You are viewing a plain text version of this content. The canonical link for it is here.
Posted to oak-commits@jackrabbit.apache.org by st...@apache.org on 2017/07/27 07:02:50 UTC
svn commit: r1803134 - in /jackrabbit/oak/trunk/oak-core/src:
main/java/org/apache/jackrabbit/oak/security/authorization/composite/
test/java/org/apache/jackrabbit/oak/security/authorization/composite/
Author: stillalex
Date: Thu Jul 27 07:02:50 2017
New Revision: 1803134
URL: http://svn.apache.org/viewvc?rev=1803134&view=rev
Log:
OAK-6499 MultiplexingPermissionProvider wrong privileges composition
Modified:
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/composite/CompositePermissionProvider.java
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/composite/CompositeProviderAllTest.java
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/composite/CompositeProviderEmptyTest.java
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/composite/MutiplexingProviderRandomTestIT.java
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/composite/CompositePermissionProvider.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/composite/CompositePermissionProvider.java?rev=1803134&r1=1803133&r2=1803134&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/composite/CompositePermissionProvider.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/composite/CompositePermissionProvider.java Thu Jul 27 07:02:50 2017
@@ -104,9 +104,11 @@ class CompositePermissionProvider implem
if (!granted.isEmpty()) {
result.add(granted);
}
- // update the set of denied privs by comparing the granted privs
- // with the complete set of supported privileges
- denied.add(supported.diff(granted));
+ if (compositionType == AND) {
+ // update the set of denied privs by comparing the granted privs
+ // with the complete set of supported privileges
+ denied.add(supported.diff(granted));
+ }
}
}
// subtract all denied privileges from the result
Modified: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/composite/CompositeProviderAllTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/composite/CompositeProviderAllTest.java?rev=1803134&r1=1803133&r2=1803134&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/composite/CompositeProviderAllTest.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/composite/CompositeProviderAllTest.java Thu Jul 27 07:02:50 2017
@@ -231,7 +231,7 @@ public class CompositeProviderAllTest ex
Set<String> expected = defPrivileges.get(p);
Tree tree = root.getTree(p);
assertEquals(p, expected, cpp.getPrivileges(tree));
- assertEquals(p, expected, cppO.getPrivileges(tree));
+ assertEquals(p, ImmutableSet.of(JCR_ALL), cppO.getPrivileges(tree));
}
}
@@ -240,7 +240,7 @@ public class CompositeProviderAllTest ex
Set<String> privilegeNames = cpp.getPrivileges(null);
assertEquals(ImmutableSet.of(JCR_NAMESPACE_MANAGEMENT, JCR_NODE_TYPE_DEFINITION_MANAGEMENT), privilegeNames);
Set<String> privilegeNamesO = cppO.getPrivileges(null);
- assertEquals(ImmutableSet.of(JCR_NAMESPACE_MANAGEMENT, JCR_NODE_TYPE_DEFINITION_MANAGEMENT), privilegeNamesO);
+ assertEquals(ImmutableSet.of(JCR_ALL), privilegeNamesO);
}
Modified: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/composite/CompositeProviderEmptyTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/composite/CompositeProviderEmptyTest.java?rev=1803134&r1=1803133&r2=1803134&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/composite/CompositeProviderEmptyTest.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/composite/CompositeProviderEmptyTest.java Thu Jul 27 07:02:50 2017
@@ -36,6 +36,9 @@ import org.apache.jackrabbit.oak.spi.sec
import org.apache.jackrabbit.oak.spi.security.authorization.permission.TreePermission;
import org.junit.Test;
+import com.google.common.collect.ImmutableSet;
+
+import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertFalse;
import static org.junit.Assert.assertTrue;
@@ -84,14 +87,14 @@ public class CompositeProviderEmptyTest
public void testGetPrivileges() throws Exception {
for (String p : NODE_PATHS) {
assertTrue(cpp.getPrivileges(readOnlyRoot.getTree(p)).isEmpty());
- assertTrue(cppO.getPrivileges(readOnlyRoot.getTree(p)).isEmpty());
+ assertEquals(ImmutableSet.of(JCR_ALL), cppO.getPrivileges(readOnlyRoot.getTree(p)));
}
}
@Test
public void testGetPrivilegesOnRepo() throws Exception {
assertTrue(cpp.getPrivileges(null).isEmpty());
- assertTrue(cppO.getPrivileges(null).isEmpty());
+ assertEquals(ImmutableSet.of(JCR_ALL), cppO.getPrivileges(null));
}
@Test
Modified: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/composite/MutiplexingProviderRandomTestIT.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/composite/MutiplexingProviderRandomTestIT.java?rev=1803134&r1=1803133&r2=1803134&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/composite/MutiplexingProviderRandomTestIT.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/composite/MutiplexingProviderRandomTestIT.java Thu Jul 27 07:02:50 2017
@@ -31,6 +31,7 @@ import org.apache.jackrabbit.oak.spi.sec
import org.apache.jackrabbit.oak.spi.security.authorization.AuthorizationConfiguration;
import org.apache.jackrabbit.oak.spi.security.authorization.accesscontrol.AccessControlConstants;
import org.apache.jackrabbit.oak.spi.security.authorization.permission.PermissionProvider;
+import org.junit.Assert;
import com.google.common.base.Preconditions;
import com.google.common.collect.Iterators;
@@ -58,9 +59,12 @@ public class MutiplexingProviderRandomTe
@Nonnull Set<Principal> principals) {
ConfigurationParameters authConfig = ConfigurationParameters.of(Collections.singletonMap(
AccessControlConstants.PARAM_MOUNT_PROVIDER, Preconditions.checkNotNull(mountInfoProvider)));
- SecurityProviderImpl sp = new SecurityProviderImpl(authConfig);
+ ConfigurationParameters config = ConfigurationParameters.of(Collections.singletonMap(
+ AuthorizationConfiguration.NAME, authConfig));
+ SecurityProviderImpl sp = new SecurityProviderImpl(config);
AuthorizationConfiguration acConfig = sp.getConfiguration(AuthorizationConfiguration.class);
- return acConfig.getPermissionProvider(root, workspaceName, principals);
+ PermissionProvider composite = acConfig.getPermissionProvider(root, workspaceName, principals);
+ Assert.assertTrue(composite instanceof MultiplexingPermissionProvider);
+ return composite;
}
-
}
\ No newline at end of file