You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@sling.apache.org by bd...@apache.org on 2017/06/06 14:58:45 UTC
svn commit: r1797793 - in /sling/trunk/bundles/jcr/repoinit/src:
main/java/org/apache/sling/jcr/repoinit/impl/AclUtil.java
test/java/org/apache/sling/jcr/repoinit/impl/AclUtilTest.java
Author: bdelacretaz
Date: Tue Jun 6 14:58:45 2017
New Revision: 1797793
URL: http://svn.apache.org/viewvc?rev=1797793&view=rev
Log:
SLING-6867 - take aggregate privileges into account in AclUtil.contains - contributed by Nitin Nizhawan, thanks!
Modified:
sling/trunk/bundles/jcr/repoinit/src/main/java/org/apache/sling/jcr/repoinit/impl/AclUtil.java
sling/trunk/bundles/jcr/repoinit/src/test/java/org/apache/sling/jcr/repoinit/impl/AclUtilTest.java
Modified: sling/trunk/bundles/jcr/repoinit/src/main/java/org/apache/sling/jcr/repoinit/impl/AclUtil.java
URL: http://svn.apache.org/viewvc/sling/trunk/bundles/jcr/repoinit/src/main/java/org/apache/sling/jcr/repoinit/impl/AclUtil.java?rev=1797793&r1=1797792&r2=1797793&view=diff
==============================================================================
--- sling/trunk/bundles/jcr/repoinit/src/main/java/org/apache/sling/jcr/repoinit/impl/AclUtil.java (original)
+++ sling/trunk/bundles/jcr/repoinit/src/main/java/org/apache/sling/jcr/repoinit/impl/AclUtil.java Tue Jun 6 14:58:45 2017
@@ -136,14 +136,26 @@ public class AclUtil {
( other.getRestrictionNames() == null ||
other.getRestrictionNames().length == 0 );
}
-
+ private Set<Privilege> expandPrivileges(Privilege[] privileges){
+ Set<Privilege> expandedSet = new HashSet<>();
+
+ if(privileges != null){
+ for(Privilege privilege : privileges){
+ if(privilege.isAggregate()){
+ expandedSet.addAll(Arrays.asList(privilege.getAggregatePrivileges()));
+ } else {
+ expandedSet.add(privilege);
+ }
+ }
+ }
+
+ return expandedSet;
+ }
private boolean contains(Privilege[] first, Privilege[] second) {
// we need to ensure that the privilege order is not taken into account, so we use sets
- Set<Privilege> set1 = new HashSet<Privilege>();
- set1.addAll(Arrays.asList(first));
+ Set<Privilege> set1 = expandPrivileges(first);
- Set<Privilege> set2 = new HashSet<Privilege>();
- set2.addAll(Arrays.asList(second));
+ Set<Privilege> set2 = expandPrivileges(second);
return set1.containsAll(set2);
}
Modified: sling/trunk/bundles/jcr/repoinit/src/test/java/org/apache/sling/jcr/repoinit/impl/AclUtilTest.java
URL: http://svn.apache.org/viewvc/sling/trunk/bundles/jcr/repoinit/src/test/java/org/apache/sling/jcr/repoinit/impl/AclUtilTest.java?rev=1797793&r1=1797792&r2=1797793&view=diff
==============================================================================
--- sling/trunk/bundles/jcr/repoinit/src/test/java/org/apache/sling/jcr/repoinit/impl/AclUtilTest.java (original)
+++ sling/trunk/bundles/jcr/repoinit/src/test/java/org/apache/sling/jcr/repoinit/impl/AclUtilTest.java Tue Jun 6 14:58:45 2017
@@ -71,6 +71,32 @@ public class AclUtilTest {
assertIsContained(acl, U.username, new String[]{ Privilege.JCR_READ, Privilege.JCR_WRITE }, true);
}
+
+ @Test
+ public void testDeclaredAggregatePrivilegesAreContained() throws Exception {
+ String [] privileges = new String[]{
+ //JCR_READ
+ "rep:readNodes","rep:readProperties",
+ // JCR_WRITE
+ Privilege.JCR_ADD_CHILD_NODES,Privilege.JCR_MODIFY_PROPERTIES,
+ Privilege.JCR_REMOVE_CHILD_NODES, Privilege.JCR_REMOVE_NODE
+ };
+ assertIsContained(acl, U.username, privileges, true);
+ }
+
+ @Test
+ public void testAllAggregatePrivilegesAreContained() throws Exception {
+ String [] privileges = new String[]{
+ //JCR_READ
+ "rep:readNodes","rep:readProperties",
+ // JCR_WRITE
+ Privilege.JCR_ADD_CHILD_NODES,"rep:addProperties",
+ "rep:alterProperties","rep:removeProperties",
+ Privilege.JCR_REMOVE_CHILD_NODES, Privilege.JCR_REMOVE_NODE
+ };
+ assertIsContained(acl, U.username, privileges, true);
+ }
+
@Test
public void entryWithFewerPrivilegesIsContained() throws Exception {
@@ -86,11 +112,11 @@ public class AclUtilTest {
}
@Test
- public void entryWithPartiallyMatchingPrivilegesIsNotContained() throws Exception {
+ public void entryWithPartiallyMatchingPrivilegesIsContained() throws Exception {
// validates that an exact match of the username and isAllow but with privileges partially overlapping is contained
// existing: JCR_READ, JCR_WRITE
// new: JCR_READ, JCR_MODIFY_PROPERTIES
- assertIsNotContained(acl, U.username, new String[]{ Privilege.JCR_READ, Privilege.JCR_MODIFY_PROPERTIES }, true);
+ assertIsContained(acl, U.username, new String[]{Privilege.JCR_READ, Privilege.JCR_MODIFY_PROPERTIES }, true);
}
@Test