Author: angela
Date: Tue Nov 24 09:04:29 2015
New Revision: 1716079
URL: http://svn.apache.org/viewvc?rev=1716079&view=rev
Log:
OAK-3671 : Incomplete cleanup of entries in ACL
Modified:
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/ACL.java
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/ACLTest.java
Modified:
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/ACL.java
URL:
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/ACL.java?rev=1716079&r1=1716078&r2=1716079&view=diff
==============================================================================
---
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/ACL.java
(original)
+++
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/ACL.java
Tue Nov 24 09:04:29 2015
@@ -194,6 +194,7 @@ abstract class ACL extends AbstractAcces
}
}));
+ boolean addEntry = true;
for (ACE existing : subList) {
PrivilegeBits existingBits =
PrivilegeBits.getInstance(existing.getPrivilegeBits());
PrivilegeBits entryBits = entry.getPrivilegeBits();
@@ -208,7 +209,7 @@ abstract class ACL extends AbstractAcces
int index = entries.indexOf(existing);
entries.remove(existing);
entries.add(index, createACE(existing, existingBits));
- return true;
+ addEntry = false;
}
} else {
// existing is complementary entry -> clean up redundant
@@ -227,7 +228,9 @@ abstract class ACL extends AbstractAcces
}
}
// finally add the new entry at the end of the list
- entries.add(entry);
+ if (addEntry) {
+ entries.add(entry);
+ }
return true;
}
Modified:
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/ACLTest.java
URL:
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/ACLTest.java?rev=1716079&r1=1716078&r2=1716079&view=diff
==============================================================================
---
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/ACLTest.java
(original)
+++
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/ACLTest.java
Tue Nov 24 09:04:29 2015
@@ -452,6 +452,19 @@ public class ACLTest extends AbstractAcc
}
@Test
+ public void testComplementaryEntry3() throws Exception {
+ Privilege[] readPriv = privilegesFromNames(JCR_READ);
+
+ acl.addAccessControlEntry(testPrincipal,
privilegesFromNames(JCR_WRITE));
+ acl.addEntry(testPrincipal, readPriv, false);
+
+ acl.addAccessControlEntry(testPrincipal, readPriv);
+
+ List<? extends JackrabbitAccessControlEntry> entries =
acl.getEntries();
+ assertEquals(1, entries.size());
+ }
+
+ @Test
public void testMultiplePrincipals() throws Exception {
Principal everyone = principalManager.getEveryone();
Privilege[] privs = privilegesFromNames(JCR_READ);
