@Test
  public void testACLEscaping() {
    // temporary set an Everything privileges on the root for anonymous
    // so that we can create a folder
    setPermissionToAnonymous(EVERYTHING);

    DocumentModel root = session.getRootDocument();

    DocumentModel folder = new DocumentModelImpl(root.getPathAsString(), "folder1", "Folder");
    folder = session.createDocument(folder);

    ACP acp = new ACPImpl();
    ACL acl = new ACLImpl();
    acl.add(new ACE("xyz", "Read", true));
    acl.add(new ACE("abc@def<&>/ ", "Read", true));
    acl.add(new ACE("caf\u00e9", "Read", true));
    acl.add(new ACE("o'hara", "Read", true)); // name to quote
    acl.add(new ACE("A_x1234_", "Read", true)); // name to quote
    acp.addACL(acl);
    folder.setACP(acp, true);

    // check what we read
    acp = folder.getACP();
    assertNotNull(acp);
    acl = acp.getACL(ACL.LOCAL_ACL);
    assertEquals("xyz", acl.get(0).getUsername());
    assertEquals("abc@def<&>/ ", acl.get(1).getUsername());
    assertEquals("caf\u00e9", acl.get(2).getUsername());
    assertEquals("o'hara", acl.get(3).getUsername());
    assertEquals("A_x1234_", acl.get(4).getUsername());
  }
  @Test
  public void testACPInheritance() throws Exception {
    DocumentModel root = new DocumentModelImpl("/", "testACPInheritance", "Folder");
    root = session.createDocument(root);
    DocumentModel doc = new DocumentModelImpl("/testACPInheritance", "folder", "Folder");
    doc = session.createDocument(doc);

    ACP rootAcp = root.getACP();
    ACL localACL = rootAcp.getOrCreateACL();
    localACL.add(new ACE("joe_reader", READ, true));
    root.setACP(rootAcp, true);

    ACP acp = doc.getACP();
    localACL = acp.getOrCreateACL();
    localACL.add(new ACE("joe_contributor", WRITE, true));
    doc.setACP(acp, true);

    session.save();

    doc = session.getDocument(new PathRef("/testACPInheritance/folder"));
    acp = doc.getACP();
    ACL acl = acp.getACL(ACL.INHERITED_ACL);

    assertEquals("joe_reader", acl.getACEs()[0].getUsername());

    // block inheritance
    acp.getOrCreateACL()
        .add(new ACE(SecurityConstants.EVERYONE, SecurityConstants.EVERYTHING, false));
    doc.setACP(acp, true);
    session.save();

    // now the inherited acl should be null
    doc = session.getDocument(new PathRef("/testACPInheritance/folder"));
    acp = doc.getACP();
    acl = acp.getACL(ACL.INHERITED_ACL);
    assertNull(acl);
  }
  @Test
  public void testEmptyLocalACL() throws Exception {
    DocumentModel doc = session.createDocumentModel("/", "folder", "Folder");
    doc = session.createDocument(doc);
    ACP acp = doc.getACP();
    ACL acl = acp.getOrCreateACL();
    // don't add anything
    doc.setACP(acp, true);
    session.save();

    nextTransaction();

    session.getDocument(doc.getRef());
    acp = doc.getACP();
    acl = acp.getACL(ACL.LOCAL_ACL);
    assertNull(acl);
  }
  @Test
  public void testSecurity() {
    // temporary set an Everything privileges on the root for anonymous
    // so that we can create a folder
    setPermissionToAnonymous(EVERYTHING);

    CoreSession anonSession = openSessionAs("anonymous");
    try {
      DocumentModel root = anonSession.getRootDocument();

      DocumentModel folder = new DocumentModelImpl(root.getPathAsString(), "folder#1", "Folder");
      folder = anonSession.createDocument(folder);

      ACP acp = folder.getACP();
      assertNotNull(acp); // the acp inherited from root is returned

      acp = new ACPImpl();

      ACL acl = new ACLImpl();
      acl.add(new ACE("a", "Read", true));
      acl.add(new ACE("b", "Write", true));
      acp.addACL(acl);

      folder.setACP(acp, true);

      acp = folder.getACP();

      assertNotNull(acp);

      assertEquals("a", acp.getACL(ACL.LOCAL_ACL).get(0).getUsername());
      assertEquals("b", acp.getACL(ACL.LOCAL_ACL).get(1).getUsername());

      assertSame(GRANT, acp.getAccess("a", "Read"));
      assertSame(UNKNOWN, acp.getAccess("a", "Write"));
      assertSame(GRANT, acp.getAccess("b", "Write"));
      assertSame(UNKNOWN, acp.getAccess("b", "Read"));
      assertSame(UNKNOWN, acp.getAccess("c", "Read"));
      assertSame(UNKNOWN, acp.getAccess("c", "Write"));

      // insert a deny Write ACE before the GRANT

      acp.getACL(ACL.LOCAL_ACL).add(0, new ACE("b", "Write", false));
      // store changes
      folder.setACP(acp, true);
      // refetch ac
      acp = folder.getACP();
      // check perms now
      assertSame(GRANT, acp.getAccess("a", "Read"));
      assertSame(UNKNOWN, acp.getAccess("a", "Write"));
      assertSame(DENY, acp.getAccess("b", "Write"));
      assertSame(UNKNOWN, acp.getAccess("b", "Read"));
      assertSame(UNKNOWN, acp.getAccess("c", "Read"));
      assertSame(UNKNOWN, acp.getAccess("c", "Write"));

      // create a child document and grant on it the write for b

      // remove anonymous Everything privileges on the root
      // so that it not influence test results
      removePermissionToAnonymous();
      anonSession.save(); // process invalidations

      try {
        DocumentModel folder2 =
            new DocumentModelImpl(folder.getPathAsString(), "folder#2", "Folder");
        folder2 = anonSession.createDocument(folder2);
        fail("privilege is granted but should not be");
      } catch (DocumentSecurityException e) {
        // ok
      }

      setPermissionToAnonymous(EVERYTHING);
      anonSession.save(); // process invalidations

      root = anonSession.getRootDocument();

      // and try again - this time it should work
      DocumentModel folder2 = new DocumentModelImpl(folder.getPathAsString(), "folder#2", "Folder");
      folder2 = anonSession.createDocument(folder2);

      ACP acp2 = new ACPImpl();
      acl = new ACLImpl();
      acl.add(new ACE("b", "Write", true));
      acp2.addACL(acl);

      folder2.setACP(acp2, true);
      acp2 = folder2.getACP();

      assertSame(GRANT, acp2.getAccess("a", "Read"));
      assertSame(UNKNOWN, acp2.getAccess("a", "Write"));
      assertSame(GRANT, acp2.getAccess("b", "Write"));
      assertSame(UNKNOWN, acp2.getAccess("b", "Read"));
      assertSame(UNKNOWN, acp2.getAccess("c", "Read"));
      assertSame(UNKNOWN, acp2.getAccess("c", "Write"));

      // remove anonymous Everything privileges on the root
      // so that it not influence test results
      removePermissionToAnonymous();
      anonSession.save(); // process invalidations

      setPermissionToEveryone(WRITE, REMOVE, ADD_CHILDREN, REMOVE_CHILDREN, READ);
      root = anonSession.getRootDocument();

      DocumentModel folder3 = new DocumentModelImpl(folder.getPathAsString(), "folder#3", "Folder");
      folder3 = anonSession.createDocument(folder3);

      anonSession.removeDocument(folder3.getRef());

      removePermissionToEveryone();
      setPermissionToEveryone(REMOVE);
      anonSession.save(); // process invalidations

      try {
        folder3 = new DocumentModelImpl(folder.getPathAsString(), "folder#3", "Folder");
        folder3 = anonSession.createDocument(folder3);
        fail();
      } catch (Exception e) {

      }
    } finally {
      closeSession(anonSession);
    }
  }