This is an automated email from the ASF dual-hosted git repository.
enorman pushed a commit to branch master
in repository
https://gitbox.apache.org/repos/asf/sling-org-apache-sling-launchpad-integration-tests.git
The following commit(s) were added to refs/heads/master by this push:
new 767c800 SLING-7835 PrivilegesInfo#getEffectiveAccessControlEntries
returns incorrect information
767c800 is described below
commit 767c8001f7ec0e074ffa69ed50c0595ac9809139
Author: Eric Norman <[email protected]>
AuthorDate: Sun Aug 19 13:26:30 2018 -0700
SLING-7835 PrivilegesInfo#getEffectiveAccessControlEntries returns
incorrect information
---
.../accessManager/AccessPrivilegesInfoTest.java | 186 +++++++++++++++++++++
.../accessmanager/privileges-info.json.esp | 99 ++++++++++-
2 files changed, 276 insertions(+), 9 deletions(-)
diff --git
a/src/main/java/org/apache/sling/launchpad/webapp/integrationtest/accessManager/AccessPrivilegesInfoTest.java
b/src/main/java/org/apache/sling/launchpad/webapp/integrationtest/accessManager/AccessPrivilegesInfoTest.java
index a4476ae..13a9017 100644
---
a/src/main/java/org/apache/sling/launchpad/webapp/integrationtest/accessManager/AccessPrivilegesInfoTest.java
+++
b/src/main/java/org/apache/sling/launchpad/webapp/integrationtest/accessManager/AccessPrivilegesInfoTest.java
@@ -18,6 +18,7 @@ package
org.apache.sling.launchpad.webapp.integrationtest.accessManager;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertNotNull;
+import static org.junit.Assert.assertNull;
import java.io.IOException;
import java.util.ArrayList;
@@ -26,6 +27,7 @@ import java.util.List;
import java.util.Random;
import java.util.Set;
+import javax.json.JsonArray;
import javax.json.JsonException;
import javax.json.JsonObject;
import javax.servlet.http.HttpServletResponse;
@@ -44,6 +46,7 @@ public class AccessPrivilegesInfoTest {
private static Random random = new Random(System.currentTimeMillis());
String testUserId = null;
+ String testUserId2 = null;
String testGroupId = null;
String testFolderUrl = null;
Set<String> toDelete = new HashSet<String>();
@@ -87,6 +90,12 @@ public class AccessPrivilegesInfoTest {
List<NameValuePair> postParams = new
ArrayList<NameValuePair>();
H.assertAuthenticatedPostStatus(creds, postUrl,
HttpServletResponse.SC_OK, postParams, null);
}
+ if (testUserId2 != null) {
+ //remove the test user if it exists.
+ String postUrl = HttpTest.HTTP_BASE_URL +
"/system/userManager/user/" + testUserId2 + ".delete.html";
+ List<NameValuePair> postParams = new
ArrayList<NameValuePair>();
+ H.assertAuthenticatedPostStatus(creds, postUrl,
HttpServletResponse.SC_OK, postParams, null);
+ }
for(String script : toDelete) {
H.getTestClient().delete(script);
@@ -331,4 +340,181 @@ public class AccessPrivilegesInfoTest {
JsonObject jsonObj = JsonUtil.parseObject(json);
assertEquals(true, jsonObj.getBoolean("canDelete"));
}
+
+ /**
+ * Test for SLING-2600, PrivilegesInfo#getDeclaredAccessRights returns
incorrect information
+ */
+ @Test
+ public void testDeclaredAclForUser() throws IOException, JsonException {
+ testUserId = H.createTestUser();
+ testUserId2 = H.createTestUser();
+
+ testFolderUrl = H.createTestFolder("{ \"jcr:primaryType\":
\"nt:unstructured\", \"propOne\" : \"propOneValue\", \"child\" : {
\"childPropOne\" : true } }");
+
+ String postUrl = testFolderUrl + ".modifyAce.html";
+
+ //1. create an initial set of privileges
+ List<NameValuePair> postParams = new ArrayList<NameValuePair>();
+ postParams.add(new NameValuePair("principalId", testUserId));
+ postParams.add(new NameValuePair("privilege@jcr:write",
"granted"));
+
+ Credentials creds = new UsernamePasswordCredentials("admin",
"admin");
+ H.assertAuthenticatedPostStatus(creds, postUrl,
HttpServletResponse.SC_OK, postParams, null);
+
+ postParams = new ArrayList<NameValuePair>();
+ postParams.add(new NameValuePair("principalId", testUserId2));
+ postParams.add(new NameValuePair("privilege@jcr:write",
"granted"));
+
+ H.assertAuthenticatedPostStatus(creds, postUrl,
HttpServletResponse.SC_OK, postParams, null);
+
+ postParams = new ArrayList<NameValuePair>();
+ postParams.add(new NameValuePair("principalId", testUserId2));
+ postParams.add(new
NameValuePair("privilege@jcr:lockManagement", "granted"));
+
+ postUrl = testFolderUrl + "/child.modifyAce.html";
+ H.assertAuthenticatedPostStatus(creds, postUrl,
HttpServletResponse.SC_OK, postParams, null);
+
+
+ //fetch the JSON for the eacl to verify the settings.
+ String getUrl = testFolderUrl + "/child.privileges-info.json";
+ Credentials testUserCreds = new
UsernamePasswordCredentials("admin", "admin");
+ String json = H.getAuthenticatedContent(testUserCreds, getUrl,
HttpTest.CONTENT_TYPE_JSON, null, HttpServletResponse.SC_OK);
+ assertNotNull(json);
+ JsonObject jsonObject = JsonUtil.parseObject(json);
+ jsonObject = jsonObject.getJsonObject("declaredAccessRights");
+
+ assertNull(jsonObject.get(testUserId));
+
+ JsonObject aceObject2 = jsonObject.getJsonObject(testUserId2);
+ assertNotNull(aceObject2);
+
+ JsonArray grantedArray2 = aceObject2.getJsonArray("granted");
+ assertNotNull(grantedArray2);
+ assertEquals(1, grantedArray2.size());
+ Set<String> grantedPrivilegeNames2 = new HashSet<String>();
+ for (int i=0; i < grantedArray2.size(); i++) {
+ grantedPrivilegeNames2.add(grantedArray2.getString(i));
+ }
+ H.assertPrivilege(grantedPrivilegeNames2, true,
"jcr:lockManagement");
+
+ JsonArray deniedArray2 = aceObject2.getJsonArray("denied");
+ assertNotNull(deniedArray2);
+ assertEquals(0, deniedArray2.size());
+
+
+ getUrl = testFolderUrl + ".privileges-info.json";
+ json = H.getAuthenticatedContent(testUserCreds, getUrl,
HttpTest.CONTENT_TYPE_JSON, null, HttpServletResponse.SC_OK);
+ assertNotNull(json);
+ jsonObject = JsonUtil.parseObject(json);
+ jsonObject = jsonObject.getJsonObject("declaredAccessRights");
+
+ JsonObject aceObject = jsonObject.getJsonObject(testUserId);
+ assertNotNull(aceObject);
+
+ JsonArray grantedArray = aceObject.getJsonArray("granted");
+ assertNotNull(grantedArray);
+ assertEquals(1, grantedArray.size());
+ Set<String> grantedPrivilegeNames = new HashSet<String>();
+ for (int i=0; i < grantedArray.size(); i++) {
+ grantedPrivilegeNames.add(grantedArray.getString(i));
+ }
+ H.assertPrivilege(grantedPrivilegeNames,true,"jcr:write");
+
+ JsonArray deniedArray = aceObject.getJsonArray("denied");
+ assertNotNull(deniedArray);
+ assertEquals(0, deniedArray.size());
+
+ aceObject2 = jsonObject.getJsonObject(testUserId2);
+ assertNotNull(aceObject2);
+
+ grantedArray2 = aceObject2.getJsonArray("granted");
+ assertNotNull(grantedArray2);
+ assertEquals(1, grantedArray2.size());
+ grantedPrivilegeNames2 = new HashSet<String>();
+ for (int i=0; i < grantedArray2.size(); i++) {
+ grantedPrivilegeNames2.add(grantedArray2.getString(i));
+ }
+ H.assertPrivilege(grantedPrivilegeNames2, true, "jcr:write");
+
+ deniedArray2 = aceObject2.getJsonArray("denied");
+ assertNotNull(deniedArray2);
+ assertEquals(0, deniedArray2.size());
+ }
+
+ /**
+ * Test for SLING-2600, PrivilegesInfo#getEffectiveAccessRights returns
incorrect information
+ */
+ @Test
+ public void testEffectiveAclForUser() throws IOException, JsonException
{
+ testUserId = H.createTestUser();
+ testUserId2 = H.createTestUser();
+
+ testFolderUrl = H.createTestFolder("{ \"jcr:primaryType\":
\"nt:unstructured\", \"propOne\" : \"propOneValue\", \"child\" : {
\"childPropOne\" : true } }");
+
+ String postUrl = testFolderUrl + ".modifyAce.html";
+
+ //1. create an initial set of privileges
+ List<NameValuePair> postParams = new ArrayList<NameValuePair>();
+ postParams.add(new NameValuePair("principalId", testUserId));
+ postParams.add(new NameValuePair("privilege@jcr:write",
"granted"));
+
+ Credentials creds = new UsernamePasswordCredentials("admin",
"admin");
+ H.assertAuthenticatedPostStatus(creds, postUrl,
HttpServletResponse.SC_OK, postParams, null);
+
+ postParams = new ArrayList<NameValuePair>();
+ postParams.add(new NameValuePair("principalId", testUserId2));
+ postParams.add(new NameValuePair("privilege@jcr:write",
"granted"));
+
+ H.assertAuthenticatedPostStatus(creds, postUrl,
HttpServletResponse.SC_OK, postParams, null);
+
+ postParams = new ArrayList<NameValuePair>();
+ postParams.add(new NameValuePair("principalId", testUserId2));
+ postParams.add(new
NameValuePair("privilege@jcr:lockManagement", "granted"));
+
+ postUrl = testFolderUrl + "/child.modifyAce.html";
+ H.assertAuthenticatedPostStatus(creds, postUrl,
HttpServletResponse.SC_OK, postParams, null);
+
+
+ //fetch the JSON for the eacl to verify the settings.
+ String getUrl = testFolderUrl + "/child.privileges-info.json";
+ Credentials testUserCreds = new
UsernamePasswordCredentials("admin", "admin");
+ String json = H.getAuthenticatedContent(testUserCreds, getUrl,
HttpTest.CONTENT_TYPE_JSON, null, HttpServletResponse.SC_OK);
+ assertNotNull(json);
+ JsonObject jsonObject = JsonUtil.parseObject(json);
+ jsonObject = jsonObject.getJsonObject("effectiveAccessRights");
+
+ JsonObject aceObject = jsonObject.getJsonObject(testUserId);
+ assertNotNull(aceObject);
+
+ JsonArray grantedArray = aceObject.getJsonArray("granted");
+ assertNotNull(grantedArray);
+ assertEquals(1, grantedArray.size());
+ Set<String> grantedPrivilegeNames = new HashSet<String>();
+ for (int i=0; i < grantedArray.size(); i++) {
+ grantedPrivilegeNames.add(grantedArray.getString(i));
+ }
+ H.assertPrivilege(grantedPrivilegeNames,true,"jcr:write");
+
+ JsonArray deniedArray = aceObject.getJsonArray("denied");
+ assertNotNull(deniedArray);
+ assertEquals(0, deniedArray.size());
+
+ JsonObject aceObject2 = jsonObject.getJsonObject(testUserId2);
+ assertNotNull(aceObject2);
+
+ JsonArray grantedArray2 = aceObject2.getJsonArray("granted");
+ assertNotNull(grantedArray2);
+ assertEquals(2, grantedArray2.size());
+ Set<String> grantedPrivilegeNames2 = new HashSet<String>();
+ for (int i=0; i < grantedArray2.size(); i++) {
+ grantedPrivilegeNames2.add(grantedArray2.getString(i));
+ }
+ H.assertPrivilege(grantedPrivilegeNames2, true, "jcr:write");
+ H.assertPrivilege(grantedPrivilegeNames2, true,
"jcr:lockManagement");
+
+ JsonArray deniedArray2 = aceObject2.getJsonArray("denied");
+ assertNotNull(deniedArray2);
+ assertEquals(0, deniedArray2.size());
+ }
+
}
diff --git
a/src/main/resources/integration-test/accessmanager/privileges-info.json.esp
b/src/main/resources/integration-test/accessmanager/privileges-info.json.esp
index 1fcd010..01b32b6 100644
--- a/src/main/resources/integration-test/accessmanager/privileges-info.json.esp
+++ b/src/main/resources/integration-test/accessmanager/privileges-info.json.esp
@@ -18,13 +18,94 @@
* under the License.
*/
- var privilegesInfo = new
Packages.org.apache.sling.jcr.jackrabbit.accessmanager.PrivilegesInfo();
-%>
-{
- "canAddChildren" : <%=privilegesInfo.canAddChildren(currentNode)%>,
- "canDeleteChildren" :
<%=privilegesInfo.canDeleteChildren(currentNode)%>,
- "canDelete" : <%=privilegesInfo.canDelete(currentNode)%>,
- "canModifyProperties" :
<%=privilegesInfo.canModifyProperties(currentNode)%>,
- "canReadAccessControl" :
<%=privilegesInfo.canReadAccessControl(currentNode)%>,
- "canModifyAccessControl" :
<%=privilegesInfo.canModifyAccessControl(currentNode)%>
+var factory =
Packages.javax.json.Json.createBuilderFactory(Packages.java.util.Collections.emptyMap());
+var jsonObjBuilder = factory.createObjectBuilder();
+
+var privilegesInfo = new
Packages.org.apache.sling.jcr.jackrabbit.accessmanager.PrivilegesInfo();
+
+jsonObjBuilder.add("canAddChildren",
privilegesInfo.canAddChildren(currentNode));
+jsonObjBuilder.add("canDeleteChildren",
privilegesInfo.canDeleteChildren(currentNode));
+jsonObjBuilder.add("canDelete", privilegesInfo.canDelete(currentNode));
+jsonObjBuilder.add("canModifyProperties",
privilegesInfo.canModifyProperties(currentNode));
+jsonObjBuilder.add("canReadAccessControl",
privilegesInfo.canReadAccessControl(currentNode));
+jsonObjBuilder.add("canModifyAccessControl",
privilegesInfo.canModifyAccessControl(currentNode));
+
+if (privilegesInfo.canReadAccessControl(currentNode)) {
+ var declaredBuilder = factory.createObjectBuilder();
+ var declared = privilegesInfo.getDeclaredAccessRights(currentNode);
+ if (declared != null) {
+ var iterator = declared.entrySet().iterator();
+ while (iterator.hasNext()) {
+ var next = iterator.next();
+ var principal = next.getKey();
+ var accessRights = next.getValue();
+
+ var entryBuilder = factory.createObjectBuilder();
+
+ var grantedBuilder = factory.createArrayBuilder();
+ var granted = accessRights.getGranted();
+ var grantedIt = granted.iterator();
+ while (grantedIt.hasNext()) {
+ var next = grantedIt.next();
+ var name = next.getName();
+ grantedBuilder.add(name);
+ }
+ entryBuilder.add("granted", grantedBuilder);
+
+ var deniedBuilder = factory.createArrayBuilder();
+ var denied = accessRights.getDenied();
+ var deniedIt = denied.iterator();
+ while (deniedIt.hasNext()) {
+ var next = deniedIt.next();
+ var name = next.getName();
+ deniedBuilder.add(name);
+ }
+ entryBuilder.add("denied", deniedBuilder);
+
+ declaredBuilder.add(principal.getName(), entryBuilder);
+ }
+ }
+ jsonObjBuilder.add("declaredAccessRights", declaredBuilder);
+
+ var effectiveBuilder = factory.createObjectBuilder();
+ var effective = privilegesInfo.getEffectiveAccessRights(currentNode);
+ if (effective != null) {
+ var iterator = effective.entrySet().iterator();
+ while (iterator.hasNext()) {
+ var next = iterator.next();
+ var principal = next.getKey();
+ var accessRights = next.getValue();
+
+ var entryBuilder = factory.createObjectBuilder();
+
+ var grantedBuilder = factory.createArrayBuilder();
+ var granted = accessRights.getGranted();
+ var grantedIt = granted.iterator();
+ while (grantedIt.hasNext()) {
+ var next = grantedIt.next();
+ var name = next.getName();
+ grantedBuilder.add(name);
+ }
+ entryBuilder.add("granted", grantedBuilder);
+
+ var deniedBuilder = factory.createArrayBuilder();
+ var denied = accessRights.getDenied();
+ var deniedIt = denied.iterator();
+ while (deniedIt.hasNext()) {
+ var next = deniedIt.next();
+ var name = next.getName();
+ deniedBuilder.add(name);
+ }
+ entryBuilder.add("denied", deniedBuilder);
+
+ effectiveBuilder.add(principal.getName(), entryBuilder);
+ }
+ }
+ jsonObjBuilder.add("effectiveAccessRights", effectiveBuilder);
}
+
+var jsonObj = jsonObjBuilder.build();
+var jsonWriter = Packages.javax.json.Json.createWriter(response.getWriter());
+jsonWriter.writeObject(jsonObj);
+jsonWriter.close();
+%>
\ No newline at end of file
