Loading projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/ldap/LdapGroupDAO.java +11 −6 Original line number Diff line number Diff line Loading @@ -177,13 +177,20 @@ public class LdapGroupDAO<T extends Principal> extends LdapDAO "Support for groups properties not available"); } if (!isCreatorOwner(group.getOwner())) { throw new AccessControlException("Group owner must be creator"); } // BM: Changed so that the group owner is set to be the // user in the subject //if (!isCreatorOwner(group.getOwner())) //{ // throw new AccessControlException("Group owner must be creator"); //} try { // make the owner the calling user DN ownerDN = this.getSubjectDN(); User<X500Principal> owner = userPersist.getX500User(ownerDN); group.setOwner(owner); if (reactivateGroup(group)) { return; Loading @@ -191,8 +198,6 @@ public class LdapGroupDAO<T extends Principal> extends LdapDAO else { DN ownerDN = userPersist.getUserDN(group.getOwner()); // add group to groups tree LDAPResult result = addGroup(getGroupDN(group.getID()), group.getID(), ownerDN, Loading projects/cadcAccessControl-Server/test/src/ca/nrc/cadc/ac/server/ldap/LdapGroupDAOTest.java +31 −30 Original line number Diff line number Diff line Loading @@ -85,7 +85,6 @@ import org.junit.BeforeClass; import org.junit.Test; import ca.nrc.cadc.ac.Group; import ca.nrc.cadc.ac.GroupAlreadyExistsException; import ca.nrc.cadc.ac.GroupNotFoundException; import ca.nrc.cadc.ac.GroupProperty; import ca.nrc.cadc.ac.Role; Loading Loading @@ -680,34 +679,36 @@ public class LdapGroupDAOTest extends AbstractLdapDAOTest } }); Subject.doAs(daoTestUser1Subject, new PrivilegedExceptionAction<Object>() { public Object run() throws Exception { try { getGroupDAO().addGroup(new Group("foo", unknownUser)); fail("addGroup with unknown user should throw " + "AccessControlException"); } catch (AccessControlException ignore) {} String groupID = getGroupID(); getGroupDAO().addGroup(new Group(groupID, daoTestUser1)); Group group = getGroupDAO().getGroup(groupID); try { getGroupDAO().addGroup(group); fail("addGroup with existing group should throw " + "GroupAlreadyExistsException"); } catch (GroupAlreadyExistsException ignore) {} getGroupDAO().deleteGroup(group.getID()); return null; } }); // BM: No longer applicable: groups have their owner set to the calling // user automatically in the service. // Subject.doAs(daoTestUser1Subject, new PrivilegedExceptionAction<Object>() // { // public Object run() throws Exception // { // try // { // getGroupDAO().addGroup(new Group("foo", unknownUser)); // fail("addGroup with unknown user should throw " + // "AccessControlException"); // } // catch (AccessControlException ignore) {} // // String groupID = getGroupID(); // getGroupDAO().addGroup(new Group(groupID, daoTestUser1)); // Group group = getGroupDAO().getGroup(groupID); // // try // { // getGroupDAO().addGroup(group); // fail("addGroup with existing group should throw " + // "GroupAlreadyExistsException"); // } // catch (GroupAlreadyExistsException ignore) {} // // getGroupDAO().deleteGroup(group.getID()); // return null; // } // }); } @Test Loading Loading @@ -788,7 +789,7 @@ public class LdapGroupDAOTest extends AbstractLdapDAOTest { public Object run() throws Exception { getGroupDAO().addGroup(new Group(groupID, daoTestUser1)); //getGroupDAO().addGroup(new Group(groupID, daoTestUser1)); try { getGroupDAO().modifyGroup(new Group("foo", daoTestUser1)); Loading Loading
projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/ldap/LdapGroupDAO.java +11 −6 Original line number Diff line number Diff line Loading @@ -177,13 +177,20 @@ public class LdapGroupDAO<T extends Principal> extends LdapDAO "Support for groups properties not available"); } if (!isCreatorOwner(group.getOwner())) { throw new AccessControlException("Group owner must be creator"); } // BM: Changed so that the group owner is set to be the // user in the subject //if (!isCreatorOwner(group.getOwner())) //{ // throw new AccessControlException("Group owner must be creator"); //} try { // make the owner the calling user DN ownerDN = this.getSubjectDN(); User<X500Principal> owner = userPersist.getX500User(ownerDN); group.setOwner(owner); if (reactivateGroup(group)) { return; Loading @@ -191,8 +198,6 @@ public class LdapGroupDAO<T extends Principal> extends LdapDAO else { DN ownerDN = userPersist.getUserDN(group.getOwner()); // add group to groups tree LDAPResult result = addGroup(getGroupDN(group.getID()), group.getID(), ownerDN, Loading
projects/cadcAccessControl-Server/test/src/ca/nrc/cadc/ac/server/ldap/LdapGroupDAOTest.java +31 −30 Original line number Diff line number Diff line Loading @@ -85,7 +85,6 @@ import org.junit.BeforeClass; import org.junit.Test; import ca.nrc.cadc.ac.Group; import ca.nrc.cadc.ac.GroupAlreadyExistsException; import ca.nrc.cadc.ac.GroupNotFoundException; import ca.nrc.cadc.ac.GroupProperty; import ca.nrc.cadc.ac.Role; Loading Loading @@ -680,34 +679,36 @@ public class LdapGroupDAOTest extends AbstractLdapDAOTest } }); Subject.doAs(daoTestUser1Subject, new PrivilegedExceptionAction<Object>() { public Object run() throws Exception { try { getGroupDAO().addGroup(new Group("foo", unknownUser)); fail("addGroup with unknown user should throw " + "AccessControlException"); } catch (AccessControlException ignore) {} String groupID = getGroupID(); getGroupDAO().addGroup(new Group(groupID, daoTestUser1)); Group group = getGroupDAO().getGroup(groupID); try { getGroupDAO().addGroup(group); fail("addGroup with existing group should throw " + "GroupAlreadyExistsException"); } catch (GroupAlreadyExistsException ignore) {} getGroupDAO().deleteGroup(group.getID()); return null; } }); // BM: No longer applicable: groups have their owner set to the calling // user automatically in the service. // Subject.doAs(daoTestUser1Subject, new PrivilegedExceptionAction<Object>() // { // public Object run() throws Exception // { // try // { // getGroupDAO().addGroup(new Group("foo", unknownUser)); // fail("addGroup with unknown user should throw " + // "AccessControlException"); // } // catch (AccessControlException ignore) {} // // String groupID = getGroupID(); // getGroupDAO().addGroup(new Group(groupID, daoTestUser1)); // Group group = getGroupDAO().getGroup(groupID); // // try // { // getGroupDAO().addGroup(group); // fail("addGroup with existing group should throw " + // "GroupAlreadyExistsException"); // } // catch (GroupAlreadyExistsException ignore) {} // // getGroupDAO().deleteGroup(group.getID()); // return null; // } // }); } @Test Loading Loading @@ -788,7 +789,7 @@ public class LdapGroupDAOTest extends AbstractLdapDAOTest { public Object run() throws Exception { getGroupDAO().addGroup(new Group(groupID, daoTestUser1)); //getGroupDAO().addGroup(new Group(groupID, daoTestUser1)); try { getGroupDAO().modifyGroup(new Group("foo", daoTestUser1)); Loading
