You are viewing a plain text version of this content. The canonical link for it is here.
Posted to oak-commits@jackrabbit.apache.org by an...@apache.org on 2013/06/26 14:50:12 UTC
svn commit: r1496908 - in /jackrabbit/oak/trunk:
oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/CompiledPermissionImpl.java
oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/authorization/ReadTest.java
Author: angela
Date: Wed Jun 26 12:50:11 2013
New Revision: 1496908
URL: http://svn.apache.org/r1496908
Log:
OAK-873 : Wrong readStatus resolution when using glob restriction and write permission
Modified:
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/CompiledPermissionImpl.java
jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/authorization/ReadTest.java
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/CompiledPermissionImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/CompiledPermissionImpl.java?rev=1496908&r1=1496907&r2=1496908&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/CompiledPermissionImpl.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/CompiledPermissionImpl.java Wed Jun 26 12:50:11 2013
@@ -474,8 +474,6 @@ class CompiledPermissionImpl implements
private final Iterator<PermissionEntry> it;
- private PermissionEntry latestEntry;
-
private EntryIterator(@Nonnull Map<Key, PermissionEntry> entries,
@Nonnull final Tree tree, @Nullable final PropertyState property) {
it = Iterators.transform(
@@ -497,18 +495,8 @@ class CompiledPermissionImpl implements
@Override
public PermissionEntry next() {
- if (latestEntry != null && latestEntry.next != null) {
- // skip entries on the iterator
- while (it.hasNext()) {
- if (it.next() == latestEntry.next) {
- break;
- }
- }
- latestEntry = latestEntry.next;
- } else {
- latestEntry = it.next();
- }
- return latestEntry;
+ // FIXME: use 'next' field in permission entry to skip siblings
+ return it.next();
}
@Override
Modified: jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/authorization/ReadTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/authorization/ReadTest.java?rev=1496908&r1=1496907&r2=1496908&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/authorization/ReadTest.java (original)
+++ jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/authorization/ReadTest.java Wed Jun 26 12:50:11 2013
@@ -378,4 +378,37 @@ public class ReadTest extends AbstractEv
superuser.save();
}
}
+
+ @Test
+ public void testGlobRestriction4()throws Exception{
+ Node a = superuser.getNode(path).addNode("a");
+ allow(path, readPrivileges);
+ deny(path, readPrivileges, createGlobRestriction("*/anotherpath"));
+
+ String aPath = a.getPath();
+ assertTrue(testSession.nodeExists(aPath));
+ Node n = testSession.getNode(aPath);
+
+ Node test = testSession.getNode(path);
+ assertTrue(test.hasNode("a"));
+ Node n2 = test.getNode("a");
+ assertTrue(n.isSame(n2));
+ }
+
+ @Test
+ public void testGlobRestriction5()throws Exception{
+ Node a = superuser.getNode(path).addNode("a");
+ allow(path, readPrivileges);
+ deny(path, readPrivileges, createGlobRestriction("*/anotherpath"));
+ allow(a.getPath(), repWritePrivileges);
+
+ String aPath = a.getPath();
+ assertTrue(testSession.nodeExists(aPath));
+ Node n = testSession.getNode(aPath);
+
+ Node test = testSession.getNode(path);
+ assertTrue(test.hasNode("a"));
+ Node n2 = test.getNode("a");
+ assertTrue(n.isSame(n2));
+ }
}