jackrabbit-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ang...@apache.org
Subject svn commit: r1362796 - in /jackrabbit/trunk/jackrabbit-core/src: main/java/org/apache/jackrabbit/core/security/authorization/PrivilegeRegistry.java test/java/org/apache/jackrabbit/core/security/authorization/acl/WriteTest.java
Date Wed, 18 Jul 2012 07:49:03 GMT
Author: angela
Date: Wed Jul 18 07:49:03 2012
New Revision: 1362796

URL: http://svn.apache.org/viewvc?rev=1362796&view=rev
Log:
JCR-3390 : Reordering policy node fails with AccessDeniedException

Modified:
    jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/PrivilegeRegistry.java
    jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/acl/WriteTest.java

Modified: jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/PrivilegeRegistry.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/PrivilegeRegistry.java?rev=1362796&r1=1362795&r2=1362796&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/PrivilegeRegistry.java
(original)
+++ jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/PrivilegeRegistry.java
Wed Jul 18 07:49:03 2012
@@ -377,13 +377,6 @@ public final class PrivilegeRegistry imp
                 perm |= Permission.ADD_NODE;
             }
 
-            // modify_child_node_collection permission is granted through
-            // privileges on the parent
-            if ((parentPrivs & ADD_CHILD_NODES) == ADD_CHILD_NODES &&
-                    (parentPrivs & REMOVE_CHILD_NODES) == REMOVE_CHILD_NODES) {
-                perm |= Permission.MODIFY_CHILD_NODE_COLLECTION;
-            }
-
             /*
              remove_node is
              allowed: only if remove_child_nodes privilege is present on
@@ -404,6 +397,13 @@ public final class PrivilegeRegistry imp
             }
         }
 
+        // modify_child_node_collection permission is granted through
+        // privileges on the parent
+        if ((parentPrivs & ADD_CHILD_NODES) == ADD_CHILD_NODES &&
+                (parentPrivs & REMOVE_CHILD_NODES) == REMOVE_CHILD_NODES) {
+            perm |= Permission.MODIFY_CHILD_NODE_COLLECTION;
+        }
+
         // the remaining (special) permissions are simply defined on the node
         if ((privs & READ_AC) == READ_AC) {
             perm |= Permission.READ_AC;

Modified: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/acl/WriteTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/acl/WriteTest.java?rev=1362796&r1=1362795&r2=1362796&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/acl/WriteTest.java
(original)
+++ jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/acl/WriteTest.java
Wed Jul 18 07:49:03 2012
@@ -26,6 +26,7 @@ import org.apache.jackrabbit.core.securi
 import org.apache.jackrabbit.core.security.principal.EveryonePrincipal;
 import org.apache.jackrabbit.core.security.TestPrincipal;
 import org.apache.jackrabbit.test.NotExecutableException;
+import org.apache.jackrabbit.util.Text;
 
 import javax.jcr.AccessDeniedException;
 import javax.jcr.Node;
@@ -530,4 +531,26 @@ public class WriteTest extends AbstractW
             superuser.save();
         }
     }
+
+    public void testReorderPolicyNode() throws RepositoryException, NotExecutableException
{
+        Session testSession = getTestSession();
+        Node n = testSession.getNode(path);
+        try {
+            if (!n.getPrimaryNodeType().hasOrderableChildNodes()) {
+                throw new NotExecutableException("Reordering child nodes is not supported..");
+            }
+
+            n.orderBefore(Text.getName(childNPath), Text.getName(childNPath2));
+            testSession.save();
+            fail("test session must not be allowed to reorder nodes.");
+        } catch (AccessDeniedException e) {
+            // success.
+        }
+
+        // grant all privileges
+        givePrivileges(path, privilegesFromNames(new String[] {Privilege.JCR_ALL}), getRestrictions(superuser,
path));
+
+        n.orderBefore("rep:policy", Text.getName(childNPath2));
+        testSession.save();
+    }
 }
\ No newline at end of file



Mime
View raw message