You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@sling.apache.org by bd...@apache.org on 2017/06/06 14:58:45 UTC

svn commit: r1797793 - in /sling/trunk/bundles/jcr/repoinit/src: main/java/org/apache/sling/jcr/repoinit/impl/AclUtil.java test/java/org/apache/sling/jcr/repoinit/impl/AclUtilTest.java

Author: bdelacretaz
Date: Tue Jun  6 14:58:45 2017
New Revision: 1797793

URL: http://svn.apache.org/viewvc?rev=1797793&view=rev
Log:
SLING-6867 - take aggregate privileges into account in AclUtil.contains - contributed by Nitin Nizhawan, thanks!

Modified:
    sling/trunk/bundles/jcr/repoinit/src/main/java/org/apache/sling/jcr/repoinit/impl/AclUtil.java
    sling/trunk/bundles/jcr/repoinit/src/test/java/org/apache/sling/jcr/repoinit/impl/AclUtilTest.java

Modified: sling/trunk/bundles/jcr/repoinit/src/main/java/org/apache/sling/jcr/repoinit/impl/AclUtil.java
URL: http://svn.apache.org/viewvc/sling/trunk/bundles/jcr/repoinit/src/main/java/org/apache/sling/jcr/repoinit/impl/AclUtil.java?rev=1797793&r1=1797792&r2=1797793&view=diff
==============================================================================
--- sling/trunk/bundles/jcr/repoinit/src/main/java/org/apache/sling/jcr/repoinit/impl/AclUtil.java (original)
+++ sling/trunk/bundles/jcr/repoinit/src/main/java/org/apache/sling/jcr/repoinit/impl/AclUtil.java Tue Jun  6 14:58:45 2017
@@ -136,14 +136,26 @@ public class AclUtil {
                     ( other.getRestrictionNames() == null || 
                         other.getRestrictionNames().length == 0 );
         }
-        
+        private Set<Privilege> expandPrivileges(Privilege[] privileges){
+            Set<Privilege> expandedSet = new HashSet<>();
+
+            if(privileges != null){
+                for(Privilege privilege : privileges){
+                    if(privilege.isAggregate()){
+                        expandedSet.addAll(Arrays.asList(privilege.getAggregatePrivileges()));
+                    } else {
+                        expandedSet.add(privilege);
+                    }
+                }
+            }
+
+            return expandedSet;
+        }
         private boolean contains(Privilege[] first, Privilege[] second) {
             // we need to ensure that the privilege order is not taken into account, so we use sets
-            Set<Privilege> set1 = new HashSet<Privilege>();
-            set1.addAll(Arrays.asList(first));
+            Set<Privilege> set1 = expandPrivileges(first);
             
-            Set<Privilege> set2 = new HashSet<Privilege>();
-            set2.addAll(Arrays.asList(second));
+            Set<Privilege> set2 = expandPrivileges(second);
             
             return set1.containsAll(set2);
         }

Modified: sling/trunk/bundles/jcr/repoinit/src/test/java/org/apache/sling/jcr/repoinit/impl/AclUtilTest.java
URL: http://svn.apache.org/viewvc/sling/trunk/bundles/jcr/repoinit/src/test/java/org/apache/sling/jcr/repoinit/impl/AclUtilTest.java?rev=1797793&r1=1797792&r2=1797793&view=diff
==============================================================================
--- sling/trunk/bundles/jcr/repoinit/src/test/java/org/apache/sling/jcr/repoinit/impl/AclUtilTest.java (original)
+++ sling/trunk/bundles/jcr/repoinit/src/test/java/org/apache/sling/jcr/repoinit/impl/AclUtilTest.java Tue Jun  6 14:58:45 2017
@@ -71,6 +71,32 @@ public class AclUtilTest {
         
         assertIsContained(acl, U.username, new String[]{ Privilege.JCR_READ, Privilege.JCR_WRITE }, true);
     }
+
+    @Test
+    public void testDeclaredAggregatePrivilegesAreContained() throws Exception {
+        String [] privileges = new String[]{
+          //JCR_READ
+                "rep:readNodes","rep:readProperties",
+          // JCR_WRITE
+                Privilege.JCR_ADD_CHILD_NODES,Privilege.JCR_MODIFY_PROPERTIES,
+                Privilege.JCR_REMOVE_CHILD_NODES, Privilege.JCR_REMOVE_NODE
+        };
+        assertIsContained(acl, U.username, privileges, true);
+    }
+
+    @Test
+    public void testAllAggregatePrivilegesAreContained() throws Exception {
+        String [] privileges = new String[]{
+                //JCR_READ
+                "rep:readNodes","rep:readProperties",
+                // JCR_WRITE
+                Privilege.JCR_ADD_CHILD_NODES,"rep:addProperties",
+                "rep:alterProperties","rep:removeProperties",
+                Privilege.JCR_REMOVE_CHILD_NODES, Privilege.JCR_REMOVE_NODE
+        };
+        assertIsContained(acl, U.username, privileges, true);
+    }
+
     
     @Test
     public void entryWithFewerPrivilegesIsContained() throws Exception {
@@ -86,11 +112,11 @@ public class AclUtilTest {
     }
     
     @Test
-    public void entryWithPartiallyMatchingPrivilegesIsNotContained() throws Exception {
+    public void entryWithPartiallyMatchingPrivilegesIsContained() throws Exception {
         // validates that an exact match of the username and isAllow but with privileges partially overlapping is contained
         // existing: JCR_READ, JCR_WRITE 
         // new: JCR_READ, JCR_MODIFY_PROPERTIES
-        assertIsNotContained(acl, U.username, new String[]{ Privilege.JCR_READ, Privilege.JCR_MODIFY_PROPERTIES }, true);
+        assertIsContained(acl, U.username, new String[]{Privilege.JCR_READ, Privilege.JCR_MODIFY_PROPERTIES }, true);
     }    
     
     @Test