You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@sling.apache.org by je...@apache.org on 2019/02/19 15:03:36 UTC
[sling-org-apache-sling-jcr-contentloader] branch SLING-8243
updated: re-enabled access control implementations
This is an automated email from the ASF dual-hosted git repository.
jeb pushed a commit to branch SLING-8243
in repository https://gitbox.apache.org/repos/asf/sling-org-apache-sling-jcr-contentloader.git
The following commit(s) were added to refs/heads/SLING-8243 by this push:
new 2f844ab re-enabled access control implementations
2f844ab is described below
commit 2f844abf70528b2e40ef92136990a5d76af07598
Author: JE Bailey <ja...@sas.com>
AuthorDate: Tue Feb 19 10:00:24 2019 -0500
re-enabled access control implementations
---
pom.xml | 2 +-
.../internal/DefaultContentCreator.java | 9 +-
.../it/SLING7268InitialContentIT.java | 204 +++++++++++----------
.../it/SLING8118InitialContentIT.java | 1 +
4 files changed, 110 insertions(+), 106 deletions(-)
diff --git a/pom.xml b/pom.xml
index e4de9f0..fed2ca1 100644
--- a/pom.xml
+++ b/pom.xml
@@ -158,7 +158,7 @@
<!-- for security content loader (users/groups/acls) -->
<groupId>org.apache.sling</groupId>
<artifactId>org.apache.sling.jcr.base</artifactId>
- <version>3.0.0</version>
+ <version>3.0.6</version>
<scope>provided</scope>
</dependency>
<dependency>
diff --git a/src/main/java/org/apache/sling/jcr/contentloader/internal/DefaultContentCreator.java b/src/main/java/org/apache/sling/jcr/contentloader/internal/DefaultContentCreator.java
index d79e541..8863f8e 100644
--- a/src/main/java/org/apache/sling/jcr/contentloader/internal/DefaultContentCreator.java
+++ b/src/main/java/org/apache/sling/jcr/contentloader/internal/DefaultContentCreator.java
@@ -883,11 +883,10 @@ public class DefaultContentCreator implements ContentCreator {
String resourcePath = parentNode.getPath();
if ((grantedPrivilegeNames != null) || (deniedPrivilegeNames != null)) {
- // TODO: Disabled in SAS version due to incompatible dependency
- // AccessControlUtil.replaceAccessControlEntry(session, resourcePath, principal,
- // grantedPrivilegeNames,
- // deniedPrivilegeNames, null, order, restrictions, mvRestrictions,
- // removedRestrictionNames);
+ AccessControlUtil.replaceAccessControlEntry(session, resourcePath, principal,
+ grantedPrivilegeNames,
+ deniedPrivilegeNames, null, order, restrictions, mvRestrictions,
+ removedRestrictionNames);
}
}
diff --git a/src/test/java/org/apache/sling/jcr/contentloader/it/SLING7268InitialContentIT.java b/src/test/java/org/apache/sling/jcr/contentloader/it/SLING7268InitialContentIT.java
index 64d43dc..7823611 100644
--- a/src/test/java/org/apache/sling/jcr/contentloader/it/SLING7268InitialContentIT.java
+++ b/src/test/java/org/apache/sling/jcr/contentloader/it/SLING7268InitialContentIT.java
@@ -50,109 +50,113 @@ import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertNotNull;
import static org.junit.Assert.assertTrue;
-/** test of a bundle that provides initial content that creates a user/group and defines an ace
- * for those principals within the same transaction
+/**
+ * test of a bundle that provides initial content that creates a user/group and
+ * defines an ace for those principals within the same transaction
*/
@RunWith(PaxExam.class)
@ExamReactorStrategy(PerClass.class)
public class SLING7268InitialContentIT extends ContentloaderTestSupport {
- protected TinyBundle setupTestBundle(TinyBundle b) throws IOException {
- b.set(SLING_INITIAL_CONTENT_HEADER, DEFAULT_PATH_IN_BUNDLE + ";path:=" + contentRootPath);
- addContent(b, DEFAULT_PATH_IN_BUNDLE, "SLING-7268.json");
- return b;
- }
-
- @Test
- public void bundleStarted() {
- final Bundle b = findBundle(bundleSymbolicName);
- assertNotNull("Expecting bundle to be found:" + bundleSymbolicName, b);
- assertEquals("Expecting bundle to be active:" + bundleSymbolicName, Bundle.ACTIVE, b.getState());
- }
-
- @Test
- public void initialContentInstalled() throws RepositoryException {
- final String folderPath = contentRootPath + "/SLING-7268";
- assertTrue("Expecting initial content to be installed", session.itemExists(folderPath));
- assertEquals("folder has node type 'sling:Folder'", "sling:Folder", session.getNode(folderPath).getPrimaryNodeType().getName());
- }
-
- @Test
- public void userCreated() throws RepositoryException {
- UserManager userManager = AccessControlUtil.getUserManager(session);
- Authorizable authorizable = userManager.getAuthorizable("sling7268_user");
- assertNotNull("Expecting test user to exist", authorizable);
- }
-
- @Test
- public void groupCreated() throws RepositoryException {
- UserManager userManager = AccessControlUtil.getUserManager(session);
- Authorizable authorizable = userManager.getAuthorizable("sling7268_group");
- assertNotNull("Expecting test group to exist", authorizable);
- assertTrue(authorizable instanceof Group);
- Iterator<Authorizable> members = ((Group)authorizable).getMembers();
- assertTrue(members.hasNext());
- Authorizable firstMember = members.next();
- assertEquals("sling7268_user", firstMember.getID());
- }
-
-
- public void aceCreated() throws RepositoryException {
- final String folderPath = contentRootPath + "/SLING-7268";
- assertTrue("Expecting test folder to exist", session.itemExists(folderPath));
-
- AccessControlManager accessControlManager = AccessControlUtil.getAccessControlManager(session);
- AccessControlPolicy[] policies = accessControlManager.getPolicies(folderPath);
- List<AccessControlEntry> allEntries = new ArrayList<AccessControlEntry>();
- for (AccessControlPolicy accessControlPolicy : policies) {
- if (accessControlPolicy instanceof AccessControlList) {
- AccessControlEntry[] accessControlEntries = ((AccessControlList)accessControlPolicy).getAccessControlEntries();
- for (AccessControlEntry accessControlEntry : accessControlEntries) {
- allEntries.add(accessControlEntry);
- }
- }
- }
- assertEquals(3, allEntries.size());
- Map<String, AccessControlEntry> aceMap = new HashMap<>();
- for (AccessControlEntry accessControlEntry : allEntries) {
- aceMap.put(accessControlEntry.getPrincipal().getName(), accessControlEntry);
- }
-
- //check ACE for sling7268_user
- AccessControlEntry testUserAce = aceMap.get("sling7268_user");
- assertNotNull("Expected ACE for test user", testUserAce);
- assertEquals("sling7268_user", testUserAce.getPrincipal().getName());
- Privilege[] privileges = testUserAce.getPrivileges();
- assertNotNull(privileges);
- assertEquals(2, privileges.length);
- Set<String> privilegeNames = new HashSet<>();
- for (Privilege privilege : privileges) {
- privilegeNames.add(privilege.getName());
- }
- assertTrue("Expecting granted read privilege", privilegeNames.contains("jcr:read"));
- assertTrue("Expecting granted write privilege", privilegeNames.contains("jcr:write"));
-
- //check ACE for sling7268_group
- AccessControlEntry testGroupAce = aceMap.get("sling7268_group");
- assertNotNull("Expected ACE for test user", testGroupAce);
- assertEquals("sling7268_group", testGroupAce.getPrincipal().getName());
- privileges = testGroupAce.getPrivileges();
- assertNotNull(privileges);
- assertEquals(1, privileges.length);
- privilegeNames = new HashSet<>();
- for (Privilege privilege : privileges) {
- privilegeNames.add(privilege.getName());
- }
- assertTrue("Expecting granted modifyAccessControl privilege", privilegeNames.contains("jcr:modifyAccessControl"));
-
- //check ACE for everyone group
- AccessControlEntry everyoneAce = aceMap.get("everyone");
- assertNotNull("Expected ACE for everyone", everyoneAce);
- assertEquals("everyone", everyoneAce.getPrincipal().getName());
- privileges = everyoneAce.getPrivileges();
- assertNotNull(privileges);
- assertEquals(1, privileges.length);
-
- assertEquals("Expecting granted read privilege", "jcr:read", privileges[0].getName());
- }
+ protected TinyBundle setupTestBundle(TinyBundle b) throws IOException {
+ b.set(SLING_INITIAL_CONTENT_HEADER, DEFAULT_PATH_IN_BUNDLE + ";path:=" + contentRootPath);
+ addContent(b, DEFAULT_PATH_IN_BUNDLE, "SLING-7268.json");
+ return b;
+ }
+
+ @Test
+ public void bundleStarted() {
+ final Bundle b = findBundle(bundleSymbolicName);
+ assertNotNull("Expecting bundle to be found:" + bundleSymbolicName, b);
+ assertEquals("Expecting bundle to be active:" + bundleSymbolicName, Bundle.ACTIVE, b.getState());
+ }
+
+ @Test
+ public void initialContentInstalled() throws RepositoryException {
+ final String folderPath = contentRootPath + "/SLING-7268";
+ assertTrue("Expecting initial content to be installed", session.itemExists(folderPath));
+ assertEquals("folder has node type 'sling:Folder'", "sling:Folder",
+ session.getNode(folderPath).getPrimaryNodeType().getName());
+ }
+
+ @Test
+ public void userCreated() throws RepositoryException {
+ UserManager userManager = AccessControlUtil.getUserManager(session);
+ Authorizable authorizable = userManager.getAuthorizable("sling7268_user");
+ assertNotNull("Expecting test user to exist", authorizable);
+ }
+
+ @Test
+ public void groupCreated() throws RepositoryException {
+ UserManager userManager = AccessControlUtil.getUserManager(session);
+ Authorizable authorizable = userManager.getAuthorizable("sling7268_group");
+ assertNotNull("Expecting test group to exist", authorizable);
+ assertTrue(authorizable instanceof Group);
+ Iterator<Authorizable> members = ((Group) authorizable).getMembers();
+ assertTrue(members.hasNext());
+ Authorizable firstMember = members.next();
+ assertEquals("sling7268_user", firstMember.getID());
+ }
+
+ @Test
+ public void aceCreated() throws RepositoryException {
+ final String folderPath = contentRootPath + "/SLING-7268";
+ assertTrue("Expecting test folder to exist", session.itemExists(folderPath));
+
+ AccessControlManager accessControlManager = AccessControlUtil.getAccessControlManager(session);
+ AccessControlPolicy[] policies = accessControlManager.getPolicies(folderPath);
+ List<AccessControlEntry> allEntries = new ArrayList<AccessControlEntry>();
+ for (AccessControlPolicy accessControlPolicy : policies) {
+ if (accessControlPolicy instanceof AccessControlList) {
+ AccessControlEntry[] accessControlEntries = ((AccessControlList) accessControlPolicy)
+ .getAccessControlEntries();
+ for (AccessControlEntry accessControlEntry : accessControlEntries) {
+ allEntries.add(accessControlEntry);
+ }
+ }
+ }
+ assertEquals(3, allEntries.size());
+ Map<String, AccessControlEntry> aceMap = new HashMap<>();
+ for (AccessControlEntry accessControlEntry : allEntries) {
+ aceMap.put(accessControlEntry.getPrincipal().getName(), accessControlEntry);
+ }
+
+ // check ACE for sling7268_user
+ AccessControlEntry testUserAce = aceMap.get("sling7268_user");
+ assertNotNull("Expected ACE for test user", testUserAce);
+ assertEquals("sling7268_user", testUserAce.getPrincipal().getName());
+ Privilege[] privileges = testUserAce.getPrivileges();
+ assertNotNull(privileges);
+ assertEquals(2, privileges.length);
+ Set<String> privilegeNames = new HashSet<>();
+ for (Privilege privilege : privileges) {
+ privilegeNames.add(privilege.getName());
+ }
+ assertTrue("Expecting granted read privilege", privilegeNames.contains("jcr:read"));
+ assertTrue("Expecting granted write privilege", privilegeNames.contains("jcr:write"));
+
+ // check ACE for sling7268_group
+ AccessControlEntry testGroupAce = aceMap.get("sling7268_group");
+ assertNotNull("Expected ACE for test user", testGroupAce);
+ assertEquals("sling7268_group", testGroupAce.getPrincipal().getName());
+ privileges = testGroupAce.getPrivileges();
+ assertNotNull(privileges);
+ assertEquals(1, privileges.length);
+ privilegeNames = new HashSet<>();
+ for (Privilege privilege : privileges) {
+ privilegeNames.add(privilege.getName());
+ }
+ assertTrue("Expecting granted modifyAccessControl privilege",
+ privilegeNames.contains("jcr:modifyAccessControl"));
+
+ // check ACE for everyone group
+ AccessControlEntry everyoneAce = aceMap.get("everyone");
+ assertNotNull("Expected ACE for everyone", everyoneAce);
+ assertEquals("everyone", everyoneAce.getPrincipal().getName());
+ privileges = everyoneAce.getPrivileges();
+ assertNotNull(privileges);
+ assertEquals(1, privileges.length);
+
+ assertEquals("Expecting granted read privilege", "jcr:read", privileges[0].getName());
+ }
}
diff --git a/src/test/java/org/apache/sling/jcr/contentloader/it/SLING8118InitialContentIT.java b/src/test/java/org/apache/sling/jcr/contentloader/it/SLING8118InitialContentIT.java
index 3171ee7..21a01d9 100644
--- a/src/test/java/org/apache/sling/jcr/contentloader/it/SLING8118InitialContentIT.java
+++ b/src/test/java/org/apache/sling/jcr/contentloader/it/SLING8118InitialContentIT.java
@@ -100,6 +100,7 @@ public class SLING8118InitialContentIT extends ContentloaderTestSupport {
assertEquals("sling8118_user", firstMember.getID());
}
+ @Test
public void aceWithRestrictionsCreated() throws RepositoryException {
final String folderPath = contentRootPath + "/SLING-8118";
assertTrue("Expecting test folder to exist", session.itemExists(folderPath));