jackrabbit-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From tri...@apache.org
Subject svn commit: r1571867 - in /jackrabbit/commons/filevault/trunk/vault-core/src: main/java/org/apache/jackrabbit/vault/fs/impl/io/ test/java/org/apache/jackrabbit/vault/packaging/integration/ test/resources/org/apache/jackrabbit/vault/packaging/integratio...
Date Tue, 25 Feb 2014 23:42:37 GMT
Author: tripod
Date: Tue Feb 25 23:42:37 2014
New Revision: 1571867

URL: http://svn.apache.org/r1571867
Log:
JCRVLT-39 Regression: installing a package with repository ACL fails

Added:
    jackrabbit/commons/filevault/trunk/vault-core/src/test/resources/org/apache/jackrabbit/vault/packaging/integration/testpackages/repo_no_policy.zip
    jackrabbit/commons/filevault/trunk/vault-core/src/test/resources/org/apache/jackrabbit/vault/packaging/integration/testpackages/repo_policy.zip
Modified:
    jackrabbit/commons/filevault/trunk/vault-core/src/main/java/org/apache/jackrabbit/vault/fs/impl/io/DocViewSAXImporter.java
    jackrabbit/commons/filevault/trunk/vault-core/src/main/java/org/apache/jackrabbit/vault/fs/impl/io/JackrabbitACLImporter.java
    jackrabbit/commons/filevault/trunk/vault-core/src/test/java/org/apache/jackrabbit/vault/packaging/integration/TestACLAndMerge.java

Modified: jackrabbit/commons/filevault/trunk/vault-core/src/main/java/org/apache/jackrabbit/vault/fs/impl/io/DocViewSAXImporter.java
URL: http://svn.apache.org/viewvc/jackrabbit/commons/filevault/trunk/vault-core/src/main/java/org/apache/jackrabbit/vault/fs/impl/io/DocViewSAXImporter.java?rev=1571867&r1=1571866&r2=1571867&view=diff
==============================================================================
--- jackrabbit/commons/filevault/trunk/vault-core/src/main/java/org/apache/jackrabbit/vault/fs/impl/io/DocViewSAXImporter.java
(original)
+++ jackrabbit/commons/filevault/trunk/vault-core/src/main/java/org/apache/jackrabbit/vault/fs/impl/io/DocViewSAXImporter.java
Tue Feb 25 23:42:37 2014
@@ -618,9 +618,19 @@ public class DocViewSAXImporter extends 
                                     log.info("Adding ACL element to non ACL parent - adding
mixin: {}", node.getPath());
                                 }
                                 stack = stack.push();
-                                stack.adapter = new JackrabbitACLImporter(node, aclHandling);
-                                stack.adapter.startNode(ni);
-                                importInfo.onCreated(node.getPath() + "/" + ni.name);
+                                if ("rep:repoPolicy".equals(name)) {
+                                    if (node.getDepth() == 0) {
+                                        stack.adapter = new JackrabbitACLImporter(session,
aclHandling);
+                                        stack.adapter.startNode(ni);
+                                        importInfo.onCreated(node.getPath() + "/" + ni.name);
+                                    } else {
+                                        log.info("ignoring invalid location for repository
level ACL: {}", node.getPath());
+                                    }
+                                } else {
+                                    stack.adapter = new JackrabbitACLImporter(node, aclHandling);
+                                    stack.adapter.startNode(ni);
+                                    importInfo.onCreated(node.getPath() + "/" + ni.name);
+                                }
                             } else {
                                 stack = stack.push();
                             }

Modified: jackrabbit/commons/filevault/trunk/vault-core/src/main/java/org/apache/jackrabbit/vault/fs/impl/io/JackrabbitACLImporter.java
URL: http://svn.apache.org/viewvc/jackrabbit/commons/filevault/trunk/vault-core/src/main/java/org/apache/jackrabbit/vault/fs/impl/io/JackrabbitACLImporter.java?rev=1571867&r1=1571866&r2=1571867&view=diff
==============================================================================
--- jackrabbit/commons/filevault/trunk/vault-core/src/main/java/org/apache/jackrabbit/vault/fs/impl/io/JackrabbitACLImporter.java
(original)
+++ jackrabbit/commons/filevault/trunk/vault-core/src/main/java/org/apache/jackrabbit/vault/fs/impl/io/JackrabbitACLImporter.java
Tue Feb 25 23:42:37 2014
@@ -28,6 +28,7 @@ import java.util.Stack;
 
 import javax.jcr.Node;
 import javax.jcr.RepositoryException;
+import javax.jcr.Session;
 import javax.jcr.Value;
 import javax.jcr.ValueFactory;
 import javax.jcr.security.AccessControlEntry;
@@ -56,7 +57,7 @@ public class JackrabbitACLImporter imple
      */
     private static final Logger log = DocViewSAXImporter.log;
 
-    private final Node accessControlledNode;
+    private final JackrabbitSession session;
 
     private final AccessControlHandling aclHandling;
 
@@ -80,19 +81,30 @@ public class JackrabbitACLImporter imple
 
     private final Stack<State> states = new Stack<State>();
 
-    public JackrabbitACLImporter(Node accessControlledNode, AccessControlHandling aclHandling)
throws RepositoryException {
+    public JackrabbitACLImporter(Node accessControlledNode, AccessControlHandling aclHandling)
+            throws RepositoryException {
+        this(accessControlledNode.getSession(), accessControlledNode.getPath(), aclHandling);
+    }
+
+    public JackrabbitACLImporter(Session session, AccessControlHandling aclHandling)
+            throws RepositoryException {
+        this(session, null, aclHandling);
+    }
+
+    private JackrabbitACLImporter(Session session, String path, AccessControlHandling aclHandling)
+            throws RepositoryException {
         if (aclHandling == AccessControlHandling.CLEAR || aclHandling == AccessControlHandling.IGNORE)
{
             throw new RepositoryException("Error while reading access control content: unsupported
AccessControlHandling: " + aclHandling);
         }
-        this.accessControlledNode = accessControlledNode;
-        this.accessControlledPath = accessControlledNode.getPath();
-        final JackrabbitSession session = ((JackrabbitSession) accessControlledNode.getSession());
-        this.acMgr = session.getAccessControlManager();
-        this.pMgr = session.getPrincipalManager();
+        this.accessControlledPath = path;
+        this.session = (JackrabbitSession) session;
+        this.acMgr = this.session.getAccessControlManager();
+        this.pMgr = this.session.getPrincipalManager();
         this.aclHandling = aclHandling;
         this.states.push(State.INITIAL);
     }
 
+
     public void startNode(DocViewNode node) throws SAXException {
         State state = states.peek();
         switch (state) {
@@ -158,7 +170,7 @@ public class JackrabbitACLImporter imple
     }
 
     private void apply() throws RepositoryException {
-        final ValueFactory valueFactory = accessControlledNode.getSession().getValueFactory();
+        final ValueFactory valueFactory = session.getValueFactory();
 
         // find principals of existing ACL
         JackrabbitAccessControlList acl = null;
@@ -189,7 +201,8 @@ public class JackrabbitACLImporter imple
             }
         }
         if (acl == null) {
-            throw new RepositoryException("not JackrabbitAccessControlList applicable on
" + accessControlledPath);
+            throw new RepositoryException("not JackrabbitAccessControlList applicable on
" +
+                    (accessControlledPath == null ? "'root'" : accessControlledPath));
         }
 
         // apply ACEs of package

Modified: jackrabbit/commons/filevault/trunk/vault-core/src/test/java/org/apache/jackrabbit/vault/packaging/integration/TestACLAndMerge.java
URL: http://svn.apache.org/viewvc/jackrabbit/commons/filevault/trunk/vault-core/src/test/java/org/apache/jackrabbit/vault/packaging/integration/TestACLAndMerge.java?rev=1571867&r1=1571866&r2=1571867&view=diff
==============================================================================
--- jackrabbit/commons/filevault/trunk/vault-core/src/test/java/org/apache/jackrabbit/vault/packaging/integration/TestACLAndMerge.java
(original)
+++ jackrabbit/commons/filevault/trunk/vault-core/src/test/java/org/apache/jackrabbit/vault/packaging/integration/TestACLAndMerge.java
Tue Feb 25 23:42:37 2014
@@ -29,6 +29,7 @@ import javax.jcr.RepositoryException;
 import javax.jcr.Value;
 import javax.jcr.security.AccessControlEntry;
 import javax.jcr.security.AccessControlPolicy;
+import javax.jcr.security.AccessControlPolicyIterator;
 import javax.jcr.security.Privilege;
 
 import org.apache.jackrabbit.api.JackrabbitSession;
@@ -36,6 +37,7 @@ import org.apache.jackrabbit.api.securit
 import org.apache.jackrabbit.api.security.JackrabbitAccessControlList;
 import org.apache.jackrabbit.api.security.user.Authorizable;
 import org.apache.jackrabbit.api.security.user.UserManager;
+import org.apache.jackrabbit.core.security.principal.PrincipalImpl;
 import org.apache.jackrabbit.vault.fs.io.AccessControlHandling;
 import org.apache.jackrabbit.vault.fs.io.ImportOptions;
 import org.apache.jackrabbit.vault.packaging.JcrPackage;
@@ -337,6 +339,82 @@ public class TestACLAndMerge extends Int
         assertPermission("/testroot/secured", true, new String[]{"jcr:all"}, "missinguser",
null);
     }
 
+
+    /**
+     * Installs a package with repository level acl and then installs another that removes
them again.
+     */
+    @Test
+    public void testRepoACL() throws RepositoryException, IOException, PackageException {
+        removeRepoACL();
+
+        JcrPackage pack = packMgr.upload(getStream("testpackages/repo_policy.zip"), false);
+        assertNotNull(pack);
+        ImportOptions opts = getDefaultOptions();
+        opts.setAccessControlHandling(AccessControlHandling.OVERWRITE);
+        pack.install(opts);
+
+        // test if nodes and ACLs of first package exist
+        assertPermission(null, false, new String[]{"jcr:all"}, "everyone", null);
+        assertPermission(null, false, new String[]{"jcr:all"}, "testuser", null);
+
+        pack = packMgr.upload(getStream("testpackages/repo_no_policy.zip"), true);
+        assertNotNull(pack);
+        opts = getDefaultOptions();
+        opts.setAccessControlHandling(AccessControlHandling.OVERWRITE);
+        pack.install(opts);
+
+        assertPermissionMissing(null, false, new String[]{"jcr:all"}, "everyone", null);
+        assertPermissionMissing(null, false, new String[]{"jcr:all"}, "testuser", null);
+
+    }
+
+    /**
+     * Installs a package with repository level acl and then installs another that removes
them again.
+     */
+    @Test
+    public void testRepoACLMerge() throws RepositoryException, IOException, PackageException
{
+        removeRepoACL();
+        addACL(null, true, new String[]{"jcr:all"}, "testuser");
+        assertPermission(null, true, new String[]{"jcr:all"}, "testuser", null);
+        addACL(null, true, new String[]{"jcr:all"}, "testuser1");
+        assertPermission(null, true, new String[]{"jcr:all"}, "testuser1", null);
+
+        JcrPackage pack = packMgr.upload(getStream("testpackages/repo_policy.zip"), false);
+        assertNotNull(pack);
+        ImportOptions opts = getDefaultOptions();
+        opts.setAccessControlHandling(AccessControlHandling.MERGE);
+        pack.install(opts);
+
+        // test if nodes and ACLs of first package exist
+        assertPermission(null, false, new String[]{"jcr:all"}, "everyone", null);
+        assertPermission(null, false, new String[]{"jcr:all"}, "testuser", null);
+        assertPermission(null, true, new String[]{"jcr:all"}, "testuser1", null);
+    }
+
+    /**
+     * Installs a package with repository level acl and then installs another that removes
them again.
+     */
+    @Test
+    public void testRepoACLMergePreserve() throws RepositoryException, IOException, PackageException
{
+        removeRepoACL();
+        addACL(null, true, new String[]{"jcr:all"}, "testuser");
+        assertPermission(null, true, new String[]{"jcr:all"}, "testuser", null);
+        addACL(null, true, new String[]{"jcr:all"}, "testuser1");
+        assertPermission(null, true, new String[]{"jcr:all"}, "testuser1", null);
+
+        JcrPackage pack = packMgr.upload(getStream("testpackages/repo_policy.zip"), false);
+        assertNotNull(pack);
+        ImportOptions opts = getDefaultOptions();
+        opts.setAccessControlHandling(AccessControlHandling.MERGE_PRESERVE);
+        pack.install(opts);
+
+        // test if nodes and ACLs of first package exist
+        assertPermission(null, false, new String[]{"jcr:all"}, "everyone", null);
+        assertPermission(null, true, new String[]{"jcr:all"}, "testuser", null);
+        assertPermission(null, true, new String[]{"jcr:all"}, "testuser1", null);
+    }
+
+
     protected void assertPermissionMissing(String path, boolean allow, String[] privs, String
name, String globRest)
             throws RepositoryException {
         Map<String, String[]> restrictions = new HashMap<String, String[]>();
@@ -420,4 +498,48 @@ public class TestACLAndMerge extends Int
         }
         return -1;
     }
+
+    protected void removeRepoACL() throws RepositoryException {
+        AccessControlPolicy[] ap = admin.getAccessControlManager().getPolicies(null);
+        for (AccessControlPolicy p: ap) {
+            if (p instanceof JackrabbitAccessControlList) {
+                JackrabbitAccessControlList acl = (JackrabbitAccessControlList) p;
+                for (AccessControlEntry ac: acl.getAccessControlEntries()) {
+                    if (ac instanceof JackrabbitAccessControlEntry) {
+                        acl.removeAccessControlEntry(ac);
+                    }
+                }
+            }
+        }
+        admin.save();
+    }
+
+    protected void addACL(String path, boolean allow, String[] privs, String principal) throws
RepositoryException {
+        JackrabbitAccessControlList acl = null;
+        for (AccessControlPolicy p: admin.getAccessControlManager().getPolicies(path)) {
+            if (p instanceof JackrabbitAccessControlList) {
+                acl = (JackrabbitAccessControlList) p;
+                break;
+            }
+        }
+        if (acl == null) {
+            AccessControlPolicyIterator iter =  admin.getAccessControlManager().getApplicablePolicies(path);
+            while (iter.hasNext()) {
+                AccessControlPolicy p = iter.nextAccessControlPolicy();
+                if (p instanceof JackrabbitAccessControlList) {
+                    acl = (JackrabbitAccessControlList) p;
+                    break;
+                }
+            }
+        }
+        assertNotNull(acl);
+
+        Privilege[] ps = new Privilege[privs.length];
+        for (int i=0; i<privs.length; i++) {
+            ps[i] = admin.getAccessControlManager().privilegeFromName(privs[i]);
+        }
+        acl.addEntry(new PrincipalImpl(principal), ps, allow);
+        admin.getAccessControlManager().setPolicy(path, acl);
+        admin.save();
+    }
 }
\ No newline at end of file

Added: jackrabbit/commons/filevault/trunk/vault-core/src/test/resources/org/apache/jackrabbit/vault/packaging/integration/testpackages/repo_no_policy.zip
URL: http://svn.apache.org/viewvc/jackrabbit/commons/filevault/trunk/vault-core/src/test/resources/org/apache/jackrabbit/vault/packaging/integration/testpackages/repo_no_policy.zip?rev=1571867&view=auto
==============================================================================
Files jackrabbit/commons/filevault/trunk/vault-core/src/test/resources/org/apache/jackrabbit/vault/packaging/integration/testpackages/repo_no_policy.zip
(added) and jackrabbit/commons/filevault/trunk/vault-core/src/test/resources/org/apache/jackrabbit/vault/packaging/integration/testpackages/repo_no_policy.zip
Tue Feb 25 23:42:37 2014 differ

Added: jackrabbit/commons/filevault/trunk/vault-core/src/test/resources/org/apache/jackrabbit/vault/packaging/integration/testpackages/repo_policy.zip
URL: http://svn.apache.org/viewvc/jackrabbit/commons/filevault/trunk/vault-core/src/test/resources/org/apache/jackrabbit/vault/packaging/integration/testpackages/repo_policy.zip?rev=1571867&view=auto
==============================================================================
Files jackrabbit/commons/filevault/trunk/vault-core/src/test/resources/org/apache/jackrabbit/vault/packaging/integration/testpackages/repo_policy.zip
(added) and jackrabbit/commons/filevault/trunk/vault-core/src/test/resources/org/apache/jackrabbit/vault/packaging/integration/testpackages/repo_policy.zip
Tue Feb 25 23:42:37 2014 differ



Mime
View raw message