You are viewing a plain text version of this content. The canonical link for it is here.
Posted to oak-commits@jackrabbit.apache.org by an...@apache.org on 2012/09/26 12:26:57 UTC
svn commit: r1390378 - in
/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user:
MembershipProviderImpl.java UserProviderImpl.java
Author: angela
Date: Wed Sep 26 10:26:56 2012
New Revision: 1390378
URL: http://svn.apache.org/viewvc?rev=1390378&view=rev
Log:
OAK-50 : Implement User Management (WIP)
Modified:
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/MembershipProviderImpl.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserProviderImpl.java
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/MembershipProviderImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/MembershipProviderImpl.java?rev=1390378&r1=1390377&r2=1390378&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/MembershipProviderImpl.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/MembershipProviderImpl.java Wed Sep 26 10:26:56 2012
@@ -271,7 +271,11 @@ public class MembershipProviderImpl exte
@Override
public Iterator<String> next() {
String memberPath = declaredMembers.next();
- return Iterators.concat(Iterators.singletonIterator(memberPath), inherited(memberPath));
+ if (memberPath == null) {
+ return Iterators.emptyIterator();
+ } else {
+ return Iterators.concat(Iterators.singletonIterator(memberPath), inherited(memberPath));
+ }
}
@Override
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserProviderImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserProviderImpl.java?rev=1390378&r1=1390377&r2=1390378&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserProviderImpl.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserProviderImpl.java Wed Sep 26 10:26:56 2012
@@ -201,8 +201,11 @@ class UserProviderImpl extends Authoriza
// index as well.
try {
CoreValue bindValue = valueFactory.createValue(principal.getName());
- String stmt = "SELECT * FROM [rep:Authorizable] WHERE [rep:principalName] = $principalName";
- Result result = queryEngine.executeQuery(stmt,
+ StringBuilder stmt = new StringBuilder();
+ stmt.append("SELECT * FROM [").append(UserConstants.NT_REP_AUTHORIZABLE).append(']');
+ stmt.append("WHERE [").append(UserConstants.REP_PRINCIPAL_NAME).append("] = $principalName");
+
+ Result result = queryEngine.executeQuery(stmt.toString(),
Query.JCR_SQL2, 1, 0,
Collections.singletonMap("principalName", bindValue),
root, new NamePathMapper.Default());
@@ -213,16 +216,16 @@ class UserProviderImpl extends Authoriza
return root.getTree(path);
}
} catch (ParseException ex) {
- log.error("query failed", ex);
+ log.error("Failed to retrieve authorizable by principal", ex);
}
return null;
}
@Override
- public String getAuthorizableId(Tree authorizableTree, Type authorizableType) {
+ public String getAuthorizableId(Tree authorizableTree) {
checkNotNull(authorizableTree);
- if (isAuthorizableTree(authorizableTree, authorizableType)) {
+ if (isAuthorizableTree(authorizableTree, Type.AUTHORIZABLE)) {
PropertyState idProp = authorizableTree.getProperty(UserConstants.REP_AUTHORIZABLE_ID);
if (idProp != null) {
return idProp.getValue().getString();
@@ -247,7 +250,7 @@ class UserProviderImpl extends Authoriza
@Override
public boolean isAdminUser(Tree userTree) {
checkNotNull(userTree);
- return adminId.equals(getAuthorizableId(userTree, Type.USER));
+ return adminId.equals(getAuthorizableId(userTree));
}
@Override
@@ -316,11 +319,18 @@ class UserProviderImpl extends Authoriza
} else {
folder = new NodeUtil(authTree, valueFactory);
}
- String folderPath = getFolderPath(authorizableId, intermediatePath);
+
+ // verification of hierarchy and node types is delegated to UserValidator upon commit
+ String folderPath = getFolderPath(authorizableId, intermediatePath, authRoot);
String[] segmts = Text.explode(folderPath, '/', false);
for (String segment : segmts) {
- folder = folder.getOrAddChild(segment, NT_REP_AUTHORIZABLE_FOLDER);
- // verification of node type is delegated to UserValidator upon commit
+ if (".".equals(segment)) {
+ // nothing to do
+ } else if ("..".equals(segment)) {
+ folder = folder.getParent();
+ } else {
+ folder = folder.getOrAddChild(segment, NT_REP_AUTHORIZABLE_FOLDER);
+ }
}
// test for colliding folder child node.
@@ -337,12 +347,18 @@ class UserProviderImpl extends Authoriza
}
}
- // note: verification that user/group is created underneath the configured
- // tree is delegated to UserValidator
return folder;
}
- private String getFolderPath(String authorizableId, String intermediatePath) {
+ private String getFolderPath(String authorizableId, String intermediatePath, String authRoot) throws ConstraintViolationException {
+ if (intermediatePath != null && intermediatePath.charAt(0) == '/') {
+ if (!intermediatePath.startsWith(authRoot)) {
+ throw new ConstraintViolationException("Attempt to create authorizable outside of configured tree");
+ } else {
+ intermediatePath = intermediatePath.substring(authRoot.length()+1);
+ }
+ }
+
StringBuilder sb = new StringBuilder();
if (intermediatePath != null && !intermediatePath.isEmpty()) {
sb.append(intermediatePath);