Author: tolusha
Date: 2010-12-30 03:36:44 -0500 (Thu, 30 Dec 2010)
New Revision: 3751
Modified:
jcr/branches/1.12.x/exo.jcr.component.core/src/main/java/org/exoplatform/services/jcr/impl/core/version/ItemDataRestoreVisitor.java
jcr/branches/1.12.x/exo.jcr.component.core/src/test/java/org/exoplatform/services/jcr/impl/access/TestPermissions.java
Log:
JCR-1529: Node restore result depends on cache eviction
Modified:
jcr/branches/1.12.x/exo.jcr.component.core/src/main/java/org/exoplatform/services/jcr/impl/core/version/ItemDataRestoreVisitor.java
===================================================================
---
jcr/branches/1.12.x/exo.jcr.component.core/src/main/java/org/exoplatform/services/jcr/impl/core/version/ItemDataRestoreVisitor.java 2010-12-29
08:29:37 UTC (rev 3750)
+++
jcr/branches/1.12.x/exo.jcr.component.core/src/main/java/org/exoplatform/services/jcr/impl/core/version/ItemDataRestoreVisitor.java 2010-12-30
08:36:44 UTC (rev 3751)
@@ -18,6 +18,9 @@
*/
package org.exoplatform.services.jcr.impl.core.version;
+import org.exoplatform.services.jcr.access.AccessControlEntry;
+import org.exoplatform.services.jcr.access.AccessControlList;
+import org.exoplatform.services.jcr.access.SystemIdentity;
import org.exoplatform.services.jcr.core.nodetype.NodeTypeDataManager;
import org.exoplatform.services.jcr.dataflow.ItemState;
import org.exoplatform.services.jcr.datamodel.IllegalNameException;
@@ -320,7 +323,10 @@
(PropertyData)dataManager.getItemData(frozen, new
QPathEntry(Constants.JCR_FROZENMIXINTYPES, 0),
ItemType.PROPERTY);
+ AccessControlList acl = parentData.getACL();
InternalQName[] mixins = null;
+ String owner = null;
+
if (frozenMixinTypes != null)
{
try
@@ -331,6 +337,29 @@
{
ValueData mvd = mvs.get(i);
mixins[i] = InternalQName.parse(new String(mvd.getAsByteArray()));
+
+ if (mixins[i].equals(Constants.EXO_PRIVILEGEABLE))
+ {
+ PropertyData aclData =
+ (PropertyData)dataManager.getItemData(frozen, new
QPathEntry(Constants.EXO_PERMISSIONS, 0),
+ ItemType.PROPERTY);
+
+ acl = new AccessControlList();
+ acl.removePermissions(SystemIdentity.ANY);
+
+ for (ValueData value : aclData.getValues())
+ {
+ acl.addPermissions(new String(value.getAsByteArray(),
Constants.DEFAULT_ENCODING));
+ }
+ }
+ else if (mixins[i].equals(Constants.EXO_OWNEABLE))
+ {
+ PropertyData ownerData =
+ (PropertyData)dataManager.getItemData(frozen, new
QPathEntry(Constants.EXO_OWNER, 0),
+ ItemType.PROPERTY);
+
+ owner = new String(ownerData.getValues().get(0).getAsByteArray(),
Constants.DEFAULT_ENCODING);
+ }
}
}
catch (IllegalNameException e)
@@ -350,6 +379,9 @@
}
}
+ // set new owner if exists
+ acl.setOwner(owner != null ? owner : parentData.getACL().getOwner());
+
InternalQName ptName = null;
try
{
@@ -374,7 +406,7 @@
// create restored version of the node
NodeData restoredData =
new TransientNodeData(nodePath, fidentifier, (existing != null ?
existing.getPersistedVersion() : -1), ptName,
- mixins == null ? new InternalQName[0] : mixins, 0,
parentData.getIdentifier(), parentData.getACL());
+ mixins == null ? new InternalQName[0] : mixins, 0,
parentData.getIdentifier(), acl);
changes.add(ItemState.createAddedState(restoredData));
@@ -589,10 +621,32 @@
}
}
+ boolean isPrivilegeable =
+ nodeTypeDataManager.isNodeType(Constants.EXO_PRIVILEGEABLE,
frozen.getPrimaryTypeName(),
+ frozen.getMixinTypeNames());
+
+ boolean isOwneable =
+ nodeTypeDataManager.isNodeType(Constants.EXO_OWNEABLE,
frozen.getPrimaryTypeName(),
+ frozen.getMixinTypeNames());
+
+ AccessControlList acl = currentNode().getACL();
+ if (isPrivilegeable || isOwneable)
+ {
+ acl = new AccessControlList();
+ acl.removePermissions(SystemIdentity.ANY);
+
+ for (AccessControlEntry entry : (isPrivilegeable ? frozen.getACL() :
currentNode().getACL())
+ .getPermissionEntries())
+ {
+ acl.addPermissions(entry.getIdentity(), new
String[]{entry.getPermission()});
+ }
+
+ acl.setOwner(isOwneable ? frozen.getACL().getOwner() :
currentNode().getACL().getOwner());
+ }
+
NodeData restoredData =
new TransientNodeData(restoredPath, jcrUuid, frozen.getPersistedVersion(),
frozen.getPrimaryTypeName(),
- frozen.getMixinTypeNames(), frozen.getOrderNumber(),
currentNode().getIdentifier(), // parent
- frozen.getACL());
+ frozen.getMixinTypeNames(), frozen.getOrderNumber(),
currentNode().getIdentifier(), acl);
changes.add(ItemState.createAddedState(restoredData));
pushCurrent(restoredData);
Modified:
jcr/branches/1.12.x/exo.jcr.component.core/src/test/java/org/exoplatform/services/jcr/impl/access/TestPermissions.java
===================================================================
---
jcr/branches/1.12.x/exo.jcr.component.core/src/test/java/org/exoplatform/services/jcr/impl/access/TestPermissions.java 2010-12-29
08:29:37 UTC (rev 3750)
+++
jcr/branches/1.12.x/exo.jcr.component.core/src/test/java/org/exoplatform/services/jcr/impl/access/TestPermissions.java 2010-12-30
08:36:44 UTC (rev 3751)
@@ -22,6 +22,7 @@
import org.exoplatform.services.jcr.access.PermissionType;
import org.exoplatform.services.jcr.access.SystemIdentity;
import org.exoplatform.services.jcr.core.CredentialsImpl;
+import org.exoplatform.services.jcr.datamodel.NodeData;
import org.exoplatform.services.jcr.impl.core.NodeImpl;
import org.exoplatform.services.jcr.impl.core.SessionImpl;
@@ -296,4 +297,258 @@
}
}
}
+
+ /**
+ * Test restore of exo:privilegeable.
+ */
+ public void testPrivilegeable() throws Exception
+ {
+ final String TESTNODE_NAME = "testRestorePrivilegeable";
+ final String CHILD_TESTNODE_NAME1 = "childTestRestorePrivilegeable1";
+ final String CHILD_TESTNODE_NAME2 = "childTestRestorePrivilegeable2";
+ final String CHILD_TESTNODE_NAME3 = "childTestRestorePrivilegeable3";
+ final String CHILD_TESTNODE_NAME4 = "childTestRestorePrivilegeable4";
+
+ Credentials johnCredentials = new CredentialsImpl("john",
"exo".toCharArray());
+ SessionImpl johnSession =
(SessionImpl)repositoryService.getRepository("db2").login(johnCredentials,
"ws1");
+
+ Credentials anonCredentials = new CredentialsImpl(SystemIdentity.ANONIM,
"".toCharArray());
+ SessionImpl anonSession =
(SessionImpl)repositoryService.getRepository("db2").login(anonCredentials,
"ws1");
+
+ NodeImpl node = (NodeImpl)sessionWS1.getRootNode().addNode(TESTNODE_NAME);
+ node.addMixin("exo:privilegeable");
+ node.addMixin("exo:owneable");
+ node.addMixin("mix:versionable");
+ node.setPermission("*:/platform/administrators", PermissionType.ALL);
+ node.setPermission("mary",
+ new String[]{PermissionType.READ, PermissionType.SET_PROPERTY,
PermissionType.ADD_NODE});
+ node.removePermission(SystemIdentity.ANY);
+ sessionWS1.save();
+
+ // child node exo:privilegeable & exo:owneable
+ NodeImpl childNode1 = (NodeImpl)node.addNode(CHILD_TESTNODE_NAME1);
+ childNode1.addMixin("exo:privilegeable");
+ childNode1.addMixin("exo:owneable");
+ childNode1.setPermission("*:/platform/administrators",
PermissionType.ALL);
+ childNode1.setPermission("mary", new String[]{PermissionType.READ,
PermissionType.SET_PROPERTY});
+ childNode1.removePermission(SystemIdentity.ANY);
+ sessionWS1.save();
+
+ // child node all inherited from parent
+ NodeImpl childNode2 = (NodeImpl)node.addNode(CHILD_TESTNODE_NAME2);
+ sessionWS1.save();
+
+ // child node exo:owneable
+ node = (NodeImpl)johnSession.getRootNode().getNode(TESTNODE_NAME);
+ NodeImpl childNode3 = (NodeImpl)node.addNode(CHILD_TESTNODE_NAME3);
+ childNode3.addMixin("exo:owneable");
+ johnSession.save();
+
+ node = (NodeImpl)sessionWS1.getRootNode().getNode(TESTNODE_NAME);
+
+ // child node exo:privilegeable
+ NodeImpl childNode4 = (NodeImpl)node.addNode(CHILD_TESTNODE_NAME4);
+ childNode4.addMixin("exo:privilegeable");
+ childNode4.setPermission("*:/platform/administrators",
PermissionType.ALL);
+ childNode4.setPermission("mary", new String[]{PermissionType.READ,
PermissionType.SET_PROPERTY});
+ childNode4.removePermission(SystemIdentity.ANY);
+ sessionWS1.save();
+
+ // check what we have
+ NodeImpl marysNode =
(NodeImpl)sessionMaryWS1.getRootNode().getNode(TESTNODE_NAME);
+ assertTrue(marysNode.hasPermission(PermissionType.READ));
+ assertTrue(marysNode.hasPermission(PermissionType.SET_PROPERTY));
+ assertTrue(marysNode.hasPermission(PermissionType.ADD_NODE));
+ assertFalse(marysNode.hasPermission(PermissionType.REMOVE));
+ assertEquals(((NodeData)marysNode.getData()).getACL().getOwner(),
"admin");
+
+ NodeImpl marysChildNode1 = (NodeImpl)marysNode.getNode(CHILD_TESTNODE_NAME1);
+ assertTrue(marysChildNode1.hasPermission(PermissionType.READ));
+ assertTrue(marysChildNode1.hasPermission(PermissionType.SET_PROPERTY));
+ assertFalse(marysChildNode1.hasPermission(PermissionType.ADD_NODE));
+ assertEquals(((NodeData)marysChildNode1.getData()).getACL().getOwner(),
"admin");
+
+ NodeImpl marysChildNode2 = (NodeImpl)marysNode.getNode(CHILD_TESTNODE_NAME2);
+ assertTrue(marysNode.hasPermission(PermissionType.READ));
+ assertTrue(marysNode.hasPermission(PermissionType.SET_PROPERTY));
+ assertTrue(marysNode.hasPermission(PermissionType.ADD_NODE));
+ assertFalse(marysNode.hasPermission(PermissionType.REMOVE));;
+ assertEquals(((NodeData)marysChildNode2.getData()).getACL().getOwner(),
"admin");
+
+ NodeImpl marysChildNode3 = (NodeImpl)marysNode.getNode(CHILD_TESTNODE_NAME3);
+ assertTrue(marysChildNode3.hasPermission(PermissionType.READ));
+ assertTrue(marysChildNode3.hasPermission(PermissionType.SET_PROPERTY));
+ assertTrue(marysChildNode3.hasPermission(PermissionType.ADD_NODE));
+ assertFalse(marysChildNode3.hasPermission(PermissionType.REMOVE));
+ assertEquals(((NodeData)marysChildNode3.getData()).getACL().getOwner(),
"john");
+
+ NodeImpl marysChildNode4 = (NodeImpl)marysNode.getNode(CHILD_TESTNODE_NAME4);
+ assertTrue(marysChildNode4.hasPermission(PermissionType.READ));
+ assertTrue(marysChildNode4.hasPermission(PermissionType.SET_PROPERTY));
+ assertFalse(marysChildNode4.hasPermission(PermissionType.REMOVE));;
+ assertEquals(((NodeData)marysChildNode2.getData()).getACL().getOwner(),
"admin");
+
+ // for __anonim
+ try
+ {
+ anonSession.getRootNode().getNode(TESTNODE_NAME);
+ }
+ catch (AccessDeniedException e)
+ {
+ // ok
+ }
+
+ // v1
+ node.checkin();
+ node.checkout();
+
+ try
+ {
+ // restore v1
+ node.restore("1", true);
+ }
+ catch (AccessDeniedException e)
+ {
+ fail("Restore should succeed");
+ }
+
+ // check what we have after restore
+ marysNode = (NodeImpl)sessionMaryWS1.getRootNode().getNode(TESTNODE_NAME);
+ assertTrue(marysNode.hasPermission(PermissionType.READ));
+ assertTrue(marysNode.hasPermission(PermissionType.SET_PROPERTY));
+ assertTrue(marysNode.hasPermission(PermissionType.ADD_NODE));
+ assertFalse(marysNode.hasPermission(PermissionType.REMOVE));
+ assertEquals(((NodeData)marysNode.getData()).getACL().getOwner(),
"admin");
+
+ marysChildNode1 = (NodeImpl)marysNode.getNode(CHILD_TESTNODE_NAME1);
+ assertTrue(marysChildNode1.hasPermission(PermissionType.READ));
+ assertTrue(marysChildNode1.hasPermission(PermissionType.SET_PROPERTY));
+ assertFalse(marysChildNode1.hasPermission(PermissionType.ADD_NODE));
+ assertEquals(((NodeData)marysChildNode1.getData()).getACL().getOwner(),
"admin");
+
+ marysChildNode2 = (NodeImpl)marysNode.getNode(CHILD_TESTNODE_NAME2);
+ assertTrue(marysNode.hasPermission(PermissionType.READ));
+ assertTrue(marysNode.hasPermission(PermissionType.SET_PROPERTY));
+ assertTrue(marysNode.hasPermission(PermissionType.ADD_NODE));
+ assertFalse(marysNode.hasPermission(PermissionType.REMOVE));
+ assertEquals(((NodeData)marysChildNode2.getData()).getACL().getOwner(),
"admin");;
+
+ marysChildNode3 = (NodeImpl)marysNode.getNode(CHILD_TESTNODE_NAME3);
+ assertTrue(marysChildNode3.hasPermission(PermissionType.READ));
+ assertTrue(marysChildNode3.hasPermission(PermissionType.SET_PROPERTY));
+ assertTrue(marysChildNode3.hasPermission(PermissionType.ADD_NODE));
+ assertFalse(marysChildNode3.hasPermission(PermissionType.REMOVE));
+ assertEquals(((NodeData)marysChildNode3.getData()).getACL().getOwner(),
"john");
+
+ marysChildNode4 = (NodeImpl)marysNode.getNode(CHILD_TESTNODE_NAME4);
+ assertTrue(marysChildNode4.hasPermission(PermissionType.READ));
+ assertTrue(marysChildNode4.hasPermission(PermissionType.SET_PROPERTY));
+ assertFalse(marysChildNode4.hasPermission(PermissionType.REMOVE));;
+ assertEquals(((NodeData)marysChildNode2.getData()).getACL().getOwner(),
"admin");
+
+ // for __anonim
+ try
+ {
+ anonSession.getRootNode().getNode(TESTNODE_NAME);
+ }
+ catch (AccessDeniedException e)
+ {
+ // ok
+ }
+ finally
+ {
+ anonSession.logout();
+ }
+
+ johnSession.logout();
+ }
+
+ /**
+ * Test restore of exo:privilegeable.
+ */
+ public void testPrivilegeable2() throws Exception
+ {
+ final String TESTNODE_NAME = "testRestorePrivilegeable2";
+
+ NodeImpl node = (NodeImpl)sessionWS1.getRootNode().addNode(TESTNODE_NAME);
+ node.addMixin("exo:privilegeable");
+ node.addMixin("mix:versionable");
+ node.setPermission("*:/platform/administrators", PermissionType.ALL);
+ node.setPermission("mary",
+ new String[]{PermissionType.READ, PermissionType.SET_PROPERTY,
PermissionType.ADD_NODE});
+ node.removePermission(SystemIdentity.ANY);
+ sessionWS1.save();
+
+ // check what we have
+ NodeImpl marysNode =
(NodeImpl)sessionMaryWS1.getRootNode().getNode(TESTNODE_NAME);
+ assertTrue(marysNode.hasPermission(PermissionType.READ));
+ assertTrue(marysNode.hasPermission(PermissionType.SET_PROPERTY));
+ assertTrue(marysNode.hasPermission(PermissionType.ADD_NODE));
+ assertFalse(marysNode.hasPermission(PermissionType.REMOVE));
+ assertEquals(((NodeData)marysNode.getData()).getACL().getOwner(),
SystemIdentity.SYSTEM);
+
+ // v1
+ node.checkin();
+ node.checkout();
+
+ try
+ {
+ // restore v1
+ node.restore("1", true);
+ }
+ catch (AccessDeniedException e)
+ {
+ fail("Restore should succeed");
+ }
+
+ // check what we have after restore
+ marysNode = (NodeImpl)sessionMaryWS1.getRootNode().getNode(TESTNODE_NAME);
+ assertTrue(marysNode.hasPermission(PermissionType.READ));
+ assertTrue(marysNode.hasPermission(PermissionType.SET_PROPERTY));
+ assertTrue(marysNode.hasPermission(PermissionType.ADD_NODE));
+ assertFalse(marysNode.hasPermission(PermissionType.REMOVE));
+ assertEquals(((NodeData)marysNode.getData()).getACL().getOwner(),
SystemIdentity.SYSTEM);
+ }
+
+ /**
+ * Test restore of exo:privilegeable.
+ */
+ public void testPrivilegeable3() throws Exception
+ {
+ final String TESTNODE_NAME = "testRestorePrivilegeable3";
+
+ NodeImpl node = (NodeImpl)sessionWS1.getRootNode().addNode(TESTNODE_NAME);
+ node.addMixin("exo:owneable");
+ node.addMixin("mix:versionable");
+ sessionWS1.save();
+
+ // check what we have
+ NodeImpl marysNode =
(NodeImpl)sessionMaryWS1.getRootNode().getNode(TESTNODE_NAME);
+ assertEquals(marysNode.getACL().getPermissionsSize(), 4);
+ assertEquals(marysNode.getACL().getPermissions(SystemIdentity.ANY).size(), 4);
+ assertEquals(marysNode.getACL().getPermissions("mary").size(), 0);
+ assertEquals(((NodeData)marysNode.getData()).getACL().getOwner(),
"admin");
+
+ // v1
+ node.checkin();
+ node.checkout();
+
+ try
+ {
+ // restore v1
+ node.restore("1", true);
+ }
+ catch (AccessDeniedException e)
+ {
+ fail("Restore should succeed");
+ }
+
+ // check what we have after restore
+ marysNode = (NodeImpl)sessionMaryWS1.getRootNode().getNode(TESTNODE_NAME);
+ assertEquals(marysNode.getACL().getPermissionsSize(), 4);
+ assertEquals(marysNode.getACL().getPermissions(SystemIdentity.ANY).size(), 4);
+ assertEquals(marysNode.getACL().getPermissions("mary").size(), 0);
+ assertEquals(((NodeData)marysNode.getData()).getACL().getOwner(),
"admin");
+ }
+
}