You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@jackrabbit.apache.org by ju...@apache.org on 2011/09/14 12:07:49 UTC
svn commit: r1170506 - in /jackrabbit/trunk/jackrabbit-core/src:
main/java/org/apache/jackrabbit/core/security/user/ImpersonationImpl.java
test/java/org/apache/jackrabbit/core/security/user/ImpersonationImplTest.java
Author: jukka
Date: Wed Sep 14 10:07:49 2011
New Revision: 1170506
URL: http://svn.apache.org/viewvc?rev=1170506&view=rev
Log:
JCR-3072: System session should be able to impersonate other users
Modified:
jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/ImpersonationImpl.java
jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/ImpersonationImplTest.java
Modified: jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/ImpersonationImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/ImpersonationImpl.java?rev=1170506&r1=1170505&r2=1170506&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/ImpersonationImpl.java (original)
+++ jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/ImpersonationImpl.java Wed Sep 14 10:07:49 2011
@@ -31,6 +31,7 @@ import org.apache.jackrabbit.api.securit
import org.apache.jackrabbit.api.security.user.Impersonation;
import org.apache.jackrabbit.core.NodeImpl;
import org.apache.jackrabbit.core.PropertyImpl;
+import org.apache.jackrabbit.core.security.SystemPrincipal;
import org.apache.jackrabbit.core.security.principal.PrincipalImpl;
import org.apache.jackrabbit.core.security.principal.PrincipalIteratorAdapter;
import org.apache.jackrabbit.value.StringValue;
@@ -138,24 +139,23 @@ class ImpersonationImpl implements Imper
principalNames.add(p.getName());
}
- boolean allows;
Set<String> impersonators = getImpersonatorNames();
- allows = impersonators.removeAll(principalNames);
-
- if (!allows) {
- // check if subject belongs to administrator user
+ if (impersonators.removeAll(principalNames)) {
+ return true;
+ } else {
+ // check if subject belongs to an administrator or the system
for (Principal p : subject.getPrincipals()) {
- if (p instanceof Group) {
- continue;
- }
- Authorizable a = userManager.getAuthorizable(p);
- if (a != null && userManager.isAdminId(a.getID())) {
- allows = true;
- break;
+ if (p instanceof SystemPrincipal) {
+ return true;
+ } else if (!(p instanceof Group)) {
+ Authorizable a = userManager.getAuthorizable(p);
+ if (a != null && userManager.isAdminId(a.getID())) {
+ return true;
+ }
}
}
}
- return allows;
+ return false;
}
//------------------------------------------------------------< private >---
Modified: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/ImpersonationImplTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/ImpersonationImplTest.java?rev=1170506&r1=1170505&r2=1170506&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/ImpersonationImplTest.java (original)
+++ jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/ImpersonationImplTest.java Wed Sep 14 10:07:49 2011
@@ -155,13 +155,13 @@ public class ImpersonationImplTest exten
Principal systemPrincipal = new SystemPrincipal();
assertNull(userMgr.getAuthorizable(systemPrincipal));
- // system cannot be add/remove to set of impersonators of 'u' nor
- // should it be allowed to impersonate a given user...
+ // system cannot be add/remove to set of impersonators of 'u' but
+ // it should be allowed to impersonate a given user...
User u = (User) userMgr.getAuthorizable(uID);
Impersonation impersonation = u.getImpersonation();
assertFalse(impersonation.grantImpersonation(systemPrincipal));
assertFalse(impersonation.revokeImpersonation(systemPrincipal));
- assertFalse(impersonation.allows(buildSubject(systemPrincipal)));
+ assertTrue(impersonation.allows(buildSubject(systemPrincipal)));
}
}
\ No newline at end of file