Examples of org.apache.jackrabbit.api.security.user.Group

• org.apache.jackrabbit.api.security.user.Group
  A Group is a collection of {@link #getMembers() Authorizable}s.

     * @throws javax.jcr.RepositoryException If an error occurs.
     */
    private boolean isCyclicMembership(Authorizable newMember) throws RepositoryException {
        boolean cyclic = false;
        if (newMember.isGroup()) {
            Group gr = (Group) newMember;
            cyclic = gr.isMember(this);
        }
        return cyclic;
    }

    public void testCreatingGroupWithNameMatchingExistingUserId() throws RepositoryException {
        Principal p = getTestPrincipal();
        String uid = getTestUserId(p);

        User u = null;
        Group gr = null;
        try {
            u = userMgr.createUser(uid, buildPassword(uid, true), p, null);
            gr = userMgr.createGroup(new TestPrincipal(uid));

            String msg = "Creating a Group with a principal-name that exists as UserID -> must create new GroupID but keep PrincipalName.";
            assertFalse(msg, gr.getID().equals(gr.getPrincipal().getName()));
            assertFalse(msg, gr.getID().equals(uid));
            assertFalse(msg, gr.getID().equals(u.getID()));
            assertEquals(msg, uid, gr.getPrincipal().getName());
        } finally {
            if (u != null) {
                u.remove();
            }
            if (gr != null) {
                gr.remove();
            }
        }
    }

            }
        }
    }

    public void testFindGroup() throws RepositoryException {
        Group gr = null;
        try {
            Principal p = getTestPrincipal();
            gr = userMgr.createGroup(p);

            boolean found = false;
            Iterator it = userMgr.findAuthorizables(pPrincipalName, null, UserManager.SEARCH_TYPE_GROUP);
            while (it.hasNext() && !found) {
                Group ng = (Group) it.next();
                found = ng.getPrincipal().getName().equals(p.getName());
            }
            assertTrue("Searching for \"\" must find the created group.", found);

            it = userMgr.findAuthorizables(pPrincipalName, p.getName(), UserManager.SEARCH_TYPE_GROUP);
            assertTrue(it.hasNext());
            Group ng = (Group) it.next();
            assertEquals("Searching for principal-name must find the created group.", p.getName(), ng.getPrincipal().getName());
            assertFalse("Only a single group must be found for a given principal name.", it.hasNext());

            // but search users should not find anything
            it = userMgr.findAuthorizables(pPrincipalName, p.getName(), UserManager.SEARCH_TYPE_USER);
            assertFalse(it.hasNext());

            // success.
        }
    }

    public void testGroupPermissions() throws NotExecutableException, RepositoryException {
        Group testGroup = getTestGroup();
        AccessControlManager testAcMgr = getTestACManager();
        /*
         precondition:
         testuser must have READ-only permission on test-node and below
        */
        checkReadOnly(path);

        /* add privileges for the Group the test-user is member of */
        Privilege[] privileges = privilegesFromName(Privilege.JCR_MODIFY_PROPERTIES);
        givePrivileges(path, testGroup.getPrincipal(), privileges, getRestrictions(superuser, path));

        /* testuser must get the permissions/privileges inherited from
           the group it is member of.
         */
        String actions = javax.jcr.Session.ACTION_SET_PROPERTY + "," + javax.jcr.Session.ACTION_READ;

        Privilege[] privs = privilegesFromName(Privilege.JCR_MODIFY_PROPERTIES);
        assertTrue(testAcMgr.hasPrivileges(path, privs));
    }

    public void testMixedUserGroupPermissions() throws NotExecutableException, RepositoryException {
        Group testGroup = getTestGroup();
        AccessControlManager testAcMgr = getTestACManager();
        /*
         precondition:
         testuser must have READ-only permission on test-node and below
        */
        checkReadOnly(path);

        /* explicitely withdraw MODIFY_PROPERTIES for the user */
        Privilege[] privileges = privilegesFromName(Privilege.JCR_MODIFY_PROPERTIES);
        withdrawPrivileges(path, testUser.getPrincipal(), privileges, getRestrictions(superuser, path));
        /* give MODIFY_PROPERTIES privilege for a Group the test-user is member of */
        givePrivileges(path, testGroup.getPrincipal(), privileges, getRestrictions(superuser, path));
        /*
         since user-permissions overrule the group permissions, testuser must
         not have set_property action / modify_properties privilege.
         */
        String actions = javax.jcr.Session.ACTION_SET_PROPERTY;

        return childUID;
    }

    public void testIsGroupAdmin() throws RepositoryException, NotExecutableException {
        UserManager umgr = getUserManager(uSession);
        Group gr = (Group) umgr.getAuthorizable(grID);

        assertTrue(gr.isMember(umgr.getAuthorizable(uID)));
    }

        }
    }

    public void testCreateGroup() throws RepositoryException, NotExecutableException {
        UserManager umgr = getUserManager(uSession);
        Group testGroup = null;
        try {
            testGroup = umgr.createGroup(getTestPrincipal());
            assertTrue(Text.isDescendant(UserConstants.GROUPS_PATH, ((GroupImpl)testGroup).getNode().getPath()));
        } finally {
            if (testGroup != null) {
                testGroup.remove();
            }
        }
    }

        }
    }

    public void testCreateGroupWithIntermediatePath() throws RepositoryException, NotExecutableException {
        UserManager umgr = getUserManager(uSession);
        Group testGroup = null;
        try {
            testGroup = umgr.createGroup(getTestPrincipal(), "/any/intermediate/path");
            assertTrue(Text.isDescendant(UserConstants.GROUPS_PATH + "/any/intermediate/path", ((GroupImpl)testGroup).getNode().getPath()));
        } finally {
            if (testGroup != null) {
                testGroup.remove();
            }
        }
    }

    }

    public void testAddChildToGroup() throws RepositoryException, NotExecutableException {
        UserManager umgr = getUserManager(uSession);
        Authorizable cU = umgr.getAuthorizable(getChildID());
        Group gr = (Group) umgr.getAuthorizable(grID);

        // adding and removing the child-user as member of a group not
        // succeed as long editing session is not user-admin.
        try {
            assertFalse(gr.addMember(cU));
        } catch (AccessDeniedException e) {
            // ok
        } finally {
            gr.removeMember(cU);
        }
    }

        Authorizable auth = umgr.getAuthorizable(UserConstants.USER_ADMIN_GROUP_NAME);
        if (auth == null || !auth.isGroup()) {
            throw new NotExecutableException("Cannot execute test. User-Admin name has been changed by config.");
        }
        Group userAdmin = (Group)auth;
        User self = (User) umgr.getAuthorizable(uID);
        try {
            assertTrue(userAdmin.addMember(self));

            Group gr = (Group) umgr.getAuthorizable(groupAdmin.getID());
            assertTrue(gr.addMember(cU));
            assertTrue(gr.removeMember(cU));
        } finally {
            userAdmin.removeMember(self);
        }
    }