This is an automated email from the ASF dual-hosted git repository.
dulvac pushed a commit to branch master
in repository
https://gitbox.apache.org/repos/asf/sling-org-apache-sling-jcr-repoinit.git
The following commit(s) were added to refs/heads/master by this push:
new 55aa500 SLING-9449 Repoinit AclUtil#setPrincipalAcl replace exception
with log
55aa500 is described below
commit 55aa500da6805482d6972330e37125eacedaca8f
Author: Andrei Dulvac <[email protected]>
AuthorDate: Wed May 13 17:09:37 2020 +0200
SLING-9449 Repoinit AclUtil#setPrincipalAcl replace exception with log
---
src/main/java/org/apache/sling/jcr/repoinit/impl/AclUtil.java | 7 +++++--
.../java/org/apache/sling/jcr/repoinit/PrincipalBasedAclTest.java | 7 ++-----
2 files changed, 7 insertions(+), 7 deletions(-)
diff --git a/src/main/java/org/apache/sling/jcr/repoinit/impl/AclUtil.java
b/src/main/java/org/apache/sling/jcr/repoinit/impl/AclUtil.java
index 6c568fa..a57a042 100644
--- a/src/main/java/org/apache/sling/jcr/repoinit/impl/AclUtil.java
+++ b/src/main/java/org/apache/sling/jcr/repoinit/impl/AclUtil.java
@@ -170,7 +170,7 @@ public class AclUtil {
Principal principal = AccessControlUtils.getPrincipal(session,
principalName);
if (principal == null) {
// due to transient nature of the repo-init the principal lookup
may not succeed if completed through query
- // -> save transitent changes and retry principal lookup
+ // -> save transient changes and retry principal lookup
session.save();
principal = AccessControlUtils.getPrincipal(session,
principalName);
checkState(principal != null, "Principal not found: " +
principalName);
@@ -188,7 +188,10 @@ public class AclUtil {
// no PrincipalAccessControlList available: don't fail if
an equivalent path-based entry with the same definition exists
// or if there exists no node at the effective path
(unable to evaluate path-based entries).
LOG.info("No PrincipalAccessControlList available for
principal {}", principal);
- checkState(containsEquivalentEntry(session, effectivePath,
principal, privileges, true, line.getRestrictions()), "No
PrincipalAccessControlList available for principal '" + principal + "'.");
+ if (!containsEquivalentEntry(session, effectivePath,
principal, privileges, true, line.getRestrictions())) {
+ LOG.warn("No equivalent path-based entry exists for
principal {} and effective path {} ", principal.getName(), effectivePath);
+ return;
+ }
} else {
LocalRestrictions restrictions =
createLocalRestrictions(line.getRestrictions(), acl, session);
boolean added = acl.addEntry(effectivePath, privileges,
restrictions.getRestrictions(), restrictions.getMVRestrictions());
diff --git
a/src/test/java/org/apache/sling/jcr/repoinit/PrincipalBasedAclTest.java
b/src/test/java/org/apache/sling/jcr/repoinit/PrincipalBasedAclTest.java
index 19a1270..751a420 100644
--- a/src/test/java/org/apache/sling/jcr/repoinit/PrincipalBasedAclTest.java
+++ b/src/test/java/org/apache/sling/jcr/repoinit/PrincipalBasedAclTest.java
@@ -460,12 +460,11 @@ public class PrincipalBasedAclTest {
assertEquals(2, pacl.size());
}
- @Test(expected = RuntimeException.class)
+ @Test
public void principalAclNotAvailable() throws Exception {
try {
// create service user outside of supported tree for
principal-based access control
U.parseAndExecute("create service user otherSystemPrincipal");
- // principal-based ac-setup must fail as service user is not
located below supported path
String setup = "set principal ACL for otherSystemPrincipal \n"
+ "allow jcr:read on " + path + "\n"
+ "end";
@@ -475,7 +474,7 @@ public class PrincipalBasedAclTest {
}
}
- @Test(expected = RuntimeException.class)
+ @Test
public void principalAclNotAvailableRestrictionMismatch() throws
Exception {
JackrabbitAccessControlManager acMgr =
(JackrabbitAccessControlManager) adminSession.getAccessControlManager();
try {
@@ -490,8 +489,6 @@ public class PrincipalBasedAclTest {
Principal principal =
adminSession.getUserManager().getAuthorizable("otherSystemPrincipal").getPrincipal();
assertTrue(acMgr.hasPrivileges(path,
Collections.singleton(principal),
AccessControlUtils.privilegesFromNames(adminSession, Privilege.JCR_READ)));
- // setting up principal-acl will not succeed (principal not
located below supported path)
- // since effective entry doesn't match the restriction -> setup
must fail
setup = "set principal ACL for otherSystemPrincipal \n"
+ "allow jcr:read on " + path + "
restriction(rep:glob,*mismatch)\n"
+ "end";