You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@jackrabbit.apache.org by an...@apache.org on 2009/03/25 18:23:50 UTC
svn commit: r758354 - in /jackrabbit/trunk/jackrabbit-core/src:
main/java/org/apache/jackrabbit/core/security/authorization/
main/java/org/apache/jackrabbit/core/security/authorization/acl/
main/java/org/apache/jackrabbit/core/security/authorization/pr...
Author: angela
Date: Wed Mar 25 17:23:32 2009
New Revision: 758354
URL: http://svn.apache.org/viewvc?rev=758354&view=rev
Log:
JCR-1588: Access Control
adjust to latest changes made to the API:
getApplicablePolicies only returns *new* policies that can be set. whereas getPolicies must be used to update an existing policy
Modified:
jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/AccessControlEditor.java
jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/acl/ACLEditor.java
jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/principalbased/ACLEditor.java
jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/api/jsr283/security/AccessControlListTest.java
jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/api/jsr283/security/AccessControlPolicyTest.java
jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/NodeImplTest.java
jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/JackrabbitAccessControlListTest.java
jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/acl/EvaluationUtil.java
jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/acl/WriteTest.java
Modified: jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/AccessControlEditor.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/AccessControlEditor.java?rev=758354&r1=758353&r2=758354&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/AccessControlEditor.java (original)
+++ jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/AccessControlEditor.java Wed Mar 25 17:23:32 2009
@@ -57,13 +57,16 @@
/**
* Retrieves the editable policies for the Node identified by the given
- * <code>nodePath</code>. If the node does not yet have any policy set an
- * new (empty) 'template' is created (see also {@link #getPolicies(String)}.<br>
+ * <code>nodePath</code> that are applicable but have not yet have been set.<br>
* The AccessControlPolicy objects returned are detached from the underlying
* <code>AccessControlProvider</code> and is only an external
* representation. Modification will therefore not take effect, until a
* modified policy is written back to the editor and persisted.
* <p/>
+ * See {@link #getPolicies(String)} for the corresponding method that returns
+ * the editable policies that have been set to the node at
+ * <code>nodePath</code> before.
+ * <p/>
* Compared to the policies returned by {@link AccessControlProvider#getEffectivePolicies(org.apache.jackrabbit.spi.Path)},
* the scope of the policies returned by this methods it limited to the Node
* itself and does never not take inherited elements into account.
Modified: jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/acl/ACLEditor.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/acl/ACLEditor.java?rev=758354&r1=758353&r2=758354&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/acl/ACLEditor.java (original)
+++ jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/acl/ACLEditor.java Wed Mar 25 17:23:32 2009
@@ -124,9 +124,7 @@
acl = new ACLTemplate(nodePath, session.getPrincipalManager(),
privilegeRegistry, session.getValueFactory());
}
- } else {
- acl = getACL(aclNode);
- }
+ } // else: acl already present -> getPolicies must be used.
return (acl != null) ? new AccessControlPolicy[] {acl} : new AccessControlPolicy[0];
}
Modified: jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/principalbased/ACLEditor.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/principalbased/ACLEditor.java?rev=758354&r1=758353&r2=758354&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/principalbased/ACLEditor.java (original)
+++ jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/principalbased/ACLEditor.java Wed Mar 25 17:23:32 2009
@@ -119,11 +119,12 @@
throw new AccessControlException("Access control modification not allowed at " + nodePath);
}
acNode = createAcNode(nodePath);
- }
- return new AccessControlPolicy[] {createTemplate(acNode)};
+ return new AccessControlPolicy[] {createTemplate(acNode)};
+ } // else: acl has already been set before -> use getPolicies instead
}
// nodePath not below rep:accesscontrol -> not editable
+ // or policy has been set before in which case getPolicies should be used instead.
return new AccessControlPolicy[0];
}
Modified: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/api/jsr283/security/AccessControlListTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/api/jsr283/security/AccessControlListTest.java?rev=758354&r1=758353&r2=758354&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/api/jsr283/security/AccessControlListTest.java (original)
+++ jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/api/jsr283/security/AccessControlListTest.java Wed Mar 25 17:23:32 2009
@@ -118,7 +118,13 @@
return (AccessControlList) acp;
}
}
- throw new NotExecutableException("No applicable AccessControlList at " + path);
+ AccessControlPolicy[] acps = acMgr.getPolicies(path);
+ for (int i = 0; i < acps.length; i++) {
+ if (acps[i] instanceof AccessControlList) {
+ return (AccessControlList) acps[i] ;
+ }
+ }
+ throw new NotExecutableException("No AccessControlList at " + path);
}
private static List currentPrivileges(AccessControlList acl, Principal principal) throws RepositoryException {
Modified: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/api/jsr283/security/AccessControlPolicyTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/api/jsr283/security/AccessControlPolicyTest.java?rev=758354&r1=758353&r2=758354&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/api/jsr283/security/AccessControlPolicyTest.java (original)
+++ jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/api/jsr283/security/AccessControlPolicyTest.java Wed Mar 25 17:23:32 2009
@@ -124,16 +124,31 @@
checkCanReadAc(path);
// call must succeed without exception
AccessControlPolicyIterator it = acMgr.getApplicablePolicies(path);
- Set AccessControlList = new HashSet();
+ Set acps = new HashSet();
while (it.hasNext()) {
AccessControlPolicy policy = it.nextAccessControlPolicy();
- if (!AccessControlList.add(policy)) {
+ if (!acps.add(policy)) {
fail("The applicable policies present should be unique among the choices. Policy " + policy + " occured multiple times.");
}
}
}
+ public void testApplicablePoliciesAreDistintFromSetPolicies() throws RepositoryException, NotExecutableException {
+ checkCanReadAc(path);
+ // call must succeed without exception
+ AccessControlPolicyIterator it = acMgr.getApplicablePolicies(path);
+ Set acps = new HashSet();
+ while (it.hasNext()) {
+ acps.add(it.nextAccessControlPolicy());
+ }
+
+ AccessControlPolicy[] policies = acMgr.getPolicies(path);
+ for (int i = 0; i < policies.length; i++) {
+ assertFalse("The applicable policies obtained should not be present among the policies obtained through AccessControlManager.getPolicies.", acps.contains(policies[i]));
+ }
+ }
+
public void testSetPolicy() throws RepositoryException, AccessDeniedException, NotExecutableException {
checkCanModifyAc(path);
AccessControlPolicyIterator it = acMgr.getApplicablePolicies(path);
@@ -155,6 +170,22 @@
}
}
+ public void testSetAllPolicies() throws RepositoryException, NotExecutableException {
+ AccessControlPolicyIterator it = acMgr.getApplicablePolicies(path);
+ if (!it.hasNext()) {
+ throw new NotExecutableException();
+ }
+ while (it.hasNext()) {
+ acMgr.setPolicy(path, it.nextAccessControlPolicy());
+ }
+ // all policies have been set -> no additional applicable policies.
+ it = acMgr.getApplicablePolicies(path);
+ assertFalse("After having set all applicable policies AccessControlManager.getApplicablePolicies should return an empty iterator.",
+ it.hasNext());
+ assertEquals("After having set all applicable policies AccessControlManager.getApplicablePolicies should return an empty iterator.",
+ 0, it.getSize());
+ }
+
public void testGetPolicyAfterSet() throws RepositoryException, AccessDeniedException, NotExecutableException {
checkCanReadAc(path);
checkCanModifyAc(path);
@@ -177,6 +208,25 @@
}
}
+ public void testResetPolicy() throws RepositoryException, AccessDeniedException, NotExecutableException {
+ checkCanReadAc(path);
+ checkCanModifyAc(path);
+
+ // make sure that at least a single policy has been set.
+ AccessControlPolicyIterator it = acMgr.getApplicablePolicies(path);
+ if (it.hasNext()) {
+ AccessControlPolicy policy = it.nextAccessControlPolicy();
+ acMgr.setPolicy(path, policy);
+ }
+
+ // access the policies already present at path and test if updating
+ // (resetting) the policies works as well.
+ AccessControlPolicy[] policies = acMgr.getPolicies(path);
+ for (int i = 0; i < policies.length; i++) {
+ acMgr.setPolicy(path, policies[i]);
+ }
+ }
+
public void testSetPolicyIsTransient() throws RepositoryException, AccessDeniedException, NotExecutableException {
checkCanModifyAc(path);
@@ -231,7 +281,7 @@
public void testNodeIsModifiedAfterSecondSetPolicy() throws RepositoryException, AccessDeniedException, NotExecutableException {
checkCanModifyAc(path);
- // make sure an policy has been explicitely set.
+ // make sure a policy has been explicitely set.
AccessControlPolicyIterator it = acMgr.getApplicablePolicies(path);
if (it.hasNext()) {
AccessControlPolicy policy = it.nextAccessControlPolicy();
Modified: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/NodeImplTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/NodeImplTest.java?rev=758354&r1=758353&r2=758354&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/NodeImplTest.java (original)
+++ jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/NodeImplTest.java Wed Mar 25 17:23:32 2009
@@ -47,21 +47,34 @@
private static void changeReadPermission(Principal principal, Node n, boolean allowRead) throws RepositoryException, NotExecutableException {
SessionImpl s = (SessionImpl) n.getSession();
+ JackrabbitAccessControlList acl = null;
AccessControlManager acMgr = s.getAccessControlManager();
AccessControlPolicyIterator it = acMgr.getApplicablePolicies(n.getPath());
while (it.hasNext()) {
AccessControlPolicy acp = it.nextAccessControlPolicy();
if (acp instanceof JackrabbitAccessControlList) {
- JackrabbitAccessControlList acl = (JackrabbitAccessControlList) acp;
- acl.addEntry(principal, new Privilege[] {acMgr.privilegeFromName(Privilege.JCR_READ)}, allowRead);
- acMgr.setPolicy(n.getPath(), acp);
- s.save();
- return;
+ acl = (JackrabbitAccessControlList) acp;
+ break;
+ }
+ }
+ if (acl == null) {
+ AccessControlPolicy[] acps = acMgr.getPolicies(n.getPath());
+ for (int i = 0; i < acps.length; i++) {
+ if (acps[i] instanceof JackrabbitAccessControlList) {
+ acl = (JackrabbitAccessControlList) acps[i];
+ break;
+ }
}
}
- // no JackrabbitAccessControlList found.
- throw new NotExecutableException();
+ if (acl != null) {
+ acl.addEntry(principal, new Privilege[] {acMgr.privilegeFromName(Privilege.JCR_READ)}, allowRead);
+ acMgr.setPolicy(n.getPath(), acl);
+ s.save();
+ } else {
+ // no JackrabbitAccessControlList found.
+ throw new NotExecutableException();
+ }
}
private static Principal getReadOnlyPrincipal() throws RepositoryException, NotExecutableException {
Modified: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/JackrabbitAccessControlListTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/JackrabbitAccessControlListTest.java?rev=758354&r1=758353&r2=758354&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/JackrabbitAccessControlListTest.java (original)
+++ jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/JackrabbitAccessControlListTest.java Wed Mar 25 17:23:32 2009
@@ -48,14 +48,13 @@
superuser.save();
AccessControlPolicyIterator it = acMgr.getApplicablePolicies(n.getPath());
- if (it.hasNext()) {
+ while (it.hasNext() && templ == null) {
AccessControlPolicy p = it.nextAccessControlPolicy();
if (p instanceof JackrabbitAccessControlList) {
templ = (JackrabbitAccessControlList) p;
- } else {
- throw new NotExecutableException("No JackrabbitAccessControlList to test.");
}
- } else {
+ }
+ if (templ == null) {
throw new NotExecutableException("No JackrabbitAccessControlList to test.");
}
}
Modified: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/acl/EvaluationUtil.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/acl/EvaluationUtil.java?rev=758354&r1=758353&r2=758354&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/acl/EvaluationUtil.java (original)
+++ jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/acl/EvaluationUtil.java Wed Mar 25 17:23:32 2009
@@ -36,6 +36,7 @@
static JackrabbitAccessControlList getPolicy(AccessControlManager acM, String path, Principal principal) throws RepositoryException,
AccessDeniedException, NotExecutableException {
+ // try applicable (new) acls first
AccessControlPolicyIterator itr = acM.getApplicablePolicies(path);
while (itr.hasNext()) {
AccessControlPolicy policy = itr.nextAccessControlPolicy();
@@ -43,6 +44,15 @@
return (ACLTemplate) policy;
}
}
+ // try if there is an acl that has been set before:
+ AccessControlPolicy[] pcls = acM.getPolicies(path);
+ for (int i = 0; i < pcls.length; i++) {
+ AccessControlPolicy policy = pcls[i];
+ if (policy instanceof ACLTemplate) {
+ return (ACLTemplate) policy;
+ }
+ }
+ // no applicable or existing ACLTemplate to edit -> not executable.
throw new NotExecutableException();
}
Modified: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/acl/WriteTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/acl/WriteTest.java?rev=758354&r1=758353&r2=758354&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/acl/WriteTest.java (original)
+++ jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/acl/WriteTest.java Wed Mar 25 17:23:32 2009
@@ -53,6 +53,7 @@
}
protected JackrabbitAccessControlList getPolicy(AccessControlManager acM, String path, Principal principal) throws RepositoryException, AccessDeniedException, NotExecutableException {
+ // first try if there is a new applicable policy
AccessControlPolicyIterator it = acM.getApplicablePolicies(path);
while (it.hasNext()) {
AccessControlPolicy acp = it.nextAccessControlPolicy();
@@ -60,6 +61,15 @@
return (ACLTemplate) acp;
}
}
+ // try if there is an acl that has been set before:
+ AccessControlPolicy[] pcls = acM.getPolicies(path);
+ for (int i = 0; i < pcls.length; i++) {
+ AccessControlPolicy policy = pcls[i];
+ if (policy instanceof ACLTemplate) {
+ return (ACLTemplate) policy;
+ }
+ }
+ // no applicable or existing ACLTemplate to edit -> not executable.
throw new NotExecutableException("ACLTemplate expected.");
}