4:35 a.m.
Author: dkuleshov
Date: 2010-12-20 05:35:46 -0500 (Mon, 20 Dec 2010)
New Revision: 3682
Added:
jcr/branches/1.12.x/exo.jcr.component.core/src/test/java/org/exoplatform/services/jcr/api/lock/TestLockPermissions.java
Modified:
jcr/branches/1.12.x/exo.jcr.component.core/src/main/java/org/exoplatform/services/jcr/impl/core/NodeImpl.java
Log:
JCR-1463: now lock operations does check any permission
Modified:
jcr/branches/1.12.x/exo.jcr.component.core/src/main/java/org/exoplatform/services/jcr/impl/core/NodeImpl.java
===================================================================
---
jcr/branches/1.12.x/exo.jcr.component.core/src/main/java/org/exoplatform/services/jcr/impl/core/NodeImpl.java 2010-12-20
10:25:55 UTC (rev 3681)
+++
jcr/branches/1.12.x/exo.jcr.component.core/src/main/java/org/exoplatform/services/jcr/impl/core/NodeImpl.java 2010-12-20
10:35:46 UTC (rev 3682)
@@ -1543,6 +1543,15 @@
if (!isNodeType(Constants.MIX_LOCKABLE))
throw new LockException("Node is not lockable " + getPath());
+ // session.checkPermission(getPath(), PermissionType.SET_PROPERTY) is not used
because RepositoryException
+ // is wrapped into AccessControlException
+ if (!session.getAccessManager().hasPermission(getACL(), new
String[]{PermissionType.SET_PROPERTY},
+ session.getUserState().getIdentity()))
+ {
+ throw new AccessDeniedException("Access denied: unlock operation " +
getPath() + " for: "
+ + session.getUserID() + " item owner " + getACL().getOwner());
+ }
+
if (dataManager.hasPendingChanges(getInternalPath()))
throw new InvalidItemStateException("Node has pending unsaved changes
" + getPath());
@@ -1579,6 +1588,15 @@
if (!isNodeType(Constants.MIX_LOCKABLE))
throw new LockException("Node is not lockable " + getPath());
+ // session.checkPermission(getPath(), PermissionType.SET_PROPERTY) is not used
because RepositoryException
+ // is wrapped into AccessControlException
+ if (!session.getAccessManager().hasPermission(getACL(), new
String[]{PermissionType.SET_PROPERTY},
+ session.getUserState().getIdentity()))
+ {
+ throw new AccessDeniedException("Access denied: unlock operation " +
getPath() + " for: "
+ + session.getUserID() + " item owner " + getACL().getOwner());
+ }
+
if (dataManager.hasPendingChanges(getInternalPath()))
throw new InvalidItemStateException("Node has pending unsaved changes
" + getPath());
@@ -2263,6 +2281,15 @@
if (dataManager.hasPendingChanges(getInternalPath()))
throw new InvalidItemStateException("Node has pending unsaved changes
" + getPath());
+ // session.checkPermission(getPath(), PermissionType.SET_PROPERTY) is not used
because RepositoryException
+ // is wrapped into AccessControlException
+ if (!session.getAccessManager().hasPermission(getACL(), new
String[]{PermissionType.SET_PROPERTY},
+ session.getUserState().getIdentity()))
+ {
+ throw new AccessDeniedException("Access denied: unlock operation " +
getPath() + " for: "
+ + session.getUserID() + " item owner " + getACL().getOwner());
+ }
+
doUnlock();
session.getActionHandler().postUnlock(this);
Added:
jcr/branches/1.12.x/exo.jcr.component.core/src/test/java/org/exoplatform/services/jcr/api/lock/TestLockPermissions.java
===================================================================
---
jcr/branches/1.12.x/exo.jcr.component.core/src/test/java/org/exoplatform/services/jcr/api/lock/TestLockPermissions.java
(rev 0)
+++
jcr/branches/1.12.x/exo.jcr.component.core/src/test/java/org/exoplatform/services/jcr/api/lock/TestLockPermissions.java 2010-12-20
10:35:46 UTC (rev 3682)
@@ -0,0 +1,242 @@
+/*
+ * Copyright (C) 2003-2010 eXo Platform SAS.
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Affero General Public License
+ * as published by the Free Software Foundation; either version 3
+ * of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see<http://www.gnu.org/licenses/>;.
+ */
+package org.exoplatform.services.jcr.api.lock;
+
+import org.exoplatform.services.jcr.JcrAPIBaseTest;
+import org.exoplatform.services.jcr.access.PermissionType;
+import org.exoplatform.services.jcr.core.CredentialsImpl;
+import org.exoplatform.services.jcr.impl.core.NodeImpl;
+
+import java.security.AccessControlException;
+import java.util.HashMap;
+
+import javax.jcr.AccessDeniedException;
+import javax.jcr.Node;
+import javax.jcr.RepositoryException;
+import javax.jcr.Session;
+import javax.jcr.lock.Lock;
+
+/**
+ * Created by The eXo Platform SAS.
+ *
+ * <br/>Date:
+ *
+ * @author <a href="karpenko.sergiy(a)gmail.com">Karpenko Sergiy</a>
+ * @version $Id: TestLockPermissions.java 111 2008-11-11 11:11:11Z serg $
+ */
+public class TestLockPermissions extends JcrAPIBaseTest
+{
+
+ private Node lockedNode = null;
+
+ public void setUp() throws Exception
+ {
+
+ super.setUp();
+
+ if (lockedNode == null)
+ try
+ {
+ lockedNode = root.addNode("rootLockPermissionsTest");
+ // if (lockedNode.canAddMixin("mix:lockable"))
+ // lockedNode.addMixin("mix:lockable");
+ root.save();
+ }
+ catch (RepositoryException e)
+ {
+ fail("Child node must be accessible and readable. But error occurs:
" + e);
+ }
+ }
+
+ public void testLockAccessDeniedException() throws RepositoryException
+ {
+ Session session1 = repository.login(new CredentialsImpl("admin",
"admin".toCharArray()), "ws");
+ NodeImpl nodeToLockSession1 =
+
(NodeImpl)session1.getRootNode().getNode("rootLockPermissionsTest").addNode("testLockSesssionScoped");
+ nodeToLockSession1.addMixin("mix:lockable");
+ nodeToLockSession1.addMixin("exo:owneable");
+ nodeToLockSession1.addMixin("exo:privilegeable");
+
+ // change permission
+ HashMap<String, String[]> perm = new HashMap<String, String[]>();
+ perm.put("john", new String[]{PermissionType.READ});
+ nodeToLockSession1.setPermissions(perm);
+ session1.save();
+
+ nodeToLockSession1.lock(true, false);// boolean isSessionScoped=false
+ assertTrue(nodeToLockSession1.isLocked());
+ nodeToLockSession1.unlock();
+ assertFalse(nodeToLockSession1.isLocked());
+
+ Session session2 = repository.login(new CredentialsImpl("john",
"exo".toCharArray()), "ws");
+ session2.checkPermission(nodeToLockSession1.getPath(), PermissionType.READ);
+ try
+ {
+ session2.checkPermission(nodeToLockSession1.getPath(),
PermissionType.SET_PROPERTY);
+ fail("AccessControlException should have been thrown ");
+ }
+ catch (AccessControlException e)
+ {
+ //ok
+ }
+
+ Node nodeToLockSession2 =
+
session2.getRootNode().getNode("rootLockPermissionsTest").getNode("testLockSesssionScoped");
+ assertFalse(nodeToLockSession2.isLocked());
+ try
+ {
+ try
+ {
+ // trying to lock
+ nodeToLockSession2.lock(true, false);
+ fail("Node locked. An AccessDeniedException should be thrown on set
property but doesn't");
+ }
+ catch (AccessDeniedException e)
+ {
+ // ok
+ }
+ }
+ finally
+ {
+ if (nodeToLockSession1.isLocked())
+ {
+ nodeToLockSession1.unlock();
+ }
+ session1.logout();
+ session2.logout();
+ }
+ }
+
+ public void testLockTimedAccessDeniedException() throws RepositoryException
+ {
+ Session session1 = repository.login(new CredentialsImpl("admin",
"admin".toCharArray()), "ws");
+ NodeImpl nodeToLockSession1 =
+
(NodeImpl)session1.getRootNode().getNode("rootLockPermissionsTest").addNode("testLockTimed");
+ nodeToLockSession1.addMixin("mix:lockable");
+ nodeToLockSession1.addMixin("exo:owneable");
+ nodeToLockSession1.addMixin("exo:privilegeable");
+
+ // change permission
+ HashMap<String, String[]> perm = new HashMap<String, String[]>();
+ perm.put("john", new String[]{PermissionType.READ});
+ nodeToLockSession1.setPermissions(perm);
+ session1.save();
+
+ nodeToLockSession1.lock(true, 100000);
+ assertTrue(nodeToLockSession1.isLocked());
+ nodeToLockSession1.unlock();
+ assertFalse(nodeToLockSession1.isLocked());
+
+ Session session2 = repository.login(new CredentialsImpl("john",
"exo".toCharArray()), "ws");
+ session2.checkPermission(nodeToLockSession1.getPath(), PermissionType.READ);
+ try
+ {
+ session2.checkPermission(nodeToLockSession1.getPath(),
PermissionType.SET_PROPERTY);
+ fail("AccessControlException should have been thrown ");
+ }
+ catch (AccessControlException e)
+ {
+ //ok
+ }
+
+ NodeImpl nodeToLockSession2 =
+
(NodeImpl)session2.getRootNode().getNode("rootLockPermissionsTest").getNode("testLockTimed");
+ assertFalse(nodeToLockSession2.isLocked());
+ try
+ {
+ try
+ {
+ // trying to lock
+ nodeToLockSession2.lock(true, 100000);
+ fail("Node locked. An AccessDeniedException should be thrown on set
property but doesn't");
+ }
+ catch (AccessDeniedException e)
+ {
+ // ok
+ }
+ }
+ finally
+ {
+ if (nodeToLockSession1.isLocked())
+ {
+ nodeToLockSession1.unlock();
+ }
+ session1.logout();
+ session2.logout();
+ }
+ }
+
+ public void testUnlockAccessDeniedException() throws RepositoryException
+ {
+ Session session1 = repository.login(new CredentialsImpl("admin",
"admin".toCharArray()), "ws");
+ NodeImpl nodeToLockSession1 =
+
(NodeImpl)session1.getRootNode().getNode("rootLockPermissionsTest").addNode("testUnlock");
+ nodeToLockSession1.addMixin("mix:lockable");
+ nodeToLockSession1.addMixin("exo:owneable");
+ nodeToLockSession1.addMixin("exo:privilegeable");
+
+ // change permission
+ HashMap<String, String[]> perm = new HashMap<String, String[]>();
+ perm.put("john", new String[]{PermissionType.READ});
+ nodeToLockSession1.setPermissions(perm);
+ session1.save();
+
+ Lock lock = nodeToLockSession1.lock(true, 100000);
+ assertTrue(nodeToLockSession1.isLocked());
+
+ Session session2 = repository.login(new CredentialsImpl("john",
"exo".toCharArray()), "ws");
+ session2.checkPermission(nodeToLockSession1.getPath(), PermissionType.READ);
+ try
+ {
+ session2.checkPermission(nodeToLockSession1.getPath(),
PermissionType.SET_PROPERTY);
+ fail("AccessControlException should have been thrown ");
+ }
+ catch (AccessControlException e)
+ {
+ //ok
+ }
+
+ NodeImpl nodeToLockSession2 =
+
(NodeImpl)session2.getRootNode().getNode("rootLockPermissionsTest").getNode("testUnlock");
+ assertTrue(nodeToLockSession2.isLocked());
+ try
+ {
+ try
+ {
+ session2.addLockToken(lock.getLockToken());
+
+ // trying to unlock
+ nodeToLockSession2.unlock();
+ fail("Node locked. An AccessDeniedException should be thrown on set
property but doesn't");
+ }
+ catch (AccessDeniedException e)
+ {
+ // ok
+ }
+ }
+ finally
+ {
+ if (nodeToLockSession1.isLocked())
+ {
+ nodeToLockSession1.unlock();
+ }
+ session1.logout();
+ session2.logout();
+ }
+ }
+
+}
\ No newline at end of file