public void testAddAccessControlEntry() throws NotExecutableException, RepositoryException {
checkCanModifyAc(path);
Privilege[] privileges = new Privilege[] {privs[0]};
AccessControlList acl = getList(acMgr, path);
AccessControlEntry entry = null;
if (acl.addAccessControlEntry(testPrincipal, privileges)) {
AccessControlEntry[] aces = acl.getAccessControlEntries();
for (int i = 0; i < aces.length; i++) {
if (aces[i].getPrincipal().equals(testPrincipal)
&& Arrays.asList(privileges).equals(Arrays.asList(aces[i].getPrivileges()))) {
entry = aces[i];
}
}
if (entry == null) throw new NotExecutableException();
} else {
throw new NotExecutableException();
}
assertEquals(
"Principal name of the ACE must be equal to the name of the passed Principal",
testPrincipal.getName(),
entry.getPrincipal().getName());
assertEquals(
"Privileges of the ACE must be equal to the passed ones",
Arrays.asList(privileges),
Arrays.asList(entry.getPrivileges()));
}
protected RepositoryFileAce toAce(final Session session, final AccessControlEntry acEntry)
throws RepositoryException {
Principal principal = acEntry.getPrincipal();
RepositoryFileSid sid = null;
String name = principal.getName();
DefaultPermissionConversionHelper permissionConversionHelper =
new DefaultPermissionConversionHelper(session);
if (principal instanceof Group) {
sid =
new RepositoryFileSid(
JcrTenantUtils.getRoleNameUtils().getPrincipleName(name),
RepositoryFileSid.Type.ROLE);
} else {
sid =
new RepositoryFileSid(
JcrTenantUtils.getUserNameUtils().getPrincipleName(name),
RepositoryFileSid.Type.USER);
}
logger.debug(
String.format("principal class [%s]", principal.getClass().getName())); // $NON-NLS-1$
Privilege[] privileges = acEntry.getPrivileges();
return new RepositoryFileAce(
sid, permissionConversionHelper.privilegesToPentahoPermissions(session, privileges));
}
public Privilege[] getPrivileges(String s) throws RepositoryException {
Item item = registrySession.getItem(s);
if (item instanceof Property) {
throw new PathNotFoundException("No privilages can be added for Properties");
}
Set<Privilege> privileges = new HashSet<Privilege>();
if (accessCtrlPolicies.get(s) instanceof RegistryAccessControlList) {
AccessControlEntry[] accessNtries =
((RegistryAccessControlList) accessCtrlPolicies.get(s)).getAccessControlEntries();
for (AccessControlEntry ac : accessNtries) {
if (ac != null) {
privileges.addAll(Arrays.asList(ac.getPrivileges()));
}
}
} else {
// TODO check how to apply NamedAccessControlPolicy
}
// Read-only session must have READ privilege on test node
if (RegistryJCRSpecificStandardLoderUtil.isSessionReadOnly(registrySession.getUserID())
&& !privileges.contains(privilegeRegistry.getPrivilegeFromName(Privilege.JCR_READ))) {
privileges.add(privilegeRegistry.getPrivilegeFromName(Privilege.JCR_READ));
}
if (privileges.size() != 0) {
return privileges.toArray(new Privilege[privileges.size()]);
} else return new Privilege[0];
}
private static List<Privilege> currentPrivileges(AccessControlList acl, Principal principal)
throws RepositoryException {
List<Privilege> privileges = new ArrayList<Privilege>();
AccessControlEntry[] entries = acl.getAccessControlEntries();
for (int i = 0; i < entries.length; i++) {
AccessControlEntry ace = entries[i];
if (principal.equals(ace.getPrincipal())) {
privileges.addAll(Arrays.asList(ace.getPrivileges()));
}
}
return privileges;
}
private JcrAccessControlList getAccessList(AccessControlManager acm, Node node)
throws RepositoryException {
AccessControlList accessList = findAccessList(acm, node);
if (accessList == null) {
return JcrAccessControlList.defaultInstance();
}
JcrAccessControlList acl = new JcrAccessControlList();
AccessControlEntry[] entries = accessList.getAccessControlEntries();
for (AccessControlEntry entry : entries) {
JcrPolicy en = new JcrPolicy();
en.setPrincipal(entry.getPrincipal().getName());
Privilege[] privileges = entry.getPrivileges();
for (Privilege p : privileges) {
en.add(new JcrPermission(p.getName()));
}
}
return acl;
}
