jackrabbit-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ang...@apache.org
Subject svn commit: r1205038 - in /jackrabbit/trunk/jackrabbit-core/src: main/java/org/apache/jackrabbit/core/xml/AccessControlImporter.java test/java/org/apache/jackrabbit/core/xml/AccessControlImporterTest.java
Date Tue, 22 Nov 2011 15:34:05 GMT
Author: angela
Date: Tue Nov 22 15:34:04 2011
New Revision: 1205038

URL: http://svn.apache.org/viewvc?rev=1205038&view=rev
Log:
JCR-3152 : AccessControlImporter does not import repo level ac content

Modified:
    jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/xml/AccessControlImporter.java
    jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/xml/AccessControlImporterTest.java

Modified: jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/xml/AccessControlImporter.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/xml/AccessControlImporter.java?rev=1205038&r1=1205037&r2=1205038&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/xml/AccessControlImporter.java
(original)
+++ jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/xml/AccessControlImporter.java
Tue Nov 22 15:34:04 2011
@@ -134,9 +134,17 @@ public class AccessControlImporter exten
         }
 
         if (isPolicyNode(protectedParent)) {
-            acl = getACL(protectedParent.getParent().getPath());
+            String parentPath = protectedParent.getParent().getPath();
+            acl = getACL(parentPath);
             if (acl == null) {
-                log.warn("AccessControlImporter cannot be started: no ACL for {}.", protectedParent.getParent().getPath());
+                log.warn("AccessControlImporter cannot be started: no ACL for {}.", parentPath);
+                return false;
+            }
+            status = STATUS_ACL;
+        } else if (isRepoPolicyNode(protectedParent)) {
+            acl = getACL(null);
+            if (acl == null) {
+                log.warn("AccessControlImporter cannot be started: no Repo ACL.");
                 return false;
             }
             status = STATUS_ACL;
@@ -159,11 +167,7 @@ public class AccessControlImporter exten
         for (AccessControlPolicy p: acMgr.getPolicies(path)) {
             if (p instanceof JackrabbitAccessControlList) {
                 acl = (JackrabbitAccessControlList) p;
-                // don't know if this check is needed
-                if (path.equals(acl.getPath())) {
-                    break;
-                }
-                acl = null;
+                break;
             }
         }
         if (acl != null) {
@@ -302,8 +306,20 @@ public class AccessControlImporter exten
 
     private static boolean isPolicyNode(NodeImpl node) throws RepositoryException {
         Name nodeName = node.getQName();
-        return (AccessControlConstants.N_POLICY.equals(nodeName) || AccessControlConstants.N_REPO_POLICY.equals(nodeName))
-                && node.isNodeType(AccessControlConstants.NT_REP_ACL);
+        return AccessControlConstants.N_POLICY.equals(nodeName) && node.isNodeType(AccessControlConstants.NT_REP_ACL);
+    }
+
+    /**
+     * @param node The node to be tested.
+     * @return <code>true</code> if the specified node is the 'rep:repoPolicy'
+     * acl node underneath the root node; <code>false</code> otherwise.
+     * @throws RepositoryException If an error occurs.
+     */
+    private static boolean isRepoPolicyNode(NodeImpl node) throws RepositoryException {
+        Name nodeName = node.getQName();
+        return AccessControlConstants.N_REPO_POLICY.equals(nodeName) &&
+                node.isNodeType(AccessControlConstants.NT_REP_ACL) &&
+                node.getDepth() == 1;
     }
 
     private static void checkDefinition(NodeInfo nInfo, Name expName, Name expNodeTypeName)
throws ConstraintViolationException {

Modified: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/xml/AccessControlImporterTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/xml/AccessControlImporterTest.java?rev=1205038&r1=1205037&r2=1205038&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/xml/AccessControlImporterTest.java
(original)
+++ jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/xml/AccessControlImporterTest.java
Tue Nov 22 15:34:04 2011
@@ -98,6 +98,24 @@ public class AccessControlImporterTest e
                 "</sv:node>" +
             "</sv:node>";
 
+    private static final String XML_POLICY_TREE_2 = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
+
+            "<sv:node sv:name=\"rep:policy\" " +
+            "xmlns:mix=\"http://www.jcp.org/jcr/mix/1.0\" xmlns:nt=\"http://www.jcp.org/jcr/nt/1.0\"
xmlns:fn_old=\"http://www.w3.org/2004/10/xpath-functions\" xmlns:fn=\"http://www.w3.org/2005/xpath-functions\"
xmlns:xs=\"http://www.w3.org/2001/XMLSchema\" xmlns:sv=\"http://www.jcp.org/jcr/sv/1.0\" xmlns:rep=\"internal\"
xmlns:jcr=\"http://www.jcp.org/jcr/1.0\">" +
+                "<sv:property sv:name=\"jcr:primaryType\" sv:type=\"Name\">" +
+                    "<sv:value>rep:ACL</sv:value>" +
+                "</sv:property>" +
+                "<sv:node sv:name=\"allow\">" +
+                    "<sv:property sv:name=\"jcr:primaryType\" sv:type=\"Name\">" +
+                        "<sv:value>rep:GrantACE</sv:value>" +
+                    "</sv:property>" +
+                    "<sv:property sv:name=\"rep:principalName\" sv:type=\"String\">"
+
+                        "<sv:value>everyone</sv:value>" +
+                    "</sv:property>" +
+                    "<sv:property sv:name=\"rep:privileges\" sv:type=\"Name\">" +
+                        "<sv:value>jcr:write</sv:value>" +
+                    "</sv:property>" +
+                "</sv:node>" +
+            "</sv:node>";
 
     private static final String XML_POLICY_TREE_3   = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
+
             "<sv:node sv:name=\"rep:policy\" " +
@@ -129,12 +147,23 @@ public class AccessControlImporterTest e
                 "</sv:node>" +
             "</sv:node>";
 
-    private static final String XML_POLICY_TREE_5   = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
+
+    private static final String XML_POLICY_TREE_4   = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
+
             "<sv:node sv:name=\"rep:policy\" " +
                     "xmlns:mix=\"http://www.jcp.org/jcr/mix/1.0\" xmlns:nt=\"http://www.jcp.org/jcr/nt/1.0\"
xmlns:fn_old=\"http://www.w3.org/2004/10/xpath-functions\" xmlns:fn=\"http://www.w3.org/2005/xpath-functions\"
xmlns:xs=\"http://www.w3.org/2001/XMLSchema\" xmlns:sv=\"http://www.jcp.org/jcr/sv/1.0\" xmlns:rep=\"internal\"
xmlns:jcr=\"http://www.jcp.org/jcr/1.0\">" +
                 "<sv:property sv:name=\"jcr:primaryType\" sv:type=\"Name\">" +
                     "<sv:value>rep:ACL</sv:value>" +
                 "</sv:property>" +
+                "<sv:node sv:name=\"allow\">" +
+                    "<sv:property sv:name=\"jcr:primaryType\" sv:type=\"Name\">" +
+                        "<sv:value>rep:GrantACE</sv:value>" +
+                    "</sv:property>" +
+                    "<sv:property sv:name=\"rep:principalName\" sv:type=\"String\">"
+
+                        "<sv:value>unknownprincipal</sv:value>" +
+                    "</sv:property>" +
+                    "<sv:property sv:name=\"rep:privileges\" sv:type=\"Name\">" +
+                        "<sv:value>jcr:write</sv:value>" +
+                    "</sv:property>" +
+                "</sv:node>" +
                 "<sv:node sv:name=\"allow0\">" +
                     "<sv:property sv:name=\"jcr:primaryType\" sv:type=\"Name\">" +
                         "<sv:value>rep:GrantACE</sv:value>" +
@@ -148,23 +177,31 @@ public class AccessControlImporterTest e
                 "</sv:node>" +
             "</sv:node>";
 
-    private static final String XML_POLICY_TREE_4   = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
+
+    private static final String XML_POLICY_TREE_5   = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
+
             "<sv:node sv:name=\"rep:policy\" " +
                     "xmlns:mix=\"http://www.jcp.org/jcr/mix/1.0\" xmlns:nt=\"http://www.jcp.org/jcr/nt/1.0\"
xmlns:fn_old=\"http://www.w3.org/2004/10/xpath-functions\" xmlns:fn=\"http://www.w3.org/2005/xpath-functions\"
xmlns:xs=\"http://www.w3.org/2001/XMLSchema\" xmlns:sv=\"http://www.jcp.org/jcr/sv/1.0\" xmlns:rep=\"internal\"
xmlns:jcr=\"http://www.jcp.org/jcr/1.0\">" +
                 "<sv:property sv:name=\"jcr:primaryType\" sv:type=\"Name\">" +
                     "<sv:value>rep:ACL</sv:value>" +
                 "</sv:property>" +
-                "<sv:node sv:name=\"allow\">" +
+                "<sv:node sv:name=\"allow0\">" +
                     "<sv:property sv:name=\"jcr:primaryType\" sv:type=\"Name\">" +
                         "<sv:value>rep:GrantACE</sv:value>" +
                     "</sv:property>" +
                     "<sv:property sv:name=\"rep:principalName\" sv:type=\"String\">"
+
-                        "<sv:value>unknownprincipal</sv:value>" +
+                        "<sv:value>admin</sv:value>" +
                     "</sv:property>" +
                     "<sv:property sv:name=\"rep:privileges\" sv:type=\"Name\">" +
                         "<sv:value>jcr:write</sv:value>" +
                     "</sv:property>" +
                 "</sv:node>" +
+            "</sv:node>";
+
+    private static final String XML_REPO_POLICY_TREE = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
+
+            "<sv:node sv:name=\"rep:repoPolicy\" " +
+                    "xmlns:mix=\"http://www.jcp.org/jcr/mix/1.0\" xmlns:nt=\"http://www.jcp.org/jcr/nt/1.0\"
xmlns:fn_old=\"http://www.w3.org/2004/10/xpath-functions\" xmlns:fn=\"http://www.w3.org/2005/xpath-functions\"
xmlns:xs=\"http://www.w3.org/2001/XMLSchema\" xmlns:sv=\"http://www.jcp.org/jcr/sv/1.0\" xmlns:rep=\"internal\"
xmlns:jcr=\"http://www.jcp.org/jcr/1.0\">" +
+                "<sv:property sv:name=\"jcr:primaryType\" sv:type=\"Name\">" +
+                    "<sv:value>rep:ACL</sv:value>" +
+                "</sv:property>" +
                 "<sv:node sv:name=\"allow0\">" +
                     "<sv:property sv:name=\"jcr:primaryType\" sv:type=\"Name\">" +
                         "<sv:value>rep:GrantACE</sv:value>" +
@@ -173,14 +210,11 @@ public class AccessControlImporterTest e
                         "<sv:value>admin</sv:value>" +
                     "</sv:property>" +
                     "<sv:property sv:name=\"rep:privileges\" sv:type=\"Name\">" +
-                        "<sv:value>jcr:write</sv:value>" +
+                        "<sv:value>jcr:workspaceManagement</sv:value>" +
                     "</sv:property>" +
                 "</sv:node>" +
             "</sv:node>";
 
-
-    private static final String XML_POLICY_TREE_2 = "<?xml version=\"1.0\" encoding=\"UTF-8\"?><sv:node
sv:name=\"rep:policy\" xmlns:mix=\"http://www.jcp.org/jcr/mix/1.0\" xmlns:nt=\"http://www.jcp.org/jcr/nt/1.0\"
xmlns:fn_old=\"http://www.w3.org/2004/10/xpath-functions\" xmlns:fn=\"http://www.w3.org/2005/xpath-functions\"
xmlns:xs=\"http://www.w3.org/2001/XMLSchema\" xmlns:sv=\"http://www.jcp.org/jcr/sv/1.0\" xmlns:rep=\"internal\"
xmlns:jcr=\"http://www.jcp.org/jcr/1.0\"><sv:property sv:name=\"jcr:primaryType\" sv:type=\"Name\"><sv:value>rep:ACL</sv:value></sv:property><sv:node
sv:name=\"allow\"><sv:property sv:name=\"jcr:primaryType\" sv:type=\"Name\"><sv:value>rep:GrantACE</sv:value></sv:property><sv:property
sv:name=\"rep:principalName\" sv:type=\"String\"><sv:value>everyone</sv:value></sv:property><sv:property
sv:name=\"rep:privileges\" sv:type=\"Name\"><sv:value>jcr:write</sv:value></sv:property></sv:node></sv:node>";
-
     private static final String XML_AC_TREE       = "<?xml version=\"1.0\" encoding=\"UTF-8\"?><sv:node
sv:name=\"rep:security\" xmlns:mix=\"http://www.jcp.org/jcr/mix/1.0\" xmlns:nt=\"http://www.jcp.org/jcr/nt/1.0\"
xmlns:fn_old=\"http://www.w3.org/2004/10/xpath-functions\" xmlns:fn=\"http://www.w3.org/2005/xpath-functions\"
xmlns:crx=\"http://www.day.com/crx/1.0\" xmlns:xs=\"http://www.w3.org/2001/XMLSchema\" xmlns:sv=\"http://www.jcp.org/jcr/sv/1.0\"
xmlns:repl=\"http://www.day.com/crx/replication/1.0\" xmlns:rep=\"internal\" xmlns:jcr=\"http://www.jcp.org/jcr/1.0\"><sv:property
sv:name=\"jcr:primaryType\" sv:type=\"Name\"><sv:value>rep:AccessControl</sv:value></sv:property><sv:node
sv:name=\"rep:authorizables\"><sv:property sv:name=\"jcr:primaryType\" sv:type=\"Name\"><sv:value>rep:AccessControl</sv:value></sv:property><sv:node
sv:name=\"rep:groups\"><sv:property sv:name=\"jcr:primaryType\" sv:type=\"Name\"><sv:value>rep:AccessControl</sv:value></sv:property><sv:node
sv:
 name=\"administrators\"><sv:property sv:name=\"jcr:primaryType\" sv:type=\"Name\"><sv:value>rep:PrincipalAccessControl</sv:value></sv:property><sv:node
sv:name=\"rep:policy\"><sv:property sv:name=\"jcr:primaryType\" sv:type=\"Name\"><sv:value>rep:ACL</sv:value></sv:property><sv:node
sv:name=\"entry\"><sv:property sv:name=\"jcr:primaryType\" sv:type=\"Name\"><sv:value>rep:GrantACE</sv:value></sv:property><sv:property
sv:name=\"rep:glob\" sv:type=\"String\"><sv:value>*</sv:value></sv:property><sv:property
sv:name=\"rep:nodePath\" sv:type=\"Path\"><sv:value>/</sv:value></sv:property><sv:property
sv:name=\"rep:principalName\" sv:type=\"String\"><sv:value>administrators</sv:value></sv:property><sv:property
sv:name=\"rep:privileges\" sv:type=\"Name\"><sv:value>jcr:all</sv:value></sv:property></sv:node></sv:node></sv:node></sv:node><sv:node
sv:name=\"rep:users\"><sv:property sv:name=\"jcr:primaryType\" sv:type=\"Name\"><sv:value>rep:AccessControl</sv:value></sv:property><sv:node
sv
 :name=\"admin\"><sv:property sv:name=\"jcr:primaryType\" sv:type=\"Name\"><sv:value>rep:AccessControl</sv:value></sv:property><sv:node
sv:name=\"t\"><sv:property sv:name=\"jcr:primaryType\" sv:type=\"Name\"><sv:value>rep:PrincipalAccessControl</sv:value></sv:property></sv:node><sv:node
sv:name=\"a\"><sv:property sv:name=\"jcr:primaryType\" sv:type=\"Name\"><sv:value>rep:PrincipalAccessControl</sv:value></sv:property></sv:node></sv:node><sv:node
sv:name=\"anonymous\"><sv:property sv:name=\"jcr:primaryType\" sv:type=\"Name\"><sv:value>rep:PrincipalAccessControl</sv:value></sv:property></sv:node></sv:node></sv:node></sv:node>";
 
     private static final String XML_POLICY_ONLY   = "<?xml version=\"1.0\" encoding=\"UTF-8\"?><sv:node
sv:name=\"test\" xmlns:mix=\"http://www.jcp.org/jcr/mix/1.0\" xmlns:nt=\"http://www.jcp.org/jcr/nt/1.0\"
xmlns:fn_old=\"http://www.w3.org/2004/10/xpath-functions\" xmlns:fn=\"http://www.w3.org/2005/xpath-functions\"
xmlns:xs=\"http://www.w3.org/2001/XMLSchema\" xmlns:sv=\"http://www.jcp.org/jcr/sv/1.0\" xmlns:rep=\"internal\"
xmlns:jcr=\"http://www.jcp.org/jcr/1.0\"><sv:property sv:name=\"jcr:primaryType\" sv:type=\"Name\"><sv:value>nt:unstructured</sv:value></sv:property><sv:property
sv:name=\"jcr:mixinTypes\" sv:type=\"Name\"><sv:value>rep:AccessControllable</sv:value><sv:value>mix:versionable</sv:value></sv:property><sv:property
sv:name=\"jcr:uuid\" sv:type=\"String\"><sv:value>0a0ca2e9-ab98-4433-a12b-d57283765207</sv:value></sv:property><sv:property
sv:name=\"jcr:baseVersion\" sv:type=\"Reference\"><sv:value>35d0d137-a3a4-4af3-8cdd-ce565ea6bdc9</sv:value></sv:property>
 <sv:property sv:name=\"jcr:isCheckedOut\" sv:type=\"Boolean\"><sv:value>true</sv:value></sv:property><sv:property
sv:name=\"jcr:predecessors\" sv:type=\"Reference\"><sv:value>35d0d137-a3a4-4af3-8cdd-ce565ea6bdc9</sv:value></sv:property><sv:property
sv:name=\"jcr:versionHistory\" sv:type=\"Reference\"><sv:value>428c9ef2-78e5-4f1c-95d3-16b4ce72d815</sv:value></sv:property><sv:node
sv:name=\"rep:policy\"><sv:property sv:name=\"jcr:primaryType\" sv:type=\"Name\"><sv:value>rep:ACL</sv:value></sv:property></sv:node></sv:node>";
@@ -516,7 +550,6 @@ public class AccessControlImporterTest e
         }
 
         try {
-
             InputStream in = new ByteArrayInputStream(XML_POLICY_ONLY.getBytes("UTF-8"));
 
             SessionImporter importer = new SessionImporter(target, sImpl, ImportUUIDBehavior.IMPORT_UUID_CREATE_NEW,
new PseudoConfig());
@@ -537,6 +570,70 @@ public class AccessControlImporterTest e
     }
 
     /**
+     * Repo level acl must be imported underneath the root node.
+     *
+     * @throws Exception
+     */
+    public void testImportRepoACLAtRoot() throws Exception {
+        NodeImpl target = (NodeImpl) sImpl.getRootNode();
+        AccessControlManager acMgr = sImpl.getAccessControlManager();
+        try {
+            InputStream in = new ByteArrayInputStream(XML_REPO_POLICY_TREE.getBytes("UTF-8"));
+
+            SessionImporter importer = new SessionImporter(target, sImpl, ImportUUIDBehavior.IMPORT_UUID_CREATE_NEW,
new PseudoConfig());
+            ImportHandler ih = new ImportHandler(importer, sImpl);
+            new ParsingContentHandler(ih).parse(in);
+
+            AccessControlPolicy[] policies = acMgr.getPolicies(null);
+
+            assertEquals(1, policies.length);
+            assertTrue(policies[0] instanceof JackrabbitAccessControlList);
+
+            AccessControlEntry[] entries = ((JackrabbitAccessControlList) policies[0]).getAccessControlEntries();
+            assertEquals(1, entries.length);
+            assertEquals(1, entries[0].getPrivileges().length);
+            assertEquals(acMgr.privilegeFromName("jcr:workspaceManagement"), entries[0].getPrivileges()[0]);
+
+            assertTrue(target.hasNode("rep:repoPolicy"));
+            assertFalse(target.hasNode("rep:repoPolicy/allow0"));
+
+        } finally {
+            superuser.refresh(false);
+        }
+    }
+
+    /**
+     * Make sure repo-level acl is not imported below any other node than the
+     * root node.
+     *
+     * @throws Exception
+     */
+    public void testImportRepoACLAtTestNode() throws Exception {
+        NodeImpl target = (NodeImpl) testRootNode.addNode("test");
+        target.addMixin("rep:RepoAccessControllable");
+
+        AccessControlManager acMgr = sImpl.getAccessControlManager();
+        try {
+            InputStream in = new ByteArrayInputStream(XML_REPO_POLICY_TREE.getBytes("UTF-8"));
+
+            SessionImporter importer = new SessionImporter(target, sImpl, ImportUUIDBehavior.IMPORT_UUID_CREATE_NEW,
new PseudoConfig());
+            ImportHandler ih = new ImportHandler(importer, sImpl);
+            new ParsingContentHandler(ih).parse(in);
+
+            AccessControlPolicy[] policies = acMgr.getPolicies(null);
+            assertEquals(0, policies.length);
+
+            assertTrue(target.hasNode("rep:repoPolicy"));
+            assertFalse(target.hasNode("rep:repoPolicy/allow0"));
+
+            Node n = target.getNode("rep:repoPolicy");
+            assertEquals("rep:RepoAccessControllable", n.getDefinition().getDeclaringNodeType().getName());
+        } finally {
+            superuser.refresh(false);
+        }
+    }
+
+    /**
      * Imports a principal-based ACL containing a single entry mist fail with
      * the default configuration.
      *



Mime
View raw message