GetEffectiveRightsTestCase.java revision ea1068c292e9b341af6d6b563cd8988a96be20a9
/*
* CDDL HEADER START
*
* The contents of this file are subject to the terms of the
* Common Development and Distribution License, Version 1.0 only
* (the "License"). You may not use this file except in compliance
* with the License.
*
* You can obtain a copy of the license at legal-notices/CDDLv1_0.txt
* See the License for the specific language governing permissions
* and limitations under the License.
*
* When distributing Covered Code, include this CDDL HEADER in each
* file and include the License file at legal-notices/CDDLv1_0.txt.
* If applicable, add the following below this CDDL HEADER, with the
* fields enclosed by brackets "[]" replaced with your own identifying
* information:
* Portions Copyright [yyyy] [name of copyright owner]
*
* CDDL HEADER END
*
*
* Copyright 2008-2009 Sun Microsystems, Inc.
* Portions Copyright 2013-2015 ForgeRock AS
*/
@SuppressWarnings("javadoc")
public class GetEffectiveRightsTestCase extends AciTestCase {
/** Various results for entryLevel searches. */
private static final
private static final
private static final
private static final
private static final
private static final
/** Results for attributeLevel searches. */
private static final String srwMailAttrRights =
"search:1,read:1,compare:0,write:1," +
"selfwrite_add:0,selfwrite_delete:0,proxy:0";
private static final String srDescrptionAttrRights =
"search:1,read:1,compare:0,write:0," +
"selfwrite_add:0,selfwrite_delete:0,proxy:0";
private static final String srxFaxAttrRights =
"search:1,read:1,compare:0,write:?," +
"selfwrite_add:0,selfwrite_delete:0,proxy:0";
private static final String srPagerAttrRights =
"search:1,read:1,compare:0,write:0," +
"selfwrite_add:0,selfwrite_delete:0,proxy:0";
private static final String selfWriteAttrRights =
"search:0,read:0,compare:0,write:0," +
"selfwrite_add:1,selfwrite_delete:1,proxy:0";
/** Need an ACI to allow proxy control. */
"(version 3.0; acl \"control\";" +
"allow(read) userdn=\"ldap:///anyone\";)";
private static final
"(version 3.0;acl \"aclRights access\";" +
"allow (search, read) " +
"userdn=\"ldap:///uid=superuser,ou=admins,o=test\";)";
private static final
"allow (search, read) " +
"userdn=\"ldap:///uid=superuser,ou=admins,o=test\";)";
/** General ACI for anonymous test. */
private static final
"allow (search, read) " +
"userdn=\"ldap:///anyone\";)";
/** Test ACIs. */
private static final
"allow (add) " +
"userdn=\"ldap:///uid=superuser,ou=admins,o=test\";)";
private static final
"allow (delete) " +
"userdn=\"ldap:///uid=superuser,ou=admins,o=test\";)";
private static final
"allow (write) " +
"userdn=\"ldap:///uid=superuser,ou=admins,o=test\";)";
private static final
"(version 3.0;acl \"write mail access\";" +
"allow (write) " +
"userdn=\"ldap:///uid=superuser,ou=admins,o=test\";)";
private static final
"allow (proxy) " +
"userdn=\"ldap:///uid=superuser,ou=admins,o=test\";)";
private static final
"(targattrfilters=\"add=fax:(fax=*), del=fax:(fax=*)\")" +
"(version 3.0;acl \"allow write fax\";" +
"allow (write)" +
"userdn=\"ldap:///uid=superuser,ou=admins,o=test\";)";
private static final
"(targattrfilters=\"add=pager:(pager=*), del=pager:(pager=*)\")" +
"(version 3.0;acl \"deny write pager\";" +
"deny (write)" +
"userdn=\"ldap:///uid=superuser,ou=admins,o=test\";)";
private static final
"(version 3.0; acl \"selfwrite\"; allow(selfwrite)" + "" +
"userdn=\"ldap:///uid=user.1,ou=People,o=test\";)";
public void setupClass() throws Exception {
addEntries("o=test");
}
public void removeAcis() throws Exception {
}
/**
* Test entry level using the -g param and anonymous dn as the authzid.
* @throws Exception If the search result is empty or a right string
* doesn't match the expected value.
*/
@Test
public void testAnonEntryLevelParams() throws Exception {
}
/**
* Test entry level using the -g param and superuser dn as the authzid.
* @throws Exception If the search result is empty or a right string
* doesn't match the expected value.
*/
@Test
public void testSuEntryLevelParams() throws Exception {
}
/**
* Test entry level using the control OID only (no authzid specified).
* Should use the bound user (superuser) as the authzid.
* @throws Exception If the search result is empty or a right string
* doesn't match the expected value.
*/
@Test
public void testSuEntryLevelCtrl() throws Exception {
}
/**
* Test entry level using the control OID only -- bound as a bypass user.
* Should use the bound user (DIR_MGR) as the authzid.
* @throws Exception If the search result is empty or a right string
* doesn't match the expected value.
*/
@Test
public void testBypassEntryLevelCtrl() throws Exception {
}
/**
* Test attribute level using the -g param and superuser dn as the authzid.
* The attributes used are mail and description. Mail should show write
* access allowed, description should show write access not allowed.
* @throws Exception If the search result is empty or a right string
* doesn't match the expected value.
*/
@Test
public void testSuAttrLevelParams() throws Exception {
}
/**
* Test attribute level using the -g param and superuser dn as the authzid and
* the -e option using pager and fax.
* The attributes used are mail and description. Mail should show write
* access allowed, description should show write access not allowed.
*
* @throws Exception If the search result is empty or a right string
* doesn't match the expected value.
*/
@Test
public void testSuAttrLevelParams2() throws Exception {
}
/**
* Test selfwrite attribute level using the -g param and user.1 dn as the
* authzid and the -e option member.
* The attributes used are mail and description. Mail should show write
* access allowed, description should show write access not allowed.
*
* @throws Exception If the search result is empty or a right string
* doesn't match the expected value.
*/
@Test
public void testSuAttrLevelParams3() throws Exception {
}
private void
}
private void
throws Exception {
}
}