Author: angela
Date: Tue Nov 29 11:20:31 2016
New Revision: 1771885
URL: http://svn.apache.org/viewvc?rev=1771885&view=rev
Log:
OAK-5182 : CugAccessControlManager.removePolicy should remove the mixin
Modified:
jackrabbit/oak/trunk/oak-authorization-cug/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/CugAccessControlManager.java
jackrabbit/oak/trunk/oak-authorization-cug/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/CugAccessControlManagerTest.java
Modified:
jackrabbit/oak/trunk/oak-authorization-cug/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/CugAccessControlManager.java
URL:
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-authorization-cug/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/CugAccessControlManager.java?rev=1771885&r1=1771884&r2=1771885&view=diff
==============================================================================
---
jackrabbit/oak/trunk/oak-authorization-cug/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/CugAccessControlManager.java
(original)
+++
jackrabbit/oak/trunk/oak-authorization-cug/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/CugAccessControlManager.java
Tue Nov 29 11:20:31 2016
@@ -33,6 +33,8 @@ import javax.jcr.security.Privilege;
import com.google.common.base.Function;
import com.google.common.collect.ImmutableSet;
import com.google.common.collect.Iterables;
+import com.google.common.collect.Sets;
+import org.apache.jackrabbit.JcrConstants;
import org.apache.jackrabbit.api.security.JackrabbitAccessControlPolicy;
import org.apache.jackrabbit.api.security.principal.PrincipalManager;
import
org.apache.jackrabbit.commons.iterator.AccessControlPolicyIteratorAdapter;
@@ -42,6 +44,7 @@ import org.apache.jackrabbit.oak.api.Tre
import org.apache.jackrabbit.oak.api.Type;
import org.apache.jackrabbit.oak.commons.PathUtils;
import org.apache.jackrabbit.oak.namepath.NamePathMapper;
+import org.apache.jackrabbit.oak.plugins.nodetype.NodeTypeConstants;
import
org.apache.jackrabbit.oak.spi.security.authorization.accesscontrol.PolicyOwner;
import org.apache.jackrabbit.oak.spi.security.authorization.cug.CugPolicy;
import org.apache.jackrabbit.oak.spi.security.ConfigurationParameters;
@@ -56,6 +59,7 @@ import org.apache.jackrabbit.oak.util.Tr
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
+import static org.apache.jackrabbit.oak.api.Type.NAMES;
import static
org.apache.jackrabbit.oak.plugins.nodetype.NodeTypeConstants.NODE_TYPES_PATH;
/**
@@ -151,6 +155,13 @@ class CugAccessControlManager extends Ab
if (!CugUtil.definesCug(cug)) {
throw new AccessControlException("Unexpected primary type of
node rep:cugPolicy.");
} else {
+ // remove the rep:CugMixin if it has been explicitly added
upon setPolicy
+ Set<String> mixins = Sets.newHashSet(TreeUtil.getNames(tree,
NodeTypeConstants.JCR_MIXINTYPES));
+ if (mixins.remove(MIX_REP_CUG_MIXIN)) {
+ tree.setProperty(JcrConstants.JCR_MIXINTYPES, mixins,
NAMES);
+ } else {
+ log.debug("Cannot remove mixin type " + MIX_REP_CUG_MIXIN);
+ }
cug.remove();
}
} else {
Modified:
jackrabbit/oak/trunk/oak-authorization-cug/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/CugAccessControlManagerTest.java
URL:
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-authorization-cug/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/CugAccessControlManagerTest.java?rev=1771885&r1=1771884&r2=1771885&view=diff
==============================================================================
---
jackrabbit/oak/trunk/oak-authorization-cug/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/CugAccessControlManagerTest.java
(original)
+++
jackrabbit/oak/trunk/oak-authorization-cug/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/CugAccessControlManagerTest.java
Tue Nov 29 11:20:31 2016
@@ -39,6 +39,7 @@ import org.apache.jackrabbit.oak.api.Tre
import org.apache.jackrabbit.oak.api.Type;
import org.apache.jackrabbit.oak.namepath.NamePathMapper;
import org.apache.jackrabbit.oak.plugins.nodetype.NodeTypeConstants;
+import org.apache.jackrabbit.oak.plugins.nodetype.ReadOnlyNodeTypeManager;
import org.apache.jackrabbit.oak.spi.security.ConfigurationParameters;
import
org.apache.jackrabbit.oak.spi.security.authorization.AuthorizationConfiguration;
import org.apache.jackrabbit.oak.spi.security.authorization.cug.CugPolicy;
@@ -337,6 +338,22 @@ public class CugAccessControlManagerTest
}
@Test
+ public void testRemovePolicyRemovesMixin() throws Exception {
+ ReadOnlyNodeTypeManager ntMgr =
ReadOnlyNodeTypeManager.getInstance(root, NamePathMapper.DEFAULT);
+
+ CugPolicy cug = getApplicableCug(SUPPORTED_PATH);
+ cugAccessControlManager.setPolicy(SUPPORTED_PATH, cug);
+ root.commit();
+
+ assertTrue(ntMgr.isNodeType(root.getTree(SUPPORTED_PATH),
MIX_REP_CUG_MIXIN));
+
+ cugAccessControlManager.removePolicy(SUPPORTED_PATH,
cugAccessControlManager.getPolicies(SUPPORTED_PATH)[0]);
+ root.commit();
+
+ assertFalse(ntMgr.isNodeType(root.getTree(SUPPORTED_PATH),
MIX_REP_CUG_MIXIN));
+ }
+
+ @Test
public void testRemoveInvalidPolicy() throws Exception {
List<AccessControlPolicy> invalidPolicies = ImmutableList.of(
new AccessControlPolicy() {},
