jackrabbit-oak-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ang...@apache.org
Subject svn commit: r1504510 - in /jackrabbit/oak/trunk/oak-core/src: main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlManagerImpl.java test/java/org/apache/jackrabbit/oak/security/authorization/AccessControlManagerImplTest.java
Date Thu, 18 Jul 2013 16:22:49 GMT
Author: angela
Date: Thu Jul 18 16:22:48 2013
New Revision: 1504510

URL: http://svn.apache.org/r1504510
Log:
OAK-921 : Failure on AccessControlManagerImpl.getPrivileges for rep:policy nodes

Modified:
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlManagerImpl.java
    jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/AccessControlManagerImplTest.java

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlManagerImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlManagerImpl.java?rev=1504510&r1=1504509&r2=1504510&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlManagerImpl.java
(original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlManagerImpl.java
Thu Jul 18 16:22:48 2013
@@ -134,7 +134,7 @@ public class AccessControlManagerImpl im
     @Nonnull
     @Override
     public Privilege[] getSupportedPrivileges(@Nullable String absPath) throws RepositoryException
{
-        getTree(getOakPath(absPath), Permissions.NO_PERMISSION);
+        getTree(getOakPath(absPath), Permissions.NO_PERMISSION, false);
         return privilegeManager.getRegisteredPrivileges();
     }
 
@@ -146,7 +146,7 @@ public class AccessControlManagerImpl im
 
     @Override
     public boolean hasPrivileges(@Nullable String absPath, @Nullable Privilege[] privileges)
throws RepositoryException {
-        return hasPrivileges(absPath, privileges, getPermissionProvider(), Permissions.NO_PERMISSION);
+        return hasPrivileges(absPath, privileges, getPermissionProvider(), Permissions.NO_PERMISSION,
false);
     }
 
     @Nonnull
@@ -159,7 +159,7 @@ public class AccessControlManagerImpl im
     @Override
     public AccessControlPolicy[] getPolicies(@Nullable String absPath) throws RepositoryException
{
         String oakPath = getOakPath(absPath);
-        Tree tree = getTree(oakPath, Permissions.READ_ACCESS_CONTROL);
+        Tree tree = getTree(oakPath, Permissions.READ_ACCESS_CONTROL, true);
         AccessControlPolicy policy = createACL(oakPath, tree, false);
 
         List<AccessControlPolicy> policies = new ArrayList<AccessControlPolicy>(2);
@@ -176,7 +176,7 @@ public class AccessControlManagerImpl im
     @Override
     public AccessControlPolicy[] getEffectivePolicies(@Nullable String absPath) throws RepositoryException
{
         String oakPath = getOakPath(absPath);
-        Tree tree = getTree(oakPath, Permissions.READ_ACCESS_CONTROL);
+        Tree tree = getTree(oakPath, Permissions.READ_ACCESS_CONTROL, true);
 
         Root r = root.getContentSession().getLatestRoot();
         tree = r.getTree(tree.getPath());
@@ -207,7 +207,7 @@ public class AccessControlManagerImpl im
     @Override
     public AccessControlPolicyIterator getApplicablePolicies(@Nullable String absPath) throws
RepositoryException {
         String oakPath = getOakPath(absPath);
-        Tree tree = getTree(oakPath, Permissions.READ_ACCESS_CONTROL);
+        Tree tree = getTree(oakPath, Permissions.READ_ACCESS_CONTROL, true);
 
         AccessControlPolicy policy = null;
         Tree aclTree = getAclTree(oakPath, tree);
@@ -242,7 +242,7 @@ public class AccessControlManagerImpl im
         if (policy instanceof PrincipalACL) {
             setPrincipalBasedAcl((PrincipalACL) policy);
         } else {
-            Tree tree = getTree(oakPath, Permissions.MODIFY_ACCESS_CONTROL);
+            Tree tree = getTree(oakPath, Permissions.MODIFY_ACCESS_CONTROL, true);
             setNodeBasedAcl(oakPath, tree, (ACL) policy);
         }
     }
@@ -262,7 +262,7 @@ public class AccessControlManagerImpl im
         // add new entries
         for (ACE ace : toAdd) {
             String path = getNodePath(ace);
-            Tree tree = getTree(path, Permissions.MODIFY_ACCESS_CONTROL);
+            Tree tree = getTree(path, Permissions.MODIFY_ACCESS_CONTROL, true);
 
             ACL acl = (ACL) createACL(path, tree, false);
             if (acl == null) {
@@ -282,7 +282,7 @@ public class AccessControlManagerImpl im
         // remove entries that are not longer present in the acl to write
         for (ACE ace : toRemove) {
             String path = getNodePath(ace);
-            Tree tree = getTree(path, Permissions.MODIFY_ACCESS_CONTROL);
+            Tree tree = getTree(path, Permissions.MODIFY_ACCESS_CONTROL, true);
 
             ACL acl = (ACL) createACL(path, tree, false);
             if (acl != null) {
@@ -328,7 +328,8 @@ public class AccessControlManagerImpl im
             PrincipalACL principalAcl = (PrincipalACL) policy;
             for (ACE ace : principalAcl.getEntries()) {
                 String path = getNodePath(ace);
-                Tree aclTree = getAclTree(path, getTree(path, Permissions.MODIFY_ACCESS_CONTROL));
+                Tree tree = getTree(path, Permissions.MODIFY_ACCESS_CONTROL, true);
+                Tree aclTree = getAclTree(path, tree);
                 if (aclTree == null) {
                     throw new AccessControlException("Unable to retrieve policy node at "
+ path);
                 }
@@ -344,7 +345,7 @@ public class AccessControlManagerImpl im
                 }
             }
         } else {
-            Tree tree = getTree(oakPath, Permissions.MODIFY_ACCESS_CONTROL);
+            Tree tree = getTree(oakPath, Permissions.MODIFY_ACCESS_CONTROL, true);
             Tree aclTree = getAclTree(oakPath, tree);
             if (aclTree != null) {
                 aclTree.remove();
@@ -418,7 +419,7 @@ public class AccessControlManagerImpl im
             return hasPrivileges(absPath, privileges);
         } else {
             PermissionProvider provider = acConfig.getPermissionProvider(root, principals);
-            return hasPrivileges(absPath, privileges, provider, Permissions.READ_ACCESS_CONTROL);
+            return hasPrivileges(absPath, privileges, provider, Permissions.READ_ACCESS_CONTROL,
false);
         }
     }
 
@@ -447,7 +448,7 @@ public class AccessControlManagerImpl im
     }
 
     @Nonnull
-    private Tree getTree(@Nullable String oakPath, long permissions) throws RepositoryException
{
+    private Tree getTree(@Nullable String oakPath, long permissions, boolean checkAcContent)
throws RepositoryException {
         Tree tree = (oakPath == null) ? root.getTree("/") : root.getTree(oakPath);
         if (!tree.exists()) {
             throw new PathNotFoundException("No tree at " + oakPath);
@@ -455,10 +456,10 @@ public class AccessControlManagerImpl im
         if (permissions != Permissions.NO_PERMISSION) {
             // check permissions
             checkPermissions((oakPath == null) ? null : tree, permissions);
-            // check if the tree is access controlled
-            if (acConfig.getContext().definesTree(tree)) {
-                throw new AccessControlException("Tree " + tree.getPath() + " defines access
control content.");
-            }
+        }
+        // check if the tree defines access controlled content
+        if (checkAcContent && acConfig.getContext().definesTree(tree)) {
+            throw new AccessControlException("Tree " + tree.getPath() + " defines access
control content.");
         }
         return tree;
     }
@@ -648,7 +649,7 @@ public class AccessControlManagerImpl im
                 checkPermissions(null, permissions);
             }
         } else {
-            tree = getTree(getOakPath(absPath), permissions);
+            tree = getTree(getOakPath(absPath), permissions, false);
         }
         Set<String> pNames = provider.getPrivileges(tree);
         if (pNames.isEmpty()) {
@@ -663,7 +664,8 @@ public class AccessControlManagerImpl im
     }
 
     private boolean hasPrivileges(@Nullable String absPath, @Nullable Privilege[] privileges,
-                                  @Nonnull PermissionProvider provider, long permissions)
throws RepositoryException {
+                                  @Nonnull PermissionProvider provider, long permissions,
+                                  boolean checkAcContent) throws RepositoryException {
         Tree tree;
         if (absPath == null) {
             tree = null;
@@ -671,7 +673,7 @@ public class AccessControlManagerImpl im
                 checkPermissions(null, permissions);
             }
         } else {
-            tree = getTree(getOakPath(absPath), permissions);
+            tree = getTree(getOakPath(absPath), permissions, checkAcContent);
         }
         if (privileges == null || privileges.length == 0) {
             // null or empty privilege array -> return true

Modified: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/AccessControlManagerImplTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/AccessControlManagerImplTest.java?rev=1504510&r1=1504509&r2=1504510&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/AccessControlManagerImplTest.java
(original)
+++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/AccessControlManagerImplTest.java
Thu Jul 18 16:22:48 2013
@@ -324,6 +324,19 @@ public class AccessControlManagerImplTes
         }
     }
 
+    @Test
+    public void testGetSupportedForPrivilegesAcContent() throws Exception {
+        List<Privilege> allPrivileges = Arrays.asList(getPrivilegeManager(root).getRegisteredPrivileges());
+
+        for (String acPath : getAcContentPaths()) {
+            Privilege[] supported = acMgr.getSupportedPrivileges(acPath);
+
+            assertNotNull(supported);
+            assertEquals(allPrivileges.size(), supported.length);
+            assertTrue(allPrivileges.containsAll(Arrays.asList(supported)));
+        }
+    }
+
     //--------------------------------------------------< privilegeFromName >---
     @Test
     public void testPrivilegeFromName() throws Exception {
@@ -620,6 +633,15 @@ public class AccessControlManagerImplTes
         }
     }
 
+    @Test
+    public void testGetPrivilegesForPrincipalsAccessControlledNodePath() throws Exception
{
+        Set<Principal> testPrincipals = ImmutableSet.of(testPrincipal);
+        Privilege[] expected = new Privilege[0];
+        for (String path : getAcContentPaths()) {
+            assertArrayEquals(expected, acMgr.getPrivileges(path, testPrincipals));
+        }
+    }
+
     /**
      * @since OAK 1.0 As of OAK AccessControlManager#hasPrivilege will throw
      * PathNotFoundException in case the node associated with a given path is



Mime
View raw message