1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20 package org.apache.directory.server.core.authz.support;
21
22
23 import java.util.ArrayList;
24 import java.util.Collection;
25 import java.util.Collections;
26 import java.util.HashSet;
27 import java.util.Set;
28
29 import javax.naming.NamingException;
30
31 import org.apache.directory.server.core.DefaultDirectoryService;
32 import org.apache.directory.server.core.DirectoryService;
33 import org.apache.directory.server.core.authz.support.OperationScope;
34 import org.apache.directory.server.core.authz.support.RestrictedByFilter;
35 import org.apache.directory.server.core.entry.DefaultServerEntry;
36 import org.apache.directory.server.core.entry.ServerEntry;
37 import org.apache.directory.shared.ldap.aci.ACITuple;
38 import org.apache.directory.shared.ldap.aci.MicroOperation;
39 import org.apache.directory.shared.ldap.aci.ProtectedItem;
40 import org.apache.directory.shared.ldap.aci.UserClass;
41 import org.apache.directory.shared.ldap.aci.ProtectedItem.RestrictedByItem;
42 import org.apache.directory.shared.ldap.constants.AuthenticationLevel;
43 import org.apache.directory.shared.ldap.entry.client.ClientStringValue;
44 import org.apache.directory.shared.ldap.name.LdapDN;
45
46 import org.junit.BeforeClass;
47 import org.junit.Test;
48
49 import static org.junit.Assert.assertEquals;
50
51
52
53
54
55
56
57
58 public class RestrictedByFilterTest
59 {
60 private static final Collection<UserClass> UC_EMPTY_COLLECTION = Collections.unmodifiableCollection( new ArrayList<UserClass>() );
61 private static final Collection<ACITuple> AT_EMPTY_COLLECTION = Collections.unmodifiableCollection( new ArrayList<ACITuple>() );
62 private static final Collection<ProtectedItem> PI_EMPTY_COLLECTION = Collections.unmodifiableCollection( new ArrayList<ProtectedItem>() );
63 private static final Set<MicroOperation> MO_EMPTY_SET = Collections.unmodifiableSet( new HashSet<MicroOperation>() );
64
65 private static final Collection<ProtectedItem> PROTECTED_ITEMS = new ArrayList<ProtectedItem>();
66 private static ServerEntry ENTRY;
67
68 static
69 {
70 Collection<RestrictedByItem> mvcItems = new ArrayList<RestrictedByItem>();
71 mvcItems.add( new RestrictedByItem( "sn", "cn" ) );
72 PROTECTED_ITEMS.add( new ProtectedItem.RestrictedBy( mvcItems ) );
73 }
74
75
76
77 private static DirectoryService service;
78
79
80 @BeforeClass public static void setup() throws NamingException
81 {
82 service = new DefaultDirectoryService();
83
84 LdapDN entryName = new LdapDN( "ou=test, ou=system" );
85 PROTECTED_ITEMS.add( new ProtectedItem.MaxImmSub( 2 ) );
86 ENTRY = new DefaultServerEntry( service.getRegistries(), entryName );
87
88 ENTRY.put( "cn", "1", "2" );
89 }
90
91
92 @Test public void testWrongScope() throws Exception
93 {
94 RestrictedByFilter filter = new RestrictedByFilter();
95 Collection<ACITuple> tuples = new ArrayList<ACITuple>();
96 tuples.add( new ACITuple( UC_EMPTY_COLLECTION, AuthenticationLevel.NONE, PI_EMPTY_COLLECTION, MO_EMPTY_SET, true, 0 ) );
97
98 tuples = Collections.unmodifiableCollection( tuples );
99
100 assertEquals( tuples, filter.filter( null, tuples, OperationScope.ATTRIBUTE_TYPE, null, null, null, null,
101 null, null, null, null, null, null, null ) );
102
103 assertEquals( tuples, filter.filter( null, tuples, OperationScope.ENTRY, null, null, null, null, null, null,
104 null, null, null, null, null ) );
105 }
106
107
108 @Test public void testZeroTuple() throws Exception
109 {
110 RestrictedByFilter filter = new RestrictedByFilter();
111
112 assertEquals( 0, filter.filter( null, AT_EMPTY_COLLECTION, OperationScope.ATTRIBUTE_TYPE_AND_VALUE, null, null,
113 null, null, null, null, null, null, null, null, null ).size() );
114 }
115
116
117 @Test public void testDenialTuple() throws Exception
118 {
119 RestrictedByFilter filter = new RestrictedByFilter();
120 Collection<ACITuple> tuples = new ArrayList<ACITuple>();
121 tuples.add( new ACITuple( UC_EMPTY_COLLECTION, AuthenticationLevel.NONE, PROTECTED_ITEMS, MO_EMPTY_SET, false, 0 ) );
122
123 tuples = Collections.unmodifiableCollection( tuples );
124
125 assertEquals( tuples, filter.filter( null, tuples, OperationScope.ATTRIBUTE_TYPE_AND_VALUE, null, null, null,
126 null, null, null, "testAttr", null, ENTRY, null, null ) );
127 }
128
129
130 @Test public void testGrantTuple() throws Exception
131 {
132 RestrictedByFilter filter = new RestrictedByFilter();
133 Collection<ACITuple> tuples = new ArrayList<ACITuple>();
134 tuples.add( new ACITuple( UC_EMPTY_COLLECTION, AuthenticationLevel.NONE, PROTECTED_ITEMS, MO_EMPTY_SET, true, 0 ) );
135
136 assertEquals( 1, filter.filter( null, tuples, OperationScope.ATTRIBUTE_TYPE_AND_VALUE, null, null, null, null,
137 null, null, "sn", new ClientStringValue( "1" ), ENTRY, null, null ).size() );
138
139 assertEquals( 1, filter.filter( null, tuples, OperationScope.ATTRIBUTE_TYPE_AND_VALUE, null, null, null, null,
140 null, null, "sn", new ClientStringValue( "2" ), ENTRY, null, null ).size() );
141
142 assertEquals( 0, filter.filter( null, tuples, OperationScope.ATTRIBUTE_TYPE_AND_VALUE, null, null, null, null,
143 null, null, "sn", new ClientStringValue( "3" ), ENTRY, null, null ).size() );
144 }
145 }