You are viewing a plain text version of this content. The canonical link for it is here.
Posted to oak-commits@jackrabbit.apache.org by ch...@apache.org on 2013/10/09 12:11:40 UTC
svn commit: r1530552 - in /jackrabbit/oak/trunk/oak-jcr/src:
main/java/org/apache/jackrabbit/oak/jcr/delegate/NodeDelegate.java
test/java/org/apache/jackrabbit/oak/jcr/security/authorization/ReadTest.java
Author: chetanm
Date: Wed Oct 9 10:11:40 2013
New Revision: 1530552
URL: http://svn.apache.org/r1530552
Log:
OAK-1081 - Node.getNodes throwing exception if user does not have access to any child node
Node.getNodes() would now filter out nodes to which the session does not have access to.
Modified:
jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/delegate/NodeDelegate.java
jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/authorization/ReadTest.java
Modified: jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/delegate/NodeDelegate.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/delegate/NodeDelegate.java?rev=1530552&r1=1530551&r2=1530552&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/delegate/NodeDelegate.java (original)
+++ jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/delegate/NodeDelegate.java Wed Oct 9 10:11:40 2013
@@ -338,7 +338,7 @@ public class NodeDelegate extends ItemDe
filter(iterator, new Predicate<Tree>() {
@Override
public boolean apply(Tree tree) {
- return !tree.getName().startsWith(":");
+ return tree.exists();
}
}),
new Function<Tree, NodeDelegate>() {
@@ -447,7 +447,6 @@ public class NodeDelegate extends ItemDe
/**
* Set a property
*
- * @param propertyState
* @return the set property
*/
@Nonnull
@@ -824,7 +823,7 @@ public class NodeDelegate extends ItemDe
@Nonnull // FIXME this should be package private. OAK-672
public Tree getTree() throws InvalidItemStateException {
if (!tree.exists()) {
- throw new InvalidItemStateException("Item is stale");
+ throw new InvalidItemStateException("Item is stale " + tree.getPath());
}
return tree;
}
Modified: jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/authorization/ReadTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/authorization/ReadTest.java?rev=1530552&r1=1530551&r2=1530552&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/authorization/ReadTest.java (original)
+++ jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/authorization/ReadTest.java Wed Oct 9 10:11:40 2013
@@ -21,6 +21,7 @@ import java.util.Collections;
import java.util.HashSet;
import java.util.Set;
import javax.jcr.Node;
+import javax.jcr.NodeIterator;
import javax.jcr.PathNotFoundException;
import javax.jcr.RepositoryException;
import javax.jcr.Session;
@@ -34,6 +35,7 @@ import org.apache.jackrabbit.api.securit
import org.apache.jackrabbit.api.security.user.Group;
import org.apache.jackrabbit.commons.jackrabbit.authorization.AccessControlUtils;
import org.apache.jackrabbit.oak.spi.security.principal.EveryonePrincipal;
+import org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeConstants;
import org.junit.Test;
import static org.junit.Assert.assertArrayEquals;
@@ -89,7 +91,7 @@ public class ReadTest extends AbstractEv
}
@Test
- public void testDeniedReadOnSubTree() throws Exception, InterruptedException {
+ public void testDeniedReadOnSubTree() throws Exception {
// withdraw READ privilege to 'testUser' at 'path'
deny(childNPath, readPrivileges);
/*
@@ -410,7 +412,7 @@ public class ReadTest extends AbstractEv
allow(path, group2.getPrincipal(), readPrivs);
deny(path, group3.getPrincipal(), readPrivs);
- Set<Principal> principals = new HashSet();
+ Set<Principal> principals = new HashSet<Principal>();
principals.add(getTestGroup().getPrincipal());
principals.add(group2.getPrincipal());
principals.add(group3.getPrincipal());
@@ -437,7 +439,7 @@ public class ReadTest extends AbstractEv
deny(path, group3.getPrincipal(), readPrivs);
modify(path, getTestGroup().getPrincipal(), readPrivs, true, createGlobRestriction("/*"));
- Set<Principal> principals = new HashSet();
+ Set<Principal> principals = new HashSet<Principal>();
principals.add(getTestGroup().getPrincipal());
principals.add(group2.getPrincipal());
principals.add(group3.getPrincipal());
@@ -505,6 +507,25 @@ public class ReadTest extends AbstractEv
allow(path, testUser.getPrincipal(), readPrivileges);
}
+ @Test
+ public void testChildNodesWithAccessCheck() throws Exception {
+ Node nodeToDeny = superuser.getNode(path).addNode("nodeToDeny");
+ superuser.save();
+
+ //Deny access to one of the child node
+ deny(nodeToDeny.getPath(), privilegesFromName(PrivilegeConstants.JCR_READ));
+
+ NodeIterator it = testSession.getNode(path).getNodes();
+ Set<String> childNodeNames = new HashSet<String>();
+ while (it.hasNext()) {
+ Node n = it.nextNode();
+ childNodeNames.add(n.getName());
+ }
+
+ //Denied node should not show up in the child node names list
+ assertFalse(childNodeNames.contains("nodeToDeny"));
+ }
+
private void assertEntry(final int index, final boolean isAllow) throws RepositoryException {
AccessControlEntry first = AccessControlUtils.getAccessControlList(superuser, path).getAccessControlEntries()[index];