1 17 package org.alfresco.repo.security.authority; 18 19 import java.util.HashSet ; 20 import java.util.Set ; 21 22 import net.sf.acegisecurity.Authentication; 23 import net.sf.acegisecurity.GrantedAuthority; 24 25 import org.alfresco.model.ContentModel; 26 import org.alfresco.repo.security.permissions.PermissionEntry; 27 import org.alfresco.repo.security.permissions.impl.AbstractPermissionTest; 28 import org.alfresco.repo.security.permissions.impl.SimpleNodePermissionEntry; 29 import org.alfresco.repo.security.permissions.impl.SimplePermissionEntry; 30 import org.alfresco.repo.security.permissions.impl.SimplePermissionReference; 31 import org.alfresco.service.cmr.repository.NodeRef; 32 import org.alfresco.service.cmr.security.AccessPermission; 33 import org.alfresco.service.cmr.security.AccessStatus; 34 import org.alfresco.service.cmr.security.AuthorityType; 35 import org.alfresco.service.cmr.security.PermissionService; 36 import org.alfresco.service.namespace.QName; 37 38 public class ExtendedPermissionServiceTest extends AbstractPermissionTest 39 { 40 public ExtendedPermissionServiceTest() 41 { 42 super(); 43 } 45 46 public void testAuthenticatedRoleIsPresent() 47 { 48 runAs("andy"); 49 Authentication auth = authenticationComponent.getCurrentAuthentication(); 50 for (GrantedAuthority authority : auth.getAuthorities()) 51 { 52 if (authority.getAuthority().equals(ROLE_AUTHENTICATED)) 53 { 54 return; 55 } 56 } 57 fail("Missing role ROLE_AUTHENTICATED "); 58 } 59 60 61 62 public void testSetInheritFalse() 63 { 64 runAs("andy"); 65 permissionService.setInheritParentPermissions(rootNodeRef, false); 66 assertNotNull(permissionService.getSetPermissions(rootNodeRef)); 67 assertFalse(permissionService.getSetPermissions(rootNodeRef).inheritPermissions()); 68 assertEquals(rootNodeRef, permissionService.getSetPermissions(rootNodeRef).getNodeRef()); 69 assertEquals(0, permissionService.getSetPermissions(rootNodeRef).getPermissionEntries().size()); 70 } 71 72 public void testSetInheritTrue() 73 { 74 runAs("andy"); 75 permissionService.setInheritParentPermissions(rootNodeRef, true); 76 assertNotNull(permissionService.getSetPermissions(rootNodeRef)); 77 assertTrue(permissionService.getSetPermissions(rootNodeRef).inheritPermissions()); 78 assertEquals(rootNodeRef, permissionService.getSetPermissions(rootNodeRef).getNodeRef()); 79 assertEquals(0, permissionService.getSetPermissions(rootNodeRef).getPermissionEntries().size()); 80 81 permissionService.deletePermissions(permissionService.getSetPermissions(rootNodeRef)); 82 } 83 84 public void testAlterInherit() 85 { 86 runAs("andy"); 87 testSetInheritFalse(); 88 testSetInheritTrue(); 89 testSetInheritFalse(); 90 testSetInheritTrue(); 91 92 permissionService.deletePermissions(rootNodeRef); 93 } 95 96 public void testSetNodePermissionEntry() 97 { 98 runAs("andy"); 99 Set <SimplePermissionEntry> entries = new HashSet <SimplePermissionEntry>(); 100 entries.add(new SimplePermissionEntry(rootNodeRef, new SimplePermissionReference(QName.createQName("A", "B"), 101 "C"), "user-one", AccessStatus.ALLOWED)); 102 entries.add(new SimplePermissionEntry(rootNodeRef, permissionService.getAllPermissionReference(), "user-two", 103 AccessStatus.ALLOWED)); 104 entries.add(new SimplePermissionEntry(rootNodeRef, new SimplePermissionReference(QName.createQName("D", "E"), 105 "F"), permissionService.getAllAuthorities(), AccessStatus.ALLOWED)); 106 entries.add(new SimplePermissionEntry(rootNodeRef, permissionService.getAllPermissionReference(), 107 permissionService.getAllAuthorities(), AccessStatus.DENIED)); 108 109 SimpleNodePermissionEntry entry = new SimpleNodePermissionEntry(rootNodeRef, false, entries); 110 111 permissionService.setPermission(entry); 112 113 assertNotNull(permissionService.getSetPermissions(rootNodeRef)); 114 assertFalse(permissionService.getSetPermissions(rootNodeRef).inheritPermissions()); 115 assertEquals(rootNodeRef, permissionService.getSetPermissions(rootNodeRef).getNodeRef()); 116 assertEquals(4, permissionService.getSetPermissions(rootNodeRef).getPermissionEntries().size()); 117 } 118 119 public void testSetNodePermissionEntry2() 120 { 121 Set <SimplePermissionEntry> entries = new HashSet <SimplePermissionEntry>(); 122 entries.add(new SimplePermissionEntry(rootNodeRef, permissionService.getAllPermissionReference(), 123 permissionService.getAllAuthorities(), AccessStatus.ALLOWED)); 124 125 SimpleNodePermissionEntry entry = new SimpleNodePermissionEntry(rootNodeRef, false, entries); 126 127 permissionService.setPermission(entry); 128 129 assertNotNull(permissionService.getSetPermissions(rootNodeRef)); 130 assertFalse(permissionService.getSetPermissions(rootNodeRef).inheritPermissions()); 131 assertEquals(rootNodeRef, permissionService.getSetPermissions(rootNodeRef).getNodeRef()); 132 assertEquals(1, permissionService.getSetPermissions(rootNodeRef).getPermissionEntries().size()); 133 } 134 135 public void testAlterNodePermissions() 136 { 137 testSetNodePermissionEntry(); 138 testSetNodePermissionEntry2(); 139 testSetNodePermissionEntry(); 140 testSetNodePermissionEntry2(); 141 } 142 143 public void testSetPermissionEntryElements() 144 { 145 permissionService.setPermission(rootNodeRef, "andy", permissionService.getAllPermission(), true); 146 assertNotNull(permissionService.getSetPermissions(rootNodeRef)); 147 assertTrue(permissionService.getSetPermissions(rootNodeRef).inheritPermissions()); 148 assertEquals(rootNodeRef, permissionService.getSetPermissions(rootNodeRef).getNodeRef()); 149 assertEquals(1, permissionService.getSetPermissions(rootNodeRef).getPermissionEntries().size()); 150 for (PermissionEntry pe : permissionService.getSetPermissions(rootNodeRef).getPermissionEntries()) 151 { 152 assertEquals("andy", pe.getAuthority()); 153 assertTrue(pe.isAllowed()); 154 assertTrue(pe.getPermissionReference().getQName().equals( 155 permissionService.getAllPermissionReference().getQName())); 156 assertTrue(pe.getPermissionReference().getName().equals( 157 permissionService.getAllPermissionReference().getName())); 158 assertEquals(rootNodeRef, pe.getNodeRef()); 159 } 160 161 163 permissionService.setPermission(rootNodeRef, "andy", permissionService.getAllPermission(), true); 164 assertNotNull(permissionService.getSetPermissions(rootNodeRef)); 165 assertTrue(permissionService.getSetPermissions(rootNodeRef).inheritPermissions()); 166 assertEquals(rootNodeRef, permissionService.getSetPermissions(rootNodeRef).getNodeRef()); 167 assertEquals(1, permissionService.getSetPermissions(rootNodeRef).getPermissionEntries().size()); 168 169 171 permissionService.setPermission(rootNodeRef, "other", permissionService.getAllPermission(), true); 172 assertNotNull(permissionService.getSetPermissions(rootNodeRef)); 173 assertTrue(permissionService.getSetPermissions(rootNodeRef).inheritPermissions()); 174 assertEquals(rootNodeRef, permissionService.getSetPermissions(rootNodeRef).getNodeRef()); 175 assertEquals(2, permissionService.getSetPermissions(rootNodeRef).getPermissionEntries().size()); 176 177 179 permissionService.setPermission(rootNodeRef, "andy", permissionService.getAllPermission(), false); 180 assertNotNull(permissionService.getSetPermissions(rootNodeRef)); 181 assertTrue(permissionService.getSetPermissions(rootNodeRef).inheritPermissions()); 182 assertEquals(rootNodeRef, permissionService.getSetPermissions(rootNodeRef).getNodeRef()); 183 assertEquals(3, permissionService.getSetPermissions(rootNodeRef).getPermissionEntries().size()); 184 185 187 permissionService.setPermission(rootNodeRef, "andy", PermissionService.READ, false); 188 assertNotNull(permissionService.getSetPermissions(rootNodeRef)); 189 assertTrue(permissionService.getSetPermissions(rootNodeRef).inheritPermissions()); 190 assertEquals(rootNodeRef, permissionService.getSetPermissions(rootNodeRef).getNodeRef()); 191 assertEquals(4, permissionService.getSetPermissions(rootNodeRef).getPermissionEntries().size()); 192 193 195 permissionService.deletePermission(rootNodeRef, "andy", PermissionService.READ, false); 196 assertNotNull(permissionService.getSetPermissions(rootNodeRef)); 197 assertTrue(permissionService.getSetPermissions(rootNodeRef).inheritPermissions()); 198 assertEquals(rootNodeRef, permissionService.getSetPermissions(rootNodeRef).getNodeRef()); 199 assertEquals(3, permissionService.getSetPermissions(rootNodeRef).getPermissionEntries().size()); 200 201 permissionService.deletePermission(rootNodeRef, "andy", permissionService.getAllPermission(), false); 202 assertNotNull(permissionService.getSetPermissions(rootNodeRef)); 203 assertTrue(permissionService.getSetPermissions(rootNodeRef).inheritPermissions()); 204 assertEquals(rootNodeRef, permissionService.getSetPermissions(rootNodeRef).getNodeRef()); 205 assertEquals(2, permissionService.getSetPermissions(rootNodeRef).getPermissionEntries().size()); 206 207 permissionService.deletePermission(rootNodeRef, "other", permissionService.getAllPermission(), true); 208 assertNotNull(permissionService.getSetPermissions(rootNodeRef)); 209 assertTrue(permissionService.getSetPermissions(rootNodeRef).inheritPermissions()); 210 assertEquals(rootNodeRef, permissionService.getSetPermissions(rootNodeRef).getNodeRef()); 211 assertEquals(1, permissionService.getSetPermissions(rootNodeRef).getPermissionEntries().size()); 212 213 permissionService.deletePermission(rootNodeRef, "andy", permissionService.getAllPermission(), true); 214 assertNotNull(permissionService.getSetPermissions(rootNodeRef)); 215 assertTrue(permissionService.getSetPermissions(rootNodeRef).inheritPermissions()); 216 assertEquals(rootNodeRef, permissionService.getSetPermissions(rootNodeRef).getNodeRef()); 217 assertEquals(0, permissionService.getSetPermissions(rootNodeRef).getPermissionEntries().size()); 218 219 } 220 221 public void testSetPermissionEntry() 222 { 223 permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, permissionService 224 .getAllPermissionReference(), "andy", AccessStatus.ALLOWED)); 225 permissionService.setPermission(rootNodeRef, "andy", permissionService.getAllPermission(), true); 226 assertNotNull(permissionService.getSetPermissions(rootNodeRef)); 227 assertTrue(permissionService.getSetPermissions(rootNodeRef).inheritPermissions()); 228 assertEquals(rootNodeRef, permissionService.getSetPermissions(rootNodeRef).getNodeRef()); 229 assertEquals(1, permissionService.getSetPermissions(rootNodeRef).getPermissionEntries().size()); 230 for (PermissionEntry pe : permissionService.getSetPermissions(rootNodeRef).getPermissionEntries()) 231 { 232 assertEquals("andy", pe.getAuthority()); 233 assertTrue(pe.isAllowed()); 234 assertTrue(pe.getPermissionReference().getQName().equals( 235 permissionService.getAllPermissionReference().getQName())); 236 assertTrue(pe.getPermissionReference().getName().equals( 237 permissionService.getAllPermissionReference().getName())); 238 assertEquals(rootNodeRef, pe.getNodeRef()); 239 } 240 241 243 permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, permissionService 244 .getAllPermissionReference(), "andy", AccessStatus.ALLOWED)); 245 assertNotNull(permissionService.getSetPermissions(rootNodeRef)); 246 assertTrue(permissionService.getSetPermissions(rootNodeRef).inheritPermissions()); 247 assertEquals(rootNodeRef, permissionService.getSetPermissions(rootNodeRef).getNodeRef()); 248 assertEquals(1, permissionService.getSetPermissions(rootNodeRef).getPermissionEntries().size()); 249 250 252 permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, permissionService 253 .getAllPermissionReference(), "other", AccessStatus.ALLOWED)); 254 assertNotNull(permissionService.getSetPermissions(rootNodeRef)); 255 assertTrue(permissionService.getSetPermissions(rootNodeRef).inheritPermissions()); 256 assertEquals(rootNodeRef, permissionService.getSetPermissions(rootNodeRef).getNodeRef()); 257 assertEquals(2, permissionService.getSetPermissions(rootNodeRef).getPermissionEntries().size()); 258 259 261 permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, permissionService 262 .getAllPermissionReference(), "andy", AccessStatus.DENIED)); 263 assertNotNull(permissionService.getSetPermissions(rootNodeRef)); 264 assertTrue(permissionService.getSetPermissions(rootNodeRef).inheritPermissions()); 265 assertEquals(rootNodeRef, permissionService.getSetPermissions(rootNodeRef).getNodeRef()); 266 assertEquals(3, permissionService.getSetPermissions(rootNodeRef).getPermissionEntries().size()); 267 268 270 permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, new SimplePermissionReference(QName 271 .createQName("A", "B"), "C"), "andy", AccessStatus.DENIED)); 272 assertNotNull(permissionService.getSetPermissions(rootNodeRef)); 273 assertTrue(permissionService.getSetPermissions(rootNodeRef).inheritPermissions()); 274 assertEquals(rootNodeRef, permissionService.getSetPermissions(rootNodeRef).getNodeRef()); 275 assertEquals(4, permissionService.getSetPermissions(rootNodeRef).getPermissionEntries().size()); 276 277 permissionService.deletePermission(new SimplePermissionEntry(rootNodeRef, new SimplePermissionReference(QName 278 .createQName("A", "B"), "C"), "andy", AccessStatus.DENIED)); 279 assertNotNull(permissionService.getSetPermissions(rootNodeRef)); 280 assertTrue(permissionService.getSetPermissions(rootNodeRef).inheritPermissions()); 281 assertEquals(rootNodeRef, permissionService.getSetPermissions(rootNodeRef).getNodeRef()); 282 assertEquals(3, permissionService.getSetPermissions(rootNodeRef).getPermissionEntries().size()); 283 284 permissionService.deletePermission(new SimplePermissionEntry(rootNodeRef, permissionService 285 .getAllPermissionReference(), "andy", AccessStatus.DENIED)); 286 assertNotNull(permissionService.getSetPermissions(rootNodeRef)); 287 assertTrue(permissionService.getSetPermissions(rootNodeRef).inheritPermissions()); 288 assertEquals(rootNodeRef, permissionService.getSetPermissions(rootNodeRef).getNodeRef()); 289 assertEquals(2, permissionService.getSetPermissions(rootNodeRef).getPermissionEntries().size()); 290 291 permissionService.deletePermission(new SimplePermissionEntry(rootNodeRef, permissionService 292 .getAllPermissionReference(), "other", AccessStatus.ALLOWED)); 293 assertNotNull(permissionService.getSetPermissions(rootNodeRef)); 294 assertTrue(permissionService.getSetPermissions(rootNodeRef).inheritPermissions()); 295 assertEquals(rootNodeRef, permissionService.getSetPermissions(rootNodeRef).getNodeRef()); 296 assertEquals(1, permissionService.getSetPermissions(rootNodeRef).getPermissionEntries().size()); 297 298 permissionService.deletePermission(new SimplePermissionEntry(rootNodeRef, permissionService 299 .getAllPermissionReference(), "andy", AccessStatus.ALLOWED)); 300 assertNotNull(permissionService.getSetPermissions(rootNodeRef)); 301 assertTrue(permissionService.getSetPermissions(rootNodeRef).inheritPermissions()); 302 assertEquals(rootNodeRef, permissionService.getSetPermissions(rootNodeRef).getNodeRef()); 303 assertEquals(0, permissionService.getSetPermissions(rootNodeRef).getPermissionEntries().size()); 304 } 305 306 public void testGetSettablePermissionsForType() 307 { 308 Set <String > answer = permissionService.getSettablePermissions(QName.createQName("sys", "base", 309 namespacePrefixResolver)); 310 assertEquals(17, answer.size()); 311 312 answer = permissionService.getSettablePermissions(QName.createQName("cm", "ownable", namespacePrefixResolver)); 313 assertEquals(0, answer.size()); 314 315 answer = permissionService.getSettablePermissions(QName.createQName("cm", "content", namespacePrefixResolver)); 316 assertEquals(5, answer.size()); 317 318 answer = permissionService.getSettablePermissions(QName.createQName("cm", "folder", namespacePrefixResolver)); 319 assertEquals(5, answer.size()); 320 } 321 322 public void testGetSettablePermissionsForNode() 323 { 324 QName ownable = QName.createQName("cm", "ownable", namespacePrefixResolver); 325 326 Set <String > answer = permissionService.getSettablePermissions(rootNodeRef); 327 assertEquals(21, answer.size()); 328 329 nodeService.addAspect(rootNodeRef, ownable, null); 330 answer = permissionService.getSettablePermissions(rootNodeRef); 331 assertEquals(21, answer.size()); 332 333 nodeService.removeAspect(rootNodeRef, ownable); 334 answer = permissionService.getSettablePermissions(rootNodeRef); 335 assertEquals(21, answer.size()); 336 } 337 338 public void testSimplePermissionOnRoot() 339 { 340 runAs("andy"); 341 342 assertEquals(21, permissionService.getPermissions(rootNodeRef).size()); 343 assertEquals(0, countGranted(permissionService.getPermissions(rootNodeRef))); 344 assertEquals(0, permissionService.getAllSetPermissions(rootNodeRef).size()); 345 346 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED); 347 runAs("lemur"); 348 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED); 349 350 permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, 351 getPermission(PermissionService.READ_PROPERTIES), "andy", AccessStatus.ALLOWED)); 352 assertEquals(1, permissionService.getAllSetPermissions(rootNodeRef).size()); 353 runAs("andy"); 354 355 assertEquals(21, permissionService.getPermissions(rootNodeRef).size()); 356 assertEquals(1, countGranted(permissionService.getPermissions(rootNodeRef))); 357 358 assertTrue(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED); 359 runAs("lemur"); 360 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED); 361 362 permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, 363 getPermission(PermissionService.READ_PROPERTIES), "andy", AccessStatus.DENIED)); 364 assertEquals(2, permissionService.getAllSetPermissions(rootNodeRef).size()); 365 runAs("andy"); 366 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED); 367 runAs("lemur"); 368 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED); 369 370 permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, 371 getPermission(PermissionService.READ_PROPERTIES), "andy", AccessStatus.ALLOWED)); 372 assertEquals(2, permissionService.getAllSetPermissions(rootNodeRef).size()); 373 runAs("andy"); 374 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED); 375 runAs("lemur"); 376 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED); 377 378 permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, 379 getPermission(PermissionService.READ_PROPERTIES), "andy", AccessStatus.DENIED)); 380 assertEquals(2, permissionService.getAllSetPermissions(rootNodeRef).size()); 381 runAs("andy"); 382 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED); 383 runAs("lemur"); 384 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED); 385 386 permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, 387 getPermission(PermissionService.READ_PROPERTIES), "andy", AccessStatus.ALLOWED)); 388 assertEquals(2, permissionService.getAllSetPermissions(rootNodeRef).size()); 389 runAs("andy"); 390 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED); 391 runAs("lemur"); 392 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED); 393 394 permissionService.deletePermission(new SimplePermissionEntry(rootNodeRef, 395 getPermission(PermissionService.READ_PROPERTIES), "andy", AccessStatus.DENIED)); 396 assertEquals(1, permissionService.getAllSetPermissions(rootNodeRef).size()); 397 runAs("andy"); 398 assertTrue(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED); 399 runAs("lemur"); 400 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED); 401 402 permissionService.deletePermission(new SimplePermissionEntry(rootNodeRef, 403 getPermission(PermissionService.READ_PROPERTIES), "andy", AccessStatus.ALLOWED)); 404 assertEquals(0, permissionService.getAllSetPermissions(rootNodeRef).size()); 405 runAs("andy"); 406 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED); 407 runAs("lemur"); 408 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED); 409 } 410 411 private int countGranted(Set <AccessPermission> permissions) 412 { 413 int count = 0; 414 for (AccessPermission ap : permissions) 415 { 416 if (ap.getAccessStatus() == AccessStatus.ALLOWED) 417 { 418 count++; 419 } 420 } 421 return count; 422 } 423 424 public void testGlobalPermissionsForAdmin() 425 { 426 runAs("admin"); 427 NodeRef n1 = nodeService.createNode(rootNodeRef, ContentModel.ASSOC_CHILDREN, 428 QName.createQName("{namespace}one"), ContentModel.TYPE_FOLDER).getChildRef(); 429 430 NodeRef n2 = nodeService.createNode(n1, ContentModel.ASSOC_CONTAINS, QName.createQName("{namespace}two"), 431 ContentModel.TYPE_CONTENT).getChildRef(); 432 433 assertTrue(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED); 434 assertTrue(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED); 435 assertTrue(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CHILDREN)) == AccessStatus.ALLOWED); 436 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CONTENT)) == AccessStatus.ALLOWED); 437 assertTrue(permissionService.hasPermission(n1, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED); 438 assertTrue(permissionService.hasPermission(n1, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED); 439 assertTrue(permissionService.hasPermission(n1, getPermission(PermissionService.READ_CHILDREN)) == AccessStatus.ALLOWED); 440 assertFalse(permissionService.hasPermission(n1, getPermission(PermissionService.READ_CONTENT)) == AccessStatus.ALLOWED); 441 assertTrue(permissionService.hasPermission(n2, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED); 442 assertTrue(permissionService.hasPermission(n2, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED); 443 assertTrue(permissionService.hasPermission(n2, getPermission(PermissionService.READ_CHILDREN)) == AccessStatus.ALLOWED); 444 assertTrue(permissionService.hasPermission(n2, getPermission(PermissionService.READ_CONTENT)) == AccessStatus.ALLOWED); 445 446 permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, getPermission(PermissionService.READ), 447 "admin", AccessStatus.DENIED)); 448 permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, 449 getPermission(PermissionService.READ_PROPERTIES), "admin", AccessStatus.DENIED)); 450 permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, 451 getPermission(PermissionService.READ_CHILDREN), "admin", AccessStatus.DENIED)); 452 permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, 453 getPermission(PermissionService.READ_CONTENT), "admin", AccessStatus.DENIED)); 454 permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, 455 getPermission(PermissionService.ALL_PERMISSIONS), "admin", AccessStatus.DENIED)); 456 assertTrue(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED); 457 assertTrue(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED); 458 assertTrue(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CHILDREN)) == AccessStatus.ALLOWED); 459 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CONTENT)) == AccessStatus.ALLOWED); 460 assertTrue(permissionService.hasPermission(n1, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED); 461 assertTrue(permissionService.hasPermission(n1, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED); 462 assertTrue(permissionService.hasPermission(n1, getPermission(PermissionService.READ_CHILDREN)) == AccessStatus.ALLOWED); 463 assertFalse(permissionService.hasPermission(n1, getPermission(PermissionService.READ_CONTENT)) == AccessStatus.ALLOWED); 464 assertTrue(permissionService.hasPermission(n2, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED); 465 assertTrue(permissionService.hasPermission(n2, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED); 466 assertTrue(permissionService.hasPermission(n2, getPermission(PermissionService.READ_CHILDREN)) == AccessStatus.ALLOWED); 467 assertTrue(permissionService.hasPermission(n2, getPermission(PermissionService.READ_CONTENT)) == AccessStatus.ALLOWED); 468 } 469 470 public void testPermissionGroupOnRoot() 471 { 472 runAs("andy"); 473 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED); 474 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED); 475 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CHILDREN)) == AccessStatus.ALLOWED); 476 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CONTENT)) == AccessStatus.ALLOWED); 477 runAs("lemur"); 478 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED); 479 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED); 480 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CHILDREN)) == AccessStatus.ALLOWED); 481 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CONTENT)) == AccessStatus.ALLOWED); 482 483 assertEquals(0, permissionService.getAllSetPermissions(rootNodeRef).size()); 484 permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, getPermission(PermissionService.READ), 485 "andy", AccessStatus.ALLOWED)); 486 runAs("andy"); 487 488 assertEquals(21, permissionService.getPermissions(rootNodeRef).size()); 489 assertEquals(3, countGranted(permissionService.getPermissions(rootNodeRef))); 490 assertEquals(1, permissionService.getAllSetPermissions(rootNodeRef).size()); 491 492 assertTrue(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED); 493 assertTrue(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED); 494 assertTrue(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CHILDREN)) == AccessStatus.ALLOWED); 495 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CONTENT)) == AccessStatus.ALLOWED); 496 runAs("lemur"); 497 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED); 498 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED); 499 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CHILDREN)) == AccessStatus.ALLOWED); 500 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CONTENT)) == AccessStatus.ALLOWED); 501 502 permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, getPermission(PermissionService.READ), 503 "andy", AccessStatus.DENIED)); 504 runAs("andy"); 505 assertEquals(2, permissionService.getAllSetPermissions(rootNodeRef).size()); 506 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED); 507 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED); 508 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CHILDREN)) == AccessStatus.ALLOWED); 509 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CONTENT)) == AccessStatus.ALLOWED); 510 runAs("lemur"); 511 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED); 512 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED); 513 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CHILDREN)) == AccessStatus.ALLOWED); 514 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CONTENT)) == AccessStatus.ALLOWED); 515 516 permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, getPermission(PermissionService.READ), 517 "andy", AccessStatus.ALLOWED)); 518 runAs("andy"); 519 assertEquals(2, permissionService.getAllSetPermissions(rootNodeRef).size()); 520 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED); 521 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED); 522 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CHILDREN)) == AccessStatus.ALLOWED); 523 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CONTENT)) == AccessStatus.ALLOWED); 524 runAs("lemur"); 525 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED); 526 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED); 527 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CHILDREN)) == AccessStatus.ALLOWED); 528 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CONTENT)) == AccessStatus.ALLOWED); 529 530 permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, getPermission(PermissionService.READ), 531 "andy", AccessStatus.DENIED)); 532 runAs("andy"); 533 assertEquals(2, permissionService.getAllSetPermissions(rootNodeRef).size()); 534 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED); 535 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED); 536 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CHILDREN)) == AccessStatus.ALLOWED); 537 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CONTENT)) == AccessStatus.ALLOWED); 538 runAs("lemur"); 539 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED); 540 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED); 541 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CHILDREN)) == AccessStatus.ALLOWED); 542 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CONTENT)) == AccessStatus.ALLOWED); 543 544 permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, getPermission(PermissionService.READ), 545 "andy", AccessStatus.ALLOWED)); 546 runAs("andy"); 547 assertEquals(2, permissionService.getAllSetPermissions(rootNodeRef).size()); 548 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED); 549 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED); 550 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CHILDREN)) == AccessStatus.ALLOWED); 551 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CONTENT)) == AccessStatus.ALLOWED); 552 runAs("lemur"); 553 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED); 554 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED); 555 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CHILDREN)) == AccessStatus.ALLOWED); 556 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CONTENT)) == AccessStatus.ALLOWED); 557 558 permissionService.deletePermission(new SimplePermissionEntry(rootNodeRef, 559 getPermission(PermissionService.READ), "andy", AccessStatus.DENIED)); 560 runAs("andy"); 561 assertEquals(1, permissionService.getAllSetPermissions(rootNodeRef).size()); 562 assertTrue(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED); 563 assertTrue(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED); 564 assertTrue(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CHILDREN)) == AccessStatus.ALLOWED); 565 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CONTENT)) == AccessStatus.ALLOWED); 566 runAs("lemur"); 567 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED); 568 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED); 569 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CHILDREN)) == AccessStatus.ALLOWED); 570 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CONTENT)) == AccessStatus.ALLOWED); 571 572 permissionService.deletePermission(new SimplePermissionEntry(rootNodeRef, 573 getPermission(PermissionService.READ), "andy", AccessStatus.ALLOWED)); 574 runAs("andy"); 575 assertEquals(0, permissionService.getAllSetPermissions(rootNodeRef).size()); 576 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED); 577 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED); 578 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CHILDREN)) == AccessStatus.ALLOWED); 579 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CONTENT)) == AccessStatus.ALLOWED); 580 runAs("lemur"); 581 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED); 582 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED); 583 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CHILDREN)) == AccessStatus.ALLOWED); 584 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CONTENT)) == AccessStatus.ALLOWED); 585 runAs("andy"); 586 } 587 588 public void testSimplePermissionSimpleInheritance() 589 { 590 runAs("admin"); 591 592 NodeRef n1 = nodeService.createNode(rootNodeRef, ContentModel.ASSOC_CHILDREN, 593 QName.createQName("{namespace}one"), ContentModel.TYPE_FOLDER).getChildRef(); 594 595 runAs("andy"); 596 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED); 597 assertFalse(permissionService.hasPermission(n1, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED); 598 runAs("lemur"); 599 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED); 600 assertFalse(permissionService.hasPermission(n1, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED); 601 602 assertEquals(0, permissionService.getAllSetPermissions(rootNodeRef).size()); 603 permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, 604 getPermission(PermissionService.READ_PROPERTIES), "andy", AccessStatus.ALLOWED)); 605 runAs("andy"); 606 assertEquals(1, permissionService.getAllSetPermissions(rootNodeRef).size()); 607 assertTrue(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED); 608 assertTrue(permissionService.hasPermission(n1, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED); 609 runAs("lemur"); 610 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED); 611 assertFalse(permissionService.hasPermission(n1, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED); 612 613 permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, 614 getPermission(PermissionService.READ_CHILDREN), "andy", AccessStatus.ALLOWED)); 615 assertEquals(2, permissionService.getAllSetPermissions(rootNodeRef).size()); 616 runAs("andy"); 617 assertTrue(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED); 618 assertTrue(permissionService.hasPermission(n1, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED); 619 runAs("lemur"); 620 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED); 621 assertFalse(permissionService.hasPermission(n1, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED); 622 623 permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, 624 getPermission(PermissionService.READ_PROPERTIES), "andy", AccessStatus.DENIED)); 625 assertEquals(3, permissionService.getAllSetPermissions(rootNodeRef).size()); 626 runAs("andy"); 627 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED); 628 assertFalse(permissionService.hasPermission(n1, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED); 629 runAs("lemur"); 630 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED); 631 assertFalse(permissionService.hasPermission(n1, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED); 632 633 permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, 634 getPermission(PermissionService.READ_PROPERTIES), "andy", AccessStatus.ALLOWED)); 635 assertEquals(3, permissionService.getAllSetPermissions(rootNodeRef).size()); 636 runAs("andy"); 637 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED); 638 assertFalse(permissionService.hasPermission(n1, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED); 639 runAs("lemur"); 640 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED); 641 assertFalse(permissionService.hasPermission(n1, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED); 642 643 permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, 644 getPermission(PermissionService.READ_PROPERTIES), "andy", AccessStatus.DENIED)); 645 assertEquals(3, permissionService.getAllSetPermissions(rootNodeRef).size()); 646 runAs("andy"); 647 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED); 648 assertFalse(permissionService.hasPermission(n1, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED); 649 runAs("lemur"); 650 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED); 651 assertFalse(permissionService.hasPermission(n1, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED); 652 653 permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, 654 getPermission(PermissionService.READ_PROPERTIES), "andy", AccessStatus.ALLOWED)); 655 assertEquals(3, permissionService.getAllSetPermissions(rootNodeRef).size()); 656 runAs("andy"); 657 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED); 658 assertFalse(permissionService.hasPermission(n1, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED); 659 runAs("lemur"); 660 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED); 661 assertFalse(permissionService.hasPermission(n1, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED); 662 663 permissionService.deletePermission(new SimplePermissionEntry(rootNodeRef, 664 getPermission(PermissionService.READ_PROPERTIES), "andy", AccessStatus.DENIED)); 665 assertEquals(2, permissionService.getAllSetPermissions(rootNodeRef).size()); 666 runAs("andy"); 667 assertTrue(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED); 668 assertTrue(permissionService.hasPermission(n1, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED); 669 runAs("lemur"); 670 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED); 671 assertFalse(permissionService.hasPermission(n1, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED); 672 673 permissionService.deletePermission(new SimplePermissionEntry(rootNodeRef, 674 getPermission(PermissionService.READ_PROPERTIES), "andy", AccessStatus.ALLOWED)); 675 assertEquals(1, permissionService.getAllSetPermissions(rootNodeRef).size()); 676 runAs("andy"); 677 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED); 678 assertFalse(permissionService.hasPermission(n1, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED); 679 runAs("lemur"); 680 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED); 681 assertFalse(permissionService.hasPermission(n1, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED); 682 } 683 684 public void testPermissionGroupSimpleInheritance() 685 { 686 runAs("admin"); 687 688 NodeRef n1 = nodeService.createNode(rootNodeRef, ContentModel.ASSOC_CHILDREN, 689 QName.createQName("{namespace}one"), ContentModel.TYPE_FOLDER).getChildRef(); 690 691 runAs("andy"); 692 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED); 693 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED); 694 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CHILDREN)) == AccessStatus.ALLOWED); 695 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CONTENT)) == AccessStatus.ALLOWED); 696 assertFalse(permissionService.hasPermission(n1, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED); 697 assertFalse(permissionService.hasPermission(n1, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED); 698 assertFalse(permissionService.hasPermission(n1, getPermission(PermissionService.READ_CHILDREN)) == AccessStatus.ALLOWED); 699 assertFalse(permissionService.hasPermission(n1, getPermission(PermissionService.READ_CONTENT)) == AccessStatus.ALLOWED); 700 runAs("lemur"); 701 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED); 702 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED); 703 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CHILDREN)) == AccessStatus.ALLOWED); 704 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CONTENT)) == AccessStatus.ALLOWED); 705 assertFalse(permissionService.hasPermission(n1, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED); 706 assertFalse(permissionService.hasPermission(n1, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED); 707 assertFalse(permissionService.hasPermission(n1, getPermission(PermissionService.READ_CHILDREN)) == AccessStatus.ALLOWED); 708 assertFalse(permissionService.hasPermission(n1, getPermission(PermissionService.READ_CONTENT)) == AccessStatus.ALLOWED); 709 710 permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, getPermission(PermissionService.READ), 711 "andy", AccessStatus.ALLOWED)); 712 runAs("andy"); 713 assertTrue(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED); 714 assertTrue(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED); 715 assertTrue(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CHILDREN)) == AccessStatus.ALLOWED); 716 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CONTENT)) == AccessStatus.ALLOWED); 717 assertTrue(permissionService.hasPermission(n1, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED); 718 assertTrue(permissionService.hasPermission(n1, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED); 719 assertTrue(permissionService.hasPermission(n1, getPermission(PermissionService.READ_CHILDREN)) == AccessStatus.ALLOWED); 720 assertFalse(permissionService.hasPermission(n1, getPermission(PermissionService.READ_CONTENT)) == AccessStatus.ALLOWED); 721 runAs("lemur"); 722 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED); 723 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED); 724 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CHILDREN)) == AccessStatus.ALLOWED); 725 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CONTENT)) == AccessStatus.ALLOWED); 726 assertFalse(permissionService.hasPermission(n1, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED); 727 assertFalse(permissionService.hasPermission(n1, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED); 728 assertFalse(permissionService.hasPermission(n1, getPermission(PermissionService.READ_CHILDREN)) == AccessStatus.ALLOWED); 729 assertFalse(permissionService.hasPermission(n1, getPermission(PermissionService.READ_CONTENT)) == AccessStatus.ALLOWED); 730 731 permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, getPermission(PermissionService.READ), 732 "andy", AccessStatus.DENIED)); 733 runAs("andy"); 734 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED); 735 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED); 736 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CHILDREN)) == AccessStatus.ALLOWED); 737 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CONTENT)) == AccessStatus.ALLOWED); 738 assertFalse(permissionService.hasPermission(n1, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED); 739 assertFalse(permissionService.hasPermission(n1, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED); 740 assertFalse(permissionService.hasPermission(n1, getPermission(PermissionService.READ_CHILDREN)) == AccessStatus.ALLOWED); 741 assertFalse(permissionService.hasPermission(n1, getPermission(PermissionService.READ_CONTENT)) == AccessStatus.ALLOWED); 742 runAs("lemur"); 743 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED); 744 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED); 745 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CHILDREN)) == AccessStatus.ALLOWED); 746 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CONTENT)) == AccessStatus.ALLOWED); 747 assertFalse(permissionService.hasPermission(n1, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED); 748 assertFalse(permissionService.hasPermission(n1, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED); 749 assertFalse(permissionService.hasPermission(n1, getPermission(PermissionService.READ_CHILDREN)) == AccessStatus.ALLOWED); 750 assertFalse(permissionService.hasPermission(n1, getPermission(PermissionService.READ_CONTENT)) == AccessStatus.ALLOWED); 751 752 permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, getPermission(PermissionService.READ), 753 "andy", AccessStatus.ALLOWED)); 754 runAs("andy"); 755 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED); 756 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED); 757 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CHILDREN)) == AccessStatus.ALLOWED); 758 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CONTENT)) == AccessStatus.ALLOWED); 759 assertFalse(permissionService.hasPermission(n1, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED); 760 assertFalse(permissionService.hasPermission(n1, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED); 761 assertFalse(permissionService.hasPermission(n1, getPermission(PermissionService.READ_CHILDREN)) == AccessStatus.ALLOWED); 762 assertFalse(permissionService.hasPermission(n1, getPermission(PermissionService.READ_CONTENT)) == AccessStatus.ALLOWED); 763 runAs("lemur"); 764 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED); 765 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED); 766 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CHILDREN)) == AccessStatus.ALLOWED); 767 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CONTENT)) == AccessStatus.ALLOWED); 768 assertFalse(permissionService.hasPermission(n1, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED); 769 assertFalse(permissionService.hasPermission(n1, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED); 770 assertFalse(permissionService.hasPermission(n1, getPermission(PermissionService.READ_CHILDREN)) == AccessStatus.ALLOWED); 771 assertFalse(permissionService.hasPermission(n1, getPermission(PermissionService.READ_CONTENT)) == AccessStatus.ALLOWED); 772 773 permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, getPermission(PermissionService.READ), 774 "andy", AccessStatus.DENIED)); 775 runAs("andy"); 776 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED); 777 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED); 778 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CHILDREN)) == AccessStatus.ALLOWED); 779 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CONTENT)) == AccessStatus.ALLOWED); 780 assertFalse(permissionService.hasPermission(n1, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED); 781 assertFalse(permissionService.hasPermission(n1, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED); 782 assertFalse(permissionService.hasPermission(n1, getPermission(PermissionService.READ_CHILDREN)) == AccessStatus.ALLOWED); 783 assertFalse(permissionService.hasPermission(n1, getPermission(PermissionService.READ_CONTENT)) == AccessStatus.ALLOWED); 784 runAs("lemur"); 785 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED); 786 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED); 787 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CHILDREN)) == AccessStatus.ALLOWED); 788 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CONTENT)) == AccessStatus.ALLOWED); 789 assertFalse(permissionService.hasPermission(n1, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED); 790 assertFalse(permissionService.hasPermission(n1, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED); 791 assertFalse(permissionService.hasPermission(n1, getPermission(PermissionService.READ_CHILDREN)) == AccessStatus.ALLOWED); 792 assertFalse(permissionService.hasPermission(n1, getPermission(PermissionService.READ_CONTENT)) == AccessStatus.ALLOWED); 793 794 permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, getPermission(PermissionService.READ), 795 "andy", AccessStatus.ALLOWED)); 796 runAs("andy"); 797 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED); 798 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED); 799 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CHILDREN)) == AccessStatus.ALLOWED); 800 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CONTENT)) == AccessStatus.ALLOWED); 801 assertFalse(permissionService.hasPermission(n1, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED); 802 assertFalse(permissionService.hasPermission(n1, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED); 803 assertFalse(permissionService.hasPermission(n1, getPermission(PermissionService.READ_CHILDREN)) == AccessStatus.ALLOWED); 804 assertFalse(permissionService.hasPermission(n1, getPermission(PermissionService.READ_CONTENT)) == AccessStatus.ALLOWED); 805 runAs("lemur"); 806 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED); 807 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED); 808 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CHILDREN)) == AccessStatus.ALLOWED); 809 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CONTENT)) == AccessStatus.ALLOWED); 810 assertFalse(permissionService.hasPermission(n1, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED); 811 assertFalse(permissionService.hasPermission(n1, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED); 812 assertFalse(permissionService.hasPermission(n1, getPermission(PermissionService.READ_CHILDREN)) == AccessStatus.ALLOWED); 813 assertFalse(permissionService.hasPermission(n1, getPermission(PermissionService.READ_CONTENT)) == AccessStatus.ALLOWED); 814 815 permissionService.deletePermission(new SimplePermissionEntry(rootNodeRef, 816 getPermission(PermissionService.READ), "andy", AccessStatus.DENIED)); 817 runAs("andy"); 818 assertTrue(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED); 819 assertTrue(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED); 820 assertTrue(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CHILDREN)) == AccessStatus.ALLOWED); 821 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CONTENT)) == AccessStatus.ALLOWED); 822 assertTrue(permissionService.hasPermission(n1, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED); 823 assertTrue(permissionService.hasPermission(n1, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED); 824 assertTrue(permissionService.hasPermission(n1, getPermission(PermissionService.READ_CHILDREN)) == AccessStatus.ALLOWED); 825 assertFalse(permissionService.hasPermission(n1, getPermission(PermissionService.READ_CONTENT)) == AccessStatus.ALLOWED); 826 runAs("lemur"); 827 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED); 828 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED); 829 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CHILDREN)) == AccessStatus.ALLOWED); 830 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CONTENT)) == AccessStatus.ALLOWED); 831 assertFalse(permissionService.hasPermission(n1, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED); 832 assertFalse(permissionService.hasPermission(n1, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED); 833 assertFalse(permissionService.hasPermission(n1, getPermission(PermissionService.READ_CHILDREN)) == AccessStatus.ALLOWED); 834 assertFalse(permissionService.hasPermission(n1, getPermission(PermissionService.READ_CONTENT)) == AccessStatus.ALLOWED); 835 836 permissionService.deletePermission(new SimplePermissionEntry(rootNodeRef, 837 getPermission(PermissionService.READ), "andy", AccessStatus.ALLOWED)); 838 runAs("andy"); 839 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED); 840 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED); 841 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CHILDREN)) == AccessStatus.ALLOWED); 842 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CONTENT)) == AccessStatus.ALLOWED); 843 assertFalse(permissionService.hasPermission(n1, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED); 844 assertFalse(permissionService.hasPermission(n1, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED); 845 assertFalse(permissionService.hasPermission(n1, getPermission(PermissionService.READ_CHILDREN)) == AccessStatus.ALLOWED); 846 assertFalse(permissionService.hasPermission(n1, getPermission(PermissionService.READ_CONTENT)) == AccessStatus.ALLOWED); 847 runAs("lemur"); 848 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED); 849 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED); 850 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CHILDREN)) == AccessStatus.ALLOWED); 851 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CONTENT)) == AccessStatus.ALLOWED); 852 assertFalse(permissionService.hasPermission(n1, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED); 853 assertFalse(permissionService.hasPermission(n1, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED); 854 assertFalse(permissionService.hasPermission(n1, getPermission(PermissionService.READ_CHILDREN)) == AccessStatus.ALLOWED); 855 assertFalse(permissionService.hasPermission(n1, getPermission(PermissionService.READ_CONTENT)) == AccessStatus.ALLOWED); 856 } 857 858 public void testDenySimplePermisionOnRootNode() 859 { 860 runAs("andy"); 861 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED); 862 runAs("lemur"); 863 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED); 864 865 permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, 866 getPermission(PermissionService.READ_PROPERTIES), "andy", AccessStatus.ALLOWED)); 867 runAs("andy"); 868 assertTrue(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED); 869 runAs("lemur"); 870 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED); 871 872 permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, 873 getPermission(PermissionService.READ_PROPERTIES), "andy", AccessStatus.DENIED)); 874 runAs("andy"); 875 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED); 876 runAs("lemur"); 877 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED); 878 879 permissionService.deletePermission(new SimplePermissionEntry(rootNodeRef, 880 getPermission(PermissionService.READ_PROPERTIES), "andy", AccessStatus.DENIED)); 881 runAs("andy"); 882 assertTrue(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED); 883 runAs("lemur"); 884 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED); 885 886 permissionService.deletePermission(new SimplePermissionEntry(rootNodeRef, 887 getPermission(PermissionService.READ_PROPERTIES), "andy", AccessStatus.ALLOWED)); 888 runAs("andy"); 889 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED); 890 runAs("lemur"); 891 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED); 892 } 893 894 public void testDenyPermissionOnRootNOde() 895 { 896 897 runAs("andy"); 898 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED); 899 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED); 900 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CHILDREN)) == AccessStatus.ALLOWED); 901 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CONTENT)) == AccessStatus.ALLOWED); 902 runAs("lemur"); 903 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED); 904 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED); 905 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CHILDREN)) == AccessStatus.ALLOWED); 906 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CONTENT)) == AccessStatus.ALLOWED); 907 908 permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, getPermission(PermissionService.READ), 909 "andy", AccessStatus.ALLOWED)); 910 runAs("andy"); 911 assertTrue(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED); 912 assertTrue(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED); 913 assertTrue(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CHILDREN)) == AccessStatus.ALLOWED); 914 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CONTENT)) == AccessStatus.ALLOWED); 915 runAs("lemur"); 916 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED); 917 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED); 918 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CHILDREN)) == AccessStatus.ALLOWED); 919 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CONTENT)) == AccessStatus.ALLOWED); 920 921 permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, getPermission(PermissionService.READ), 922 "andy", AccessStatus.DENIED)); 923 runAs("andy"); 924 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED); 925 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED); 926 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CHILDREN)) == AccessStatus.ALLOWED); 927 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CONTENT)) == AccessStatus.ALLOWED); 928 runAs("lemur"); 929 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED); 930 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED); 931 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CHILDREN)) == AccessStatus.ALLOWED); 932 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CONTENT)) == AccessStatus.ALLOWED); 933 934 permissionService.deletePermission(new SimplePermissionEntry(rootNodeRef, 935 getPermission(PermissionService.READ), "andy", AccessStatus.DENIED)); 936 runAs("andy"); 937 assertTrue(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED); 938 assertTrue(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED); 939 assertTrue(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CHILDREN)) == AccessStatus.ALLOWED); 940 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CONTENT)) == AccessStatus.ALLOWED); 941 runAs("lemur"); 942 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED); 943 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED); 944 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CHILDREN)) == AccessStatus.ALLOWED); 945 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CONTENT)) == AccessStatus.ALLOWED); 946 947 permissionService.deletePermission(new SimplePermissionEntry(rootNodeRef, 948 getPermission(PermissionService.READ), "andy", AccessStatus.ALLOWED)); 949 runAs("andy"); 950 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED); 951 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED); 952 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CHILDREN)) == AccessStatus.ALLOWED); 953 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CONTENT)) == AccessStatus.ALLOWED); 954 runAs("lemur"); 955 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED); 956 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED); 957 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CHILDREN)) == AccessStatus.ALLOWED); 958 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CONTENT)) == AccessStatus.ALLOWED); 959 } 960 961 public void testComplexDenyOnRootNode() 962 { 963 964 runAs("andy"); 965 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED); 966 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED); 967 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CHILDREN)) == AccessStatus.ALLOWED); 968 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CONTENT)) == AccessStatus.ALLOWED); 969 runAs("lemur"); 970 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED); 971 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED); 972 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CHILDREN)) == AccessStatus.ALLOWED); 973 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CONTENT)) == AccessStatus.ALLOWED); 974 975 permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, getPermission(PermissionService.READ), 976 "andy", AccessStatus.ALLOWED)); 977 runAs("andy"); 978 assertTrue(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED); 979 assertTrue(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED); 980 assertTrue(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CHILDREN)) == AccessStatus.ALLOWED); 981 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CONTENT)) == AccessStatus.ALLOWED); 982 runAs("lemur"); 983 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED); 984 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED); 985 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CHILDREN)) == AccessStatus.ALLOWED); 986 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CONTENT)) == AccessStatus.ALLOWED); 987 988 permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, 989 getPermission(PermissionService.READ_PROPERTIES), "andy", AccessStatus.DENIED)); 990 runAs("andy"); 991 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED); 992 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED); 993 assertTrue(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CHILDREN)) == AccessStatus.ALLOWED); 994 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CONTENT)) == AccessStatus.ALLOWED); 995 runAs("lemur"); 996 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED); 997 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED); 998 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CHILDREN)) == AccessStatus.ALLOWED); 999 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CONTENT)) == AccessStatus.ALLOWED); 1000 1001 permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, 1002 getPermission(PermissionService.READ_CHILDREN), "andy", AccessStatus.ALLOWED)); 1003 runAs("andy"); 1004 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED); 1005 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED); 1006 assertTrue(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CHILDREN)) == AccessStatus.ALLOWED); 1007 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CONTENT)) == AccessStatus.ALLOWED); 1008 runAs("lemur"); 1009 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED); 1010 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED); 1011 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CHILDREN)) == AccessStatus.ALLOWED); 1012 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CONTENT)) == AccessStatus.ALLOWED); 1013 1014 permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, getPermission(PermissionService.READ), 1015 "andy", AccessStatus.DENIED)); 1016 runAs("andy"); 1017 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED); 1018 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED); 1019 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CHILDREN)) == AccessStatus.ALLOWED); 1020 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CONTENT)) == AccessStatus.ALLOWED); 1021 runAs("lemur"); 1022 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED); 1023 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED); 1024 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CHILDREN)) == AccessStatus.ALLOWED); 1025 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CONTENT)) == AccessStatus.ALLOWED); 1026 } 1027 1028 public void testPerf() throws Exception 1029 { 1030 runAs("admin"); 1031 1032 1036 NodeRef n1 = nodeService.createNode(rootNodeRef, ContentModel.ASSOC_CHILDREN, 1037 QName.createQName("{namespace}one"), ContentModel.TYPE_FOLDER).getChildRef(); 1038 NodeRef n2 = nodeService.createNode(n1, ContentModel.ASSOC_CONTAINS, QName.createQName("{namespace}two"), 1039 ContentModel.TYPE_FOLDER).getChildRef(); 1040 NodeRef n3 = nodeService.createNode(n2, ContentModel.ASSOC_CONTAINS, QName.createQName("{namespace}three"), 1041 ContentModel.TYPE_FOLDER).getChildRef(); 1042 NodeRef n4 = nodeService.createNode(n3, ContentModel.ASSOC_CONTAINS, QName.createQName("{namespace}four"), 1043 ContentModel.TYPE_FOLDER).getChildRef(); 1044 NodeRef n5 = nodeService.createNode(n4, ContentModel.ASSOC_CONTAINS, QName.createQName("{namespace}five"), 1045 ContentModel.TYPE_FOLDER).getChildRef(); 1046 NodeRef n6 = nodeService.createNode(n5, ContentModel.ASSOC_CONTAINS, QName.createQName("{namespace}six"), 1047 ContentModel.TYPE_FOLDER).getChildRef(); 1048 NodeRef n7 = nodeService.createNode(n6, ContentModel.ASSOC_CONTAINS, QName.createQName("{namespace}seven"), 1049 ContentModel.TYPE_FOLDER).getChildRef(); 1050 NodeRef n8 = nodeService.createNode(n7, ContentModel.ASSOC_CONTAINS, QName.createQName("{namespace}eight"), 1051 ContentModel.TYPE_FOLDER).getChildRef(); 1052 NodeRef n9 = nodeService.createNode(n8, ContentModel.ASSOC_CONTAINS, QName.createQName("{namespace}nine"), 1053 ContentModel.TYPE_FOLDER).getChildRef(); 1054 NodeRef n10 = nodeService.createNode(n9, ContentModel.ASSOC_CONTAINS, QName.createQName("{namespace}ten"), 1055 ContentModel.TYPE_FOLDER).getChildRef(); 1056 1057 permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, getPermission(PermissionService.READ), 1058 "andy", AccessStatus.ALLOWED)); 1059 1066 long start; 1067 long end; 1068 long time = 0; 1069 for (int i = 0; i < 1000; i++) 1070 { 1071 getSession().flush(); 1072 start = System.nanoTime(); 1074 assertTrue(permissionService.hasPermission(n10, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED); 1075 end = System.nanoTime(); 1076 time += (end - start); 1077 } 1078 System.out.println("Time is " + (time / 1000000000.0)); 1079 1081 time = 0; 1082 for (int i = 0; i < 1000; i++) 1083 { 1084 start = System.nanoTime(); 1085 assertTrue(permissionService.hasPermission(n10, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED); 1086 end = System.nanoTime(); 1087 time += (end - start); 1088 } 1089 System.out.println("Time is " + (time / 1000000000.0)); 1090 1092 } 1094 1095 public void testAllPermissions() 1096 { 1097 runAs("andy"); 1098 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED); 1099 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.WRITE)) == AccessStatus.ALLOWED); 1100 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED); 1101 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CHILDREN)) == AccessStatus.ALLOWED); 1102 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CONTENT)) == AccessStatus.ALLOWED); 1103 runAs("lemur"); 1104 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED); 1105 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.WRITE)) == AccessStatus.ALLOWED); 1106 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED); 1107 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CHILDREN)) == AccessStatus.ALLOWED); 1108 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CONTENT)) == AccessStatus.ALLOWED); 1109 1110 assertEquals(0, permissionService.getAllSetPermissions(rootNodeRef).size()); 1111 permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, permissionService 1112 .getAllPermissionReference(), "andy", AccessStatus.ALLOWED)); 1113 assertEquals(1, permissionService.getAllSetPermissions(rootNodeRef).size()); 1114 runAs("andy"); 1115 assertTrue(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED); 1116 assertTrue(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.WRITE)) == AccessStatus.ALLOWED); 1117 assertTrue(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED); 1118 assertTrue(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CHILDREN)) == AccessStatus.ALLOWED); 1119 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CONTENT)) == AccessStatus.ALLOWED); 1120 runAs("lemur"); 1121 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED); 1122 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.WRITE)) == AccessStatus.ALLOWED); 1123 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED); 1124 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CHILDREN)) == AccessStatus.ALLOWED); 1125 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CONTENT)) == AccessStatus.ALLOWED); 1126 1127 permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, getPermission(PermissionService.READ), 1128 "andy", AccessStatus.DENIED)); 1129 runAs("andy"); 1130 assertEquals(2, permissionService.getAllSetPermissions(rootNodeRef).size()); 1131 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED); 1132 assertTrue(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.WRITE)) == AccessStatus.ALLOWED); 1133 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED); 1134 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CHILDREN)) == AccessStatus.ALLOWED); 1135 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CONTENT)) == AccessStatus.ALLOWED); 1136 runAs("lemur"); 1137 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED); 1138 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.WRITE)) == AccessStatus.ALLOWED); 1139 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED); 1140 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CHILDREN)) == AccessStatus.ALLOWED); 1141 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CONTENT)) == AccessStatus.ALLOWED); 1142 1143 permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, permissionService 1144 .getAllPermissionReference(), "andy", AccessStatus.DENIED)); 1145 assertEquals(3, permissionService.getAllSetPermissions(rootNodeRef).size()); 1146 runAs("andy"); 1147 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED); 1148 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.WRITE)) == AccessStatus.ALLOWED); 1149 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED); 1150 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CHILDREN)) == AccessStatus.ALLOWED); 1151 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CONTENT)) == AccessStatus.ALLOWED); 1152 runAs("lemur"); 1153 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED); 1154 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.WRITE)) == AccessStatus.ALLOWED); 1155 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED); 1156 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CHILDREN)) == AccessStatus.ALLOWED); 1157 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CONTENT)) == AccessStatus.ALLOWED); 1158 1159 } 1160 1161 public void testAuthenticatedAuthority() 1162 { 1163 1164 runAs("andy"); 1165 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED); 1166 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED); 1167 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CHILDREN)) == AccessStatus.ALLOWED); 1168 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CONTENT)) == AccessStatus.ALLOWED); 1169 runAs("lemur"); 1170 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED); 1171 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED); 1172 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CHILDREN)) == AccessStatus.ALLOWED); 1173 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CONTENT)) == AccessStatus.ALLOWED); 1174 1175 permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, getPermission(PermissionService.READ), 1176 ROLE_AUTHENTICATED, AccessStatus.ALLOWED)); 1177 runAs("andy"); 1178 assertTrue(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED); 1179 assertTrue(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED); 1180 assertTrue(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CHILDREN)) == AccessStatus.ALLOWED); 1181 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CONTENT)) == AccessStatus.ALLOWED); 1182 runAs("lemur"); 1183 assertTrue(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED); 1184 assertTrue(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED); 1185 assertTrue(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CHILDREN)) == AccessStatus.ALLOWED); 1186 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CONTENT)) == AccessStatus.ALLOWED); 1187 1188 permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, getPermission(PermissionService.READ), 1189 ROLE_AUTHENTICATED, AccessStatus.DENIED)); 1190 runAs("andy"); 1191 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED); 1192 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED); 1193 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CHILDREN)) == AccessStatus.ALLOWED); 1194 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CONTENT)) == AccessStatus.ALLOWED); 1195 runAs("lemur"); 1196 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED); 1197 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED); 1198 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CHILDREN)) == AccessStatus.ALLOWED); 1199 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CONTENT)) == AccessStatus.ALLOWED); 1200 1201 permissionService.deletePermission(new SimplePermissionEntry(rootNodeRef, 1202 getPermission(PermissionService.READ), ROLE_AUTHENTICATED, AccessStatus.DENIED)); 1203 runAs("andy"); 1204 assertTrue(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED); 1205 assertTrue(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED); 1206 assertTrue(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CHILDREN)) == AccessStatus.ALLOWED); 1207 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CONTENT)) == AccessStatus.ALLOWED); 1208 runAs("lemur"); 1209 assertTrue(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED); 1210 assertTrue(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED); 1211 assertTrue(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CHILDREN)) == AccessStatus.ALLOWED); 1212 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CONTENT)) == AccessStatus.ALLOWED); 1213 1214 permissionService.deletePermission(new SimplePermissionEntry(rootNodeRef, 1215 getPermission(PermissionService.READ), ROLE_AUTHENTICATED, AccessStatus.ALLOWED)); 1216 runAs("andy"); 1217 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED); 1218 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED); 1219 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CHILDREN)) == AccessStatus.ALLOWED); 1220 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CONTENT)) == AccessStatus.ALLOWED); 1221 runAs("lemur"); 1222 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED); 1223 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED); 1224 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CHILDREN)) == AccessStatus.ALLOWED); 1225 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CONTENT)) == AccessStatus.ALLOWED); 1226 } 1227 1228 public void testAllAuthorities() 1229 { 1230 1231 runAs("andy"); 1232 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED); 1233 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED); 1234 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CHILDREN)) == AccessStatus.ALLOWED); 1235 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CONTENT)) == AccessStatus.ALLOWED); 1236 runAs("lemur"); 1237 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED); 1238 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED); 1239 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CHILDREN)) == AccessStatus.ALLOWED); 1240 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CONTENT)) == AccessStatus.ALLOWED); 1241 1242 permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, getPermission(PermissionService.READ), 1243 permissionService.getAllAuthorities(), AccessStatus.ALLOWED)); 1244 runAs("andy"); 1245 assertTrue(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED); 1246 assertTrue(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED); 1247 assertTrue(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CHILDREN)) == AccessStatus.ALLOWED); 1248 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CONTENT)) == AccessStatus.ALLOWED); 1249 runAs("lemur"); 1250 assertTrue(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED); 1251 assertTrue(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED); 1252 assertTrue(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CHILDREN)) == AccessStatus.ALLOWED); 1253 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CONTENT)) == AccessStatus.ALLOWED); 1254 1255 permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, getPermission(PermissionService.READ), 1256 permissionService.getAllAuthorities(), AccessStatus.DENIED)); 1257 runAs("andy"); 1258 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED); 1259 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED); 1260 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CHILDREN)) == AccessStatus.ALLOWED); 1261 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CONTENT)) == AccessStatus.ALLOWED); 1262 runAs("lemur"); 1263 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED); 1264 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED); 1265 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CHILDREN)) == AccessStatus.ALLOWED); 1266 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CONTENT)) == AccessStatus.ALLOWED); 1267 1268 permissionService.deletePermission(new SimplePermissionEntry(rootNodeRef, 1269 getPermission(PermissionService.READ), permissionService.getAllAuthorities(), AccessStatus.DENIED)); 1270 runAs("andy"); 1271 assertTrue(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED); 1272 assertTrue(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED); 1273 assertTrue(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CHILDREN)) == AccessStatus.ALLOWED); 1274 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CONTENT)) == AccessStatus.ALLOWED); 1275 runAs("lemur"); 1276 assertTrue(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED); 1277 assertTrue(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED); 1278 assertTrue(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CHILDREN)) == AccessStatus.ALLOWED); 1279 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CONTENT)) == AccessStatus.ALLOWED); 1280 1281 permissionService.deletePermission(new SimplePermissionEntry(rootNodeRef, 1282 getPermission(PermissionService.READ), permissionService.getAllAuthorities(), AccessStatus.ALLOWED)); 1283 runAs("andy"); 1284 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED); 1285 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED); 1286 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CHILDREN)) == AccessStatus.ALLOWED); 1287 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CONTENT)) == AccessStatus.ALLOWED); 1288 runAs("lemur"); 1289 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED); 1290 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED); 1291 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CHILDREN)) == AccessStatus.ALLOWED); 1292 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CONTENT)) == AccessStatus.ALLOWED); 1293 } 1294 1295 public void testAllPermissionsAllAuthorities() 1296 { 1297 1298 runAs("andy"); 1299 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED); 1300 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.WRITE)) == AccessStatus.ALLOWED); 1301 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED); 1302 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CHILDREN)) == AccessStatus.ALLOWED); 1303 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CONTENT)) == AccessStatus.ALLOWED); 1304 runAs("lemur"); 1305 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED); 1306 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.WRITE)) == AccessStatus.ALLOWED); 1307 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED); 1308 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CHILDREN)) == AccessStatus.ALLOWED); 1309 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CONTENT)) == AccessStatus.ALLOWED); 1310 1311 permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, permissionService 1312 .getAllPermissionReference(), permissionService.getAllAuthorities(), AccessStatus.ALLOWED)); 1313 runAs("andy"); 1314 assertTrue(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED); 1315 assertTrue(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.WRITE)) == AccessStatus.ALLOWED); 1316 assertTrue(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED); 1317 assertTrue(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CHILDREN)) == AccessStatus.ALLOWED); 1318 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CONTENT)) == AccessStatus.ALLOWED); 1319 runAs("lemur"); 1320 assertTrue(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED); 1321 assertTrue(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.WRITE)) == AccessStatus.ALLOWED); 1322 assertTrue(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED); 1323 assertTrue(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CHILDREN)) == AccessStatus.ALLOWED); 1324 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CONTENT)) == AccessStatus.ALLOWED); 1325 1326 permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, getPermission(PermissionService.READ), 1327 permissionService.getAllAuthorities(), AccessStatus.DENIED)); 1328 runAs("andy"); 1329 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED); 1330 assertTrue(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.WRITE)) == AccessStatus.ALLOWED); 1331 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED); 1332 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CHILDREN)) == AccessStatus.ALLOWED); 1333 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CONTENT)) == AccessStatus.ALLOWED); 1334 runAs("lemur"); 1335 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED); 1336 assertTrue(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.WRITE)) == AccessStatus.ALLOWED); 1337 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED); 1338 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CHILDREN)) == AccessStatus.ALLOWED); 1339 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CONTENT)) == AccessStatus.ALLOWED); 1340 1341 permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, permissionService 1342 .getAllPermissionReference(), permissionService.getAllAuthorities(), AccessStatus.DENIED)); 1343 runAs("andy"); 1344 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED); 1345 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.WRITE)) == AccessStatus.ALLOWED); 1346 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED); 1347 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CHILDREN)) == AccessStatus.ALLOWED); 1348 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CONTENT)) == AccessStatus.ALLOWED); 1349 runAs("lemur"); 1350 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED); 1351 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.WRITE)) == AccessStatus.ALLOWED); 1352 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED); 1353 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CHILDREN)) == AccessStatus.ALLOWED); 1354 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CONTENT)) == AccessStatus.ALLOWED); 1355 } 1356 1357 public void testGroupAndUserInteraction() 1358 { 1359 1360 runAs("andy"); 1361 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED); 1362 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED); 1363 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CHILDREN)) == AccessStatus.ALLOWED); 1364 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CONTENT)) == AccessStatus.ALLOWED); 1365 runAs("lemur"); 1366 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED); 1367 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED); 1368 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CHILDREN)) == AccessStatus.ALLOWED); 1369 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CONTENT)) == AccessStatus.ALLOWED); 1370 1371 permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, getPermission(PermissionService.READ), 1372 "andy", AccessStatus.ALLOWED)); 1373 runAs("andy"); 1374 assertTrue(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED); 1375 assertTrue(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED); 1376 assertTrue(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CHILDREN)) == AccessStatus.ALLOWED); 1377 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CONTENT)) == AccessStatus.ALLOWED); 1378 runAs("lemur"); 1379 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED); 1380 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED); 1381 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CHILDREN)) == AccessStatus.ALLOWED); 1382 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CONTENT)) == AccessStatus.ALLOWED); 1383 1384 permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, getPermission(PermissionService.READ), 1385 ROLE_AUTHENTICATED, AccessStatus.ALLOWED)); 1386 runAs("andy"); 1387 assertTrue(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED); 1388 assertTrue(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED); 1389 assertTrue(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CHILDREN)) == AccessStatus.ALLOWED); 1390 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CONTENT)) == AccessStatus.ALLOWED); 1391 runAs("lemur"); 1392 assertTrue(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED); 1393 assertTrue(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED); 1394 assertTrue(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CHILDREN)) == AccessStatus.ALLOWED); 1395 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CONTENT)) == AccessStatus.ALLOWED); 1396 1397 permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, 1398 getPermission(PermissionService.READ_PROPERTIES), "andy", AccessStatus.DENIED)); 1399 runAs("andy"); 1400 assertTrue(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED); 1401 assertTrue(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED); 1402 assertTrue(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CHILDREN)) == AccessStatus.ALLOWED); 1403 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CONTENT)) == AccessStatus.ALLOWED); 1404 runAs("lemur"); 1405 assertTrue(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED); 1406 assertTrue(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED); 1407 assertTrue(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CHILDREN)) == AccessStatus.ALLOWED); 1408 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CONTENT)) == AccessStatus.ALLOWED); 1409 1410 permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, 1411 getPermission(PermissionService.READ_CHILDREN), "andy", AccessStatus.ALLOWED)); 1412 runAs("andy"); 1413 assertTrue(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED); 1414 assertTrue(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED); 1415 assertTrue(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CHILDREN)) == AccessStatus.ALLOWED); 1416 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CONTENT)) == AccessStatus.ALLOWED); 1417 runAs("lemur"); 1418 assertTrue(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED); 1419 assertTrue(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED); 1420 assertTrue(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CHILDREN)) == AccessStatus.ALLOWED); 1421 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CONTENT)) == AccessStatus.ALLOWED); 1422 1423 permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, getPermission(PermissionService.READ), 1424 "andy", AccessStatus.DENIED)); 1425 runAs("andy"); 1426 assertTrue(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED); 1427 assertTrue(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED); 1428 assertTrue(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CHILDREN)) == AccessStatus.ALLOWED); 1429 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CONTENT)) == AccessStatus.ALLOWED); 1430 runAs("lemur"); 1431 assertTrue(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED); 1432 assertTrue(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED); 1433 assertTrue(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CHILDREN)) == AccessStatus.ALLOWED); 1434 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CONTENT)) == AccessStatus.ALLOWED); 1435 } 1436 1437 public void testInheritPermissions() 1438 { 1439 runAs("admin"); 1440 NodeRef n1 = nodeService.createNode(rootNodeRef, ContentModel.ASSOC_CHILDREN, 1441 QName.createQName("{namespace}one"), ContentModel.TYPE_FOLDER).getChildRef(); 1442 NodeRef n2 = nodeService.createNode(n1, ContentModel.ASSOC_CONTAINS, QName.createQName("{namespace}two"), 1443 ContentModel.TYPE_FOLDER).getChildRef(); 1444 1445 runAs("andy"); 1446 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED); 1447 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED); 1448 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CHILDREN)) == AccessStatus.ALLOWED); 1449 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CONTENT)) == AccessStatus.ALLOWED); 1450 runAs("lemur"); 1451 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED); 1452 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED); 1453 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CHILDREN)) == AccessStatus.ALLOWED); 1454 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CONTENT)) == AccessStatus.ALLOWED); 1455 1456 permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, getPermission(PermissionService.READ), 1457 "andy", AccessStatus.ALLOWED)); 1458 permissionService.setPermission(new SimplePermissionEntry(n1, getPermission(PermissionService.READ), "andy", 1459 AccessStatus.ALLOWED)); 1460 1461 runAs("andy"); 1462 assertTrue(permissionService.hasPermission(n2, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED); 1463 assertTrue(permissionService.hasPermission(n2, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED); 1464 assertTrue(permissionService.hasPermission(n2, getPermission(PermissionService.READ_CHILDREN)) == AccessStatus.ALLOWED); 1465 assertFalse(permissionService.hasPermission(n2, getPermission(PermissionService.READ_CONTENT)) == AccessStatus.ALLOWED); 1466 runAs("lemur"); 1467 assertFalse(permissionService.hasPermission(n2, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED); 1468 assertFalse(permissionService.hasPermission(n2, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED); 1469 assertFalse(permissionService.hasPermission(n2, getPermission(PermissionService.READ_CHILDREN)) == AccessStatus.ALLOWED); 1470 assertFalse(permissionService.hasPermission(n2, getPermission(PermissionService.READ_CONTENT)) == AccessStatus.ALLOWED); 1471 1472 permissionService.setInheritParentPermissions(n2, false); 1473 1474 runAs("andy"); 1475 assertFalse(permissionService.hasPermission(n2, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED); 1476 assertFalse(permissionService.hasPermission(n2, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED); 1477 assertFalse(permissionService.hasPermission(n2, getPermission(PermissionService.READ_CHILDREN)) == AccessStatus.ALLOWED); 1478 assertFalse(permissionService.hasPermission(n2, getPermission(PermissionService.READ_CONTENT)) == AccessStatus.ALLOWED); 1479 runAs("lemur"); 1480 assertFalse(permissionService.hasPermission(n2, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED); 1481 assertFalse(permissionService.hasPermission(n2, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED); 1482 assertFalse(permissionService.hasPermission(n2, getPermission(PermissionService.READ_CHILDREN)) == AccessStatus.ALLOWED); 1483 assertFalse(permissionService.hasPermission(n2, getPermission(PermissionService.READ_CONTENT)) == AccessStatus.ALLOWED); 1484 1485 permissionService.setInheritParentPermissions(n2, true); 1486 1487 runAs("andy"); 1488 assertTrue(permissionService.hasPermission(n2, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED); 1489 assertTrue(permissionService.hasPermission(n2, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED); 1490 assertTrue(permissionService.hasPermission(n2, getPermission(PermissionService.READ_CHILDREN)) == AccessStatus.ALLOWED); 1491 assertFalse(permissionService.hasPermission(n2, getPermission(PermissionService.READ_CONTENT)) == AccessStatus.ALLOWED); 1492 runAs("lemur"); 1493 assertFalse(permissionService.hasPermission(n2, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED); 1494 assertFalse(permissionService.hasPermission(n2, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED); 1495 assertFalse(permissionService.hasPermission(n2, getPermission(PermissionService.READ_CHILDREN)) == AccessStatus.ALLOWED); 1496 assertFalse(permissionService.hasPermission(n2, getPermission(PermissionService.READ_CONTENT)) == AccessStatus.ALLOWED); 1497 1498 } 1499 1500 public void testAncestorRequirementAndInheritance() 1501 { 1502 runAs("admin"); 1503 1504 NodeRef n1 = nodeService.createNode(rootNodeRef, ContentModel.ASSOC_CHILDREN, 1505 QName.createQName("{namespace}one"), ContentModel.TYPE_FOLDER).getChildRef(); 1506 NodeRef n2 = nodeService.createNode(n1, ContentModel.ASSOC_CONTAINS, QName.createQName("{namespace}two"), 1507 ContentModel.TYPE_FOLDER).getChildRef(); 1508 1509 runAs("andy"); 1510 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED); 1511 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED); 1512 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CHILDREN)) == AccessStatus.ALLOWED); 1513 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CONTENT)) == AccessStatus.ALLOWED); 1514 runAs("lemur"); 1515 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED); 1516 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED); 1517 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CHILDREN)) == AccessStatus.ALLOWED); 1518 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CONTENT)) == AccessStatus.ALLOWED); 1519 1520 permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, 1521 getPermission(PermissionService.READ_CHILDREN), "andy", AccessStatus.ALLOWED)); 1522 permissionService.setPermission(new SimplePermissionEntry(n1, getPermission(PermissionService.READ_CHILDREN), 1523 "andy", AccessStatus.ALLOWED)); 1524 permissionService.setPermission(new SimplePermissionEntry(n2, getPermission(PermissionService.READ_PROPERTIES), 1525 "andy", AccessStatus.ALLOWED)); 1526 1527 runAs("andy"); 1528 assertTrue(permissionService.hasPermission(n2, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED); 1529 assertTrue(permissionService.hasPermission(n2, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED); 1530 assertTrue(permissionService.hasPermission(n2, getPermission(PermissionService.READ_CHILDREN)) == AccessStatus.ALLOWED); 1531 assertFalse(permissionService.hasPermission(n2, getPermission(PermissionService.READ_CONTENT)) == AccessStatus.ALLOWED); 1532 runAs("lemur"); 1533 assertFalse(permissionService.hasPermission(n2, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED); 1534 assertFalse(permissionService.hasPermission(n2, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED); 1535 assertFalse(permissionService.hasPermission(n2, getPermission(PermissionService.READ_CHILDREN)) == AccessStatus.ALLOWED); 1536 assertFalse(permissionService.hasPermission(n2, getPermission(PermissionService.READ_CONTENT)) == AccessStatus.ALLOWED); 1537 1538 permissionService.setPermission(new SimplePermissionEntry(n1, getPermission(PermissionService.READ_CHILDREN), 1539 "andy", AccessStatus.DENIED)); 1540 permissionService.setInheritParentPermissions(n2, false); 1541 1542 runAs("andy"); 1543 assertFalse(permissionService.hasPermission(n2, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED); 1544 assertTrue(permissionService.hasPermission(n2, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED); 1545 assertFalse(permissionService.hasPermission(n2, getPermission(PermissionService.READ_CHILDREN)) == AccessStatus.ALLOWED); 1546 assertFalse(permissionService.hasPermission(n2, getPermission(PermissionService.READ_CONTENT)) == AccessStatus.ALLOWED); 1547 runAs("lemur"); 1548 assertFalse(permissionService.hasPermission(n2, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED); 1549 assertFalse(permissionService.hasPermission(n2, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED); 1550 assertFalse(permissionService.hasPermission(n2, getPermission(PermissionService.READ_CHILDREN)) == AccessStatus.ALLOWED); 1551 assertFalse(permissionService.hasPermission(n2, getPermission(PermissionService.READ_CONTENT)) == AccessStatus.ALLOWED); 1552 1553 permissionService.setInheritParentPermissions(n2, true); 1554 1555 runAs("andy"); 1556 assertFalse(permissionService.hasPermission(n2, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED); 1557 assertTrue(permissionService.hasPermission(n2, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED); 1558 assertFalse(permissionService.hasPermission(n2, getPermission(PermissionService.READ_CHILDREN)) == AccessStatus.ALLOWED); 1559 assertFalse(permissionService.hasPermission(n2, getPermission(PermissionService.READ_CONTENT)) == AccessStatus.ALLOWED); 1560 runAs("lemur"); 1561 assertFalse(permissionService.hasPermission(n2, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED); 1562 assertFalse(permissionService.hasPermission(n2, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED); 1563 assertFalse(permissionService.hasPermission(n2, getPermission(PermissionService.READ_CHILDREN)) == AccessStatus.ALLOWED); 1564 assertFalse(permissionService.hasPermission(n2, getPermission(PermissionService.READ_CONTENT)) == AccessStatus.ALLOWED); 1565 } 1566 1567 public void testEffectiveComposite() 1568 { 1569 1570 runAs("andy"); 1571 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED); 1572 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED); 1573 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CHILDREN)) == AccessStatus.ALLOWED); 1574 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CONTENT)) == AccessStatus.ALLOWED); 1575 runAs("lemur"); 1576 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED); 1577 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED); 1578 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CHILDREN)) == AccessStatus.ALLOWED); 1579 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CONTENT)) == AccessStatus.ALLOWED); 1580 1581 permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, 1582 getPermission(PermissionService.READ_CHILDREN), "andy", AccessStatus.ALLOWED)); 1583 permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, 1584 getPermission(PermissionService.READ_PROPERTIES), "andy", AccessStatus.ALLOWED)); 1585 1586 runAs("andy"); 1587 assertTrue(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED); 1588 assertTrue(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED); 1589 assertTrue(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CHILDREN)) == AccessStatus.ALLOWED); 1590 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CONTENT)) == AccessStatus.ALLOWED); 1591 runAs("lemur"); 1592 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED); 1593 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED); 1594 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CHILDREN)) == AccessStatus.ALLOWED); 1595 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CONTENT)) == AccessStatus.ALLOWED); 1596 1597 } 1598 1599 public void testContentPermissions() 1600 { 1601 runAs("admin"); 1602 1603 NodeRef n1 = nodeService.createNode(rootNodeRef, ContentModel.ASSOC_CHILDREN, 1604 QName.createQName("{namespace}one"), ContentModel.TYPE_FOLDER).getChildRef(); 1605 NodeRef n2 = nodeService.createNode(n1, ContentModel.ASSOC_CONTAINS, QName.createQName("{namespace}two"), 1606 ContentModel.TYPE_CONTENT).getChildRef(); 1607 1608 runAs("andy"); 1609 assertFalse(permissionService.hasPermission(n2, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED); 1610 assertFalse(permissionService.hasPermission(n2, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED); 1611 assertFalse(permissionService.hasPermission(n2, getPermission(PermissionService.READ_CHILDREN)) == AccessStatus.ALLOWED); 1612 assertFalse(permissionService.hasPermission(n2, getPermission(PermissionService.READ_CONTENT)) == AccessStatus.ALLOWED); 1613 runAs("lemur"); 1614 assertFalse(permissionService.hasPermission(n2, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED); 1615 assertFalse(permissionService.hasPermission(n2, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED); 1616 assertFalse(permissionService.hasPermission(n2, getPermission(PermissionService.READ_CHILDREN)) == AccessStatus.ALLOWED); 1617 assertFalse(permissionService.hasPermission(n2, getPermission(PermissionService.READ_CONTENT)) == AccessStatus.ALLOWED); 1618 1619 permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, 1620 getPermission(PermissionService.READ_CHILDREN), "andy", AccessStatus.ALLOWED)); 1621 permissionService.setPermission(new SimplePermissionEntry(n1, getPermission(PermissionService.READ_CHILDREN), 1622 "andy", AccessStatus.ALLOWED)); 1623 permissionService.setPermission(new SimplePermissionEntry(n2, getPermission(PermissionService.READ_CHILDREN), 1624 "andy", AccessStatus.ALLOWED)); 1625 permissionService.setPermission(new SimplePermissionEntry(n2, getPermission(PermissionService.READ_PROPERTIES), 1626 "andy", AccessStatus.ALLOWED)); 1627 1628 runAs("andy"); 1629 assertFalse(permissionService.hasPermission(n2, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED); 1630 assertTrue(permissionService.hasPermission(n2, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED); 1631 assertTrue(permissionService.hasPermission(n2, getPermission(PermissionService.READ_CHILDREN)) == AccessStatus.ALLOWED); 1632 assertFalse(permissionService.hasPermission(n2, getPermission(PermissionService.READ_CONTENT)) == AccessStatus.ALLOWED); 1633 runAs("lemur"); 1634 assertFalse(permissionService.hasPermission(n2, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED); 1635 assertFalse(permissionService.hasPermission(n2, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED); 1636 assertFalse(permissionService.hasPermission(n2, getPermission(PermissionService.READ_CHILDREN)) == AccessStatus.ALLOWED); 1637 assertFalse(permissionService.hasPermission(n2, getPermission(PermissionService.READ_CONTENT)) == AccessStatus.ALLOWED); 1638 1639 permissionService.setPermission(new SimplePermissionEntry(n2, getPermission(PermissionService.READ_CONTENT), 1640 "andy", AccessStatus.ALLOWED)); 1641 1642 runAs("andy"); 1643 assertTrue(permissionService.hasPermission(n2, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED); 1644 assertTrue(permissionService.hasPermission(n2, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED); 1645 assertTrue(permissionService.hasPermission(n2, getPermission(PermissionService.READ_CHILDREN)) == AccessStatus.ALLOWED); 1646 assertTrue(permissionService.hasPermission(n2, getPermission(PermissionService.READ_CONTENT)) == AccessStatus.ALLOWED); 1647 runAs("lemur"); 1648 assertFalse(permissionService.hasPermission(n2, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED); 1649 assertFalse(permissionService.hasPermission(n2, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED); 1650 assertFalse(permissionService.hasPermission(n2, getPermission(PermissionService.READ_CHILDREN)) == AccessStatus.ALLOWED); 1651 assertFalse(permissionService.hasPermission(n2, getPermission(PermissionService.READ_CONTENT)) == AccessStatus.ALLOWED); 1652 1653 permissionService.deletePermission(new SimplePermissionEntry(n2, 1654 getPermission(PermissionService.READ_CHILDREN), "andy", AccessStatus.ALLOWED)); 1655 permissionService.deletePermission(new SimplePermissionEntry(n2, 1656 getPermission(PermissionService.READ_PROPERTIES), "andy", AccessStatus.ALLOWED)); 1657 permissionService.deletePermission(new SimplePermissionEntry(n2, getPermission(PermissionService.READ_CONTENT), 1658 "andy", AccessStatus.ALLOWED)); 1659 1660 runAs("andy"); 1661 assertFalse(permissionService.hasPermission(n2, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED); 1662 assertFalse(permissionService.hasPermission(n2, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED); 1663 assertTrue(permissionService.hasPermission(n2, getPermission(PermissionService.READ_CHILDREN)) == AccessStatus.ALLOWED); 1664 assertFalse(permissionService.hasPermission(n2, getPermission(PermissionService.READ_CONTENT)) == AccessStatus.ALLOWED); 1665 runAs("lemur"); 1666 assertFalse(permissionService.hasPermission(n2, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED); 1667 assertFalse(permissionService.hasPermission(n2, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED); 1668 assertFalse(permissionService.hasPermission(n2, getPermission(PermissionService.READ_CHILDREN)) == AccessStatus.ALLOWED); 1669 assertFalse(permissionService.hasPermission(n2, getPermission(PermissionService.READ_CONTENT)) == AccessStatus.ALLOWED); 1670 1671 permissionService.setPermission(new SimplePermissionEntry(n2, getPermission(PermissionService.READ), "andy", 1672 AccessStatus.ALLOWED)); 1673 1674 runAs("andy"); 1675 assertTrue(permissionService.hasPermission(n2, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED); 1676 assertTrue(permissionService.hasPermission(n2, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED); 1677 assertTrue(permissionService.hasPermission(n2, getPermission(PermissionService.READ_CHILDREN)) == AccessStatus.ALLOWED); 1678 assertTrue(permissionService.hasPermission(n2, getPermission(PermissionService.READ_CONTENT)) == AccessStatus.ALLOWED); 1679 runAs("lemur"); 1680 assertFalse(permissionService.hasPermission(n2, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED); 1681 assertFalse(permissionService.hasPermission(n2, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED); 1682 assertFalse(permissionService.hasPermission(n2, getPermission(PermissionService.READ_CHILDREN)) == AccessStatus.ALLOWED); 1683 assertFalse(permissionService.hasPermission(n2, getPermission(PermissionService.READ_CONTENT)) == AccessStatus.ALLOWED); 1684 1685 } 1686 1687 public void testAllPermissionSet() 1688 { 1689 runAs("andy"); 1690 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED); 1691 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED); 1692 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CHILDREN)) == AccessStatus.ALLOWED); 1693 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CONTENT)) == AccessStatus.ALLOWED); 1694 runAs("lemur"); 1695 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED); 1696 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED); 1697 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CHILDREN)) == AccessStatus.ALLOWED); 1698 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CONTENT)) == AccessStatus.ALLOWED); 1699 1700 permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, 1701 getPermission(PermissionService.FULL_CONTROL), "andy", AccessStatus.ALLOWED)); 1702 1703 runAs("andy"); 1704 assertTrue(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED); 1705 assertTrue(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED); 1706 assertTrue(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CHILDREN)) == AccessStatus.ALLOWED); 1707 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CONTENT)) == AccessStatus.ALLOWED); 1708 runAs("lemur"); 1709 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED); 1710 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED); 1711 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CHILDREN)) == AccessStatus.ALLOWED); 1712 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CONTENT)) == AccessStatus.ALLOWED); 1713 1714 permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, 1715 getPermission(PermissionService.FULL_CONTROL), "andy", AccessStatus.DENIED)); 1716 permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, getPermission(PermissionService.READ), 1717 "andy", AccessStatus.ALLOWED)); 1718 permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, 1719 getPermission(PermissionService.READ_CHILDREN), "andy", AccessStatus.ALLOWED)); 1720 permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, 1721 getPermission(PermissionService.READ_PROPERTIES), "andy", AccessStatus.ALLOWED)); 1722 1723 runAs("andy"); 1724 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED); 1725 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED); 1726 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CHILDREN)) == AccessStatus.ALLOWED); 1727 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CONTENT)) == AccessStatus.ALLOWED); 1728 runAs("lemur"); 1729 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED); 1730 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED); 1731 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CHILDREN)) == AccessStatus.ALLOWED); 1732 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CONTENT)) == AccessStatus.ALLOWED); 1733 1734 permissionService.deletePermission(new SimplePermissionEntry(rootNodeRef, 1735 getPermission(PermissionService.FULL_CONTROL), "andy", AccessStatus.DENIED)); 1736 1737 runAs("andy"); 1738 assertTrue(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED); 1739 assertTrue(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED); 1740 assertTrue(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CHILDREN)) == AccessStatus.ALLOWED); 1741 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CONTENT)) == AccessStatus.ALLOWED); 1742 runAs("lemur"); 1743 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED); 1744 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED); 1745 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CHILDREN)) == AccessStatus.ALLOWED); 1746 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CONTENT)) == AccessStatus.ALLOWED); 1747 1748 } 1749 1750 public void testChildrenRequirements() 1751 { 1752 if (!personService.createMissingPeople()) 1753 { 1754 assertEquals(1, nodeService.getChildAssocs(rootNodeRef).size()); 1755 } 1756 runAs("andy"); 1757 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.DELETE)) == AccessStatus.ALLOWED); 1758 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.DELETE_CHILDREN)) == AccessStatus.ALLOWED); 1759 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.DELETE_NODE)) == AccessStatus.ALLOWED); 1760 runAs("lemur"); 1761 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.DELETE)) == AccessStatus.ALLOWED); 1762 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.DELETE_CHILDREN)) == AccessStatus.ALLOWED); 1763 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.DELETE_NODE)) == AccessStatus.ALLOWED); 1764 1765 permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, getPermission(PermissionService.READ), 1766 "andy", AccessStatus.ALLOWED)); 1767 1768 permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, getPermission(PermissionService.DELETE), 1769 "andy", AccessStatus.ALLOWED)); 1770 1771 runAs("andy"); 1772 assertTrue(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.DELETE_CHILDREN)) == AccessStatus.ALLOWED); 1773 assertTrue(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.DELETE_NODE)) == AccessStatus.ALLOWED); 1774 assertTrue(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.DELETE)) == AccessStatus.ALLOWED); 1775 assertTrue(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CHILDREN)) == AccessStatus.ALLOWED); 1776 runAs("lemur"); 1777 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.DELETE)) == AccessStatus.ALLOWED); 1778 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.DELETE_CHILDREN)) == AccessStatus.ALLOWED); 1779 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.DELETE_NODE)) == AccessStatus.ALLOWED); 1780 1781 runAs("andy"); 1782 assertTrue(permissionService.hasPermission(systemNodeRef, getPermission(PermissionService.DELETE_CHILDREN)) == AccessStatus.ALLOWED); 1783 assertTrue(permissionService.hasPermission(systemNodeRef, getPermission(PermissionService.DELETE_NODE)) == AccessStatus.ALLOWED); 1784 assertTrue(permissionService.hasPermission(systemNodeRef, getPermission(PermissionService.DELETE)) == AccessStatus.ALLOWED); 1785 runAs("lemur"); 1786 assertFalse(permissionService.hasPermission(systemNodeRef, getPermission(PermissionService.DELETE)) == AccessStatus.ALLOWED); 1787 assertFalse(permissionService.hasPermission(systemNodeRef, getPermission(PermissionService.DELETE_CHILDREN)) == AccessStatus.ALLOWED); 1788 assertFalse(permissionService.hasPermission(systemNodeRef, getPermission(PermissionService.DELETE_NODE)) == AccessStatus.ALLOWED); 1789 1790 permissionService.setPermission(new SimplePermissionEntry(systemNodeRef, 1791 getPermission(PermissionService.DELETE), "andy", AccessStatus.DENIED)); 1792 1793 runAs("andy"); 1794 assertTrue(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.DELETE_CHILDREN)) == AccessStatus.ALLOWED); 1795 assertTrue(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.DELETE_NODE)) == AccessStatus.ALLOWED); 1797 assertTrue(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.DELETE)) == AccessStatus.ALLOWED); 1798 assertTrue(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CHILDREN)) == AccessStatus.ALLOWED); 1799 runAs("lemur"); 1800 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.DELETE)) == AccessStatus.ALLOWED); 1801 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.DELETE_CHILDREN)) == AccessStatus.ALLOWED); 1802 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.DELETE_NODE)) == AccessStatus.ALLOWED); 1803 1804 } 1805 1806 public void testClearPermission() 1807 { 1808 assertEquals(0, permissionService.getAllSetPermissions(rootNodeRef).size()); 1809 permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, getPermission(PermissionService.READ), 1810 "andy", AccessStatus.ALLOWED)); 1811 permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, 1812 getPermission(PermissionService.READ_CHILDREN), "andy", AccessStatus.ALLOWED)); 1813 assertEquals(2, permissionService.getAllSetPermissions(rootNodeRef).size()); 1814 permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, getPermission(PermissionService.READ), 1815 "lemur", AccessStatus.ALLOWED)); 1816 permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, 1817 getPermission(PermissionService.READ_CHILDREN), "lemur", AccessStatus.ALLOWED)); 1818 assertEquals(4, permissionService.getAllSetPermissions(rootNodeRef).size()); 1819 1820 permissionService.clearPermission(rootNodeRef, "andy"); 1821 assertEquals(2, permissionService.getAllSetPermissions(rootNodeRef).size()); 1822 permissionService.clearPermission(rootNodeRef, "lemur"); 1823 assertEquals(0, permissionService.getAllSetPermissions(rootNodeRef).size()); 1824 1825 } 1826 1827 public void testGroupPermission() 1828 { 1829 runAs("andy"); 1830 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED); 1831 permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, getPermission(PermissionService.READ), 1832 "GROUP_test", AccessStatus.ALLOWED)); 1833 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED); 1834 authorityService.createAuthority(AuthorityType.GROUP, null, "test"); 1835 authorityService.addAuthority("GROUP_test", "andy"); 1836 assertTrue(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED); 1837 authorityService.removeAuthority("GROUP_test", "andy"); 1838 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED); 1839 permissionService.clearPermission(rootNodeRef, "andy"); 1840 } 1841 1842 public void testDeletePermissionByRecipient() 1843 { 1844 runAs("andy"); 1845 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED); 1846 permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, getPermission(PermissionService.READ), 1847 "GROUP_test", AccessStatus.ALLOWED)); 1848 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED); 1849 authorityService.createAuthority(AuthorityType.GROUP, null, "test"); 1850 authorityService.addAuthority("GROUP_test", "andy"); 1851 assertTrue(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED); 1852 permissionService.deletePermissions("GROUP_test"); 1853 assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED); 1854 } 1855 1856 1858 1859} 1860 | Popular Tags |