You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@jackrabbit.apache.org by ju...@apache.org on 2011/09/14 12:07:49 UTC

svn commit: r1170506 - in /jackrabbit/trunk/jackrabbit-core/src: main/java/org/apache/jackrabbit/core/security/user/ImpersonationImpl.java test/java/org/apache/jackrabbit/core/security/user/ImpersonationImplTest.java

Author: jukka
Date: Wed Sep 14 10:07:49 2011
New Revision: 1170506

URL: http://svn.apache.org/viewvc?rev=1170506&view=rev
Log:
JCR-3072: System session should be able to impersonate other users

Modified:
    jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/ImpersonationImpl.java
    jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/ImpersonationImplTest.java

Modified: jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/ImpersonationImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/ImpersonationImpl.java?rev=1170506&r1=1170505&r2=1170506&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/ImpersonationImpl.java (original)
+++ jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/ImpersonationImpl.java Wed Sep 14 10:07:49 2011
@@ -31,6 +31,7 @@ import org.apache.jackrabbit.api.securit
 import org.apache.jackrabbit.api.security.user.Impersonation;
 import org.apache.jackrabbit.core.NodeImpl;
 import org.apache.jackrabbit.core.PropertyImpl;
+import org.apache.jackrabbit.core.security.SystemPrincipal;
 import org.apache.jackrabbit.core.security.principal.PrincipalImpl;
 import org.apache.jackrabbit.core.security.principal.PrincipalIteratorAdapter;
 import org.apache.jackrabbit.value.StringValue;
@@ -138,24 +139,23 @@ class ImpersonationImpl implements Imper
             principalNames.add(p.getName());
         }
 
-        boolean allows;
         Set<String> impersonators = getImpersonatorNames();
-        allows = impersonators.removeAll(principalNames);
-
-        if (!allows) {
-            // check if subject belongs to administrator user
+        if (impersonators.removeAll(principalNames)) {
+            return true;
+        } else {
+            // check if subject belongs to an administrator or the system
             for (Principal p : subject.getPrincipals()) {
-                if (p instanceof Group) {
-                    continue;
-                }
-                Authorizable a = userManager.getAuthorizable(p);
-                if (a != null && userManager.isAdminId(a.getID())) {
-                    allows = true;
-                    break;
+                if (p instanceof SystemPrincipal) { 
+                    return true;
+                } else if (!(p instanceof Group)) {
+                    Authorizable a = userManager.getAuthorizable(p);
+                    if (a != null && userManager.isAdminId(a.getID())) {
+                        return true;
+                    }
                 }
             }
         }
-        return allows;
+        return false;
     }
 
     //------------------------------------------------------------< private >---

Modified: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/ImpersonationImplTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/ImpersonationImplTest.java?rev=1170506&r1=1170505&r2=1170506&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/ImpersonationImplTest.java (original)
+++ jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/ImpersonationImplTest.java Wed Sep 14 10:07:49 2011
@@ -155,13 +155,13 @@ public class ImpersonationImplTest exten
         Principal systemPrincipal = new SystemPrincipal();
         assertNull(userMgr.getAuthorizable(systemPrincipal));
 
-        // system cannot be add/remove to set of impersonators of 'u' nor
-        // should it be allowed to impersonate a given user...
+        // system cannot be add/remove to set of impersonators of 'u' but
+        // it should be allowed to impersonate a given user...
         User u = (User) userMgr.getAuthorizable(uID);
         Impersonation impersonation = u.getImpersonation();
 
         assertFalse(impersonation.grantImpersonation(systemPrincipal));
         assertFalse(impersonation.revokeImpersonation(systemPrincipal));
-        assertFalse(impersonation.allows(buildSubject(systemPrincipal)));
+        assertTrue(impersonation.allows(buildSubject(systemPrincipal)));
     }
 }
\ No newline at end of file