You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@sling.apache.org by bd...@apache.org on 2017/12/21 14:28:08 UTC
[sling-org-apache-sling-jcr-repoinit] branch master updated
(07b5e56 -> 87994dd)
This is an automated email from the ASF dual-hosted git repository.
bdelacretaz pushed a change to branch master
in repository https://gitbox.apache.org/repos/asf/sling-org-apache-sling-jcr-repoinit.git.
from 07b5e56 SLING-7213 - Add a default .gitignore file to every module
new 11df41f SLING-7280 - use latest versions of test dependencies
new 87994dd SLING-7280 - implement support for empty rep:glob restriction
The 2 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "add" were already present in the repository and have only
been added to this reference.
Summary of changes:
pom.xml | 15 +++---
.../apache/sling/jcr/repoinit/impl/AclUtil.java | 6 ++-
.../apache/sling/jcr/repoinit/GeneralAclTest.java | 60 +++++++++++++++++++---
3 files changed, 66 insertions(+), 15 deletions(-)
--
To stop receiving notification emails like this one, please contact
['"commits@sling.apache.org" <co...@sling.apache.org>'].
[sling-org-apache-sling-jcr-repoinit] 01/02: SLING-7280 - use
latest versions of test dependencies
Posted by bd...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
bdelacretaz pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/sling-org-apache-sling-jcr-repoinit.git
commit 11df41ff27f18cbe67ea9acf4d3cf9bab4a87d55
Author: Bertrand Delacretaz <bd...@apache.org>
AuthorDate: Thu Dec 21 15:26:04 2017 +0100
SLING-7280 - use latest versions of test dependencies
---
pom.xml | 15 ++++++++-------
1 file changed, 8 insertions(+), 7 deletions(-)
diff --git a/pom.xml b/pom.xml
index f07ae6f..ab58a35 100644
--- a/pom.xml
+++ b/pom.xml
@@ -37,7 +37,8 @@
</description>
<properties>
- <jackrabbit.version>2.10.0</jackrabbit.version>
+ <jackrabbit.version>2.17.0</jackrabbit.version>
+ <oak.version>1.7.12</oak.version>
</properties>
<scm>
@@ -90,19 +91,19 @@
<dependency>
<groupId>org.apache.sling</groupId>
<artifactId>org.apache.sling.testing.osgi-mock</artifactId>
- <version>2.1.0</version>
+ <version>2.3.6</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.apache.sling</groupId>
<artifactId>org.apache.sling.testing.jcr-mock</artifactId>
- <version>1.1.16</version>
+ <version>1.3.2</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.apache.sling</groupId>
<artifactId>org.apache.sling.testing.sling-mock</artifactId>
- <version>2.1.2</version>
+ <version>2.2.14</version>
<scope>test</scope>
</dependency>
<dependency>
@@ -169,13 +170,13 @@
<dependency>
<groupId>org.apache.jackrabbit</groupId>
<artifactId>oak-core</artifactId>
- <version>1.0.0</version>
+ <version>${oak.version}</version>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>org.apache.sling</groupId>
<artifactId>org.apache.sling.provisioning.model</artifactId>
- <version>1.8.0</version>
+ <version>1.8.4</version>
<scope>provided</scope>
</dependency>
<dependency>
@@ -186,7 +187,7 @@
<dependency>
<groupId>org.apache.sling</groupId>
<artifactId>org.apache.sling.commons.testing</artifactId>
- <version>2.1.0</version>
+ <version>2.1.2</version>
<scope>test</scope>
</dependency>
</dependencies>
--
To stop receiving notification emails like this one, please contact
"commits@sling.apache.org" <co...@sling.apache.org>.
[sling-org-apache-sling-jcr-repoinit] 02/02: SLING-7280 - implement
support for empty rep:glob restriction
Posted by bd...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
bdelacretaz pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/sling-org-apache-sling-jcr-repoinit.git
commit 87994dd2f090591012721d79eb00727f7a2ba4b6
Author: Bertrand Delacretaz <bd...@apache.org>
AuthorDate: Thu Dec 21 15:26:42 2017 +0100
SLING-7280 - implement support for empty rep:glob restriction
---
.../apache/sling/jcr/repoinit/impl/AclUtil.java | 6 ++-
.../apache/sling/jcr/repoinit/GeneralAclTest.java | 60 +++++++++++++++++++---
2 files changed, 58 insertions(+), 8 deletions(-)
diff --git a/src/main/java/org/apache/sling/jcr/repoinit/impl/AclUtil.java b/src/main/java/org/apache/sling/jcr/repoinit/impl/AclUtil.java
index 7cdd6eb..01c5d80 100644
--- a/src/main/java/org/apache/sling/jcr/repoinit/impl/AclUtil.java
+++ b/src/main/java/org/apache/sling/jcr/repoinit/impl/AclUtil.java
@@ -81,7 +81,11 @@ public class AclUtil {
values[i] = vf.createValue(rc.getValues().get(i),type);
}
- if(values.length == 1) {
+ if("rep:glob".equals(restrictionName) && values.length == 0) {
+ // SLING-7280 - special case for rep:glob which supports an empty string
+ // to mean "no values"
+ restrictions.put(restrictionName, vf.createValue(""));
+ } else if(values.length == 1) {
restrictions.put(restrictionName, values[0]);
} else {
mvrestrictions.put(restrictionName, values);
diff --git a/src/test/java/org/apache/sling/jcr/repoinit/GeneralAclTest.java b/src/test/java/org/apache/sling/jcr/repoinit/GeneralAclTest.java
index 1152a67..92ebdfb 100644
--- a/src/test/java/org/apache/sling/jcr/repoinit/GeneralAclTest.java
+++ b/src/test/java/org/apache/sling/jcr/repoinit/GeneralAclTest.java
@@ -310,19 +310,33 @@ public class GeneralAclTest {
* @param successExpected
* @throws RepositoryException
*/
- private void verifyAddProperty(Session userSession,String nodeName,String propertyName,boolean successExpected) throws RepositoryException{
+ private void verifyAddProperty(Session userSession,String relativePath,String propertyName,boolean successExpected) throws RepositoryException{
try {
- Node rootNode = userSession.getRootNode();
- Node node = rootNode.getNode(nodeName);
- node.setProperty(propertyName,"test");
+ final Node n = userSession.getNode("/" + relativePath);
+ n.setProperty(propertyName,"test");
userSession.save();
- assertTrue(successExpected);
- } catch(Exception e) {
+ assertTrue("Expected setProperty " + propertyName + " to fail on " + relativePath, successExpected);
+ } catch(RepositoryException e) {
userSession.refresh(false); // remove changes causing failure
- assertTrue("Error " + e.getMessage(), !successExpected);
+ assertFalse(
+ "Expected setProperty " + propertyName + " to to succeed on " + relativePath + " but got " + e.getMessage(),
+ successExpected);
}
}
+ /**
+ * Verifies that a node is readable
+ */
+ private void verifyCanRead(Session userSession, String relativePath, boolean successExpected) {
+ final String path = "/" + relativePath;
+ Node n = null;
+ try {
+ n = userSession.getNode(path);
+ assertTrue("Not expecting " + path + " to be readable but it was successfully read", successExpected);
+ } catch(RepositoryException notReadable) {
+ assertFalse("Expecting " + path + " to be readable but could not read it", successExpected);
+ }
+ }
/**
* Verifies that ACEs for existing principal are replaced
@@ -666,5 +680,37 @@ public class GeneralAclTest {
U.parseAndExecute(aclSetup);
}
+ /**
+ * Tests empty rep:glob restriction which actually does something useful
+ * @throws Exception
+ */
+ @Test
+ public void emptyGlobRestrictionTest() throws Exception {
+ final String parentName = "empty_glob_" + U.id;
+ final String childName = "child";
+ final String childPath = parentName + "/" + childName;
+ try {
+ U.adminSession.getRootNode().addNode(parentName).addNode(childName);
+ U.adminSession.save();
+
+ // Allow for reading the parent node but not its children with an empty glob restriction
+ // as per https://jackrabbit.apache.org/oak/docs/security/authorization/restriction.html
+ final String aclSetup =
+ "set ACL for " + U.username + "\n"
+ + "deny jcr:read on /\n"
+ + "allow jcr:read on /" + parentName + " restriction (rep:glob)\n"
+ + "end"
+ ;
+
+ U.parseAndExecute(aclSetup);
+
+ // Verify read access with a non-admin session opened with U.username
+ verifyCanRead(s, parentName, true);
+ verifyCanRead(s, childPath, false);
+
+ } finally {
+ s.logout();
+ }
+ }
}
--
To stop receiving notification emails like this one, please contact
"commits@sling.apache.org" <co...@sling.apache.org>.