From 6931d4faa911ee102df3a2e212ea85042c09a658 Mon Sep 17 00:00:00 2001
From: David Buchmann <david.buchmann@liip.ch>
Date: Tue, 10 Feb 2015 11:17:22 +0100
Subject: [PATCH 1/3] WIP

---
 .../AccessControlManagerTest.php                 | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)
 create mode 100644 tests/16_AccessControlManagement/AccessControlManagerTest.php

diff --git a/tests/16_AccessControlManagement/AccessControlManagerTest.php b/tests/16_AccessControlManagement/AccessControlManagerTest.php
new file mode 100644
index 00000000..761f1525
--- /dev/null
+++ b/tests/16_AccessControlManagement/AccessControlManagerTest.php
@@ -0,0 +1,16 @@
+<?php
+namespace PHPCR\Tests\AccessControlManagement;
+
+require_once(__DIR__ . '/../../inc/BaseCase.php');
+
+class AccessControlManagerTest extends \PHPCR\Test\BaseCase
+{
+    public function testIsMixin()
+    {
+        $manager = $this->session->getAccessControlManager();
+        var_dump($manager->getSupportedPrivileges());
+
+//        var_dump($manager->getPolicies('/')->getAccessControlEntries());
+    }
+
+}

From 3e154f8a2e8b3fe8521ba9a180096db821faf4f8 Mon Sep 17 00:00:00 2001
From: Lukas Kahwe Smith <smith@pooteeweet.org>
Date: Tue, 10 Feb 2015 13:46:16 +0100
Subject: [PATCH 2/3] WIP setPolicy()

---
 .../AccessControlManagerTest.php                    | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/tests/16_AccessControlManagement/AccessControlManagerTest.php b/tests/16_AccessControlManagement/AccessControlManagerTest.php
index 761f1525..16c28591 100644
--- a/tests/16_AccessControlManagement/AccessControlManagerTest.php
+++ b/tests/16_AccessControlManagement/AccessControlManagerTest.php
@@ -1,6 +1,9 @@
 <?php
 namespace PHPCR\Tests\AccessControlManagement;
 
+use Jackalope\Security\AccessControlList;
+use Jackalope\Security\AccessControlPolicy;
+
 require_once(__DIR__ . '/../../inc/BaseCase.php');
 
 class AccessControlManagerTest extends \PHPCR\Test\BaseCase
@@ -13,4 +16,14 @@ public function testIsMixin()
 //        var_dump($manager->getPolicies('/')->getAccessControlEntries());
     }
 
+    public function testWriteAcl()
+    {
+        $manager = $this->session->getAccessControlManager();
+
+        $path = '/foo';
+        $list = $manager->getApplicablePolicies('/foo');
+        $policy = reset($list);
+        $manager->setPolicy($path, $policy);
+        $this->session->save();
+    }
 }

From f1fec9264b6220aa426a745b4741938bc9d8fb75 Mon Sep 17 00:00:00 2001
From: David Buchmann <david.buchmann@liip.ch>
Date: Tue, 10 Feb 2015 16:43:49 +0100
Subject: [PATCH 3/3] WIP

---
 .../AccessControlManagerTest.php              | 57 ++++++++++++++++---
 .../PrivilegeTest.php                         | 42 ++++++++++++++
 2 files changed, 92 insertions(+), 7 deletions(-)
 create mode 100644 tests/16_AccessControlManagement/PrivilegeTest.php

diff --git a/tests/16_AccessControlManagement/AccessControlManagerTest.php b/tests/16_AccessControlManagement/AccessControlManagerTest.php
index 16c28591..cc0c8840 100644
--- a/tests/16_AccessControlManagement/AccessControlManagerTest.php
+++ b/tests/16_AccessControlManagement/AccessControlManagerTest.php
@@ -1,18 +1,35 @@
 <?php
 namespace PHPCR\Tests\AccessControlManagement;
 
-use Jackalope\Security\AccessControlList;
-use Jackalope\Security\AccessControlPolicy;
+use Jackalope\Security\Principal;
+use PHPCR\Security\AccessControlListInterface;
+use PHPCR\Security\AccessControlManagerInterface;
+use PHPCR\Security\PrivilegeInterface;
 
 require_once(__DIR__ . '/../../inc/BaseCase.php');
 
 class AccessControlManagerTest extends \PHPCR\Test\BaseCase
 {
-    public function testIsMixin()
+    /**
+     * @var AccessControlManagerInterface
+     */
+    private $manager;
+
+
+    public function setup()
     {
-        $manager = $this->session->getAccessControlManager();
-        var_dump($manager->getSupportedPrivileges());
+        parent::setUp();
+        $this->manager = $this->session->getAccessControlManager();
+    }
 
+    public function testGetSupportedPrivileges()
+    {
+        $privileges = $this->manager->getSupportedPrivileges('/tests_general_base');
+        $privileges = $this->manager->getSupportedPrivileges();
+    }
+
+    public function testGetPolicies()
+    {
 //        var_dump($manager->getPolicies('/')->getAccessControlEntries());
     }
 
@@ -20,10 +37,36 @@ public function testWriteAcl()
     {
         $manager = $this->session->getAccessControlManager();
 
-        $path = '/foo';
-        $list = $manager->getApplicablePolicies('/foo');
+        $path = '/tests_general_base';
+        $list = $manager->getApplicablePolicies($path);
+        /** @var $policy AccessControlListInterface */
         $policy = reset($list);
+        $policy->addAccessControlEntry(new Principal('foo'), array($this->manager->privilegeFromName(PrivilegeInterface::JCR_READ)));
         $manager->setPolicy($path, $policy);
         $this->session->save();
+
+        $session = $this->renewSession();
+        $acls = $session->getAccessControlManager()->getPolicies($path);
+        $acls = $session->getAccessControlManager()->getApplicablePolicies($path);
+        $this->assertCount(1, $acls);
+    }
+
+    public function testGetPrivilegeFromName()
+    {
+        $privilege = $this->manager->privilegeFromName(PrivilegeInterface::JCR_READ);
+        $this->assertInstanceof('\PHPCR\Security\PrivilegeInterface', $privilege);
+        $this->assertEquals(PrivilegeInterface::JCR_READ, $privilege->getName());
+        $this->assertFalse($privilege->isAbstract());
+        $this->assertFalse($privilege->isAggregate());
+        $this->assertEquals(array(), $privilege->getAggregatePrivileges());
+    }
+
+
+    /**
+     * @expectedException \PHPCR\Security\AccessControlException
+     */
+    public function testGetPrivilegeByNameNotFound()
+    {
+        $this->manager->privilegeFromName('foobar');
     }
 }
diff --git a/tests/16_AccessControlManagement/PrivilegeTest.php b/tests/16_AccessControlManagement/PrivilegeTest.php
new file mode 100644
index 00000000..4702211f
--- /dev/null
+++ b/tests/16_AccessControlManagement/PrivilegeTest.php
@@ -0,0 +1,42 @@
+<?php
+namespace PHPCR\Tests\AccessControlManagement;
+
+use PHPCR\Security\AccessControlManagerInterface;
+use PHPCR\Security\PrivilegeInterface;
+
+require_once(__DIR__ . '/../../inc/BaseCase.php');
+
+class PrivilegeTest extends \PHPCR\Test\BaseCase
+{
+    /**
+     * @var AccessControlManagerInterface
+     */
+    private $manager;
+
+
+    public function setup()
+    {
+        parent::setUp();
+        $this->manager = $this->session->getAccessControlManager();
+    }
+
+    public function testDeclaredAggregatePrivileges()
+    {
+        $privileges = $this->manager->getSupportedPrivileges();
+        $foundAll = false;
+
+        foreach ($privileges as $privilege) {
+            $this->assertInstanceof('\PHPCR\Security\PrivilegeInterface', $privilege);
+            if (PrivilegeInterface::JCR_ALL === $privilege->getName()) {
+                $declared = $privilege->getDeclaredAggregatePrivileges();
+                $this->assertInternalType('array', $declared);
+                $this->assertContainsOnlyInstancesOf('\PHPCR\Security\PrivilegeInterface', $declared);
+                $foundAll = true;
+            }
+        }
+
+        if (!$foundAll) {
+            $this->fail('Privilege ' . PrivilegeInterface::JCR_ALL . ' not found');
+        }
+    }
+}