You are viewing a plain text version of this content. The canonical link for it is here.
Posted to oak-commits@jackrabbit.apache.org by an...@apache.org on 2014/02/26 12:07:43 UTC
svn commit: r1572008 - in /jackrabbit/oak/trunk/oak-core/src: main/java/org/apache/jackrabbit/oak/spi/commit/ main/java/org/apache/jackrabbit/oak/spi/security/authorization/permission/ test/java/org/apache/jackrabbit/oak/

Author: angela
Date: Wed Feb 26 11:07:43 2014
New Revision: 1572008

URL: http://svn.apache.org/r1572008
Log:
javadoc, minor improvement

Modified:
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/commit/MoveTracker.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/permission/OpenPermissionProvider.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/permission/PermissionProvider.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/permission/RepositoryPermission.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/permission/TreePermission.java
    jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/OakBaseTest.java

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/commit/MoveTracker.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/commit/MoveTracker.java?rev=1572008&r1=1572007&r2=1572008&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/commit/MoveTracker.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/commit/MoveTracker.java Wed Feb 26 11:07:43 2014
@@ -29,7 +29,8 @@ import org.apache.jackrabbit.oak.commons
 import org.apache.jackrabbit.util.Text;
 
 /**
- * MoveTracker... TODO
+ * Utility to keep track of the move operations that are performed between two
+ * calls to {@link org.apache.jackrabbit.oak.api.Root#commit}.
  */
 public class MoveTracker {
 

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/permission/OpenPermissionProvider.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/permission/OpenPermissionProvider.java?rev=1572008&r1=1572007&r2=1572008&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/permission/OpenPermissionProvider.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/permission/OpenPermissionProvider.java Wed Feb 26 11:07:43 2014
@@ -66,7 +66,7 @@ public final class OpenPermissionProvide
     }
 
     @Override
-    public boolean isGranted(@Nonnull Tree parent, @Nullable PropertyState property, long permissions) {
+    public boolean isGranted(@Nonnull Tree tree, @Nullable PropertyState property, long permissions) {
         return true;
     }
 

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/permission/PermissionProvider.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/permission/PermissionProvider.java?rev=1572008&r1=1572007&r2=1572008&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/permission/PermissionProvider.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/permission/PermissionProvider.java Wed Feb 26 11:07:43 2014
@@ -24,49 +24,98 @@ import org.apache.jackrabbit.oak.api.Pro
 import org.apache.jackrabbit.oak.api.Tree;
 
 /**
- * PermissionProvider... TODO
+ * TODO
+ *
+ * @see org.apache.jackrabbit.oak.spi.security.authorization.AuthorizationConfiguration#getPermissionProvider(org.apache.jackrabbit.oak.api.Root, String, java.util.Set)
  */
 public interface PermissionProvider {
 
     /**
-     *
+     * Refresh this {@code PermissionProvider}. The implementation is expected
+     * to subsequently return permission evaluation results that reflect the
+     * most recent revision of the repository.
      */
     void refresh();
 
     /**
+     * Returns the set of privilege names which are granted to the set of
+     * {@code Principal}s associated with this provider instance for the
+     * specified {@code Tree}.
      *
-     * @param tree
+     * @param tree The {@code tree} for which the privileges should be retrieved.
      * @return
      */
     @Nonnull
     Set<String> getPrivileges(@Nullable Tree tree);
 
     /**
+     * Returns whether the principal set associated with this {@code PrivilegeManager}
+     * is granted the privileges identified by the specified privilege names
+     * for the given {@code tree}. In order to test for privileges being granted
+     * on a repository level rather than on a particular tree a {@code null} tree
+     * should be passed to this method.
      *
-     * @param tree
-     * @param privilegeNames
-     * @return
+     * <p>
+     * Testing a name identifying an aggregate privilege is equivalent to testing
+     * each non aggregate privilege name.
+     * </p>
+     *
+     * @param tree The tree to test for privileges being granted.
+     * @param privilegeNames The name of the privileges.
+     * @return {@code true} if all privileges are granted; {@code false} otherwise.
      */
     boolean hasPrivileges(@Nullable Tree tree, @Nonnull String... privilegeNames);
 
+    /**
+     * Return the {@code RepositoryPermission} for the set of {@code Principal}s
+     * associated with this provider instance.
+     *
+     * @return The {@link org.apache.jackrabbit.oak.spi.security.authorization.permission.RepositoryPermission}
+     * for the set of {@code Principal}s this provider instance has been created for.
+     */
     RepositoryPermission getRepositoryPermission();
 
+    /**
+     * Return the {@coe TreePermission} for the set of {@code Principal}s associated
+     * with this provider at the specified {@code tree}.
+     *
+     * @param tree The tree for which the {@code TreePermission} object should be built.
+     * @param parentPermission The {@code TreePermission} object that has been
+     * obtained before for the parent tree.
+     * @return The {@code TreePermission} object for the specified {@code tree}.
+     */
     TreePermission getTreePermission(@Nonnull Tree tree, @Nonnull TreePermission parentPermission);
 
     /**
+     * Test if the specified permissions are granted for the set of {@code Principal}s
+     * associated with this provider instance for the item identified by the
+     * given tree and optionally property. This method will only return {@code true}
+     * if all permissions are granted.
      *
-     * @param parent
-     * @param property
-     * @param permissions
-     * @return
+     * @param tree The {@code Tree} to test the permissions for.
+     * @param property A {@code PropertyState} if the item to test is a property
+     * or {@code null} if the item is a {@code Tree}.
+     * @param permissions The permissions to be tested.
+     * @return {@code true} if the specified permissions are granted for the item identified
+     * by the given tree and optionally property state.
      */
-    boolean isGranted(@Nonnull Tree parent, @Nullable PropertyState property, long permissions);
+    boolean isGranted(@Nonnull Tree tree, @Nullable PropertyState property, long permissions);
 
     /**
+     * Tests if the the specified actions are granted at the given path for
+     * the set of {@code Principal}s associated with this provider instance.
+     * <p>
+     * The {@code jcrActions} parameter is a comma separated list of action
+     * strings such as defined by {@link javax.jcr.Session} and passed to
+     * {@link javax.jcr.Session#hasPermission(String, String)}. When more than one
+     * action is specified in the {@code jcrActions} parameter, this method will
+     * only return {@code true} if all of them are granted on the specified path.
+     * </p>
      *
-     * @param oakPath
-     * @param jcrActions
-     * @return
+     * @param oakPath A valid oak path.
+     * @param jcrActions The JCR actions that should be tested separated by ','
+     * @return {@code true} if all actions are granted at the specified path;
+     * {@code false} otherwise.
      */
     boolean isGranted(@Nonnull String oakPath, @Nonnull String jcrActions);
 }

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/permission/RepositoryPermission.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/permission/RepositoryPermission.java?rev=1572008&r1=1572007&r2=1572008&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/permission/RepositoryPermission.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/permission/RepositoryPermission.java Wed Feb 26 11:07:43 2014
@@ -18,6 +18,8 @@ package org.apache.jackrabbit.oak.spi.se
 
 /**
  * RepositoryPermission... TODO
+ *
+ * @see org.apache.jackrabbit.oak.spi.security.authorization.permission.PermissionProvider#getRepositoryPermission()
  */
 public interface RepositoryPermission {
 
@@ -38,6 +40,9 @@ public interface RepositoryPermission {
      */
     boolean isGranted(long repositoryPermissions);
 
+    /**
+     * {@code RepositoryPermission} instance that always returns {@code false}.
+     */
     RepositoryPermission EMPTY = new RepositoryPermission() {
         @Override
         public boolean isGranted(long repositoryPermissions) {
@@ -45,6 +50,9 @@ public interface RepositoryPermission {
         }
     };
 
+    /**
+     * {@code RepositoryPermission} instance that always returns {@code true}.
+     */
     RepositoryPermission ALL = new RepositoryPermission() {
         @Override
         public boolean isGranted(long repositoryPermissions) {

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/permission/TreePermission.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/permission/TreePermission.java?rev=1572008&r1=1572007&r2=1572008&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/permission/TreePermission.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/permission/TreePermission.java Wed Feb 26 11:07:43 2014
@@ -24,23 +24,90 @@ import org.apache.jackrabbit.oak.spi.sta
 
 /**
  * TreePermission... TODO
+ *
+ * @see PermissionProvider#getTreePermission(org.apache.jackrabbit.oak.api.Tree, TreePermission)
  */
 public interface TreePermission {
 
+    /**
+     * Retrieve the {@code TreePermission} for the tree identified by the specified
+     * {@code childName} and {@code childState}, which is a child of the tree
+     * associated with this instanceof {@code TreePermission}.
+     *
+     * @param childName The oak name of the child.
+     * @param childState The child state.
+     * @return The tree permission for the child tree identified by {@code childName}
+     * and {@code childState}.
+     */
     TreePermission getChildPermission(String childName, NodeState childState);
 
+    /**
+     * Return if read access is granted for the {@code Tree} associated with
+     * this {@code TreePermission} instance.
+     *
+     * @return {@code true} if the tree associated with this instance can be
+     * read; {@code false} otherwise.
+     */
     boolean canRead();
 
+    /**
+     * Return if read access is granted for the property of the {@code Tree} for
+     * which this {@code TreePermission} instance has been created.
+     *
+     * @param property The property to be tested for read access.
+     * @return {@code true} If the specified property can be read; {@code false} otherwise.
+     */
     boolean canRead(@Nonnull PropertyState property);
 
+    /**
+     * Returns {@code true} if read access is granted to the {@code Tree} associated
+     * with this instance and the whole subtree defined by it including all
+     * properties. Note, that this includes access to items which require
+     * specific read permissions such as e.g. {@link Permissions#READ_ACCESS_CONTROL}.
+     *
+     * @return {@code true} if the {@code Tree} associated with this instance as
+     * well as its properties and the whole subtree can be read; {@code false} otherwise.
+     */
     boolean canReadAll();
 
+    /**
+     * Returns {@code true} if all properties of the {@code Tree} associated with
+     * this instance can be read.
+     *
+     * @return {@code true} if all properties of the {@code Tree} associated with
+     * this instance can be read; {@code false} otherwise.
+     */
     boolean canReadProperties();
 
+    /**
+     * Returns {@code true} if all specified permissions are granted on the
+     * {@code Tree} associated with this {@code TreePermission} instance;
+     * {@code false} otherwise.
+     *
+     * @param permissions The permissions to be tested. Note, that the implementation
+     * may restrict the set of valid permissions to those that can be set and
+     * evaluated for trees.
+     * @return {@code true} if all permissions are granted; {@code false} otherwise.
+     */
     boolean isGranted(long permissions);
 
+    /**
+     * Returns {@code true} if all specified permissions are granted on the
+     * {@code PropertyState} associated with this {@code TreePermission} instance;
+     * {@code false} otherwise.
+     *
+     * @param permissions The permissions to be tested. Note, that the implementation
+     * may restrict the set of valid permissions to those that can be set and
+     * evaluated for properties.
+     * @param property The property state for which the permissions must be granted.
+     * @return {@code true} if all permissions are granted; {@code false} otherwise.
+     */
     boolean isGranted(long permissions, @Nonnull PropertyState property);
 
+    /**
+     * {@code TreePermission} which always returns {@code false} not granting
+     * any permissions.
+     */
     TreePermission EMPTY = new TreePermission() {
         @Override
         public TreePermission getChildPermission(String childName, NodeState childState) {
@@ -78,6 +145,10 @@ public interface TreePermission {
         }
     };
 
+    /**
+     * {@code TreePermission} which always returns {@code true} and thus grants
+     * all permissions.
+     */
     TreePermission ALL = new TreePermission() {
         @Override
         public TreePermission getChildPermission(String childName, NodeState childState) {

Modified: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/OakBaseTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/OakBaseTest.java?rev=1572008&r1=1572007&r2=1572008&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/OakBaseTest.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/OakBaseTest.java Wed Feb 26 11:07:43 2014
@@ -28,9 +28,6 @@ import org.junit.Before;
 import org.junit.runner.RunWith;
 import org.junit.runners.Parameterized;
 
-/**
- * OakBaseTest... TODO
- */
 @RunWith(Parameterized.class)
 public abstract class OakBaseTest {