Author: mduerig
Date: Fri Jul 26 09:00:30 2013
New Revision: 1507225
URL: http://svn.apache.org/r1507225
Log:
OAK-929: Permission changes not visible on root after refresh
Cleanup root node after test run
Modified:
jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/authorization/ReadTest.java
Modified:
jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/authorization/ReadTest.java
URL:
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/authorization/ReadTest.java?rev=1507225&r1=1507224&r2=1507225&view=diff
==============================================================================
---
jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/authorization/ReadTest.java
(original)
+++
jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/authorization/ReadTest.java
Fri Jul 26 09:00:30 2013
@@ -19,6 +19,7 @@ package org.apache.jackrabbit.oak.jcr.se
import static org.junit.Assert.assertArrayEquals;
import java.security.Principal;
+import java.util.Collections;
import java.util.HashSet;
import java.util.Set;
@@ -27,9 +28,11 @@ import javax.jcr.PathNotFoundException;
import javax.jcr.RepositoryException;
import javax.jcr.Session;
import javax.jcr.security.AccessControlEntry;
+import javax.jcr.security.AccessControlList;
import javax.jcr.security.Privilege;
import javax.jcr.util.TraversingItemVisitor;
+import com.google.common.collect.Sets;
import org.apache.jackrabbit.api.security.JackrabbitAccessControlManager;
import org.apache.jackrabbit.api.security.user.Group;
import org.apache.jackrabbit.oak.security.authorization.AccessControlUtils;
@@ -140,6 +143,7 @@ public class ReadTest extends AbstractEv
@Test
public void testDenyRoot() throws Exception {
+ Set<AccessControlEntry> acesBefore = getACEs("/");
try {
deny("/", readPrivileges);
testSession.getRootNode();
@@ -147,7 +151,29 @@ public class ReadTest extends AbstractEv
} catch (Exception e) {
// expected exception
} finally {
- allow("/", readPrivileges);
+ restoreAces("/", acesBefore);
+ }
+ }
+
+ private Set<AccessControlEntry> getACEs(String path) throws
RepositoryException {
+ AccessControlList acl =
AccessControlUtils.getAccessControlList(superuser, path);
+ Set<AccessControlEntry> acesBefore = Sets.newHashSet();
+ if (acl != null) {
+ Collections.addAll(acesBefore, acl.getAccessControlEntries());
+ }
+ return acesBefore;
+ }
+
+ private void restoreAces(String path, Set<AccessControlEntry> acesToKeep)
throws RepositoryException {
+ AccessControlList acl =
AccessControlUtils.getAccessControlList(superuser, path);
+ if (acl != null) {
+ for (AccessControlEntry ace : acl.getAccessControlEntries()) {
+ if (!acesToKeep.contains(ace)) {
+ acl.removeAccessControlEntry(ace);
+ }
+ }
+ acMgr.setPolicy("/", acl);
+ superuser.save();
}
}
@@ -159,8 +185,6 @@ public class ReadTest extends AbstractEv
fail("nodet should not be accessible");
} catch (Exception e) {
// expected exception
- } finally {
- allow(path, readPrivileges);
}
}
