You are viewing a plain text version of this content. The canonical link for it is here.
Posted to oak-commits@jackrabbit.apache.org by an...@apache.org on 2012/05/04 11:16:24 UTC
svn commit: r1333820 - in
/jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/user:
AuthorizableImpl.java GroupImpl.java
Author: angela
Date: Fri May 4 09:16:23 2012
New Revision: 1333820
URL: http://svn.apache.org/viewvc?rev=1333820&view=rev
Log:
OAK-50 : User management (WIP)
Modified:
jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/user/AuthorizableImpl.java
jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/user/GroupImpl.java
Modified: jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/user/AuthorizableImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/user/AuthorizableImpl.java?rev=1333820&r1=1333819&r2=1333820&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/user/AuthorizableImpl.java (original)
+++ jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/user/AuthorizableImpl.java Fri May 4 09:16:23 2012
@@ -33,6 +33,7 @@ import javax.jcr.Value;
import javax.jcr.nodetype.NodeType;
import javax.jcr.nodetype.PropertyDefinition;
import java.util.ArrayList;
+import java.util.Collections;
import java.util.Iterator;
import java.util.List;
@@ -86,7 +87,7 @@ abstract class AuthorizableImpl implemen
*/
@Override
public Iterator<Group> declaredMemberOf() throws RepositoryException {
- return collectMembership(false);
+ return getMembership(false);
}
/**
@@ -94,7 +95,7 @@ abstract class AuthorizableImpl implemen
*/
@Override
public Iterator<Group> memberOf() throws RepositoryException {
- return collectMembership(true);
+ return getMembership(true);
}
/**
@@ -315,9 +316,11 @@ abstract class AuthorizableImpl implemen
}
/**
+ * Returns {@code true} if this authorizable represents the 'everyone' group.
*
- * @return
- * @throws RepositoryException
+ * @return {@code true} if this authorizable represents the group everyone
+ * is member of; {@code false} otherwise.
+ * @throws RepositoryException If an error occurs.
*/
boolean isEveryone() throws RepositoryException {
return isGroup() && EveryonePrincipal.NAME.equals(getPrincipalName());
@@ -395,9 +398,23 @@ abstract class AuthorizableImpl implemen
return n;
}
- private Iterator<Group> collectMembership(boolean includeIndirect) throws RepositoryException {
+ /**
+ * Retrieve the group membership of this authorizable.
+ *
+ * @param includeInherited Flag indicating whether the resulting iterator only
+ * contains groups this authorizable is declared member of or if inherited
+ * group membership is respected.
+ *
+ * @return Iterator of groups this authorizable is (declared) member of.
+ * @throws RepositoryException If an error occurs.
+ */
+ private Iterator<Group> getMembership(boolean includeInherited) throws RepositoryException {
+ if (isEveryone()) {
+ return Collections.<Group>emptySet().iterator();
+ }
+
MembershipManager membershipManager = userManager.getMembershipManager();
- if (includeIndirect) {
+ if (includeInherited) {
return membershipManager.getMembership(this);
} else {
return membershipManager.getDeclaredMembership(this);
Modified: jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/user/GroupImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/user/GroupImpl.java?rev=1333820&r1=1333819&r2=1333820&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/user/GroupImpl.java (original)
+++ jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/user/GroupImpl.java Fri May 4 09:16:23 2012
@@ -19,6 +19,7 @@ package org.apache.jackrabbit.oak.jcr.se
import org.apache.jackrabbit.api.security.user.Authorizable;
import org.apache.jackrabbit.api.security.user.Group;
import org.apache.jackrabbit.api.security.user.UserManager;
+import org.apache.jackrabbit.oak.jcr.security.principal.EveryonePrincipal;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -147,10 +148,12 @@ class GroupImpl extends AuthorizableImpl
//--------------------------------------------------------------------------
/**
+ * Internal implementation of {@link #getDeclaredMembers()} and {@link #getMembers()}.
*
- * @param includeInherited
- * @return
- * @throws RepositoryException
+ * @param includeInherited Flag indicating if only the declared or all members
+ * should be returned.
+ * @return Iterator of authorizables being member of this group.
+ * @throws RepositoryException If an error occurs.
*/
private Iterator<Authorizable> getMembers(boolean includeInherited) throws RepositoryException {
if (isEveryone()) {
@@ -163,11 +166,14 @@ class GroupImpl extends AuthorizableImpl
}
/**
+ * Internal implementation of {@link #isDeclaredMember(Authorizable)} and {@link #isMember(Authorizable)}.
*
- * @param authorizable
- * @param includeInherited
- * @return
- * @throws RepositoryException
+ * @param authorizable The authorizable to test.
+ * @param includeInherited Flag indicating if only declared or all members
+ * should taken into account.
+ * @return {@code true} if the specified authorizable is member or declared
+ * member of this group; {@code false} otherwise.
+ * @throws RepositoryException If an error occurs.
*/
private boolean isMember(Authorizable authorizable, boolean includeInherited) throws RepositoryException {
if (!isValidAuthorizableImpl(authorizable)) {
@@ -184,7 +190,7 @@ class GroupImpl extends AuthorizableImpl
}
/**
- *
+ * Principal representation of this group instance.
*/
private class GroupPrincipal extends ItemBasedPrincipalImpl implements java.security.acl.Group {
@@ -204,14 +210,57 @@ class GroupImpl extends AuthorizableImpl
@Override
public boolean isMember(Principal principal) {
- // TODO
- return false;
+ boolean isMember = false;
+ try {
+ // shortcut for everyone group -> avoid collecting all members
+ // as all users and groups are member of everyone.
+ if (isEveryone()) {
+ isMember = !EveryonePrincipal.NAME.equals(principal.getName());
+ } else {
+ Authorizable a = getUserManager().getAuthorizable(principal);
+ if (a != null) {
+ isMember = GroupImpl.this.isMember(a);
+ }
+ }
+ } catch (RepositoryException e) {
+ log.warn("Failed to determine group membership", e.getMessage());
+ }
+
+ // principal doesn't represent a known authorizable or an error occurred.
+ return isMember;
}
@Override
public Enumeration<? extends Principal> members() {
- // TODO
- return null;
+ final Iterator<Authorizable> iterator;
+ try {
+ iterator = GroupImpl.this.getMembers();
+ } catch (RepositoryException e) {
+ // should not occur.
+ String msg = "Unable to retrieve Group members: " + e.getMessage();
+ log.error(msg);
+ throw new IllegalStateException(msg);
+ }
+
+ Enumeration<Principal> members = new Enumeration<Principal>() {
+
+ @Override
+ public boolean hasMoreElements() {
+ return iterator.hasNext();
+ }
+
+ @Override
+ public Principal nextElement() {
+ try {
+ return iterator.next().getPrincipal();
+ } catch (RepositoryException e) {
+ String msg = "Internal error while retrieving principal: " + e.getMessage();
+ log.error(msg);
+ throw new IllegalStateException(msg);
+ }
+ }
+ };
+ return members;
}
}
}
\ No newline at end of file