Author: sohil.shah(a)jboss.com
Date: 2007-09-04 15:20:16 -0400 (Tue, 04 Sep 2007)
New Revision: 8154
Modified:
trunk/cms/build.xml
trunk/cms/src/main/org/jboss/portal/cms/impl/jcr/command/ACLEnforcer.java
trunk/cms/src/main/org/jboss/portal/test/cms/security/IdentityDataLoader.java
trunk/cms/src/main/org/jboss/portal/test/cms/security/TestWriteAccess.java
trunk/core-wsrp/
trunk/thirdparty/
Log:
JBPORTAL-1668 - A user with "Administrator" privileges is not able to create
resources at the root level of the CMS repo. Bug fix so that cms testsuite runs with no
errors on all cms security scenarios.
Modified: trunk/cms/build.xml
===================================================================
--- trunk/cms/build.xml 2007-09-04 19:09:45 UTC (rev 8153)
+++ trunk/cms/build.xml 2007-09-04 19:20:16 UTC (rev 8154)
@@ -415,7 +415,6 @@
<test todir="${test.reports}"
name="org.jboss.portal.test.cms.TestRepositoryBootStrap"/>
<test todir="${test.reports}"
name="org.jboss.portal.test.cms.TestRegEx"/>
<test todir="${test.reports}"
name="org.jboss.portal.test.cms.TestRepositoryUtil"/>
-
<!-- cms file command tests -->
<test todir="${test.reports}"
name="org.jboss.portal.test.cms.commands.TestFileCreate"/>
@@ -427,8 +426,7 @@
<test todir="${test.reports}"
name="org.jboss.portal.test.cms.commands.TestFileCopy"/>
<test todir="${test.reports}"
name="org.jboss.portal.test.cms.commands.TestFileCreateFailed"/>
<test todir="${test.reports}"
name="org.jboss.portal.test.cms.commands.TestFileDelete"/>
- <test todir="${test.reports}"
name="org.jboss.portal.test.cms.commands.TestSearch"/>
-
+ <test todir="${test.reports}"
name="org.jboss.portal.test.cms.commands.TestSearch"/>
<!-- cms folder command tests -->
<test todir="${test.reports}"
name="org.jboss.portal.test.cms.commands.TestFolderCopy"/>
@@ -436,7 +434,6 @@
<test todir="${test.reports}"
name="org.jboss.portal.test.cms.commands.TestFolderDelete"/>
<test todir="${test.reports}"
name="org.jboss.portal.test.cms.commands.TestFolderGet"/>
<test todir="${test.reports}"
name="org.jboss.portal.test.cms.commands.TestFolderUpdate"/>
-
<!-- cms fine grained security related tests -->
<test todir="${test.reports}"
name="org.jboss.portal.test.cms.security.TestReadAccess"/>
@@ -444,7 +441,7 @@
<test todir="${test.reports}"
name="org.jboss.portal.test.cms.security.TestManageAccess"/>
- <!-- cms workflow related tests -->
+ <!-- cms workflow related tests -->
<test todir="${test.reports}"
name="org.jboss.portal.test.cms.workflow.TestApprovedPublish"/>
<test todir="${test.reports}"
name="org.jboss.portal.test.cms.workflow.TestDeniedPublish"/>
</x-test>
@@ -508,5 +505,16 @@
</fileset>
<report format="frames"
todir="${build.reports}/html"/>
</junitreport>
- </target>
+ </target>
+ <target name="reports-noframes" depends="init">
+ <mkdir dir="${build.reports}"/>
+ <mkdir dir="${build.reports}/html"/>
+ <property name="test.reports"
value="${module.output}/tests"/>
+ <junitreport todir="${build.reports}">
+ <fileset dir="${test.reports}">
+ <include name="TEST-*.xml"/>
+ </fileset>
+ <report format="noframes"
todir="${build.reports}/html"/>
+ </junitreport>
+ </target>
</project>
Modified: trunk/cms/src/main/org/jboss/portal/cms/impl/jcr/command/ACLEnforcer.java
===================================================================
--- trunk/cms/src/main/org/jboss/portal/cms/impl/jcr/command/ACLEnforcer.java 2007-09-04
19:09:45 UTC (rev 8153)
+++ trunk/cms/src/main/org/jboss/portal/cms/impl/jcr/command/ACLEnforcer.java 2007-09-04
19:20:16 UTC (rev 8154)
@@ -371,11 +371,26 @@
while(st.hasMoreTokens())
{
String token = st.nextToken();
- list.add(new String(buffer.append("/").append(token)));
+
+ buffer.append(token);
+ list.add(buffer.toString());
+
+ //Make sure only path leading up to the resource is checked against.
+ //Not on the full path to the resource...
+ //Because if that was the case, the specificPermissions would have been
applied
+ //in earlier checks...This is to check the recursive application of
permissions
+ //to the resource in question
+ if(st.hasMoreTokens())
+ {
+ buffer.append("/");
+ }
+ else
+ {
+ continue;
+ }
}
boolean explicitPermissionsFound = false;
-
Iterator it = list.iterator();
while (it.hasNext())
{
@@ -399,8 +414,8 @@
for(Iterator itr2=userPermissions.iterator();itr2.hasNext();)
{
Permission userPermission = (Permission)itr2.next();
- if( userPermission.getService().equals("cms")
&&
- this.isActionImplied(userPermission.getAction(),action)
+ if( userPermission.getService().equals("cms")
&&
+ this.isActionImplied(userPermission.getAction(),action)
)
{
String pathCriteria =
userPermission.findCriteriaValue("path");
Modified: trunk/cms/src/main/org/jboss/portal/test/cms/security/IdentityDataLoader.java
===================================================================
---
trunk/cms/src/main/org/jboss/portal/test/cms/security/IdentityDataLoader.java 2007-09-04
19:09:45 UTC (rev 8153)
+++
trunk/cms/src/main/org/jboss/portal/test/cms/security/IdentityDataLoader.java 2007-09-04
19:20:16 UTC (rev 8154)
@@ -146,12 +146,25 @@
//
user.getRoles().add(userRole);
userRole.getUsers().add(user);
+
+ //Another admin user besides the core admin user
+ HibernateUserImpl sysAdmin = new HibernateUserImpl("sysadmin");
+
sysAdmin.setPassword(org.jboss.portal.common.util.Tools.md5AsHexString("sysadmin"));
+ sysAdmin.setRealEmail("sysadmin(a)portal.com");
+ sysAdmin.setViewRealEmail(true);
+ sysAdmin.setEnabled(true);
//
+ //
+ sysAdmin.getRoles().add(adminRole);
+ adminRole.getUsers().add(sysAdmin);
+
+ //
session.save(adminRole);
session.save(userRole);
session.save(admin);
session.save(user);
+ session.save(sysAdmin);
success = true;
}
Modified: trunk/cms/src/main/org/jboss/portal/test/cms/security/TestWriteAccess.java
===================================================================
--- trunk/cms/src/main/org/jboss/portal/test/cms/security/TestWriteAccess.java 2007-09-04
19:09:45 UTC (rev 8153)
+++ trunk/cms/src/main/org/jboss/portal/test/cms/security/TestWriteAccess.java 2007-09-04
19:20:16 UTC (rev 8154)
@@ -45,6 +45,7 @@
{
String rejectPath = "/default/private";
String allowedPath = "/default/images";
+ String rootFolderPath = "/";
/**
*
@@ -101,6 +102,24 @@
/**
*
+ * @return
+ */
+ private Folder getNewRootFolder()
+ {
+ //create folder object
+ Folder folder = new FolderImpl();
+ folder.setCreationDate(new Date());
+ folder.setDescription("Folder Description");
+ folder.setTitle("Folder Title");
+ folder.setLastModified(new Date());
+ folder.setName("Unit Test");
+ folder.setBasePath(this.rootFolderPath+folder.getName());
+
+ return folder;
+ }
+
+ /**
+ *
* @param folder
* @return
*/
@@ -293,5 +312,66 @@
String cmeMessage = cme.toString();
assertTrue(cmeMessage.indexOf("Access to this resource is denied") ==
-1);
}
+
+ //now run against scenario where access should be granted for a registered user
+ //for anonymous, this should still result in an access denied
+ try
+ {
+ this.runWriteScenario(this.getNewRootFolder());
+ }
+ catch (CMSException cme)
+ {
+ // assert and make sure access was granted
+ String cmeMessage = cme.toString();
+ assertTrue(cmeMessage.indexOf("Access to this resource is denied") ==
-1);
+ }
}
+
+ /**
+ *
+ * @throws Exception
+ */
+ public void testSysAdmin() throws Exception
+ {
+ this.runAs("sysadmin");
+
+ // first run against non-access scenario
+ try
+ {
+ this.runWriteScenario(this.getNewProtectedFolder());
+ }
+ catch (CMSException cme)
+ {
+ // assert and make sure access was not granted
+ String cmeMessage = cme.toString();
+ assertTrue(cmeMessage.indexOf("Access to this resource is denied") ==
-1);
+ }
+
+ // now run against scenario where access should be granted for a registered user
+ //for anonymous, this should still result in an access denied
+ try
+ {
+ this.runWriteScenario(this.getNewPublicFolder());
+ }
+ catch (CMSException cme)
+ {
+ // assert and make sure access was granted
+ String cmeMessage = cme.toString();
+ assertTrue(cmeMessage.indexOf("Access to this resource is denied") ==
-1);
+ }
+
+
+ //now run against scenario where access should be granted for a registered user
+ //for anonymous, this should still result in an access denied
+ try
+ {
+ this.runWriteScenario(this.getNewRootFolder());
+ }
+ catch (CMSException cme)
+ {
+ // assert and make sure access was granted
+ String cmeMessage = cme.toString();
+ assertTrue(cmeMessage.indexOf("Access to this resource is denied") ==
-1);
+ }
+ }
}
Property changes on: trunk/core-wsrp
___________________________________________________________________
Name: svn:ignore
+ output
Property changes on: trunk/thirdparty
___________________________________________________________________
Name: svn:ignore
- antlr
*.ent
+ antlr
*.ent
*
Show replies by date