You are viewing a plain text version of this content. The canonical link for it is here.
Posted to oak-commits@jackrabbit.apache.org by an...@apache.org on 2015/07/16 14:59:18 UTC
svn commit: r1691388 [2/2] - in /jackrabbit/oak/trunk:
oak-authorization-cug/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/
oak-authorization-cug/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/...
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionProviderImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionProviderImpl.java?rev=1691388&r1=1691387&r2=1691388&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionProviderImpl.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionProviderImpl.java Thu Jul 16 12:59:17 2015
@@ -39,6 +39,8 @@ import org.apache.jackrabbit.oak.spi.sec
import org.apache.jackrabbit.oak.spi.security.authorization.permission.TreePermission;
import org.apache.jackrabbit.oak.spi.security.authorization.restriction.RestrictionProvider;
import org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeBits;
+import org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeBitsProvider;
+import org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeConstants;
public class PermissionProviderImpl implements PermissionProvider, AccessControlConstants, PermissionConstants, AggregatedPermissionProvider {
@@ -110,41 +112,33 @@ public class PermissionProviderImpl impl
boolean isAcContent = ctx.definesLocation(location);
long permissions = Permissions.getPermissions(jcrActions, location, isAcContent);
- boolean isGranted = false;
- PropertyState property = location.getProperty();
- Tree tree = (property == null) ? location.getTree() : location.getParent().getTree();
- if (tree != null) {
- isGranted = isGranted(tree, property, permissions);
- } else if (!isVersionStorePath(oakPath)) {
- isGranted = compiledPermissions.isGranted(oakPath, permissions);
- }
- return isGranted;
+ return isGranted(location, oakPath, permissions);
}
//---------------------------------------< AggregatedPermissionProvider >---
@Override
- public boolean handles(@Nonnull String path, @Nonnull String jcrAction) {
- return true;
+ public PrivilegeBits supportedPrivileges(@Nullable Tree tree, @Nullable PrivilegeBits privilegeBits) {
+ return (privilegeBits != null) ? privilegeBits : new PrivilegeBitsProvider(immutableRoot).getBits(PrivilegeConstants.JCR_ALL);
}
@Override
- public boolean handles(@Nonnull Tree tree, @Nonnull PrivilegeBits privilegeBits) {
- return true;
+ public long supportedPermissions(@Nullable Tree tree, @Nullable PropertyState property, long permissions) {
+ return permissions;
}
@Override
- public boolean handles(@Nonnull Tree tree, long permission) {
- return true;
+ public long supportedPermissions(@Nonnull TreeLocation location, long permissions) {
+ return permissions;
}
@Override
- public boolean handles(@Nonnull TreePermission treePermission, long permission) {
- return true;
+ public long supportedPermissions(@Nonnull TreePermission treePermission, long permissions) {
+ return permissions;
}
@Override
- public boolean handlesRepositoryPermissions() {
- return true;
+ public boolean isGranted(@Nonnull TreeLocation location, long permissions) {
+ return isGranted(location, location.getPath(), permissions);
}
//--------------------------------------------------------------------------
@@ -159,4 +153,16 @@ public class PermissionProviderImpl impl
}
return false;
}
+
+ private boolean isGranted(@Nonnull TreeLocation location, @Nonnull String oakPath, long permissions) {
+ boolean isGranted = false;
+ PropertyState property = location.getProperty();
+ Tree tree = (property == null) ? location.getTree() : location.getParent().getTree();
+ if (tree != null) {
+ isGranted = isGranted(tree, property, permissions);
+ } else if (!isVersionStorePath(location.getPath())) {
+ isGranted = compiledPermissions.isGranted(oakPath, permissions);
+ }
+ return isGranted;
+ }
}
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/permission/AggregatedPermissionProvider.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/permission/AggregatedPermissionProvider.java?rev=1691388&r1=1691387&r2=1691388&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/permission/AggregatedPermissionProvider.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/permission/AggregatedPermissionProvider.java Thu Jul 16 12:59:17 2015
@@ -17,8 +17,11 @@
package org.apache.jackrabbit.oak.spi.security.authorization.permission;
import javax.annotation.Nonnull;
+import javax.annotation.Nullable;
+import org.apache.jackrabbit.oak.api.PropertyState;
import org.apache.jackrabbit.oak.api.Tree;
+import org.apache.jackrabbit.oak.plugins.tree.TreeLocation;
import org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeBits;
/**
@@ -29,13 +32,24 @@ import org.apache.jackrabbit.oak.spi.sec
*/
public interface AggregatedPermissionProvider extends PermissionProvider {
- boolean handles(@Nonnull String path, @Nonnull String jcrAction);
+ PrivilegeBits supportedPrivileges(@Nullable Tree tree, @Nullable PrivilegeBits privilegeBits);
- boolean handles(@Nonnull Tree tree, @Nonnull PrivilegeBits privilegeBits);
+ long supportedPermissions(@Nullable Tree tree, @Nullable PropertyState property, long permissions);
- boolean handles(@Nonnull Tree tree, long permission);
+ long supportedPermissions(@Nonnull TreeLocation location, long permissions);
- boolean handles(@Nonnull TreePermission treePermission, long permission);
+ long supportedPermissions(@Nonnull TreePermission treePermission, long permissions);
- boolean handlesRepositoryPermissions();
+ /**
+ * Test if the specified permissions are granted for the set of {@code Principal}s
+ * associated with this provider instance for the item identified by the
+ * given {@code location} and optionally property. This method will only return {@code true}
+ * if all permissions are granted.
+ *
+ * @param location The {@code TreeLocation} to test the permissions for.
+ * @param permissions The permissions to be tested.
+ * @return {@code true} if the specified permissions are granted for the existing
+ * or non-existing item identified by the given location.
+ */
+ boolean isGranted(@Nonnull TreeLocation location, long permissions);
}
\ No newline at end of file
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/permission/package-info.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/permission/package-info.java?rev=1691388&r1=1691387&r2=1691388&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/permission/package-info.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/permission/package-info.java Thu Jul 16 12:59:17 2015
@@ -14,7 +14,7 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*/
-@Version("1.1.0")
+@Version("2.0")
@Export(optional = "provide:=true")
package org.apache.jackrabbit.oak.spi.security.authorization.permission;
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/privilege/PrivilegeBits.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/privilege/PrivilegeBits.java?rev=1691388&r1=1691387&r2=1691388&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/privilege/PrivilegeBits.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/privilege/PrivilegeBits.java Thu Jul 16 12:59:17 2015
@@ -355,6 +355,15 @@ public final class PrivilegeBits impleme
}
}
+ @Nonnull
+ public PrivilegeBits modifiable() {
+ if (d instanceof ModifiableData) {
+ return this;
+ } else {
+ return getInstance(this);
+ }
+ }
+
/**
* Returns {@code true} if all privileges defined by the specified
* {@code otherBits} are present in this instance.
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/privilege/package-info.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/privilege/package-info.java?rev=1691388&r1=1691387&r2=1691388&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/privilege/package-info.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/privilege/package-info.java Thu Jul 16 12:59:17 2015
@@ -14,7 +14,7 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*/
-@Version("1.0")
+@Version("1.1.0")
@Export(optional = "provide:=true")
package org.apache.jackrabbit.oak.spi.security.privilege;