You are viewing a plain text version of this content. The canonical link for it is here.
Posted to oak-commits@jackrabbit.apache.org by an...@apache.org on 2019/01/16 16:46:38 UTC
svn commit: r1851470 - in /jackrabbit/oak/branches/1.10: ./
oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/ACL.java
oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/ACLTest.java
Author: angela
Date: Wed Jan 16 16:46:38 2019
New Revision: 1851470
URL: http://svn.apache.org/viewvc?rev=1851470&view=rev
Log:
OAK-7982 : ACL.addEntry: check for mandatory restrictions only respects single value restrictions (merging rev. 1851451)
Modified:
jackrabbit/oak/branches/1.10/ (props changed)
jackrabbit/oak/branches/1.10/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/ACL.java
jackrabbit/oak/branches/1.10/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/ACLTest.java
Propchange: jackrabbit/oak/branches/1.10/
------------------------------------------------------------------------------
--- svn:mergeinfo (original)
+++ svn:mergeinfo Wed Jan 16 16:46:38 2019
@@ -1,2 +1,3 @@
/jackrabbit/oak/branches/1.0:1665962
+/jackrabbit/oak/trunk:1851451
/jackrabbit/trunk:1345480
Modified: jackrabbit/oak/branches/1.10/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/ACL.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/branches/1.10/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/ACL.java?rev=1851470&r1=1851469&r2=1851470&view=diff
==============================================================================
--- jackrabbit/oak/branches/1.10/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/ACL.java (original)
+++ jackrabbit/oak/branches/1.10/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/ACL.java Wed Jan 16 16:46:38 2019
@@ -100,9 +100,17 @@ abstract class ACL extends AbstractAcces
}
for (RestrictionDefinition def : getRestrictionProvider().getSupportedRestrictions(getOakPath())) {
- String jcrName = getNamePathMapper().getJcrName(def.getName());
- if (def.isMandatory() && (restrictions == null || !restrictions.containsKey(jcrName))) {
- throw new AccessControlException("Mandatory restriction " + jcrName + " is missing.");
+ if (def.isMandatory()) {
+ String jcrName = getNamePathMapper().getJcrName(def.getName());
+ boolean mandatoryPresent;
+ if (def.getRequiredType().isArray()) {
+ mandatoryPresent = (mvRestrictions != null && mvRestrictions.containsKey(jcrName));
+ } else {
+ mandatoryPresent = (restrictions != null && restrictions.containsKey(jcrName));
+ }
+ if (!mandatoryPresent) {
+ throw new AccessControlException("Mandatory restriction " + jcrName + " is missing.");
+ }
}
}
Modified: jackrabbit/oak/branches/1.10/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/ACLTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/branches/1.10/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/ACLTest.java?rev=1851470&r1=1851469&r2=1851470&view=diff
==============================================================================
--- jackrabbit/oak/branches/1.10/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/ACLTest.java (original)
+++ jackrabbit/oak/branches/1.10/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/ACLTest.java Wed Jan 16 16:46:38 2019
@@ -830,17 +830,52 @@ public class ACLTest extends AbstractAcc
}
}
- @Test
+ @Test(expected = AccessControlException.class)
public void testMandatoryRestrictions() throws Exception {
RestrictionProvider rp = new TestRestrictionProvider("mandatory", Type.NAME, true);
JackrabbitAccessControlList acl = createACL(TEST_PATH, new ArrayList(), namePathMapper, rp);
- try {
- acl.addEntry(testPrincipal, testPrivileges, false, Collections.<String, Value>emptyMap());
- fail("Mandatory restriction must be enforced.");
- } catch (AccessControlException e) {
- // mandatory restriction missing -> success
- }
+ acl.addEntry(testPrincipal, testPrivileges, false, Collections.emptyMap(), Collections.emptyMap());
+ }
+
+ @Test
+ public void testMandatoryRestrictionsPresent() throws Exception {
+ RestrictionProvider rp = new TestRestrictionProvider("mandatory", Type.NAME, true);
+
+ JackrabbitAccessControlList acl = createACL(TEST_PATH, new ArrayList(), namePathMapper, rp);
+ acl.addEntry(testPrincipal, testPrivileges, false, Collections.singletonMap("mandatory", valueFactory.createValue("name", PropertyType.NAME)), Collections.emptyMap());
+ }
+
+ @Test(expected = AccessControlException.class)
+ public void testMandatoryRestrictionsPresentAsMV() throws Exception {
+ RestrictionProvider rp = new TestRestrictionProvider("mandatory", Type.NAME, true);
+
+ JackrabbitAccessControlList acl = createACL(TEST_PATH, new ArrayList(), namePathMapper, rp);
+ acl.addEntry(testPrincipal, testPrivileges, false, Collections.emptyMap(), Collections.singletonMap("mandatory", new Value[] {valueFactory.createValue("name", PropertyType.NAME)}));
+ }
+
+ @Test(expected = AccessControlException.class)
+ public void testMandatoryMVRestrictions() throws Exception {
+ RestrictionProvider rp = new TestRestrictionProvider("mandatory", Type.NAMES, true);
+
+ JackrabbitAccessControlList acl = createACL(TEST_PATH, new ArrayList(), namePathMapper, rp);
+ acl.addEntry(testPrincipal, testPrivileges, false, Collections.emptyMap(), Collections.emptyMap());
+ }
+
+ @Test(expected = AccessControlException.class)
+ public void testMandatoryMVRestrictionsPresentAsSingle() throws Exception {
+ RestrictionProvider rp = new TestRestrictionProvider("mandatory", Type.NAMES, true);
+
+ JackrabbitAccessControlList acl = createACL(TEST_PATH, new ArrayList(), namePathMapper, rp);
+ acl.addEntry(testPrincipal, testPrivileges, false, Collections.singletonMap("mandatory", valueFactory.createValue("name", PropertyType.NAME)), Collections.emptyMap());
+ }
+
+ @Test
+ public void testMandatoryMVRestrictionsPresent() throws Exception {
+ RestrictionProvider rp = new TestRestrictionProvider("mandatory", Type.NAMES, true);
+
+ JackrabbitAccessControlList acl = createACL(TEST_PATH, new ArrayList(), namePathMapper, rp);
+ acl.addEntry(testPrincipal, testPrivileges, false, Collections.emptyMap(), Collections.singletonMap("mandatory", new Value[] {valueFactory.createValue("name", PropertyType.NAME)}));
}
//--------------------------------------------------------------------------