@Test
public void getConvertedPrivilegeBeanTest() {
aceBean2 = CqActionsMapping.getConvertedPrivilegeBean(aceBean2);
assertArrayEquals(aceBean1.getActions(), aceBean2.getActions());
assertEquals(aceBean1.getPrivilegesString(), aceBean2.getPrivilegesString());
}
public boolean validateAuthorizableId(
final Set<String> groupsFromCurrentConfig, final AceBean tmpAclBean)
throws NoGroupDefinedException, InvalidGroupNameException {
boolean valid = true;
String principal = tmpAclBean.getPrincipalName();
// validate authorizable name format
if (Validators.isValidAuthorizableId(principal)) {
// validate if authorizable is contained in config
if (!groupsFromCurrentConfig.contains(principal)) {
String message =
getBeanDescription(this.currentBeanCounter, principal)
+ " is not defined in group configuration";
throw new NoGroupDefinedException(message);
}
tmpAclBean.setPrincipal(principal);
} else {
valid = false;
String errorMessage =
getBeanDescription(this.currentBeanCounter, principal)
+ principal
+ ", invalid authorizable name: "
+ principal;
LOG.error(errorMessage);
throw new InvalidGroupNameException(errorMessage);
}
return valid;
}
public boolean validateAcePath(final AceBean tmpAclBean) throws InvalidPathException {
boolean isPathDefined = false;
String currentEntryValue = tmpAclBean.getJcrPath();
String principal = tmpAclBean.getPrincipalName();
if (Validators.isValidNodePath(currentEntryValue)) {
tmpAclBean.setJcrPath(currentEntryValue);
isPathDefined = true;
} else {
String errorMessage =
getBeanDescription(this.currentBeanCounter, principal)
+ ", invalid path: "
+ currentEntryValue;
LOG.error(errorMessage);
throw new InvalidPathException(errorMessage);
}
return isPathDefined;
}
public boolean validatePermission(final AceBean tmpAclBean) throws InvalidPermissionException {
boolean valid = true;
String permission = tmpAclBean.getPermission();
String principal = tmpAclBean.getPrincipalName();
if (Validators.isValidPermission(permission)) {
tmpAclBean.setPermission(permission);
} else {
valid = false;
String errorMessage =
getBeanDescription(this.currentBeanCounter, principal)
+ ", invalid permission: "
+ permission;
LOG.error(errorMessage);
throw new InvalidPermissionException(errorMessage);
}
return valid;
}
public boolean validateGlobbing(final AceBean tmpAclBean) throws InvalidRepGlobException {
boolean valid = true;
String currentEntryValue = tmpAclBean.getRepGlob();
String principal = tmpAclBean.getPrincipalName();
if (Validators.isValidRegex(currentEntryValue)) {
tmpAclBean.setRepGlob(currentEntryValue);
} else {
valid = false;
String errorMessage =
getBeanDescription(this.currentBeanCounter, principal)
+ ", invalid globbing expression: "
+ currentEntryValue;
LOG.error(errorMessage);
throw new InvalidRepGlobException(errorMessage);
}
return valid;
}
public boolean validateActions(final AceBean tmpAclBean)
throws InvalidActionException, TooManyActionsException, DoubledDefinedActionException {
String principal = tmpAclBean.getPrincipalName();
if (!StringUtils.isNotBlank(tmpAclBean.getActionsStringFromConfig())) {
return false;
}
String[] actions = tmpAclBean.getActionsStringFromConfig().split(",");
if (actions.length > CqActionsMapping.ACTIONS_MAP.size()) {
String errorMessage =
getBeanDescription(this.currentBeanCounter, principal) + " too many actions defined!";
LOG.error(errorMessage);
throw new TooManyActionsException(errorMessage);
}
Set<String> actionsSet = new HashSet<String>();
for (int i = 0; i < actions.length; i++) {
// remove leading and trailing blanks from action name
actions[i] = StringUtils.strip(actions[i]);
if (!Validators.isValidAction(actions[i])) {
String errorMessage =
getBeanDescription(this.currentBeanCounter, principal)
+ ", invalid action: "
+ actions[i];
LOG.error(errorMessage);
throw new InvalidActionException(errorMessage);
}
if (!actionsSet.add(actions[i])) {
String errorMessage =
getBeanDescription(this.currentBeanCounter, principal)
+ ", doubled defined action: "
+ actions[i];
LOG.error(errorMessage);
throw new DoubledDefinedActionException(errorMessage);
}
}
tmpAclBean.setActions(actions);
return true;
}
public boolean validatePrivileges(final AceBean tmpAclBean, AccessControlManager aclManager)
throws InvalidJcrPrivilegeException, DoubledDefinedJcrPrivilegeException {
String currentEntryValue = tmpAclBean.getPrivilegesString();
String principal = tmpAclBean.getPrincipalName();
if (!StringUtils.isNotBlank(currentEntryValue)) {
return false;
}
String[] privileges = currentEntryValue.split(",");
Set<String> privilegesSet = new HashSet<String>();
for (int i = 0; i < privileges.length; i++) {
// remove leading and trailing blanks from privilege name
privileges[i] = StringUtils.strip(privileges[i]);
if (!Validators.isValidJcrPrivilege(privileges[i], aclManager)) {
String errorMessage =
getBeanDescription(this.currentBeanCounter, principal)
+ ", invalid jcr privilege: "
+ privileges[i];
LOG.error(errorMessage);
throw new InvalidJcrPrivilegeException(errorMessage);
}
if (!privilegesSet.add(privileges[i])) {
String errorMessage =
getBeanDescription(this.currentBeanCounter, principal)
+ ", doubled defined jcr privilege: "
+ privileges[i];
LOG.error(errorMessage);
throw new DoubledDefinedJcrPrivilegeException(errorMessage);
}
}
tmpAclBean.setPrivilegesString(currentEntryValue);
return true;
}
@Before
public void setup() {
// ACEs from groups contained in config
aceBean1 = new AceBean();
aceBean1.setPrincipal("group-A");
aceBean1.setActions(null);
aceBean1.setActionsStringFromConfig("");
aceBean1.setPermission("deny");
aceBean1.setJcrPath("/content");
aceBean1.setPrivilegesString("jcr:read,crx:replicate");
aceBean1.setRepGlob("");
aceBean2 = new AceBean();
aceBean2.setPrincipal("group-A");
aceBean2.setActions(new String[] {"read", "replicate"});
aceBean1.setPermission("deny");
aceBean2.setJcrPath("/content");
aceBean2.setPrivilegesString("");
aceBean2.setRepGlob("");
aceBean3 = new AceBean();
}