jackrabbit-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ang...@apache.org
Subject svn commit: r1128175 - in /jackrabbit/trunk/jackrabbit-core/src: main/java/org/apache/jackrabbit/core/security/authorization/acl/ test/java/org/apache/jackrabbit/core/security/authorization/acl/
Date Fri, 27 May 2011 07:06:12 GMT
Author: angela
Date: Fri May 27 07:06:12 2011
New Revision: 1128175

URL: http://svn.apache.org/viewvc?rev=1128175&view=rev
Log:
JCR-2977 : AccessControlManager#getApplicablePolicy should check for colliding rep:policy
node

Added:
    jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/acl/ACLEditorTest.java
  (with props)
Modified:
    jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/acl/ACLEditor.java
    jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/acl/TestAll.java

Modified: jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/acl/ACLEditor.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/acl/ACLEditor.java?rev=1128175&r1=1128174&r2=1128175&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/acl/ACLEditor.java
(original)
+++ jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/acl/ACLEditor.java
Fri May 27 07:06:12 2011
@@ -128,12 +128,20 @@ public class ACLEditor extends Protected
         NodeImpl aclNode = getAclNode(controlledNode);
         if (aclNode == null) {
             // create an empty acl unless the node is protected or cannot have
-            // rep:AccessControllable mixin set (e.g. due to a lock)
-            String mixin = session.getJCRName(NT_REP_ACCESS_CONTROLLABLE);
-            PrivilegeManager privMgr = ((JackrabbitWorkspace) session.getWorkspace()).getPrivilegeManager();
-            if (controlledNode.isNodeType(mixin) || controlledNode.canAddMixin(mixin)) {
-                acl = new ACLTemplate(nodePath, session.getPrincipalManager(),
-                        privMgr, session.getValueFactory(), session);
+            // rep:AccessControllable mixin set (e.g. due to a lock) or
+            // has colliding rep:policy child node set.
+            if (controlledNode.hasNode(N_POLICY)) {
+                // policy child node without node being access controlled
+                log.warn("Colliding rep:policy child without node being access controllable
({}).", nodePath);
+            } else {
+                String mixin = session.getJCRName(NT_REP_ACCESS_CONTROLLABLE);
+                PrivilegeManager privMgr = ((JackrabbitWorkspace) session.getWorkspace()).getPrivilegeManager();
+                if (controlledNode.isNodeType(mixin) || controlledNode.canAddMixin(mixin))
{
+                    acl = new ACLTemplate(nodePath, session.getPrincipalManager(),
+                            privMgr, session.getValueFactory(), session);
+                } else {
+                    log.warn("Node {} cannot be made access controllable.", nodePath);
+                }
             }
         } // else: acl already present -> getPolicies must be used.
         return (acl != null) ? new AccessControlPolicy[] {acl} : new AccessControlPolicy[0];
@@ -352,4 +360,4 @@ public class ACLEditor extends Protected
         }
         return names;
     }
-}
\ No newline at end of file
+}

Added: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/acl/ACLEditorTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/acl/ACLEditorTest.java?rev=1128175&view=auto
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/acl/ACLEditorTest.java
(added)
+++ jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/acl/ACLEditorTest.java
Fri May 27 07:06:12 2011
@@ -0,0 +1,93 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.core.security.authorization.acl;
+
+import org.apache.jackrabbit.api.security.JackrabbitAccessControlList;
+import org.apache.jackrabbit.core.security.authorization.AbstractEvaluationTest;
+import org.apache.jackrabbit.test.NotExecutableException;
+
+import javax.jcr.ItemExistsException;
+import javax.jcr.Node;
+import javax.jcr.RepositoryException;
+import javax.jcr.Session;
+import javax.jcr.Value;
+import javax.jcr.lock.LockException;
+import javax.jcr.nodetype.ConstraintViolationException;
+import javax.jcr.nodetype.NoSuchNodeTypeException;
+import javax.jcr.security.AccessControlManager;
+import javax.jcr.security.AccessControlPolicy;
+import javax.jcr.security.AccessControlPolicyIterator;
+import javax.jcr.version.VersionException;
+import java.security.Principal;
+import java.util.Map;
+
+/**
+ * <code>ACLEditorTest</code>...
+ */
+public class ACLEditorTest extends AbstractEvaluationTest {
+
+    private String testPath;
+
+    @Override
+    protected void setUp() throws Exception {
+        super.setUp();
+
+        Node node = testRootNode.addNode(nodeName1, "nt:unstructured");
+        Node pseudoPolicy = node.addNode("rep:policy", "rep:ACL");
+        superuser.save();
+
+        testPath = node.getPath();
+    }
+
+    @Override
+    protected boolean isExecutable() {
+        return EvaluationUtil.isExecutable(acMgr);
+    }
+
+    @Override
+    protected JackrabbitAccessControlList getPolicy(AccessControlManager acMgr, String path,
Principal princ) throws RepositoryException, NotExecutableException {
+        return EvaluationUtil.getPolicy(acMgr, path, princ);
+    }
+
+    @Override
+    protected Map<String, Value> getRestrictions(Session session, String path) throws
RepositoryException, NotExecutableException {
+        return EvaluationUtil.getRestrictions(session, path);
+    }
+
+    public void testNodeNotRepAccessControllable() throws RepositoryException, LockException,
ConstraintViolationException, NoSuchNodeTypeException, ItemExistsException, VersionException
{
+        AccessControlPolicy[] plcs = acMgr.getPolicies(testPath);
+        assertNotNull(plcs);
+        assertEquals(0, plcs.length);
+
+        AccessControlPolicyIterator it = acMgr.getApplicablePolicies(testPath);
+        assertNotNull(it);
+        assertEquals(0, it.getSize());
+    }
+
+    public void testNodeNotRepAccessControllableAddMixin() throws RepositoryException, LockException,
ConstraintViolationException, NoSuchNodeTypeException, ItemExistsException, VersionException
{
+        superuser.getNode(testPath).addMixin("rep:AccessControllable");
+        superuser.save();
+
+        AccessControlPolicy[] plcs = acMgr.getPolicies(testPath);
+        assertNotNull(plcs);
+        assertEquals(1, plcs.length);
+
+        AccessControlPolicyIterator it = acMgr.getApplicablePolicies(testPath);
+        assertNotNull(it);
+        assertEquals(0, it.getSize());
+    }
+}

Propchange: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/acl/ACLEditorTest.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/acl/ACLEditorTest.java
------------------------------------------------------------------------------
    svn:keywords = Author Date Id Revision Rev URL

Modified: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/acl/TestAll.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/acl/TestAll.java?rev=1128175&r1=1128174&r2=1128175&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/acl/TestAll.java
(original)
+++ jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/acl/TestAll.java
Fri May 27 07:06:12 2011
@@ -48,7 +48,8 @@ public class TestAll extends TestCase {
         suite.addTestSuite(VersionTest.class);
         suite.addTestSuite(NodeTypeTest.class);
         suite.addTestSuite(EffectivePolicyTest.class);
-
+        suite.addTestSuite(ACLEditorTest.class);
+        
         return suite;
     }
 



Mime
View raw message