From 66a6b22341c394428da61bfc8005d12bda133ba0 Mon Sep 17 00:00:00 2001 From: jensp Date: Tue, 2 May 2017 13:16:31 +0000 Subject: [PATCH] CCM NG/ccm-cms: Fixed some test failures git-svn-id: https://svn.libreccm.org/ccm/ccm_ng@4701 8810af33-2d31-482b-a856-94f89814c4df --- .../ContentItemManagerTest.java | 2 + .../libreccm/security/PermissionChecker.java | 70 +++++++++++-------- 2 files changed, 43 insertions(+), 29 deletions(-) diff --git a/ccm-cms/src/test/java/org/librecms/contentsection/ContentItemManagerTest.java b/ccm-cms/src/test/java/org/librecms/contentsection/ContentItemManagerTest.java index 57eb37414..d399f1d44 100644 --- a/ccm-cms/src/test/java/org/librecms/contentsection/ContentItemManagerTest.java +++ b/ccm-cms/src/test/java/org/librecms/contentsection/ContentItemManagerTest.java @@ -234,6 +234,7 @@ public class ContentItemManagerTest { "workflow_id" }) public void createContentItem() { + shiro.getSystemUser().execute(() -> { final ContentSection section = sectionRepo .findByLabel("info") @@ -553,6 +554,7 @@ public class ContentItemManagerTest { "workflow_id" }) public void moveItem() { + final Optional item = itemRepo.findById(-10100L); assertThat(item.isPresent(), is(true)); diff --git a/ccm-core/src/main/java/org/libreccm/security/PermissionChecker.java b/ccm-core/src/main/java/org/libreccm/security/PermissionChecker.java index d22dc19d6..fc297a9f9 100644 --- a/ccm-core/src/main/java/org/libreccm/security/PermissionChecker.java +++ b/ccm-core/src/main/java/org/libreccm/security/PermissionChecker.java @@ -72,11 +72,15 @@ public class PermissionChecker { * @param privilege The privilege granted by the permission. * * @return {@code true} if the current subject has a permission granting the - * provided {@code privilege}, {@code false} otherwise. + * provided {@code privilege}, {@code false} otherwise. */ public boolean isPermitted(final String privilege) { if (subject.isAuthenticated()) { - return subject.isPermitted(generatePermissionString(privilege)); + if (shiro.isSystemUser()) { + return true; + } else { + return subject.isPermitted(generatePermissionString(privilege)); + } } else { return shiro.getPublicUser().isPermitted(generatePermissionString( privilege)); @@ -88,11 +92,11 @@ public class PermissionChecker { * provided {@code privilege}. * * @param privilege The privilege granted by the permission. - * @param role The role to check for a permission granting the - * {@code privilege}. + * @param role The role to check for a permission granting the + * {@code privilege}. * * @return {@code true} if the role has a permission granting the provided - * {@code privilege}, {@code false} otherwise. + * {@code privilege}, {@code false} otherwise. */ @Transactional(Transactional.TxType.REQUIRED) public boolean isPermitted(final String privilege, final Role role) { @@ -130,16 +134,19 @@ public class PermissionChecker { * {@code privilege} on the provided {@code object}. * * @param privilege The granted privilege. - * @param object The object on which the privilege is granted. + * @param object The object on which the privilege is granted. * * @return {@code true} if the there is a permission granting the provided - * {@code privilege} on the provided {@code object} to the current - * subject. + * {@code privilege} on the provided {@code object} to the current subject. */ public boolean isPermitted(final String privilege, final CcmObject object) { if (subject.isAuthenticated()) { - return subject.isPermitted(generatePermissionString( - privilege, object)); + if (shiro.isSystemUser()) { + return true; + } else { + return subject.isPermitted(generatePermissionString( + privilege, object)); + } } else { return shiro.getPublicUser().isPermitted(generatePermissionString( privilege, object)); @@ -151,13 +158,13 @@ public class PermissionChecker { * provided {@code privilege} on the provided object. * * @param privilege The granted privilege. - * @param object The object on which the {@code privilege} is granted. - * @param role The role to check for a permission granting the - * {@code privilege}. + * @param object The object on which the {@code privilege} is granted. + * @param role The role to check for a permission granting the + * {@code privilege}. * * @return {@code true} if the there is a permission granting the provided - * {@code privilege} on the provided {@code object} to the provided - * {@code role}. + * {@code privilege} on the provided {@code object} to the provided + * {@code role}. */ public boolean isPermitted(final String privilege, final CcmObject object, @@ -180,9 +187,9 @@ public class PermissionChecker { final TypedQuery query = entityManager.createNamedQuery( "Permission.existsForPrivilegeRoleObject", Long.class); query.setParameter("privilege", privilege); - query.setParameter("grantee" ,role); - query.setParameter("object" ,object); - + query.setParameter("grantee", role); + query.setParameter("object", object); + return query.getSingleResult() > 0; } @@ -194,12 +201,14 @@ public class PermissionChecker { * @param privilege The privilege to check for. * * @throws AuthorizationException If the current subject has not permission - * granting the provided privilege. + * granting the provided privilege. */ public void checkPermission(final String privilege) throws AuthorizationException { if (subject.isAuthenticated()) { - subject.checkPermission(generatePermissionString(privilege)); + if (!shiro.isSystemUser()) { + subject.checkPermission(generatePermissionString(privilege)); + } } else { shiro.getPublicUser().checkPermission(generatePermissionString( privilege)); @@ -212,17 +221,20 @@ public class PermissionChecker { * * * @param privilege The privilege to check for. - * @param object The object on which the privilege is granted. + * @param object The object on which the privilege is granted. * * @throws AuthorizationException If there is no permission granting the - * provided privilege to the current subject - * on the provided object.. + * provided privilege to the current subject on the provided object.. */ public void checkPermission(final String privilege, final CcmObject object) throws AuthorizationException { + if (subject.isAuthenticated()) { - subject.checkPermission(generatePermissionString(privilege, object)); + if (!shiro.isSystemUser()) { + subject.checkPermission(generatePermissionString(privilege, + object)); + } } else { shiro.getPublicUser().checkPermission(generatePermissionString( privilege, object)); @@ -236,13 +248,13 @@ public class PermissionChecker { * placeholder object is returned with the {@link CcmObject#displayName} * property set the {@code Access denied}. * - * @param The type of the object to check. + * @param The type of the object to check. * @param privilege The privilige to check for. - * @param object The object on which the privilege is granted. - * @param clazz The class of the object. + * @param object The object on which the privilege is granted. + * @param clazz The class of the object. * * @return The object if the current subject is permitted to access, a - * placeholder object if not. + * placeholder object if not. */ public T checkPermission(final String privilege, final T object, @@ -258,7 +270,7 @@ public class PermissionChecker { * @param object The object to check. * * @return {@code true} if the object is a Access denied object, - * {@code false} if not. + * {@code false} if not. */ public boolean isAccessDeniedObject(final CcmObject object) { if (object == null) {