You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@jackrabbit.apache.org by re...@apache.org on 2012/07/24 19:14:40 UTC
svn commit: r1365175 - in /jackrabbit/branches/2.4: ./
jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/
jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/acl/
Author: reschke
Date: Tue Jul 24 17:14:40 2012
New Revision: 1365175
URL: http://svn.apache.org/viewvc?rev=1365175&view=rev
Log:
JCR-3390: Reordering policy node fails with AccessDeniedException (ported to 2.4)
Modified:
jackrabbit/branches/2.4/ (props changed)
jackrabbit/branches/2.4/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/PrivilegeRegistry.java
jackrabbit/branches/2.4/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/acl/WriteTest.java
Propchange: jackrabbit/branches/2.4/
------------------------------------------------------------------------------
Merged /jackrabbit/trunk:r1362796
Modified: jackrabbit/branches/2.4/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/PrivilegeRegistry.java
URL: http://svn.apache.org/viewvc/jackrabbit/branches/2.4/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/PrivilegeRegistry.java?rev=1365175&r1=1365174&r2=1365175&view=diff
==============================================================================
--- jackrabbit/branches/2.4/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/PrivilegeRegistry.java (original)
+++ jackrabbit/branches/2.4/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/PrivilegeRegistry.java Tue Jul 24 17:14:40 2012
@@ -377,13 +377,6 @@ public final class PrivilegeRegistry imp
perm |= Permission.ADD_NODE;
}
- // modify_child_node_collection permission is granted through
- // privileges on the parent
- if ((parentPrivs & ADD_CHILD_NODES) == ADD_CHILD_NODES &&
- (parentPrivs & REMOVE_CHILD_NODES) == REMOVE_CHILD_NODES) {
- perm |= Permission.MODIFY_CHILD_NODE_COLLECTION;
- }
-
/*
remove_node is
allowed: only if remove_child_nodes privilege is present on
@@ -404,6 +397,13 @@ public final class PrivilegeRegistry imp
}
}
+ // modify_child_node_collection permission is granted through
+ // privileges on the parent
+ if ((parentPrivs & ADD_CHILD_NODES) == ADD_CHILD_NODES &&
+ (parentPrivs & REMOVE_CHILD_NODES) == REMOVE_CHILD_NODES) {
+ perm |= Permission.MODIFY_CHILD_NODE_COLLECTION;
+ }
+
// the remaining (special) permissions are simply defined on the node
if ((privs & READ_AC) == READ_AC) {
perm |= Permission.READ_AC;
Modified: jackrabbit/branches/2.4/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/acl/WriteTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/branches/2.4/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/acl/WriteTest.java?rev=1365175&r1=1365174&r2=1365175&view=diff
==============================================================================
--- jackrabbit/branches/2.4/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/acl/WriteTest.java (original)
+++ jackrabbit/branches/2.4/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/acl/WriteTest.java Tue Jul 24 17:14:40 2012
@@ -26,6 +26,7 @@ import org.apache.jackrabbit.core.securi
import org.apache.jackrabbit.core.security.principal.EveryonePrincipal;
import org.apache.jackrabbit.core.security.TestPrincipal;
import org.apache.jackrabbit.test.NotExecutableException;
+import org.apache.jackrabbit.util.Text;
import javax.jcr.AccessDeniedException;
import javax.jcr.Node;
@@ -530,4 +531,26 @@ public class WriteTest extends AbstractW
superuser.save();
}
}
+
+ public void testReorderPolicyNode() throws RepositoryException, NotExecutableException {
+ Session testSession = getTestSession();
+ Node n = testSession.getNode(path);
+ try {
+ if (!n.getPrimaryNodeType().hasOrderableChildNodes()) {
+ throw new NotExecutableException("Reordering child nodes is not supported..");
+ }
+
+ n.orderBefore(Text.getName(childNPath), Text.getName(childNPath2));
+ testSession.save();
+ fail("test session must not be allowed to reorder nodes.");
+ } catch (AccessDeniedException e) {
+ // success.
+ }
+
+ // grant all privileges
+ givePrivileges(path, privilegesFromNames(new String[] {Privilege.JCR_ALL}), getRestrictions(superuser, path));
+
+ n.orderBefore("rep:policy", Text.getName(childNPath2));
+ testSession.save();
+ }
}
\ No newline at end of file