Author: enorman
Date: Tue May 3 05:29:58 2011
New Revision: 1098913
URL: http://svn.apache.org/viewvc?rev=1098913&view=rev
Log:
SLING-2070 Members of the UserAdmin group can not create a new user
Modified:
sling/trunk/bundles/jcr/jackrabbit-usermanager/src/main/java/org/apache/sling/jackrabbit/usermanager/impl/post/CreateUserServlet.java
sling/trunk/launchpad/integration-tests/src/main/java/org/apache/sling/launchpad/webapp/integrationtest/userManager/CreateUserTest.java
Modified:
sling/trunk/bundles/jcr/jackrabbit-usermanager/src/main/java/org/apache/sling/jackrabbit/usermanager/impl/post/CreateUserServlet.java
URL:
http://svn.apache.org/viewvc/sling/trunk/bundles/jcr/jackrabbit-usermanager/src/main/java/org/apache/sling/jackrabbit/usermanager/impl/post/CreateUserServlet.java?rev=1098913&r1=1098912&r2=1098913&view=diff
==============================================================================
---
sling/trunk/bundles/jcr/jackrabbit-usermanager/src/main/java/org/apache/sling/jackrabbit/usermanager/impl/post/CreateUserServlet.java
(original)
+++
sling/trunk/bundles/jcr/jackrabbit-usermanager/src/main/java/org/apache/sling/jackrabbit/usermanager/impl/post/CreateUserServlet.java
Tue May 3 05:29:58 2011
@@ -24,10 +24,12 @@ import javax.jcr.RepositoryException;
import javax.jcr.Session;
import org.apache.jackrabbit.api.security.user.Authorizable;
+import org.apache.jackrabbit.api.security.user.Group;
import org.apache.jackrabbit.api.security.user.User;
import org.apache.jackrabbit.api.security.user.UserManager;
import org.apache.sling.api.SlingHttpServletRequest;
import org.apache.sling.api.servlets.HtmlResponse;
+import org.apache.sling.commons.osgi.OsgiUtil;
import org.apache.sling.servlets.post.impl.helper.RequestProperty;
import
org.apache.sling.jackrabbit.usermanager.impl.resource.AuthorizableResourceProvider;
import org.apache.sling.jcr.api.SlingRepository;
@@ -105,6 +107,23 @@ public class CreateUserServlet extends A
private Boolean selfRegistrationEnabled =
DEFAULT_SELF_REGISTRATION_ENABLED;
/**
+ * The name of the configuration parameter providing the
+ * 'User administrator' group name.
+ *
+ * @scr.property valueRef="DEFAULT_USER_ADMIN_GROUP_NAME"
+ */
+ private static final String PAR_USER_ADMIN_GROUP_NAME =
"user.admin.group.name";
+
+ /**
+ * The default 'User administrator' group name
+ *
+ * @see #PAR_USER_ADMIN_GROUP_NAME
+ */
+ private static final String DEFAULT_USER_ADMIN_GROUP_NAME = "UserAdmin";
+
+ private String userAdminGroupName = DEFAULT_USER_ADMIN_GROUP_NAME;
+
+ /**
* The JCR Repository we access to resolve resources
*
* @scr.reference
@@ -155,6 +174,10 @@ public class CreateUserServlet extends A
} else {
selfRegistrationEnabled = DEFAULT_SELF_REGISTRATION_ENABLED;
}
+
+ this.userAdminGroupName =
OsgiUtil.toString(props.get(PAR_USER_ADMIN_GROUP_NAME),
+ DEFAULT_USER_ADMIN_GROUP_NAME);
+ log.info("User Admin Group Name {}", this.userAdminGroupName);
}
/*
@@ -176,6 +199,18 @@ public class CreateUserServlet extends A
UserManager um = AccessControlUtil.getUserManager(currentSession);
User currentUser = (User)
um.getAuthorizable(currentSession.getUserID());
administrator = currentUser.isAdmin();
+
+ if (!administrator) {
+ //check if the user is a member of the 'User
administrator' group
+ Authorizable userAdmin =
um.getAuthorizable(this.userAdminGroupName);
+ if (userAdmin instanceof Group) {
+ boolean isMember =
((Group)userAdmin).isMember(currentUser);
+ if (isMember) {
+ administrator = true;
+ }
+ }
+
+ }
} catch ( Exception ex ) {
log.warn("Failed to determin if the user is an admin, assuming
not. Cause: "+ex.getMessage());
administrator = false;
Modified:
sling/trunk/launchpad/integration-tests/src/main/java/org/apache/sling/launchpad/webapp/integrationtest/userManager/CreateUserTest.java
URL:
http://svn.apache.org/viewvc/sling/trunk/launchpad/integration-tests/src/main/java/org/apache/sling/launchpad/webapp/integrationtest/userManager/CreateUserTest.java?rev=1098913&r1=1098912&r2=1098913&view=diff
==============================================================================
---
sling/trunk/launchpad/integration-tests/src/main/java/org/apache/sling/launchpad/webapp/integrationtest/userManager/CreateUserTest.java
(original)
+++
sling/trunk/launchpad/integration-tests/src/main/java/org/apache/sling/launchpad/webapp/integrationtest/userManager/CreateUserTest.java
Tue May 3 05:29:58 2011
@@ -197,5 +197,26 @@ public class CreateUserTest extends Abst
//make sure the json response can be parsed as a JSON object
JSONObject jsonObj = new JSONObject(json);
assertNotNull(jsonObj);
- }
+ }
+
+ /**
+ * Test for SLING-2070 to verify that members of the UserAdmin group
+ * can create users.
+ */
+ public void testCreateUserAsUserAdminGroupMember() throws IOException {
+ testUserId = createTestUser();
+ addUserToUserAdminGroup(testUserId);
+
+ String postUrl = HTTP_BASE_URL +
"/system/userManager/user.create.html";
+
+ String userId = "testUser" + random.nextInt();
+ List<NameValuePair> postParams = new ArrayList<NameValuePair>();
+ postParams.add(new NameValuePair(":name", userId));
+ postParams.add(new NameValuePair("pwd", "testPwd"));
+ postParams.add(new NameValuePair("pwdConfirm", "testPwd"));
+
+ Credentials creds = new UsernamePasswordCredentials(testUserId,
"testPwd");
+ assertAuthenticatedPostStatus(creds, postUrl,
HttpServletResponse.SC_OK, postParams, null);
+ }
+
}
