Author: angela
Date: Thu Jul 18 16:22:48 2013
New Revision: 1504510
URL: http://svn.apache.org/r1504510
Log:
OAK-921 : Failure on AccessControlManagerImpl.getPrivileges for rep:policy nodes
Modified:
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlManagerImpl.java
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/AccessControlManagerImplTest.java
Modified:
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlManagerImpl.java
URL:
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlManagerImpl.java?rev=1504510&r1=1504509&r2=1504510&view=diff
==============================================================================
---
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlManagerImpl.java
(original)
+++
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlManagerImpl.java
Thu Jul 18 16:22:48 2013
@@ -134,7 +134,7 @@ public class AccessControlManagerImpl im
@Nonnull
@Override
public Privilege[] getSupportedPrivileges(@Nullable String absPath) throws
RepositoryException {
- getTree(getOakPath(absPath), Permissions.NO_PERMISSION);
+ getTree(getOakPath(absPath), Permissions.NO_PERMISSION, false);
return privilegeManager.getRegisteredPrivileges();
}
@@ -146,7 +146,7 @@ public class AccessControlManagerImpl im
@Override
public boolean hasPrivileges(@Nullable String absPath, @Nullable
Privilege[] privileges) throws RepositoryException {
- return hasPrivileges(absPath, privileges, getPermissionProvider(),
Permissions.NO_PERMISSION);
+ return hasPrivileges(absPath, privileges, getPermissionProvider(),
Permissions.NO_PERMISSION, false);
}
@Nonnull
@@ -159,7 +159,7 @@ public class AccessControlManagerImpl im
@Override
public AccessControlPolicy[] getPolicies(@Nullable String absPath) throws
RepositoryException {
String oakPath = getOakPath(absPath);
- Tree tree = getTree(oakPath, Permissions.READ_ACCESS_CONTROL);
+ Tree tree = getTree(oakPath, Permissions.READ_ACCESS_CONTROL, true);
AccessControlPolicy policy = createACL(oakPath, tree, false);
List<AccessControlPolicy> policies = new
ArrayList<AccessControlPolicy>(2);
@@ -176,7 +176,7 @@ public class AccessControlManagerImpl im
@Override
public AccessControlPolicy[] getEffectivePolicies(@Nullable String
absPath) throws RepositoryException {
String oakPath = getOakPath(absPath);
- Tree tree = getTree(oakPath, Permissions.READ_ACCESS_CONTROL);
+ Tree tree = getTree(oakPath, Permissions.READ_ACCESS_CONTROL, true);
Root r = root.getContentSession().getLatestRoot();
tree = r.getTree(tree.getPath());
@@ -207,7 +207,7 @@ public class AccessControlManagerImpl im
@Override
public AccessControlPolicyIterator getApplicablePolicies(@Nullable String
absPath) throws RepositoryException {
String oakPath = getOakPath(absPath);
- Tree tree = getTree(oakPath, Permissions.READ_ACCESS_CONTROL);
+ Tree tree = getTree(oakPath, Permissions.READ_ACCESS_CONTROL, true);
AccessControlPolicy policy = null;
Tree aclTree = getAclTree(oakPath, tree);
@@ -242,7 +242,7 @@ public class AccessControlManagerImpl im
if (policy instanceof PrincipalACL) {
setPrincipalBasedAcl((PrincipalACL) policy);
} else {
- Tree tree = getTree(oakPath, Permissions.MODIFY_ACCESS_CONTROL);
+ Tree tree = getTree(oakPath, Permissions.MODIFY_ACCESS_CONTROL,
true);
setNodeBasedAcl(oakPath, tree, (ACL) policy);
}
}
@@ -262,7 +262,7 @@ public class AccessControlManagerImpl im
// add new entries
for (ACE ace : toAdd) {
String path = getNodePath(ace);
- Tree tree = getTree(path, Permissions.MODIFY_ACCESS_CONTROL);
+ Tree tree = getTree(path, Permissions.MODIFY_ACCESS_CONTROL, true);
ACL acl = (ACL) createACL(path, tree, false);
if (acl == null) {
@@ -282,7 +282,7 @@ public class AccessControlManagerImpl im
// remove entries that are not longer present in the acl to write
for (ACE ace : toRemove) {
String path = getNodePath(ace);
- Tree tree = getTree(path, Permissions.MODIFY_ACCESS_CONTROL);
+ Tree tree = getTree(path, Permissions.MODIFY_ACCESS_CONTROL, true);
ACL acl = (ACL) createACL(path, tree, false);
if (acl != null) {
@@ -328,7 +328,8 @@ public class AccessControlManagerImpl im
PrincipalACL principalAcl = (PrincipalACL) policy;
for (ACE ace : principalAcl.getEntries()) {
String path = getNodePath(ace);
- Tree aclTree = getAclTree(path, getTree(path,
Permissions.MODIFY_ACCESS_CONTROL));
+ Tree tree = getTree(path, Permissions.MODIFY_ACCESS_CONTROL,
true);
+ Tree aclTree = getAclTree(path, tree);
if (aclTree == null) {
throw new AccessControlException("Unable to retrieve
policy node at " + path);
}
@@ -344,7 +345,7 @@ public class AccessControlManagerImpl im
}
}
} else {
- Tree tree = getTree(oakPath, Permissions.MODIFY_ACCESS_CONTROL);
+ Tree tree = getTree(oakPath, Permissions.MODIFY_ACCESS_CONTROL,
true);
Tree aclTree = getAclTree(oakPath, tree);
if (aclTree != null) {
aclTree.remove();
@@ -418,7 +419,7 @@ public class AccessControlManagerImpl im
return hasPrivileges(absPath, privileges);
} else {
PermissionProvider provider = acConfig.getPermissionProvider(root,
principals);
- return hasPrivileges(absPath, privileges, provider,
Permissions.READ_ACCESS_CONTROL);
+ return hasPrivileges(absPath, privileges, provider,
Permissions.READ_ACCESS_CONTROL, false);
}
}
@@ -447,7 +448,7 @@ public class AccessControlManagerImpl im
}
@Nonnull
- private Tree getTree(@Nullable String oakPath, long permissions) throws
RepositoryException {
+ private Tree getTree(@Nullable String oakPath, long permissions, boolean
checkAcContent) throws RepositoryException {
Tree tree = (oakPath == null) ? root.getTree("/") :
root.getTree(oakPath);
if (!tree.exists()) {
throw new PathNotFoundException("No tree at " + oakPath);
@@ -455,10 +456,10 @@ public class AccessControlManagerImpl im
if (permissions != Permissions.NO_PERMISSION) {
// check permissions
checkPermissions((oakPath == null) ? null : tree, permissions);
- // check if the tree is access controlled
- if (acConfig.getContext().definesTree(tree)) {
- throw new AccessControlException("Tree " + tree.getPath() + "
defines access control content.");
- }
+ }
+ // check if the tree defines access controlled content
+ if (checkAcContent && acConfig.getContext().definesTree(tree)) {
+ throw new AccessControlException("Tree " + tree.getPath() + "
defines access control content.");
}
return tree;
}
@@ -648,7 +649,7 @@ public class AccessControlManagerImpl im
checkPermissions(null, permissions);
}
} else {
- tree = getTree(getOakPath(absPath), permissions);
+ tree = getTree(getOakPath(absPath), permissions, false);
}
Set<String> pNames = provider.getPrivileges(tree);
if (pNames.isEmpty()) {
@@ -663,7 +664,8 @@ public class AccessControlManagerImpl im
}
private boolean hasPrivileges(@Nullable String absPath, @Nullable
Privilege[] privileges,
- @Nonnull PermissionProvider provider, long
permissions) throws RepositoryException {
+ @Nonnull PermissionProvider provider, long
permissions,
+ boolean checkAcContent) throws
RepositoryException {
Tree tree;
if (absPath == null) {
tree = null;
@@ -671,7 +673,7 @@ public class AccessControlManagerImpl im
checkPermissions(null, permissions);
}
} else {
- tree = getTree(getOakPath(absPath), permissions);
+ tree = getTree(getOakPath(absPath), permissions, checkAcContent);
}
if (privileges == null || privileges.length == 0) {
// null or empty privilege array -> return true
Modified:
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/AccessControlManagerImplTest.java
URL:
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/AccessControlManagerImplTest.java?rev=1504510&r1=1504509&r2=1504510&view=diff
==============================================================================
---
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/AccessControlManagerImplTest.java
(original)
+++
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/AccessControlManagerImplTest.java
Thu Jul 18 16:22:48 2013
@@ -324,6 +324,19 @@ public class AccessControlManagerImplTes
}
}
+ @Test
+ public void testGetSupportedForPrivilegesAcContent() throws Exception {
+ List<Privilege> allPrivileges =
Arrays.asList(getPrivilegeManager(root).getRegisteredPrivileges());
+
+ for (String acPath : getAcContentPaths()) {
+ Privilege[] supported = acMgr.getSupportedPrivileges(acPath);
+
+ assertNotNull(supported);
+ assertEquals(allPrivileges.size(), supported.length);
+ assertTrue(allPrivileges.containsAll(Arrays.asList(supported)));
+ }
+ }
+
//--------------------------------------------------< privilegeFromName
>---
@Test
public void testPrivilegeFromName() throws Exception {
@@ -620,6 +633,15 @@ public class AccessControlManagerImplTes
}
}
+ @Test
+ public void testGetPrivilegesForPrincipalsAccessControlledNodePath()
throws Exception {
+ Set<Principal> testPrincipals = ImmutableSet.of(testPrincipal);
+ Privilege[] expected = new Privilege[0];
+ for (String path : getAcContentPaths()) {
+ assertArrayEquals(expected, acMgr.getPrivileges(path,
testPrincipals));
+ }
+ }
+
/**
* @since OAK 1.0 As of OAK AccessControlManager#hasPrivilege will throw
* PathNotFoundException in case the node associated with a given path is
