Index: src/test/java/org/apache/jackrabbit/core/security/user/UserManagerImplTest.java =================================================================== --- src/test/java/org/apache/jackrabbit/core/security/user/UserManagerImplTest.java (revision 1370784) +++ src/test/java/org/apache/jackrabbit/core/security/user/UserManagerImplTest.java (working copy) @@ -34,6 +34,8 @@ import javax.jcr.Session; import javax.jcr.SimpleCredentials; import javax.jcr.Value; +import javax.jcr.PathNotFoundException; +import javax.jcr.security.AccessControlManager; import java.security.Principal; import java.util.ArrayList; import java.util.HashMap; @@ -617,6 +619,103 @@ } } + /** + * @see https://issues.apache.org/jira/browse/JCR-3412 + */ + public void testFindUserReducedACLs() throws RepositoryException, + NotExecutableException { + Principal p = getTestPrincipal(); + String uid = getTestUserId(p); + String pw = buildPassword(uid); + String path = UserConstants.SECURITY_ROOT_PATH; + String wsName = "security"; + + User u = null; + Session uSession = null; + Session uAdmSession = null; + try { + u = userMgr.createUser(uid, pw, p, null); + save(superuser); + + uSession = superuser.getRepository().login( + new SimpleCredentials(uid, pw.toCharArray()), wsName); + + // Query q = uSession.getWorkspace().getQueryManager() + // .createQuery("//element(*,rep:User)", Query.XPATH); + // NodeIterator iter = q.execute().getNodes(); + // while (iter.hasNext()) { + // System.out.println(iter.nextNode().getPath()); + // } + + boolean found = false; + UserManager uMgr = getUserManager(uSession); + Iterator it = uMgr.findAuthorizables(p.getName(), + null, UserManager.SEARCH_TYPE_USER); + while (it.hasNext()) { + Authorizable authorizable = it.next(); + if (uid.equals(authorizable.getID())) { + found = true; + break; + } + } + assertTrue( + "Searching for authorizables must find the created user - before tweaking acls.", + found); + + // ---- TODO remove read access + uAdmSession = getHelper().getSuperuserSession(wsName); + AccessControlManager acMgr = uAdmSession.getAccessControlManager(); + + // v1 #getApplicablePolicies -> empty iterator + // AccessControlPolicyIterator acpi = + // acMgr.getApplicablePolicies(path); + + // v2 #getPolicies -> empty AccessControlPolicy[] + // AccessControlPolicy[] acpa = acMgr.getPolicies(path); + + // v3 getEffectivePolicies + // acMgr.removePolicy(path, acMgr.getEffectivePolicies(path)[0]); + // -> javax.jcr.UnsupportedRepositoryOperationException: Removal of + // AccessControlPolicies is not supported. + // ---- + + // must not have read access + try { + uSession.getNode(path); + fail("session must not have read access to path " + path); + } catch (PathNotFoundException e) { + // good + } + + // check authorizables again + found = false; + it = uMgr.findAuthorizables(p.getName(), null, + UserManager.SEARCH_TYPE_USER); + while (it.hasNext()) { + Authorizable authorizable = it.next(); + if (uid.equals(authorizable.getID())) { + found = true; + break; + } + } + assertTrue( + "Searching for authorizables must find the created user - after tweaking acls.", + found); + + } finally { + if (uSession != null) { + uSession.logout(); + } + if (u != null) { + u.remove(); + save(superuser); + } + if (uAdmSession != null) { + uAdmSession.logout(); + } + } + } + public void testFindGroup() throws RepositoryException, NotExecutableException { Group gr = null; try {