Author: enorman
Date: Sun Oct 7 01:48:44 2012
New Revision: 1395204
URL: http://svn.apache.org/viewvc?rev=1395204&view=rev
Log:
SLING-2600 Effective ACL servlet returns incorrect information
Added:
sling/trunk/launchpad/integration-tests/src/main/java/org/apache/sling/launchpad/webapp/integrationtest/accessManager/GetAclTest.java
Modified:
sling/trunk/bundles/jcr/jackrabbit-accessmanager/src/main/java/org/apache/sling/jcr/jackrabbit/accessmanager/post/AbstractAccessPostServlet.java
sling/trunk/bundles/jcr/jackrabbit-accessmanager/src/main/java/org/apache/sling/jcr/jackrabbit/accessmanager/post/GetAclServlet.java
sling/trunk/bundles/jcr/jackrabbit-accessmanager/src/main/java/org/apache/sling/jcr/jackrabbit/accessmanager/post/GetEffectiveAclServlet.java
sling/trunk/launchpad/integration-tests/src/main/java/org/apache/sling/launchpad/webapp/integrationtest/accessManager/AbstractAccessManagerTest.java
sling/trunk/launchpad/integration-tests/src/main/java/org/apache/sling/launchpad/webapp/integrationtest/servlets/post/SlingDateValuesTest.java
Modified:
sling/trunk/bundles/jcr/jackrabbit-accessmanager/src/main/java/org/apache/sling/jcr/jackrabbit/accessmanager/post/AbstractAccessPostServlet.java
URL:
http://svn.apache.org/viewvc/sling/trunk/bundles/jcr/jackrabbit-accessmanager/src/main/java/org/apache/sling/jcr/jackrabbit/accessmanager/post/AbstractAccessPostServlet.java?rev=1395204&r1=1395203&r2=1395204&view=diff
==============================================================================
---
sling/trunk/bundles/jcr/jackrabbit-accessmanager/src/main/java/org/apache/sling/jcr/jackrabbit/accessmanager/post/AbstractAccessPostServlet.java
(original)
+++
sling/trunk/bundles/jcr/jackrabbit-accessmanager/src/main/java/org/apache/sling/jcr/jackrabbit/accessmanager/post/AbstractAccessPostServlet.java
Sun Oct 7 01:48:44 2012
@@ -96,6 +96,8 @@ public abstract class AbstractAccessPost
case COPY : htmlResponse.onCopied(change.getSource(),
change.getDestination()); break;
case CREATE : htmlResponse.onCreated(change.getSource());
break;
case ORDER : htmlResponse.onChange("ordered",
change.getSource(), change.getDestination()); break;
+ default:
+ break;
}
}
Modified:
sling/trunk/bundles/jcr/jackrabbit-accessmanager/src/main/java/org/apache/sling/jcr/jackrabbit/accessmanager/post/GetAclServlet.java
URL:
http://svn.apache.org/viewvc/sling/trunk/bundles/jcr/jackrabbit-accessmanager/src/main/java/org/apache/sling/jcr/jackrabbit/accessmanager/post/GetAclServlet.java?rev=1395204&r1=1395203&r2=1395204&view=diff
==============================================================================
---
sling/trunk/bundles/jcr/jackrabbit-accessmanager/src/main/java/org/apache/sling/jcr/jackrabbit/accessmanager/post/GetAclServlet.java
(original)
+++
sling/trunk/bundles/jcr/jackrabbit-accessmanager/src/main/java/org/apache/sling/jcr/jackrabbit/accessmanager/post/GetAclServlet.java
Sun Oct 7 01:48:44 2012
@@ -16,6 +16,9 @@
*/
package org.apache.sling.jcr.jackrabbit.accessmanager.post;
+import java.util.ArrayList;
+import java.util.List;
+
import javax.jcr.RepositoryException;
import javax.jcr.Session;
import javax.jcr.security.AccessControlEntry;
@@ -131,13 +134,16 @@ public class GetAclServlet extends Abstr
protected AccessControlEntry[] getAccessControlEntries(Session session,
String absPath) throws RepositoryException {
AccessControlManager accessControlManager =
AccessControlUtil.getAccessControlManager(session);
AccessControlPolicy[] policies =
accessControlManager.getPolicies(absPath);
+ List<AccessControlEntry> allEntries = new
ArrayList<AccessControlEntry>();
for (AccessControlPolicy accessControlPolicy : policies) {
if (accessControlPolicy instanceof AccessControlList) {
AccessControlEntry[] accessControlEntries =
((AccessControlList)accessControlPolicy).getAccessControlEntries();
- return accessControlEntries;
+ for (AccessControlEntry accessControlEntry :
accessControlEntries) {
+ allEntries.add(accessControlEntry);
+ }
}
}
- return new AccessControlEntry[0];
+ return allEntries.toArray(new AccessControlEntry[allEntries.size()]);
}
}
Modified:
sling/trunk/bundles/jcr/jackrabbit-accessmanager/src/main/java/org/apache/sling/jcr/jackrabbit/accessmanager/post/GetEffectiveAclServlet.java
URL:
http://svn.apache.org/viewvc/sling/trunk/bundles/jcr/jackrabbit-accessmanager/src/main/java/org/apache/sling/jcr/jackrabbit/accessmanager/post/GetEffectiveAclServlet.java?rev=1395204&r1=1395203&r2=1395204&view=diff
==============================================================================
---
sling/trunk/bundles/jcr/jackrabbit-accessmanager/src/main/java/org/apache/sling/jcr/jackrabbit/accessmanager/post/GetEffectiveAclServlet.java
(original)
+++
sling/trunk/bundles/jcr/jackrabbit-accessmanager/src/main/java/org/apache/sling/jcr/jackrabbit/accessmanager/post/GetEffectiveAclServlet.java
Sun Oct 7 01:48:44 2012
@@ -16,6 +16,9 @@
*/
package org.apache.sling.jcr.jackrabbit.accessmanager.post;
+import java.util.ArrayList;
+import java.util.List;
+
import javax.jcr.RepositoryException;
import javax.jcr.Session;
import javax.jcr.security.AccessControlEntry;
@@ -131,13 +134,16 @@ public class GetEffectiveAclServlet exte
protected AccessControlEntry[] getAccessControlEntries(Session session,
String absPath) throws RepositoryException {
AccessControlManager accessControlManager =
AccessControlUtil.getAccessControlManager(session);
AccessControlPolicy[] policies =
accessControlManager.getEffectivePolicies(absPath);
+ List<AccessControlEntry> allEntries = new
ArrayList<AccessControlEntry>();
for (AccessControlPolicy accessControlPolicy : policies) {
if (accessControlPolicy instanceof AccessControlList) {
AccessControlEntry[] accessControlEntries =
((AccessControlList)accessControlPolicy).getAccessControlEntries();
- return accessControlEntries;
+ for (AccessControlEntry accessControlEntry :
accessControlEntries) {
+ allEntries.add(accessControlEntry);
+ }
}
}
- return new AccessControlEntry[0];
+ return allEntries.toArray(new AccessControlEntry[allEntries.size()]);
}
}
Modified:
sling/trunk/launchpad/integration-tests/src/main/java/org/apache/sling/launchpad/webapp/integrationtest/accessManager/AbstractAccessManagerTest.java
URL:
http://svn.apache.org/viewvc/sling/trunk/launchpad/integration-tests/src/main/java/org/apache/sling/launchpad/webapp/integrationtest/accessManager/AbstractAccessManagerTest.java?rev=1395204&r1=1395203&r2=1395204&view=diff
==============================================================================
---
sling/trunk/launchpad/integration-tests/src/main/java/org/apache/sling/launchpad/webapp/integrationtest/accessManager/AbstractAccessManagerTest.java
(original)
+++
sling/trunk/launchpad/integration-tests/src/main/java/org/apache/sling/launchpad/webapp/integrationtest/accessManager/AbstractAccessManagerTest.java
Sun Oct 7 01:48:44 2012
@@ -17,6 +17,8 @@
package org.apache.sling.launchpad.webapp.integrationtest.accessManager;
import java.io.IOException;
+import java.util.HashMap;
+import java.util.Map;
import java.util.Random;
import javax.servlet.http.HttpServletResponse;
@@ -46,4 +48,31 @@ public abstract class AbstractAccessMana
return location;
}
+
+ protected String createTestFolder(String jsonContent) throws
IOException {
+ final String testPath = TEST_BASE_PATH;
+ Map<String, String> props = new HashMap<String, String>();
+ String testNode = testClient.createNode(HTTP_BASE_URL + testPath,
props);
+ urlsToDelete.add(testNode);
+
+ props.clear();
+ props.put(SlingPostConstants.RP_OPERATION,
+ SlingPostConstants.OPERATION_IMPORT);
+
+ String testNodeName = "testNode_" + String.valueOf(random.nextInt());
+ props.put(SlingPostConstants.RP_NODE_NAME_HINT, testNodeName);
+ props.put(SlingPostConstants.RP_CONTENT, jsonContent);
+ props.put(SlingPostConstants.RP_CONTENT_TYPE, "json");
+ props.put(SlingPostConstants.RP_REDIRECT_TO, SERVLET_CONTEXT +
testPath + "/*");
+ String location = testClient.createNode(HTTP_BASE_URL + testPath,
props);
+
+ assertHttpStatus(location + DEFAULT_EXT, HttpServletResponse.SC_OK,
+ "POST must redirect to created resource (" + location + ")");
+ assertTrue("Node (" + location + ") must have generated name",
+ !location.endsWith("/*"));
+ assertTrue("Node (" + location + ") must created be under POST URL ("
+ testPath + ")",
+ location.contains(testPath + "/"));
+
+ return location;
+ }
}
Added:
sling/trunk/launchpad/integration-tests/src/main/java/org/apache/sling/launchpad/webapp/integrationtest/accessManager/GetAclTest.java
URL:
http://svn.apache.org/viewvc/sling/trunk/launchpad/integration-tests/src/main/java/org/apache/sling/launchpad/webapp/integrationtest/accessManager/GetAclTest.java?rev=1395204&view=auto
==============================================================================
---
sling/trunk/launchpad/integration-tests/src/main/java/org/apache/sling/launchpad/webapp/integrationtest/accessManager/GetAclTest.java
(added)
+++
sling/trunk/launchpad/integration-tests/src/main/java/org/apache/sling/launchpad/webapp/integrationtest/accessManager/GetAclTest.java
Sun Oct 7 01:48:44 2012
@@ -0,0 +1,140 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.sling.launchpad.webapp.integrationtest.accessManager;
+
+import java.io.IOException;
+import java.util.ArrayList;
+import java.util.HashSet;
+import java.util.List;
+import java.util.Set;
+
+import javax.servlet.http.HttpServletResponse;
+
+import org.apache.commons.httpclient.Credentials;
+import org.apache.commons.httpclient.NameValuePair;
+import org.apache.commons.httpclient.UsernamePasswordCredentials;
+import org.apache.sling.commons.json.JSONArray;
+import org.apache.sling.commons.json.JSONException;
+import org.apache.sling.commons.json.JSONObject;
+
+/**
+ * Tests for the 'acl' and 'eacl' Sling Get Operation
+ */
+public class GetAclTest extends AbstractAccessManagerTest {
+
+ String testUserId = null;
+ String testUserId2 = null;
+
+ @Override
+ protected void tearDown() throws Exception {
+ super.tearDown();
+
+ Credentials creds = new UsernamePasswordCredentials("admin",
"admin");
+
+ if (testUserId != null) {
+ //remove the test user if it exists.
+ String postUrl = HTTP_BASE_URL +
"/system/userManager/user/" + testUserId + ".delete.html";
+ List<NameValuePair> postParams = new
ArrayList<NameValuePair>();
+ assertAuthenticatedPostStatus(creds, postUrl,
HttpServletResponse.SC_OK, postParams, null);
+ }
+ if (testUserId2 != null) {
+ //remove the test user if it exists.
+ String postUrl = HTTP_BASE_URL +
"/system/userManager/user/" + testUserId2 + ".delete.html";
+ List<NameValuePair> postParams = new
ArrayList<NameValuePair>();
+ assertAuthenticatedPostStatus(creds, postUrl,
HttpServletResponse.SC_OK, postParams, null);
+ }
+ }
+
+ /**
+ * Test for SLING-2600, Effective ACL servlet returns incorrect
information
+ */
+ public void testEffectiveAclForUser() throws IOException, JSONException
{
+ testUserId = createTestUser();
+ testUserId2 = createTestUser();
+
+ String testFolderUrl = createTestFolder("{ 'jcr:primaryType':
'nt:unstructured', 'propOne' : 'propOneValue', 'child' : { 'childPropOne' :
true } }");
+
+ String postUrl = testFolderUrl + ".modifyAce.html";
+
+ //1. create an initial set of privileges
+ List<NameValuePair> postParams = new ArrayList<NameValuePair>();
+ postParams.add(new NameValuePair("principalId", testUserId));
+ postParams.add(new NameValuePair("privilege@jcr:write",
"granted"));
+
+ Credentials creds = new UsernamePasswordCredentials("admin",
"admin");
+ assertAuthenticatedPostStatus(creds, postUrl,
HttpServletResponse.SC_OK, postParams, null);
+
+ postParams = new ArrayList<NameValuePair>();
+ postParams.add(new NameValuePair("principalId", testUserId2));
+ postParams.add(new NameValuePair("privilege@jcr:write",
"granted"));
+
+ assertAuthenticatedPostStatus(creds, postUrl,
HttpServletResponse.SC_OK, postParams, null);
+
+ postParams = new ArrayList<NameValuePair>();
+ postParams.add(new NameValuePair("principalId", testUserId2));
+ postParams.add(new
NameValuePair("privilege@jcr:lockManagement", "granted"));
+
+ postUrl = testFolderUrl + "/child.modifyAce.html";
+ assertAuthenticatedPostStatus(creds, postUrl,
HttpServletResponse.SC_OK, postParams, null);
+
+
+ //fetch the JSON for the eacl to verify the settings.
+ String getUrl = testFolderUrl + "/child.eacl.json";
+
+ String json = getAuthenticatedContent(creds, getUrl,
CONTENT_TYPE_JSON, null, HttpServletResponse.SC_OK);
+ assertNotNull(json);
+ JSONObject jsonObject = new JSONObject(json);
+
+ JSONObject aceObject = jsonObject.optJSONObject(testUserId);
+ assertNotNull(aceObject);
+
+ String principalString = aceObject.optString("principal");
+ assertEquals(testUserId, principalString);
+
+ JSONArray grantedArray = aceObject.optJSONArray("granted");
+ assertNotNull(grantedArray);
+ assertEquals(1, grantedArray.length());
+ Set<String> grantedPrivilegeNames = new HashSet<String>();
+ for (int i=0; i < grantedArray.length(); i++) {
+ grantedPrivilegeNames.add(grantedArray.getString(i));
+ }
+ assertTrue(grantedPrivilegeNames.contains("jcr:write"));
+
+ JSONArray deniedArray = aceObject.optJSONArray("denied");
+ assertNull(deniedArray);
+
+ JSONObject aceObject2 = jsonObject.optJSONObject(testUserId2);
+ assertNotNull(aceObject2);
+
+ String principalString2 = aceObject2.optString("principal");
+ assertEquals(testUserId2, principalString2);
+
+ JSONArray grantedArray2 = aceObject2.optJSONArray("granted");
+ assertNotNull(grantedArray2);
+ assertEquals(2, grantedArray2.length());
+ Set<String> grantedPrivilegeNames2 = new HashSet<String>();
+ for (int i=0; i < grantedArray2.length(); i++) {
+ grantedPrivilegeNames2.add(grantedArray2.getString(i));
+ }
+ assertTrue(grantedPrivilegeNames2.contains("jcr:write"));
+
assertTrue(grantedPrivilegeNames2.contains("jcr:lockManagement"));
+
+ JSONArray deniedArray2 = aceObject2.optJSONArray("denied");
+ assertNull(deniedArray2);
+
+ }
+}
Modified:
sling/trunk/launchpad/integration-tests/src/main/java/org/apache/sling/launchpad/webapp/integrationtest/servlets/post/SlingDateValuesTest.java
URL:
http://svn.apache.org/viewvc/sling/trunk/launchpad/integration-tests/src/main/java/org/apache/sling/launchpad/webapp/integrationtest/servlets/post/SlingDateValuesTest.java?rev=1395204&r1=1395203&r2=1395204&view=diff
==============================================================================
---
sling/trunk/launchpad/integration-tests/src/main/java/org/apache/sling/launchpad/webapp/integrationtest/servlets/post/SlingDateValuesTest.java
(original)
+++
sling/trunk/launchpad/integration-tests/src/main/java/org/apache/sling/launchpad/webapp/integrationtest/servlets/post/SlingDateValuesTest.java
Sun Oct 7 01:48:44 2012
@@ -19,9 +19,7 @@ package org.apache.sling.launchpad.webap
import java.io.IOException;
import java.text.SimpleDateFormat;
import java.util.Date;
-import java.util.HashMap;
import java.util.Locale;
-import java.util.Map;
import org.apache.sling.commons.testing.integration.HttpTestBase;
import org.apache.sling.commons.testing.integration.NameValuePairList;
