You are viewing a plain text version of this content. The canonical link for it is here.
Posted to oak-commits@jackrabbit.apache.org by an...@apache.org on 2013/07/25 15:01:20 UTC
svn commit: r1506949 - in /jackrabbit/oak/trunk/oak-jcr: pom.xml
src/main/java/org/apache/jackrabbit/oak/jcr/SessionImpl.java
Author: angela
Date: Thu Jul 25 13:01:20 2013
New Revision: 1506949
URL: http://svn.apache.org/r1506949
Log:
OAK-933 : Implement Session#hasCapability
Modified:
jackrabbit/oak/trunk/oak-jcr/pom.xml
jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/SessionImpl.java
Modified: jackrabbit/oak/trunk/oak-jcr/pom.xml
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-jcr/pom.xml?rev=1506949&r1=1506948&r2=1506949&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-jcr/pom.xml (original)
+++ jackrabbit/oak/trunk/oak-jcr/pom.xml Thu Jul 25 13:01:20 2013
@@ -38,7 +38,6 @@
org.apache.jackrabbit.test.api.AddNodeTest#testSameNameSiblings <!-- OAK-203 -->
org.apache.jackrabbit.test.api.SessionTest#testMoveConstraintViolationExceptionSrc <!-- OAK-132 -->
org.apache.jackrabbit.test.api.SessionTest#testMoveConstraintViolationExceptionDest <!-- OAK-132 -->
- org.apache.jackrabbit.test.api.SessionTest#testHasCapability
org.apache.jackrabbit.test.api.SessionTest#testMoveLockException
org.apache.jackrabbit.test.api.SessionUUIDTest#testSaveReferentialIntegrityException <!-- OAK-66 -->
org.apache.jackrabbit.test.api.NodeTest#testRefreshInvalidItemStateException <!-- OAK-141 -->
Modified: jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/SessionImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/SessionImpl.java?rev=1506949&r1=1506948&r2=1506949&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/SessionImpl.java (original)
+++ jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/SessionImpl.java Thu Jul 25 13:01:20 2013
@@ -49,15 +49,17 @@ import org.apache.jackrabbit.commons.xml
import org.apache.jackrabbit.commons.xml.ParsingContentHandler;
import org.apache.jackrabbit.commons.xml.SystemViewExporter;
import org.apache.jackrabbit.commons.xml.ToXmlContentHandler;
+import org.apache.jackrabbit.oak.api.Tree;
import org.apache.jackrabbit.oak.commons.PathUtils;
import org.apache.jackrabbit.oak.jcr.delegate.ItemDelegate;
import org.apache.jackrabbit.oak.jcr.delegate.NodeDelegate;
import org.apache.jackrabbit.oak.jcr.delegate.PropertyDelegate;
import org.apache.jackrabbit.oak.jcr.delegate.SessionDelegate;
import org.apache.jackrabbit.oak.jcr.operation.SessionOperation;
+import org.apache.jackrabbit.oak.jcr.security.AccessManager;
import org.apache.jackrabbit.oak.jcr.xml.ImportHandler;
import org.apache.jackrabbit.oak.spi.security.authentication.ImpersonationCredentials;
-import org.apache.jackrabbit.oak.util.TODO;
+import org.apache.jackrabbit.oak.spi.security.authorization.permission.Permissions;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.xml.sax.ContentHandler;
@@ -589,8 +591,59 @@ public class SessionImpl implements Jack
public boolean hasCapability(String methodName, Object target, Object[] arguments) throws RepositoryException {
sd.checkAlive();
- // TODO
- return TODO.unimplemented().returnValue(false);
+ if (target instanceof ItemImpl) {
+ ItemDelegate dlg = ((ItemImpl) target).dlg;
+ if (dlg.isProtected()) {
+ return false;
+ }
+
+ boolean isNode = ((ItemImpl) target).isNode();
+ Node parent = (isNode) ? (Node) target : ((ItemImpl) target).getParent();
+ if (!parent.isCheckedOut()) {
+ return false;
+ }
+ if (parent.isLocked()) {
+ return false;
+ }
+
+ AccessManager accessMgr = sessionContext.getAccessManager();
+ long permission = Permissions.NO_PERMISSION;
+ if (isNode) {
+ Tree tree = ((NodeDelegate) dlg).getTree();
+ if ("addNode".equals(methodName)) {
+ if (arguments != null && arguments.length > 0) {
+ // add-node needs to be checked on the (path of) the
+ // new node that has/will be added
+ String path = PathUtils.concat(tree.getPath(), sessionContext.getOakName(arguments[0].toString()));
+ return accessMgr.hasPermissions(path, Session.ACTION_ADD_NODE);
+ }
+ } else if ("setPrimaryType".equals(methodName) || "addMixin".equals(methodName) || "removeMixin".equals(methodName)) {
+ permission = Permissions.NODE_TYPE_MANAGEMENT;
+ } else if ("orderBefore".equals(methodName)) {
+ if (tree.isRoot()) {
+ return false;
+ } else {
+ permission = Permissions.MODIFY_CHILD_NODE_COLLECTION;
+ tree = tree.getParent();
+ }
+ } else if ("setProperty".equals(methodName)) {
+ permission = Permissions.ADD_PROPERTY;
+ } else if ("remove".equals(methodName)) {
+ permission = Permissions.REMOVE_NODE;
+ }
+ return accessMgr.hasPermissions(tree, null, permission);
+ } else {
+ if (methodName.equals("setValue")) {
+ permission = Permissions.MODIFY_PROPERTY;
+ } else if ("remove".equals(methodName)) {
+ permission = Permissions.REMOVE_PROPERTY;
+ }
+ Tree tree = dlg.getParent().getTree();
+ return accessMgr.hasPermissions(tree, ((PropertyDelegate) dlg).getPropertyState(), permission);
+ }
+ }
+ // TODO: add more best-effort checks
+ return true;
}
@Override