NEXUS-3546: nested groups will now have privilege checks handled prop…

…erly when requesting content from children git-svn-id: file:///opt/svn/repositories/sonatype.org/nexus/trunk/nexus@6551 2aa8b3fc-8ebb-4439-a84f-95066eaea8ab
sonatype · Jun 3, 2010 · b95157b · b95157b
1 parent 8737de0
commit b95157b
Show file tree

Hide file tree

Showing 3 changed files with 96 additions and 0 deletions.
diff --git a/nexus-proxy/src/main/java/org/sonatype/nexus/proxy/access/DefaultNexusItemAuthorizer.java b/nexus-proxy/src/main/java/org/sonatype/nexus/proxy/access/DefaultNexusItemAuthorizer.java
@@ -79,6 +79,9 @@ public TargetSet getGroupsTargetSet( Repository repository, ResourceStoreRequest
                 TargetSet groupMatched = group.getTargetsForRequest( request );
 
                 targetSet.addTargetSet( groupMatched );
+
+                // now that we have groups of groups, this needs to be a recursive check
+                targetSet.addTargetSet( getGroupsTargetSet( group, request ) );
             }
         }
 

diff --git a/nexus-test-harness/nexus-test-harness-its/resources/nexus3546/files/artifact.jar b/nexus-test-harness/nexus-test-harness-its/resources/nexus3546/files/artifact.jar
diff --git a/...sonatype/nexus/integrationtests/nexus3546/Nexus3546ValidateTransitivePrivsOnGroupsIT.java b/...sonatype/nexus/integrationtests/nexus3546/Nexus3546ValidateTransitivePrivsOnGroupsIT.java
@@ -0,0 +1,93 @@
+package org.sonatype.nexus.integrationtests.nexus3546;
+
+import java.io.File;
+
+import org.junit.Assert;
+import org.junit.Test;
+import org.restlet.data.Status;
+import org.sonatype.nexus.artifact.Gav;
+import org.sonatype.nexus.integrationtests.AbstractPrivilegeTest;
+import org.sonatype.nexus.integrationtests.TestContainer;
+import org.sonatype.nexus.jsecurity.realms.TargetPrivilegeDescriptor;
+import org.sonatype.nexus.rest.model.RepositoryGroupMemberRepository;
+import org.sonatype.nexus.rest.model.RepositoryGroupResource;
+import org.sonatype.nexus.test.utils.GavUtil;
+import org.sonatype.nexus.test.utils.TaskScheduleUtil;
+
+public class Nexus3546ValidateTransitivePrivsOnGroupsIT
+    extends AbstractPrivilegeTest
+{
+    private static final String GROUP_1_ID = "nexus3546group1";
+    private static final String GROUP_2_ID = "nexus3546group2";
+
+    @Test
+    public void validateGroupsInGroups()
+        throws Exception
+    {
+        Gav gav = GavUtil.newGav( "nexus3546", "artifact", "1.0.0" );
+
+        prepare( gav );
+
+        TestContainer.getInstance().getTestContext().setUsername( TEST_USER_NAME );
+        TestContainer.getInstance().getTestContext().setPassword( TEST_USER_PASSWORD );
+
+        // should be able to download from repo
+        File downloaded = downloadArtifactFromRepository( REPO_TEST_HARNESS_RELEASE_REPO, gav, "./target/downloaded-jars/from-repo" );
+        Assert.assertTrue( downloaded.exists() );
+
+        // and parent group of repo
+        downloaded = downloadArtifactFromGroup( GROUP_1_ID, gav, "./target/downloaded-jars/from-group-1" );
+        Assert.assertTrue( downloaded.exists() );
+
+        // and parent group of group
+        downloaded = downloadArtifactFromGroup( GROUP_2_ID, gav, "./target/downloaded-jars/from-group-2" );
+
+        Assert.assertTrue( downloaded.exists() );
+    }
+
+    private void prepare( Gav gav ) 
+        throws Exception
+    {        
+        //use admin for this part
+        TestContainer.getInstance().getTestContext().useAdminForRequests();
+
+        File artifact = getTestFile( "artifact.jar" );
+
+        int code = getDeployUtils().deployUsingGavWithRest( REPO_TEST_HARNESS_RELEASE_REPO, gav, artifact );
+        Assert.assertTrue( "Unable to deploy artifact " + code, Status.isSuccess( code ) );
+
+        //create group 1
+        RepositoryGroupResource group = new RepositoryGroupResource();
+        group.setId( GROUP_1_ID );
+        group.setFormat( "maven2" );
+        group.setProvider( "maven2" );
+        group.setName( GROUP_1_ID );
+        group.setExposed( true );
+        RepositoryGroupMemberRepository repo = new RepositoryGroupMemberRepository();
+        repo.setId( REPO_TEST_HARNESS_RELEASE_REPO );
+        group.addRepository( repo );
+        groupUtil.createGroup( group );
+
+        TaskScheduleUtil.waitForAllTasksToStop();
+
+        //create group 2
+        group = new RepositoryGroupResource();
+        group.setId( GROUP_2_ID );
+        group.setFormat( "maven2" );
+        group.setProvider( "maven2" );
+        group.setName( GROUP_2_ID );
+        group.setExposed( true );
+        repo = new RepositoryGroupMemberRepository();
+        repo.setId( GROUP_1_ID );
+        group.addRepository( repo );
+        groupUtil.createGroup( group );
+
+        TaskScheduleUtil.waitForAllTasksToStop();
+
+        resetTestUserPrivs();
+        addPriv( TEST_USER_NAME, "nexus3546priv", TargetPrivilegeDescriptor.TYPE, "1", null,
+                 GROUP_2_ID, "read" );
+
+        TaskScheduleUtil.waitForAllTasksToStop();
+    }
+}