jackrabbit-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ang...@apache.org
Subject svn commit: r758354 - in /jackrabbit/trunk/jackrabbit-core/src: main/java/org/apache/jackrabbit/core/security/authorization/ main/java/org/apache/jackrabbit/core/security/authorization/acl/ main/java/org/apache/jackrabbit/core/security/authorization/pr...
Date Wed, 25 Mar 2009 17:23:50 GMT
Author: angela
Date: Wed Mar 25 17:23:32 2009
New Revision: 758354

URL: http://svn.apache.org/viewvc?rev=758354&view=rev
Log:
JCR-1588: Access Control

adjust to latest changes made to the API:
getApplicablePolicies only returns *new* policies that can be set. whereas getPolicies must
be used to update an existing policy

Modified:
    jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/AccessControlEditor.java
    jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/acl/ACLEditor.java
    jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/principalbased/ACLEditor.java
    jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/api/jsr283/security/AccessControlListTest.java
    jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/api/jsr283/security/AccessControlPolicyTest.java
    jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/NodeImplTest.java
    jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/JackrabbitAccessControlListTest.java
    jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/acl/EvaluationUtil.java
    jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/acl/WriteTest.java

Modified: jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/AccessControlEditor.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/AccessControlEditor.java?rev=758354&r1=758353&r2=758354&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/AccessControlEditor.java
(original)
+++ jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/AccessControlEditor.java
Wed Mar 25 17:23:32 2009
@@ -57,13 +57,16 @@
 
     /**
      * Retrieves the editable policies for the Node identified by the given
-     * <code>nodePath</code>. If the node does not yet have any policy set an
-     * new (empty) 'template' is created (see also {@link #getPolicies(String)}.<br>
+     * <code>nodePath</code> that are applicable but have not yet have been set.<br>
      * The AccessControlPolicy objects returned are detached from the underlying
      * <code>AccessControlProvider</code> and is only an external
      * representation. Modification will therefore not take effect, until a
      * modified policy is written back to the editor and persisted.
      * <p/>
+     * See {@link #getPolicies(String)} for the corresponding method that returns
+     * the editable policies that have been set to the node at
+     * <code>nodePath</code> before.
+     * <p/>
      * Compared to the policies returned by {@link AccessControlProvider#getEffectivePolicies(org.apache.jackrabbit.spi.Path)},
      * the scope of the policies returned by this methods it limited to the Node
      * itself and does never not take inherited elements into account.

Modified: jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/acl/ACLEditor.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/acl/ACLEditor.java?rev=758354&r1=758353&r2=758354&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/acl/ACLEditor.java
(original)
+++ jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/acl/ACLEditor.java
Wed Mar 25 17:23:32 2009
@@ -124,9 +124,7 @@
                 acl = new ACLTemplate(nodePath, session.getPrincipalManager(),
                         privilegeRegistry, session.getValueFactory());
             }
-        } else {
-            acl = getACL(aclNode);
-        }
+        } // else: acl already present -> getPolicies must be used.
         return (acl != null) ? new AccessControlPolicy[] {acl} : new AccessControlPolicy[0];
     }
 

Modified: jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/principalbased/ACLEditor.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/principalbased/ACLEditor.java?rev=758354&r1=758353&r2=758354&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/principalbased/ACLEditor.java
(original)
+++ jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/principalbased/ACLEditor.java
Wed Mar 25 17:23:32 2009
@@ -119,11 +119,12 @@
                     throw new AccessControlException("Access control modification not allowed
at " + nodePath);
                 }
                 acNode = createAcNode(nodePath);
-            }
-            return new AccessControlPolicy[] {createTemplate(acNode)};
+                return new AccessControlPolicy[] {createTemplate(acNode)};
+            } // else: acl has already been set before -> use getPolicies instead
         }
 
         // nodePath not below rep:accesscontrol -> not editable
+        // or policy has been set before in which case getPolicies should be used instead.
         return new AccessControlPolicy[0];
     }
 

Modified: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/api/jsr283/security/AccessControlListTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/api/jsr283/security/AccessControlListTest.java?rev=758354&r1=758353&r2=758354&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/api/jsr283/security/AccessControlListTest.java
(original)
+++ jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/api/jsr283/security/AccessControlListTest.java
Wed Mar 25 17:23:32 2009
@@ -118,7 +118,13 @@
                 return (AccessControlList) acp;
             }
         }
-        throw new NotExecutableException("No applicable AccessControlList at " + path);
+        AccessControlPolicy[] acps = acMgr.getPolicies(path);
+        for (int i = 0; i < acps.length; i++) {
+            if (acps[i] instanceof AccessControlList) {
+                return (AccessControlList) acps[i] ;
+            }
+        }
+        throw new NotExecutableException("No AccessControlList at " + path);
     }
 
     private static List currentPrivileges(AccessControlList acl, Principal principal) throws
RepositoryException {

Modified: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/api/jsr283/security/AccessControlPolicyTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/api/jsr283/security/AccessControlPolicyTest.java?rev=758354&r1=758353&r2=758354&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/api/jsr283/security/AccessControlPolicyTest.java
(original)
+++ jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/api/jsr283/security/AccessControlPolicyTest.java
Wed Mar 25 17:23:32 2009
@@ -124,16 +124,31 @@
         checkCanReadAc(path);
         // call must succeed without exception
         AccessControlPolicyIterator it = acMgr.getApplicablePolicies(path);
-        Set AccessControlList = new HashSet();
+        Set acps = new HashSet();
 
         while (it.hasNext()) {
             AccessControlPolicy policy = it.nextAccessControlPolicy();
-            if (!AccessControlList.add(policy)) {
+            if (!acps.add(policy)) {
                 fail("The applicable policies present should be unique among the choices.
Policy " + policy + " occured multiple times.");
             }
         }
     }
 
+    public void testApplicablePoliciesAreDistintFromSetPolicies() throws RepositoryException,
NotExecutableException {
+        checkCanReadAc(path);
+        // call must succeed without exception
+        AccessControlPolicyIterator it = acMgr.getApplicablePolicies(path);
+        Set acps = new HashSet();
+        while (it.hasNext()) {
+            acps.add(it.nextAccessControlPolicy());
+        }
+
+        AccessControlPolicy[] policies = acMgr.getPolicies(path);
+        for (int i = 0; i < policies.length; i++) {
+            assertFalse("The applicable policies obtained should not be present among the
policies obtained through AccessControlManager.getPolicies.", acps.contains(policies[i]));
+        }
+    }
+
     public void testSetPolicy() throws RepositoryException, AccessDeniedException, NotExecutableException
{
         checkCanModifyAc(path);
         AccessControlPolicyIterator it = acMgr.getApplicablePolicies(path);
@@ -155,6 +170,22 @@
         }
     }
 
+    public void testSetAllPolicies() throws RepositoryException, NotExecutableException {
+        AccessControlPolicyIterator it = acMgr.getApplicablePolicies(path);
+        if (!it.hasNext()) {
+            throw new NotExecutableException();
+        }
+        while (it.hasNext()) {
+            acMgr.setPolicy(path, it.nextAccessControlPolicy());
+        }
+        // all policies have been set -> no additional applicable policies.
+        it = acMgr.getApplicablePolicies(path);
+        assertFalse("After having set all applicable policies AccessControlManager.getApplicablePolicies
should return an empty iterator.",
+                it.hasNext());
+        assertEquals("After having set all applicable policies AccessControlManager.getApplicablePolicies
should return an empty iterator.",
+                0, it.getSize());
+    }
+
     public void testGetPolicyAfterSet() throws RepositoryException, AccessDeniedException,
NotExecutableException {
         checkCanReadAc(path);
         checkCanModifyAc(path);
@@ -177,6 +208,25 @@
         }
     }
 
+    public void testResetPolicy() throws RepositoryException, AccessDeniedException, NotExecutableException
{
+        checkCanReadAc(path);
+        checkCanModifyAc(path);
+
+        // make sure that at least a single policy has been set.
+        AccessControlPolicyIterator it = acMgr.getApplicablePolicies(path);
+        if (it.hasNext()) {
+            AccessControlPolicy policy = it.nextAccessControlPolicy();
+            acMgr.setPolicy(path, policy);
+        }
+
+        // access the policies already present at path and test if updating
+        // (resetting) the policies works as well.
+        AccessControlPolicy[] policies = acMgr.getPolicies(path);
+        for (int i = 0; i < policies.length; i++) {
+            acMgr.setPolicy(path, policies[i]);
+        }
+    }
+
     public void testSetPolicyIsTransient() throws RepositoryException, AccessDeniedException,
NotExecutableException {
         checkCanModifyAc(path);
 
@@ -231,7 +281,7 @@
 
     public void testNodeIsModifiedAfterSecondSetPolicy() throws RepositoryException, AccessDeniedException,
NotExecutableException {
         checkCanModifyAc(path);
-        // make sure an policy has been explicitely set.
+        // make sure a policy has been explicitely set.
         AccessControlPolicyIterator it = acMgr.getApplicablePolicies(path);
         if (it.hasNext()) {
             AccessControlPolicy policy = it.nextAccessControlPolicy();

Modified: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/NodeImplTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/NodeImplTest.java?rev=758354&r1=758353&r2=758354&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/NodeImplTest.java
(original)
+++ jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/NodeImplTest.java
Wed Mar 25 17:23:32 2009
@@ -47,21 +47,34 @@
 
     private static void changeReadPermission(Principal principal, Node n, boolean allowRead)
throws RepositoryException, NotExecutableException {
         SessionImpl s = (SessionImpl) n.getSession();
+        JackrabbitAccessControlList acl = null;
         AccessControlManager acMgr = s.getAccessControlManager();
         AccessControlPolicyIterator it = acMgr.getApplicablePolicies(n.getPath());
         while (it.hasNext()) {
             AccessControlPolicy acp = it.nextAccessControlPolicy();
             if (acp instanceof JackrabbitAccessControlList) {
-                JackrabbitAccessControlList acl = (JackrabbitAccessControlList) acp;
-                acl.addEntry(principal, new Privilege[] {acMgr.privilegeFromName(Privilege.JCR_READ)},
allowRead);
-                acMgr.setPolicy(n.getPath(), acp);
-                s.save();
-                return;
+                acl = (JackrabbitAccessControlList) acp;
+                break;
+            }
+        }
+        if (acl == null) {
+            AccessControlPolicy[] acps = acMgr.getPolicies(n.getPath());
+            for (int i = 0; i < acps.length; i++) {
+                if (acps[i] instanceof JackrabbitAccessControlList) {
+                    acl = (JackrabbitAccessControlList) acps[i];
+                    break;
+                }
             }
         }
 
-        // no JackrabbitAccessControlList found.
-        throw new NotExecutableException();
+        if (acl != null) {
+            acl.addEntry(principal, new Privilege[] {acMgr.privilegeFromName(Privilege.JCR_READ)},
allowRead);
+            acMgr.setPolicy(n.getPath(), acl);
+            s.save();
+        } else {
+            // no JackrabbitAccessControlList found.
+            throw new NotExecutableException();
+        }
     }
 
     private static Principal getReadOnlyPrincipal() throws RepositoryException, NotExecutableException
{

Modified: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/JackrabbitAccessControlListTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/JackrabbitAccessControlListTest.java?rev=758354&r1=758353&r2=758354&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/JackrabbitAccessControlListTest.java
(original)
+++ jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/JackrabbitAccessControlListTest.java
Wed Mar 25 17:23:32 2009
@@ -48,14 +48,13 @@
         superuser.save();
 
         AccessControlPolicyIterator it = acMgr.getApplicablePolicies(n.getPath());
-        if (it.hasNext()) {
+        while (it.hasNext() && templ == null) {
             AccessControlPolicy p = it.nextAccessControlPolicy();
             if (p instanceof JackrabbitAccessControlList) {
                 templ = (JackrabbitAccessControlList) p;
-            } else {
-                throw new NotExecutableException("No JackrabbitAccessControlList to test.");
             }
-        } else {
+        }
+        if (templ == null) {
             throw new NotExecutableException("No JackrabbitAccessControlList to test.");
         }
     }

Modified: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/acl/EvaluationUtil.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/acl/EvaluationUtil.java?rev=758354&r1=758353&r2=758354&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/acl/EvaluationUtil.java
(original)
+++ jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/acl/EvaluationUtil.java
Wed Mar 25 17:23:32 2009
@@ -36,6 +36,7 @@
 
     static JackrabbitAccessControlList getPolicy(AccessControlManager acM, String path, Principal
principal) throws RepositoryException,
             AccessDeniedException, NotExecutableException {
+        // try applicable (new) acls first
         AccessControlPolicyIterator itr = acM.getApplicablePolicies(path);
         while (itr.hasNext()) {
             AccessControlPolicy policy = itr.nextAccessControlPolicy();
@@ -43,6 +44,15 @@
                 return (ACLTemplate) policy;
             }
         }
+        // try if there is an acl that has been set before:
+        AccessControlPolicy[] pcls = acM.getPolicies(path);
+        for (int i = 0; i < pcls.length; i++) {
+            AccessControlPolicy policy = pcls[i];
+            if (policy instanceof ACLTemplate) {
+                return (ACLTemplate) policy;
+            }
+        }
+        // no applicable or existing ACLTemplate to edit -> not executable.
         throw new NotExecutableException();
     }
 

Modified: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/acl/WriteTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/acl/WriteTest.java?rev=758354&r1=758353&r2=758354&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/acl/WriteTest.java
(original)
+++ jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/acl/WriteTest.java
Wed Mar 25 17:23:32 2009
@@ -53,6 +53,7 @@
     }
 
     protected JackrabbitAccessControlList getPolicy(AccessControlManager acM, String path,
Principal principal) throws RepositoryException, AccessDeniedException, NotExecutableException
{
+        // first try if there is a new applicable policy
         AccessControlPolicyIterator it = acM.getApplicablePolicies(path);
         while (it.hasNext()) {
             AccessControlPolicy acp = it.nextAccessControlPolicy();
@@ -60,6 +61,15 @@
                 return (ACLTemplate) acp;
             }
         }
+        // try if there is an acl that has been set before:
+        AccessControlPolicy[] pcls = acM.getPolicies(path);
+        for (int i = 0; i < pcls.length; i++) {
+            AccessControlPolicy policy = pcls[i];
+            if (policy instanceof ACLTemplate) {
+                return (ACLTemplate) policy;
+            }
+        }
+        // no applicable or existing ACLTemplate to edit -> not executable.
         throw new NotExecutableException("ACLTemplate expected.");
     }
 



Mime
View raw message