You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@sling.apache.org by ro...@apache.org on 2017/11/07 09:50:33 UTC
[sling-org-apache-sling-jcr-repoinit] 09/14: SLING-6182 repoinit
fails to set ACL on previously created principal
This is an automated email from the ASF dual-hosted git repository.
rombert pushed a commit to annotated tag org.apache.sling.jcr.repoinit-1.1.4
in repository https://gitbox.apache.org/repos/asf/sling-org-apache-sling-jcr-repoinit.git
commit 837d364e5761b0e2ef447087d2d0e313479a2763
Author: Oliver Lietz <ol...@apache.org>
AuthorDate: Thu Mar 9 16:15:11 2017 +0000
SLING-6182 repoinit fails to set ACL on previously created principal
do not use AccessControlUtils for regular principals
git-svn-id: https://svn.apache.org/repos/asf/sling/trunk/bundles/jcr/repoinit@1786198 13f79535-47bb-0310-9956-ffa450edef68
---
.../apache/sling/jcr/repoinit/impl/AclUtil.java | 23 ++++++++++++++++------
1 file changed, 17 insertions(+), 6 deletions(-)
diff --git a/src/main/java/org/apache/sling/jcr/repoinit/impl/AclUtil.java b/src/main/java/org/apache/sling/jcr/repoinit/impl/AclUtil.java
index 934fa5f..7cd5a51 100644
--- a/src/main/java/org/apache/sling/jcr/repoinit/impl/AclUtil.java
+++ b/src/main/java/org/apache/sling/jcr/repoinit/impl/AclUtil.java
@@ -33,7 +33,9 @@ import javax.jcr.security.Privilege;
import org.apache.jackrabbit.api.security.JackrabbitAccessControlEntry;
import org.apache.jackrabbit.api.security.JackrabbitAccessControlList;
import org.apache.jackrabbit.api.security.JackrabbitAccessControlManager;
+import org.apache.jackrabbit.api.security.user.Authorizable;
import org.apache.jackrabbit.commons.jackrabbit.authorization.AccessControlUtils;
+import org.apache.jackrabbit.oak.spi.security.principal.EveryonePrincipal;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -52,21 +54,30 @@ public class AclUtil {
return (JackrabbitAccessControlManager) acm;
}
- public static void setAcl(Session s, List<String> principals, List<String> paths, List<String> privileges, boolean isAllow)
+ public static void setAcl(Session session, List<String> principals, List<String> paths, List<String> privileges, boolean isAllow)
throws UnsupportedRepositoryOperationException, RepositoryException {
final String [] privArray = privileges.toArray(new String[privileges.size()]);
- final Privilege[] jcrPriv = AccessControlUtils.privilegesFromNames(s, privArray);
+ final Privilege[] jcrPriv = AccessControlUtils.privilegesFromNames(session, privArray);
for(String path : paths) {
- if(!s.nodeExists(path)) {
+ if(!session.nodeExists(path)) {
throw new PathNotFoundException("Cannot set ACL on non-existent path " + path);
}
- JackrabbitAccessControlList acl = AccessControlUtils.getAccessControlList(s, path);
+ JackrabbitAccessControlList acl = AccessControlUtils.getAccessControlList(session, path);
AccessControlEntry[] existingAces = acl.getAccessControlEntries();
boolean changed = false;
for (String name : principals) {
- final Principal principal = AccessControlUtils.getPrincipal(s, name);
+ final Principal principal;
+ if (EveryonePrincipal.NAME.equals(name)) {
+ principal = AccessControlUtils.getPrincipal(session, name);
+ } else {
+ final Authorizable authorizable = UserUtil.getAuthorizable(session, name);
+ if (authorizable == null) {
+ throw new IllegalStateException("Authorizable not found:" + name);
+ }
+ principal = authorizable.getPrincipal();
+ }
if (principal == null) {
throw new IllegalStateException("Principal not found: " + name);
}
@@ -79,7 +90,7 @@ public class AclUtil {
changed = true;
}
if ( changed ) {
- getJACM(s).setPolicy(path, acl);
+ getJACM(session).setPolicy(path, acl);
}
}
--
To stop receiving notification emails like this one, please contact
"commits@sling.apache.org" <co...@sling.apache.org>.