Author: angela
Date: Thu Oct 15 10:04:17 2015
New Revision: 1708766
URL: http://svn.apache.org/viewvc?rev=1708766&view=rev
Log:
OAK-3517 : Node.addNode(String, String) may check permissions against the wrong
node
Modified:
jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/session/NodeImpl.java
jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/authorization/WriteTest.java
Modified:
jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/session/NodeImpl.java
URL:
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/session/NodeImpl.java?rev=1708766&r1=1708765&r2=1708766&view=diff
==============================================================================
---
jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/session/NodeImpl.java
(original)
+++
jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/session/NodeImpl.java
Thu Oct 15 10:04:17 2015
@@ -290,7 +290,7 @@ public class NodeImpl<T extends NodeDele
// modification of that property in the PermissionValidator
if (oakTypeName != null) {
PropertyState prop =
PropertyStates.createProperty(JCR_PRIMARYTYPE, oakTypeName, NAME);
-
sessionContext.getAccessManager().checkPermissions(dlg.getTree(), prop,
Permissions.NODE_TYPE_MANAGEMENT);
+
sessionContext.getAccessManager().checkPermissions(parent.getTree(), prop,
Permissions.NODE_TYPE_MANAGEMENT);
}
NodeDelegate added = parent.addChild(oakName, oakTypeName);
Modified:
jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/authorization/WriteTest.java
URL:
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/authorization/WriteTest.java?rev=1708766&r1=1708765&r2=1708766&view=diff
==============================================================================
---
jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/authorization/WriteTest.java
(original)
+++
jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/authorization/WriteTest.java
Thu Oct 15 10:04:17 2015
@@ -26,8 +26,10 @@ import javax.jcr.Session;
import javax.jcr.security.AccessControlManager;
import javax.jcr.security.Privilege;
+import org.apache.jackrabbit.JcrConstants;
import org.apache.jackrabbit.api.security.JackrabbitAccessControlList;
import
org.apache.jackrabbit.commons.jackrabbit.authorization.AccessControlUtils;
+import org.apache.jackrabbit.oak.spi.security.principal.EveryonePrincipal;
import org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeConstants;
import org.apache.jackrabbit.test.NotExecutableException;
import org.apache.jackrabbit.util.Text;
@@ -38,6 +40,25 @@ import org.junit.Test;
*/
public class WriteTest extends AbstractEvaluationTest {
+ /**
+ * @see <a
href="https://issues.apache.org/jira/browse/OAK-3517";>OAK-3517</a>
+ */
+ @Test
+ public void testAddNodeWithRelativePath() throws Exception {
+ Privilege[] privileges = privilegesFromNames(new String[] {
+ Privilege.JCR_ADD_CHILD_NODES,
+ Privilege.JCR_NODE_TYPE_MANAGEMENT
+ });
+ allow(childNPath, EveryonePrincipal.getInstance(), privileges);
+
+ Node testNode = testSession.getNode(path);
+ String relPath = testSession.getNode(childNPath).getName() +
"/newChild";
+ testNode.addNode(relPath, JcrConstants.NT_UNSTRUCTURED);
+
+ testSession.save();
+ }
+
+
@Test
public void testAddChildNodeAndSetProperty() throws Exception {
// give 'testUser' ADD_CHILD_NODES|MODIFY_PROPERTIES privileges at
'path'
