This is an automated email from the ASF dual-hosted git repository.

dulvac pushed a commit to branch master
in repository 
https://gitbox.apache.org/repos/asf/sling-org-apache-sling-jcr-repoinit.git


The following commit(s) were added to refs/heads/master by this push:
     new 55aa500  SLING-9449 Repoinit AclUtil#setPrincipalAcl replace exception 
with log
55aa500 is described below

commit 55aa500da6805482d6972330e37125eacedaca8f
Author: Andrei Dulvac <[email protected]>
AuthorDate: Wed May 13 17:09:37 2020 +0200

    SLING-9449 Repoinit AclUtil#setPrincipalAcl replace exception with log
---
 src/main/java/org/apache/sling/jcr/repoinit/impl/AclUtil.java      | 7 +++++--
 .../java/org/apache/sling/jcr/repoinit/PrincipalBasedAclTest.java  | 7 ++-----
 2 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/src/main/java/org/apache/sling/jcr/repoinit/impl/AclUtil.java 
b/src/main/java/org/apache/sling/jcr/repoinit/impl/AclUtil.java
index 6c568fa..a57a042 100644
--- a/src/main/java/org/apache/sling/jcr/repoinit/impl/AclUtil.java
+++ b/src/main/java/org/apache/sling/jcr/repoinit/impl/AclUtil.java
@@ -170,7 +170,7 @@ public class AclUtil {
         Principal principal = AccessControlUtils.getPrincipal(session, 
principalName);
         if (principal == null) {
             // due to transient nature of the repo-init the principal lookup 
may not succeed if completed through query
-            // -> save transitent changes and retry principal lookup
+            // -> save transient changes and retry principal lookup
             session.save();
             principal = AccessControlUtils.getPrincipal(session, 
principalName);
             checkState(principal != null, "Principal not found: " + 
principalName);
@@ -188,7 +188,10 @@ public class AclUtil {
                     // no PrincipalAccessControlList available: don't fail if 
an equivalent path-based entry with the same definition exists
                     // or if there exists no node at the effective path 
(unable to evaluate path-based entries).
                     LOG.info("No PrincipalAccessControlList available for 
principal {}", principal);
-                    checkState(containsEquivalentEntry(session, effectivePath, 
principal, privileges, true, line.getRestrictions()), "No 
PrincipalAccessControlList available for principal '" + principal + "'.");
+                    if (!containsEquivalentEntry(session, effectivePath, 
principal, privileges, true, line.getRestrictions())) {
+                        LOG.warn("No equivalent path-based entry exists for 
principal {} and effective path {} ", principal.getName(), effectivePath);
+                        return;
+                    }
                 } else {
                     LocalRestrictions restrictions = 
createLocalRestrictions(line.getRestrictions(), acl, session);
                     boolean added = acl.addEntry(effectivePath, privileges, 
restrictions.getRestrictions(), restrictions.getMVRestrictions());
diff --git 
a/src/test/java/org/apache/sling/jcr/repoinit/PrincipalBasedAclTest.java 
b/src/test/java/org/apache/sling/jcr/repoinit/PrincipalBasedAclTest.java
index 19a1270..751a420 100644
--- a/src/test/java/org/apache/sling/jcr/repoinit/PrincipalBasedAclTest.java
+++ b/src/test/java/org/apache/sling/jcr/repoinit/PrincipalBasedAclTest.java
@@ -460,12 +460,11 @@ public class PrincipalBasedAclTest {
         assertEquals(2, pacl.size());
     }
 
-    @Test(expected = RuntimeException.class)
+    @Test
     public void  principalAclNotAvailable() throws Exception {
         try {
             // create service user outside of supported tree for 
principal-based access control
             U.parseAndExecute("create service user otherSystemPrincipal");
-            // principal-based ac-setup must fail as service user is not 
located below supported path
             String setup = "set principal ACL for otherSystemPrincipal \n"
                             + "allow jcr:read on " + path + "\n"
                             + "end";
@@ -475,7 +474,7 @@ public class PrincipalBasedAclTest {
         }
     }
 
-    @Test(expected = RuntimeException.class)
+    @Test
     public void  principalAclNotAvailableRestrictionMismatch() throws 
Exception {
         JackrabbitAccessControlManager acMgr = 
(JackrabbitAccessControlManager) adminSession.getAccessControlManager();
         try {
@@ -490,8 +489,6 @@ public class PrincipalBasedAclTest {
             Principal principal = 
adminSession.getUserManager().getAuthorizable("otherSystemPrincipal").getPrincipal();
             assertTrue(acMgr.hasPrivileges(path, 
Collections.singleton(principal), 
AccessControlUtils.privilegesFromNames(adminSession, Privilege.JCR_READ)));
 
-            // setting up principal-acl will not succeed (principal not 
located below supported path)
-            // since effective entry doesn't match the restriction -> setup 
must fail
             setup = "set principal ACL for otherSystemPrincipal \n"
                     + "allow jcr:read on " + path + " 
restriction(rep:glob,*mismatch)\n"
                     + "end";

Reply via email to