Source Code of org.apache.jackrabbit.core.query.SkipDeniedNodesTest

/*
 * Licensed to the Apache Software Foundation (ASF) under one or more
 * contributor license agreements.  See the NOTICE file distributed with
 * this work for additional information regarding copyright ownership.
 * The ASF licenses this file to You under the Apache License, Version 2.0
 * (the "License"); you may not use this file except in compliance with
 * the License.  You may obtain a copy of the License at
 *
 *      http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
package org.apache.jackrabbit.core.query;

import org.apache.jackrabbit.api.jsr283.security.AbstractAccessControlTest;
import org.apache.jackrabbit.api.jsr283.security.AccessControlPolicyIterator;
import org.apache.jackrabbit.api.jsr283.security.AccessControlPolicy;
import org.apache.jackrabbit.api.jsr283.security.Privilege;
import org.apache.jackrabbit.api.security.user.User;
import org.apache.jackrabbit.api.security.user.UserManager;
import org.apache.jackrabbit.api.JackrabbitSession;
import org.apache.jackrabbit.test.NotExecutableException;
import org.apache.jackrabbit.core.security.authorization.JackrabbitAccessControlList;

import javax.jcr.RepositoryException;
import javax.jcr.Node;
import javax.jcr.Session;
import javax.jcr.AccessDeniedException;
import javax.jcr.NodeIterator;
import javax.jcr.query.QueryManager;
import javax.jcr.query.Query;
import java.security.Principal;

/**
 * <code>SkipDeniedNodesTest</code> checks if nodes are correctly skipped
 * when a session does not have access to it.
 */
public class SkipDeniedNodesTest extends AbstractAccessControlTest {

    private Session anonymous;

    private Node n1;
    private Node n2;
    private Node n3;
    private Node n4;

    protected void setUp() throws Exception {
        super.setUp();
        anonymous = helper.getReadOnlySession();

        n1 = testRootNode.addNode(nodeName1);
        n1.setProperty(propertyName1, "a");
        n2 = testRootNode.addNode(nodeName2);
        n2.setProperty(propertyName1, "b");
        n3 = testRootNode.addNode(nodeName3);
        n3.setProperty(propertyName1, "c");
        n4 = testRootNode.addNode(nodeName4);
        n4.setProperty(propertyName1, "d");
        superuser.save();

        JackrabbitAccessControlList acl = getACL(n2.getPath());
        acl.addEntry(getPrincipal(anonymous), privilegesFromName(Privilege.JCR_READ) , false);

        acMgr.setPolicy(n2.getPath(), acl);
        superuser.save();
    }

    public void testSkipNodes() throws RepositoryException {
        Node testNode = (Node) anonymous.getItem(testRoot);
        checkSequence(testNode.getNodes(),
                new String[]{n1.getPath(), n3.getPath(), n4.getPath()});

        QueryManager qm = anonymous.getWorkspace().getQueryManager();
        String ntName = n1.getPrimaryNodeType().getName();
        String stmt = testPath + "/element(*, " + ntName + ") order by @" + propertyName1;
        QueryImpl query = (QueryImpl) qm.createQuery(stmt, Query.XPATH);
        query.setOffset(0);
        query.setLimit(2);
        checkSequence(query.execute().getNodes(), new String[]{n1.getPath(), n3.getPath()});

        query = (QueryImpl) qm.createQuery(stmt, Query.XPATH);
        query.setOffset(2);
        query.setLimit(2);
        checkSequence(query.execute().getNodes(), new String[]{n4.getPath()});
    }

    private void checkSequence(NodeIterator nodes, String[] paths)
            throws RepositoryException {
        for (int i = 0; i < paths.length; i++) {
            assertTrue("No more nodes, expected: " + paths[i], nodes.hasNext());
            assertEquals("Wrong sequence", paths[i], nodes.nextNode().getPath());
        }
        assertFalse("No more nodes expected", nodes.hasNext());
    }

    private static Principal getPrincipal(Session session) throws NotExecutableException {
        UserManager userMgr;
        if (!(session instanceof JackrabbitSession)) {
            throw new NotExecutableException();
        }
        try {
            userMgr = ((JackrabbitSession) session).getUserManager();
            User user = (User) userMgr.getAuthorizable(session.getUserID());
            if (user == null) {
                throw new NotExecutableException("cannot get user for userID : " + session.getUserID());
            }
            return user.getPrincipal();
        } catch (RepositoryException e) {
            throw new NotExecutableException();
        }
    }

    private JackrabbitAccessControlList getACL(String path) throws RepositoryException, AccessDeniedException, NotExecutableException {
        AccessControlPolicyIterator it = acMgr.getApplicablePolicies(path);
        while (it.hasNext()) {
            AccessControlPolicy acp = it.nextAccessControlPolicy();
            if (acp instanceof JackrabbitAccessControlList) {
                return (JackrabbitAccessControlList) acp;
            }
        }
        throw new NotExecutableException("No JackrabbitAccessControlList found at " + path + " .");
    }
}