Author: angela
Date: Wed Jun 26 12:50:11 2013
New Revision: 1496908
URL: http://svn.apache.org/r1496908
Log:
OAK-873 : Wrong readStatus resolution when using glob restriction and write
permission
Modified:
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/CompiledPermissionImpl.java
jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/authorization/ReadTest.java
Modified:
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/CompiledPermissionImpl.java
URL:
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/CompiledPermissionImpl.java?rev=1496908&r1=1496907&r2=1496908&view=diff
==============================================================================
---
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/CompiledPermissionImpl.java
(original)
+++
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/CompiledPermissionImpl.java
Wed Jun 26 12:50:11 2013
@@ -474,8 +474,6 @@ class CompiledPermissionImpl implements
private final Iterator<PermissionEntry> it;
- private PermissionEntry latestEntry;
-
private EntryIterator(@Nonnull Map<Key, PermissionEntry> entries,
@Nonnull final Tree tree, @Nullable final
PropertyState property) {
it = Iterators.transform(
@@ -497,18 +495,8 @@ class CompiledPermissionImpl implements
@Override
public PermissionEntry next() {
- if (latestEntry != null && latestEntry.next != null) {
- // skip entries on the iterator
- while (it.hasNext()) {
- if (it.next() == latestEntry.next) {
- break;
- }
- }
- latestEntry = latestEntry.next;
- } else {
- latestEntry = it.next();
- }
- return latestEntry;
+ // FIXME: use 'next' field in permission entry to skip siblings
+ return it.next();
}
@Override
Modified:
jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/authorization/ReadTest.java
URL:
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/authorization/ReadTest.java?rev=1496908&r1=1496907&r2=1496908&view=diff
==============================================================================
---
jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/authorization/ReadTest.java
(original)
+++
jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/authorization/ReadTest.java
Wed Jun 26 12:50:11 2013
@@ -378,4 +378,37 @@ public class ReadTest extends AbstractEv
superuser.save();
}
}
+
+ @Test
+ public void testGlobRestriction4()throws Exception{
+ Node a = superuser.getNode(path).addNode("a");
+ allow(path, readPrivileges);
+ deny(path, readPrivileges, createGlobRestriction("*/anotherpath"));
+
+ String aPath = a.getPath();
+ assertTrue(testSession.nodeExists(aPath));
+ Node n = testSession.getNode(aPath);
+
+ Node test = testSession.getNode(path);
+ assertTrue(test.hasNode("a"));
+ Node n2 = test.getNode("a");
+ assertTrue(n.isSame(n2));
+ }
+
+ @Test
+ public void testGlobRestriction5()throws Exception{
+ Node a = superuser.getNode(path).addNode("a");
+ allow(path, readPrivileges);
+ deny(path, readPrivileges, createGlobRestriction("*/anotherpath"));
+ allow(a.getPath(), repWritePrivileges);
+
+ String aPath = a.getPath();
+ assertTrue(testSession.nodeExists(aPath));
+ Node n = testSession.getNode(aPath);
+
+ Node test = testSession.getNode(path);
+ assertTrue(test.hasNode("a"));
+ Node n2 = test.getNode("a");
+ assertTrue(n.isSame(n2));
+ }
}
