This project has retired. For details please refer to its Attic page.
AclPermissionsTest xref

1   package org.apache.chemistry.opencmis.inmemory;
2   
3   import static org.junit.Assert.assertTrue;
4   import static org.junit.Assert.fail;
5   
6   import java.math.BigInteger;
7   import java.util.ArrayList;
8   import java.util.Arrays;
9   import java.util.Collections;
10  import java.util.GregorianCalendar;
11  import java.util.HashMap;
12  import java.util.List;
13  import java.util.Map;
14  
15  import junit.framework.Assert;
16  
17  import org.apache.chemistry.opencmis.commons.PropertyIds;
18  import org.apache.chemistry.opencmis.commons.data.Ace;
19  import org.apache.chemistry.opencmis.commons.data.Acl;
20  import org.apache.chemistry.opencmis.commons.data.ContentStream;
21  import org.apache.chemistry.opencmis.commons.data.ExtensionsData;
22  import org.apache.chemistry.opencmis.commons.data.ObjectData;
23  import org.apache.chemistry.opencmis.commons.data.ObjectInFolderContainer;
24  import org.apache.chemistry.opencmis.commons.data.ObjectInFolderData;
25  import org.apache.chemistry.opencmis.commons.data.ObjectInFolderList;
26  import org.apache.chemistry.opencmis.commons.data.ObjectList;
27  import org.apache.chemistry.opencmis.commons.data.ObjectParentData;
28  import org.apache.chemistry.opencmis.commons.data.Properties;
29  import org.apache.chemistry.opencmis.commons.data.PropertyData;
30  import org.apache.chemistry.opencmis.commons.data.RenditionData;
31  import org.apache.chemistry.opencmis.commons.enums.AclPropagation;
32  import org.apache.chemistry.opencmis.commons.enums.BaseTypeId;
33  import org.apache.chemistry.opencmis.commons.enums.IncludeRelationships;
34  import org.apache.chemistry.opencmis.commons.enums.VersioningState;
35  import org.apache.chemistry.opencmis.commons.exceptions.CmisPermissionDeniedException;
36  import org.apache.chemistry.opencmis.commons.impl.jaxb.EnumBaseObjectTypeIds;
37  import org.apache.chemistry.opencmis.commons.impl.jaxb.EnumBasicPermissions;
38  import org.apache.chemistry.opencmis.commons.server.CallContext;
39  import org.apache.chemistry.opencmis.commons.spi.Holder;
40  import org.apache.chemistry.opencmis.inmemory.storedobj.api.ObjectStore;
41  import org.apache.chemistry.opencmis.inmemory.storedobj.impl.InMemoryAce;
42  import org.apache.chemistry.opencmis.server.support.query.CalendarHelper;
43  import org.apache.commons.logging.Log;
44  import org.apache.commons.logging.LogFactory;
45  import org.junit.After;
46  import org.junit.Before;
47  import org.junit.Test;
48  
49  public class AclPermissionsTest extends AbstractServiceTest  {
50  
51  	private static Log LOG = LogFactory.getLog(AclPermissionsTest.class);
52  	private static final BigInteger MINUS_ONE = BigInteger.valueOf(-1L);
53  	
54      protected ObjectCreator fCreator;
55  	protected ObjectStore objectStore = null;
56  	protected List<Ace> addACEs = null;
57  	protected Acl addAcl = null;
58  	protected List<Ace> standardACEs = null;
59  	protected Acl standardAcl = null;
60  	protected List<Ace> noReadACEs = null;
61  	protected Acl noReadAcl = null;
62  	protected List<Ace>readACEs = null;
63  	protected Acl readAcl = null;
64  	protected List<Ace>readWriteACEs = null;
65  	protected Acl readWriteAcl = null;
66  	protected List<Ace> writerReadACEs = null;
67  	protected Acl writerReadAcl = null;
68  	protected List<Ace> adminACEs = null;
69  	protected Acl adminAcl = null;
70  	protected List<Ace> testUserACEs = null;
71  	protected Acl testUserAcl = null;
72  	protected Acl defaultAcl = null;
73  	
74  	protected static Map<String, String> idMap = new HashMap<String, String>();
75  	
76      @Override
77      @After
78      public void tearDown() {
79          super.tearDown();
80      }
81  
82      @Override
83      @Before
84      public void setUp() {
85          super.setTypeCreatorClass(UnitTestTypeSystemCreator.class.getName());
86          super.setUp();
87          fCreator = new ObjectCreator(fFactory, fObjSvc, fRepositoryId);
88  		 List<String> principalIds = new ArrayList<String>(3);
89  		 principalIds.add("TestAdmin");
90  		 principalIds.add("Writer");
91  		 principalIds.add("Reader");
92  		 principalIds.add("TestUser");
93  		addACEs = new ArrayList<Ace>(4);
94  		addACEs.add(createAce("TestAdmin", EnumBasicPermissions.CMIS_ALL));
95  		addACEs.add(createAce("Writer", EnumBasicPermissions.CMIS_WRITE));
96  		addACEs.add(createAce("TestUser", EnumBasicPermissions.CMIS_WRITE));
97  		addACEs.add(createAce("Reader", EnumBasicPermissions.CMIS_READ));
98  		addAcl = fFactory.createAccessControlList(addACEs);
99  		
100 		standardACEs = new ArrayList<Ace>(3);
101 		standardACEs.add(createAce("TestAdmin", EnumBasicPermissions.CMIS_ALL));
102 		standardACEs.add(createAce("Writer", EnumBasicPermissions.CMIS_WRITE));
103 		standardACEs.add(createAce("Reader", EnumBasicPermissions.CMIS_READ));
104 		standardAcl = fFactory.createAccessControlList(standardACEs);	
105 		
106 		noReadACEs = new ArrayList<Ace>(2);
107 		noReadACEs.add(createAce("TestAdmin", EnumBasicPermissions.CMIS_ALL));
108 		noReadACEs.add(createAce("Writer", EnumBasicPermissions.CMIS_WRITE));
109 		noReadAcl = fFactory.createAccessControlList(noReadACEs);	
110 		
111 		readACEs = new ArrayList<Ace>(1);
112 		readACEs.add(createAce("Reader", EnumBasicPermissions.CMIS_READ));
113 		readAcl = fFactory.createAccessControlList(readACEs);	
114 		
115 		readWriteACEs = new ArrayList<Ace>(2);
116 		readWriteACEs.add(createAce("Reader", EnumBasicPermissions.CMIS_READ));
117 		readWriteACEs.add(createAce("Writer", EnumBasicPermissions.CMIS_WRITE));
118 		readWriteAcl = fFactory.createAccessControlList(readWriteACEs);	
119 		
120 		testUserACEs = new ArrayList<Ace>(1);
121 		testUserACEs.add(createAce("TestUser", EnumBasicPermissions.CMIS_WRITE));
122 		testUserAcl = fFactory.createAccessControlList(testUserACEs);	
123 		
124 		writerReadACEs = new ArrayList<Ace>(1);
125 		writerReadACEs.add(createAce("Writer", EnumBasicPermissions.CMIS_READ));
126 		writerReadAcl = fFactory.createAccessControlList(writerReadACEs);	
127 		
128 		adminACEs = new ArrayList<Ace>(1);
129 		adminACEs.add(createAce("TestAdmin", EnumBasicPermissions.CMIS_ALL));
130 		adminAcl = fFactory.createAccessControlList(adminACEs);	
131 		
132 		List<Ace> defaultACEs = new ArrayList<Ace>(1);
133         defaultACEs.add(createAce(InMemoryAce.getAnyoneUser(), EnumBasicPermissions.CMIS_ALL));
134         defaultAcl = fFactory.createAccessControlList(defaultACEs); 
135 	}
136 
137 	@Test
138 	public void testCreateObjectsWithAcl()
139 	{
140 		// create a document with initial ACL
141 		String docId = createDocumentWithAcls("complexDocument",  fRootFolderId, UnitTestTypeSystemCreator.COMPLEX_TYPE,
142 				addAcl, defaultAcl);
143 		Acl acl1 = fAclSvc.getAcl(fRepositoryId, docId, true, null);
144 		assertTrue(aclEquals(addAcl, acl1));
145 		
146 		// create a folder with initial ACL
147 		String folderId = createFolderWithAcls("folderWithAcl", fRootFolderId, BaseTypeId.CMIS_FOLDER.value(),
148 				addAcl, defaultAcl);
149 		Acl acl2 = fAclSvc.getAcl(fRepositoryId, folderId, true, null);
150 		assertTrue(aclEquals(addAcl, acl2));
151 		
152 		// add acl later
153 		String docId2 = createVersionedDocument("complexDocument2",  fRootFolderId);
154         Acl acl = fAclSvc.applyAcl(fRepositoryId, docId2, addAcl, defaultAcl, AclPropagation.OBJECTONLY, null);
155 		assertTrue(aclEquals(addAcl, acl));
156 		
157 		String folderId2 = createFolder("folder2", fRootFolderId, "cmis:folder");
158 		acl2 = fAclSvc.applyAcl(fRepositoryId, folderId2, addAcl, defaultAcl, AclPropagation.OBJECTONLY, null);
159 		assertTrue(aclEquals(addAcl, acl2));
160 		
161 		// add a subfolder
162 		String subFolderId = createFolder("subFolder", folderId,  BaseTypeId.CMIS_FOLDER.value());
163 		// folder should inherit acl
164 		Acl subAcl = fAclSvc.getAcl(fRepositoryId, subFolderId, true, null);
165 		assertTrue(aclEquals(addAcl, subAcl));
166 		
167 		// add a document
168 		String subDocId = createVersionedDocument("subDoc", subFolderId);
169 		// document should inherit acl
170 		Acl subAclDoc = fAclSvc.getAcl(fRepositoryId, subDocId, true, null);
171 		assertTrue(aclEquals(addAcl, subAclDoc));
172 		
173 		// remove an ace, no permission is left for TestUser
174 		Acl removeAcl = createAcl("TestUser", EnumBasicPermissions.CMIS_WRITE);
175 		Acl acl3 = fAclSvc.applyAcl(fRepositoryId, docId2, null, removeAcl, AclPropagation.OBJECTONLY, null);
176 		
177 		List<Ace> compareRemoveACEs = new ArrayList<Ace>(3);
178 		compareRemoveACEs.add(createAce("TestAdmin", EnumBasicPermissions.CMIS_ALL));
179 		compareRemoveACEs.add(createAce("Writer", EnumBasicPermissions.CMIS_WRITE));
180 		compareRemoveACEs.add(createAce("Reader", EnumBasicPermissions.CMIS_READ));
181 		Acl compareRemoveAcl = fFactory.createAccessControlList(compareRemoveACEs);
182 		
183 		assertTrue(aclEquals(compareRemoveAcl, acl3));
184 		
185 		// addACE not propagated
186 		Acl addPropAcl = createAcl("TestUser", EnumBasicPermissions.CMIS_WRITE);
187 		
188 		Acl acl4 = fAclSvc.applyAcl(fRepositoryId, subFolderId, addPropAcl, null, AclPropagation.OBJECTONLY, null);
189 		Acl subAclDoc2 = fAclSvc.getAcl(fRepositoryId, subDocId, true, null);
190 		assertTrue(aclEquals(addAcl, subAclDoc2));  // acl of doc did not change
191 		
192 		List<Ace> compareRemoveACEs2 = new ArrayList<Ace>(4);
193 		compareRemoveACEs2.add(createAce("TestAdmin", EnumBasicPermissions.CMIS_ALL));
194 		compareRemoveACEs2.add(createAce("Writer", EnumBasicPermissions.CMIS_WRITE));
195 		compareRemoveACEs2.add(createAce("TestUser", EnumBasicPermissions.CMIS_ALL));
196 		compareRemoveACEs2.add(createAce("Reader", EnumBasicPermissions.CMIS_READ));
197 		Acl compareRemoveAcl2 = fFactory.createAccessControlList(compareRemoveACEs2);
198 		assertTrue(aclEquals(compareRemoveAcl2, acl4)); 
199 		
200 		// addACE propagated
201 		Acl acl5 = fAclSvc.applyAcl(fRepositoryId, subFolderId, addPropAcl, null, AclPropagation.PROPAGATE, null);
202 		Acl subAclDoc3 = fAclSvc.getAcl(fRepositoryId, subDocId, true, null);
203 		assertTrue(aclEquals(compareRemoveAcl2, subAclDoc3));  // acl of doc did change
204 		assertTrue(aclEquals(compareRemoveAcl2, acl5)); 
205 	}
206 		
207 	
208 	@Test
209 	public void checkNavigationServiceGeneralAccess()
210 	{
211 		// starts with call context TestUser
212 		switchCallContext("TestAdmin");
213 		String docId = createDocumentWithAcls("doc",  fRootFolderId, "ComplexType",
214 				standardAcl, defaultAcl);
215 		String folderId = createFolderWithAcls("folder", fRootFolderId, "cmis:folder", standardAcl, defaultAcl);
216 //		fTestCallContext = new DummyCallContext("Writer");
217 		String subFolderId = createFolderWithAcls("subFolder", folderId, "cmis:folder", standardAcl, null);
218 		
219 		
220 		// TestUser has no permission at all
221 		switchCallContext("TestUser");
222 		boolean exceptionThrown = false;
223 		try
224 		{
225 			ObjectInFolderList list = fNavSvc.getChildren(fRepositoryId, folderId, null, null, false, IncludeRelationships.NONE, null, null, 
226 					BigInteger.ZERO , BigInteger.ZERO, null);
227 		}
228 		catch (CmisPermissionDeniedException e)
229 		{
230 			exceptionThrown = true;
231 		}
232 		if (!exceptionThrown)
233 			Assert.fail("TestUser has no permissions)");
234 		
235 		switchCallContext("Reader");
236 		ObjectInFolderList list = fNavSvc.getChildren(fRepositoryId, folderId, null, null, false, IncludeRelationships.NONE, null, null,
237 				BigInteger.ZERO , BigInteger.ZERO, null);
238 		
239 		
240 		switchCallContext("TestUser");
241 		exceptionThrown = false;
242 		try
243 		{
244 			List<ObjectInFolderContainer> list2 = fNavSvc.getDescendants(fRepositoryId, folderId, MINUS_ONE, null, null, null, null, null, null);
245 		}
246 		catch (CmisPermissionDeniedException e)
247 		{
248 			exceptionThrown = true;
249 		}
250 		if (!exceptionThrown)
251 			Assert.fail("TestUser has no permissions)");
252 		
253 		switchCallContext("Reader");
254 		List<ObjectInFolderContainer> list2 = fNavSvc.getDescendants(fRepositoryId, folderId, MINUS_ONE, null, null, null, null, null, null);
255 		
256 		
257 		switchCallContext("TestUser");
258 		exceptionThrown = false;
259 		try
260 		{
261 			List<ObjectInFolderContainer> list3 = fNavSvc.getFolderTree(fRepositoryId, folderId, BigInteger.ONE, null, null, null, null, null, null);
262 		}
263 		catch (CmisPermissionDeniedException e)
264 		{
265 			exceptionThrown = true;
266 		}
267 		if (!exceptionThrown)
268 			Assert.fail("TestUser has no permissions)");
269 		
270 		switchCallContext("Reader");
271 		List<ObjectInFolderContainer> list3 = fNavSvc.getFolderTree(fRepositoryId, folderId, BigInteger.ONE, null, null, null, null, null, null);
272 		
273 		switchCallContext("TestUser");
274 		exceptionThrown = false;
275 		try
276 		{
277 			List<ObjectParentData> list4 = fNavSvc.getObjectParents(fRepositoryId, folderId, null, null, null, null, null, null);
278 		}
279 		catch (CmisPermissionDeniedException e)
280 		{
281 			exceptionThrown = true;
282 		}
283 		if (!exceptionThrown)
284 			Assert.fail("TestUser has no permissions)");
285 		
286 		switchCallContext("Reader");
287 		List<ObjectParentData> list4 = fNavSvc.getObjectParents(fRepositoryId, folderId, null, null, null, null, null, null);
288 		
289 		switchCallContext("TestUser");
290 		exceptionThrown = false;
291 		try
292 		{
293 			ObjectData list5 = fNavSvc.getFolderParent(fRepositoryId, folderId, null, null);
294 		}
295 		catch (CmisPermissionDeniedException e)
296 		{
297 			exceptionThrown = true;
298 		}
299 		if (!exceptionThrown)
300 			Assert.fail("TestUser has no permissions)");
301 		
302 		switchCallContext("Reader");
303 		ObjectData list5 = fNavSvc.getFolderParent(fRepositoryId, folderId, null, null);
304 	
305 		switchCallContext("TestUser");
306 		exceptionThrown = false;
307 		try
308 		{
309 			ObjectList list6 = fNavSvc.getCheckedOutDocs(fRepositoryId, folderId, null, null, null, IncludeRelationships.NONE, 
310 					null, MINUS_ONE, MINUS_ONE, null);
311 		}
312 		catch (CmisPermissionDeniedException e)
313 		{
314 			exceptionThrown = true;
315 		}
316 		if (!exceptionThrown)
317 			Assert.fail("TestUser has no permissions)");
318 		
319 		switchCallContext("Reader");
320 		ObjectList list6 = fNavSvc.getCheckedOutDocs(fRepositoryId, folderId, null, null, null, IncludeRelationships.NONE, 
321 				null, MINUS_ONE, MINUS_ONE, null);
322 	}
323 	
324 	@Test
325 	public void testAclServiceGeneralAccess()
326 	{
327 	    List<Ace> initialACEs = new ArrayList<Ace>(4);
328 	    initialACEs.addAll(standardACEs);
329 	    initialACEs.add(createAce("Admin2", EnumBasicPermissions.CMIS_ALL));
330         Acl initialAcl = fFactory.createAccessControlList(initialACEs);   
331         
332         List<Ace> expectedACEs = new ArrayList<Ace>(5);
333         expectedACEs.addAll(initialACEs);
334         expectedACEs.addAll(testUserACEs);
335         Acl expectedAcl = fFactory.createAccessControlList(expectedACEs);   
336         
337 	    List<Ace> removeACEs = new ArrayList<Ace>(1);
338         removeACEs.add(createAce("TestAdmin", EnumBasicPermissions.CMIS_ALL));
339 		Acl removeAcl = fFactory.createAccessControlList(removeACEs);
340 		
341 		List<Ace> removeACEs2 = new ArrayList<Ace>(2);
342 		removeACEs2.add(createAce("TestAdmin", EnumBasicPermissions.CMIS_ALL));
343 		removeACEs2.add(createAce("Reader", EnumBasicPermissions.CMIS_READ));
344 		Acl removeAcl2 = fFactory.createAccessControlList(removeACEs2);
345 		
346 		List<Ace> testUserACEs = new ArrayList<Ace>(1);
347 		testUserACEs.add(createAce("TestUser", EnumBasicPermissions.CMIS_WRITE));
348 		Acl testUserAcl = fFactory.createAccessControlList(testUserACEs);
349 		
350 		switchCallContext("TestAdmin");
351 		String docId = createDocumentWithAcls("doc",  fRootFolderId, "ComplexType",
352 		        initialAcl, defaultAcl);
353 		String folderId = createFolderWithAcls("folder", fRootFolderId, "cmis:folder", initialAcl, defaultAcl);
354 		String subFolderId = createFolderWithAcls("subFolder", folderId, "cmis:folder", initialAcl, defaultAcl);
355 		
356 		// getAcl of a folder
357 		switchCallContext("TestUser");
358 		boolean exceptionThrown = false;
359 		try
360 		{
361 			Acl acl = fAclSvc.getAcl(fRepositoryId, folderId, null, null); 
362 		}
363 		catch (CmisPermissionDeniedException e)
364 		{
365 			exceptionThrown = true;
366 		}
367 		if (!exceptionThrown)
368 			Assert.fail("TestUser has no permissions to get acl of folder");
369 		
370 		switchCallContext("Reader");
371 		Acl acl = fAclSvc.getAcl(fRepositoryId, folderId, null, null);
372 		
373 		// getAcl of a document
374 		switchCallContext("TestUser");
375 		exceptionThrown = false;
376 		try
377 		{
378 			Acl docAcl = fAclSvc.getAcl(fRepositoryId, docId, true, null); 
379 		}
380 		catch (CmisPermissionDeniedException e)
381 		{
382 			exceptionThrown = true;
383 		}
384 		if (!exceptionThrown)
385 			Assert.fail("TestUser has no permissions to get acl of doc)");
386 		
387 		switchCallContext("Reader");
388 		Acl docAcl = fAclSvc.getAcl(fRepositoryId, docId, true, null);
389 		
390 		// applyAcl
391 		switchCallContext("Reader");
392 		exceptionThrown = false;
393 		try
394 		{
395 			Acl docAcl2 = fAclSvc.applyAcl(fRepositoryId, docId, initialAcl, null, AclPropagation.OBJECTONLY, null);
396 		}
397 		catch (CmisPermissionDeniedException e)
398 		{
399 			exceptionThrown = true;
400 		}
401 		if (!exceptionThrown)
402 			Assert.fail("TestUser has no permissions)");
403 		
404 //		switchCallContext("Writer");
405         switchCallContext("TestAdmin");
406 		Acl docAcl2 = fAclSvc.applyAcl(fRepositoryId, docId, initialAcl, null, AclPropagation.OBJECTONLY, null);
407 		
408 		// applyAcl when not allowed to subItem
409 		switchCallContext("TestAdmin");
410 		Acl docAcl4 = fAclSvc.applyAcl(fRepositoryId, subFolderId, null, removeAcl, AclPropagation.OBJECTONLY, null);
411 		
412 //        switchCallContext("Writer");
413         switchCallContext("TestAdmin");
414         // apply an ACL where the current user has permission to modify ACL on folder but not on sub-folder:
415 		Acl docAcl5 = fAclSvc.applyAcl(fRepositoryId, folderId, testUserAcl, null, AclPropagation.PROPAGATE, null);
416 		switchCallContext("Admin");
417 		Acl docAcl6 = fAclSvc.getAcl(fRepositoryId, folderId, true, null);
418 		assertTrue(aclEquals(expectedAcl, docAcl6)); 
419 		Acl docAcl7 = fAclSvc.getAcl(fRepositoryId, subFolderId, true, null);
420 		assertTrue(aclEquals(standardAcl, docAcl7)); 
421 	}
422 	
423 	@Test
424 	public void testObjectServiceGeneralAccess()
425 	{
426 			
427 		// starts with call context TestUser
428 		switchCallContext("TestAdmin");
429 		String docId = createDocumentWithAcls("doc",  fRootFolderId, "ComplexType",
430 				standardAcl, defaultAcl);
431 		String folderId = createFolderWithAcls("folder", fRootFolderId, "cmis:folder", standardAcl, defaultAcl);
432 //		fTestCallContext = new DummyCallContext("Writer");
433 		String subFolderId = createFolderWithAcls("subFolder", folderId, "cmis:folder", standardAcl, null);
434 		String noReadFolderId = createFolderWithAcls("noReadFolder", folderId, "cmis:folder", null, readAcl);
435 		String adminFolderId = createFolderWithAcls("adminFolder", folderId, "cmis:folder", null, readWriteAcl);
436 		
437 		// TestUser has no permission at all
438 		switchCallContext("TestUser");
439 		boolean exceptionThrown = false;
440 		try
441 		{
442 			Properties properties = createDocumentProperties("doc", "ComplexType");
443 			String id = fObjSvc.createDocument(fRepositoryId, properties, folderId, null, null, null, null,
444 					null, null);
445 		}
446 		catch (CmisPermissionDeniedException e)
447 		{
448 			exceptionThrown = true;
449 		}
450 		if (!exceptionThrown)
451 			Assert.fail("TestUser has no permissions to create a document");
452 		
453 		exceptionThrown = false;
454 		try
455 		{
456 			String id = fObjSvc.createFolder(fRepositoryId, null, folderId, null, null, null, null);
457 		}
458 		catch (CmisPermissionDeniedException e)
459 		{
460 			exceptionThrown = true;
461 		}
462 		if (!exceptionThrown)
463 			Assert.fail("TestUser has no permissions to create a folder");
464 		
465 		/*
466 		exceptionThrown = false;
467 		try
468 		{
469 			Properties properties = createRelationshipProperties(folderId, fRootFolderId);
470 			String id1 = fObjSvc.createRelationship(fRepositoryId, properties, null, null, null, null);
471 		}
472 		catch (CmisPermissionDeniedException e)
473 		{
474 			exceptionThrown = true;
475 		}
476 		if (!exceptionThrown)
477 			Assert.fail("TestUser has no permissions to create a relationship: missing read permission for source id");
478 		
479 		exceptionThrown = false;
480 		Properties properties = createRelationshipProperties( fRootFolderId, folderId);
481 		try
482 		{
483 			String id2 = fObjSvc.createRelationship(fRepositoryId, properties, null, null, null, null);
484 		}
485 		catch (CmisPermissionDeniedException e)
486 		{
487 			exceptionThrown = true;
488 		}
489 		if (!exceptionThrown)
490 			Assert.fail("TestUser has no permissions to create a relationship: missing read permission for destination");
491 		*/
492 		
493 		exceptionThrown = false;
494 		try
495 		{
496 			Properties props = fObjSvc.getProperties(fRepositoryId,  folderId, null, null);
497 		}
498 		catch (CmisPermissionDeniedException e)
499 		{
500 			exceptionThrown = true;
501 		}
502 		if (!exceptionThrown)
503 			Assert.fail("TestUser has no permissions to get properties of the folder");
504 		
505 		exceptionThrown = false;
506 		try
507 		{
508 			Properties props = fObjSvc.getProperties(fRepositoryId,  docId, null, null);
509 		}
510 		catch (CmisPermissionDeniedException e)
511 		{
512 			exceptionThrown = true;
513 		}
514 		if (!exceptionThrown)
515 			Assert.fail("TestUser has no permissions to get properties of the document");
516 		
517 		exceptionThrown = false;
518 		try
519 		{
520 			List<RenditionData> renditions = fObjSvc.getRenditions(fRepositoryId,  docId, null, BigInteger.valueOf(-1),
521 					BigInteger.valueOf(-1), null);
522 		}
523 		catch (CmisPermissionDeniedException e)
524 		{
525 			exceptionThrown = true;
526 		}
527 		if (!exceptionThrown)
528 			Assert.fail("TestUser has no permissions to get renditions of the document");
529 		
530 		exceptionThrown = false;
531 		try
532 		{
533 			ContentStream contentStream =  fObjSvc.getContentStream(fRepositoryId,  docId, null, BigInteger.valueOf(-1),
534 					BigInteger.valueOf(-1), null);
535 		}
536 		catch (CmisPermissionDeniedException e)
537 		{
538 			exceptionThrown = true;
539 		}
540 		if (!exceptionThrown)
541 			Assert.fail("TestUser has no permissions to get contentStream of the document");
542 		
543 		switchCallContext("Reader");
544 		exceptionThrown = false;
545 		Properties properties = createDocumentProperties( "name", "typeId");
546 		try
547 		{	
548 			fObjSvc.updateProperties(fRepositoryId,
549 					new Holder<String>(docId), new Holder<String>("changeToken"), properties, null);
550 		}
551 		catch (CmisPermissionDeniedException e)
552 		{
553 			exceptionThrown = true;
554 		}
555 		if (!exceptionThrown)
556 			Assert.fail("Reader has no permissions to update properties of the document");
557 		
558 		exceptionThrown = false;
559 		properties = createDocumentProperties( "name", "typeId");
560 		try
561 		{	
562 			fObjSvc.updateProperties(fRepositoryId,
563 					new Holder<String>(docId), new Holder<String>("changeToken"), properties, null);
564 		}
565 		catch (CmisPermissionDeniedException e)
566 		{
567 			exceptionThrown = true;
568 		}
569 		if (!exceptionThrown)
570 			Assert.fail("Reader has no permissions to update properties of the document");
571 		
572 		exceptionThrown = false;
573 		try
574 		{	
575 			fObjSvc.moveObject(fRepositoryId, new Holder<String>(docId), subFolderId,
576 					fRootFolderId, null);
577 		}
578 		catch (CmisPermissionDeniedException e)
579 		{
580 			exceptionThrown = true;
581 		}
582 		if (!exceptionThrown)
583 			Assert.fail("Reader has no permissions to move document");
584 		
585 		switchCallContext("Writer");
586 		exceptionThrown = false;
587 		try
588 		{	
589 			fObjSvc.moveObject(fRepositoryId,new Holder<String>(docId), adminFolderId,
590 					fRootFolderId, null);
591 		}
592 		catch (CmisPermissionDeniedException e)
593 		{
594 			exceptionThrown = true;
595 		}
596 		if (!exceptionThrown)
597 			Assert.fail("Writer has no permissions to move document to admin folder");
598 		
599 		switchCallContext("Reader");
600 		exceptionThrown = false;
601 		try
602 		{	
603 			fObjSvc.deleteObject(fRepositoryId, docId, true, null);
604 		}
605 		catch (CmisPermissionDeniedException e)
606 		{
607 			exceptionThrown = true;
608 		}
609 		if (!exceptionThrown)
610 			Assert.fail("Reader has no permissions to delete document ");
611 		
612 		exceptionThrown = false;
613 		try
614 		{	
615 			fObjSvc.deleteObject(fRepositoryId, adminFolderId, true, null);
616 		}
617 		catch (CmisPermissionDeniedException e)
618 		{
619 			exceptionThrown = true;
620 		}
621 		if (!exceptionThrown)
622 			Assert.fail("Reader has no permissions to delete admin folder ");
623 		
624 		exceptionThrown = false;
625 		try
626 		{	
627 			fObjSvc.setContentStream(fRepositoryId, new Holder<String> (docId), true,
628 					new Holder<String>("changeToken"), null, null);
629 		}
630 		catch (CmisPermissionDeniedException e)
631 		{
632 			exceptionThrown = true;
633 		}
634 		if (!exceptionThrown)
635 			Assert.fail("Reader has no permissions to set content ");
636 		
637 		exceptionThrown = false;
638 		try
639 		{	
640 			fObjSvc.deleteContentStream(fRepositoryId, new Holder<String> (docId), 
641 					new Holder<String>("changeToken"), null);
642 		}
643 		catch (CmisPermissionDeniedException e)
644 		{
645 			exceptionThrown = true;
646 		}
647 		if (!exceptionThrown)
648 			Assert.fail("Reader has no permissions to delete content ");
649 		
650 		exceptionThrown = false;
651 		try
652 		{	
653 			fObjSvc.deleteTree(fRepositoryId, folderId, true,
654 					 null, false, null);
655 		}
656 		catch (CmisPermissionDeniedException e)
657 		{
658 			exceptionThrown = true;
659 		}
660 		if (!exceptionThrown)
661 			Assert.fail("Reader has no permissions to delete tree ");
662 	}
663 	
664 	@Test
665 	public void testMultiFilingServiceGeneralAccess()
666 	{
667 		// starts with call context TestUser
668 		switchCallContext("TestAdmin");
669 		String docId = createDocumentWithAcls("doc",  fRootFolderId, "ComplexType",
670 				standardAcl, defaultAcl);
671 		String folderId = createFolderWithAcls("folder", fRootFolderId, "cmis:folder", 
672 				addAcl, defaultAcl);
673 		String noReadFolderId = createFolderWithAcls("noReadFolder", folderId, "cmis:folder", 
674 				null, readAcl);
675 		
676 		// TestUser has no permission at the document
677 		switchCallContext("TestUser");
678 		boolean exceptionThrown = false;
679 		try
680 		{
681 			
682 			fMultiSvc.addObjectToFolder(fRepositoryId, docId, folderId, true, null);
683 		}
684 		catch (CmisPermissionDeniedException e)
685 		{
686 			exceptionThrown = true;
687 		}
688 		if (!exceptionThrown)
689 			Assert.fail("TestUser has no permissions at the document to add a parent");
690 		
691 		exceptionThrown = false;
692 		switchCallContext("Reader");  // has no permission at the folder
693 		try
694 		{
695 			
696 			fMultiSvc.addObjectToFolder(fRepositoryId, docId, noReadFolderId, true, null);
697 		}
698 		catch (CmisPermissionDeniedException e)
699 		{
700 			exceptionThrown = true;
701 		}
702 		if (!exceptionThrown)
703 			Assert.fail("Reader has no permission at the folder to add a parent");
704 		
705 		switchCallContext("TestAdmin");
706 		fMultiSvc.addObjectToFolder(fRepositoryId, docId, noReadFolderId, true, null);
707 		fMultiSvc.addObjectToFolder(fRepositoryId, docId, folderId, true, null);
708 		
709 		switchCallContext("Reader");  
710 		try
711 		{
712 			
713 			fMultiSvc.removeObjectFromFolder(fRepositoryId, docId, noReadFolderId, null);
714 		}
715 		catch (CmisPermissionDeniedException e)
716 		{
717 			exceptionThrown = true;
718 		}
719 		if (!exceptionThrown)
720 			Assert.fail("Reader has no permission at the folder to remove a parent");
721 		
722 		switchCallContext("TestUser"); 
723 		try
724 		{
725 			
726 			fMultiSvc.removeObjectFromFolder(fRepositoryId, docId, folderId, null);
727 		}
728 		catch (CmisPermissionDeniedException e)
729 		{
730 			exceptionThrown = true;
731 		}
732 		if (!exceptionThrown)
733 			Assert.fail("TestUser has no permission at the object to remove a parent");
734 	}
735 	
736 	@Test
737 	public void testVersioningServiceGeneralAccess()
738 	{
739 		// starts with call context TestUser
740 		switchCallContext("TestAdmin");
741 		String docId = createDocumentWithAcls("doc",  fRootFolderId, UnitTestTypeSystemCreator.VERSIONED_TYPE,
742 		        VersioningState.MAJOR, standardAcl, defaultAcl);
743 	
744 		// TestUser has no permission at all
745 		switchCallContext("TestUser");
746 		boolean exceptionThrown = false;
747 		try
748 		{
749 			Holder<String> docIdHolder = new Holder<String>(docId);
750 			fVerSvc.checkOut(fRepositoryId, docIdHolder, null, 
751 					new Holder<Boolean>(false));
752 		}
753 		catch (CmisPermissionDeniedException e)
754 		{
755 			exceptionThrown = true;
756 		}
757 		if (!exceptionThrown)
758 			Assert.fail("TestUser has no permission to checkout)");
759 		
760 		// Reader has only read permission
761 		switchCallContext("Reader");
762 		exceptionThrown = false;
763 		try
764 		{
765 			fVerSvc.checkOut(fRepositoryId, new Holder<String>(docId), null, 
766 					new Holder<Boolean>(false));
767 		}
768 		catch (CmisPermissionDeniedException e)
769 		{
770 			exceptionThrown = true;
771 		}
772 		if (!exceptionThrown)
773 			Assert.fail("Reader has not enough permission to checkout)");
774 		
775 		// checkout
776 		switchCallContext("TestAdmin");
777 		fAclSvc.applyAcl(fRepositoryId, docId, testUserAcl, null, AclPropagation.OBJECTONLY, null);
778 		switchCallContext("TestUser");
779 		Holder<String> docIdHolder = new Holder<String>(docId);
780 		fVerSvc.checkOut(fRepositoryId, docIdHolder, null, 
781 				new Holder<Boolean>(false));
782 	
783         switchCallContext("TestAdmin");
784 		fAclSvc.applyAcl(fRepositoryId, docId, null, testUserAcl, AclPropagation.OBJECTONLY, null);
785 		
786 		// TestUser has no permission at all, only checkout user can checkin
787 		switchCallContext("TestUser");
788 		exceptionThrown = false;
789 		try
790 		{
791 			fVerSvc.cancelCheckOut(fRepositoryId, docId, null);
792 		}
793 		catch (CmisPermissionDeniedException e)
794 		{
795 			exceptionThrown = true;
796 		}
797 		if (!exceptionThrown)
798 			Assert.fail("TestUser has no permission to cancelCheckOut)");
799 		switchCallContext("TestAdmin");
800 		fAclSvc.applyAcl(fRepositoryId, docId, testUserAcl, null, AclPropagation.OBJECTONLY, null);
801 		switchCallContext("TestUser");
802 		fVerSvc.cancelCheckOut(fRepositoryId, docId, null);
803 		
804 		// writer looses write permission
805 		switchCallContext("Writer");
806 		fVerSvc.checkOut(fRepositoryId, new Holder<String>(docId), null, 
807 				new Holder<Boolean>(false));
808 
809 		switchCallContext("TestAdmin");
810 		fAclSvc.applyAcl(fRepositoryId, docId, null, readWriteAcl, AclPropagation.OBJECTONLY, null);
811 	
812 		switchCallContext("Writer");
813         exceptionThrown = false;
814 		try
815 		{
816 			fVerSvc.cancelCheckOut(fRepositoryId, docId, null);
817 		}
818 		catch (CmisPermissionDeniedException e)
819 		{
820 			exceptionThrown = true;
821 		}
822 		if (!exceptionThrown)
823 			Assert.fail("Reader has not enough permission to cancelCheckOut)");
824 		switchCallContext("TestAdmin");
825 		fAclSvc.applyAcl(fRepositoryId, docId, readWriteAcl, null, AclPropagation.OBJECTONLY, null);
826 		switchCallContext("Writer");
827 		fVerSvc.cancelCheckOut(fRepositoryId, docId, null);
828 				
829 		// TestUser has no permission at all
830 		switchCallContext("TestAdmin");
831 		fAclSvc.applyAcl(fRepositoryId, docId, testUserAcl, null, AclPropagation.OBJECTONLY, null);
832 		switchCallContext("TestUser");
833 		fVerSvc.checkOut(fRepositoryId, new Holder<String>(docId), null, 
834 				new Holder<Boolean>(false));
835 
836 		switchCallContext("TestAdmin");
837 		fAclSvc.applyAcl(fRepositoryId, docId, null, testUserAcl, AclPropagation.OBJECTONLY, null);
838 	
839 		switchCallContext("TestUser");
840 		exceptionThrown = false;
841 		try
842 		{
843 			fVerSvc.checkIn(fRepositoryId, new Holder<String>(docId), true,  null, null, null, null,
844 					null, null, null);
845 		}
846 		catch (CmisPermissionDeniedException e)
847 		{
848 			exceptionThrown = true;
849 		}
850 		if (!exceptionThrown)
851 			Assert.fail("TestUser has no permission to checkIn)");
852 		switchCallContext("TestAdmin");
853 		fAclSvc.applyAcl(fRepositoryId, docId, testUserAcl, null, AclPropagation.OBJECTONLY, null);
854 		switchCallContext("TestUser");
855 		fVerSvc.checkIn(fRepositoryId, new Holder<String>(docId), true,  null, null, null, null,
856 				null, null, null);
857 
858 		switchCallContext("TestAdmin");
859 		fAclSvc.applyAcl(fRepositoryId, docId, null, testUserAcl, AclPropagation.OBJECTONLY, null);
860 		
861 		// writer looses write permission
862 		switchCallContext("Writer");
863 		fVerSvc.checkOut(fRepositoryId, new Holder<String>(docId), null, 
864 				new Holder<Boolean>(false));
865         
866 		switchCallContext("TestAdmin");
867 		fAclSvc.applyAcl(fRepositoryId, docId, null, readWriteAcl, AclPropagation.OBJECTONLY, null);
868 
869 		switchCallContext("Writer");	
870 		exceptionThrown = false;
871 		try
872 		{
873 			fVerSvc.checkIn(fRepositoryId, new Holder<String>(docId), true,  null, null, null, null,
874 					null, null, null);
875 		}
876 		catch (CmisPermissionDeniedException e)
877 		{
878 			exceptionThrown = true;
879 		}
880 		if (!exceptionThrown)
881 			Assert.fail("Writer has not enough permission to checkIn)");
882 		switchCallContext("TestAdmin");
883 		fAclSvc.applyAcl(fRepositoryId, docId, readWriteAcl, null, AclPropagation.OBJECTONLY, null);
884 		switchCallContext("Writer");
885 		fVerSvc.checkIn(fRepositoryId, new Holder<String>(docId), true,  null, null, null, null,
886 				null, null, null);
887 		
888 		// TestUser has no permission at all
889 		switchCallContext("TestUser");
890 		exceptionThrown = false;
891 		try
892 		{
893 			ObjectData objectData = fVerSvc.getObjectOfLatestVersion(fRepositoryId, docId, null, true,
894 	            null, false, IncludeRelationships.NONE,
895 	            null, false, false, null);
896 		}
897 		catch (CmisPermissionDeniedException e)
898 		{
899 			exceptionThrown = true;
900 		}
901 		if (!exceptionThrown)
902 			Assert.fail("TestUser has not enough permission to getObjectOfLatestVersion)");
903 		
904 		exceptionThrown = false;
905 		try
906 		{
907 			 List<ObjectData> objectDataList = fVerSvc.getAllVersions(fRepositoryId, docId, docId, null,
908 	            false, null);
909 		}
910 		catch (CmisPermissionDeniedException e)
911 		{
912 			exceptionThrown = true;
913 		}
914 		if (!exceptionThrown)
915 			Assert.fail("TestUser has not enough permission to getAllVersions)");
916 
917 
918 		exceptionThrown = false;
919 		try
920 		{
921 			Properties properties = fVerSvc.getPropertiesOfLatestVersion(fRepositoryId, docId, null, 
922 					false, null, null);
923 		}
924 		catch (CmisPermissionDeniedException e)
925 		{
926 			exceptionThrown = true;
927 		}
928 		if (!exceptionThrown)
929 			Assert.fail("TestUser has not enough permission to getAllVersions)");
930 	}
931 	
932 		
933 	@Test
934 	public void testVisibleObjects()
935 	{
936         LOG.debug("start test checkVisibleObjects()...");
937 		switchCallContext("TestAdmin");
938 		String docId = createDocumentWithAcls("doc",  fRootFolderId, UnitTestTypeSystemCreator.VERSIONED_TYPE,
939 				VersioningState.MAJOR, standardAcl, defaultAcl);
940 		String docId2 = createDocumentWithAcls("doc2",  fRootFolderId, UnitTestTypeSystemCreator.VERSIONED_TYPE,
941 		        VersioningState.MAJOR, addAcl, defaultAcl);
942 		String folderId = createFolderWithAcls("folder", fRootFolderId, "cmis:folder", 
943 				standardAcl, defaultAcl);
944 		String folderId2 = createFolderWithAcls("folder2", fRootFolderId, "cmis:folder", 
945 				addAcl, defaultAcl);
946 		LOG.debug("checkVisibleObjects(): folderId2 is: " + folderId2);
947 		String subFolderId = createFolderWithAcls("subFolder", folderId2, "cmis:folder", 
948 				null, testUserAcl);
949         LOG.debug("checkVisibleObjects(): subFolderId is: " + subFolderId);
950 		String subFolderId2 = createFolderWithAcls("subFolder2", folderId2, "cmis:folder", 
951 				addAcl, null);
952         LOG.debug("checkVisibleObjects(): subFolderId2 is: " + subFolderId2);
953 		String subDocId = createDocumentWithAcls("subDoc",  folderId2, UnitTestTypeSystemCreator.VERSIONED_TYPE,
954 		        VersioningState.MAJOR, null, testUserAcl);
955         LOG.debug("checkVisibleObjects(): subDocId is: " + subDocId);
956 		String subDocId2 = createDocumentWithAcls("subDoc2", folderId2, UnitTestTypeSystemCreator.VERSIONED_TYPE,
957 		        VersioningState.MAJOR, addAcl, null);
958         LOG.debug("checkVisibleObjects(): subDocId2 is: " + subDocId2);
959 		String noAclDocId2 = createDocumentWithAcls("noAclDoc2", fRootFolderId, "ComplexType",
960 				null, null);
961         LOG.debug("checkVisibleObjects(): noAclDocId2 is: " + noAclDocId2);
962 		
963 		// TestUser has no permission in standardAcl
964 		switchCallContext("TestUser");
965 		
966 		ObjectInFolderList list = fNavSvc.getChildren(fRepositoryId, folderId2, null, null, false, IncludeRelationships.NONE, null, null, 
967 					null, null, null);
968 		List<ObjectInFolderData> objects = list.getObjects();
969 		assertObjectDataListIds(objects, subDocId2);
970         assertObjectDataListIds(objects, subFolderId2);
971 		
972 		list = fNavSvc.getChildren(fRepositoryId, fRootFolderId, null, null, false, IncludeRelationships.NONE, null, null, 
973 				null, null, null);
974 		objects = list.getObjects();
975 		assertObjectDataListIds(objects, docId2);
976         assertObjectDataListIds(objects, folderId2);
977         assertObjectDataListIds(objects, noAclDocId2);
978 		
979 		List<ObjectInFolderContainer> descList = fNavSvc.getDescendants(fRepositoryId, fRootFolderId, MINUS_ONE,
980 				null, false, IncludeRelationships.NONE, null, false, null);
981 		assertObjectInFolderContainerIds(descList, docId2);
982         assertObjectInFolderContainerIds(descList, folderId2);
983         assertObjectInFolderContainerIds(descList, noAclDocId2);
984 		
985 		List<ObjectInFolderContainer> folderList = fNavSvc.getFolderTree(fRepositoryId, fRootFolderId, MINUS_ONE,
986 				null, false, IncludeRelationships.NONE, null, false, null);
987         assertObjectInFolderContainerIds(folderList, folderId2);
988         assertObjectInFolderContainerIds(folderList, subFolderId2);
989 		
990 		// check out
991 		switchCallContext("TestAdmin");
992 		Holder<String> holderDocId = new Holder<String>(docId);
993 		Holder<String> holderDocId2 = new Holder<String>(docId2);
994 		Holder<String> holderSubDocId = new Holder<String>(subDocId);
995 		Holder<String> holderSubDocId2 = new Holder<String>(subDocId2);
996 		fVerSvc.checkOut(fRepositoryId, holderDocId, null, null);
997 		fVerSvc.checkOut(fRepositoryId, holderDocId2, null, null);
998 		fVerSvc.checkOut(fRepositoryId, holderSubDocId, null, null);
999 		fVerSvc.checkOut(fRepositoryId, holderSubDocId2, null, null);
1000 		
1001 		switchCallContext("TestUser");
1002 		ObjectList objectList = fNavSvc.getCheckedOutDocs(fRepositoryId, null, null, null, false,
1003 				IncludeRelationships.NONE, null, MINUS_ONE, MINUS_ONE, null);
1004 		assertObjectInObjectListIds(objectList, holderDocId2.getValue());
1005         assertObjectInObjectListIds(objectList, holderSubDocId2.getValue());
1006 		
1007 		// only direct children are returned
1008 		ObjectList objectList2 = fNavSvc.getCheckedOutDocs(fRepositoryId, fRootFolderId, null, null, false,
1009 				IncludeRelationships.NONE, null, MINUS_ONE, MINUS_ONE, null);
1010 		List<String> docIds2 = new ArrayList<String>(1);
1011 		docIds2.add(docId2);
1012 		Assert.assertEquals(BigInteger.valueOf(1L), objectList2.getNumItems());
1013 		
1014 		// multi filing, get object parents
1015 		switchCallContext("TestAdmin");
1016 		String secFolderId = createFolderWithAcls("secondFolder", fRootFolderId, "cmis:folder", 
1017 				standardAcl, defaultAcl);  	
1018 		String docId3 = createDocumentWithAcls("thirdDoc", folderId2, "ComplexType",
1019 				addAcl, null);
1020 		fMultiSvc.addObjectToFolder(fRepositoryId, docId3, secFolderId, true, null);
1021 		
1022 		switchCallContext("TestUser");  // second parent is not visible
1023 		List<ObjectParentData> objectParentData = fNavSvc.getObjectParents(fRepositoryId, docId3, null, null, null, null, true, null);
1024 		Assert.assertEquals(1, objectParentData.size());
1025 		Assert.assertEquals(folderId2, objectParentData.get(0).getObject().getId());
1026         LOG.debug("...stop test checkVisibleObjects()");
1027 	}
1028 		
1029 	@Test
1030 	public void testQueryAccess()
1031 	{
1032 		createCustomPropertyDocuments();
1033 		
1034 		String queryStatement;
1035 		List<ObjectData> objectDataList;
1036 		ObjectList objectList;
1037 		ObjectData first;
1038 		
1039 		switchCallContext("TestUser"); // Testuser has no permissions to view a document
1040 		queryStatement = "select * from cmis:document";
1041 		objectList = fDiscSvc.query(fRepositoryId, queryStatement, null, null, null,
1042 				null, MINUS_ONE, MINUS_ONE, null);
1043 		assertTrue ( 0L == objectList.getNumItems().longValue());
1044 		
1045 		// add a permission for a document
1046 		switchCallContext("TestAdmin"); 
1047 		String docId20 = idMap.get("customDocId20");
1048 		fAclSvc.applyAcl(fRepositoryId, idMap.get("customDocId20"), testUserAcl, null, AclPropagation.OBJECTONLY, null);
1049 		
1050 		switchCallContext("TestUser"); // Testuser has has only permissions for customDocId20
1051 		queryStatement = "select * from ComplexType where IntProp <= 20";
1052 		
1053 		objectList = fDiscSvc.query(fRepositoryId, queryStatement, null, null, null,
1054 				null, MINUS_ONE, MINUS_ONE, null); 
1055 		assertTrue ( 1L == objectList.getNumItems().longValue());
1056 		objectDataList = objectList.getObjects();
1057 		first = objectDataList.get(0);
1058 		assertTrue(first.getBaseTypeId().equals(BaseTypeId.CMIS_DOCUMENT ));
1059 	}
1060 	
1061 	protected String createDocumentWithAcls(String name, String folderId, String typeId, 
1062 			Acl addACEs, Acl removeACEs)
1063 	{
1064 		return createDocumentWithAcls(name, folderId, typeId, VersioningState.NONE, addACEs, removeACEs);
1065 	}
1066 	
1067     protected String createDocumentWithAcls(String name, String folderId, String typeId, VersioningState versioningState,
1068             Acl addACEs, Acl removeACEs)
1069     {
1070         ContentStream contentStream = null;
1071         List<String> policies = null;
1072         ExtensionsData extension = null;
1073 
1074         Properties props = createDocumentProperties(name, typeId);
1075 
1076         String id = fObjSvc.createDocument(fRepositoryId, props, folderId, contentStream, versioningState , policies,
1077                 addACEs, removeACEs, extension);
1078         return id;
1079     }
1080 	
1081 	protected String createFolderWithAcls(String name, String folderId, String typeId, 
1082 			Acl addACEs, Acl removeACEs)
1083 	{
1084 		List<String> policies = null;
1085 		ExtensionsData extension = null;
1086 
1087 		Properties props = createFolderProperties(name, typeId);
1088 
1089 	
1090 		String id = fObjSvc.createFolder(fRepositoryId, props, folderId, policies,
1091 				addACEs, removeACEs, extension);
1092 		return id;
1093 	}
1094 	
1095 	 protected Properties createRelationshipProperties(String sourceId, String targetId) {
1096 	        List<PropertyData<?>> properties = new ArrayList<PropertyData<?>>();
1097 	        properties.add(fFactory.createPropertyIdData(PropertyIds.SOURCE_ID, sourceId));
1098 	        properties.add(fFactory.createPropertyIdData(PropertyIds.TARGET_ID, targetId));
1099 	        properties.add(fFactory.createPropertyIdData(PropertyIds.OBJECT_TYPE_ID, 
1100 	        		EnumBaseObjectTypeIds.CMIS_RELATIONSHIP.value()));
1101 	        Properties props = fFactory.createPropertiesData(properties);
1102 	        return props;
1103 	 }
1104 	 
1105 	 private void switchCallContext(String user) {
1106 	     ((DummyCallContext) fTestCallContext).put(CallContext.USERNAME, user);
1107 	 }
1108 	
1109 	protected void createCustomPropertyDocuments()
1110 	{
1111 		switchCallContext("TestAdmin"); 
1112 		// create folder
1113 		String folderId = createFolderWithAcls("customFolder", fRootFolderId, "cmis:folder", standardAcl, defaultAcl);
1114 		idMap.put("customFolder", folderId);
1115 
1116 		// create documents
1117 		List<PropertyData<?>> properties10 = new ArrayList<PropertyData<?>>();
1118 		properties10.add(fFactory.createPropertyIntegerData("IntProp", BigInteger.valueOf(10)));
1119 		properties10.add(fFactory.createPropertyStringData("StringProp", "10 string"));
1120 		properties10.add(fFactory.createPropertyBooleanData("BooleanProp", true));
1121 		GregorianCalendar gregorianCalendar = CalendarHelper.fromString("2010-07-10T12:00:00.000-01:00");
1122 		properties10.add(fFactory.createPropertyDateTimeData("DateTimeProp", gregorianCalendar));
1123 		String customDocId10 = createDocumentWithProperties("customDocument10", folderId, "ComplexType",
1124 				properties10, false);
1125 		idMap.put("customDocId10", customDocId10);
1126 
1127 		List<PropertyData<?>>  properties20 = new ArrayList<PropertyData<?>>();
1128 		properties20.add(fFactory.createPropertyIntegerData("IntProp", BigInteger.valueOf(20)));
1129 		properties20.add(fFactory.createPropertyStringData("StringProp", "20 string"));
1130 		properties20.add(fFactory.createPropertyBooleanData("BooleanProp", false));
1131 		gregorianCalendar = CalendarHelper.fromString("2010-07-20T12:00:00.000-01:00");
1132 		properties20.add(fFactory.createPropertyDateTimeData("DateTimeProp", gregorianCalendar));
1133 		String customDocId20 = createDocumentWithProperties("customDocument20", folderId, "ComplexType", 
1134 				properties20,false);
1135 		idMap.put("customDocId20", customDocId20);
1136 
1137 		List<PropertyData<?>>  properties30 = new ArrayList<PropertyData<?>>();
1138 		properties30.add(fFactory.createPropertyIntegerData("IntProp", BigInteger.valueOf(30)));
1139 		properties30.add(fFactory.createPropertyStringData("StringProp", "30 string"));
1140 		properties30.add(fFactory.createPropertyBooleanData("BooleanProp", true));
1141 		gregorianCalendar = CalendarHelper.fromString("2010-07-30T12:00:00.000-01:00");
1142 		properties30.add(fFactory.createPropertyDateTimeData("DateTimeProp", gregorianCalendar));
1143 		String customDocId30 = createDocumentWithProperties("customDocument30", folderId, "ComplexType",
1144 				properties30, false);
1145 		idMap.put("customDocId30", customDocId30);
1146 	
1147 	}
1148 	
1149 	  protected String createDocumentWithProperties(String name, String folderId, String typeId, List<PropertyData<?>> properties,
1150 	            boolean withContent) {
1151 	        ContentStream contentStream = null;
1152 	        
1153 	        // add document properties
1154 	        properties.add(fFactory.createPropertyIdData(PropertyIds.NAME, name));
1155 	        properties.add(fFactory.createPropertyIdData(PropertyIds.OBJECT_TYPE_ID, typeId));
1156 	        Properties props = fFactory.createPropertiesData(properties);
1157 
1158 	        if (withContent)
1159 	            contentStream = createContent();
1160 
1161 	        String id = null;
1162 	        try {
1163 	            id = fObjSvc.createDocument(fRepositoryId, props, folderId, contentStream, VersioningState.NONE, null,
1164 	                    null, null, null);
1165 	            if (null == id)
1166 	                fail("createDocument failed.");
1167 	        } catch (Exception e) {
1168 	            fail("createDocument() failed with exception: " + e);
1169 	        }
1170 	        return id;
1171 
1172 	    }
1173 
1174 	    private Acl createAcl(String principalId, EnumBasicPermissions permission) {
1175 	        List<Ace> acesAdd = Arrays.asList(new Ace[] { 
1176 	                createAce(principalId, permission),
1177 	                });
1178 	       return fFactory.createAccessControlList(acesAdd);                
1179 	    }
1180 
1181 	    private Ace createAce(String principalId, EnumBasicPermissions permission) {
1182 	        return  fFactory.createAccessControlEntry(principalId, Collections.singletonList( permission.value() ));
1183 	    }
1184 
1185 	    private static boolean aclEquals(Acl acl1, Acl acl2) {
1186 	        if (acl1 == acl2)
1187 	            return true;
1188 	        if (acl1 == null || acl2 == null)
1189 	            return false;
1190 	        if (acl1.getClass() != acl2.getClass())
1191 	            return false;
1192             if (acl1.getAces().size() != acl2.getAces().size())
1193                 return false;
1194 	        for (int i=0; i<acl1.getAces().size(); i++) {
1195 	            aclHasAce(acl1.getAces(), acl2.getAces().get(i));
1196 	        }
1197 	        return true;
1198 	    }
1199 
1200 	    private static boolean aclHasAce( List<Ace> aces, Ace ace) {
1201 	        for (Ace ace2 : aces) {
1202                 if (!ace.getPrincipalId().equals(ace2.getPrincipalId()))
1203                     continue;
1204                 if (ace.getPermissions().size() != ace2.getPermissions().size())
1205                     continue;
1206                 for (int i=0; i<ace2.getPermissions().size(); i++)
1207                     if (!aceHasPermission(ace.getPermissions(), ace2.getPermissions().get(i)))
1208                         continue;
1209 
1210                 return true;
1211 	        }
1212 	        return false;
1213 	    }
1214 
1215 	   private static boolean aceHasPermission( List<String> permissions, String permission) {
1216 	      for (String permission2 : permissions)
1217 	          if (permission2.equals(permission))
1218 	              return true;
1219 	      return false;
1220 	   }
1221 
1222 	    private String createVersionedDocument(String name, String folderId) {
1223 
1224 	        VersioningState versioningState = VersioningState.MAJOR;
1225 	        String id = null;
1226 	        Map<String, String> properties = new HashMap<String, String>();
1227 	        id = fCreator.createDocument(name, UnitTestTypeSystemCreator.VERSIONED_TYPE, folderId,
1228 	                versioningState, properties);
1229 
1230 	        return id;
1231 	    }
1232 	    
1233 	    private void assertObjectDataListIds(List<ObjectInFolderData> folderData, String id) {
1234 	        boolean found = false;
1235 	        for (ObjectInFolderData folder : folderData) {
1236 	            LOG.info("   found folder id " + folder.getObject().getId());
1237 	            if (id.equals(folder.getObject().getId()))
1238 	                found = true;
1239 	        }
1240             assertTrue("Failed to find folder id " + id, found);          
1241 	    }
1242 	    
1243 	    private void assertObjectInFolderContainerIds(List<ObjectInFolderContainer> folderList, String id) {
1244             boolean found = objectInFolderContainerHasId(folderList, id);
1245             assertTrue("Failed to find folder id " + id, found);                  
1246 	    }
1247 	    
1248         private boolean objectInFolderContainerHasId(List<ObjectInFolderContainer> folderList, String id) {
1249             for (ObjectInFolderContainer fc : folderList) {
1250                 if (id.equals(fc.getObject().getObject().getId()))
1251                     return true;
1252                 List<ObjectInFolderContainer> children = fc.getChildren();
1253                 if (children != null && objectInFolderContainerHasId(children, id))
1254                     return true;
1255             }
1256             return false;                  
1257         }
1258 
1259 	    private void assertObjectInObjectListIds(ObjectList objList, String id) {
1260             boolean found = false;
1261             for (ObjectData od : objList.getObjects()) {
1262                 LOG.info("   found object id " + od.getId());
1263                 if (id.equals(od.getId()))
1264                     found = true;
1265 
1266             }
1267             assertTrue("Failed to find object id " + id, found);                  
1268         }
1269 
1270 }