Changeset 29101

Show
Ignore:
Timestamp:
01/17/08 15:14:05 (11 months ago)
Author:
ogrisel
Message:

fix ACPImpl implementation details to make more intuitive: see NXP-1944 and NXP-1945 for the details

Files:

Legend:

Unmodified
Added
Removed
Modified
Copied
Moved

  • org.nuxeo.ecm.core/branches/1.4/nuxeo-core-api/src/main/java/org/nuxeo/ecm/core/api/security/impl/ACPImpl.java

    r28329 r29101  
    5252    private transient Map<String, Access> cache; 
    5353 
    54  
    5554    public ACPImpl() { 
    5655        owners = new ArrayList<String>(); 
     
    9291     */ 
    9392    public void addACL(ACL acl) { 
    94         // replace existing ACL having the same name if any 
    9593        ACL oldACL = getACL(acl.getName()); 
    96         if (oldACL != null) { 
    97             oldACL.clear(); 
    98             oldACL.addAll(acl); 
    99         } else { 
    100             acls.add(acl); 
    101         } 
     94        if (acl != null && !acl.equals(oldACL)) { 
     95            // replace existing ACL instance different from acl having the same 
     96            // name if any 
     97            if (oldACL != null) { 
     98                oldACL.clear(); 
     99                oldACL.addAll(acl); 
     100            } else { 
     101                acls.add(acl); 
     102            } 
     103        } 
     104        // if oldACL and ACL are the same instance, we just need to clear 
     105        // the cache 
    102106        cache.clear(); 
    103107    } 
     
    270274        ACL acl = getACL(name); 
    271275        if (acl == null) { 
    272             return new ACLImpl(name); 
     276            acl = new ACLImpl(name); 
     277            addACL(acl); 
    273278        } 
    274279        return acl; 

  • org.nuxeo.ecm.core/branches/1.4/nuxeo-core-api/src/test/java/org/nuxeo/ecm/core/api/security/TestACP.java

    r28478 r29101  
    102102 
    103103        assertEquals(Access.GRANT, acp.getAccess("joe", SecurityConstants.READ)); 
    104         assertEquals(Access.UNKNOWN, acp.getAccess("joe", SecurityConstants.RESTRICTED_READ)); 
    105         assertEquals(Access.UNKNOWN, acp.getAccess("jack", SecurityConstants.READ)); 
     104        assertEquals(Access.UNKNOWN, acp.getAccess("joe", 
     105                SecurityConstants.RESTRICTED_READ)); 
     106        assertEquals(Access.UNKNOWN, acp.getAccess("jack", 
     107                SecurityConstants.READ)); 
    106108    } 
    107109 
     
    134136    } 
    135137 
     138    public void testGetOrCreateAcl() { 
     139        // create ACL with name ACL.LOCAL_ACL 
     140        ACL createdAcl = acp.getOrCreateACL(); 
     141        createdAcl.add(new ACE("john", "Sing", true)); 
     142        createdAcl.add(new ACE("anne", "Joke", false)); 
     143 
     144        // check that the ACP has already been affected by the ACL editing 
     145        assertTrue(acp.getAccess("john", "Sing").toBoolean()); 
     146        assertFalse(acp.getAccess("anne", "Joke").toBoolean()); 
     147 
     148        // check that by fetching the acl again we get the same instance 
     149        ACL fetchedAcl = acp.getOrCreateACL(); 
     150        assertEquals(createdAcl, fetchedAcl); 
     151        assertTrue(acp.getAccess("john", "Sing").toBoolean()); 
     152        assertFalse(acp.getAccess("anne", "Joke").toBoolean()); 
     153 
     154        // check that setting the same ACL again does not clear it 
     155        acp.addACL(fetchedAcl); 
     156        assertEquals(createdAcl, fetchedAcl); 
     157        assertTrue(acp.getAccess("john", "Sing").toBoolean()); 
     158        assertFalse(acp.getAccess("anne", "Joke").toBoolean()); 
     159 
     160        // check that setting an empty ACL with the same name clear the 
     161        // permissions 
     162        acp.addACL(new ACLImpl(ACL.LOCAL_ACL)); 
     163        assertFalse(acp.getAccess("john", "Sing").toBoolean()); 
     164    } 
     165 
    136166}