}
}
public void testAccessControlModification() throws RepositoryException, NotExecutableException {
SessionImpl testSession = getTestSession();
AccessControlManager testAcMgr = getTestACManager();
/* precondition:
testuser must have READ-only permission on test-node and below
*/
checkReadOnly(path);
// give 'testUser' ADD_CHILD_NODES|MODIFY_PROPERTIES| REMOVE_CHILD_NODES privileges at 'path'
Privilege[] privileges = privilegesFromNames(new String[] {
Privilege.JCR_ADD_CHILD_NODES,
Privilege.JCR_REMOVE_CHILD_NODES,
Privilege.JCR_MODIFY_PROPERTIES
});
JackrabbitAccessControlList tmpl = givePrivileges(path, privileges, getRestrictions(path));
/*
testuser must not have
- permission to view AC items
- permission to modify AC items
*/
// make sure the 'rep:policy' node has been created.
assertTrue(superuser.itemExists(tmpl.getPath() + "/rep:policy"));
// the policy node however must not be visible to the test-user
assertFalse(testSession.itemExists(tmpl.getPath() + "/rep:policy"));
try {
testAcMgr.getPolicies(tmpl.getPath());
fail("test user must not have READ_AC privilege.");
} catch (AccessDeniedException e) {
// success
}
try {
testAcMgr.getEffectivePolicies(tmpl.getPath());
fail("test user must not have READ_AC privilege.");
} catch (AccessDeniedException e) {
// success
}
try {
testAcMgr.getEffectivePolicies(path);
fail("test user must not have READ_AC privilege.");
} catch (AccessDeniedException e) {
// success
}
try {
testAcMgr.removePolicy(tmpl.getPath(), new AccessControlPolicy() {});
fail("test user must not have MODIFY_AC privilege.");
} catch (AccessDeniedException e) {
// success
}
}