[GitHub] [sling-org-apache-sling-jcr-repoinit] kwin commented on a change in pull request #14: SLING-10281 revert SLING-9449

Fri, 09 Apr 2021 00:31:07 -0700 


kwin commented on a change in pull request #14:
URL: 
https://github.com/apache/sling-org-apache-sling-jcr-repoinit/pull/14#discussion_r610409106



##########
File path: 
src/test/java/org/apache/sling/jcr/repoinit/PrincipalBasedAclTest.java
##########
@@ -485,10 +491,17 @@ public void  
principalAclNotAvailableRestrictionMismatch() throws Exception {
             Principal principal = 
adminSession.getUserManager().getAuthorizable("otherSystemPrincipal").getPrincipal();
             assertTrue(acMgr.hasPrivileges(path, 
Collections.singleton(principal), 
AccessControlUtils.privilegesFromNames(adminSession, Privilege.JCR_READ)));
 
+            // setting up principal-acl will not succeed (principal not 
located below supported path)
+            // since effective entry doesn't match the restriction -> setup 
must fail
             setup = "set principal ACL for otherSystemPrincipal \n"
                     + "allow jcr:read on " + path + " 
restriction(rep:glob,*mismatch)\n"
                     + "end";
-            U.parseAndExecute(setup);
+            try {
+                U.parseAndExecute(setup);
+                fail("Setting a principal ACL outside a supported path must 
not succeed");
+            } catch (RuntimeException e) {
+                // expected

Review comment:
       done in 
https://github.com/apache/sling-org-apache-sling-jcr-repoinit/pull/14/commits/cfadffb925ae3da29838a5f7a6a15630a147fbec

##########
File path: 
src/test/java/org/apache/sling/jcr/repoinit/PrincipalBasedAclTest.java
##########
@@ -510,14 +523,14 @@ public void  principalAclNotAvailableEntryPresent() 
throws Exception {
             assertTrue(acMgr.hasPrivileges(path, 
Collections.singleton(principal), 
AccessControlUtils.privilegesFromNames(adminSession, Privilege.JCR_READ)));
 
             // setting up principal-acl will not succeed (principal not 
located below supported path)
-            // but there exists an effective entry with the same definition -> 
no exception
             setup = "set principal ACL for otherSystemPrincipal \n"
                     + "allow jcr:read on " + path + "\n"
                     + "end";
-            U.parseAndExecute(setup);
-
-            for (AccessControlPolicy policy : acMgr.getPolicies(principal)) {
-                assertFalse(policy instanceof PrincipalAccessControlList);
+            try {
+                U.parseAndExecute(setup);
+                fail("Setting a principal ACL outside a supported path must 
not succeed");
+            } catch (RuntimeException e) {
+                // expected

Review comment:
       done in 
https://github.com/apache/sling-org-apache-sling-jcr-repoinit/pull/14/commits/cfadffb925ae3da29838a5f7a6a15630a147fbec

##########
File path: 
src/test/java/org/apache/sling/jcr/repoinit/PrincipalBasedAclTest.java
##########
@@ -537,15 +550,14 @@ public void  
principalAclNotAvailableEntryWithRestrictionPresent() throws Except
             U.parseAndExecute(setup);
 
             // setting up principal-acl will not succeed (principal not 
located below supported path)
-            // but there exists an equivalent entry with the same definition 
-> no exception
             setup = "set principal ACL for otherSystemPrincipal \n"
                     + "allow jcr:read on " + path + " 
restriction(rep:glob,*abc*)\n"
                     + "end";
-            U.parseAndExecute(setup);
-
-            Principal principal = 
adminSession.getUserManager().getAuthorizable("otherSystemPrincipal").getPrincipal();
-            for (AccessControlPolicy policy : acMgr.getPolicies(principal)) {
-                assertFalse(policy instanceof PrincipalAccessControlList);
+            try {
+                U.parseAndExecute(setup);
+                fail("Setting a principal ACL outside a supported path must 
not succeed");
+            } catch (RuntimeException e) {
+                // expected

Review comment:
       done in 
https://github.com/apache/sling-org-apache-sling-jcr-repoinit/pull/14/commits/cfadffb925ae3da29838a5f7a6a15630a147fbec

##########
File path: 
src/test/java/org/apache/sling/jcr/repoinit/PrincipalBasedAclTest.java
##########
@@ -461,10 +461,16 @@ public void  principalAclNotAvailable() throws Exception {
         try {
             // create service user outside of supported tree for 
principal-based access control
             U.parseAndExecute("create service user otherSystemPrincipal");
+            // principal-based ac-setup must fail as service user is not 
located below supported path
             String setup = "set principal ACL for otherSystemPrincipal \n"
                             + "allow jcr:read on " + path + "\n"
                             + "end";
-            U.parseAndExecute(setup);
+            try {
+                U.parseAndExecute(setup);
+                fail("Setting a principal ACL outside a supported path must 
not succeed");
+            } catch (RuntimeException e) {
+                // expected

Review comment:
       done in 
https://github.com/apache/sling-org-apache-sling-jcr-repoinit/pull/14/commits/cfadffb925ae3da29838a5f7a6a15630a147fbec




-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

Reply via email to