You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@jackrabbit.apache.org by an...@apache.org on 2012/07/18 09:49:03 UTC
svn commit: r1362796 - in /jackrabbit/trunk/jackrabbit-core/src:
main/java/org/apache/jackrabbit/core/security/authorization/PrivilegeRegistry.java
test/java/org/apache/jackrabbit/core/security/authorization/acl/WriteTest.java
Author: angela
Date: Wed Jul 18 07:49:03 2012
New Revision: 1362796
URL: http://svn.apache.org/viewvc?rev=1362796&view=rev
Log:
JCR-3390 : Reordering policy node fails with AccessDeniedException
Modified:
jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/PrivilegeRegistry.java
jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/acl/WriteTest.java
Modified: jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/PrivilegeRegistry.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/PrivilegeRegistry.java?rev=1362796&r1=1362795&r2=1362796&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/PrivilegeRegistry.java (original)
+++ jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/PrivilegeRegistry.java Wed Jul 18 07:49:03 2012
@@ -377,13 +377,6 @@ public final class PrivilegeRegistry imp
perm |= Permission.ADD_NODE;
}
- // modify_child_node_collection permission is granted through
- // privileges on the parent
- if ((parentPrivs & ADD_CHILD_NODES) == ADD_CHILD_NODES &&
- (parentPrivs & REMOVE_CHILD_NODES) == REMOVE_CHILD_NODES) {
- perm |= Permission.MODIFY_CHILD_NODE_COLLECTION;
- }
-
/*
remove_node is
allowed: only if remove_child_nodes privilege is present on
@@ -404,6 +397,13 @@ public final class PrivilegeRegistry imp
}
}
+ // modify_child_node_collection permission is granted through
+ // privileges on the parent
+ if ((parentPrivs & ADD_CHILD_NODES) == ADD_CHILD_NODES &&
+ (parentPrivs & REMOVE_CHILD_NODES) == REMOVE_CHILD_NODES) {
+ perm |= Permission.MODIFY_CHILD_NODE_COLLECTION;
+ }
+
// the remaining (special) permissions are simply defined on the node
if ((privs & READ_AC) == READ_AC) {
perm |= Permission.READ_AC;
Modified: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/acl/WriteTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/acl/WriteTest.java?rev=1362796&r1=1362795&r2=1362796&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/acl/WriteTest.java (original)
+++ jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/acl/WriteTest.java Wed Jul 18 07:49:03 2012
@@ -26,6 +26,7 @@ import org.apache.jackrabbit.core.securi
import org.apache.jackrabbit.core.security.principal.EveryonePrincipal;
import org.apache.jackrabbit.core.security.TestPrincipal;
import org.apache.jackrabbit.test.NotExecutableException;
+import org.apache.jackrabbit.util.Text;
import javax.jcr.AccessDeniedException;
import javax.jcr.Node;
@@ -530,4 +531,26 @@ public class WriteTest extends AbstractW
superuser.save();
}
}
+
+ public void testReorderPolicyNode() throws RepositoryException, NotExecutableException {
+ Session testSession = getTestSession();
+ Node n = testSession.getNode(path);
+ try {
+ if (!n.getPrimaryNodeType().hasOrderableChildNodes()) {
+ throw new NotExecutableException("Reordering child nodes is not supported..");
+ }
+
+ n.orderBefore(Text.getName(childNPath), Text.getName(childNPath2));
+ testSession.save();
+ fail("test session must not be allowed to reorder nodes.");
+ } catch (AccessDeniedException e) {
+ // success.
+ }
+
+ // grant all privileges
+ givePrivileges(path, privilegesFromNames(new String[] {Privilege.JCR_ALL}), getRestrictions(superuser, path));
+
+ n.orderBefore("rep:policy", Text.getName(childNPath2));
+ testSession.save();
+ }
}
\ No newline at end of file