You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@jackrabbit.apache.org by an...@apache.org on 2011/09/21 10:50:42 UTC

svn commit: r1173528 - in /jackrabbit/trunk/jackrabbit-core/src: main/java/org/apache/jackrabbit/core/security/user/ImpersonationImpl.java test/java/org/apache/jackrabbit/core/security/user/ImpersonationImplTest.java

Author: angela
Date: Wed Sep 21 08:50:42 2011
New Revision: 1173528

URL: http://svn.apache.org/viewvc?rev=1173528&view=rev
Log:
JCR-3072 - System session should be able to impersonate other users [reverting changes made as issues scope did change]

Modified:
    jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/ImpersonationImpl.java
    jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/ImpersonationImplTest.java

Modified: jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/ImpersonationImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/ImpersonationImpl.java?rev=1173528&r1=1173527&r2=1173528&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/ImpersonationImpl.java (original)
+++ jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/ImpersonationImpl.java Wed Sep 21 08:50:42 2011
@@ -31,7 +31,6 @@ import org.apache.jackrabbit.api.securit
 import org.apache.jackrabbit.api.security.user.Impersonation;
 import org.apache.jackrabbit.core.NodeImpl;
 import org.apache.jackrabbit.core.PropertyImpl;
-import org.apache.jackrabbit.core.security.SystemPrincipal;
 import org.apache.jackrabbit.core.security.principal.PrincipalImpl;
 import org.apache.jackrabbit.core.security.principal.PrincipalIteratorAdapter;
 import org.apache.jackrabbit.value.StringValue;
@@ -139,23 +138,24 @@ class ImpersonationImpl implements Imper
             principalNames.add(p.getName());
         }
 
+        boolean allows;
         Set<String> impersonators = getImpersonatorNames();
-        if (impersonators.removeAll(principalNames)) {
-            return true;
-        } else {
-            // check if subject belongs to an administrator or the system
+        allows = impersonators.removeAll(principalNames);
+
+        if (!allows) {
+            // check if subject belongs to administrator user
             for (Principal p : subject.getPrincipals()) {
-                if (p instanceof SystemPrincipal) { 
-                    return true;
-                } else if (!(p instanceof Group)) {
-                    Authorizable a = userManager.getAuthorizable(p);
-                    if (a != null && userManager.isAdminId(a.getID())) {
-                        return true;
-                    }
+                if (p instanceof Group) {
+                    continue;
+                }
+                Authorizable a = userManager.getAuthorizable(p);
+                if (a != null && userManager.isAdminId(a.getID())) {
+                    allows = true;
+                    break;
                 }
             }
         }
-        return false;
+        return allows;
     }
 
     //------------------------------------------------------------< private >---

Modified: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/ImpersonationImplTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/ImpersonationImplTest.java?rev=1173528&r1=1173527&r2=1173528&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/ImpersonationImplTest.java (original)
+++ jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/ImpersonationImplTest.java Wed Sep 21 08:50:42 2011
@@ -155,13 +155,13 @@ public class ImpersonationImplTest exten
         Principal systemPrincipal = new SystemPrincipal();
         assertNull(userMgr.getAuthorizable(systemPrincipal));
 
-        // system cannot be add/remove to set of impersonators of 'u' but
-        // it should be allowed to impersonate a given user...
+        // system cannot be add/remove to set of impersonators of 'u' nor
+        // should it be allowed to impersonate a given user...
         User u = (User) userMgr.getAuthorizable(uID);
         Impersonation impersonation = u.getImpersonation();
 
         assertFalse(impersonation.grantImpersonation(systemPrincipal));
         assertFalse(impersonation.revokeImpersonation(systemPrincipal));
-        assertTrue(impersonation.allows(buildSubject(systemPrincipal)));
+        assertFalse(impersonation.allows(buildSubject(systemPrincipal)));
     }
 }
\ No newline at end of file