You are viewing a plain text version of this content. The canonical link for it is here.
Posted to oak-commits@jackrabbit.apache.org by an...@apache.org on 2015/10/15 12:04:17 UTC
svn commit: r1708766 - in /jackrabbit/oak/trunk/oak-jcr/src:
main/java/org/apache/jackrabbit/oak/jcr/session/NodeImpl.java
test/java/org/apache/jackrabbit/oak/jcr/security/authorization/WriteTest.java
Author: angela
Date: Thu Oct 15 10:04:17 2015
New Revision: 1708766
URL: http://svn.apache.org/viewvc?rev=1708766&view=rev
Log:
OAK-3517 : Node.addNode(String, String) may check permissions against the wrong node
Modified:
jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/session/NodeImpl.java
jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/authorization/WriteTest.java
Modified: jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/session/NodeImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/session/NodeImpl.java?rev=1708766&r1=1708765&r2=1708766&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/session/NodeImpl.java (original)
+++ jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/session/NodeImpl.java Thu Oct 15 10:04:17 2015
@@ -290,7 +290,7 @@ public class NodeImpl<T extends NodeDele
// modification of that property in the PermissionValidator
if (oakTypeName != null) {
PropertyState prop = PropertyStates.createProperty(JCR_PRIMARYTYPE, oakTypeName, NAME);
- sessionContext.getAccessManager().checkPermissions(dlg.getTree(), prop, Permissions.NODE_TYPE_MANAGEMENT);
+ sessionContext.getAccessManager().checkPermissions(parent.getTree(), prop, Permissions.NODE_TYPE_MANAGEMENT);
}
NodeDelegate added = parent.addChild(oakName, oakTypeName);
Modified: jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/authorization/WriteTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/authorization/WriteTest.java?rev=1708766&r1=1708765&r2=1708766&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/authorization/WriteTest.java (original)
+++ jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/authorization/WriteTest.java Thu Oct 15 10:04:17 2015
@@ -26,8 +26,10 @@ import javax.jcr.Session;
import javax.jcr.security.AccessControlManager;
import javax.jcr.security.Privilege;
+import org.apache.jackrabbit.JcrConstants;
import org.apache.jackrabbit.api.security.JackrabbitAccessControlList;
import org.apache.jackrabbit.commons.jackrabbit.authorization.AccessControlUtils;
+import org.apache.jackrabbit.oak.spi.security.principal.EveryonePrincipal;
import org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeConstants;
import org.apache.jackrabbit.test.NotExecutableException;
import org.apache.jackrabbit.util.Text;
@@ -38,6 +40,25 @@ import org.junit.Test;
*/
public class WriteTest extends AbstractEvaluationTest {
+ /**
+ * @see <a href="https://issues.apache.org/jira/browse/OAK-3517">OAK-3517</a>
+ */
+ @Test
+ public void testAddNodeWithRelativePath() throws Exception {
+ Privilege[] privileges = privilegesFromNames(new String[] {
+ Privilege.JCR_ADD_CHILD_NODES,
+ Privilege.JCR_NODE_TYPE_MANAGEMENT
+ });
+ allow(childNPath, EveryonePrincipal.getInstance(), privileges);
+
+ Node testNode = testSession.getNode(path);
+ String relPath = testSession.getNode(childNPath).getName() + "/newChild";
+ testNode.addNode(relPath, JcrConstants.NT_UNSTRUCTURED);
+
+ testSession.save();
+ }
+
+
@Test
public void testAddChildNodeAndSetProperty() throws Exception {
// give 'testUser' ADD_CHILD_NODES|MODIFY_PROPERTIES privileges at 'path'