Index: vault-core/src/test/resources/org/apache/jackrabbit/vault/packaging/integration/testpackages/ace_order_overwrite.zip/jcr_root/testroot/secured/.content.xml
IDEA additional info:
Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP
<+>UTF-8
===================================================================
--- vault-core/src/test/resources/org/apache/jackrabbit/vault/packaging/integration/testpackages/ace_order_overwrite.zip/jcr_root/testroot/secured/.content.xml (revision )
+++ vault-core/src/test/resources/org/apache/jackrabbit/vault/packaging/integration/testpackages/ace_order_overwrite.zip/jcr_root/testroot/secured/.content.xml (revision )
@@ -0,0 +1,4 @@
+
+
Index: vault-core/src/test/resources/org/apache/jackrabbit/vault/packaging/integration/testpackages/ace_order_overwrite.zip/META-INF/vault/nodetypes.cnd
IDEA additional info:
Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP
<+>UTF-8
===================================================================
--- vault-core/src/test/resources/org/apache/jackrabbit/vault/packaging/integration/testpackages/ace_order_overwrite.zip/META-INF/vault/nodetypes.cnd (revision )
+++ vault-core/src/test/resources/org/apache/jackrabbit/vault/packaging/integration/testpackages/ace_order_overwrite.zip/META-INF/vault/nodetypes.cnd (revision )
@@ -0,0 +1,8 @@
+<'sling'='http://sling.apache.org/jcr/sling/1.0'>
+<'nt'='http://www.jcp.org/jcr/nt/1.0'>
+
+[sling:Folder] > nt:folder
+ - * (undefined)
+ - * (undefined) multiple
+ + * (nt:base) = sling:Folder version
+
Index: vault-core/src/test/resources/org/apache/jackrabbit/vault/packaging/integration/testpackages/ace_order_overwrite.zip/META-INF/vault/definition/.content.xml
IDEA additional info:
Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP
<+>UTF-8
===================================================================
--- vault-core/src/test/resources/org/apache/jackrabbit/vault/packaging/integration/testpackages/ace_order_overwrite.zip/META-INF/vault/definition/.content.xml (revision )
+++ vault-core/src/test/resources/org/apache/jackrabbit/vault/packaging/integration/testpackages/ace_order_overwrite.zip/META-INF/vault/definition/.content.xml (revision )
@@ -0,0 +1,32 @@
+
+
+
+
+
+
+
Index: vault-core/src/test/resources/org/apache/jackrabbit/vault/packaging/integration/testpackages/ace_order_overwrite.zip/META-INF/vault/properties.xml
IDEA additional info:
Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP
<+>UTF-8
===================================================================
--- vault-core/src/test/resources/org/apache/jackrabbit/vault/packaging/integration/testpackages/ace_order_overwrite.zip/META-INF/vault/properties.xml (revision )
+++ vault-core/src/test/resources/org/apache/jackrabbit/vault/packaging/integration/testpackages/ace_order_overwrite.zip/META-INF/vault/properties.xml (revision )
@@ -0,0 +1,19 @@
+
+
+
+FileVault Package Properties
+admin
+mode_ac_test_a
+2011-11-15T09:43:22.972+01:00
+admin
+2011-11-15T09:43:22.993+01:00
+1
+
+
+2
+
+2011-11-15T09:43:22.972+01:00
+
+admin
+overwrite
+
Index: vault-core/src/test/resources/org/apache/jackrabbit/vault/packaging/integration/testpackages/ace_order_overwrite.zip/jcr_root/.content.xml
IDEA additional info:
Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP
<+>UTF-8
===================================================================
--- vault-core/src/test/resources/org/apache/jackrabbit/vault/packaging/integration/testpackages/ace_order_overwrite.zip/jcr_root/.content.xml (revision )
+++ vault-core/src/test/resources/org/apache/jackrabbit/vault/packaging/integration/testpackages/ace_order_overwrite.zip/jcr_root/.content.xml (revision )
@@ -0,0 +1,17 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
Index: vault-core/src/main/java/org/apache/jackrabbit/vault/fs/impl/io/JackrabbitACLImporter.java
IDEA additional info:
Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP
<+>UTF-8
===================================================================
--- vault-core/src/main/java/org/apache/jackrabbit/vault/fs/impl/io/JackrabbitACLImporter.java (revision 1832430)
+++ vault-core/src/main/java/org/apache/jackrabbit/vault/fs/impl/io/JackrabbitACLImporter.java (revision )
@@ -134,13 +134,14 @@
states.push(state);
}
- private static ACE addACE(Map> map, ACE ace) {
+ private static ACE addACE(Map> map, List l, ACE ace) {
List list = map.get(ace.principalName);
if (list == null) {
list = new ArrayList();
map.put(ace.principalName, list);
}
list.add(ace);
+ l.add(ace);
return ace;
}
@@ -215,6 +216,7 @@
private final class ImportedAcList extends ImportedPolicy {
private Map> aceMap = new LinkedHashMap>();
+ private List aceList = new ArrayList<>();
private ACE currentACE;
private ImportedAcList() {
@@ -224,7 +226,7 @@
State append(State state, DocViewNode childNode) {
if (state == State.ACL) {
try {
- currentACE = addACE(aceMap, new ACE(childNode));
+ currentACE = addACE(aceMap, aceList, new ACE(childNode));
return State.ACE;
} catch (IllegalArgumentException e) {
log.error("Error while reading access control content: {}", e);
@@ -282,38 +284,36 @@
}
// apply ACEs of package
- for (Map.Entry> entry: aceMap.entrySet()) {
- final String principalName = entry.getKey();
+ for (ACE ace : aceList) {
+ final String principalName = ace.principalName;
if (aclHandling == AccessControlHandling.MERGE_PRESERVE && existingPrincipals.contains(principalName)) {
// skip principal if it already has an ACL
continue;
}
Principal principal = getPrincipal(principalName);
- for (ACE ace: entry.getValue()) {
- Privilege[] privileges = new Privilege[ace.privileges.length];
- for (int i = 0; i < privileges.length; i++) {
- privileges[i] = acMgr.privilegeFromName(ace.privileges[i]);
- }
- Map svRestrictions = new HashMap();
- Map mvRestrictions = new HashMap();
- for (String restName : acl.getRestrictionNames()) {
- DocViewProperty restriction = ace.restrictions.get(restName);
- if (restriction != null) {
- Value[] values = new Value[restriction.values.length];
- int type = acl.getRestrictionType(restName);
- for (int i=0; i svRestrictions = new HashMap();
+ Map mvRestrictions = new HashMap();
+ for (String restName : acl.getRestrictionNames()) {
+ DocViewProperty restriction = ace.restrictions.get(restName);
+ if (restriction != null) {
+ Value[] values = new Value[restriction.values.length];
+ int type = acl.getRestrictionType(restName);
+ for (int i=0; iUTF-8
===================================================================
--- vault-core/src/test/resources/org/apache/jackrabbit/vault/packaging/integration/testpackages/ace_order_overwrite.zip/META-INF/vault/filter.xml (revision )
+++ vault-core/src/test/resources/org/apache/jackrabbit/vault/packaging/integration/testpackages/ace_order_overwrite.zip/META-INF/vault/filter.xml (revision )
@@ -0,0 +1,4 @@
+
+
+
+
Index: vault-core/src/test/resources/org/apache/jackrabbit/vault/packaging/integration/testpackages/ace_order_overwrite.zip/jcr_root/testroot/secured/_rep_policy.xml
IDEA additional info:
Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP
<+>UTF-8
===================================================================
--- vault-core/src/test/resources/org/apache/jackrabbit/vault/packaging/integration/testpackages/ace_order_overwrite.zip/jcr_root/testroot/secured/_rep_policy.xml (revision )
+++ vault-core/src/test/resources/org/apache/jackrabbit/vault/packaging/integration/testpackages/ace_order_overwrite.zip/jcr_root/testroot/secured/_rep_policy.xml (revision )
@@ -0,0 +1,28 @@
+
+
+
+
+
+
+
+
+
+
+
+
Index: vault-core/src/test/java/org/apache/jackrabbit/vault/packaging/integration/TestAceOrder.java
IDEA additional info:
Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP
<+>UTF-8
===================================================================
--- vault-core/src/test/java/org/apache/jackrabbit/vault/packaging/integration/TestAceOrder.java (revision )
+++ vault-core/src/test/java/org/apache/jackrabbit/vault/packaging/integration/TestAceOrder.java (revision )
@@ -0,0 +1,111 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.vault.packaging.integration;
+
+import java.security.Principal;
+import java.util.List;
+import javax.annotation.Nonnull;
+import javax.jcr.Node;
+import javax.jcr.ValueFactory;
+import javax.jcr.security.AccessControlEntry;
+import javax.jcr.security.AccessControlManager;
+import javax.jcr.security.Privilege;
+
+import com.google.common.collect.ImmutableList;
+import com.google.common.collect.ImmutableMap;
+import org.apache.jackrabbit.api.JackrabbitSession;
+import org.apache.jackrabbit.api.security.JackrabbitAccessControlList;
+import org.apache.jackrabbit.api.security.user.Authorizable;
+import org.apache.jackrabbit.api.security.user.User;
+import org.apache.jackrabbit.api.security.user.UserManager;
+import org.apache.jackrabbit.commons.jackrabbit.authorization.AccessControlUtils;
+import org.junit.Ignore;
+import org.junit.Test;
+
+import static org.junit.Assert.assertEquals;
+
+/**
+ * Test if order of ACE is preserved upon import
+ */
+public class TestAceOrder extends IntegrationTestBase {
+
+ private final static String NAME_TEST_USER = "testuser";
+
+ private UserManager uMgr;
+ private AccessControlManager acMgr;
+
+ private List expectedEntries;
+
+ @Override
+ public void setUp() throws Exception {
+ super.setUp();
+ uMgr = ((JackrabbitSession) admin).getUserManager();
+ User testuser = uMgr.createUser(NAME_TEST_USER, null);
+ admin.save();
+
+ acMgr = admin.getAccessControlManager();
+
+ Node tmp = admin.getRootNode().addNode("testroot").addNode("secured");
+ JackrabbitAccessControlList list = AccessControlUtils.getAccessControlList(acMgr, tmp.getPath());
+ Privilege[] writePrivilege = AccessControlUtils.privilegesFromNames(acMgr, Privilege.JCR_WRITE);
+ ValueFactory vf = admin.getValueFactory();
+ Principal everyone = ((JackrabbitSession) admin).getPrincipalManager().getEveryone();
+ list.addEntry(everyone, writePrivilege, true, ImmutableMap.of("rep:glob", vf.createValue("/foo")));
+ list.addEntry(testuser.getPrincipal(), writePrivilege, false, ImmutableMap.of("rep:glob", vf.createValue("/foo")));
+ list.addEntry(everyone, writePrivilege, true, ImmutableMap.of("rep:glob", vf.createValue("/bar")));
+ acMgr.setPolicy(tmp.getPath(), list);
+
+ expectedEntries = ImmutableList.copyOf(list.getAccessControlEntries());
+
+ admin.refresh(false);
+ }
+
+ @Override
+ public void tearDown() throws Exception {
+ try {
+ if (admin.nodeExists("/testroot")) {
+ admin.getNode("/testroot").remove();
+ admin.save();
+ }
+ Authorizable testUser = uMgr.getAuthorizable(NAME_TEST_USER);
+ if (testUser != null) {
+ testUser.remove();
+ admin.save();
+ }
+ } finally {
+ super.tearDown();
+ }
+ }
+
+ private void assertACEs(@Nonnull String path) throws Exception {
+ JackrabbitAccessControlList list = AccessControlUtils.getAccessControlList(acMgr, path);
+ AccessControlEntry[] entries = list.getAccessControlEntries();
+
+ assertEquals(expectedEntries, ImmutableList.copyOf(entries));
+ }
+
+ @Test
+ public void testHandlingOverwrite() throws Exception {
+ assertNodeMissing("/testroot/secured");
+
+ extractVaultPackage("testpackages/ace_order_overwrite.zip");
+
+ // test if nodes and ACLs of first package exist
+ assertNodeExists("/testroot/secured");
+ assertACEs("/testroot/secured");
+ }
+}
\ No newline at end of file