jackrabbit-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ang...@apache.org
Subject svn commit: r790071 - in /jackrabbit/trunk/jackrabbit-core/src: main/java/org/apache/jackrabbit/core/security/authorization/principalbased/ACLEditor.java test/java/org/apache/jackrabbit/core/security/authorization/principalbased/WriteTest.java
Date Wed, 01 Jul 2009 08:42:42 GMT
Author: angela
Date: Wed Jul  1 08:42:42 2009
New Revision: 790071

URL: http://svn.apache.org/viewvc?rev=790071&view=rev
Log:
 JCR-1588: JSR 283: Access Control

- node hierarchy created with principalbased ac-editing may choose wrong node type for intermediate
nodes.
- add test

Modified:
    jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/principalbased/ACLEditor.java
    jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/principalbased/WriteTest.java

Modified: jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/principalbased/ACLEditor.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/principalbased/ACLEditor.java?rev=790071&r1=790070&r2=790071&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/principalbased/ACLEditor.java
(original)
+++ jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/principalbased/ACLEditor.java
Wed Jul  1 08:42:42 2009
@@ -269,10 +269,19 @@
 
     private NodeImpl createAcNode(String acPath) throws RepositoryException {
         String[] segms = Text.explode(acPath, '/', false);
+        StringBuilder currentPath = new StringBuilder();
         NodeImpl node = (NodeImpl) session.getRootNode();
         for (int i = 0; i < segms.length; i++) {
+            if (i > 0) {
+                currentPath.append('/').append(segms[i]);
+            }
             Name nName = session.getQName(segms[i]);
-            Name ntName = (i < segms.length - 1) ? NT_REP_ACCESS_CONTROL : NT_REP_PRINCIPAL_ACCESS_CONTROL;
+            Name ntName;
+            if (denotesPrincipalPath(currentPath.toString())) {
+                ntName = NT_REP_PRINCIPAL_ACCESS_CONTROL;
+            } else {
+                ntName = (i < segms.length - 1) ? NT_REP_ACCESS_CONTROL : NT_REP_PRINCIPAL_ACCESS_CONTROL;
+            }
             if (node.hasNode(nName)) {
                 NodeImpl n = node.getNode(nName);
                 if (!n.isNodeType(ntName)) {
@@ -287,6 +296,25 @@
         return node;
     }
 
+    private boolean denotesPrincipalPath(final String path) {
+        if (path == null || path.length() == 0) {
+            return false;
+        }
+        ItemBasedPrincipal princ = new ItemBasedPrincipal() {
+            public String getPath() throws RepositoryException {
+                return path;
+            }
+            public String getName() {
+                return Text.getName(path);
+            }
+        };
+        try {
+            return session.getUserManager().getAuthorizable(princ) != null;
+        } catch (RepositoryException e) {
+            return false;
+        }
+    }
+
     /**
      * Check if the Node identified by <code>id</code> is itself part of ACL
      * defining content. It this case setting or modifying an AC-policy is

Modified: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/principalbased/WriteTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/principalbased/WriteTest.java?rev=790071&r1=790070&r2=790071&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/principalbased/WriteTest.java
(original)
+++ jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/principalbased/WriteTest.java
Wed Jul  1 08:42:42 2009
@@ -24,7 +24,10 @@
 import org.apache.jackrabbit.core.SessionImpl;
 import org.apache.jackrabbit.core.security.authorization.AbstractWriteTest;
 import org.apache.jackrabbit.core.security.authorization.PrivilegeRegistry;
+import org.apache.jackrabbit.core.security.TestPrincipal;
+import org.apache.jackrabbit.core.security.principal.ItemBasedPrincipal;
 import org.apache.jackrabbit.test.NotExecutableException;
+import org.apache.jackrabbit.util.Text;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
@@ -73,10 +76,12 @@
     }
 
     public void testEditor() throws NotExecutableException, RepositoryException {
-        UserManager uMgr = getUserManager(superuser);
-        User u = uMgr.createUser("t", "t");
-        Principal p = u.getPrincipal();
+        User u = null;
         try {
+            UserManager uMgr = getUserManager(superuser);
+            u = uMgr.createUser("t", "t");
+            Principal p = u.getPrincipal();
+
             JackrabbitAccessControlManager acMgr = (JackrabbitAccessControlManager) getAccessControlManager(superuser);
             JackrabbitAccessControlPolicy[] acls = acMgr.getApplicablePolicies(p);
 
@@ -98,8 +103,47 @@
             assertEquals(1, acMgr.getPolicies(p).length);
             assertEquals(1, acMgr.getPolicies(acls[0].getPath()).length);
         } finally {
-            u.remove();
+            superuser.refresh(false);
+            if (u != null) {
+                u.remove();
+            }
         }
+    }
+
+    public void testEditor2() throws NotExecutableException, RepositoryException {
+        User u = null;
+        User u2 = null;
+
+        try {
+            UserManager uMgr = getUserManager(superuser);
+
+            u = uMgr.createUser("t", "t");
+            u2 = uMgr.createUser("tt", "tt", new TestPrincipal("tt"), "t/tt");
+
+            Principal p = u.getPrincipal();
+            Principal p2 = u2.getPrincipal();
+
+            if (p instanceof ItemBasedPrincipal && p2 instanceof ItemBasedPrincipal
&&
+                    Text.isDescendant(((ItemBasedPrincipal) p).getPath(), ((ItemBasedPrincipal)
p2).getPath())) {
+
+                JackrabbitAccessControlManager acMgr = (JackrabbitAccessControlManager) getAccessControlManager(superuser);
+
+                JackrabbitAccessControlPolicy[] acls = acMgr.getApplicablePolicies(p2);
+                acMgr.setPolicy(acls[0].getPath(), acls[0]);
+
+                acls = acMgr.getApplicablePolicies(p);
+                String path = acls[0].getPath();
+
+                Node n = superuser.getNode(path);
+                assertEquals("rep:PrincipalAccessControl", n.getPrimaryNodeType().getName());
+            } else {
+                throw new NotExecutableException();
+            }
+        } finally {
+            superuser.refresh(false);
+            if (u2 != null) u2.remove();
+            if (u != null) u.remove();
+     }
 
     }
     // TODO: add specific tests with other restrictions



Mime
View raw message