You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@sling.apache.org by kw...@apache.org on 2021/04/08 11:47:11 UTC

[sling-org-apache-sling-jcr-repoinit] branch bugfix/revert-SLING-9449 created (now 1ab4555)

This is an automated email from the ASF dual-hosted git repository.

kwin pushed a change to branch bugfix/revert-SLING-9449
in repository https://gitbox.apache.org/repos/asf/sling-org-apache-sling-jcr-repoinit.git.


      at 1ab4555  SLING-10281 revert SLING-9449

This branch includes the following new commits:

     new 1ab4555  SLING-10281 revert SLING-9449

The 1 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "add" were already present in the repository and have only
been added to this reference.

[sling-org-apache-sling-jcr-repoinit] 01/01: SLING-10281 revert SLING-9449

Posted by kw...@apache.org.

This is an automated email from the ASF dual-hosted git repository.

kwin pushed a commit to branch bugfix/revert-SLING-9449
in repository https://gitbox.apache.org/repos/asf/sling-org-apache-sling-jcr-repoinit.git

commit 1ab45558af630cdb6845c331c994e6650589ebcd
Author: Konrad Windszus <kw...@apache.org>
AuthorDate: Thu Apr 8 13:47:00 2021 +0200

    SLING-10281 revert SLING-9449
    
    make repoinit throw exceptions in case principal acls can not be applied
---
 src/main/java/org/apache/sling/jcr/repoinit/impl/AclUtil.java      | 5 +----
 .../java/org/apache/sling/jcr/repoinit/PrincipalBasedAclTest.java  | 7 +++++--
 2 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/src/main/java/org/apache/sling/jcr/repoinit/impl/AclUtil.java b/src/main/java/org/apache/sling/jcr/repoinit/impl/AclUtil.java
index cde2e34..6b68c21 100644
--- a/src/main/java/org/apache/sling/jcr/repoinit/impl/AclUtil.java
+++ b/src/main/java/org/apache/sling/jcr/repoinit/impl/AclUtil.java
@@ -221,10 +221,7 @@ public class AclUtil {
                         // no PrincipalAccessControlList available: don't fail if an equivalent path-based entry with the same definition exists
                         // or if there exists no node at the effective path (unable to evaluate path-based entries).
                         LOG.info("No PrincipalAccessControlList available for principal {}", principal);
-                        if (!containsEquivalentEntry(session, effectivePath, principal, privileges, true, line.getRestrictions())) {
-                            LOG.warn("No equivalent path-based entry exists for principal {} and effective path {} ", principal.getName(), effectivePath);
-                            return;
-                        }
+                        checkState(containsEquivalentEntry(session, effectivePath, principal, privileges, true, line.getRestrictions()), "No PrincipalAccessControlList available for principal '" + principal + "'.");
                     } else {
                         final LocalRestrictions restrictions = createLocalRestrictions(line.getRestrictions(), acl, session);
                         final boolean added = acl.addEntry(effectivePath, privileges, restrictions.getRestrictions(), restrictions.getMVRestrictions());
diff --git a/src/test/java/org/apache/sling/jcr/repoinit/PrincipalBasedAclTest.java b/src/test/java/org/apache/sling/jcr/repoinit/PrincipalBasedAclTest.java
index b0a9a84..68af580 100644
--- a/src/test/java/org/apache/sling/jcr/repoinit/PrincipalBasedAclTest.java
+++ b/src/test/java/org/apache/sling/jcr/repoinit/PrincipalBasedAclTest.java
@@ -456,11 +456,12 @@ public class PrincipalBasedAclTest {
         assertEquals(2, pacl.size());
     }
 
-    @Test
+    @Test(expected = RuntimeException.class)
     public void  principalAclNotAvailable() throws Exception {
         try {
             // create service user outside of supported tree for principal-based access control
             U.parseAndExecute("create service user otherSystemPrincipal");
+            // principal-based ac-setup must fail as service user is not located below supported path
             String setup = "set principal ACL for otherSystemPrincipal \n"
                             + "allow jcr:read on " + path + "\n"
                             + "end";
@@ -470,7 +471,7 @@ public class PrincipalBasedAclTest {
         }
     }
 
-    @Test
+    @Test(expected = RuntimeException.class)
     public void  principalAclNotAvailableRestrictionMismatch() throws Exception {
         JackrabbitAccessControlManager acMgr = (JackrabbitAccessControlManager) adminSession.getAccessControlManager();
         try {
@@ -485,6 +486,8 @@ public class PrincipalBasedAclTest {
             Principal principal = adminSession.getUserManager().getAuthorizable("otherSystemPrincipal").getPrincipal();
             assertTrue(acMgr.hasPrivileges(path, Collections.singleton(principal), AccessControlUtils.privilegesFromNames(adminSession, Privilege.JCR_READ)));
 
+            // setting up principal-acl will not succeed (principal not located below supported path)
+            // since effective entry doesn't match the restriction -> setup must fail
             setup = "set principal ACL for otherSystemPrincipal \n"
                     + "allow jcr:read on " + path + " restriction(rep:glob,*mismatch)\n"
                     + "end";