From 27d2db9e229c829f622d5dc6aa5c1463dee9814f Mon Sep 17 00:00:00 2001 From: Carlos Sanchez Date: Tue, 22 Aug 2006 17:57:18 +0000 Subject: [PATCH] Ensure that array of valid permissions can't be modified outside the class --- .../acl/basic/SimpleAclEntry.java | 15 +++++++---- .../acl/basic/SimpleAclEntryTests.java | 25 +++++++++++++------ .../vote/BasicAclEntryVoterTests.java | 14 +++++------ 3 files changed, 35 insertions(+), 19 deletions(-) diff --git a/core/src/main/java/org/acegisecurity/acl/basic/SimpleAclEntry.java b/core/src/main/java/org/acegisecurity/acl/basic/SimpleAclEntry.java index 878df1e101..51740d8514 100644 --- a/core/src/main/java/org/acegisecurity/acl/basic/SimpleAclEntry.java +++ b/core/src/main/java/org/acegisecurity/acl/basic/SimpleAclEntry.java @@ -44,17 +44,18 @@ public class SimpleAclEntry extends AbstractBasicAclEntry { public static final int READ_WRITE_DELETE = READ | WRITE | DELETE; // Array required by the abstract superclass via getValidPermissions() - private static final int[] validPermissions = { + private static final int[] VALID_PERMISSIONS = { NOTHING, ADMINISTRATION, READ, WRITE, CREATE, DELETE, READ_WRITE_CREATE_DELETE, READ_WRITE_CREATE, READ_WRITE, READ_WRITE_DELETE }; + private static final String[] VALID_PERMISSIONS_AS_STRING = { "NOTHING", "ADMINISTRATION", "READ", "WRITE", "CREATE", "DELETE", "READ_WRITE_CREATE_DELETE", "READ_WRITE_CREATE", "READ_WRITE", "READ_WRITE_DELETE" }; //~ Constructors =================================================================================================== -/** + /** * Allows {@link BasicAclDao} implementations to construct this object * using newInstance(). * @@ -73,8 +74,11 @@ public class SimpleAclEntry extends AbstractBasicAclEntry { //~ Methods ======================================================================================================== + /** + * @return a copy of the permissions array, changes to the values won't affect this class. + */ public int[] getValidPermissions() { - return validPermissions; + return (int[]) VALID_PERMISSIONS.clone(); } public String printPermissionsBlock(int i) { @@ -123,8 +127,9 @@ public class SimpleAclEntry extends AbstractBasicAclEntry { */ public static int parsePermission(String permission) { for (int i = 0; i < VALID_PERMISSIONS_AS_STRING.length; i++) { - if (VALID_PERMISSIONS_AS_STRING[i].equalsIgnoreCase(permission)) - return validPermissions[i]; + if (VALID_PERMISSIONS_AS_STRING[i].equalsIgnoreCase(permission)) { + return VALID_PERMISSIONS[i]; + } } throw new IllegalArgumentException("Permission provided does not exist: " + permission); } diff --git a/core/src/test/java/org/acegisecurity/acl/basic/SimpleAclEntryTests.java b/core/src/test/java/org/acegisecurity/acl/basic/SimpleAclEntryTests.java index b60085f167..f6bd59de71 100644 --- a/core/src/test/java/org/acegisecurity/acl/basic/SimpleAclEntryTests.java +++ b/core/src/test/java/org/acegisecurity/acl/basic/SimpleAclEntryTests.java @@ -172,13 +172,13 @@ public class SimpleAclEntryTests extends TestCase { } public void testParsePermission() { - assertPermission("NOTHING", 0); - assertPermission("ADMINISTRATION", 1); - assertPermission("READ", 2); - assertPermission("WRITE", 4); - assertPermission("CREATE", 8); - assertPermission("DELETE", 16); - assertPermission("READ_WRITE_DELETE", 22); + assertPermission("NOTHING", SimpleAclEntry.NOTHING); + assertPermission("ADMINISTRATION", SimpleAclEntry.ADMINISTRATION); + assertPermission("READ", SimpleAclEntry.READ); + assertPermission("WRITE", SimpleAclEntry.WRITE); + assertPermission("CREATE", SimpleAclEntry.CREATE); + assertPermission("DELETE", SimpleAclEntry.DELETE); + assertPermission("READ_WRITE_DELETE", SimpleAclEntry.READ_WRITE_DELETE); } public void testParsePermissionWrongValues() { @@ -193,4 +193,15 @@ public class SimpleAclEntryTests extends TestCase { private void assertPermission(String permission, int value) { assertEquals(value, SimpleAclEntry.parsePermission(permission)); } + + /** + * Check that the value returned by {@link SimpleAclEntry#getValidPermissions()} is not modifiable. + */ + public void testGetPermissions() { + SimpleAclEntry acl = new SimpleAclEntry("", new NamedEntityObjectIdentity("x", "x"), null, 0); + int[] permissions = acl.getValidPermissions(); + int i = permissions[0]; + permissions[0] -= 100; + assertEquals("Value returned by getValidPermissions can be modified", i, acl.getValidPermissions()[0]); + } } diff --git a/core/src/test/java/org/acegisecurity/vote/BasicAclEntryVoterTests.java b/core/src/test/java/org/acegisecurity/vote/BasicAclEntryVoterTests.java index f68efad70d..dc2916a12e 100644 --- a/core/src/test/java/org/acegisecurity/vote/BasicAclEntryVoterTests.java +++ b/core/src/test/java/org/acegisecurity/vote/BasicAclEntryVoterTests.java @@ -446,13 +446,13 @@ public class BasicAclEntryVoterTests extends TestCase { } public void testSetRequirePermissionFromString() { - assertPermission("NOTHING", 0); - assertPermission("ADMINISTRATION", 1); - assertPermission("READ", 2); - assertPermission("WRITE", 4); - assertPermission("CREATE", 8); - assertPermission("DELETE", 16); - assertPermission(new String[] { "WRITE", "CREATE" }, new int[] { 4, 8 }); + assertPermission("NOTHING", SimpleAclEntry.NOTHING); + assertPermission("ADMINISTRATION", SimpleAclEntry.ADMINISTRATION); + assertPermission("READ", SimpleAclEntry.READ); + assertPermission("WRITE", SimpleAclEntry.WRITE); + assertPermission("CREATE", SimpleAclEntry.CREATE); + assertPermission("DELETE", SimpleAclEntry.DELETE); + assertPermission(new String[] { "WRITE", "CREATE" }, new int[] { SimpleAclEntry.WRITE, SimpleAclEntry.CREATE }); } public void testSetRequirePermissionFromStringWrongValues() {