You are viewing a plain text version of this content. The canonical link for it is here.
Posted to oak-commits@jackrabbit.apache.org by an...@apache.org on 2014/02/05 10:08:51 UTC
svn commit: r1564684 - in /jackrabbit/oak/trunk/oak-core/src:
main/java/org/apache/jackrabbit/oak/core/
main/java/org/apache/jackrabbit/oak/security/authorization/permission/
test/java/org/apache/jackrabbit/oak/core/
test/java/org/apache/jackrabbit/oak...
Author: angela
Date: Wed Feb 5 09:08:50 2014
New Revision: 1564684
URL: http://svn.apache.org/r1564684
Log:
OAK-1386 : Move tree type to permission implementation
Added:
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/TreeTypeProvider.java (with props)
Removed:
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/core/TreeTypeProvider.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/core/TreeTypeProviderImpl.java
Modified:
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/core/ImmutableRoot.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/core/ImmutableTree.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/core/SecureNodeBuilder.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/CompiledPermissionImpl.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/MoveAwarePermissionValidator.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionProviderImpl.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionUtil.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionValidator.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionValidatorProvider.java
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/core/ImmutableRootTest.java
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/core/ImmutableTreeTest.java
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/permission/AllPermissionsTest.java
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionProviderImplTest.java
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionStoreTest.java
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/core/ImmutableRoot.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/core/ImmutableRoot.java?rev=1564684&r1=1564683&r2=1564684&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/core/ImmutableRoot.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/core/ImmutableRoot.java Wed Feb 5 09:08:50 2014
@@ -49,9 +49,9 @@ public final class ImmutableRoot impleme
this(new ImmutableTree(rootState));
}
- public ImmutableRoot(@Nonnull Root root, @Nonnull TreeTypeProvider typeProvider) {
+ public ImmutableRoot(@Nonnull Root root) {
if (root instanceof AbstractRoot) {
- rootTree = new ImmutableTree(((AbstractRoot) root).getBaseState(), typeProvider);
+ rootTree = new ImmutableTree(((AbstractRoot) root).getBaseState());
} else if (root instanceof ImmutableRoot) {
rootTree = ((ImmutableRoot) root).getTree("/");
} else {
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/core/ImmutableTree.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/core/ImmutableTree.java?rev=1564684&r1=1564683&r2=1564684&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/core/ImmutableTree.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/core/ImmutableTree.java Wed Feb 5 09:08:50 2014
@@ -21,7 +21,6 @@ import javax.annotation.Nonnull;
import com.google.common.base.Objects;
import org.apache.jackrabbit.oak.api.PropertyState;
-import org.apache.jackrabbit.oak.api.Root;
import org.apache.jackrabbit.oak.api.Tree;
import org.apache.jackrabbit.oak.api.Type;
import org.apache.jackrabbit.oak.spi.state.NodeState;
@@ -61,23 +60,6 @@ import org.apache.jackrabbit.oak.spi.sta
* upon hierarchy related methods like {@link #getParent()}, {@link #getPath()}</li>
* </ul>
*
- * <h3>TreeTypeProvider</h3>
- * For optimization purpose an Immutable tree will be associated with a
- * {@code TreeTypeProvider} that allows for fast detection of the following types
- * of Trees:
- *
- * <ul>
- * <li>{@link TreeTypeProvider#TYPE_HIDDEN}: a hidden tree whose name starts with ":".
- * Please note that the whole subtree of a hidden node is considered hidden.</li>
- * <li>{@link TreeTypeProvider#TYPE_AC}: A tree that stores access control content
- * and requires special access {@link org.apache.jackrabbit.oak.spi.security.authorization.permission.Permissions#READ_ACCESS_CONTROL permissions}.</li>
- * <li>{@link TreeTypeProvider#TYPE_VERSION}: if a given tree is located within
- * any of the version related stores defined by JSR 283. Depending on the
- * permission evaluation implementation those items require special treatment.</li>
- * <li>{@link TreeTypeProvider#TYPE_DEFAULT}: the default type for trees that don't
- * match any of the upper types.</li>
- * </ul>
- *
* <h3>Equality and hash code</h3>
* In contrast to {@link MutableTree} the {@code ImmutableTree} implements
* {@link Object#equals(Object)} and {@link Object#hashCode()}: Two {@code ImmutableTree}s
@@ -93,33 +75,21 @@ public final class ImmutableTree extends
private final NodeState state;
private final ParentProvider parentProvider;
- private final TreeTypeProvider typeProvider;
private String path;
- private int type = TreeTypeProvider.TYPE_NONE;
public ImmutableTree(@Nonnull NodeState rootState) {
- this(ParentProvider.ROOT_PROVIDER, "", rootState, TreeTypeProvider.EMPTY);
- }
-
- public ImmutableTree(@Nonnull NodeState rootState, @Nonnull TreeTypeProvider typeProvider) {
- this(ParentProvider.ROOT_PROVIDER, "", rootState, typeProvider);
+ this(ParentProvider.ROOT_PROVIDER, "", rootState);
}
public ImmutableTree(@Nonnull ImmutableTree parent, @Nonnull String name, @Nonnull NodeState state) {
- this(new DefaultParentProvider(parent), name, state, parent.typeProvider);
+ this(new DefaultParentProvider(parent), name, state);
}
public ImmutableTree(@Nonnull ParentProvider parentProvider, @Nonnull String name, @Nonnull NodeState state) {
- this(parentProvider, name, state, TreeTypeProvider.EMPTY);
- }
-
- public ImmutableTree(@Nonnull ParentProvider parentProvider, @Nonnull String name,
- @Nonnull NodeState state, @Nonnull TreeTypeProvider typeProvider) {
super(name, new ReadOnlyBuilder(state));
this.state = state;
this.parentProvider = parentProvider;
- this.typeProvider = typeProvider;
}
@Override
@@ -242,15 +212,6 @@ public final class ImmutableTree extends
//--------------------------------------------------------------------------
- public int getType() {
- if (type == TreeTypeProvider.TYPE_NONE) {
- type = typeProvider.getType(this);
- }
- return type;
- }
-
- //--------------------------------------------------------------------------
-
public interface ParentProvider {
ParentProvider UNSUPPORTED = new ParentProvider() {
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/core/SecureNodeBuilder.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/core/SecureNodeBuilder.java?rev=1564684&r1=1564683&r2=1564684&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/core/SecureNodeBuilder.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/core/SecureNodeBuilder.java Wed Feb 5 09:08:50 2014
@@ -382,7 +382,7 @@ class SecureNodeBuilder implements NodeB
|| rootPermission != rootBuilder.treePermission) {
NodeState base = builder.getBaseState();
if (parent == null) {
- ImmutableTree baseTree = new ImmutableTree(base, new TreeTypeProviderImpl(acContext));
+ ImmutableTree baseTree = new ImmutableTree(base);
treePermission = permissionProvider.get().getTreePermission(baseTree, TreePermission.EMPTY);
rootPermission = treePermission;
} else {
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/CompiledPermissionImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/CompiledPermissionImpl.java?rev=1564684&r1=1564683&r2=1564684&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/CompiledPermissionImpl.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/CompiledPermissionImpl.java Wed Feb 5 09:08:50 2014
@@ -37,7 +37,6 @@ import org.apache.jackrabbit.oak.api.Typ
import org.apache.jackrabbit.oak.commons.PathUtils;
import org.apache.jackrabbit.oak.core.ImmutableRoot;
import org.apache.jackrabbit.oak.core.ImmutableTree;
-import org.apache.jackrabbit.oak.core.TreeTypeProvider;
import org.apache.jackrabbit.oak.plugins.identifier.IdentifierManager;
import org.apache.jackrabbit.oak.plugins.version.VersionConstants;
import org.apache.jackrabbit.oak.spi.security.authorization.AuthorizationConfiguration;
@@ -59,6 +58,7 @@ import com.google.common.collect.Immutab
import com.google.common.collect.Iterators;
import static com.google.common.collect.Iterators.concat;
+import static org.apache.jackrabbit.oak.spi.security.authorization.permission.TreePermission.*;
/**
* TODO: WIP
@@ -86,15 +86,18 @@ final class CompiledPermissionImpl imple
private PrivilegeBitsProvider bitsProvider;
+ private final TreeTypeProvider typeProvider;
+
private CompiledPermissionImpl(@Nonnull PermissionEntryCache.Local cache,
@Nonnull Set<Principal> principals,
@Nonnull ImmutableRoot root, @Nonnull String workspaceName,
@Nonnull RestrictionProvider restrictionProvider,
- @Nonnull Set<String> readPaths) {
+ @Nonnull AuthorizationConfiguration acConfig) {
this.root = root;
this.workspaceName = workspaceName;
bitsProvider = new PrivilegeBitsProvider(root);
+ Set<String> readPaths = acConfig.getParameters().getConfigValue(PARAM_READ_PATHS, DEFAULT_READ_PATHS);
readPolicy = (readPaths.isEmpty()) ? EmptyReadPolicy.INSTANCE : new DefaultReadPolicy(readPaths);
// setup
@@ -111,6 +114,8 @@ final class CompiledPermissionImpl imple
userStore = new PermissionEntryProviderImpl(store, cache, userNames);
groupStore = new PermissionEntryProviderImpl(store, cache, groupNames);
+
+ typeProvider = new TreeTypeProvider(acConfig.getContext());
}
static CompiledPermissions create(@Nonnull ImmutableRoot root, @Nonnull String workspaceName,
@@ -121,8 +126,7 @@ final class CompiledPermissionImpl imple
if (!permissionsTree.exists() || principals.isEmpty()) {
return NoPermissions.getInstance();
} else {
- Set<String> readPaths = acConfig.getParameters().getConfigValue(PARAM_READ_PATHS, DEFAULT_READ_PATHS);
- return new CompiledPermissionImpl(cache, principals, root, workspaceName, acConfig.getRestrictionProvider(), readPaths);
+ return new CompiledPermissionImpl(cache, principals, root, workspaceName, acConfig.getRestrictionProvider(), acConfig);
}
}
@@ -149,17 +153,18 @@ final class CompiledPermissionImpl imple
@Override
public TreePermission getTreePermission(@Nonnull ImmutableTree tree, @Nonnull TreePermission parentPermission) {
if (tree.isRoot()) {
- return new TreePermissionImpl(tree, TreeTypeProvider.TYPE_DEFAULT, TreePermission.EMPTY);
+ return new TreePermissionImpl(tree, TreeTypeProvider.TYPE_DEFAULT, EMPTY);
}
- int type = PermissionUtil.getType(tree, null);
+ int parentType = getParentType(parentPermission);
+ int type = typeProvider.getType(tree, parentType);
switch (type) {
case TreeTypeProvider.TYPE_HIDDEN:
// TODO: OAK-753 decide on where to filter out hidden items.
- return TreePermission.ALL;
+ return ALL;
case TreeTypeProvider.TYPE_VERSION:
String ntName = TreeUtil.getPrimaryTypeName(tree);
if (ntName == null) {
- return TreePermission.EMPTY;
+ return EMPTY;
}
if (VersionConstants.VERSION_STORE_NT_NAMES.contains(ntName) || VersionConstants.NT_ACTIVITY.equals(ntName)) {
return new TreePermissionImpl(tree, TreeTypeProvider.TYPE_VERSION, parentPermission);
@@ -167,7 +172,7 @@ final class CompiledPermissionImpl imple
ImmutableTree versionableTree = getVersionableTree(tree);
if (versionableTree == null) {
log.warn("Cannot retrieve versionable node for " + tree.getPath());
- return TreePermission.EMPTY;
+ return EMPTY;
} else {
// TODO: may return wrong results in case of restrictions
// TODO that would match the path of the versionable node
@@ -181,7 +186,7 @@ final class CompiledPermissionImpl imple
}
}
case TreeTypeProvider.TYPE_INTERNAL:
- return TreePermission.EMPTY;
+ return EMPTY;
default:
return new TreePermissionImpl(tree, type, parentPermission);
}
@@ -196,7 +201,7 @@ final class CompiledPermissionImpl imple
trees.add(0, tree);
}
}
- TreePermission pp = TreePermission.EMPTY;
+ TreePermission pp = EMPTY;
for (ImmutableTree tr : trees) {
pp = new TreePermissionImpl(tr, type, pp);
}
@@ -205,7 +210,7 @@ final class CompiledPermissionImpl imple
@Override
public boolean isGranted(@Nonnull ImmutableTree tree, @Nullable PropertyState property, long permissions) {
- int type = PermissionUtil.getType(tree, property);
+ int type = typeProvider.getType(tree);
switch (type) {
case TreeTypeProvider.TYPE_HIDDEN:
// TODO: OAK-753 decide on where to filter out hidden items.
@@ -322,8 +327,9 @@ final class CompiledPermissionImpl imple
return (allows | ~permissions) == -1;
}
- @Nonnull PrivilegeBits internalGetPrivileges(@Nullable ImmutableTree tree) {
- int type = (tree == null) ? TreeTypeProvider.TYPE_DEFAULT : PermissionUtil.getType(tree, null);
+ @Nonnull
+ private PrivilegeBits internalGetPrivileges(@Nullable ImmutableTree tree) {
+ int type = (tree == null) ? TreeTypeProvider.TYPE_DEFAULT : typeProvider.getType(tree);
switch (type) {
case TreeTypeProvider.TYPE_HIDDEN:
return PrivilegeBits.EMPTY;
@@ -416,12 +422,22 @@ final class CompiledPermissionImpl imple
return versionStoreTree;
}
+ private static int getParentType(@Nonnull TreePermission parentPermission) {
+ if (parentPermission instanceof TreePermissionImpl) {
+ return ((TreePermissionImpl) parentPermission).type;
+ } else if (parentPermission == TreePermission.EMPTY) {
+ return TreeTypeProvider.TYPE_DEFAULT;
+ } else {
+ throw new IllegalArgumentException("Illegal TreePermission implementation.");
+ }
+ }
+
private final class TreePermissionImpl implements TreePermission {
private final ImmutableTree tree;
private final TreePermissionImpl parent;
- private final boolean isAcTree;
+ private final int type;
private final boolean readableTree;
private Collection<PermissionEntry> userEntries;
@@ -438,7 +454,7 @@ final class CompiledPermissionImpl imple
parent = null;
}
readableTree = readPolicy.isReadableTree(tree, parent);
- isAcTree = (treeType == TreeTypeProvider.TYPE_AC);
+ type = treeType;
}
//-------------------------------------------------< TreePermission >---
@@ -450,6 +466,7 @@ final class CompiledPermissionImpl imple
@Override
public boolean canRead() {
+ boolean isAcTree = isAcTree();
if (!isAcTree && readableTree) {
return true;
}
@@ -476,6 +493,7 @@ final class CompiledPermissionImpl imple
@Override
public boolean canRead(@Nonnull PropertyState property) {
+ boolean isAcTree = isAcTree();
if (!isAcTree && readableTree) {
return true;
}
@@ -535,6 +553,10 @@ final class CompiledPermissionImpl imple
}
return groupEntries.iterator();
}
+
+ private boolean isAcTree() {
+ return type == TreeTypeProvider.TYPE_AC;
+ }
}
private static final class LazyIterator extends AbstractLazyIterator<PermissionEntry> {
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/MoveAwarePermissionValidator.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/MoveAwarePermissionValidator.java?rev=1564684&r1=1564683&r2=1564684&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/MoveAwarePermissionValidator.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/MoveAwarePermissionValidator.java Wed Feb 5 09:08:50 2014
@@ -23,7 +23,6 @@ import org.apache.jackrabbit.oak.api.Com
import org.apache.jackrabbit.oak.api.Tree;
import org.apache.jackrabbit.oak.core.ImmutableRoot;
import org.apache.jackrabbit.oak.core.ImmutableTree;
-import org.apache.jackrabbit.oak.core.TreeTypeProvider;
import org.apache.jackrabbit.oak.spi.commit.EditorDiff;
import org.apache.jackrabbit.oak.spi.commit.MoveTracker;
import org.apache.jackrabbit.oak.spi.commit.Validator;
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionProviderImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionProviderImpl.java?rev=1564684&r1=1564683&r2=1564684&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionProviderImpl.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionProviderImpl.java Wed Feb 5 09:08:50 2014
@@ -28,7 +28,6 @@ import org.apache.jackrabbit.oak.api.Roo
import org.apache.jackrabbit.oak.api.Tree;
import org.apache.jackrabbit.oak.core.ImmutableRoot;
import org.apache.jackrabbit.oak.core.ImmutableTree;
-import org.apache.jackrabbit.oak.core.TreeTypeProviderImpl;
import org.apache.jackrabbit.oak.plugins.version.VersionConstants;
import org.apache.jackrabbit.oak.spi.security.SecurityConfiguration;
import org.apache.jackrabbit.oak.spi.security.authorization.AuthorizationConfiguration;
@@ -146,7 +145,7 @@ public class PermissionProviderImpl impl
if (base instanceof ImmutableRoot) {
return (ImmutableRoot) base;
} else {
- return new ImmutableRoot(base, new TreeTypeProviderImpl(acConfig.getContext()));
+ return new ImmutableRoot(base);
}
}
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionUtil.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionUtil.java?rev=1564684&r1=1564683&r2=1564684&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionUtil.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionUtil.java Wed Feb 5 09:08:50 2014
@@ -87,12 +87,6 @@ public final class PermissionUtil implem
return permissionsTree.getChild(Text.escapeIllegalJcrChars(principalName));
}
- public static int getType(@Nonnull ImmutableTree tree, @Nullable PropertyState property) {
- // TODO: OAK-753 decide on where to filter out hidden items.
- // TODO: deal with hidden properties
- return tree.getType();
- }
-
@CheckForNull
public static String getPath(@Nullable Tree parentBefore, @Nullable Tree parentAfter) {
String path = null;
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionValidator.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionValidator.java?rev=1564684&r1=1564683&r2=1564684&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionValidator.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionValidator.java Wed Feb 5 09:08:50 2014
@@ -27,7 +27,6 @@ import org.apache.jackrabbit.oak.api.Tre
import org.apache.jackrabbit.oak.core.AbstractTree;
import org.apache.jackrabbit.oak.core.ImmutableRoot;
import org.apache.jackrabbit.oak.core.ImmutableTree;
-import org.apache.jackrabbit.oak.core.TreeTypeProvider;
import org.apache.jackrabbit.oak.plugins.lock.LockConstants;
import org.apache.jackrabbit.oak.plugins.nodetype.TypePredicate;
import org.apache.jackrabbit.oak.plugins.version.VersionConstants;
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionValidatorProvider.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionValidatorProvider.java?rev=1564684&r1=1564683&r2=1564684&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionValidatorProvider.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionValidatorProvider.java Wed Feb 5 09:08:50 2014
@@ -22,8 +22,6 @@ import javax.annotation.Nonnull;
import org.apache.jackrabbit.oak.core.ImmutableRoot;
import org.apache.jackrabbit.oak.core.ImmutableTree;
-import org.apache.jackrabbit.oak.core.TreeTypeProvider;
-import org.apache.jackrabbit.oak.core.TreeTypeProviderImpl;
import org.apache.jackrabbit.oak.spi.commit.MoveTracker;
import org.apache.jackrabbit.oak.spi.commit.Validator;
import org.apache.jackrabbit.oak.spi.commit.ValidatorProvider;
@@ -71,11 +69,10 @@ public class PermissionValidatorProvider
@Nonnull
@Override
public Validator getRootValidator(NodeState before, NodeState after) {
- TreeTypeProvider tp = new TreeTypeProviderImpl(getAccessControlContext());
PermissionProvider pp = acConfig.getPermissionProvider(new ImmutableRoot(before), workspaceName, principals);
- ImmutableTree rootBefore = new ImmutableTree(before, tp);
- ImmutableTree rootAfter = new ImmutableTree(after, tp);
+ ImmutableTree rootBefore = new ImmutableTree(before);
+ ImmutableTree rootAfter = new ImmutableTree(after);
if (moveTracker.isEmpty()) {
return new PermissionValidator(rootBefore, rootAfter, pp, this);
} else {
Added: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/TreeTypeProvider.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/TreeTypeProvider.java?rev=1564684&view=auto
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/TreeTypeProvider.java (added)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/TreeTypeProvider.java Wed Feb 5 09:08:50 2014
@@ -0,0 +1,109 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.oak.security.authorization.permission;
+
+import javax.annotation.Nonnull;
+
+import org.apache.jackrabbit.oak.core.ImmutableTree;
+import org.apache.jackrabbit.oak.plugins.version.VersionConstants;
+import org.apache.jackrabbit.oak.spi.security.Context;
+import org.apache.jackrabbit.oak.spi.security.authorization.permission.PermissionConstants;
+import org.apache.jackrabbit.oak.spi.state.NodeStateUtils;
+
+/**
+ * <h3>TreeTypeProvider</h3>
+ * For optimization purpose an Immutable tree will be associated with a
+ * {@code TreeTypeProvider} that allows for fast detection of the following types
+ * of Trees:
+ *
+ * <ul>
+ * <li>{@link #TYPE_HIDDEN}: a hidden tree whose name starts with ":".
+ * Please note that the whole subtree of a hidden node is considered hidden.</li>
+ * <li>{@link #TYPE_AC}: A tree that stores access control content
+ * and requires special access {@link org.apache.jackrabbit.oak.spi.security.authorization.permission.Permissions#READ_ACCESS_CONTROL permissions}.</li>
+ * <li>{@link #TYPE_VERSION}: if a given tree is located within
+ * any of the version related stores defined by JSR 283. Depending on the
+ * permission evaluation implementation those items require special treatment.</li>
+ * <li>{@link #TYPE_DEFAULT}: the default type for trees that don't
+ * match any of the upper types.</li>
+ * </ul>
+ */
+public final class TreeTypeProvider {
+
+ public static final int TYPE_NONE = 0;
+
+ // regular trees
+ public static final int TYPE_DEFAULT = 1;
+ // version store(s) content
+ public static final int TYPE_VERSION = 2;
+ // repository internal content such as e.g. permissions store
+ public static final int TYPE_INTERNAL = 4;
+ // access control content
+ public static final int TYPE_AC = 8;
+ // hidden trees
+ public static final int TYPE_HIDDEN = 16;
+
+ private final Context contextInfo;
+
+ public TreeTypeProvider(@Nonnull Context contextInfo) {
+ this.contextInfo = contextInfo;
+ }
+
+ public int getType(ImmutableTree tree) {
+ if (tree.isRoot()) {
+ return TYPE_DEFAULT;
+ } else {
+ return getType(tree, getType(tree.getParent()));
+ }
+ }
+
+ public int getType(ImmutableTree tree, int parentType) {
+ if (tree.isRoot()) {
+ return TYPE_DEFAULT;
+ }
+
+ int type;
+ switch (parentType) {
+ case TYPE_HIDDEN:
+ type = TYPE_HIDDEN;
+ break;
+ case TYPE_VERSION:
+ type = TYPE_VERSION;
+ break;
+ case TYPE_INTERNAL:
+ type = TYPE_INTERNAL;
+ break;
+ case TYPE_AC:
+ type = TYPE_AC;
+ break;
+ default:
+ String name = tree.getName();
+ if (NodeStateUtils.isHidden(name)) {
+ type = TYPE_HIDDEN;
+ } else if (VersionConstants.VERSION_STORE_ROOT_NAMES.contains(name)) {
+ type = TYPE_VERSION;
+ } else if (PermissionConstants.REP_PERMISSION_STORE.equals(name)) {
+ type = TYPE_INTERNAL;
+ } else if (contextInfo.definesContextRoot(tree)) {
+ type = TYPE_AC;
+ } else {
+ type = TYPE_DEFAULT;
+ }
+ }
+ return type;
+ }
+}
Propchange: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/TreeTypeProvider.java
------------------------------------------------------------------------------
svn:eol-style = native
Modified: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/core/ImmutableRootTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/core/ImmutableRootTest.java?rev=1564684&r1=1564683&r2=1564684&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/core/ImmutableRootTest.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/core/ImmutableRootTest.java Wed Feb 5 09:08:50 2014
@@ -51,7 +51,7 @@ public class ImmutableRootTest extends O
root.commit();
// Acquire a fresh new root to avoid problems from lingering state
- this.root = new ImmutableRoot(session.getLatestRoot(), TreeTypeProvider.EMPTY);
+ this.root = new ImmutableRoot(session.getLatestRoot());
}
// TODO: add more tests
Modified: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/core/ImmutableTreeTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/core/ImmutableTreeTest.java?rev=1564684&r1=1564683&r2=1564684&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/core/ImmutableTreeTest.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/core/ImmutableTreeTest.java Wed Feb 5 09:08:50 2014
@@ -25,7 +25,6 @@ import org.apache.jackrabbit.oak.api.Con
import org.apache.jackrabbit.oak.api.Root;
import org.apache.jackrabbit.oak.api.Tree;
import org.apache.jackrabbit.oak.core.ImmutableTree;
-import org.apache.jackrabbit.oak.core.TreeTypeProvider;
import org.junit.After;
import org.junit.Before;
import org.junit.Test;
@@ -104,7 +103,6 @@ public class ImmutableTreeTest extends O
}
catch (IllegalStateException expected) { }
assertEquals("", tree.getName());
- assertEquals(TreeTypeProvider.TYPE_DEFAULT, tree.getType());
}
@Test
@@ -120,7 +118,7 @@ public class ImmutableTreeTest extends O
assertNotNull(child.getParent());
assertEquals("/", child.getParent().getPath());
- ImmutableTree disconnected = new ImmutableTree(ImmutableTree.ParentProvider.UNSUPPORTED, child.getName(), child.getNodeState(), TreeTypeProvider.EMPTY);
+ ImmutableTree disconnected = new ImmutableTree(ImmutableTree.ParentProvider.UNSUPPORTED, child.getName(), child.getNodeState());
try {
disconnected.getParent();
} catch (UnsupportedOperationException e) {
Modified: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/permission/AllPermissionsTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/permission/AllPermissionsTest.java?rev=1564684&r1=1564683&r2=1564684&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/permission/AllPermissionsTest.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/permission/AllPermissionsTest.java Wed Feb 5 09:08:50 2014
@@ -24,7 +24,6 @@ import org.apache.jackrabbit.oak.api.Pro
import org.apache.jackrabbit.oak.api.Tree;
import org.apache.jackrabbit.oak.core.ImmutableRoot;
import org.apache.jackrabbit.oak.core.ImmutableTree;
-import org.apache.jackrabbit.oak.core.TreeTypeProvider;
import org.apache.jackrabbit.oak.plugins.nodetype.NodeTypeConstants;
import org.apache.jackrabbit.oak.plugins.version.VersionConstants;
import org.apache.jackrabbit.oak.spi.security.authorization.permission.Permissions;
@@ -64,7 +63,7 @@ public class AllPermissionsTest extends
@Test
public void testGetTreePermission() {
for (String path : paths) {
- ImmutableTree tree = new ImmutableRoot(root, TreeTypeProvider.EMPTY).getTree(path);
+ ImmutableTree tree = new ImmutableRoot(root).getTree(path);
assertTrue(tree.exists());
assertSame(TreePermission.ALL, all.getTreePermission(tree, TreePermission.EMPTY));
@@ -77,7 +76,7 @@ public class AllPermissionsTest extends
@Test
public void testIsGranted() {
for (String path : paths) {
- ImmutableTree tree = new ImmutableRoot(root, TreeTypeProvider.EMPTY).getTree(path);
+ ImmutableTree tree = new ImmutableRoot(root).getTree(path);
assertTrue(tree.exists());
assertTrue(all.isGranted(tree, null, Permissions.ALL));
Modified: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionProviderImplTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionProviderImplTest.java?rev=1564684&r1=1564683&r2=1564684&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionProviderImplTest.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionProviderImplTest.java Wed Feb 5 09:08:50 2014
@@ -31,7 +31,6 @@ import org.apache.jackrabbit.oak.api.Con
import org.apache.jackrabbit.oak.api.Root;
import org.apache.jackrabbit.oak.api.Tree;
import org.apache.jackrabbit.oak.core.ImmutableRoot;
-import org.apache.jackrabbit.oak.core.TreeTypeProvider;
import org.apache.jackrabbit.oak.plugins.name.NamespaceConstants;
import org.apache.jackrabbit.oak.plugins.nodetype.NodeTypeConstants;
import org.apache.jackrabbit.oak.spi.security.ConfigurationParameters;
@@ -211,7 +210,7 @@ public class PermissionProviderImplTest
ContentSession testSession = createTestSession();
try {
Root r = testSession.getLatestRoot();
- Root immutableRoot = new ImmutableRoot(r, TreeTypeProvider.EMPTY);
+ Root immutableRoot = new ImmutableRoot(r);
PermissionProvider pp = createPermissionProvider(testSession) ;
assertTrue(r.getTree("/").exists());
Modified: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionStoreTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionStoreTest.java?rev=1564684&r1=1564683&r2=1564684&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionStoreTest.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionStoreTest.java Wed Feb 5 09:08:50 2014
@@ -102,7 +102,7 @@ public class PermissionStoreTest extends
PermissionProvider pp = createPermissionProvider();
Tree t = root.getTree(PermissionConstants.PERMISSIONS_STORE_PATH);
- assertSame(TreePermission.EMPTY, pp.getTreePermission(t, TreePermission.ALL));
+ assertSame(TreePermission.EMPTY, pp.getTreePermission(t, TreePermission.EMPTY));
}
@Test