1   /*
2    *  Licensed to the Apache Software Foundation (ASF) under one
3    *  or more contributor license agreements.  See the NOTICE file
4    *  distributed with this work for additional information
5    *  regarding copyright ownership.  The ASF licenses this file
6    *  to you under the Apache License, Version 2.0 (the
7    *  "License"); you may not use this file except in compliance
8    *  with the License.  You may obtain a copy of the License at
9    *  
10   *    http://www.apache.org/licenses/LICENSE-2.0
11   *  
12   *  Unless required by applicable law or agreed to in writing,
13   *  software distributed under the License is distributed on an
14   *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
15   *  KIND, either express or implied.  See the License for the
16   *  specific language governing permissions and limitations
17   *  under the License. 
18   *  
19   */
20  package org.apache.directory.server.core.authz.support;
21  
22  
23  import java.util.ArrayList;
24  import java.util.Collection;
25  import java.util.Collections;
26  import java.util.HashSet;
27  import java.util.Set;
28  
29  import javax.naming.NamingException;
30  
31  import org.apache.directory.server.core.DefaultDirectoryService;
32  import org.apache.directory.server.core.DirectoryService;
33  import org.apache.directory.server.core.authz.support.OperationScope;
34  import org.apache.directory.server.core.authz.support.RestrictedByFilter;
35  import org.apache.directory.server.core.entry.DefaultServerEntry;
36  import org.apache.directory.server.core.entry.ServerEntry;
37  import org.apache.directory.shared.ldap.aci.ACITuple;
38  import org.apache.directory.shared.ldap.aci.MicroOperation;
39  import org.apache.directory.shared.ldap.aci.ProtectedItem;
40  import org.apache.directory.shared.ldap.aci.UserClass;
41  import org.apache.directory.shared.ldap.aci.ProtectedItem.RestrictedByItem;
42  import org.apache.directory.shared.ldap.constants.AuthenticationLevel;
43  import org.apache.directory.shared.ldap.entry.client.ClientStringValue;
44  import org.apache.directory.shared.ldap.name.LdapDN;
45  
46  import org.junit.BeforeClass;
47  import org.junit.Test;
48  
49  import static org.junit.Assert.assertEquals;
50  
51  
52  /**
53   * Tests {@link RestrictedByFilter}.
54   *
55   * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
56   * @version $Rev: 638228 $, $Date: 2008-03-18 07:12:41 +0100 (Di, 18 Mär 2008) $
57   */
58  public class RestrictedByFilterTest
59  {
60      private static final Collection<UserClass> UC_EMPTY_COLLECTION = Collections.unmodifiableCollection( new ArrayList<UserClass>() );
61      private static final Collection<ACITuple> AT_EMPTY_COLLECTION = Collections.unmodifiableCollection( new ArrayList<ACITuple>() );
62      private static final Collection<ProtectedItem> PI_EMPTY_COLLECTION = Collections.unmodifiableCollection( new ArrayList<ProtectedItem>() );
63      private static final Set<MicroOperation> MO_EMPTY_SET = Collections.unmodifiableSet( new HashSet<MicroOperation>() );
64  
65      private static final Collection<ProtectedItem> PROTECTED_ITEMS = new ArrayList<ProtectedItem>();
66      private static ServerEntry ENTRY;
67  
68      static
69      {
70          Collection<RestrictedByItem> mvcItems = new ArrayList<RestrictedByItem>();
71          mvcItems.add( new RestrictedByItem( "sn", "cn" ) );
72          PROTECTED_ITEMS.add( new ProtectedItem.RestrictedBy( mvcItems ) );
73      }
74  
75  
76      /** A reference to the directory service */
77      private static DirectoryService service;
78  
79      
80      @BeforeClass public static void setup() throws NamingException
81      {
82          service = new DefaultDirectoryService();
83  
84          LdapDN entryName = new LdapDN( "ou=test, ou=system" );
85          PROTECTED_ITEMS.add( new ProtectedItem.MaxImmSub( 2 ) );
86          ENTRY = new DefaultServerEntry( service.getRegistries(), entryName );
87  
88          ENTRY.put( "cn", "1", "2" );
89      }
90  
91  
92      @Test public void testWrongScope() throws Exception
93      {
94          RestrictedByFilter filter = new RestrictedByFilter();
95          Collection<ACITuple> tuples = new ArrayList<ACITuple>();
96          tuples.add( new ACITuple( UC_EMPTY_COLLECTION, AuthenticationLevel.NONE, PI_EMPTY_COLLECTION, MO_EMPTY_SET, true, 0 ) );
97  
98          tuples = Collections.unmodifiableCollection( tuples );
99  
100         assertEquals( tuples, filter.filter( null, tuples, OperationScope.ATTRIBUTE_TYPE, null, null, null, null,
101             null, null, null, null, null, null, null ) );
102 
103         assertEquals( tuples, filter.filter( null, tuples, OperationScope.ENTRY, null, null, null, null, null, null,
104             null, null, null, null, null ) );
105     }
106 
107 
108     @Test public void testZeroTuple() throws Exception
109     {
110         RestrictedByFilter filter = new RestrictedByFilter();
111 
112         assertEquals( 0, filter.filter( null, AT_EMPTY_COLLECTION, OperationScope.ATTRIBUTE_TYPE_AND_VALUE, null, null,
113             null, null, null, null, null, null, null, null, null ).size() );
114     }
115 
116 
117     @Test public void testDenialTuple() throws Exception
118     {
119         RestrictedByFilter filter = new RestrictedByFilter();
120         Collection<ACITuple> tuples = new ArrayList<ACITuple>();
121         tuples.add( new ACITuple( UC_EMPTY_COLLECTION, AuthenticationLevel.NONE, PROTECTED_ITEMS, MO_EMPTY_SET, false, 0 ) );
122 
123         tuples = Collections.unmodifiableCollection( tuples );
124 
125         assertEquals( tuples, filter.filter( null, tuples, OperationScope.ATTRIBUTE_TYPE_AND_VALUE, null, null, null,
126             null, null, null, "testAttr", null, ENTRY, null, null ) );
127     }
128 
129 
130     @Test public void testGrantTuple() throws Exception
131     {
132         RestrictedByFilter filter = new RestrictedByFilter();
133         Collection<ACITuple> tuples = new ArrayList<ACITuple>();
134         tuples.add( new ACITuple( UC_EMPTY_COLLECTION, AuthenticationLevel.NONE, PROTECTED_ITEMS, MO_EMPTY_SET, true, 0 ) );
135 
136         assertEquals( 1, filter.filter( null, tuples, OperationScope.ATTRIBUTE_TYPE_AND_VALUE, null, null, null, null,
137             null, null, "sn", new ClientStringValue( "1" ), ENTRY, null, null ).size() );
138 
139         assertEquals( 1, filter.filter( null, tuples, OperationScope.ATTRIBUTE_TYPE_AND_VALUE, null, null, null, null,
140             null, null, "sn", new ClientStringValue( "2" ), ENTRY, null, null ).size() );
141 
142         assertEquals( 0, filter.filter( null, tuples, OperationScope.ATTRIBUTE_TYPE_AND_VALUE, null, null, null, null,
143             null, null, "sn", new ClientStringValue( "3" ), ENTRY, null, null ).size() );
144     }
145 }