jackrabbit-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ang...@apache.org
Subject svn commit: r900782 - /jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/acl/WriteTest.java
Date Tue, 19 Jan 2010 13:51:22 GMT
Author: angela
Date: Tue Jan 19 13:51:22 2010
New Revision: 900782

URL: http://svn.apache.org/viewvc?rev=900782&view=rev
Log:
test for JCR-2469

Modified:
    jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/acl/WriteTest.java

Modified: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/acl/WriteTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/acl/WriteTest.java?rev=900782&r1=900781&r2=900782&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/acl/WriteTest.java
(original)
+++ jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/acl/WriteTest.java
Tue Jan 19 13:51:22 2010
@@ -36,6 +36,7 @@
 import javax.jcr.security.AccessControlPolicy;
 import javax.jcr.security.AccessControlPolicyIterator;
 import javax.jcr.security.Privilege;
+import javax.jcr.security.AccessControlEntry;
 import java.security.Principal;
 import java.util.Collections;
 import java.util.Map;
@@ -267,7 +268,7 @@
         assertFalse(testAcMgr.hasPrivileges(childNPath, privilegesFromName(Privilege.JCR_MODIFY_PROPERTIES)));
     }
 
-        public void testMultipleGroupPermissionsOnNode() throws NotExecutableException, RepositoryException
{
+    public void testMultipleGroupPermissionsOnNode() throws NotExecutableException, RepositoryException
{
         Group testGroup = getTestGroup();
 
         /* create a second group the test user is member of */
@@ -326,7 +327,7 @@
             /*
              testuser must get the permissions/privileges inherited from
              the group it is member of.
-             the denial of group2 must succeed
+             granting permissions for group2 must be effective
             */
             String actions = javax.jcr.Session.ACTION_SET_PROPERTY + "," + javax.jcr.Session.ACTION_READ;
 
@@ -339,6 +340,64 @@
         }
     }
 
+    public void testReorderGroupPermissions() throws NotExecutableException, RepositoryException
{
+        Group testGroup = getTestGroup();
+
+        /* create a second group the test user is member of */
+        Principal principal = new TestPrincipal("testGroup" + UUID.randomUUID());
+        UserManager umgr = getUserManager(superuser);
+        Group group2 = umgr.createGroup(principal);
+
+        try {
+            group2.addMember(testUser);
+            if (!umgr.isAutoSave() && superuser.hasPendingChanges()) {
+                superuser.save();
+            }
+
+            /* add privileges for the Group the test-user is member of */
+            Privilege[] privileges = privilegesFromName(Privilege.JCR_MODIFY_PROPERTIES);
+            withdrawPrivileges(path, testGroup.getPrincipal(), privileges, getRestrictions(superuser,
path));
+            givePrivileges(path, group2.getPrincipal(), privileges, getRestrictions(superuser,
path));
+
+            /*
+             testuser must get the permissions/privileges inherited from
+             the group it is member of.
+             granting permissions for group2 must be effective
+            */
+            String actions = javax.jcr.Session.ACTION_SET_PROPERTY + "," + javax.jcr.Session.ACTION_READ;
+
+            AccessControlManager testAcMgr = getTestACManager();
+            assertTrue(getTestSession().hasPermission(path, actions));
+            Privilege[] privs = privilegesFromName(Privilege.JCR_MODIFY_PROPERTIES);
+            assertTrue(testAcMgr.hasPrivileges(path, privs));
+
+            // reorder the ACEs
+            AccessControlEntry srcEntry = null;
+            AccessControlEntry destEntry = null;
+            JackrabbitAccessControlList acl = (JackrabbitAccessControlList) acMgr.getPolicies(path)[0];
+            for (AccessControlEntry entry : acl.getAccessControlEntries()) {
+                Principal princ = entry.getPrincipal();
+                if (testGroup.getPrincipal().equals(princ)) {
+                    destEntry = entry;
+                } else if (group2.getPrincipal().equals(princ)) {
+                    srcEntry = entry;
+                }
+
+            }
+
+            acl.orderBefore(srcEntry, destEntry);
+            acMgr.setPolicy(path, acl);
+            superuser.save();
+
+            /* after reordering the permissions must be denied */
+            assertFalse(getTestSession().hasPermission(path, actions));
+            assertFalse(testAcMgr.hasPrivileges(path, privs));
+            
+        } finally {
+            group2.remove();
+        }
+    }
+
     public void testWriteIfReadingParentIsDenied() throws Exception {
         Privilege[] privileges = privilegesFromNames(new String[] {Privilege.JCR_READ, Privilege.JCR_WRITE});
 



Mime
View raw message