Author: sohil.shah(a)jboss.com Date: 2007-09-04 13:45:33 -0400 (Tue, 04 Sep 2007) New Revision: 8152 Modified: branches/JBoss_Portal_Branch_2_6/ branches/JBoss_Portal_Branch_2_6/cms/build.xml branches/JBoss_Portal_Branch_2_6/cms/src/main/org/jboss/portal/cms/impl/jcr/command/ACLEnforcer.java branches/JBoss_Portal_Branch_2_6/cms/src/main/org/jboss/portal/test/cms/security/IdentityDataLoader.java branches/JBoss_Portal_Branch_2_6/cms/src/main/org/jboss/portal/test/cms/security/TestWriteAccess.java branches/JBoss_Portal_Branch_2_6/thirdparty/ Log: JBPORTAL-1668 - A user with "Administrator" privileges is not able to create resources at the root level of the CMS repo. Bug fix so that cms testsuite runs with no errors on all cms security scenarios. Property changes on: branches/JBoss_Portal_Branch_2_6 ___________________________________________________________________ Name: svn:ignore - .project .classpath thirdparty eclipseBin myworkspace bin *.settings miscellaneous local-tests + .project .classpath thirdparty eclipseBin myworkspace bin *.settings miscellaneous local-tests localbin Modified: branches/JBoss_Portal_Branch_2_6/cms/build.xml =================================================================== --- branches/JBoss_Portal_Branch_2_6/cms/build.xml 2007-09-04 17:27:52 UTC (rev 8151) +++ branches/JBoss_Portal_Branch_2_6/cms/build.xml 2007-09-04 17:45:33 UTC (rev 8152) @@ -405,11 +405,11 @@ </target> <target name="tests" depends="init"> <execute-tests> - <x-sysproperty> + <x-sysproperty> <!-- <jvmarg value="-Xdebug"/> <jvmarg value="-Xrunjdwp:transport=dt_socket,address=8787,server=y,suspend=y"/> - --> + --> </x-sysproperty> <x-test> <!-- general cms setup related tests --> @@ -417,7 +417,6 @@ <test todir="${test.reports}" name="org.jboss.portal.test.cms.TestRepositoryBootStrap"/> <test todir="${test.reports}" name="org.jboss.portal.test.cms.TestRegEx"/> <test todir="${test.reports}" name="org.jboss.portal.test.cms.TestRepositoryUtil"/> - <!-- cms file command tests --> <test todir="${test.reports}" name="org.jboss.portal.test.cms.commands.TestFileCreate"/> @@ -430,7 +429,6 @@ <test todir="${test.reports}" name="org.jboss.portal.test.cms.commands.TestFileCreateFailed"/> <test todir="${test.reports}" name="org.jboss.portal.test.cms.commands.TestFileDelete"/> <test todir="${test.reports}" name="org.jboss.portal.test.cms.commands.TestSearch"/> - <!-- cms folder command tests --> <test todir="${test.reports}" name="org.jboss.portal.test.cms.commands.TestFolderCopy"/> @@ -438,7 +436,6 @@ <test todir="${test.reports}" name="org.jboss.portal.test.cms.commands.TestFolderDelete"/> <test todir="${test.reports}" name="org.jboss.portal.test.cms.commands.TestFolderGet"/> <test todir="${test.reports}" name="org.jboss.portal.test.cms.commands.TestFolderUpdate"/> - <!-- cms fine grained security related tests --> <test todir="${test.reports}" name="org.jboss.portal.test.cms.security.TestReadAccess"/> @@ -446,7 +443,7 @@ <test todir="${test.reports}" name="org.jboss.portal.test.cms.security.TestManageAccess"/> - <!-- cms workflow related tests --> + <!-- cms workflow related tests --> <test todir="${test.reports}" name="org.jboss.portal.test.cms.workflow.TestApprovedPublish"/> <test todir="${test.reports}" name="org.jboss.portal.test.cms.workflow.TestDeniedPublish"/> </x-test> @@ -512,5 +509,16 @@ </fileset> <report format="frames" todir="${build.reports}/html"/> </junitreport> - </target> + </target> + <target name="reports-noframes" depends="init"> + <mkdir dir="${build.reports}"/> + <mkdir dir="${build.reports}/html"/> + <property name="test.reports" value="${module.output}/tests"/> + <junitreport todir="${build.reports}"> + <fileset dir="${test.reports}"> + <include name="TEST-*.xml"/> + </fileset> + <report format="noframes" todir="${build.reports}/html"/> + </junitreport> + </target> </project> Modified: branches/JBoss_Portal_Branch_2_6/cms/src/main/org/jboss/portal/cms/impl/jcr/command/ACLEnforcer.java =================================================================== --- branches/JBoss_Portal_Branch_2_6/cms/src/main/org/jboss/portal/cms/impl/jcr/command/ACLEnforcer.java 2007-09-04 17:27:52 UTC (rev 8151) +++ branches/JBoss_Portal_Branch_2_6/cms/src/main/org/jboss/portal/cms/impl/jcr/command/ACLEnforcer.java 2007-09-04 17:45:33 UTC (rev 8152) @@ -371,11 +371,26 @@ while(st.hasMoreTokens()) { String token = st.nextToken(); - list.add(new String(buffer.append("/").append(token))); + + buffer.append(token); + list.add(buffer.toString()); + + //Make sure only path leading up to the resource is checked against. + //Not on the full path to the resource... + //Because if that was the case, the specificPermissions would have been applied + //in earlier checks...This is to check the recursive application of permissions + //to the resource in question + if(st.hasMoreTokens()) + { + buffer.append("/"); + } + else + { + continue; + } } boolean explicitPermissionsFound = false; - Iterator it = list.iterator(); while (it.hasNext()) { Modified: branches/JBoss_Portal_Branch_2_6/cms/src/main/org/jboss/portal/test/cms/security/IdentityDataLoader.java =================================================================== --- branches/JBoss_Portal_Branch_2_6/cms/src/main/org/jboss/portal/test/cms/security/IdentityDataLoader.java 2007-09-04 17:27:52 UTC (rev 8151) +++ branches/JBoss_Portal_Branch_2_6/cms/src/main/org/jboss/portal/test/cms/security/IdentityDataLoader.java 2007-09-04 17:45:33 UTC (rev 8152) @@ -146,12 +146,25 @@ // user.getRoles().add(userRole); userRole.getUsers().add(user); + + //Another admin user besides the core admin user + HibernateUserImpl sysAdmin = new HibernateUserImpl("sysadmin"); + sysAdmin.setPassword(org.jboss.portal.common.util.Tools.md5AsHexString("sysadmin")); + sysAdmin.setRealEmail(&quot;sysadmin(a)portal.com&quot;); + sysAdmin.setViewRealEmail(true); + sysAdmin.setEnabled(true); // + // + sysAdmin.getRoles().add(adminRole); + adminRole.getUsers().add(sysAdmin); + + // session.save(adminRole); session.save(userRole); session.save(admin); session.save(user); + session.save(sysAdmin); success = true; } Modified: branches/JBoss_Portal_Branch_2_6/cms/src/main/org/jboss/portal/test/cms/security/TestWriteAccess.java =================================================================== --- branches/JBoss_Portal_Branch_2_6/cms/src/main/org/jboss/portal/test/cms/security/TestWriteAccess.java 2007-09-04 17:27:52 UTC (rev 8151) +++ branches/JBoss_Portal_Branch_2_6/cms/src/main/org/jboss/portal/test/cms/security/TestWriteAccess.java 2007-09-04 17:45:33 UTC (rev 8152) @@ -45,6 +45,7 @@ { String rejectPath = "/default/private"; String allowedPath = "/default/images"; + String rootFolderPath = "/"; /** * @@ -101,6 +102,24 @@ /** * + * @return + */ + private Folder getNewRootFolder() + { + //create folder object + Folder folder = new FolderImpl(); + folder.setCreationDate(new Date()); + folder.setDescription("Folder Description"); + folder.setTitle("Folder Title"); + folder.setLastModified(new Date()); + folder.setName("Unit Test"); + folder.setBasePath(this.rootFolderPath+folder.getName()); + + return folder; + } + + /** + * * @param folder * @return */ @@ -293,5 +312,66 @@ String cmeMessage = cme.toString(); assertTrue(cmeMessage.indexOf("Access to this resource is denied") == -1); } + + //now run against scenario where access should be granted for a registered user + //for anonymous, this should still result in an access denied + try + { + this.runWriteScenario(this.getNewRootFolder()); + } + catch (CMSException cme) + { + // assert and make sure access was granted + String cmeMessage = cme.toString(); + assertTrue(cmeMessage.indexOf("Access to this resource is denied") == -1); + } } + + /** + * + * @throws Exception + */ + public void testSysAdmin() throws Exception + { + this.runAs("sysadmin"); + + // first run against non-access scenario + try + { + this.runWriteScenario(this.getNewProtectedFolder()); + } + catch (CMSException cme) + { + // assert and make sure access was not granted + String cmeMessage = cme.toString(); + assertTrue(cmeMessage.indexOf("Access to this resource is denied") == -1); + } + + // now run against scenario where access should be granted for a registered user + //for anonymous, this should still result in an access denied + try + { + this.runWriteScenario(this.getNewPublicFolder()); + } + catch (CMSException cme) + { + // assert and make sure access was granted + String cmeMessage = cme.toString(); + assertTrue(cmeMessage.indexOf("Access to this resource is denied") == -1); + } + + + //now run against scenario where access should be granted for a registered user + //for anonymous, this should still result in an access denied + try + { + this.runWriteScenario(this.getNewRootFolder()); + } + catch (CMSException cme) + { + // assert and make sure access was granted + String cmeMessage = cme.toString(); + assertTrue(cmeMessage.indexOf("Access to this resource is denied") == -1); + } + } } Property changes on: branches/JBoss_Portal_Branch_2_6/thirdparty ___________________________________________________________________ Name: svn:ignore + *