Duplicate ACEs as user/group in virtual server ACL
diff --git a/src/com/google/enterprise/adaptor/sharepoint/SharePointAdaptor.java b/src/com/google/enterprise/adaptor/sharepoint/SharePointAdaptor.java
index f59db85..c22af05 100644
--- a/src/com/google/enterprise/adaptor/sharepoint/SharePointAdaptor.java
+++ b/src/com/google/enterprise/adaptor/sharepoint/SharePointAdaptor.java
@@ -506,24 +506,28 @@
VirtualServer vs = getContentVirtualServer();
final long necessaryPermissionMask = LIST_ITEM_MASK;
- List<String> permitUsers = new ArrayList<String>();
- List<String> denyUsers = new ArrayList<String>();
+ // A PolicyUser is either a user or group, but we aren't provided with
+ // which. Thus, we treat PolicyUsers as both a user and a group in ACLs
+ // and understand that only one of the two entries will have an effect.
+ List<String> permitIds = new ArrayList<String>();
+ List<String> denyIds = new ArrayList<String>();
for (PolicyUser policyUser : vs.getPolicies().getPolicyUser()) {
// TODO(ejona): special case NT AUTHORITY\LOCAL SERVICE.
String loginName = policyUser.getLoginName();
long grant = policyUser.getGrantMask().longValue();
if ((necessaryPermissionMask & grant) == necessaryPermissionMask) {
- permitUsers.add(loginName);
+ permitIds.add(loginName);
}
long deny = policyUser.getDenyMask().longValue();
// If at least one necessary bit is masked, then deny user.
if ((necessaryPermissionMask & deny) != 0) {
- denyUsers.add(loginName);
+ denyIds.add(loginName);
}
}
response.setAcl(new Acl.Builder()
.setInheritanceType(Acl.InheritanceType.PARENT_OVERRIDES)
- .setPermitUsers(permitUsers).setDenyUsers(denyUsers).build());
+ .setPermitUsers(permitIds).setPermitGroups(permitIds)
+ .setDenyUsers(denyIds).setDenyGroups(denyIds).build());
response.setContentType("text/html");
HtmlResponseWriter writer = createHtmlResponseWriter(response);
diff --git a/test/com/google/enterprise/adaptor/sharepoint/SharePointAdaptorTest.java b/test/com/google/enterprise/adaptor/sharepoint/SharePointAdaptorTest.java
index e4638e4..ac44ec7 100644
--- a/test/com/google/enterprise/adaptor/sharepoint/SharePointAdaptorTest.java
+++ b/test/com/google/enterprise/adaptor/sharepoint/SharePointAdaptorTest.java
@@ -256,10 +256,11 @@
+ "SiteCollection</a></li>"
+ "</ul></body></html>";
assertEquals(golden, responseString);
+ List<String> permit = Arrays.asList("GDC-PSL\\Administrator",
+ "GDC-PSL\\spuser1", "NT AUTHORITY\\LOCAL SERVICE");
assertEquals(new Acl.Builder()
.setInheritanceType(Acl.InheritanceType.PARENT_OVERRIDES)
- .setPermitUsers(Arrays.asList("GDC-PSL\\Administrator",
- "GDC-PSL\\spuser1", "NT AUTHORITY\\LOCAL SERVICE")).build(),
+ .setPermitUsers(permit).setPermitGroups(permit).build(),
response.getAcl());
}