You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@sling.apache.org by en...@apache.org on 2010/02/28 20:44:54 UTC
svn commit: r917278 - in /sling/trunk:
bundles/jcr/base/src/main/java/org/apache/sling/jcr/base/util/
launchpad/content/src/main/resources/content/apps/sling/servlet/default/
launchpad/testing/src/test/java/org/apache/sling/launchpad/webapp/integration...
Author: enorman
Date: Sun Feb 28 19:44:54 2010
New Revision: 917278
URL: http://svn.apache.org/viewvc?rev=917278&view=rev
Log:
SLING-1413 - In Jackrabbit 2.0, Privileges can now be denied for Groups. The ModifyAceServlet and security ContentLoader should allow it as well.
Modified:
sling/trunk/bundles/jcr/base/src/main/java/org/apache/sling/jcr/base/util/AccessControlUtil.java
sling/trunk/launchpad/content/src/main/resources/content/apps/sling/servlet/default/ace.html.esp
sling/trunk/launchpad/testing/src/test/java/org/apache/sling/launchpad/webapp/integrationtest/accessManager/ModifyAceTest.java
Modified: sling/trunk/bundles/jcr/base/src/main/java/org/apache/sling/jcr/base/util/AccessControlUtil.java
URL: http://svn.apache.org/viewvc/sling/trunk/bundles/jcr/base/src/main/java/org/apache/sling/jcr/base/util/AccessControlUtil.java?rev=917278&r1=917277&r2=917278&view=diff
==============================================================================
--- sling/trunk/bundles/jcr/base/src/main/java/org/apache/sling/jcr/base/util/AccessControlUtil.java (original)
+++ sling/trunk/bundles/jcr/base/src/main/java/org/apache/sling/jcr/base/util/AccessControlUtil.java Sun Feb 28 19:44:54 2010
@@ -316,20 +316,18 @@
acl.addAccessControlEntry(principal, grantedPrivilegeList.toArray(new Privilege[grantedPrivilegeList.size()]));
}
- //if the authorizable is a user (not a group) process any denied privileges
+ //process any denied privileges
UserManager userManager = getUserManager(session);
Authorizable authorizable = userManager.getAuthorizable(principal);
- if (!authorizable.isGroup()) {
- //add a fresh ACE with the denied privileges
- List<Privilege> deniedPrivilegeList = new ArrayList<Privilege>();
- for (String name : newDeniedPrivilegeNames) {
- Privilege privilege = accessControlManager.privilegeFromName(name);
- deniedPrivilegeList.add(privilege);
- }
- if (deniedPrivilegeList.size() > 0) {
- addEntry(acl, principal, deniedPrivilegeList.toArray(new Privilege[deniedPrivilegeList.size()]), false);
- }
- }
+ //add a fresh ACE with the denied privileges
+ List<Privilege> deniedPrivilegeList = new ArrayList<Privilege>();
+ for (String name : newDeniedPrivilegeNames) {
+ Privilege privilege = accessControlManager.privilegeFromName(name);
+ deniedPrivilegeList.add(privilege);
+ }
+ if (deniedPrivilegeList.size() > 0) {
+ addEntry(acl, principal, deniedPrivilegeList.toArray(new Privilege[deniedPrivilegeList.size()]), false);
+ }
accessControlManager.setPolicy(resourcePath, acl);
if (log.isDebugEnabled()) {
Modified: sling/trunk/launchpad/content/src/main/resources/content/apps/sling/servlet/default/ace.html.esp
URL: http://svn.apache.org/viewvc/sling/trunk/launchpad/content/src/main/resources/content/apps/sling/servlet/default/ace.html.esp?rev=917278&r1=917277&r2=917278&view=diff
==============================================================================
--- sling/trunk/launchpad/content/src/main/resources/content/apps/sling/servlet/default/ace.html.esp (original)
+++ sling/trunk/launchpad/content/src/main/resources/content/apps/sling/servlet/default/ace.html.esp Sun Feb 28 19:44:54 2010
@@ -5,14 +5,12 @@
response.sendError(404);
} else {
var principalId = request.getParameter("pid");
- var isUser = false;
var isValidPrincipal = false;
if (principalId != null && principalId != "") {
var userManager = Packages.org.apache.sling.jcr.base.util.AccessControlUtil.getUserManager(currentNode.session);
if (userManager != null) {
var authorizable = userManager.getAuthorizable(principalId);
if (authorizable != null) {
- isUser = !authorizable.isGroup();
isValidPrincipal = true;
} else {
//no user/group matches the supplied principal id
@@ -72,12 +70,10 @@
<table width="100%">
<thead>
<tr>
- <th align="left" width="<%=isUser ? '70%' : '55%'%>">Privilege</th>
+ <th align="left" width="55%">Privilege</th>
<th align="center" width="15%">Ignored</th>
<th align="center" width="15%">Granted</th>
- <% if (isUser) { %>
<th align="center" width="15%">Denied</th>
- <% } %>
</tr>
</thead>
<tbody>
@@ -86,12 +82,10 @@
var p = supported[i];
%>
<tr>
- <td align="left" width="<%=isUser ? '70%' : '55%'%>"><%=p.getName()%></td>
+ <td align="left" width="55%"><%=p.getName()%></td>
<td align="center" width="15%"><input type="radio" name="privilege@<%=p.getName()%>" value="none" <%=granted.contains(p) || denied.contains(p) ? "" : "checked"%> /></td>
<td align="center" width="15%"><input type="radio" name="privilege@<%=p.getName()%>" value="granted" <%=granted.contains(p) ? "checked" : ""%> /></td>
- <% if (isUser) { %>
<td align="center" width="15%"><input type="radio" name="privilege@<%=p.getName()%>" value="denied" <%=denied.contains(p) ? "checked" : ""%> /></td>
- <% } %>
</tr>
<%
}
@@ -99,7 +93,7 @@
</tbody>
<tfoot>
<tr>
- <td colspan="<%=isUser ? '3' : '2'%>"></td>
+ <td colspan="3"></td>
<td align="center" width="15%">
<button accesskey="a" id="applyButton" class="form-button" type="submit">Apply</button>
</td>
Modified: sling/trunk/launchpad/testing/src/test/java/org/apache/sling/launchpad/webapp/integrationtest/accessManager/ModifyAceTest.java
URL: http://svn.apache.org/viewvc/sling/trunk/launchpad/testing/src/test/java/org/apache/sling/launchpad/webapp/integrationtest/accessManager/ModifyAceTest.java?rev=917278&r1=917277&r2=917278&view=diff
==============================================================================
--- sling/trunk/launchpad/testing/src/test/java/org/apache/sling/launchpad/webapp/integrationtest/accessManager/ModifyAceTest.java (original)
+++ sling/trunk/launchpad/testing/src/test/java/org/apache/sling/launchpad/webapp/integrationtest/accessManager/ModifyAceTest.java Sun Feb 28 19:44:54 2010
@@ -141,8 +141,9 @@
assertEquals(1, grantedArray.length());
assertEquals("jcr:read", grantedArray.getString(0));
- //denied rights are not applied for groups, so make sure it is not there
- assertTrue(aceObject.isNull("denied"));
+ JSONArray deniedArray = aceObject.getJSONArray("denied");
+ assertNotNull(deniedArray);
+ assertEquals("jcr:write", deniedArray.getString(0));
}
/**