 2010 @@ -21,6 +21,7 @@ import java.net.URL; import java.util.ArrayList; import java.util.List; +import java.util.Random; import javax.servlet.http.HttpServletResponse; @@ -151,12 +152,12 @@ } - protected static int counter = 1; + protected static Random random = new Random(System.currentTimeMillis()); protected String createTestUser() throws IOException { String postUrl = HTTP_BASE_URL + "/system/userManager/user.create.html"; - String testUserId = "testUser" + (counter++); + String testUserId = "testUser" + random.nextInt(); List<NameValuePair> postParams = new ArrayList<NameValuePair>(); postParams.add(new NameValuePair(":name", testUserId)); postParams.add(new NameValuePair("pwd", "testPwd")); @@ -169,7 +170,7 @@ protected String createTestGroup() throws IOException { String postUrl = HTTP_BASE_URL + "/system/userManager/group.create.html"; - String testGroupId = "testGroup" + (counter++); + String testGroupId = "testGroup" + random.nextInt(); List<NameValuePair> postParams = new ArrayList<NameValuePair>(); postParams.add(new NameValuePair(":name", testGroupId)); @@ -181,7 +182,7 @@ } protected String createTestFolder() throws IOException { - String postUrl = HTTP_BASE_URL + TEST_BASE_PATH + "/" + "testFolder" + (counter++); + String postUrl = HTTP_BASE_URL + TEST_BASE_PATH + "/" + "testFolder" + random.nextInt(); final String location = testClient.createNode(postUrl + SlingPostConstants.DEFAULT_CREATE_SUFFIX, null); assertHttpStatus(location + DEFAULT_EXT, HttpServletResponse.SC_OK, Added: sling/trunk/launchpad/testing/src/test/java/org/apache/sling/launchpad/webapp/integrationtest/accessManager/PrivilegesInfoTest.java URL: http://svn.apache.org/viewvc/sling/trunk/launchpad/testing/src/test/java/org/apache/sling/launchpad/webapp/integrationtest/accessManager/PrivilegesInfoTest.java?rev=919665&view=auto ============================================================================== --- sling/trunk/launchpad/testing/src/test/java/org/apache/sling/launchpad/webapp/integrationtest/accessManager/PrivilegesInfoTest.java (added) +++ sling/trunk/launchpad/testing/src/test/java/org/apache/sling/launchpad/webapp/integrationtest/accessManager/PrivilegesInfoTest.java Fri Mar 5 23:21:58 2010 @@ -0,0 +1,320 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.sling.launchpad.webapp.integrationtest.accessManager; + +import java.io.IOException; +import java.util.ArrayList; +import java.util.HashSet; +import java.util.List; +import java.util.Set; + +import javax.servlet.http.HttpServletResponse; + +import org.apache.commons.httpclient.Credentials; +import org.apache.commons.httpclient.NameValuePair; +import org.apache.commons.httpclient.UsernamePasswordCredentials; +import org.apache.sling.commons.json.JSONException; +import org.apache.sling.commons.json.JSONObject; +import org.apache.sling.servlets.post.SlingPostConstants; + +/** + * Tests for the PrivilegesInfo Script Helper + */ +public class PrivilegesInfoTest extends AbstractAccessManagerTest { + + String testUserId = null; + String testGroupId = null; + String testFolderUrl = null; + Set<String> toDelete = new HashSet<String>(); + + @Override + protected void setUp() throws Exception { + super.setUp(); + + // Script for server-side PrivilegeInfo calculations + String scriptPath = "/apps/nt/unstructured"; + testClient.mkdirs(WEBDAV_BASE_URL, scriptPath); + toDelete.add(uploadTestScript(scriptPath, + "accessmanager/privileges-info.json.esp", + "privileges-info.json.esp")); + } + + @Override + protected void tearDown() throws Exception { + super.tearDown(); + + Credentials creds = new UsernamePasswordCredentials("admin", "admin"); + + if (testFolderUrl != null) { + //remove the test user if it exists. + String postUrl = testFolderUrl; + List<NameValuePair> postParams = new ArrayList<NameValuePair>(); + postParams.add(new NameValuePair(":operation", "delete")); + assertAuthenticatedPostStatus(creds, postUrl, HttpServletResponse.SC_OK, postParams, null); + } + if (testGroupId != null) { + //remove the test user if it exists. + String postUrl = HTTP_BASE_URL + "/system/userManager/group/" + testGroupId + ".delete.html"; + List<NameValuePair> postParams = new ArrayList<NameValuePair>(); + assertAuthenticatedPostStatus(creds, postUrl, HttpServletResponse.SC_OK, postParams, null); + } + if (testUserId != null) { + //remove the test user if it exists. + String postUrl = HTTP_BASE_URL + "/system/userManager/user/" + testUserId + ".delete.html"; + List<NameValuePair> postParams = new ArrayList<NameValuePair>(); + assertAuthenticatedPostStatus(creds, postUrl, HttpServletResponse.SC_OK, postParams, null); + } + + for(String script : toDelete) { + testClient.delete(script); + } + } + + /* + * testuser granted read / denied write + */ + public void testDeniedWriteForUser() throws IOException, JSONException { + testUserId = createTestUser(); + testFolderUrl = createTestFolder(); + + //assign some privileges + String postUrl = testFolderUrl + ".modifyAce.html"; + + List<NameValuePair> postParams = new ArrayList<NameValuePair>(); + postParams.add(new NameValuePair("principalId", testUserId)); + postParams.add(new NameValuePair("privil...@jcr:read", "granted")); + postParams.add(new NameValuePair("privil...@jcr:readAccessControl", "granted")); + postParams.add(new NameValuePair("privil...@jcr:write", "denied")); + + Credentials adminCreds = new UsernamePasswordCredentials("admin", "admin"); + assertAuthenticatedPostStatus(adminCreds, postUrl, HttpServletResponse.SC_OK, postParams, null); + + String getUrl = testFolderUrl + ".privileges-info.json"; + + //fetch the JSON for the test page to verify the settings. + Credentials testUserCreds = new UsernamePasswordCredentials(testUserId, "testPwd"); + + String json = getAuthenticatedContent(testUserCreds, getUrl, CONTENT_TYPE_JSON, null, HttpServletResponse.SC_OK); + assertNotNull(json); + JSONObject jsonObj = new JSONObject(json); + + assertEquals(false, jsonObj.getBoolean("canAddChildren")); + assertEquals(false, jsonObj.getBoolean("canDeleteChildren")); + assertEquals(false, jsonObj.getBoolean("canDelete")); + assertEquals(false, jsonObj.getBoolean("canModifyProperties")); + assertEquals(true, jsonObj.getBoolean("canReadAccessControl")); + assertEquals(false, jsonObj.getBoolean("canModifyAccessControl")); + } + + /* + * testuser granted read / granted write + */ + public void testGrantedWriteForUser() throws IOException, JSONException { + testUserId = createTestUser(); + testFolderUrl = createTestFolder(); + + //assign some privileges + String postUrl = testFolderUrl + ".modifyAce.html"; + + List<NameValuePair> postParams = new ArrayList<NameValuePair>(); + postParams.add(new NameValuePair("principalId", testUserId)); + postParams.add(new NameValuePair("privil...@jcr:read", "granted")); + postParams.add(new NameValuePair("privil...@jcr:write", "granted")); + postParams.add(new NameValuePair("privil...@jcr:readAccessControl", "granted")); + postParams.add(new NameValuePair("privil...@jcr:modifyAccessControl", "granted")); + + Credentials adminCreds = new UsernamePasswordCredentials("admin", "admin"); + assertAuthenticatedPostStatus(adminCreds, postUrl, HttpServletResponse.SC_OK, postParams, null); + + String getUrl = testFolderUrl + ".privileges-info.json"; + + //fetch the JSON for the test page to verify the settings. + Credentials testUserCreds = new UsernamePasswordCredentials(testUserId, "testPwd"); + + String json = getAuthenticatedContent(testUserCreds, getUrl, CONTENT_TYPE_JSON, null, HttpServletResponse.SC_OK); + assertNotNull(json); + JSONObject jsonObj = new JSONObject(json); + + assertEquals(true, jsonObj.getBoolean("canAddChildren")); + assertEquals(true, jsonObj.getBoolean("canDeleteChildren")); + //the parent node must also have jcr:removeChildren granted for 'canDelete' to be true + assertEquals(false, jsonObj.getBoolean("canDelete")); + assertEquals(true, jsonObj.getBoolean("canModifyProperties")); + assertEquals(true, jsonObj.getBoolean("canReadAccessControl")); + assertEquals(true, jsonObj.getBoolean("canModifyAccessControl")); + + //add a child node to verify the 'canDelete' use case + String childFolderUrl = testClient.createNode(testFolderUrl + "/testFolder" + random.nextInt() + SlingPostConstants.DEFAULT_CREATE_SUFFIX, null); + String childPostUrl = childFolderUrl + ".modifyAce.html"; + + postParams = new ArrayList<NameValuePair>(); + postParams.add(new NameValuePair("principalId", testUserId)); + postParams.add(new NameValuePair("privil...@jcr:read", "granted")); + postParams.add(new NameValuePair("privil...@jcr:removeNode", "granted")); + assertAuthenticatedPostStatus(adminCreds, childPostUrl, HttpServletResponse.SC_OK, postParams, null); + + String childGetUrl = childFolderUrl + ".privileges-info.json"; + String childJson = getAuthenticatedContent(testUserCreds, childGetUrl, CONTENT_TYPE_JSON, null, HttpServletResponse.SC_OK); + assertNotNull(childJson); + JSONObject childJsonObj = new JSONObject(childJson); + assertEquals(true, childJsonObj.getBoolean("canDelete")); + } + + + + /* + * group testuser granted read / denied write + */ + public void testDeniedWriteForGroup() throws IOException, JSONException { + testGroupId = createTestGroup(); + testUserId = createTestUser(); + testFolderUrl = createTestFolder(); + + Credentials adminCreds = new UsernamePasswordCredentials("admin", "admin"); + + //add testUserId to testGroup + String groupPostUrl = HTTP_BASE_URL + "/system/userManager/group/" + testGroupId + ".update.html"; + List<NameValuePair> groupPostParams = new ArrayList<NameValuePair>(); + groupPostParams.add(new NameValuePair(":member", testUserId)); + assertAuthenticatedPostStatus(adminCreds, groupPostUrl, HttpServletResponse.SC_OK, groupPostParams, null); + + //assign some privileges + String postUrl = testFolderUrl + ".modifyAce.html"; + + List<NameValuePair> postParams = new ArrayList<NameValuePair>(); + postParams.add(new NameValuePair("principalId", testGroupId)); + postParams.add(new NameValuePair("privil...@jcr:read", "granted")); + postParams.add(new NameValuePair("privil...@jcr:readAccessControl", "granted")); + postParams.add(new NameValuePair("privil...@jcr:write", "denied")); + + assertAuthenticatedPostStatus(adminCreds, postUrl, HttpServletResponse.SC_OK, postParams, null); + + String getUrl = testFolderUrl + ".privileges-info.json"; + + //fetch the JSON for the test page to verify the settings. + Credentials testUserCreds = new UsernamePasswordCredentials(testUserId, "testPwd"); + + String json = getAuthenticatedContent(testUserCreds, getUrl, CONTENT_TYPE_JSON, null, HttpServletResponse.SC_OK); + assertNotNull(json); + JSONObject jsonObj = new JSONObject(json); + + assertEquals(false, jsonObj.getBoolean("canAddChildren")); + assertEquals(false, jsonObj.getBoolean("canDeleteChildren")); + assertEquals(false, jsonObj.getBoolean("canDelete")); + assertEquals(false, jsonObj.getBoolean("canModifyProperties")); + assertEquals(true, jsonObj.getBoolean("canReadAccessControl")); + assertEquals(false, jsonObj.getBoolean("canModifyAccessControl")); + } + + /* + * group testuser granted read / granted write + */ + public void testGrantedWriteForGroup() throws IOException, JSONException { + testGroupId = createTestGroup(); + testUserId = createTestUser(); + testFolderUrl = createTestFolder(); + + Credentials adminCreds = new UsernamePasswordCredentials("admin", "admin"); + + //add testUserId to testGroup + String groupPostUrl = HTTP_BASE_URL + "/system/userManager/group/" + testGroupId + ".update.html"; + List<NameValuePair> groupPostParams = new ArrayList<NameValuePair>(); + groupPostParams.add(new NameValuePair(":member", testUserId)); + assertAuthenticatedPostStatus(adminCreds, groupPostUrl, HttpServletResponse.SC_OK, groupPostParams, null); + + //assign some privileges + String postUrl = testFolderUrl + ".modifyAce.html"; + + List<NameValuePair> postParams = new ArrayList<NameValuePair>(); + postParams.add(new NameValuePair("principalId", testGroupId)); + postParams.add(new NameValuePair("privil...@jcr:read", "granted")); + postParams.add(new NameValuePair("privil...@jcr:write", "granted")); + postParams.add(new NameValuePair("privil...@jcr:readAccessControl", "granted")); + postParams.add(new NameValuePair("privil...@jcr:modifyAccessControl", "granted")); + + assertAuthenticatedPostStatus(adminCreds, postUrl, HttpServletResponse.SC_OK, postParams, null); + + String getUrl = testFolderUrl + ".privileges-info.json"; + + //fetch the JSON for the test page to verify the settings. + Credentials testUserCreds = new UsernamePasswordCredentials(testUserId, "testPwd"); + + String json = getAuthenticatedContent(testUserCreds, getUrl, CONTENT_TYPE_JSON, null, HttpServletResponse.SC_OK); + assertNotNull(json); + JSONObject jsonObj = new JSONObject(json); + + assertEquals(true, jsonObj.getBoolean("canAddChildren")); + assertEquals(true, jsonObj.getBoolean("canDeleteChildren")); + //the parent node must also have jcr:removeChildren granted for 'canDelete' to be true + assertEquals(false, jsonObj.getBoolean("canDelete")); + assertEquals(true, jsonObj.getBoolean("canModifyProperties")); + assertEquals(true, jsonObj.getBoolean("canReadAccessControl")); + assertEquals(true, jsonObj.getBoolean("canModifyAccessControl")); + + + //add a child node to verify the 'canDelete' use case + String childFolderUrl = testClient.createNode(testFolderUrl + "/testFolder" + random.nextInt() + SlingPostConstants.DEFAULT_CREATE_SUFFIX, null); + String childPostUrl = childFolderUrl + ".modifyAce.html"; + + postParams = new ArrayList<NameValuePair>(); + postParams.add(new NameValuePair("principalId", testGroupId)); + postParams.add(new NameValuePair("privil...@jcr:read", "granted")); + postParams.add(new NameValuePair("privil...@jcr:removeNode", "granted")); + assertAuthenticatedPostStatus(adminCreds, childPostUrl, HttpServletResponse.SC_OK, postParams, null); + + String childGetUrl = childFolderUrl + ".privileges-info.json"; + String childJson = getAuthenticatedContent(testUserCreds, childGetUrl, CONTENT_TYPE_JSON, null, HttpServletResponse.SC_OK); + assertNotNull(childJson); + JSONObject childJsonObj = new JSONObject(childJson); + assertEquals(true, childJsonObj.getBoolean("canDelete")); + } + + + /** + * Test the fix for SLING-1090 + */ + public void testSLING_1090() throws Exception { + testUserId = createTestUser(); + + //grant jcr: removeChildNodes to the root node + ArrayList<NameValuePair> postParams = new ArrayList<NameValuePair>(); + postParams.add(new NameValuePair("principalId", testUserId)); + postParams.add(new NameValuePair("privil...@jcr:read", "granted")); + postParams.add(new NameValuePair("privil...@jcr:removeChildNodes", "granted")); + Credentials adminCreds = new UsernamePasswordCredentials("admin", "admin"); + assertAuthenticatedPostStatus(adminCreds, HTTP_BASE_URL + "/.modifyAce.html", HttpServletResponse.SC_OK, postParams, null); + + //create a node as a child of the root folder + testFolderUrl = testClient.createNode(HTTP_BASE_URL + "/testFolder" + random.nextInt() + SlingPostConstants.DEFAULT_CREATE_SUFFIX, null); + String postUrl = testFolderUrl + ".modifyAce.html"; + + //grant jcr:removeNode to the test node + postParams = new ArrayList<NameValuePair>(); + postParams.add(new NameValuePair("principalId", testUserId)); + postParams.add(new NameValuePair("privil...@jcr:read", "granted")); + postParams.add(new NameValuePair("privil...@jcr:removeNode", "granted")); + assertAuthenticatedPostStatus(adminCreds, postUrl, HttpServletResponse.SC_OK, postParams, null); + + //fetch the JSON for the test page to verify the settings. + String getUrl = testFolderUrl + ".privileges-info.json"; + Credentials testUserCreds = new UsernamePasswordCredentials(testUserId, "testPwd"); + String json = getAuthenticatedContent(testUserCreds, getUrl, CONTENT_TYPE_JSON, null, HttpServletResponse.SC_OK); + assertNotNull(json); + JSONObject jsonObj = new JSONObject(json); + assertEquals(true, jsonObj.getBoolean("canDelete")); + } +} Propchange: sling/trunk/launchpad/testing/src/test/java/org/apache/sling/launchpad/webapp/integrationtest/accessManager/PrivilegesInfoTest.java ------------------------------------------------------------------------------ svn:eol-style = native Added: sling/trunk/launchpad/testing/src/test/resources/integration-test/accessmanager/privileges-info.json.esp URL: http://svn.apache.org/viewvc/sling/trunk/launchpad/testing/src/test/resources/integration-test/accessmanager/privileges-info.json.esp?rev=919665&view=auto ============================================================================== --- sling/trunk/launchpad/testing/src/test/resources/integration-test/accessmanager/privileges-info.json.esp (added) +++ sling/trunk/launchpad/testing/src/test/resources/integration-test/accessmanager/privileges-info.json.esp Fri Mar 5 23:21:58 2010 @@ -0,0 +1,11 @@ +{ +<% + var privilegesInfo = new Packages.org.apache.sling.jcr.jackrabbit.accessmanager.PrivilegesInfo(); +%> + "canAddChildren" : <%=privilegesInfo.canAddChildren(currentNode)%>, + "canDeleteChildren" : <%=privilegesInfo.canDeleteChildren(currentNode)%>, + "canDelete" : <%=privilegesInfo.canDelete(currentNode)%>, + "canModifyProperties" : <%=privilegesInfo.canModifyProperties(currentNode)%>, + "canReadAccessControl" : <%=privilegesInfo.canReadAccessControl(currentNode)%>, + "canModifyAccessControl" : <%=privilegesInfo.canModifyAccessControl(currentNode)%> +}