You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@jackrabbit.apache.org by an...@apache.org on 2008/10/17 14:27:11 UTC
svn commit: r705579 - in /jackrabbit/trunk/jackrabbit-core/src:
main/java/org/apache/jackrabbit/core/NodeImpl.java
test/java/org/apache/jackrabbit/core/NodeImplTest.java
test/java/org/apache/jackrabbit/core/TestAll.java
Author: angela
Date: Fri Oct 17 05:27:10 2008
New Revision: 705579
URL: http://svn.apache.org/viewvc?rev=705579&view=rev
Log:
JCR-1729: Node#addNode fails with AccessDeniedException if session lacks read-permission to an ancestor
Added:
jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/NodeImplTest.java (with props)
Modified:
jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/NodeImpl.java
jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/TestAll.java
Modified: jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/NodeImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/NodeImpl.java?rev=705579&r1=705578&r2=705579&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/NodeImpl.java (original)
+++ jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/NodeImpl.java Fri Oct 17 05:27:10 2008
@@ -3855,14 +3855,21 @@
* but also verify that node.isNodeType("mix:versionable")==true;
* this would have a negative impact on performance though...
*/
- NodeImpl node = this;
- while (!node.hasProperty(NameConstants.JCR_ISCHECKEDOUT)) {
- if (node.getDepth() == 0) {
- return true;
+ try {
+ NodeState state = (NodeState) getItemState();
+ while (!state.hasPropertyName(NameConstants.JCR_ISCHECKEDOUT)) {
+ ItemId parentId = state.getParentId();
+ if (parentId == null) {
+ // root reached or out of hierarchy
+ return true;
+ }
+ state = (NodeState) session.getItemStateManager().getItemState(parentId);
}
- node = (NodeImpl) node.getParent();
+ PropertyState ps = (PropertyState) session.getItemStateManager().getItemState(new PropertyId(state.getNodeId(), NameConstants.JCR_ISCHECKEDOUT));
+ return ps.getValues()[0].getBoolean();
+ } catch (ItemStateException e) {
+ throw new RepositoryException(e.getMessage());
}
- return node.getProperty(NameConstants.JCR_ISCHECKEDOUT).getBoolean();
}
/**
Added: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/NodeImplTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/NodeImplTest.java?rev=705579&view=auto
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/NodeImplTest.java (added)
+++ jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/NodeImplTest.java Fri Oct 17 05:27:10 2008
@@ -0,0 +1,109 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.core;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.apache.jackrabbit.test.AbstractJCRTest;
+import org.apache.jackrabbit.test.NotExecutableException;
+import org.apache.jackrabbit.api.jsr283.security.AccessControlManager;
+import org.apache.jackrabbit.api.jsr283.security.AccessControlPolicyIterator;
+import org.apache.jackrabbit.api.jsr283.security.AccessControlPolicy;
+import org.apache.jackrabbit.api.jsr283.security.Privilege;
+import org.apache.jackrabbit.core.security.authorization.JackrabbitAccessControlList;
+
+import javax.jcr.Node;
+import javax.jcr.Session;
+import javax.jcr.RepositoryException;
+import java.security.Principal;
+import java.security.acl.Group;
+import java.util.Iterator;
+
+/** <code>NodeImplTest</code>... */
+public class NodeImplTest extends AbstractJCRTest {
+
+ private static Logger log = LoggerFactory.getLogger(NodeImplTest.class);
+
+ protected void setUp() throws Exception {
+ super.setUp();
+ if (!(testRootNode instanceof NodeImpl) && !(testRootNode.getSession() instanceof SessionImpl)) {
+ throw new NotExecutableException();
+ }
+ }
+
+ private static void changeReadPermission(Principal principal, Node n, boolean allowRead) throws RepositoryException, NotExecutableException {
+ SessionImpl s = (SessionImpl) n.getSession();
+ AccessControlManager acMgr = s.getAccessControlManager();
+ AccessControlPolicyIterator it = acMgr.getApplicablePolicies(n.getPath());
+ while (it.hasNext()) {
+ AccessControlPolicy acp = it.nextAccessControlPolicy();
+ if (acp instanceof JackrabbitAccessControlList) {
+ JackrabbitAccessControlList acl = (JackrabbitAccessControlList) acp;
+ acl.addEntry(principal, new Privilege[] {acMgr.privilegeFromName(Privilege.JCR_READ)}, allowRead);
+ acMgr.setPolicy(n.getPath(), acp);
+ s.save();
+ return;
+ }
+ }
+
+ // no JackrabbitAccessControlList found.
+ throw new NotExecutableException();
+ }
+
+ private static Principal getReadOnlyPrincipal() throws RepositoryException, NotExecutableException {
+ SessionImpl s = (SessionImpl) helper.getReadOnlySession();
+ for (Iterator it = s.getSubject().getPrincipals().iterator(); it.hasNext();) {
+ Principal p = (Principal) it.next();
+ if (!(p instanceof Group)) {
+ return p;
+ }
+ }
+ s.logout();
+ throw new NotExecutableException();
+ }
+
+ /**
+ * Test case for #JCR-1729. Note, that test will only be executable with
+ * a security configurations that allows to set Deny-ACEs.
+ *
+ * @throws RepositoryException
+ * @throws NotExecutableException
+ */
+ public void testInternalIsCheckedOut() throws RepositoryException, NotExecutableException {
+ Node n = testRootNode.addNode(nodeName1);
+ NodeImpl testNode = (NodeImpl) n.addNode(nodeName2);
+ testRootNode.save();
+
+ Principal principal = getReadOnlyPrincipal();
+ changeReadPermission(principal, n, false);
+ changeReadPermission(principal, testNode, true);
+
+ Session readOnly = helper.getReadOnlySession();
+ try {
+ NodeImpl tn = (NodeImpl) readOnly.getItem(testNode.getPath());
+ assertTrue(tn.internalIsCheckedOut());
+
+ n.addMixin(mixVersionable);
+ testRootNode.save();
+ n.checkin();
+
+ assertFalse(tn.internalIsCheckedOut());
+ } finally {
+ readOnly.logout();
+ }
+ }
+}
\ No newline at end of file
Propchange: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/NodeImplTest.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/NodeImplTest.java
------------------------------------------------------------------------------
svn:keywords = author date id revision url
Modified: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/TestAll.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/TestAll.java?rev=705579&r1=705578&r2=705579&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/TestAll.java (original)
+++ jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/TestAll.java Fri Oct 17 05:27:10 2008
@@ -37,6 +37,7 @@
suite.addTestSuite(TransientRepositoryTest.class);
suite.addTestSuite(XATest.class);
suite.addTestSuite(RestoreAndCheckoutTest.class);
+ suite.addTestSuite(NodeImplTest.class);
return suite;
}