anchela commented on a change in pull request #14:
URL:
https://github.com/apache/sling-org-apache-sling-jcr-repoinit/pull/14#discussion_r610384026
##########
File path:
src/test/java/org/apache/sling/jcr/repoinit/PrincipalBasedAclTest.java
##########
@@ -485,10 +491,17 @@ public void
principalAclNotAvailableRestrictionMismatch() throws Exception {
Principal principal =
adminSession.getUserManager().getAuthorizable("otherSystemPrincipal").getPrincipal();
assertTrue(acMgr.hasPrivileges(path,
Collections.singleton(principal),
AccessControlUtils.privilegesFromNames(adminSession, Privilege.JCR_READ)));
+ // setting up principal-acl will not succeed (principal not
located below supported path)
+ // since effective entry doesn't match the restriction -> setup
must fail
setup = "set principal ACL for otherSystemPrincipal \n"
+ "allow jcr:read on " + path + "
restriction(rep:glob,*mismatch)\n"
+ "end";
- U.parseAndExecute(setup);
+ try {
+ U.parseAndExecute(setup);
+ fail("Setting a principal ACL outside a supported path must
not succeed");
+ } catch (RuntimeException e) {
+ // expected
Review comment:
see above
##########
File path:
src/test/java/org/apache/sling/jcr/repoinit/PrincipalBasedAclTest.java
##########
@@ -717,7 +729,7 @@ public void testRemovePrincipalMismatch() throws Exception {
U.parseAndExecute(setup);
fail("Expecting REMOVE to fail");
} catch(RuntimeException rex) {
- assertRegex(REMOVE_NOT_SUPPORTED_REGEX, rex.getMessage());
+ // expected
Review comment:
see above
##########
File path:
src/test/java/org/apache/sling/jcr/repoinit/PrincipalBasedAclTest.java
##########
@@ -537,15 +550,14 @@ public void
principalAclNotAvailableEntryWithRestrictionPresent() throws Except
U.parseAndExecute(setup);
// setting up principal-acl will not succeed (principal not
located below supported path)
- // but there exists an equivalent entry with the same definition
-> no exception
setup = "set principal ACL for otherSystemPrincipal \n"
+ "allow jcr:read on " + path + "
restriction(rep:glob,*abc*)\n"
+ "end";
- U.parseAndExecute(setup);
-
- Principal principal =
adminSession.getUserManager().getAuthorizable("otherSystemPrincipal").getPrincipal();
- for (AccessControlPolicy policy : acMgr.getPolicies(principal)) {
- assertFalse(policy instanceof PrincipalAccessControlList);
+ try {
+ U.parseAndExecute(setup);
+ fail("Setting a principal ACL outside a supported path must
not succeed");
+ } catch (RuntimeException e) {
+ // expected
Review comment:
see above
##########
File path:
src/test/java/org/apache/sling/jcr/repoinit/PrincipalBasedAclTest.java
##########
@@ -461,10 +461,16 @@ public void principalAclNotAvailable() throws Exception {
try {
// create service user outside of supported tree for
principal-based access control
U.parseAndExecute("create service user otherSystemPrincipal");
+ // principal-based ac-setup must fail as service user is not
located below supported path
String setup = "set principal ACL for otherSystemPrincipal \n"
+ "allow jcr:read on " + path + "\n"
+ "end";
- U.parseAndExecute(setup);
+ try {
+ U.parseAndExecute(setup);
+ fail("Setting a principal ACL outside a supported path must
not succeed");
+ } catch (RuntimeException e) {
+ // expected
Review comment:
i would verify the nature of the exception making sure that it is not
some other runtime exception but really the expected one.
##########
File path:
src/test/java/org/apache/sling/jcr/repoinit/PrincipalBasedAclTest.java
##########
@@ -565,16 +577,16 @@ public void
principalAclNotAvailableRepoLevelPermissions() throws Exception {
U.parseAndExecute(setup);
// setting up principal-acl will not succeed (principal not
located below supported path)
- // but there exists an equivalent entry with the same definition
-> no exception
setup = "set principal ACL for otherSystemPrincipal \n"
+ "allow jcr:namespaceManagement on :repository\n"
+ "end";
- U.parseAndExecute(setup);
-
- Principal principal =
adminSession.getUserManager().getAuthorizable("otherSystemPrincipal").getPrincipal();
- for (AccessControlPolicy policy : acMgr.getPolicies(principal)) {
- assertFalse(policy instanceof PrincipalAccessControlList);
+ try {
+ U.parseAndExecute(setup);
+ fail("Setting a principal ACL outside a supported path must
not succeed");
+ } catch (RuntimeException e) {
+ // expected
Review comment:
see above
##########
File path:
src/test/java/org/apache/sling/jcr/repoinit/PrincipalBasedAclTest.java
##########
@@ -588,17 +600,17 @@ public void principalAclNotAvailableNonExistingNode()
throws Exception {
U.parseAndExecute("create service user otherSystemPrincipal");
// setting up principal-acl will not succeed (principal not
located below supported path)
- // but since the target node does not exist we cannot verify if an
equivalent resource-based ac-setup exists
- // (AccessControlManager.getPolicies would fail with
PathNotFoundException) => relaxed behavior (SLING-9412)
+
String setup = "set principal ACL for otherSystemPrincipal \n"
+ "allow jcr:read on /non/existing/path\n"
+ "end";
- U.parseAndExecute(setup);
-
- Principal principal =
adminSession.getUserManager().getAuthorizable("otherSystemPrincipal").getPrincipal();
- for (AccessControlPolicy policy : acMgr.getPolicies(principal)) {
- assertFalse(policy instanceof PrincipalAccessControlList);
+ try {
+ U.parseAndExecute(setup);
+ fail("Setting a principal ACL outside a supported path must
not succeed");
+ } catch (RuntimeException e) {
+ // expected
Review comment:
see above
##########
File path:
src/test/java/org/apache/sling/jcr/repoinit/PrincipalBasedAclTest.java
##########
@@ -510,14 +523,14 @@ public void principalAclNotAvailableEntryPresent()
throws Exception {
assertTrue(acMgr.hasPrivileges(path,
Collections.singleton(principal),
AccessControlUtils.privilegesFromNames(adminSession, Privilege.JCR_READ)));
// setting up principal-acl will not succeed (principal not
located below supported path)
- // but there exists an effective entry with the same definition ->
no exception
setup = "set principal ACL for otherSystemPrincipal \n"
+ "allow jcr:read on " + path + "\n"
+ "end";
- U.parseAndExecute(setup);
-
- for (AccessControlPolicy policy : acMgr.getPolicies(principal)) {
- assertFalse(policy instanceof PrincipalAccessControlList);
+ try {
+ U.parseAndExecute(setup);
+ fail("Setting a principal ACL outside a supported path must
not succeed");
+ } catch (RuntimeException e) {
+ // expected
Review comment:
see above
##########
File path:
src/test/java/org/apache/sling/jcr/repoinit/PrincipalBasedAclTest.java
##########
@@ -852,7 +864,12 @@ public void testRemoveAllPrincipalMismatch() throws
Exception {
setup = "set principal ACL for otherSystemPrincipal\n"
+ "remove * on " + path + "\n"
+ "end";
- U.parseAndExecute(setup);
+ try {
+ U.parseAndExecute(setup);
+ fail("Setting a principal ACL outside a supported path must not
succeed");
+ } catch (RuntimeException e) {
+ // expected
Review comment:
see above
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
