Author: sohil.shah(a)jboss.com
Date: 2007-05-30 17:23:17 -0400 (Wed, 30 May 2007)
New Revision: 7365
Modified:
trunk/cms/src/main/org/jboss/portal/cms/impl/jcr/command/ACLEnforcer.java
trunk/cms/src/main/org/jboss/portal/test/cms/security/TestManageAccess.java
trunk/cms/src/resources/portal-cms-jar/org/jboss/portal/cms/jboss-beans-security.xml
Log:
incorporating patch for move and copy commands jump the permissions - JBPORTAL-1465
Modified: trunk/cms/src/main/org/jboss/portal/cms/impl/jcr/command/ACLEnforcer.java
===================================================================
--- trunk/cms/src/main/org/jboss/portal/cms/impl/jcr/command/ACLEnforcer.java 2007-05-30
18:59:23 UTC (rev 7364)
+++ trunk/cms/src/main/org/jboss/portal/cms/impl/jcr/command/ACLEnforcer.java 2007-05-30
21:23:17 UTC (rev 7365)
@@ -285,18 +285,29 @@
if(command instanceof CopyCommand)
{
path = ((CopyCommand)command).msFromPath;
+ hasManageAccess = this.computeAccess(user,path,"manage");
+ if(hasManageAccess)
+ {
+ path = ((CopyCommand)command).msToPath;
+ hasManageAccess = this.computeAccess(user,path,"manage");
+ }
}
else if(command instanceof DeleteCommand)
{
path = ((DeleteCommand)command).msPath;
+ hasManageAccess = this.computeAccess(user,path,"manage");
}
else if(command instanceof MoveCommand)
{
path = ((MoveCommand)command).msFromPath;
+ hasManageAccess = this.computeAccess(user,path,"manage");
+ if(hasManageAccess)
+ {
+ path = ((MoveCommand)command).msToPath;
+ hasManageAccess = this.computeAccess(user,path,"manage");
+ }
}
-
- hasManageAccess = this.computeAccess(user,path,"manage");
-
+
return hasManageAccess;
}
//-----------------------------------------------------------------------------------------------------------------------------------------
Modified: trunk/cms/src/main/org/jboss/portal/test/cms/security/TestManageAccess.java
===================================================================
--- trunk/cms/src/main/org/jboss/portal/test/cms/security/TestManageAccess.java 2007-05-30
18:59:23 UTC (rev 7364)
+++ trunk/cms/src/main/org/jboss/portal/test/cms/security/TestManageAccess.java 2007-05-30
21:23:17 UTC (rev 7365)
@@ -40,6 +40,9 @@
{
String rejectPath = "/default/private";
String allowedPath = "/default/images";
+ String supportPath = "/default/support.html";
+ String copyPath = "/support.html";
+
/**
*
@@ -94,7 +97,7 @@
return folder;
}
-
+
/**
*
*
@@ -139,8 +142,7 @@
Folder deletedFolder = (Folder)this.service.execute(get);
assertNull(deletedFolder);
}
-
-
+
/**
*
* @throws Exception
@@ -246,4 +248,78 @@
assertTrue(cmeMessage.indexOf("Access to this resource is denied") ==
-1);
}
}
+
+ /**
+ *
+ * @throws Exception
+ */
+ public void testCopyToDeniedDestination() throws Exception
+ {
+ this.runAs("user");
+
+ //Copy the file to the folder
+ try
+ {
+ Command copyCommand =
this.service.getCommandFactory().createCopyCommand(this.supportPath,this.copyPath);
+ this.service.execute(copyCommand);
+
+ //Make sure copy operation did not happen
+ //I should not get here
+ assertTrue(false);
+ }
+ catch(CMSException cme)
+ {
+ String cmeMessage = cme.toString();
+ if(cmeMessage.indexOf("Access to this resource is denied") != -1)
+ {
+ //Make sure copy operation did not happen
+ Command exists =
(Command)this.service.getCommandFactory().createItemExistsCommand(this.copyPath);
+ boolean existsValue =
((Boolean)this.service.execute(exists)).booleanValue();
+ assertFalse(existsValue);
+ }
+ else
+ {
+ throw cme;
+ }
+ }
+ }
+
+ /**
+ *
+ * @throws Exception
+ */
+ public void testMoveToDeniedDestination() throws Exception
+ {
+ this.runAs("user");
+
+ //Move the file from the folder
+ try
+ {
+ Command moveCommand =
this.service.getCommandFactory().createMoveCommand(this.supportPath,this.copyPath);
+ this.service.execute(moveCommand);
+
+ //Make sure copy operation did not happen
+ //I should not get here
+ assertTrue(false);
+ }
+ catch(CMSException cme)
+ {
+ String cmeMessage = cme.toString();
+ if(cmeMessage.indexOf("Access to this resource is denied") != -1)
+ {
+ //Make sure move operation didnot happen
+ Command exists =
(Command)this.service.getCommandFactory().createItemExistsCommand(this.copyPath);
+ boolean existsValue =
((Boolean)this.service.execute(exists)).booleanValue();
+ assertFalse(existsValue);
+
+ exists =
(Command)this.service.getCommandFactory().createItemExistsCommand(this.supportPath);
+ existsValue = ((Boolean)this.service.execute(exists)).booleanValue();
+ assertTrue(existsValue);
+ }
+ else
+ {
+ throw cme;
+ }
+ }
+ }
}
Modified:
trunk/cms/src/resources/portal-cms-jar/org/jboss/portal/cms/jboss-beans-security.xml
===================================================================
---
trunk/cms/src/resources/portal-cms-jar/org/jboss/portal/cms/jboss-beans-security.xml 2007-05-30
18:59:23 UTC (rev 7364)
+++
trunk/cms/src/resources/portal-cms-jar/org/jboss/portal/cms/jboss-beans-security.xml 2007-05-30
21:23:17 UTC (rev 7365)
@@ -121,13 +121,21 @@
<permission name="cms" action="manage">
<role name="Admin"/>
</permission>
- </criteria>
+ </criteria>
<!-- permissions on the private/protected node -->
<criteria name="path" value="/default/private">
<permission name="cms" action="manage">
<role name="Admin"/>
</permission>
</criteria>
+ <!--
+ permissions on the /default/support.html node used to test atomicity of
copy/move operations
+ -->
+ <criteria name="path" value="/default/support.html">
+ <permission name="cms" action="manage">
+ <role name="User"/>
+ </permission>
+ </criteria>
</policy>
]]>
</property>
Show replies by date