diff --git a/src/main/java/org/caosdb/server/permissions/AbstractEntityACLFactory.java b/src/main/java/org/caosdb/server/permissions/AbstractEntityACLFactory.java
index 88247950fa8497973fd682da9fdedf612a091d6d..c8cd93e4a1d12125235819b4a2ba69fa12bd0256 100644
--- a/src/main/java/org/caosdb/server/permissions/AbstractEntityACLFactory.java
+++ b/src/main/java/org/caosdb/server/permissions/AbstractEntityACLFactory.java
@@ -262,6 +262,7 @@ public abstract class AbstractEntityACLFactory<T extends EntityACL> {
*/
public AbstractEntityACLFactory<T> remove(EntityACL other) {
if (other != null) {
+ normalize();
for (EntityACI aci : other.getRules()) {
if (EntityACL.isAllowance(aci.getBitSet())) {
if (EntityACL.isPriorityBitSet(aci.getBitSet())) {
diff --git a/src/test/java/org/caosdb/server/permissions/EntityACLTest.java b/src/test/java/org/caosdb/server/permissions/EntityACLTest.java
index 8e8b0a10dd340bce53bca01ffb519868d13ca027..1787c902f48124d692f8c53e4a73ed04564dfe8f 100644
--- a/src/test/java/org/caosdb/server/permissions/EntityACLTest.java
+++ b/src/test/java/org/caosdb/server/permissions/EntityACLTest.java
@@ -22,6 +22,7 @@
*/
package org.caosdb.server.permissions;
+import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertNotNull;
import static org.junit.Assert.assertTrue;
@@ -349,60 +350,49 @@ public class EntityACLTest {
Assert.assertFalse((f.create().isPermitted(user2, EntityPermission.UPDATE_NAME)));
}
- // @Test
- // public void niceFactoryStuff() {
- // final EntityACLFactory f = new EntityACLFactory();
- // f.grant("user1", "*");
- // final EntityACL acl1 = f.create();
- // Assert.assertTrue(acl1.isPermitted("user1", EntityPermission.EDIT_ACL));
- // Assert.assertTrue(acl1.isPermitted("user1", EntityPermission.DELETE));
- // Assert.assertTrue(acl1.isPermitted("user1",
- // EntityPermission.RETRIEVE_ENTITY));
- // Assert.assertTrue(acl1.isPermitted("user1",
- // EntityPermission.UPDATE_DATA_TYPE));
- // Assert.assertTrue(acl1.isPermitted("user1",
- // EntityPermission.USE_AS_PROPERTY));
- //
- // f.grant("?OWNER?", "DELETE", "EDIT:ACL", "RETRIEVE:*", "UPDATE:*",
- // "USE:*");
- // f.grant("user2", "EDIT:ACL");
- // final EntityACL acl2 = f.create();
- // Assert.assertTrue(acl2.isPermitted("user2", EntityPermission.EDIT_ACL));
- // Assert.assertTrue(acl2.isPermitted("user2", EntityPermission.DELETE));
- // Assert.assertTrue(acl2.isPermitted("user2",
- // EntityPermission.RETRIEVE_ENTITY));
- // Assert.assertTrue(acl2.isPermitted("user2",
- // EntityPermission.UPDATE_DATA_TYPE));
- // Assert.assertTrue(acl2.isPermitted("user2",
- // EntityPermission.USE_AS_PROPERTY));
- //
- // }
- //
- // @Test
- // public void testDeny() {
- // EntityACLFactory f = new EntityACLFactory();
- // f.deny("test", "DELETE");
- // Assert.assertFalse(f.create().isPermitted("test",
- // EntityPermission.DELETE));
- //
- // System.out.println(Utils.element2String(f.create().toElement()));
- //
- // System.out.println(Utils.element2String(EntityACL.GLOBAL_PERMISSIONS.toElement()));
- //
- // f.grant("test", "USE:*");
- // Assert.assertFalse(f.create().isPermitted("test",
- // EntityPermission.DELETE));
- //
- // System.out.println(Utils.element2String(f.create().toElement()));
- //
- // f = new EntityACLFactory();
- // f.grant(EntityACL.OTHER_ROLE, "RETRIEVE:*");
- // f.deny(EntityACL.OTHER_ROLE, "DELETE");
- // final EntityACL a = f.create();
- //
- // System.out.println(Utils.element2String(a.toElement()));
- //
- // System.out.println(Utils.element2String(EntityACL.deserialize(a.serialize()).toElement()));
- // }
+ @Test
+ public void testRemove() {
+ EntityACLFactory f = new EntityACLFactory();
+ f.grant(org.caosdb.server.permissions.Role.create("role1"), false, EntityPermission.DELETE);
+ f.deny(org.caosdb.server.permissions.Role.create("role2"), false, EntityPermission.EDIT_ACL);
+ f.grant(
+ org.caosdb.server.permissions.Role.create("role3"), true, EntityPermission.RETRIEVE_ACL);
+ f.deny(
+ org.caosdb.server.permissions.Role.create("role4"), true, EntityPermission.RETRIEVE_ENTITY);
+
+ EntityACL other = f.create();
+
+ f.grant(org.caosdb.server.permissions.Role.create("role2"), false, EntityPermission.EDIT_ACL);
+ f.grant(
+ org.caosdb.server.permissions.Role.create("role5"), false, EntityPermission.RETRIEVE_FILE);
+
+ f.remove(other); // normalize and remove "other"
+
+ EntityACL tester = f.create();
+ assertEquals(
+ "only the very last rule survived, the others have been overriden or removed",
+ 1,
+ tester.getRules().size());
+ for (EntityACI aci : tester.getRules()) {
+ assertEquals(aci.getResponsibleAgent(), org.caosdb.server.permissions.Role.create("role5"));
+ }
+ }
+ @Test
+ public void testNormalize() {
+ EntityACLFactory f = new EntityACLFactory();
+ f.grant(org.caosdb.server.permissions.Role.create("role1"), false, EntityPermission.DELETE);
+ f.deny(org.caosdb.server.permissions.Role.create("role1"), false, EntityPermission.DELETE);
+ f.grant(org.caosdb.server.permissions.Role.create("role1"), true, EntityPermission.DELETE);
+ f.deny(org.caosdb.server.permissions.Role.create("role1"), true, EntityPermission.DELETE);
+
+ // priority denail overrides everything else
+ EntityACL denyDelete = f.create();
+ assertEquals(1, denyDelete.getRules().size());
+ for (EntityACI aci : denyDelete.getRules()) {
+ assertEquals(org.caosdb.server.permissions.Role.create("role1"), aci.getResponsibleAgent());
+ assertTrue(EntityACL.isDenial(aci.getBitSet()));
+ assertTrue(EntityACL.isPriorityBitSet(aci.getBitSet()));
+ }
+ }
}