You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@jackrabbit.apache.org by an...@apache.org on 2009/01/20 16:15:23 UTC
svn commit: r736030 - in /jackrabbit/trunk/jackrabbit-core/src: main/java/org/apache/jackrabbit/core/NodeImpl.java test/java/org/apache/jackrabbit/core/security/authorization/principalbased/WriteTest.java

Author: angela
Date: Tue Jan 20 07:15:23 2009
New Revision: 736030

URL: http://svn.apache.org/viewvc?rev=736030&view=rev
Log:
JCR-1941: AccessManager asks for property permissions before the actual creation of the object

Modified:
    jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/NodeImpl.java
    jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/principalbased/WriteTest.java

Modified: jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/NodeImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/NodeImpl.java?rev=736030&r1=736029&r2=736030&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/NodeImpl.java (original)
+++ jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/NodeImpl.java Tue Jan 20 07:15:23 2009
@@ -478,7 +478,12 @@
         }
 
         // create Property instance wrapping new property state
-        PropertyImpl prop = (PropertyImpl) itemMgr.getItem(propState.getId());
+        // NOTE: since the property is not yet connected to its parent, avoid
+        // calling ItemManager#getItem(ItemId) which may include a permission
+        // check (with subsequent usage of the hierarachy-mgr -> error).
+        // just let the mgr create the new property that is known to exist and
+        // which has not been accessed before.
+        PropertyImpl prop = (PropertyImpl) itemMgr.createItemInstance(propState);
 
         // modify the state of 'this', i.e. the parent node
         NodeState thisState = (NodeState) getOrCreateTransientItemState();

Modified: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/principalbased/WriteTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/principalbased/WriteTest.java?rev=736030&r1=736029&r2=736030&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/principalbased/WriteTest.java (original)
+++ jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/principalbased/WriteTest.java Tue Jan 20 07:15:23 2009
@@ -18,17 +18,20 @@
 
 import org.apache.jackrabbit.core.security.authorization.AbstractWriteTest;
 import org.apache.jackrabbit.core.security.authorization.JackrabbitAccessControlList;
+import org.apache.jackrabbit.core.security.authorization.PrivilegeRegistry;
 import org.apache.jackrabbit.core.security.JackrabbitAccessControlManager;
 import org.apache.jackrabbit.core.SessionImpl;
 import org.apache.jackrabbit.test.NotExecutableException;
 import org.apache.jackrabbit.api.jsr283.security.AccessControlManager;
 import org.apache.jackrabbit.api.jsr283.security.AccessControlPolicy;
+import org.apache.jackrabbit.api.jsr283.security.Privilege;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
 import javax.jcr.RepositoryException;
 import javax.jcr.AccessDeniedException;
 import javax.jcr.Session;
+import javax.jcr.Node;
 import java.security.Principal;
 import java.util.Map;
 import java.util.HashMap;
@@ -92,5 +95,20 @@
         }
     }
 
+
+    public void testAutocreatedProperties() throws RepositoryException, NotExecutableException {
+        givePrivileges(path, testUser.getPrincipal(), privilegesFromName(PrivilegeRegistry.REP_WRITE), getRestrictions(superuser, path));
+
+        // testuser is not allowed to READ the protected property jcr:created.
+        Map restr = getRestrictions(superuser, path);
+        restr.put(ACLTemplate.P_GLOB, GlobPattern.create("/afolder/jcr:created"));
+        withdrawPrivileges(path, testUser.getPrincipal(), privilegesFromName(Privilege.JCR_READ), restr);
+
+        // still: adding a nt:folder node should be possible
+        Node n = getTestSession().getNode(path);
+        Node folder = n.addNode("afolder", "nt:folder");
+
+        assertFalse(folder.hasProperty("jcr:created"));
+    }
     // TODO: add specific tests with other restrictions
 }