@Test public void testACLEscaping() { // temporary set an Everything privileges on the root for anonymous // so that we can create a folder setPermissionToAnonymous(EVERYTHING); DocumentModel root = session.getRootDocument(); DocumentModel folder = new DocumentModelImpl(root.getPathAsString(), "folder1", "Folder"); folder = session.createDocument(folder); ACP acp = new ACPImpl(); ACL acl = new ACLImpl(); acl.add(new ACE("xyz", "Read", true)); acl.add(new ACE("abc@def<&>/ ", "Read", true)); acl.add(new ACE("caf\u00e9", "Read", true)); acl.add(new ACE("o'hara", "Read", true)); // name to quote acl.add(new ACE("A_x1234_", "Read", true)); // name to quote acp.addACL(acl); folder.setACP(acp, true); // check what we read acp = folder.getACP(); assertNotNull(acp); acl = acp.getACL(ACL.LOCAL_ACL); assertEquals("xyz", acl.get(0).getUsername()); assertEquals("abc@def<&>/ ", acl.get(1).getUsername()); assertEquals("caf\u00e9", acl.get(2).getUsername()); assertEquals("o'hara", acl.get(3).getUsername()); assertEquals("A_x1234_", acl.get(4).getUsername()); }
@Test public void testACPInheritance() throws Exception { DocumentModel root = new DocumentModelImpl("/", "testACPInheritance", "Folder"); root = session.createDocument(root); DocumentModel doc = new DocumentModelImpl("/testACPInheritance", "folder", "Folder"); doc = session.createDocument(doc); ACP rootAcp = root.getACP(); ACL localACL = rootAcp.getOrCreateACL(); localACL.add(new ACE("joe_reader", READ, true)); root.setACP(rootAcp, true); ACP acp = doc.getACP(); localACL = acp.getOrCreateACL(); localACL.add(new ACE("joe_contributor", WRITE, true)); doc.setACP(acp, true); session.save(); doc = session.getDocument(new PathRef("/testACPInheritance/folder")); acp = doc.getACP(); ACL acl = acp.getACL(ACL.INHERITED_ACL); assertEquals("joe_reader", acl.getACEs()[0].getUsername()); // block inheritance acp.getOrCreateACL() .add(new ACE(SecurityConstants.EVERYONE, SecurityConstants.EVERYTHING, false)); doc.setACP(acp, true); session.save(); // now the inherited acl should be null doc = session.getDocument(new PathRef("/testACPInheritance/folder")); acp = doc.getACP(); acl = acp.getACL(ACL.INHERITED_ACL); assertNull(acl); }
@Test public void testEmptyLocalACL() throws Exception { DocumentModel doc = session.createDocumentModel("/", "folder", "Folder"); doc = session.createDocument(doc); ACP acp = doc.getACP(); ACL acl = acp.getOrCreateACL(); // don't add anything doc.setACP(acp, true); session.save(); nextTransaction(); session.getDocument(doc.getRef()); acp = doc.getACP(); acl = acp.getACL(ACL.LOCAL_ACL); assertNull(acl); }
@Test public void testSecurity() { // temporary set an Everything privileges on the root for anonymous // so that we can create a folder setPermissionToAnonymous(EVERYTHING); CoreSession anonSession = openSessionAs("anonymous"); try { DocumentModel root = anonSession.getRootDocument(); DocumentModel folder = new DocumentModelImpl(root.getPathAsString(), "folder#1", "Folder"); folder = anonSession.createDocument(folder); ACP acp = folder.getACP(); assertNotNull(acp); // the acp inherited from root is returned acp = new ACPImpl(); ACL acl = new ACLImpl(); acl.add(new ACE("a", "Read", true)); acl.add(new ACE("b", "Write", true)); acp.addACL(acl); folder.setACP(acp, true); acp = folder.getACP(); assertNotNull(acp); assertEquals("a", acp.getACL(ACL.LOCAL_ACL).get(0).getUsername()); assertEquals("b", acp.getACL(ACL.LOCAL_ACL).get(1).getUsername()); assertSame(GRANT, acp.getAccess("a", "Read")); assertSame(UNKNOWN, acp.getAccess("a", "Write")); assertSame(GRANT, acp.getAccess("b", "Write")); assertSame(UNKNOWN, acp.getAccess("b", "Read")); assertSame(UNKNOWN, acp.getAccess("c", "Read")); assertSame(UNKNOWN, acp.getAccess("c", "Write")); // insert a deny Write ACE before the GRANT acp.getACL(ACL.LOCAL_ACL).add(0, new ACE("b", "Write", false)); // store changes folder.setACP(acp, true); // refetch ac acp = folder.getACP(); // check perms now assertSame(GRANT, acp.getAccess("a", "Read")); assertSame(UNKNOWN, acp.getAccess("a", "Write")); assertSame(DENY, acp.getAccess("b", "Write")); assertSame(UNKNOWN, acp.getAccess("b", "Read")); assertSame(UNKNOWN, acp.getAccess("c", "Read")); assertSame(UNKNOWN, acp.getAccess("c", "Write")); // create a child document and grant on it the write for b // remove anonymous Everything privileges on the root // so that it not influence test results removePermissionToAnonymous(); anonSession.save(); // process invalidations try { DocumentModel folder2 = new DocumentModelImpl(folder.getPathAsString(), "folder#2", "Folder"); folder2 = anonSession.createDocument(folder2); fail("privilege is granted but should not be"); } catch (DocumentSecurityException e) { // ok } setPermissionToAnonymous(EVERYTHING); anonSession.save(); // process invalidations root = anonSession.getRootDocument(); // and try again - this time it should work DocumentModel folder2 = new DocumentModelImpl(folder.getPathAsString(), "folder#2", "Folder"); folder2 = anonSession.createDocument(folder2); ACP acp2 = new ACPImpl(); acl = new ACLImpl(); acl.add(new ACE("b", "Write", true)); acp2.addACL(acl); folder2.setACP(acp2, true); acp2 = folder2.getACP(); assertSame(GRANT, acp2.getAccess("a", "Read")); assertSame(UNKNOWN, acp2.getAccess("a", "Write")); assertSame(GRANT, acp2.getAccess("b", "Write")); assertSame(UNKNOWN, acp2.getAccess("b", "Read")); assertSame(UNKNOWN, acp2.getAccess("c", "Read")); assertSame(UNKNOWN, acp2.getAccess("c", "Write")); // remove anonymous Everything privileges on the root // so that it not influence test results removePermissionToAnonymous(); anonSession.save(); // process invalidations setPermissionToEveryone(WRITE, REMOVE, ADD_CHILDREN, REMOVE_CHILDREN, READ); root = anonSession.getRootDocument(); DocumentModel folder3 = new DocumentModelImpl(folder.getPathAsString(), "folder#3", "Folder"); folder3 = anonSession.createDocument(folder3); anonSession.removeDocument(folder3.getRef()); removePermissionToEveryone(); setPermissionToEveryone(REMOVE); anonSession.save(); // process invalidations try { folder3 = new DocumentModelImpl(folder.getPathAsString(), "folder#3", "Folder"); folder3 = anonSession.createDocument(folder3); fail(); } catch (Exception e) { } } finally { closeSession(anonSession); } }