You are viewing a plain text version of this content. The canonical link for it is here.
Posted to oak-commits@jackrabbit.apache.org by an...@apache.org on 2013/05/16 13:05:54 UTC
svn commit: r1483296 - in /jackrabbit/oak/trunk:
oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/
oak-jcr/
oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/authorization/
Author: angela
Date: Thu May 16 11:05:53 2013
New Revision: 1483296
URL: http://svn.apache.org/r1483296
Log:
OAK-51 : Access Control Management (backwards compatible import that removes existing entries)
Modified:
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlImporter.java
jackrabbit/oak/trunk/oak-jcr/pom.xml
jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/authorization/AccessControlImporterTest.java
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlImporter.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlImporter.java?rev=1483296&r1=1483295&r2=1483296&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlImporter.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlImporter.java Thu May 16 11:05:53 2013
@@ -27,6 +27,7 @@ import javax.jcr.RepositoryException;
import javax.jcr.Session;
import javax.jcr.Value;
import javax.jcr.nodetype.ConstraintViolationException;
+import javax.jcr.security.AccessControlEntry;
import javax.jcr.security.AccessControlManager;
import javax.jcr.security.AccessControlPolicy;
import javax.jcr.security.Privilege;
@@ -192,19 +193,27 @@ class AccessControlImporter implements P
private JackrabbitAccessControlList getACL(Tree tree) throws RepositoryException {
String nodeName = tree.getName();
+ JackrabbitAccessControlList acl = null;
if (!tree.isRoot()) {
Tree parent = tree.getParent();
if (AccessControlConstants.REP_POLICY.equals(nodeName)
&& ntMgr.isNodeType(tree, AccessControlConstants.NT_REP_ACL)) {
- return getACL(parent.getPath());
+ acl = getACL(parent.getPath());
} else if (AccessControlConstants.REP_REPO_POLICY.equals(nodeName)
&& ntMgr.isNodeType(tree, AccessControlConstants.NT_REP_ACL)
&& parent.isRoot()) {
- return getACL((String) null);
+ acl = getACL((String) null);
+ }
+ }
+
+ if (acl != null) {
+ // clear all existing entries
+ for (AccessControlEntry ace: acl.getAccessControlEntries()) {
+ acl.removeAccessControlEntry(ace);
}
}
- return null;
+ return acl;
}
@CheckForNull
Modified: jackrabbit/oak/trunk/oak-jcr/pom.xml
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-jcr/pom.xml?rev=1483296&r1=1483295&r2=1483296&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-jcr/pom.xml (original)
+++ jackrabbit/oak/trunk/oak-jcr/pom.xml Thu May 16 11:05:53 2013
@@ -290,8 +290,6 @@
org.apache.jackrabbit.oak.jcr.security.authorization.WriteTest#testRemove7 <!-- OAK-781 -->
org.apache.jackrabbit.oak.jcr.security.authorization.WriteTest#testRemoveIfReadingParentIsDenied <!-- OAK-813 -->
- org.apache.jackrabbit.oak.jcr.security.authorization.AccessControlImporterTest#testImportACLRemoveACE <!-- OAK-414 -->
- org.apache.jackrabbit.oak.jcr.security.authorization.AccessControlImporterTest#testImportACLUnknown <!-- OAK-414 -->
org.apache.jackrabbit.oak.jcr.security.authorization.AccessControlImporterTest#testImportPolicyExists <!-- OAK-414 -->
org.apache.jackrabbit.oak.jcr.security.authorization.AccessControlManagementTest#testRemoveMixin <!-- OAK-767 -->
Modified: jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/authorization/AccessControlImporterTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/authorization/AccessControlImporterTest.java?rev=1483296&r1=1483295&r2=1483296&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/authorization/AccessControlImporterTest.java (original)
+++ jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/authorization/AccessControlImporterTest.java Thu May 16 11:05:53 2013
@@ -237,11 +237,6 @@ public class AccessControlImporterTest e
}
}
- /**
- * Imports a resource-based ACL containing a single entry.
- *
- * @throws Exception
- */
public void testImportACLOnly() throws Exception {
try {
Node target = testRootNode.addNode(nodeName1);
@@ -278,12 +273,6 @@ public class AccessControlImporterTest e
}
}
- /**
- * Imports a resource-based ACL containing a single entry.
- *
- * @throws Exception
- */
- @Ignore("OAK-414") // FIXME
public void testImportACLRemoveACE() throws Exception {
try {
Node target = testRootNode.addNode(nodeName1);
@@ -301,7 +290,6 @@ public class AccessControlImporterTest e
assertTrue(policies[0] instanceof JackrabbitAccessControlList);
AccessControlEntry[] entries = ((JackrabbitAccessControlList) policies[0]).getAccessControlEntries();
- //FIXME assert fails
assertEquals(1, entries.length);
AccessControlEntry entry = entries[0];
@@ -317,18 +305,11 @@ public class AccessControlImporterTest e
}
}
- /**
- * Imports a resource-based ACL containing a single entry.
- *
- * @throws Exception
- */
- @Ignore("OAK-414") // FIXME
public void testImportACLUnknown() throws Exception {
try {
Node target = testRootNode.addNode(nodeName1);
target.addMixin("rep:AccessControllable");
- //FIXME import fails
doImport(target.getPath(), XML_POLICY_TREE_4);
String path = target.getPath();