svn commit: r1672468 - in /jackrabbit/oak/trunk/oak-core/src: main/java/org/apache/jackrabbit/oak/security/authorization/AuthorizationContext.java test/java/org/apache/jackrabbit/oak/security/authorization/AuthorizationContextTest.java

Thu, 09 Apr 2015 12:30:52 -0700 

Author: angela
Date: Thu Apr  9 19:30:30 2015
New Revision: 1672468

URL: http://svn.apache.org/r1672468
Log:
OAK-2740 : TreeTypeProvider treates optimized node type definition info as 
Ac-Content

Added:
    
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/AuthorizationContextTest.java
Modified:
    
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AuthorizationContext.java

Modified: 
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AuthorizationContext.java
URL: 
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AuthorizationContext.java?rev=1672468&r1=1672467&r2=1672468&view=diff
==============================================================================
--- 
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AuthorizationContext.java
 (original)
+++ 
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AuthorizationContext.java
 Thu Apr  9 19:30:30 2015
@@ -47,7 +47,11 @@ final class AuthorizationContext impleme
     @Override
     public boolean definesContextRoot(@Nonnull Tree tree) {
         String name = tree.getName();
-        return POLICY_NODE_NAMES.contains(name) || 
REP_PERMISSION_STORE.equals(name);
+        if (POLICY_NODE_NAMES.contains(name)) {
+            return NT_REP_ACL.equals(TreeUtil.getPrimaryTypeName(tree));
+        } else {
+            return REP_PERMISSION_STORE.equals(name);
+        }
     }
 
     @Override

Added: 
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/AuthorizationContextTest.java
URL: 
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/AuthorizationContextTest.java?rev=1672468&view=auto
==============================================================================
--- 
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/AuthorizationContextTest.java
 (added)
+++ 
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/AuthorizationContextTest.java
 Thu Apr  9 19:30:30 2015
@@ -0,0 +1,111 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.oak.security.authorization;
+
+import java.util.List;
+
+import javax.jcr.security.AccessControlList;
+import javax.jcr.security.AccessControlManager;
+
+import com.google.common.collect.Lists;
+import 
org.apache.jackrabbit.commons.jackrabbit.authorization.AccessControlUtils;
+import org.apache.jackrabbit.oak.AbstractSecurityTest;
+import org.apache.jackrabbit.oak.api.Tree;
+import 
org.apache.jackrabbit.oak.spi.security.authorization.accesscontrol.AccessControlConstants;
+import org.apache.jackrabbit.oak.spi.security.principal.EveryonePrincipal;
+import org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeConstants;
+import org.junit.Test;
+
+import static org.junit.Assert.assertFalse;
+import static org.junit.Assert.assertNotNull;
+import static org.junit.Assert.assertTrue;
+
+public class AuthorizationContextTest extends AbstractSecurityTest {
+
+    /**
+     * @see <a 
href="https://issues.apache.org/jira/browse/OAK-2740";>OAK-2740</a>
+     */
+    @Test
+    public void testItemDefinitionsDefinesContextRoot() throws Exception {
+        List<String> paths = Lists.newArrayList(
+                
"/jcr:system/jcr:nodeTypes/rep:AccessControllable/rep:namedChildNodeDefinitions/rep:policy",
+                
"/jcr:system/jcr:nodeTypes/rep:RepoAccessControllable/rep:namedChildNodeDefinitions/rep:repoPolicy");
+
+        for (String defPath : paths) {
+            Tree tree = root.getTree(defPath);
+            
assertFalse(AuthorizationContext.getInstance().definesContextRoot(tree));
+        }
+    }
+
+    @Test
+    public void testPolicyDefinesContextRoot() throws Exception {
+        AccessControlManager acMgr = getAccessControlManager(root);
+
+        AccessControlList acl = AccessControlUtils.getAccessControlList(acMgr, 
"/");
+        assertNotNull(acl);
+
+        acl.addAccessControlEntry(EveryonePrincipal.getInstance(), 
privilegesFromNames(PrivilegeConstants.JCR_READ));
+        acMgr.setPolicy("/", acl);
+
+        Tree aclTree = 
root.getTree("/").getChild(AccessControlConstants.REP_POLICY);
+        assertTrue(aclTree.exists());
+        
assertTrue(AuthorizationContext.getInstance().definesContextRoot(aclTree));
+
+        // revert changes
+        root.refresh();
+    }
+
+    @Test
+    public void testRepoPolicyDefinesContextRoot() throws Exception {
+        AccessControlManager acMgr = getAccessControlManager(root);
+
+        AccessControlList acl = AccessControlUtils.getAccessControlList(acMgr, 
null);
+        assertNotNull(acl);
+
+        acl.addAccessControlEntry(EveryonePrincipal.getInstance(), 
privilegesFromNames(PrivilegeConstants.JCR_NAMESPACE_MANAGEMENT));
+        acMgr.setPolicy(null, acl);
+
+        Tree aclTree = 
root.getTree("/").getChild(AccessControlConstants.REP_REPO_POLICY);
+        assertTrue(aclTree.exists());
+        
assertTrue(AuthorizationContext.getInstance().definesContextRoot(aclTree));
+
+        // revert changes
+        root.refresh();
+    }
+
+    @Test
+    public void testAceDefinesContextRoot() throws Exception {
+        AccessControlManager acMgr = getAccessControlManager(root);
+
+        AccessControlList acl = AccessControlUtils.getAccessControlList(acMgr, 
"/");
+        assertNotNull(acl);
+
+        acl.addAccessControlEntry(EveryonePrincipal.getInstance(), 
privilegesFromNames(PrivilegeConstants.JCR_READ));
+        acMgr.setPolicy("/", acl);
+
+        Tree aclTree = 
root.getTree("/").getChild(AccessControlConstants.REP_POLICY);
+        assertTrue(aclTree.exists());
+
+        for (Tree child : aclTree.getChildren()) {
+            
assertFalse(AuthorizationContext.getInstance().definesContextRoot(child));
+        }
+
+        // revert changes
+        root.refresh();
+    }
+
+}
\ No newline at end of file

Reply via email to