Author: sohil.shah(a)jboss.com Date: 2007-05-30 17:23:17 -0400 (Wed, 30 May 2007) New Revision: 7365 Modified: trunk/cms/src/main/org/jboss/portal/cms/impl/jcr/command/ACLEnforcer.java trunk/cms/src/main/org/jboss/portal/test/cms/security/TestManageAccess.java trunk/cms/src/resources/portal-cms-jar/org/jboss/portal/cms/jboss-beans-security.xml Log: incorporating patch for move and copy commands jump the permissions - JBPORTAL-1465 Modified: trunk/cms/src/main/org/jboss/portal/cms/impl/jcr/command/ACLEnforcer.java =================================================================== --- trunk/cms/src/main/org/jboss/portal/cms/impl/jcr/command/ACLEnforcer.java 2007-05-30 18:59:23 UTC (rev 7364) +++ trunk/cms/src/main/org/jboss/portal/cms/impl/jcr/command/ACLEnforcer.java 2007-05-30 21:23:17 UTC (rev 7365) @@ -285,18 +285,29 @@ if(command instanceof CopyCommand) { path = ((CopyCommand)command).msFromPath; + hasManageAccess = this.computeAccess(user,path,"manage"); + if(hasManageAccess) + { + path = ((CopyCommand)command).msToPath; + hasManageAccess = this.computeAccess(user,path,"manage"); + } } else if(command instanceof DeleteCommand) { path = ((DeleteCommand)command).msPath; + hasManageAccess = this.computeAccess(user,path,"manage"); } else if(command instanceof MoveCommand) { path = ((MoveCommand)command).msFromPath; + hasManageAccess = this.computeAccess(user,path,"manage"); + if(hasManageAccess) + { + path = ((MoveCommand)command).msToPath; + hasManageAccess = this.computeAccess(user,path,"manage"); + } } - - hasManageAccess = this.computeAccess(user,path,"manage"); - + return hasManageAccess; } //----------------------------------------------------------------------------------------------------------------------------------------- Modified: trunk/cms/src/main/org/jboss/portal/test/cms/security/TestManageAccess.java =================================================================== --- trunk/cms/src/main/org/jboss/portal/test/cms/security/TestManageAccess.java 2007-05-30 18:59:23 UTC (rev 7364) +++ trunk/cms/src/main/org/jboss/portal/test/cms/security/TestManageAccess.java 2007-05-30 21:23:17 UTC (rev 7365) @@ -40,6 +40,9 @@ { String rejectPath = "/default/private"; String allowedPath = "/default/images"; + String supportPath = "/default/support.html"; + String copyPath = "/support.html"; + /** * @@ -94,7 +97,7 @@ return folder; } - + /** * * @@ -139,8 +142,7 @@ Folder deletedFolder = (Folder)this.service.execute(get); assertNull(deletedFolder); } - - + /** * * @throws Exception @@ -246,4 +248,78 @@ assertTrue(cmeMessage.indexOf("Access to this resource is denied") == -1); } } + + /** + * + * @throws Exception + */ + public void testCopyToDeniedDestination() throws Exception + { + this.runAs("user"); + + //Copy the file to the folder + try + { + Command copyCommand = this.service.getCommandFactory().createCopyCommand(this.supportPath,this.copyPath); + this.service.execute(copyCommand); + + //Make sure copy operation did not happen + //I should not get here + assertTrue(false); + } + catch(CMSException cme) + { + String cmeMessage = cme.toString(); + if(cmeMessage.indexOf("Access to this resource is denied") != -1) + { + //Make sure copy operation did not happen + Command exists = (Command)this.service.getCommandFactory().createItemExistsCommand(this.copyPath); + boolean existsValue = ((Boolean)this.service.execute(exists)).booleanValue(); + assertFalse(existsValue); + } + else + { + throw cme; + } + } + } + + /** + * + * @throws Exception + */ + public void testMoveToDeniedDestination() throws Exception + { + this.runAs("user"); + + //Move the file from the folder + try + { + Command moveCommand = this.service.getCommandFactory().createMoveCommand(this.supportPath,this.copyPath); + this.service.execute(moveCommand); + + //Make sure copy operation did not happen + //I should not get here + assertTrue(false); + } + catch(CMSException cme) + { + String cmeMessage = cme.toString(); + if(cmeMessage.indexOf("Access to this resource is denied") != -1) + { + //Make sure move operation didnot happen + Command exists = (Command)this.service.getCommandFactory().createItemExistsCommand(this.copyPath); + boolean existsValue = ((Boolean)this.service.execute(exists)).booleanValue(); + assertFalse(existsValue); + + exists = (Command)this.service.getCommandFactory().createItemExistsCommand(this.supportPath); + existsValue = ((Boolean)this.service.execute(exists)).booleanValue(); + assertTrue(existsValue); + } + else + { + throw cme; + } + } + } } Modified: trunk/cms/src/resources/portal-cms-jar/org/jboss/portal/cms/jboss-beans-security.xml =================================================================== --- trunk/cms/src/resources/portal-cms-jar/org/jboss/portal/cms/jboss-beans-security.xml 2007-05-30 18:59:23 UTC (rev 7364) +++ trunk/cms/src/resources/portal-cms-jar/org/jboss/portal/cms/jboss-beans-security.xml 2007-05-30 21:23:17 UTC (rev 7365) @@ -121,13 +121,21 @@ <permission name="cms" action="manage"> <role name="Admin"/> </permission> - </criteria> + </criteria> <!-- permissions on the private/protected node --> <criteria name="path" value="/default/private"> <permission name="cms" action="manage"> <role name="Admin"/> </permission> </criteria> + <!-- + permissions on the /default/support.html node used to test atomicity of copy/move operations + --> + <criteria name="path" value="/default/support.html"> + <permission name="cms" action="manage"> + <role name="User"/> + </permission> + </criteria> </policy> ]]> </property>