[sling-org-apache-sling-jcr-repoinit] branch master updated: SLING-8619 - RepoInitGrammer: Add repository-level marker to pathsList

Thu, 19 Sep 2019 08:10:58 -0700 

This is an automated email from the ASF dual-hosted git repository.

rombert pushed a commit to branch master
in repository 
https://gitbox.apache.org/repos/asf/sling-org-apache-sling-jcr-repoinit.git


The following commit(s) were added to refs/heads/master by this push:
     new af22095  SLING-8619 - RepoInitGrammer: Add repository-level marker to 
pathsList
af22095 is described below

commit af2209510349219aa8c447e49e80478a7d60383f
Author: Angela Schreiber <[email protected]>
AuthorDate: Thu Sep 19 17:09:44 2019 +0200

    SLING-8619 - RepoInitGrammer: Add repository-level marker to pathsList
---
 pom.xml                                            |  2 +-
 .../apache/sling/jcr/repoinit/impl/AclUtil.java    | 11 +++++--
 .../apache/sling/jcr/repoinit/GeneralAclTest.java  | 37 ++++++++++++++++++++++
 3 files changed, 46 insertions(+), 4 deletions(-)

diff --git a/pom.xml b/pom.xml
index db46ebd..80e31b0 100644
--- a/pom.xml
+++ b/pom.xml
@@ -253,7 +253,7 @@
         <dependency>
             <groupId>org.apache.sling</groupId>
             <artifactId>org.apache.sling.repoinit.parser</artifactId>
-            <version>1.2.4</version>
+            <version>1.2.7-SNAPSHOT</version>
             <scope>provided</scope>
         </dependency>
         <dependency>
diff --git a/src/main/java/org/apache/sling/jcr/repoinit/impl/AclUtil.java 
b/src/main/java/org/apache/sling/jcr/repoinit/impl/AclUtil.java
index cdbda7a..4128dbb 100644
--- a/src/main/java/org/apache/sling/jcr/repoinit/impl/AclUtil.java
+++ b/src/main/java/org/apache/sling/jcr/repoinit/impl/AclUtil.java
@@ -38,6 +38,7 @@ import 
org.apache.jackrabbit.api.security.JackrabbitAccessControlList;
 import org.apache.jackrabbit.api.security.JackrabbitAccessControlManager;
 import org.apache.jackrabbit.api.security.user.Authorizable;
 import 
org.apache.jackrabbit.commons.jackrabbit.authorization.AccessControlUtils;
+import org.apache.sling.repoinit.parser.operations.AclLine;
 import org.apache.sling.repoinit.parser.operations.RestrictionClause;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@@ -101,10 +102,14 @@ public class AclUtil {
     public static void setAcl(Session session, List<String> principals, 
List<String> paths, List<String> privileges, boolean isAllow, 
List<RestrictionClause> restrictionClauses)
             throws RepositoryException {
         for (String path : paths) {
-            if(!session.nodeExists(path)) {
-                throw new PathNotFoundException("Cannot set ACL on 
non-existent path " + path);
+            if (AclLine.PATH_REPOSITORY.equals(path)) {
+                setRepositoryAcl(session, principals, privileges, isAllow, 
restrictionClauses);
+            } else {
+                if (!session.nodeExists(path)) {
+                    throw new PathNotFoundException("Cannot set ACL on 
non-existent path " + path);
+                }
+                setAcl(session, principals, path, privileges, isAllow, 
restrictionClauses);
             }
-            setAcl(session, principals, path, privileges, isAllow, 
restrictionClauses);
         }
     }
 
diff --git a/src/test/java/org/apache/sling/jcr/repoinit/GeneralAclTest.java 
b/src/test/java/org/apache/sling/jcr/repoinit/GeneralAclTest.java
index 92ebdfb..c395f81 100644
--- a/src/test/java/org/apache/sling/jcr/repoinit/GeneralAclTest.java
+++ b/src/test/java/org/apache/sling/jcr/repoinit/GeneralAclTest.java
@@ -27,7 +27,9 @@ import javax.jcr.RepositoryException;
 import javax.jcr.Session;
 import javax.jcr.nodetype.NodeTypeManager;
 import javax.jcr.nodetype.NodeTypeTemplate;
+import javax.jcr.security.Privilege;
 
+import 
org.apache.jackrabbit.commons.jackrabbit.authorization.AccessControlUtils;
 import org.apache.sling.jcr.repoinit.impl.TestUtil;
 import org.apache.sling.repoinit.parser.RepoInitParsingException;
 import org.apache.sling.testing.mock.sling.ResourceResolverType;
@@ -149,6 +151,41 @@ public class GeneralAclTest {
     }
 
     @Test
+    public void addPathAclWithRepositoryPath() throws Exception {
+        final String aclSetup =
+                "set ACL on :repository\n"
+                        + "allow jcr:namespaceManagement for "+U.username+"\n"
+                        + "end"
+                ;
+
+        U.parseAndExecute(aclSetup);
+        try {
+            s.refresh(false);
+            assertTrue(s.getAccessControlManager().hasPrivileges(null, 
AccessControlUtils.privilegesFromNames(s, "jcr:namespaceManagement")));
+        } finally {
+            s.logout();
+        }
+    }
+
+    @Test
+    public void addPrincipalAclWithRepositoryPath() throws Exception {
+        final String aclSetup =
+                "set ACL for " + U.username + "\n"
+                        + "allow jcr:all on :repository,/\n"
+                        + "end"
+                ;
+
+        U.parseAndExecute(aclSetup);
+        try {
+            s.refresh(false);
+            assertTrue(s.getAccessControlManager().hasPrivileges(null, 
AccessControlUtils.privilegesFromNames(s, Privilege.JCR_ALL)));
+            assertTrue(s.getAccessControlManager().hasPrivileges("/", 
AccessControlUtils.privilegesFromNames(s, Privilege.JCR_ALL)));
+        } finally {
+            s.logout();
+        }
+    }
+
+    @Test
     public void addRepositoryAcl() throws Exception {
         final String aclSetup =
                 "set repository ACL for " + userA + "," + userB + "\n"

Reply via email to