jackrabbit-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From resc...@apache.org
Subject svn commit: r1365186 - in /jackrabbit/branches/2.2: ./ jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/ jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/acl/
Date Tue, 24 Jul 2012 17:34:41 GMT
Author: reschke
Date: Tue Jul 24 17:34:41 2012
New Revision: 1365186

URL: http://svn.apache.org/viewvc?rev=1365186&view=rev
Log:
JCR-3390: Reordering policy node fails with AccessDeniedException (ported to 2.2)

Modified:
    jackrabbit/branches/2.2/   (props changed)
    jackrabbit/branches/2.2/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/PrivilegeRegistry.java
    jackrabbit/branches/2.2/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/acl/WriteTest.java

Propchange: jackrabbit/branches/2.2/
------------------------------------------------------------------------------
  Merged /jackrabbit/trunk:r1362796

Modified: jackrabbit/branches/2.2/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/PrivilegeRegistry.java
URL: http://svn.apache.org/viewvc/jackrabbit/branches/2.2/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/PrivilegeRegistry.java?rev=1365186&r1=1365185&r2=1365186&view=diff
==============================================================================
--- jackrabbit/branches/2.2/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/PrivilegeRegistry.java
(original)
+++ jackrabbit/branches/2.2/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/PrivilegeRegistry.java
Tue Jul 24 17:34:41 2012
@@ -258,13 +258,6 @@ public final class PrivilegeRegistry {
                 perm |= Permission.ADD_NODE;
             }
 
-            // modify_child_node_collection permission is granted through
-            // privileges on the parent
-            if ((parentPrivs & ADD_CHILD_NODES) == ADD_CHILD_NODES &&
-                    (parentPrivs & REMOVE_CHILD_NODES) == REMOVE_CHILD_NODES) {
-                perm |= Permission.MODIFY_CHILD_NODE_COLLECTION;
-            }
-
             /*
              remove_node is
              allowed: only if remove_child_nodes privilege is present on
@@ -285,6 +278,13 @@ public final class PrivilegeRegistry {
             }
         }
 
+        // modify_child_node_collection permission is granted through
+        // privileges on the parent
+        if ((parentPrivs & ADD_CHILD_NODES) == ADD_CHILD_NODES &&
+                (parentPrivs & REMOVE_CHILD_NODES) == REMOVE_CHILD_NODES) {
+            perm |= Permission.MODIFY_CHILD_NODE_COLLECTION;
+        }
+
         // the remaining (special) permissions are simply defined on the node
         if ((privs & READ_AC) == READ_AC) {
             perm |= Permission.READ_AC;

Modified: jackrabbit/branches/2.2/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/acl/WriteTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/branches/2.2/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/acl/WriteTest.java?rev=1365186&r1=1365185&r2=1365186&view=diff
==============================================================================
--- jackrabbit/branches/2.2/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/acl/WriteTest.java
(original)
+++ jackrabbit/branches/2.2/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/acl/WriteTest.java
Tue Jul 24 17:34:41 2012
@@ -26,6 +26,7 @@ import org.apache.jackrabbit.core.securi
 import org.apache.jackrabbit.core.security.principal.EveryonePrincipal;
 import org.apache.jackrabbit.core.security.TestPrincipal;
 import org.apache.jackrabbit.test.NotExecutableException;
+import org.apache.jackrabbit.util.Text;
 
 import javax.jcr.AccessDeniedException;
 import javax.jcr.Node;
@@ -504,4 +505,26 @@ public class WriteTest extends AbstractW
             // success
         }
     }
+
+    public void testReorderPolicyNode() throws RepositoryException, NotExecutableException
{
+        Session testSession = getTestSession();
+        Node n = testSession.getNode(path);
+        try {
+            if (!n.getPrimaryNodeType().hasOrderableChildNodes()) {
+                throw new NotExecutableException("Reordering child nodes is not supported..");
+            }
+
+            n.orderBefore(Text.getName(childNPath), Text.getName(childNPath2));
+            testSession.save();
+            fail("test session must not be allowed to reorder nodes.");
+        } catch (AccessDeniedException e) {
+            // success.
+        }
+
+        // grant all privileges
+        givePrivileges(path, privilegesFromNames(new String[] {Privilege.JCR_ALL}), getRestrictions(superuser,
path));
+
+        n.orderBefore("rep:policy", Text.getName(childNPath2));
+        testSession.save();
+    }
 }
\ No newline at end of file



Mime
View raw message