SLING-8619 - RepoInitGrammer: Add repository-level marker to pathsList
diff --git a/pom.xml b/pom.xml
index db46ebd..80e31b0 100644
--- a/pom.xml
+++ b/pom.xml
@@ -253,7 +253,7 @@
<dependency>
<groupId>org.apache.sling</groupId>
<artifactId>org.apache.sling.repoinit.parser</artifactId>
- <version>1.2.4</version>
+ <version>1.2.7-SNAPSHOT</version>
<scope>provided</scope>
</dependency>
<dependency>
diff --git a/src/main/java/org/apache/sling/jcr/repoinit/impl/AclUtil.java b/src/main/java/org/apache/sling/jcr/repoinit/impl/AclUtil.java
index cdbda7a..4128dbb 100644
--- a/src/main/java/org/apache/sling/jcr/repoinit/impl/AclUtil.java
+++ b/src/main/java/org/apache/sling/jcr/repoinit/impl/AclUtil.java
@@ -38,6 +38,7 @@
import org.apache.jackrabbit.api.security.JackrabbitAccessControlManager;
import org.apache.jackrabbit.api.security.user.Authorizable;
import org.apache.jackrabbit.commons.jackrabbit.authorization.AccessControlUtils;
+import org.apache.sling.repoinit.parser.operations.AclLine;
import org.apache.sling.repoinit.parser.operations.RestrictionClause;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -101,10 +102,14 @@
public static void setAcl(Session session, List<String> principals, List<String> paths, List<String> privileges, boolean isAllow, List<RestrictionClause> restrictionClauses)
throws RepositoryException {
for (String path : paths) {
- if(!session.nodeExists(path)) {
- throw new PathNotFoundException("Cannot set ACL on non-existent path " + path);
+ if (AclLine.PATH_REPOSITORY.equals(path)) {
+ setRepositoryAcl(session, principals, privileges, isAllow, restrictionClauses);
+ } else {
+ if (!session.nodeExists(path)) {
+ throw new PathNotFoundException("Cannot set ACL on non-existent path " + path);
+ }
+ setAcl(session, principals, path, privileges, isAllow, restrictionClauses);
}
- setAcl(session, principals, path, privileges, isAllow, restrictionClauses);
}
}
diff --git a/src/test/java/org/apache/sling/jcr/repoinit/GeneralAclTest.java b/src/test/java/org/apache/sling/jcr/repoinit/GeneralAclTest.java
index 92ebdfb..c395f81 100644
--- a/src/test/java/org/apache/sling/jcr/repoinit/GeneralAclTest.java
+++ b/src/test/java/org/apache/sling/jcr/repoinit/GeneralAclTest.java
@@ -27,7 +27,9 @@
import javax.jcr.Session;
import javax.jcr.nodetype.NodeTypeManager;
import javax.jcr.nodetype.NodeTypeTemplate;
+import javax.jcr.security.Privilege;
+import org.apache.jackrabbit.commons.jackrabbit.authorization.AccessControlUtils;
import org.apache.sling.jcr.repoinit.impl.TestUtil;
import org.apache.sling.repoinit.parser.RepoInitParsingException;
import org.apache.sling.testing.mock.sling.ResourceResolverType;
@@ -149,6 +151,41 @@
}
@Test
+ public void addPathAclWithRepositoryPath() throws Exception {
+ final String aclSetup =
+ "set ACL on :repository\n"
+ + "allow jcr:namespaceManagement for "+U.username+"\n"
+ + "end"
+ ;
+
+ U.parseAndExecute(aclSetup);
+ try {
+ s.refresh(false);
+ assertTrue(s.getAccessControlManager().hasPrivileges(null, AccessControlUtils.privilegesFromNames(s, "jcr:namespaceManagement")));
+ } finally {
+ s.logout();
+ }
+ }
+
+ @Test
+ public void addPrincipalAclWithRepositoryPath() throws Exception {
+ final String aclSetup =
+ "set ACL for " + U.username + "\n"
+ + "allow jcr:all on :repository,/\n"
+ + "end"
+ ;
+
+ U.parseAndExecute(aclSetup);
+ try {
+ s.refresh(false);
+ assertTrue(s.getAccessControlManager().hasPrivileges(null, AccessControlUtils.privilegesFromNames(s, Privilege.JCR_ALL)));
+ assertTrue(s.getAccessControlManager().hasPrivileges("/", AccessControlUtils.privilegesFromNames(s, Privilege.JCR_ALL)));
+ } finally {
+ s.logout();
+ }
+ }
+
+ @Test
public void addRepositoryAcl() throws Exception {
final String aclSetup =
"set repository ACL for " + userA + "," + userB + "\n"
