You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@sling.apache.org by en...@apache.org on 2019/10/28 21:00:25 UTC

[sling-org-apache-sling-jcr-jackrabbit-accessmanager] branch master updated: SLING-8811 The ModifyAce and DeleteAce response should include the principalIds that were changed in the "changes" list

This is an automated email from the ASF dual-hosted git repository.

enorman pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/sling-org-apache-sling-jcr-jackrabbit-accessmanager.git


The following commit(s) were added to refs/heads/master by this push:
     new 76180a0  SLING-8811 The ModifyAce and DeleteAce response should include the principalIds that were changed in the "changes" list
76180a0 is described below

commit 76180a07930e9dababca11aa424ab0d27e1eaa06
Author: Eric Norman <en...@apache.org>
AuthorDate: Mon Oct 28 14:00:16 2019 -0700

    SLING-8811 The ModifyAce and DeleteAce response should include the
    principalIds that were changed in the "changes" list
---
 .../accessmanager/post/DeleteAcesServlet.java          | 18 +++++++++++++++---
 .../accessmanager/post/ModifyAceServlet.java           | 18 ++++++++++++++++--
 2 files changed, 31 insertions(+), 5 deletions(-)

diff --git a/src/main/java/org/apache/sling/jcr/jackrabbit/accessmanager/post/DeleteAcesServlet.java b/src/main/java/org/apache/sling/jcr/jackrabbit/accessmanager/post/DeleteAcesServlet.java
index baac3ac..0a1d48b 100644
--- a/src/main/java/org/apache/sling/jcr/jackrabbit/accessmanager/post/DeleteAcesServlet.java
+++ b/src/main/java/org/apache/sling/jcr/jackrabbit/accessmanager/post/DeleteAcesServlet.java
@@ -127,7 +127,7 @@ public class DeleteAcesServlet extends AbstractAccessPostServlet implements Dele
 		Session session = request.getResourceResolver().adaptTo(Session.class);
     	String resourcePath = request.getResource().getPath();
         String[] applyTo = request.getParameterValues(SlingPostConstants.RP_APPLY_TO);
-        deleteAces(session, resourcePath, applyTo);
+        deleteAces(session, resourcePath, applyTo, changes);
 	}
 
 	/* (non-Javadoc)
@@ -135,7 +135,14 @@ public class DeleteAcesServlet extends AbstractAccessPostServlet implements Dele
 	 */
 	public void deleteAces(Session jcrSession, String resourcePath,
 			String[] principalNamesToDelete) throws RepositoryException {
-
+		deleteAces(jcrSession, resourcePath, principalNamesToDelete, null);
+	}
+	
+	/* (non-Javadoc)
+	 * @see org.apache.sling.jcr.jackrabbit.accessmanager.DeleteAces#deleteAces(javax.jcr.Session, java.lang.String, java.lang.String[])
+	 */
+	protected void deleteAces(Session jcrSession, String resourcePath,
+			String[] principalNamesToDelete, List<Modification> changes) throws RepositoryException {
         if (principalNamesToDelete == null) {
 			throw new RepositoryException("principalIds were not sumitted.");
         } else {
@@ -177,6 +184,7 @@ public class DeleteAcesServlet extends AbstractAccessPostServlet implements Dele
 			try {
 				AccessControlManager accessControlManager = AccessControlUtil.getAccessControlManager(jcrSession);
 				AccessControlList updatedAcl = getAccessControlListOrNull(accessControlManager, resourcePath, false);
+
 				// if there is no AccessControlList, then there is nothing to be deleted
 				if (updatedAcl == null) {
 					// log the warning about principals where no ACE was found
@@ -208,7 +216,11 @@ public class DeleteAcesServlet extends AbstractAccessPostServlet implements Dele
 
 					// log the warning about principals where no ACE was found
 					for (String pid : pidSet) {
-						if (!removedPidSet.contains(pid)) {
+						if (removedPidSet.contains(pid)) {
+							if (changes != null) {
+								changes.add(Modification.onDeleted(pid));
+							}
+						} else {
 							log.warn("No AccessControlEntry was found to be deleted for principal: " + pid);
 						}
 					}
diff --git a/src/main/java/org/apache/sling/jcr/jackrabbit/accessmanager/post/ModifyAceServlet.java b/src/main/java/org/apache/sling/jcr/jackrabbit/accessmanager/post/ModifyAceServlet.java
index f8f19a5..7ef6dd3 100644
--- a/src/main/java/org/apache/sling/jcr/jackrabbit/accessmanager/post/ModifyAceServlet.java
+++ b/src/main/java/org/apache/sling/jcr/jackrabbit/accessmanager/post/ModifyAceServlet.java
@@ -217,7 +217,7 @@ public class ModifyAceServlet extends AbstractAccessPostServlet implements Modif
 		}
 		String order = request.getParameter("order");
     	modifyAce(session, resourcePath, principalId, privileges, order, restrictions, mvRestrictions, 
-    			removeRestrictionNames, false);
+    			removeRestrictionNames, false, changes);
 	}
 	
 
@@ -249,7 +249,7 @@ public class ModifyAceServlet extends AbstractAccessPostServlet implements Modif
 		modifyAce(jcrSession, resourcePath, principalId, privileges, order, 
 				restrictions, mvRestrictions, removeRestrictionNames, true);
 	}	
-	
+
 	/* (non-Javadoc)
 	 * @see org.apache.sling.jcr.jackrabbit.accessmanager.ModifyAce#modifyAce(javax.jcr.Session, java.lang.String, java.lang.String, java.util.Map, java.lang.String, java.util.Map, java.util.Map, java.util.Set, boolean)
 	 */
@@ -257,6 +257,13 @@ public class ModifyAceServlet extends AbstractAccessPostServlet implements Modif
 	public void modifyAce(Session jcrSession, String resourcePath, String principalId, Map<String, String> privileges,
 			String order, Map<String, Value> restrictions, Map<String, Value[]> mvRestrictions,
 			Set<String> removeRestrictionNames, boolean autoSave) throws RepositoryException {
+		modifyAce(jcrSession, resourcePath, principalId, privileges, order, 
+				restrictions, mvRestrictions, removeRestrictionNames, autoSave, null);
+	}
+	
+	protected void modifyAce(Session jcrSession, String resourcePath, String principalId, Map<String, String> privileges,
+			String order, Map<String, Value> restrictions, Map<String, Value[]> mvRestrictions,
+			Set<String> removeRestrictionNames, boolean autoSave, List<Modification> changes) throws RepositoryException {
 		if (jcrSession == null) {
 			throw new RepositoryException("JCR Session not found");
 		}
@@ -264,6 +271,8 @@ public class ModifyAceServlet extends AbstractAccessPostServlet implements Modif
 		if (principalId == null) {
 			throw new RepositoryException("principalId was not submitted.");
 		}
+		
+		// validate that the submitted name is valid
 		PrincipalManager principalManager = AccessControlUtil.getPrincipalManager(jcrSession);
 		Principal principal = principalManager.getPrincipal(principalId);
 		if (principal == null) {
@@ -315,6 +324,11 @@ public class ModifyAceServlet extends AbstractAccessPostServlet implements Modif
 					restrictions,
 					mvRestrictions,
 					removeRestrictionNames);
+			
+			if (changes != null) {
+				changes.add(Modification.onModified(principal.getName()));
+			}
+			
 			if (autoSave && jcrSession.hasPendingChanges()) {
 				jcrSession.save();
 			}