11:17 a.m.
Author: sohil.shah(a)jboss.com
Date: 2010-08-19 12:17:17 -0400 (Thu, 19 Aug 2010)
New Revision: 3875
Modified:
portal/branches/portalsecurity/portal/src/main/java/org/exoplatform/portal/config/security/plugin/ExoPolicyProvisioner.java
portal/branches/portalsecurity/portal/src/test/java/org/exoplatform/portal/config/security/AbstractTestUserACL.java
portal/branches/portalsecurity/portal/src/test/java/org/exoplatform/portal/config/security/nav/TestGroupNavACL.java
portal/branches/portalsecurity/portal/src/test/java/org/exoplatform/portal/config/security/nav/TestPortalNavACL.java
portal/branches/portalsecurity/portal/src/test/java/org/exoplatform/portal/config/security/nav/TestUserNavACL.java
portal/branches/portalsecurity/portal/src/test/java/org/exoplatform/portal/config/security/page/TestUserPageACL.java
portal/branches/portalsecurity/portal/src/test/java/org/exoplatform/portal/config/security/plugin/BaseSharedPageACL.java
Log:
testsuite success for rule based UserACL
Modified:
portal/branches/portalsecurity/portal/src/main/java/org/exoplatform/portal/config/security/plugin/ExoPolicyProvisioner.java
===================================================================
---
portal/branches/portalsecurity/portal/src/main/java/org/exoplatform/portal/config/security/plugin/ExoPolicyProvisioner.java 2010-08-19
14:57:41 UTC (rev 3874)
+++
portal/branches/portalsecurity/portal/src/main/java/org/exoplatform/portal/config/security/plugin/ExoPolicyProvisioner.java 2010-08-19
16:17:17 UTC (rev 3875)
@@ -257,10 +257,63 @@
}
}
else
- {
+ {
+ //SuperUser Access
+ org.jboss.security.authz.components.subject.Identity superuser = new
org.jboss.security.authz.components.subject.Identity();
+ superuser.setName(this.superuser);
+ context.addPolicyRule(Effect.PERMIT, new Read(), superuser);
+
+ //Sets up access for the owner of the page
Identity identity = new Identity();
identity.setName(page.getOwnerId());
context.addPolicyRule(Effect.PERMIT, identity, identity);
+
+ //Sets up ReadAccess based on specified group access
+ if (page.getAccessPermissions() != null
+ && page.getAccessPermissions().length > 0)
+ {
+ ExoRoles readRoles = new ExoRoles();
+ String[] accessPermissions = page.getAccessPermissions();
+ for (String accessPermission : accessPermissions)
+ {
+ if(!this.isGuestGroup(accessPermission))
+ {
+ readRoles.addName(accessPermission);
+ }
+ else
+ {
+ //GuestGroup
+ readRoles.addName("*:"+this.guestGroup);
+ }
+ }
+ if(!readRoles.isEmpty())
+ {
+ context.addPolicyRule(Effect.PERMIT, new Read(), readRoles,
+ "allowExpression");
+ }
+ }
+
+ // Write Access
+ /*String editPermission = page.getEditPermission();
+ if (editPermission != null && editPermission.trim().length() >
0)
+ {
+ ExoRoles writeRoles = new ExoRoles();
+
+ if(!this.isGuestGroup(editPermission))
+ {
+ writeRoles.addName(editPermission);
+ }
+ else
+ {
+ //Guest
+ writeRoles.addName("*:"+this.guestGroup);
+ }
+ if(!writeRoles.isEmpty())
+ {
+ context.addPolicyRule(Effect.PERMIT, new Write(), writeRoles,
+ "allowExpression");
+ }
+ }*/
}
this.policyProvisioner.deploy(context);
Modified:
portal/branches/portalsecurity/portal/src/test/java/org/exoplatform/portal/config/security/AbstractTestUserACL.java
===================================================================
---
portal/branches/portalsecurity/portal/src/test/java/org/exoplatform/portal/config/security/AbstractTestUserACL.java 2010-08-19
14:57:41 UTC (rev 3874)
+++
portal/branches/portalsecurity/portal/src/test/java/org/exoplatform/portal/config/security/AbstractTestUserACL.java 2010-08-19
16:17:17 UTC (rev 3875)
@@ -97,6 +97,17 @@
//Debug
exoPolicyProvisioner.debug();
}
+
+ protected void provisionPageNavPolicy(PageNavigation pageNav) throws Exception
+ {
+ ExoPolicyProvisioner exoPolicyProvisioner =
this.securityPlugin.getExoPolicyProvisioner();
+
+ //Provision the Policy for this Resource
+ exoPolicyProvisioner.provision(pageNav);
+
+ //Debug
+ exoPolicyProvisioner.debug();
+ }
public class User
{
Modified:
portal/branches/portalsecurity/portal/src/test/java/org/exoplatform/portal/config/security/nav/TestGroupNavACL.java
===================================================================
---
portal/branches/portalsecurity/portal/src/test/java/org/exoplatform/portal/config/security/nav/TestGroupNavACL.java 2010-08-19
14:57:41 UTC (rev 3874)
+++
portal/branches/portalsecurity/portal/src/test/java/org/exoplatform/portal/config/security/nav/TestGroupNavACL.java 2010-08-19
16:17:17 UTC (rev 3875)
@@ -29,11 +29,12 @@
public class TestGroupNavACL extends AbstractTestUserACL
{
- public void testNavEditByManager()
+ public void testNavEditByManager() throws Exception
{
PageNavigation nav = new PageNavigation();
nav.setOwnerType("group");
nav.setOwnerId("manageable");
+ this.provisionPageNavPolicy(nav);
//
assertTrue(root.hasEditPermission(nav));
@@ -44,6 +45,7 @@
//
nav.setOwnerId("foo");
+ this.provisionPageNavPolicy(nav);
//
assertTrue(root.hasEditPermission(nav));
Modified:
portal/branches/portalsecurity/portal/src/test/java/org/exoplatform/portal/config/security/nav/TestPortalNavACL.java
===================================================================
---
portal/branches/portalsecurity/portal/src/test/java/org/exoplatform/portal/config/security/nav/TestPortalNavACL.java 2010-08-19
14:57:41 UTC (rev 3874)
+++
portal/branches/portalsecurity/portal/src/test/java/org/exoplatform/portal/config/security/nav/TestPortalNavACL.java 2010-08-19
16:17:17 UTC (rev 3875)
@@ -29,11 +29,12 @@
public class TestPortalNavACL extends AbstractTestUserACL
{
- public void testNavEditByRoot()
+ public void testNavEditByRoot() throws Exception
{
PageNavigation nav = new PageNavigation();
nav.setOwnerType("portal");
nav.setOwnerId("foo");
+ this.provisionPageNavPolicy(nav);
//
assertTrue(root.hasEditPermission(nav));
Modified:
portal/branches/portalsecurity/portal/src/test/java/org/exoplatform/portal/config/security/nav/TestUserNavACL.java
===================================================================
---
portal/branches/portalsecurity/portal/src/test/java/org/exoplatform/portal/config/security/nav/TestUserNavACL.java 2010-08-19
14:57:41 UTC (rev 3874)
+++
portal/branches/portalsecurity/portal/src/test/java/org/exoplatform/portal/config/security/nav/TestUserNavACL.java 2010-08-19
16:17:17 UTC (rev 3875)
@@ -29,12 +29,13 @@
public class TestUserNavACL extends AbstractTestUserACL
{
- public void testNav()
+ public void testNav() throws Exception
{
PageNavigation nav = new PageNavigation();
nav.setOwnerType("user");
nav.setOwnerId("user");
+ this.provisionPageNavPolicy(nav);
assertTrue(root.hasEditPermission(nav));
assertFalse(administrator.hasEditPermission(nav));
Modified:
portal/branches/portalsecurity/portal/src/test/java/org/exoplatform/portal/config/security/page/TestUserPageACL.java
===================================================================
---
portal/branches/portalsecurity/portal/src/test/java/org/exoplatform/portal/config/security/page/TestUserPageACL.java 2010-08-19
14:57:41 UTC (rev 3874)
+++
portal/branches/portalsecurity/portal/src/test/java/org/exoplatform/portal/config/security/page/TestUserPageACL.java 2010-08-19
16:17:17 UTC (rev 3875)
@@ -20,6 +20,7 @@
package org.exoplatform.portal.config.security.page;
import org.exoplatform.portal.config.model.Page;
+import org.exoplatform.portal.config.model.PortalConfig;
import org.exoplatform.portal.config.security.AbstractTestUserACL;
/**
@@ -31,7 +32,7 @@
public void testUserPageIsAlwaysUsableOnlyByItsOwner() throws Exception
{
Page page = new Page();
- page.setOwnerType("user");
+ page.setOwnerType(PortalConfig.USER_TYPE);
page.setOwnerId("user");
page.setAccessPermissions(new String[0]);
this.provisionPagePolicy(page);
@@ -41,6 +42,7 @@
assertFalse(manager.hasPermission(page));
assertTrue(user.hasPermission(page));
assertFalse(guest.hasPermission(page));
+
assertFalse(root.hasEditPermission(page));
assertFalse(administrator.hasEditPermission(page));
assertFalse(manager.hasEditPermission(page));
@@ -49,7 +51,7 @@
//
page = new Page();
- page.setOwnerType("user");
+ page.setOwnerType(PortalConfig.USER_TYPE);
page.setOwnerId("user");
page.setAccessPermissions(new String[]{"manager:/manageable"});
this.provisionPagePolicy(page);
@@ -59,6 +61,7 @@
assertTrue(manager.hasPermission(page));
assertTrue(user.hasPermission(page));
assertFalse(guest.hasPermission(page));
+
assertFalse(root.hasEditPermission(page));
assertFalse(administrator.hasEditPermission(page));
assertFalse(manager.hasEditPermission(page));
@@ -67,7 +70,7 @@
//
page = new Page();
- page.setOwnerType("user");
+ page.setOwnerType(PortalConfig.USER_TYPE);
page.setOwnerId("user");
page.setEditPermission("manager:/manageable");
this.provisionPagePolicy(page);
@@ -75,9 +78,9 @@
assertTrue(root.hasPermission(page));
assertFalse(administrator.hasPermission(page));
assertFalse(manager.hasPermission(page));
- assertFalse(manager.hasPermission(page));
assertTrue(user.hasPermission(page));
assertFalse(guest.hasPermission(page));
+
assertFalse(root.hasEditPermission(page));
assertFalse(administrator.hasEditPermission(page));
assertFalse(manager.hasEditPermission(page));
@@ -86,7 +89,7 @@
//
page = new Page();
- page.setOwnerType("user");
+ page.setOwnerType(PortalConfig.USER_TYPE);
page.setOwnerId("user");
page.setAccessPermissions(new String[]{"Everyone"});
this.provisionPagePolicy(page);
@@ -96,6 +99,7 @@
assertTrue(manager.hasPermission(page));
assertTrue(user.hasPermission(page));
assertTrue(guest.hasPermission(page));
+
assertFalse(root.hasEditPermission(page));
assertFalse(administrator.hasEditPermission(page));
assertFalse(manager.hasEditPermission(page));
@@ -104,7 +108,7 @@
//
page = new Page();
- page.setOwnerType("user");
+ page.setOwnerType(PortalConfig.USER_TYPE);
page.setOwnerId("user");
page.setAccessPermissions(new String[0]);
page.setEditPermission("Everyone");
@@ -115,6 +119,7 @@
assertFalse(manager.hasPermission(page));
assertTrue(user.hasPermission(page));
assertFalse(guest.hasPermission(page));
+
assertFalse(root.hasEditPermission(page));
assertFalse(administrator.hasEditPermission(page));
assertFalse(manager.hasEditPermission(page));
Modified:
portal/branches/portalsecurity/portal/src/test/java/org/exoplatform/portal/config/security/plugin/BaseSharedPageACL.java
===================================================================
---
portal/branches/portalsecurity/portal/src/test/java/org/exoplatform/portal/config/security/plugin/BaseSharedPageACL.java 2010-08-19
14:57:41 UTC (rev 3874)
+++
portal/branches/portalsecurity/portal/src/test/java/org/exoplatform/portal/config/security/plugin/BaseSharedPageACL.java 2010-08-19
16:17:17 UTC (rev 3875)
@@ -55,7 +55,7 @@
this.checkWriteAccess(this.guest, page, false);
- this.checkReadAccess(this.root, page, false);
+ this.checkReadAccess(this.root, page, true);
this.checkReadAccess(this.administrator, page, false);
this.checkReadAccess(this.manager, page, false);
this.checkReadAccess(this.user, page, true);
@@ -103,11 +103,11 @@
this.checkWriteAccess(this.guest, page, false);
- this.checkReadAccess(this.root, page, false);
- this.checkReadAccess(this.administrator, page, false);
- this.checkReadAccess(this.manager, page, false);
+ this.checkReadAccess(this.root, page, true);
+ this.checkReadAccess(this.administrator, page, true);
+ this.checkReadAccess(this.manager, page, true);
this.checkReadAccess(this.user, page, true);
- this.checkReadAccess(this.guest, page, false);
+ this.checkReadAccess(this.guest, page, true);
}
}
@@ -152,7 +152,7 @@
this.checkWriteAccess(this.guest, page, false);
- this.checkReadAccess(this.root, page, false);
+ this.checkReadAccess(this.root, page, true);
this.checkReadAccess(this.administrator, page, false);
this.checkReadAccess(this.manager, page, false);
this.checkReadAccess(this.user, page, true);
@@ -168,7 +168,7 @@
page.setName("index");
page.setOwnerType(this.getOwnerType());
page.setOwnerId("user");
- page.setAccessPermissions(new String[]{exoPolicyProvisioner.getGuestGroup()});
+ page.setAccessPermissions(new String[]{exoPolicyProvisioner.getGuestGroup()});
//Provision the Policy for this Resource
exoPolicyProvisioner.provision(page);
@@ -200,11 +200,11 @@
this.checkWriteAccess(this.guest, page, false);
- this.checkReadAccess(this.root, page, false);
+ this.checkReadAccess(this.root, page, true);
this.checkReadAccess(this.administrator, page, false);
this.checkReadAccess(this.manager, page, false);
this.checkReadAccess(this.user, page, true);
- this.checkReadAccess(this.guest, page, false);
+ this.checkReadAccess(this.guest, page, true);
}
}
@@ -249,7 +249,7 @@
this.checkWriteAccess(this.guest, page, false);
- this.checkReadAccess(this.root, page, false);
+ this.checkReadAccess(this.root, page, true);
this.checkReadAccess(this.administrator, page, false);
this.checkReadAccess(this.manager, page, false);
this.checkReadAccess(this.user, page, true);
@@ -297,11 +297,11 @@
this.checkWriteAccess(this.guest, page, false);
- this.checkReadAccess(this.root, page, false);
- this.checkReadAccess(this.administrator, page, false);
- this.checkReadAccess(this.manager, page, false);
+ this.checkReadAccess(this.root, page, true);
+ this.checkReadAccess(this.administrator, page, true);
+ this.checkReadAccess(this.manager, page, true);
this.checkReadAccess(this.user, page, true);
- this.checkReadAccess(this.guest, page, false);
+ this.checkReadAccess(this.guest, page, true);
}
}
@@ -345,11 +345,11 @@
this.checkWriteAccess(this.guest, page, false);
- this.checkReadAccess(this.root, page, false);
+ this.checkReadAccess(this.root, page, true);
this.checkReadAccess(this.administrator, page, false);
this.checkReadAccess(this.manager, page, false);
this.checkReadAccess(this.user, page, true);
- this.checkReadAccess(this.guest, page, false);
+ this.checkReadAccess(this.guest, page, true);
}
}
@@ -392,9 +392,9 @@
this.checkWriteAccess(this.guest, page, false);
- this.checkReadAccess(this.root, page, false);
+ this.checkReadAccess(this.root, page, true);
this.checkReadAccess(this.administrator, page, false);
- this.checkReadAccess(this.manager, page, false);
+ this.checkReadAccess(this.manager, page, true);
this.checkReadAccess(this.user, page, true);
this.checkReadAccess(this.guest, page, false);
}
@@ -440,7 +440,7 @@
this.checkWriteAccess(this.guest, page, false);
- this.checkReadAccess(this.root, page, false);
+ this.checkReadAccess(this.root, page, true);
this.checkReadAccess(this.administrator, page, false);
this.checkReadAccess(this.manager, page, false);
this.checkReadAccess(this.user, page, true);