You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@sling.apache.org by bd...@apache.org on 2020/04/30 14:56:35 UTC
[sling-org-apache-sling-jcr-repoinit] branch master updated:
SLING-9412 : AclUtil.containsEquivalentEntry should not fail if no such
node exists
This is an automated email from the ASF dual-hosted git repository.
bdelacretaz pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/sling-org-apache-sling-jcr-repoinit.git
The following commit(s) were added to refs/heads/master by this push:
new fee4928 SLING-9412 : AclUtil.containsEquivalentEntry should not fail if no such node exists
new db2f274 Merge pull request #11 from anchela/SLING-9412
fee4928 is described below
commit fee49281302d23316a8ced1783cbe79c7510bbb9
Author: angela <an...@adobe.com>
AuthorDate: Thu Apr 30 16:00:35 2020 +0200
SLING-9412 : AclUtil.containsEquivalentEntry should not fail if no such node exists
---
.../apache/sling/jcr/repoinit/impl/AclUtil.java | 7 ++++++-
.../sling/jcr/repoinit/PrincipalBasedAclTest.java | 24 ++++++++++++++++++++++
2 files changed, 30 insertions(+), 1 deletion(-)
diff --git a/src/main/java/org/apache/sling/jcr/repoinit/impl/AclUtil.java b/src/main/java/org/apache/sling/jcr/repoinit/impl/AclUtil.java
index cd9907a..6c568fa 100644
--- a/src/main/java/org/apache/sling/jcr/repoinit/impl/AclUtil.java
+++ b/src/main/java/org/apache/sling/jcr/repoinit/impl/AclUtil.java
@@ -185,7 +185,8 @@ public class AclUtil {
Privilege[] privileges = AccessControlUtils.privilegesFromNames(session, line.getProperty(PROP_PRIVILEGES).toArray(new String[0]));
for (String effectivePath : getJcrPaths(session, line.getProperty(PROP_PATHS))) {
if (acl == null) {
- // no PrincipalAccessControlList available: don't fail if an equivalent path-based entry with the same definition exists.
+ // no PrincipalAccessControlList available: don't fail if an equivalent path-based entry with the same definition exists
+ // or if there exists no node at the effective path (unable to evaluate path-based entries).
LOG.info("No PrincipalAccessControlList available for principal {}", principal);
checkState(containsEquivalentEntry(session, effectivePath, principal, privileges, true, line.getRestrictions()), "No PrincipalAccessControlList available for principal '" + principal + "'.");
} else {
@@ -257,6 +258,10 @@ public class AclUtil {
}
private static boolean containsEquivalentEntry(Session session, String absPath, Principal principal, Privilege[] privileges, boolean isAllow, List<RestrictionClause> restrictionList) throws RepositoryException {
+ if (absPath != null && !session.nodeExists(absPath)) {
+ LOG.info("Cannot determine existence of equivalent path-based entry for principal {}. No node at path {} ", principal.getName(), absPath);
+ return true;
+ }
for (AccessControlPolicy policy : session.getAccessControlManager().getPolicies(absPath)) {
if (policy instanceof JackrabbitAccessControlList) {
LocalRestrictions lr = createLocalRestrictions(restrictionList, ((JackrabbitAccessControlList) policy), session);
diff --git a/src/test/java/org/apache/sling/jcr/repoinit/PrincipalBasedAclTest.java b/src/test/java/org/apache/sling/jcr/repoinit/PrincipalBasedAclTest.java
index bcb11c0..19a1270 100644
--- a/src/test/java/org/apache/sling/jcr/repoinit/PrincipalBasedAclTest.java
+++ b/src/test/java/org/apache/sling/jcr/repoinit/PrincipalBasedAclTest.java
@@ -588,6 +588,30 @@ public class PrincipalBasedAclTest {
}
@Test
+ public void principalAclNotAvailableNonExistingNode() throws Exception {
+ JackrabbitAccessControlManager acMgr = (JackrabbitAccessControlManager) adminSession.getAccessControlManager();
+ try {
+ // create service user outside of supported tree for principal-based access control
+ U.parseAndExecute("create service user otherSystemPrincipal");
+
+ // setting up principal-acl will not succeed (principal not located below supported path)
+ // but since the target node does not exist we cannot verify if an equivalent resource-based ac-setup exists
+ // (AccessControlManager.getPolicies would fail with PathNotFoundException) => relaxed behavior (SLING-9412)
+ String setup = "set principal ACL for otherSystemPrincipal \n"
+ + "allow jcr:read on /non/existing/path\n"
+ + "end";
+ U.parseAndExecute(setup);
+
+ Principal principal = adminSession.getUserManager().getAuthorizable("otherSystemPrincipal").getPrincipal();
+ for (AccessControlPolicy policy : acMgr.getPolicies(principal)) {
+ assertFalse(policy instanceof PrincipalAccessControlList);
+ }
+ } finally {
+ U.cleanupServiceUser("otherSystemPrincipal");
+ }
+ }
+
+ @Test
public void testHomePath() throws Exception {
UserManager uMgr = ((JackrabbitSession) U.adminSession).getUserManager();
Authorizable a = uMgr.getAuthorizable(U.username);