Author: angela
Date: Mon Sep 30 15:31:56 2013
New Revision: 1527612
URL: http://svn.apache.org/r1527612
Log:
OAK-1054 : Folder containing an admin user should not be removed
Modified:
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserValidator.java
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/UserValidatorTest.java
Modified:
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserValidator.java
URL:
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserValidator.java?rev=1527612&r1=1527611&r2=1527612&view=diff
==============================================================================
---
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserValidator.java
(original)
+++
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserValidator.java
Mon Sep 30 15:31:56 2013
@@ -56,7 +56,7 @@ class UserValidator extends DefaultValid
this.parentAfter = parentAfter;
this.provider = provider;
- authorizableType = UserUtil.getType(parentAfter);
+ authorizableType = (parentAfter == null) ? null :
UserUtil.getType(parentAfter);
}
//----------------------------------------------------------< Validator
>---
@@ -149,12 +149,17 @@ class UserValidator extends DefaultValid
@Override
public Validator childNodeDeleted(String name, NodeState before) throws
CommitFailedException {
- Tree node = parentBefore.getChild(name);
- if (isAdminUser(node)) {
- String msg = "The admin user cannot be removed.";
- throw constraintViolation(27, msg);
+ Tree tree = parentBefore.getChild(name);
+ AuthorizableType type = UserUtil.getType(tree);
+ if (type == AuthorizableType.USER || type == AuthorizableType.GROUP) {
+ if (isAdminUser(tree)) {
+ String msg = "The admin user cannot be removed.";
+ throw constraintViolation(27, msg);
+ }
+ return null;
+ } else {
+ return new VisibleValidator(new UserValidator(tree, null,
provider), true, true);
}
- return null;
}
//------------------------------------------------------------< private
>---
Modified:
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/UserValidatorTest.java
URL:
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/UserValidatorTest.java?rev=1527612&r1=1527611&r2=1527612&view=diff
==============================================================================
---
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/UserValidatorTest.java
(original)
+++
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/UserValidatorTest.java
Mon Sep 30 15:31:56 2013
@@ -209,6 +209,27 @@ public class UserValidatorTest extends A
}
@Test
+ public void testRemoveAdminUserFolder() throws Exception {
+ try {
+ String adminId = getConfig().getConfigValue(PARAM_ADMIN_ID,
DEFAULT_ADMIN_ID);
+ UserManager userMgr = getUserManager(root);
+ Authorizable admin = userMgr.getAuthorizable(adminId);
+ if (admin == null) {
+ admin = userMgr.createUser(adminId, adminId);
+ root.commit();
+ }
+
+ root.getTree(admin.getPath()).getParent().remove();
+ root.commit();
+ fail("Admin user cannot be removed");
+ } catch (CommitFailedException e) {
+ // success
+ } finally {
+ root.refresh();
+ }
+ }
+
+ @Test
public void testDisableAdminUser() throws Exception {
try {
String adminId = getConfig().getConfigValue(PARAM_ADMIN_ID,
DEFAULT_ADMIN_ID);
