Author: enorman Date: Tue May 3 05:29:58 2011 New Revision: 1098913 URL: http://svn.apache.org/viewvc?rev=1098913&view=rev Log: SLING-2070 Members of the UserAdmin group can not create a new user
Modified: sling/trunk/bundles/jcr/jackrabbit-usermanager/src/main/java/org/apache/sling/jackrabbit/usermanager/impl/post/CreateUserServlet.java sling/trunk/launchpad/integration-tests/src/main/java/org/apache/sling/launchpad/webapp/integrationtest/userManager/CreateUserTest.java Modified: sling/trunk/bundles/jcr/jackrabbit-usermanager/src/main/java/org/apache/sling/jackrabbit/usermanager/impl/post/CreateUserServlet.java URL: http://svn.apache.org/viewvc/sling/trunk/bundles/jcr/jackrabbit-usermanager/src/main/java/org/apache/sling/jackrabbit/usermanager/impl/post/CreateUserServlet.java?rev=1098913&r1=1098912&r2=1098913&view=diff ============================================================================== --- sling/trunk/bundles/jcr/jackrabbit-usermanager/src/main/java/org/apache/sling/jackrabbit/usermanager/impl/post/CreateUserServlet.java (original) +++ sling/trunk/bundles/jcr/jackrabbit-usermanager/src/main/java/org/apache/sling/jackrabbit/usermanager/impl/post/CreateUserServlet.java Tue May 3 05:29:58 2011 @@ -24,10 +24,12 @@ import javax.jcr.RepositoryException; import javax.jcr.Session; import org.apache.jackrabbit.api.security.user.Authorizable; +import org.apache.jackrabbit.api.security.user.Group; import org.apache.jackrabbit.api.security.user.User; import org.apache.jackrabbit.api.security.user.UserManager; import org.apache.sling.api.SlingHttpServletRequest; import org.apache.sling.api.servlets.HtmlResponse; +import org.apache.sling.commons.osgi.OsgiUtil; import org.apache.sling.servlets.post.impl.helper.RequestProperty; import org.apache.sling.jackrabbit.usermanager.impl.resource.AuthorizableResourceProvider; import org.apache.sling.jcr.api.SlingRepository; @@ -105,6 +107,23 @@ public class CreateUserServlet extends A private Boolean selfRegistrationEnabled = DEFAULT_SELF_REGISTRATION_ENABLED; /** + * The name of the configuration parameter providing the + * 'User administrator' group name. + * + * @scr.property valueRef="DEFAULT_USER_ADMIN_GROUP_NAME" + */ + private static final String PAR_USER_ADMIN_GROUP_NAME = "user.admin.group.name"; + + /** + * The default 'User administrator' group name + * + * @see #PAR_USER_ADMIN_GROUP_NAME + */ + private static final String DEFAULT_USER_ADMIN_GROUP_NAME = "UserAdmin"; + + private String userAdminGroupName = DEFAULT_USER_ADMIN_GROUP_NAME; + + /** * The JCR Repository we access to resolve resources * * @scr.reference @@ -155,6 +174,10 @@ public class CreateUserServlet extends A } else { selfRegistrationEnabled = DEFAULT_SELF_REGISTRATION_ENABLED; } + + this.userAdminGroupName = OsgiUtil.toString(props.get(PAR_USER_ADMIN_GROUP_NAME), + DEFAULT_USER_ADMIN_GROUP_NAME); + log.info("User Admin Group Name {}", this.userAdminGroupName); } /* @@ -176,6 +199,18 @@ public class CreateUserServlet extends A UserManager um = AccessControlUtil.getUserManager(currentSession); User currentUser = (User) um.getAuthorizable(currentSession.getUserID()); administrator = currentUser.isAdmin(); + + if (!administrator) { + //check if the user is a member of the 'User administrator' group + Authorizable userAdmin = um.getAuthorizable(this.userAdminGroupName); + if (userAdmin instanceof Group) { + boolean isMember = ((Group)userAdmin).isMember(currentUser); + if (isMember) { + administrator = true; + } + } + + } } catch ( Exception ex ) { log.warn("Failed to determin if the user is an admin, assuming not. Cause: "+ex.getMessage()); administrator = false; Modified: sling/trunk/launchpad/integration-tests/src/main/java/org/apache/sling/launchpad/webapp/integrationtest/userManager/CreateUserTest.java URL: http://svn.apache.org/viewvc/sling/trunk/launchpad/integration-tests/src/main/java/org/apache/sling/launchpad/webapp/integrationtest/userManager/CreateUserTest.java?rev=1098913&r1=1098912&r2=1098913&view=diff ============================================================================== --- sling/trunk/launchpad/integration-tests/src/main/java/org/apache/sling/launchpad/webapp/integrationtest/userManager/CreateUserTest.java (original) +++ sling/trunk/launchpad/integration-tests/src/main/java/org/apache/sling/launchpad/webapp/integrationtest/userManager/CreateUserTest.java Tue May 3 05:29:58 2011 @@ -197,5 +197,26 @@ public class CreateUserTest extends Abst //make sure the json response can be parsed as a JSON object JSONObject jsonObj = new JSONObject(json); assertNotNull(jsonObj); - } + } + + /** + * Test for SLING-2070 to verify that members of the UserAdmin group + * can create users. + */ + public void testCreateUserAsUserAdminGroupMember() throws IOException { + testUserId = createTestUser(); + addUserToUserAdminGroup(testUserId); + + String postUrl = HTTP_BASE_URL + "/system/userManager/user.create.html"; + + String userId = "testUser" + random.nextInt(); + List<NameValuePair> postParams = new ArrayList<NameValuePair>(); + postParams.add(new NameValuePair(":name", userId)); + postParams.add(new NameValuePair("pwd", "testPwd")); + postParams.add(new NameValuePair("pwdConfirm", "testPwd")); + + Credentials creds = new UsernamePasswordCredentials(testUserId, "testPwd"); + assertAuthenticatedPostStatus(creds, postUrl, HttpServletResponse.SC_OK, postParams, null); + } + }