You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@jackrabbit.apache.org by an...@apache.org on 2009/01/20 16:15:23 UTC
svn commit: r736030 - in /jackrabbit/trunk/jackrabbit-core/src:
main/java/org/apache/jackrabbit/core/NodeImpl.java
test/java/org/apache/jackrabbit/core/security/authorization/principalbased/WriteTest.java
Author: angela
Date: Tue Jan 20 07:15:23 2009
New Revision: 736030
URL: http://svn.apache.org/viewvc?rev=736030&view=rev
Log:
JCR-1941: AccessManager asks for property permissions before the actual creation of the object
Modified:
jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/NodeImpl.java
jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/principalbased/WriteTest.java
Modified: jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/NodeImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/NodeImpl.java?rev=736030&r1=736029&r2=736030&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/NodeImpl.java (original)
+++ jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/NodeImpl.java Tue Jan 20 07:15:23 2009
@@ -478,7 +478,12 @@
}
// create Property instance wrapping new property state
- PropertyImpl prop = (PropertyImpl) itemMgr.getItem(propState.getId());
+ // NOTE: since the property is not yet connected to its parent, avoid
+ // calling ItemManager#getItem(ItemId) which may include a permission
+ // check (with subsequent usage of the hierarachy-mgr -> error).
+ // just let the mgr create the new property that is known to exist and
+ // which has not been accessed before.
+ PropertyImpl prop = (PropertyImpl) itemMgr.createItemInstance(propState);
// modify the state of 'this', i.e. the parent node
NodeState thisState = (NodeState) getOrCreateTransientItemState();
Modified: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/principalbased/WriteTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/principalbased/WriteTest.java?rev=736030&r1=736029&r2=736030&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/principalbased/WriteTest.java (original)
+++ jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/principalbased/WriteTest.java Tue Jan 20 07:15:23 2009
@@ -18,17 +18,20 @@
import org.apache.jackrabbit.core.security.authorization.AbstractWriteTest;
import org.apache.jackrabbit.core.security.authorization.JackrabbitAccessControlList;
+import org.apache.jackrabbit.core.security.authorization.PrivilegeRegistry;
import org.apache.jackrabbit.core.security.JackrabbitAccessControlManager;
import org.apache.jackrabbit.core.SessionImpl;
import org.apache.jackrabbit.test.NotExecutableException;
import org.apache.jackrabbit.api.jsr283.security.AccessControlManager;
import org.apache.jackrabbit.api.jsr283.security.AccessControlPolicy;
+import org.apache.jackrabbit.api.jsr283.security.Privilege;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import javax.jcr.RepositoryException;
import javax.jcr.AccessDeniedException;
import javax.jcr.Session;
+import javax.jcr.Node;
import java.security.Principal;
import java.util.Map;
import java.util.HashMap;
@@ -92,5 +95,20 @@
}
}
+
+ public void testAutocreatedProperties() throws RepositoryException, NotExecutableException {
+ givePrivileges(path, testUser.getPrincipal(), privilegesFromName(PrivilegeRegistry.REP_WRITE), getRestrictions(superuser, path));
+
+ // testuser is not allowed to READ the protected property jcr:created.
+ Map restr = getRestrictions(superuser, path);
+ restr.put(ACLTemplate.P_GLOB, GlobPattern.create("/afolder/jcr:created"));
+ withdrawPrivileges(path, testUser.getPrincipal(), privilegesFromName(Privilege.JCR_READ), restr);
+
+ // still: adding a nt:folder node should be possible
+ Node n = getTestSession().getNode(path);
+ Node folder = n.addNode("afolder", "nt:folder");
+
+ assertFalse(folder.hasProperty("jcr:created"));
+ }
// TODO: add specific tests with other restrictions
}