You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@jackrabbit.apache.org by re...@apache.org on 2012/07/24 19:14:40 UTC

svn commit: r1365175 - in /jackrabbit/branches/2.4: ./ jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/ jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/acl/

Author: reschke
Date: Tue Jul 24 17:14:40 2012
New Revision: 1365175

URL: http://svn.apache.org/viewvc?rev=1365175&view=rev
Log:
JCR-3390: Reordering policy node fails with AccessDeniedException (ported to 2.4)

Modified:
    jackrabbit/branches/2.4/   (props changed)
    jackrabbit/branches/2.4/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/PrivilegeRegistry.java
    jackrabbit/branches/2.4/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/acl/WriteTest.java

Propchange: jackrabbit/branches/2.4/
------------------------------------------------------------------------------
  Merged /jackrabbit/trunk:r1362796

Modified: jackrabbit/branches/2.4/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/PrivilegeRegistry.java
URL: http://svn.apache.org/viewvc/jackrabbit/branches/2.4/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/PrivilegeRegistry.java?rev=1365175&r1=1365174&r2=1365175&view=diff
==============================================================================
--- jackrabbit/branches/2.4/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/PrivilegeRegistry.java (original)
+++ jackrabbit/branches/2.4/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/PrivilegeRegistry.java Tue Jul 24 17:14:40 2012
@@ -377,13 +377,6 @@ public final class PrivilegeRegistry imp
                 perm |= Permission.ADD_NODE;
             }
 
-            // modify_child_node_collection permission is granted through
-            // privileges on the parent
-            if ((parentPrivs & ADD_CHILD_NODES) == ADD_CHILD_NODES &&
-                    (parentPrivs & REMOVE_CHILD_NODES) == REMOVE_CHILD_NODES) {
-                perm |= Permission.MODIFY_CHILD_NODE_COLLECTION;
-            }
-
             /*
              remove_node is
              allowed: only if remove_child_nodes privilege is present on
@@ -404,6 +397,13 @@ public final class PrivilegeRegistry imp
             }
         }
 
+        // modify_child_node_collection permission is granted through
+        // privileges on the parent
+        if ((parentPrivs & ADD_CHILD_NODES) == ADD_CHILD_NODES &&
+                (parentPrivs & REMOVE_CHILD_NODES) == REMOVE_CHILD_NODES) {
+            perm |= Permission.MODIFY_CHILD_NODE_COLLECTION;
+        }
+
         // the remaining (special) permissions are simply defined on the node
         if ((privs & READ_AC) == READ_AC) {
             perm |= Permission.READ_AC;

Modified: jackrabbit/branches/2.4/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/acl/WriteTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/branches/2.4/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/acl/WriteTest.java?rev=1365175&r1=1365174&r2=1365175&view=diff
==============================================================================
--- jackrabbit/branches/2.4/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/acl/WriteTest.java (original)
+++ jackrabbit/branches/2.4/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/acl/WriteTest.java Tue Jul 24 17:14:40 2012
@@ -26,6 +26,7 @@ import org.apache.jackrabbit.core.securi
 import org.apache.jackrabbit.core.security.principal.EveryonePrincipal;
 import org.apache.jackrabbit.core.security.TestPrincipal;
 import org.apache.jackrabbit.test.NotExecutableException;
+import org.apache.jackrabbit.util.Text;
 
 import javax.jcr.AccessDeniedException;
 import javax.jcr.Node;
@@ -530,4 +531,26 @@ public class WriteTest extends AbstractW
             superuser.save();
         }
     }
+
+    public void testReorderPolicyNode() throws RepositoryException, NotExecutableException {
+        Session testSession = getTestSession();
+        Node n = testSession.getNode(path);
+        try {
+            if (!n.getPrimaryNodeType().hasOrderableChildNodes()) {
+                throw new NotExecutableException("Reordering child nodes is not supported..");
+            }
+
+            n.orderBefore(Text.getName(childNPath), Text.getName(childNPath2));
+            testSession.save();
+            fail("test session must not be allowed to reorder nodes.");
+        } catch (AccessDeniedException e) {
+            // success.
+        }
+
+        // grant all privileges
+        givePrivileges(path, privilegesFromNames(new String[] {Privilege.JCR_ALL}), getRestrictions(superuser, path));
+
+        n.orderBefore("rep:policy", Text.getName(childNPath2));
+        testSession.save();
+    }
 }
\ No newline at end of file