You are viewing a plain text version of this content. The canonical link for it is here.
Posted to oak-commits@jackrabbit.apache.org by an...@apache.org on 2014/02/26 12:07:43 UTC
svn commit: r1572008 - in /jackrabbit/oak/trunk/oak-core/src:
main/java/org/apache/jackrabbit/oak/spi/commit/
main/java/org/apache/jackrabbit/oak/spi/security/authorization/permission/
test/java/org/apache/jackrabbit/oak/
Author: angela
Date: Wed Feb 26 11:07:43 2014
New Revision: 1572008
URL: http://svn.apache.org/r1572008
Log:
javadoc, minor improvement
Modified:
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/commit/MoveTracker.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/permission/OpenPermissionProvider.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/permission/PermissionProvider.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/permission/RepositoryPermission.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/permission/TreePermission.java
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/OakBaseTest.java
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/commit/MoveTracker.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/commit/MoveTracker.java?rev=1572008&r1=1572007&r2=1572008&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/commit/MoveTracker.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/commit/MoveTracker.java Wed Feb 26 11:07:43 2014
@@ -29,7 +29,8 @@ import org.apache.jackrabbit.oak.commons
import org.apache.jackrabbit.util.Text;
/**
- * MoveTracker... TODO
+ * Utility to keep track of the move operations that are performed between two
+ * calls to {@link org.apache.jackrabbit.oak.api.Root#commit}.
*/
public class MoveTracker {
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/permission/OpenPermissionProvider.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/permission/OpenPermissionProvider.java?rev=1572008&r1=1572007&r2=1572008&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/permission/OpenPermissionProvider.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/permission/OpenPermissionProvider.java Wed Feb 26 11:07:43 2014
@@ -66,7 +66,7 @@ public final class OpenPermissionProvide
}
@Override
- public boolean isGranted(@Nonnull Tree parent, @Nullable PropertyState property, long permissions) {
+ public boolean isGranted(@Nonnull Tree tree, @Nullable PropertyState property, long permissions) {
return true;
}
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/permission/PermissionProvider.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/permission/PermissionProvider.java?rev=1572008&r1=1572007&r2=1572008&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/permission/PermissionProvider.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/permission/PermissionProvider.java Wed Feb 26 11:07:43 2014
@@ -24,49 +24,98 @@ import org.apache.jackrabbit.oak.api.Pro
import org.apache.jackrabbit.oak.api.Tree;
/**
- * PermissionProvider... TODO
+ * TODO
+ *
+ * @see org.apache.jackrabbit.oak.spi.security.authorization.AuthorizationConfiguration#getPermissionProvider(org.apache.jackrabbit.oak.api.Root, String, java.util.Set)
*/
public interface PermissionProvider {
/**
- *
+ * Refresh this {@code PermissionProvider}. The implementation is expected
+ * to subsequently return permission evaluation results that reflect the
+ * most recent revision of the repository.
*/
void refresh();
/**
+ * Returns the set of privilege names which are granted to the set of
+ * {@code Principal}s associated with this provider instance for the
+ * specified {@code Tree}.
*
- * @param tree
+ * @param tree The {@code tree} for which the privileges should be retrieved.
* @return
*/
@Nonnull
Set<String> getPrivileges(@Nullable Tree tree);
/**
+ * Returns whether the principal set associated with this {@code PrivilegeManager}
+ * is granted the privileges identified by the specified privilege names
+ * for the given {@code tree}. In order to test for privileges being granted
+ * on a repository level rather than on a particular tree a {@code null} tree
+ * should be passed to this method.
*
- * @param tree
- * @param privilegeNames
- * @return
+ * <p>
+ * Testing a name identifying an aggregate privilege is equivalent to testing
+ * each non aggregate privilege name.
+ * </p>
+ *
+ * @param tree The tree to test for privileges being granted.
+ * @param privilegeNames The name of the privileges.
+ * @return {@code true} if all privileges are granted; {@code false} otherwise.
*/
boolean hasPrivileges(@Nullable Tree tree, @Nonnull String... privilegeNames);
+ /**
+ * Return the {@code RepositoryPermission} for the set of {@code Principal}s
+ * associated with this provider instance.
+ *
+ * @return The {@link org.apache.jackrabbit.oak.spi.security.authorization.permission.RepositoryPermission}
+ * for the set of {@code Principal}s this provider instance has been created for.
+ */
RepositoryPermission getRepositoryPermission();
+ /**
+ * Return the {@coe TreePermission} for the set of {@code Principal}s associated
+ * with this provider at the specified {@code tree}.
+ *
+ * @param tree The tree for which the {@code TreePermission} object should be built.
+ * @param parentPermission The {@code TreePermission} object that has been
+ * obtained before for the parent tree.
+ * @return The {@code TreePermission} object for the specified {@code tree}.
+ */
TreePermission getTreePermission(@Nonnull Tree tree, @Nonnull TreePermission parentPermission);
/**
+ * Test if the specified permissions are granted for the set of {@code Principal}s
+ * associated with this provider instance for the item identified by the
+ * given tree and optionally property. This method will only return {@code true}
+ * if all permissions are granted.
*
- * @param parent
- * @param property
- * @param permissions
- * @return
+ * @param tree The {@code Tree} to test the permissions for.
+ * @param property A {@code PropertyState} if the item to test is a property
+ * or {@code null} if the item is a {@code Tree}.
+ * @param permissions The permissions to be tested.
+ * @return {@code true} if the specified permissions are granted for the item identified
+ * by the given tree and optionally property state.
*/
- boolean isGranted(@Nonnull Tree parent, @Nullable PropertyState property, long permissions);
+ boolean isGranted(@Nonnull Tree tree, @Nullable PropertyState property, long permissions);
/**
+ * Tests if the the specified actions are granted at the given path for
+ * the set of {@code Principal}s associated with this provider instance.
+ * <p>
+ * The {@code jcrActions} parameter is a comma separated list of action
+ * strings such as defined by {@link javax.jcr.Session} and passed to
+ * {@link javax.jcr.Session#hasPermission(String, String)}. When more than one
+ * action is specified in the {@code jcrActions} parameter, this method will
+ * only return {@code true} if all of them are granted on the specified path.
+ * </p>
*
- * @param oakPath
- * @param jcrActions
- * @return
+ * @param oakPath A valid oak path.
+ * @param jcrActions The JCR actions that should be tested separated by ','
+ * @return {@code true} if all actions are granted at the specified path;
+ * {@code false} otherwise.
*/
boolean isGranted(@Nonnull String oakPath, @Nonnull String jcrActions);
}
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/permission/RepositoryPermission.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/permission/RepositoryPermission.java?rev=1572008&r1=1572007&r2=1572008&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/permission/RepositoryPermission.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/permission/RepositoryPermission.java Wed Feb 26 11:07:43 2014
@@ -18,6 +18,8 @@ package org.apache.jackrabbit.oak.spi.se
/**
* RepositoryPermission... TODO
+ *
+ * @see org.apache.jackrabbit.oak.spi.security.authorization.permission.PermissionProvider#getRepositoryPermission()
*/
public interface RepositoryPermission {
@@ -38,6 +40,9 @@ public interface RepositoryPermission {
*/
boolean isGranted(long repositoryPermissions);
+ /**
+ * {@code RepositoryPermission} instance that always returns {@code false}.
+ */
RepositoryPermission EMPTY = new RepositoryPermission() {
@Override
public boolean isGranted(long repositoryPermissions) {
@@ -45,6 +50,9 @@ public interface RepositoryPermission {
}
};
+ /**
+ * {@code RepositoryPermission} instance that always returns {@code true}.
+ */
RepositoryPermission ALL = new RepositoryPermission() {
@Override
public boolean isGranted(long repositoryPermissions) {
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/permission/TreePermission.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/permission/TreePermission.java?rev=1572008&r1=1572007&r2=1572008&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/permission/TreePermission.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/permission/TreePermission.java Wed Feb 26 11:07:43 2014
@@ -24,23 +24,90 @@ import org.apache.jackrabbit.oak.spi.sta
/**
* TreePermission... TODO
+ *
+ * @see PermissionProvider#getTreePermission(org.apache.jackrabbit.oak.api.Tree, TreePermission)
*/
public interface TreePermission {
+ /**
+ * Retrieve the {@code TreePermission} for the tree identified by the specified
+ * {@code childName} and {@code childState}, which is a child of the tree
+ * associated with this instanceof {@code TreePermission}.
+ *
+ * @param childName The oak name of the child.
+ * @param childState The child state.
+ * @return The tree permission for the child tree identified by {@code childName}
+ * and {@code childState}.
+ */
TreePermission getChildPermission(String childName, NodeState childState);
+ /**
+ * Return if read access is granted for the {@code Tree} associated with
+ * this {@code TreePermission} instance.
+ *
+ * @return {@code true} if the tree associated with this instance can be
+ * read; {@code false} otherwise.
+ */
boolean canRead();
+ /**
+ * Return if read access is granted for the property of the {@code Tree} for
+ * which this {@code TreePermission} instance has been created.
+ *
+ * @param property The property to be tested for read access.
+ * @return {@code true} If the specified property can be read; {@code false} otherwise.
+ */
boolean canRead(@Nonnull PropertyState property);
+ /**
+ * Returns {@code true} if read access is granted to the {@code Tree} associated
+ * with this instance and the whole subtree defined by it including all
+ * properties. Note, that this includes access to items which require
+ * specific read permissions such as e.g. {@link Permissions#READ_ACCESS_CONTROL}.
+ *
+ * @return {@code true} if the {@code Tree} associated with this instance as
+ * well as its properties and the whole subtree can be read; {@code false} otherwise.
+ */
boolean canReadAll();
+ /**
+ * Returns {@code true} if all properties of the {@code Tree} associated with
+ * this instance can be read.
+ *
+ * @return {@code true} if all properties of the {@code Tree} associated with
+ * this instance can be read; {@code false} otherwise.
+ */
boolean canReadProperties();
+ /**
+ * Returns {@code true} if all specified permissions are granted on the
+ * {@code Tree} associated with this {@code TreePermission} instance;
+ * {@code false} otherwise.
+ *
+ * @param permissions The permissions to be tested. Note, that the implementation
+ * may restrict the set of valid permissions to those that can be set and
+ * evaluated for trees.
+ * @return {@code true} if all permissions are granted; {@code false} otherwise.
+ */
boolean isGranted(long permissions);
+ /**
+ * Returns {@code true} if all specified permissions are granted on the
+ * {@code PropertyState} associated with this {@code TreePermission} instance;
+ * {@code false} otherwise.
+ *
+ * @param permissions The permissions to be tested. Note, that the implementation
+ * may restrict the set of valid permissions to those that can be set and
+ * evaluated for properties.
+ * @param property The property state for which the permissions must be granted.
+ * @return {@code true} if all permissions are granted; {@code false} otherwise.
+ */
boolean isGranted(long permissions, @Nonnull PropertyState property);
+ /**
+ * {@code TreePermission} which always returns {@code false} not granting
+ * any permissions.
+ */
TreePermission EMPTY = new TreePermission() {
@Override
public TreePermission getChildPermission(String childName, NodeState childState) {
@@ -78,6 +145,10 @@ public interface TreePermission {
}
};
+ /**
+ * {@code TreePermission} which always returns {@code true} and thus grants
+ * all permissions.
+ */
TreePermission ALL = new TreePermission() {
@Override
public TreePermission getChildPermission(String childName, NodeState childState) {
Modified: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/OakBaseTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/OakBaseTest.java?rev=1572008&r1=1572007&r2=1572008&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/OakBaseTest.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/OakBaseTest.java Wed Feb 26 11:07:43 2014
@@ -28,9 +28,6 @@ import org.junit.Before;
import org.junit.runner.RunWith;
import org.junit.runners.Parameterized;
-/**
- * OakBaseTest... TODO
- */
@RunWith(Parameterized.class)
public abstract class OakBaseTest {