kwin commented on a change in pull request #14:
URL:
https://github.com/apache/sling-org-apache-sling-jcr-repoinit/pull/14#discussion_r610409106
##########
File path:
src/test/java/org/apache/sling/jcr/repoinit/PrincipalBasedAclTest.java
##########
@@ -485,10 +491,17 @@ public void
principalAclNotAvailableRestrictionMismatch() throws Exception {
Principal principal =
adminSession.getUserManager().getAuthorizable("otherSystemPrincipal").getPrincipal();
assertTrue(acMgr.hasPrivileges(path,
Collections.singleton(principal),
AccessControlUtils.privilegesFromNames(adminSession, Privilege.JCR_READ)));
+ // setting up principal-acl will not succeed (principal not
located below supported path)
+ // since effective entry doesn't match the restriction -> setup
must fail
setup = "set principal ACL for otherSystemPrincipal \n"
+ "allow jcr:read on " + path + "
restriction(rep:glob,*mismatch)\n"
+ "end";
- U.parseAndExecute(setup);
+ try {
+ U.parseAndExecute(setup);
+ fail("Setting a principal ACL outside a supported path must
not succeed");
+ } catch (RuntimeException e) {
+ // expected
Review comment:
done in
https://github.com/apache/sling-org-apache-sling-jcr-repoinit/pull/14/commits/cfadffb925ae3da29838a5f7a6a15630a147fbec
##########
File path:
src/test/java/org/apache/sling/jcr/repoinit/PrincipalBasedAclTest.java
##########
@@ -510,14 +523,14 @@ public void principalAclNotAvailableEntryPresent()
throws Exception {
assertTrue(acMgr.hasPrivileges(path,
Collections.singleton(principal),
AccessControlUtils.privilegesFromNames(adminSession, Privilege.JCR_READ)));
// setting up principal-acl will not succeed (principal not
located below supported path)
- // but there exists an effective entry with the same definition ->
no exception
setup = "set principal ACL for otherSystemPrincipal \n"
+ "allow jcr:read on " + path + "\n"
+ "end";
- U.parseAndExecute(setup);
-
- for (AccessControlPolicy policy : acMgr.getPolicies(principal)) {
- assertFalse(policy instanceof PrincipalAccessControlList);
+ try {
+ U.parseAndExecute(setup);
+ fail("Setting a principal ACL outside a supported path must
not succeed");
+ } catch (RuntimeException e) {
+ // expected
Review comment:
done in
https://github.com/apache/sling-org-apache-sling-jcr-repoinit/pull/14/commits/cfadffb925ae3da29838a5f7a6a15630a147fbec
##########
File path:
src/test/java/org/apache/sling/jcr/repoinit/PrincipalBasedAclTest.java
##########
@@ -537,15 +550,14 @@ public void
principalAclNotAvailableEntryWithRestrictionPresent() throws Except
U.parseAndExecute(setup);
// setting up principal-acl will not succeed (principal not
located below supported path)
- // but there exists an equivalent entry with the same definition
-> no exception
setup = "set principal ACL for otherSystemPrincipal \n"
+ "allow jcr:read on " + path + "
restriction(rep:glob,*abc*)\n"
+ "end";
- U.parseAndExecute(setup);
-
- Principal principal =
adminSession.getUserManager().getAuthorizable("otherSystemPrincipal").getPrincipal();
- for (AccessControlPolicy policy : acMgr.getPolicies(principal)) {
- assertFalse(policy instanceof PrincipalAccessControlList);
+ try {
+ U.parseAndExecute(setup);
+ fail("Setting a principal ACL outside a supported path must
not succeed");
+ } catch (RuntimeException e) {
+ // expected
Review comment:
done in
https://github.com/apache/sling-org-apache-sling-jcr-repoinit/pull/14/commits/cfadffb925ae3da29838a5f7a6a15630a147fbec
##########
File path:
src/test/java/org/apache/sling/jcr/repoinit/PrincipalBasedAclTest.java
##########
@@ -461,10 +461,16 @@ public void principalAclNotAvailable() throws Exception {
try {
// create service user outside of supported tree for
principal-based access control
U.parseAndExecute("create service user otherSystemPrincipal");
+ // principal-based ac-setup must fail as service user is not
located below supported path
String setup = "set principal ACL for otherSystemPrincipal \n"
+ "allow jcr:read on " + path + "\n"
+ "end";
- U.parseAndExecute(setup);
+ try {
+ U.parseAndExecute(setup);
+ fail("Setting a principal ACL outside a supported path must
not succeed");
+ } catch (RuntimeException e) {
+ // expected
Review comment:
done in
https://github.com/apache/sling-org-apache-sling-jcr-repoinit/pull/14/commits/cfadffb925ae3da29838a5f7a6a15630a147fbec
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
