Menu
▾
▴
[Openutils-svn] SF.net SVN: openutils:[3928] magnoliamodules/trunk/openutils-mgnlcriteria/ src/test/java/net/sourceforge/openutils/mgnlcriteria/jcr/query/lucene/ AclSearchIndexTest.java
Revision: 3928
http://openutils.svn.sourceforge.net/openutils/?rev=3928&view=rev
Author: diego_schivo
Date: 2012-04-06 15:16:10 +0000 (Fri, 06 Apr 2012)
Log Message:
-----------
AclSearchIndexTest
Modified Paths:
--------------
magnoliamodules/trunk/openutils-mgnlcriteria/src/test/java/net/sourceforge/openutils/mgnlcriteria/jcr/query/lucene/AclSearchIndexTest.java
Modified: magnoliamodules/trunk/openutils-mgnlcriteria/src/test/java/net/sourceforge/openutils/mgnlcriteria/jcr/query/lucene/AclSearchIndexTest.java
===================================================================
--- magnoliamodules/trunk/openutils-mgnlcriteria/src/test/java/net/sourceforge/openutils/mgnlcriteria/jcr/query/lucene/AclSearchIndexTest.java 2012-04-06 14:28:43 UTC (rev 3927)
+++ magnoliamodules/trunk/openutils-mgnlcriteria/src/test/java/net/sourceforge/openutils/mgnlcriteria/jcr/query/lucene/AclSearchIndexTest.java 2012-04-06 15:16:10 UTC (rev 3928)
@@ -21,26 +21,35 @@
import info.magnolia.cms.core.HierarchyManager;
import info.magnolia.cms.security.AccessManager;
-import info.magnolia.cms.security.AccessManagerImpl;
+import info.magnolia.cms.security.MgnlRoleManager;
import info.magnolia.cms.security.Permission;
import info.magnolia.cms.security.PermissionImpl;
+import info.magnolia.cms.security.Realm;
+import info.magnolia.cms.security.SecuritySupport;
+import info.magnolia.cms.security.SecuritySupportImpl;
+import info.magnolia.cms.security.SystemUserManager;
import info.magnolia.cms.util.SimpleUrlPattern;
-import info.magnolia.context.AbstractRepositoryStrategy;
+import info.magnolia.context.Context;
+import info.magnolia.context.ContextDecorator;
import info.magnolia.context.DefaultRepositoryStrategy;
import info.magnolia.context.MgnlContext;
+import info.magnolia.jcr.util.NodeUtil;
+import info.magnolia.jcr.util.PropertyUtil;
import info.magnolia.objectfactory.Components;
import info.magnolia.repository.RepositoryConstants;
import info.magnolia.repository.RepositoryManager;
+import info.magnolia.test.ComponentsTestUtil;
import info.magnolia.test.mock.MockWebContext;
import it.openutils.mgnlutils.test.RepositoryTestConfiguration;
import it.openutils.mgnlutils.test.TestNgRepositoryTestcase;
-import java.lang.reflect.Field;
import java.util.ArrayList;
import java.util.Calendar;
import java.util.List;
-import java.util.Map;
+import javax.jcr.Node;
+import javax.jcr.Session;
+
import net.sourceforge.openutils.mgnlcriteria.jcr.query.AdvancedResult;
import net.sourceforge.openutils.mgnlcriteria.jcr.query.AdvancedResultItem;
import net.sourceforge.openutils.mgnlcriteria.jcr.query.Criteria;
@@ -49,6 +58,7 @@
import net.sourceforge.openutils.mgnlcriteria.jcr.query.criterion.Order;
import net.sourceforge.openutils.mgnlcriteria.jcr.query.criterion.Restrictions;
+import org.apache.commons.lang.StringUtils;
import org.testng.Assert;
import org.testng.annotations.BeforeClass;
import org.testng.annotations.Test;
@@ -58,7 +68,10 @@
* Tests that this custom search index modifies the lucene query according to ACL rules.
* @author dschivo
*/
-@RepositoryTestConfiguration(jackrabbitRepositoryConfig = "/crit-repository/jackrabbit-acl-search-index-test-configuration.xml", repositoryConfig = "/crit-repository/test-repositories.xml", bootstrapFiles = "/crit-bootstrap/website.pets.xml")
+@RepositoryTestConfiguration(jackrabbitRepositoryConfig = "/crit-repository/jackrabbit-acl-search-index-test-configuration.xml", repositoryConfig = "/crit-repository/test-repositories.xml", bootstrapFiles = {
+ "/crit-bootstrap/website.pets.xml",
+ "/crit-bootstrap/userroles.anonymous.xml",
+ "/crit-bootstrap/users.system.anonymous.xml" })
public class AclSearchIndexTest extends TestNgRepositoryTestcase
{
@@ -95,152 +108,205 @@
HierarchyManager hm = MgnlContext.getHierarchyManager(RepositoryConstants.WEBSITE);
hm.save();
+
+ // info.magnolia.cms.security.SecurityTest.setUp()
+ final SecuritySupportImpl sec = new SecuritySupportImpl();
+ sec.addUserManager(Realm.REALM_SYSTEM.getName(), new SystemUserManager());
+ sec.setRoleManager(new MgnlRoleManager());
+ ComponentsTestUtil.setInstance(SecuritySupport.class, sec);
}
/**
- * {@inheritDoc}
+ * Tests that the execution of a query on all pets returns dogs only, because of an ACL rule.
+ * @throws Exception
*/
- @SuppressWarnings("unchecked")
- @Override
- protected void modifyContextesToUseRealRepository()
+ @Test
+ public void testDogsOnly() throws Exception
{
- super.modifyContextesToUseRealRepository();
+ final AccessManager wrappedAM = MgnlContext.getAccessManager(RepositoryConstants.WEBSITE);
+ final AccessManager wrapperAM = new AccessManager()
+ {
- MockWebContext mwc = (MockWebContext) MgnlContext.getInstance();
- RepositoryManager repositoryManager = Components.getComponent(RepositoryManager.class);
- DefaultRepositoryStrategy drs = new DefaultRepositoryStrategy(repositoryManager, mwc);
- try
+ public boolean isGranted(String path, long permissions)
+ {
+ // ACL rule: deny permission on pets subtree
+ if (StringUtils.startsWith(path, "/pets/"))
+ {
+ // ACL rule: read permission on dogs subtree
+ return StringUtils.startsWith(path, "/pets/dogs/");
+ }
+ return wrappedAM.isGranted(path, permissions);
+ }
+
+ public void setPermissionList(List<Permission> permissions)
+ {
+ wrappedAM.setPermissionList(permissions);
+ }
+
+ public List<Permission> getPermissionList()
+ {
+ return wrappedAM.getPermissionList();
+ }
+
+ public long getPermissions(String path)
+ {
+ return wrappedAM.getPermissions(path);
+ }
+ };
+ MgnlContext.setInstance(new ContextDecorator(MgnlContext.getInstance())
{
- Field hmsField = AbstractRepositoryStrategy.class.getDeclaredField("hierarchyManagers");
- hmsField.setAccessible(true);
- Map hms = (Map) hmsField.get(drs);
- hms.put("website_website", MgnlContext.getHierarchyManager(RepositoryConstants.WEBSITE));
- }
- catch (Exception e)
- {
- throw new RuntimeException(e);
- }
- AccessManager am = new AccessManagerImpl();
+ /**
+ * {@inheritDoc}
+ */
+ @Override
+ public AccessManager getAccessManager(String name)
+ {
+ if (RepositoryConstants.WEBSITE.equals(name))
+ {
+ return wrapperAM;
+ }
+ return super.getAccessManager(name);
+ }
+ });
try
{
- Field amsField = DefaultRepositoryStrategy.class.getDeclaredField("accessManagers");
- amsField.setAccessible(true);
- Map ams = (Map) amsField.get(drs);
- ams.put("website_website", am);
+ Calendar begin = Calendar.getInstance();
+ begin.set(1999, Calendar.JANUARY, 1);
+ Calendar end = Calendar.getInstance();
+ end.set(2001, Calendar.DECEMBER, 31);
+
+ Criteria criteria = JCRCriteriaFactory
+ .createCriteria()
+ .setWorkspace(RepositoryConstants.WEBSITE)
+ .setBasePath("/pets")
+ .add(Restrictions.between("@birthDate", begin, end))
+ .addOrder(Order.asc("@birthDate"));
+
+ // Query results:
+ // --- 9 (title=Lucky, petType=bird, birthDate=1999-08-06)
+ // --- 6 (title=George, petType=snake, birthDate=2000-01-20)
+ // --- 4 (title=Jewel, petType=dog, birthDate=2000-03-07)
+ // --- 11 (title=Freddy, petType=bird, birthDate=2000-03-09)
+ // --- 12 (title=Lucky, petType=dog, birthDate=2000-06-24)
+ // --- 1 (title=Leo, petType=cat, birthDate=2000-09-07)
+ // --- 5 (title=Iggy, petType=lizard, birthDate=2000-11-30)
+ // --- 3 (title=Rosy, petType=dog, birthDate=2001-04-17)
+ AdvancedResult result = criteria.execute();
+
+ // Accessible results (dogs only):
+ // --- 4 (title=Jewel, petType=dog, birthDate=2000-03-07)
+ // --- 12 (title=Lucky, petType=dog, birthDate=2000-06-24)
+ // --- 3 (title=Rosy, petType=dog, birthDate=2001-04-17)
+ ResultIterator<AdvancedResultItem> iterator = result.getItems();
+
+ Assert.assertTrue(iterator.hasNext());
+ Assert.assertEquals(iterator.next().getName(), "4");
+ Assert.assertTrue(iterator.hasNext());
+ Assert.assertEquals(iterator.next().getName(), "12");
+ Assert.assertTrue(iterator.hasNext());
+ Assert.assertEquals(iterator.next().getName(), "3");
+ Assert.assertFalse(iterator.hasNext());
}
- catch (Exception e)
+ finally
{
- throw new RuntimeException(e);
+ MgnlContext.setInstance(((ContextDecorator) MgnlContext.getInstance()).getWrappedContext());
}
- mwc.setRepositoryStrategy(drs);
}
/**
- * Tests that the execution of a query on all pets returns dogs only, because of an ACL rule.
+ * Tests that the execution of a query on all pets does not return any dog, because of an ACL rule.
* @throws Exception
*/
@Test
- public void testDogsOnly() throws Exception
+ public void testDogsExcluded() throws Exception
{
- List<Permission> pList = new ArrayList<Permission>();
- // ACL rule: deny permission on pets subtree
- Permission p;
- p = new PermissionImpl();
- p.setPattern(new SimpleUrlPattern("/pets/*"));
- p.setPermissions(Permission.NONE);
- pList.add(p);
- // ACL rule: read permission on dogs subtree
- p = new PermissionImpl();
- p.setPattern(new SimpleUrlPattern("/pets/dogs/*"));
- p.setPermissions(Permission.READ);
- pList.add(p);
- MgnlContext.getAccessManager(RepositoryConstants.WEBSITE).setPermissionList(pList);
+ final AccessManager wrappedAM = MgnlContext.getAccessManager(RepositoryConstants.WEBSITE);
+ final AccessManager wrapperAM = new AccessManager()
+ {
- Calendar begin = Calendar.getInstance();
- begin.set(1999, Calendar.JANUARY, 1);
- Calendar end = Calendar.getInstance();
- end.set(2001, Calendar.DECEMBER, 31);
+ public boolean isGranted(String path, long permissions)
+ {
+ // ACL rule: read permission on pets subtree
+ if (StringUtils.startsWith(path, "/pets/"))
+ {
+ // ACL rule: deny permission on dogs subtree
+ return !StringUtils.startsWith(path, "/pets/dogs/");
+ }
+ return wrappedAM.isGranted(path, permissions);
+ }
- Criteria criteria = JCRCriteriaFactory.createCriteria().setWorkspace(RepositoryConstants.WEBSITE).setBasePath(
- "/pets").add(Restrictions.between("@birthDate", begin, end)).addOrder(Order.asc("@birthDate"));
+ public void setPermissionList(List<Permission> permissions)
+ {
+ wrappedAM.setPermissionList(permissions);
+ }
- // Query results:
- // --- 9 (title=Lucky, petType=bird, birthDate=1999-08-06)
- // --- 6 (title=George, petType=snake, birthDate=2000-01-20)
- // --- 4 (title=Jewel, petType=dog, birthDate=2000-03-07)
- // --- 11 (title=Freddy, petType=bird, birthDate=2000-03-09)
- // --- 12 (title=Lucky, petType=dog, birthDate=2000-06-24)
- // --- 1 (title=Leo, petType=cat, birthDate=2000-09-07)
- // --- 5 (title=Iggy, petType=lizard, birthDate=2000-11-30)
- // --- 3 (title=Rosy, petType=dog, birthDate=2001-04-17)
- AdvancedResult result = criteria.execute();
+ public List<Permission> getPermissionList()
+ {
+ return wrappedAM.getPermissionList();
+ }
- // Accessible results (dogs only):
- // --- 4 (title=Jewel, petType=dog, birthDate=2000-03-07)
- // --- 12 (title=Lucky, petType=dog, birthDate=2000-06-24)
- // --- 3 (title=Rosy, petType=dog, birthDate=2001-04-17)
- ResultIterator<AdvancedResultItem> iterator = result.getItems();
+ public long getPermissions(String path)
+ {
+ return wrappedAM.getPermissions(path);
+ }
+ };
+ MgnlContext.setInstance(new ContextDecorator(MgnlContext.getInstance())
+ {
- Assert.assertTrue(iterator.hasNext());
- Assert.assertEquals(iterator.next().getName(), "4");
- Assert.assertTrue(iterator.hasNext());
- Assert.assertEquals(iterator.next().getName(), "12");
- Assert.assertTrue(iterator.hasNext());
- Assert.assertEquals(iterator.next().getName(), "3");
- Assert.assertFalse(iterator.hasNext());
- }
+ /**
+ * {@inheritDoc}
+ */
+ @Override
+ public AccessManager getAccessManager(String name)
+ {
+ if (RepositoryConstants.WEBSITE.equals(name))
+ {
+ return wrapperAM;
+ }
+ return super.getAccessManager(name);
+ }
+ });
+ try
+ {
+ Calendar begin = Calendar.getInstance();
+ begin.set(1999, Calendar.JANUARY, 1);
+ Calendar end = Calendar.getInstance();
+ end.set(2001, Calendar.DECEMBER, 31);
- /**
- * Tests that the execution of a query on all pets does not return any dog, because of an ACL rule.
- * @throws Exception
- */
- @Test
- public void testDogsExcluded() throws Exception
- {
- List<Permission> pList = new ArrayList<Permission>();
- Permission p;
- // ACL rule: read permission on pets subtree
- p = new PermissionImpl();
- p.setPattern(new SimpleUrlPattern("/pets/*"));
- p.setPermissions(Permission.READ);
- pList.add(p);
- // ACL rule: deny permission on dogs subtree
- p = new PermissionImpl();
- p.setPattern(new SimpleUrlPattern("/pets/dogs/*"));
- p.setPermissions(Permission.NONE);
- pList.add(p);
- MgnlContext.getAccessManager(RepositoryConstants.WEBSITE).setPermissionList(pList);
+ Criteria criteria = JCRCriteriaFactory
+ .createCriteria()
+ .setWorkspace(RepositoryConstants.WEBSITE)
+ .setBasePath("/pets")
+ .add(Restrictions.between("@birthDate", begin, end))
+ .addOrder(Order.asc("@birthDate"));
- Calendar begin = Calendar.getInstance();
- begin.set(1999, Calendar.JANUARY, 1);
- Calendar end = Calendar.getInstance();
- end.set(2001, Calendar.DECEMBER, 31);
+ AdvancedResult result = criteria.execute();
- Criteria criteria = JCRCriteriaFactory.createCriteria().setWorkspace(RepositoryConstants.WEBSITE).setBasePath(
- "/pets").add(Restrictions.between("@birthDate", begin, end)).addOrder(Order.asc("@birthDate"));
+ // Accessible results (dogs excluded):
+ // --- 9 (title=Lucky, petType=bird, birthDate=1999-08-06)
+ // --- 6 (title=George, petType=snake, birthDate=2000-01-20)
+ // --- 11 (title=Freddy, petType=bird, birthDate=2000-03-09)
+ // --- 1 (title=Leo, petType=cat, birthDate=2000-09-07)
+ // --- 5 (title=Iggy, petType=lizard, birthDate=2000-11-30)
+ ResultIterator<AdvancedResultItem> iterator = result.getItems();
- AdvancedResult result = criteria.execute();
-
- // Accessible results (dogs excluded):
- // --- 9 (title=Lucky, petType=bird, birthDate=1999-08-06)
- // --- 6 (title=George, petType=snake, birthDate=2000-01-20)
- // --- 11 (title=Freddy, petType=bird, birthDate=2000-03-09)
- // --- 1 (title=Leo, petType=cat, birthDate=2000-09-07)
- // --- 5 (title=Iggy, petType=lizard, birthDate=2000-11-30)
- ResultIterator<AdvancedResultItem> iterator = result.getItems();
-
- Assert.assertTrue(iterator.hasNext());
- Assert.assertEquals(iterator.next().getName(), "9");
- Assert.assertTrue(iterator.hasNext());
- Assert.assertEquals(iterator.next().getName(), "6");
- Assert.assertTrue(iterator.hasNext());
- Assert.assertEquals(iterator.next().getName(), "11");
- Assert.assertTrue(iterator.hasNext());
- Assert.assertEquals(iterator.next().getName(), "1");
- Assert.assertTrue(iterator.hasNext());
- Assert.assertEquals(iterator.next().getName(), "5");
- Assert.assertFalse(iterator.hasNext());
+ Assert.assertTrue(iterator.hasNext());
+ Assert.assertEquals(iterator.next().getName(), "9");
+ Assert.assertTrue(iterator.hasNext());
+ Assert.assertEquals(iterator.next().getName(), "6");
+ Assert.assertTrue(iterator.hasNext());
+ Assert.assertEquals(iterator.next().getName(), "11");
+ Assert.assertTrue(iterator.hasNext());
+ Assert.assertEquals(iterator.next().getName(), "1");
+ Assert.assertTrue(iterator.hasNext());
+ Assert.assertEquals(iterator.next().getName(), "5");
+ Assert.assertFalse(iterator.hasNext());
+ }
+ finally
+ {
+ MgnlContext.setInstance(((ContextDecorator) MgnlContext.getInstance()).getWrappedContext());
+ }
}
}
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
