From a9394eec5f5d08a9493f1d92057db2910fe4df4c Mon Sep 17 00:00:00 2001
From: Jean-Noel Rouvignac <jean-noel.rouvignac@forgerock.com>
Date: Wed, 03 Jul 2013 13:43:43 +0000
Subject: [PATCH] First stab at having debuggable ACIs. Modified the code after feedback from Ludo.
---
opendj-sdk/opends/tests/unit-tests-testng/src/server/org/opends/server/authorization/dseecompat/EnumRightTest.java | 79 ++++++++++++++++++++++++++
opendj-sdk/opends/src/server/org/opends/server/authorization/dseecompat/EnumRight.java | 60 +++++++++++++-------
2 files changed, 118 insertions(+), 21 deletions(-)
diff --git a/opendj-sdk/opends/src/server/org/opends/server/authorization/dseecompat/EnumRight.java b/opendj-sdk/opends/src/server/org/opends/server/authorization/dseecompat/EnumRight.java
index 4b195a0..97d3c42 100644
--- a/opendj-sdk/opends/src/server/org/opends/server/authorization/dseecompat/EnumRight.java
+++ b/opendj-sdk/opends/src/server/org/opends/server/authorization/dseecompat/EnumRight.java
@@ -39,59 +39,71 @@
/**
* This enumeration is returned when the result of the right is "read".
+ *
+ * @see Aci#ACI_READ
*/
READ ("read"),
/**
* This enumeration is returned when the result of the right is "write".
+ *
+ * @see Aci#ACI_WRITE
*/
WRITE ("write"),
/**
* This enumeration is returned when the result of the right is "add".
+ *
+ * @see Aci#ACI_ADD
*/
ADD ("add"),
/**
* This enumeration is returned when the result of the right is "delete".
+ *
+ * @see Aci#ACI_DELETE
*/
DELETE ("delete"),
/**
* This enumeration is returned when the result of the right is "search".
+ *
+ * @see Aci#ACI_SEARCH
*/
SEARCH ("search"),
/**
* This enumeration is returned when the result of the right is "compare".
+ *
+ * @see Aci#ACI_COMPARE
*/
COMPARE ("compare"),
/**
* This enumeration is returned when the result of the right is
* "selfwrite".
+ *
+ * @see Aci#ACI_SELF
*/
SELFWRITE ("selfwrite"),
/**
* This enumeration is returned when the result of the right is "proxy".
+ *
+ * @see Aci#ACI_PROXY
*/
PROXY ("proxy"),
/**
* This enumeration is returned when the result of the right is "import".
+ *
+ * @see Aci#ACI_IMPORT
*/
IMPORT ("import"),
/**
* This enumeration is returned when the result of the right is "export".
+ *
+ * @see Aci#ACI_EXPORT
*/
EXPORT ("export"),
/**
* This enumeration is returned when the result of the right is "all".
+ *
+ * @see Aci#ACI_ALL
*/
- ALL ("all"),
- /**
- * This enumeration is used internally by the modify operation
- * processing and is not part of the ACI syntax.
- */
- DELWRITE ("delwrite"),
- /**
- * This enumerations is used internally by the modify operation
- * processing and is not part of the ACI syntax.
- */
- ADDWRITE ("addwrite");
+ ALL ("all");
/**
* The name of the right.
@@ -193,10 +205,22 @@
* @return EnumRight corresponding to the provided rightsMask.
*/
public static Set<EnumRight> getEnumRight(int rightsMask) {
- if (hasRights(rightsMask, ACI_ALL))
- return EnumSet.of(ALL);
-
final EnumSet<EnumRight> results = EnumSet.noneOf(EnumRight.class);
+ // Next 3 rights are not included in ALL for historical reasons.
+ // ALL already existed when they got added. For compatibility reasons
+ // with existing deployments, they were not included in ALL.
+ if (hasRights(rightsMask, ACI_EXPORT))
+ results.add(EXPORT);
+ if (hasRights(rightsMask, ACI_IMPORT))
+ results.add(IMPORT);
+ if (hasRights(rightsMask, ACI_PROXY))
+ results.add(PROXY);
+
+ if (hasRights(rightsMask, ACI_ALL)) {
+ results.add(ALL);
+ return results;
+ }
+ // the remaining rights are already included in ALL
if (hasRights(rightsMask, ACI_READ))
results.add(READ);
if (hasRights(rightsMask, ACI_WRITE))
@@ -209,13 +233,7 @@
results.add(SEARCH);
if (hasRights(rightsMask, ACI_COMPARE))
results.add(COMPARE);
- if (hasRights(rightsMask, ACI_EXPORT))
- results.add(EXPORT);
- if (hasRights(rightsMask, ACI_IMPORT))
- results.add(IMPORT);
- if (hasRights(rightsMask, ACI_PROXY))
- results.add(PROXY);
- if (hasRights(rightsMask, ACI_SELF))
+ if (hasRights(rightsMask, ACI_SELF)) // included in WRITE
results.add(SELFWRITE);
return results;
}
diff --git a/opendj-sdk/opends/tests/unit-tests-testng/src/server/org/opends/server/authorization/dseecompat/EnumRightTest.java b/opendj-sdk/opends/tests/unit-tests-testng/src/server/org/opends/server/authorization/dseecompat/EnumRightTest.java
new file mode 100644
index 0000000..c946114
--- /dev/null
+++ b/opendj-sdk/opends/tests/unit-tests-testng/src/server/org/opends/server/authorization/dseecompat/EnumRightTest.java
@@ -0,0 +1,79 @@
+/*
+ * CDDL HEADER START
+ *
+ * The contents of this file are subject to the terms of the
+ * Common Development and Distribution License, Version 1.0 only
+ * (the "License"). You may not use this file except in compliance
+ * with the License.
+ *
+ * You can obtain a copy of the license at
+ * trunk/opends/resource/legal-notices/OpenDS.LICENSE
+ * or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+ * See the License for the specific language governing permissions
+ * and limitations under the License.
+ *
+ * When distributing Covered Code, include this CDDL HEADER in each
+ * file and include the License file at
+ * trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+ * add the following below this CDDL HEADER, with the fields enclosed
+ * by brackets "[]" replaced with your own identifying information:
+ * Portions Copyright [yyyy] [name of copyright owner]
+ *
+ * CDDL HEADER END
+ *
+ *
+ * Copyright 2013 ForgeRock AS
+ */
+package org.opends.server.authorization.dseecompat;
+
+import static org.opends.server.authorization.dseecompat.Aci.*;
+import static org.opends.server.authorization.dseecompat.EnumRight.*;
+import static org.testng.Assert.*;
+
+import java.util.EnumSet;
+import java.util.Set;
+
+import org.testng.annotations.DataProvider;
+import org.testng.annotations.Test;
+
+@SuppressWarnings("javadoc")
+public class EnumRightTest extends AciTestCase
+{
+
+ private static final int ALL_RIGHTS_MASK = ACI_READ | ACI_WRITE | ACI_ADD
+ | ACI_DELETE | ACI_SEARCH | ACI_COMPARE | ACI_SELF;
+
+ @DataProvider(name = "aciRightsToEnumRights")
+ public Object[][] aciRightsToEnumRights()
+ {
+ return new Object[][] {
+ { ACI_NULL, EnumSet.noneOf(EnumRight.class) },
+ { ACI_READ, EnumSet.of(READ) },
+ { ACI_WRITE, EnumSet.of(WRITE) },
+ { ACI_ADD, EnumSet.of(ADD) },
+ { ACI_DELETE, EnumSet.of(DELETE) },
+ { ACI_SEARCH, EnumSet.of(SEARCH) },
+ { ACI_COMPARE, EnumSet.of(COMPARE) },
+ { ACI_SELF, EnumSet.of(SELFWRITE) },
+ { ALL_RIGHTS_MASK, EnumSet.of(ALL) },
+ { ACI_ALL, EnumSet.of(ALL) },
+ { ACI_EXPORT , EnumSet.of(EXPORT) },
+ { ACI_IMPORT, EnumSet.of(IMPORT) },
+ { ACI_PROXY, EnumSet.of(PROXY) },
+ { ACI_EXPORT | ACI_IMPORT, EnumSet.of(EXPORT, IMPORT) },
+ { ACI_ALL | ACI_EXPORT | ACI_IMPORT, EnumSet.of(ALL, EXPORT, IMPORT) },
+ };
+ }
+
+ @Test
+ public void aciAllValue() throws Exception
+ {
+ assertEquals(ALL_RIGHTS_MASK, ACI_ALL);
+ }
+
+ @Test(dependsOnMethods = "aciAllValue", dataProvider = "aciRightsToEnumRights")
+ public void getEnumRight(int aciRightsMask, Set<EnumRight> enumRightSet) throws Exception
+ {
+ assertEquals(EnumRight.getEnumRight(aciRightsMask), enumRightSet);
+ }
+}
--
Gitblit v1.10.0