You are viewing a plain text version of this content. The canonical link for it is here.
Posted to oak-commits@jackrabbit.apache.org by an...@apache.org on 2013/10/23 16:14:20 UTC
svn commit: r1535035 - in /jackrabbit/oak/trunk/oak-core/src:
main/java/org/apache/jackrabbit/oak/security/authorization/permission/
main/java/org/apache/jackrabbit/oak/spi/security/authorization/permission/
test/java/org/apache/jackrabbit/oak/security...
Author: angela
Date: Wed Oct 23 14:14:20 2013
New Revision: 1535035
URL: http://svn.apache.org/r1535035
Log:
OAK-527: permissions (wip)
- rep:index property is obsolete as index forms the node name
Modified:
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionEntry.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionHook.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/permission/PermissionConstants.java
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/permission/AbstractPermissionHookTest.java
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionEntry.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionEntry.java?rev=1535035&r1=1535034&r2=1535035&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionEntry.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionEntry.java Wed Oct 23 14:14:20 2013
@@ -16,6 +16,7 @@
*/
package org.apache.jackrabbit.oak.security.authorization.permission;
+import java.util.Set;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
@@ -25,11 +26,15 @@ import org.apache.jackrabbit.oak.api.Tre
import org.apache.jackrabbit.oak.api.Type;
import org.apache.jackrabbit.oak.commons.PathUtils;
import org.apache.jackrabbit.oak.spi.security.authorization.permission.PermissionConstants;
+import org.apache.jackrabbit.oak.spi.security.authorization.restriction.Restriction;
import org.apache.jackrabbit.oak.spi.security.authorization.restriction.RestrictionPattern;
import org.apache.jackrabbit.oak.spi.security.authorization.restriction.RestrictionProvider;
import org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeBits;
+import org.apache.jackrabbit.oak.spi.state.NodeBuilder;
import org.apache.jackrabbit.util.Text;
+import static org.apache.jackrabbit.JcrConstants.JCR_PRIMARYTYPE;
+
/**
* PermissionEntry... TODO
*/
@@ -63,11 +68,21 @@ final class PermissionEntry implements C
PermissionEntry(String path, Tree entryTree, RestrictionProvider restrictionsProvider) {
this.path = path;
isAllow = entryTree.getProperty(REP_IS_ALLOW).getValue(Type.BOOLEAN);
+ index = Integer.parseInt(entryTree.getName());
privilegeBits = PrivilegeBits.getInstance(entryTree.getProperty(REP_PRIVILEGE_BITS));
- index = entryTree.getProperty(REP_INDEX).getValue(Type.LONG).intValue();
restriction = restrictionsProvider.getPattern(path, entryTree);
}
+ static void write(NodeBuilder parent, boolean isAllow, int index, PrivilegeBits privilegeBits, Set<Restriction> restrictions) {
+ NodeBuilder n = parent.child(String.valueOf(index))
+ .setProperty(JCR_PRIMARYTYPE, NT_REP_PERMISSIONS, Type.NAME)
+ .setProperty(REP_IS_ALLOW, isAllow)
+ .setProperty(privilegeBits.asPropertyState(REP_PRIVILEGE_BITS));
+ for (Restriction restriction : restrictions) {
+ n.setProperty(restriction.getProperty());
+ }
+ }
+
public boolean matches(@Nonnull Tree tree, @Nullable PropertyState property) {
return restriction == RestrictionPattern.EMPTY || restriction.matches(tree, property);
}
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionHook.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionHook.java?rev=1535035&r1=1535034&r2=1535035&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionHook.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionHook.java Wed Oct 23 14:14:20 2013
@@ -410,14 +410,7 @@ public class PermissionHook implements P
}
}
for (AcEntry ace: list) {
- NodeBuilder n = parent.child(String.valueOf(ace.index))
- .setProperty(JCR_PRIMARYTYPE, NT_REP_PERMISSIONS, Type.NAME)
- .setProperty(REP_IS_ALLOW, ace.isAllow)
- .setProperty(REP_INDEX, ace.index)
- .setProperty(ace.privilegeBits.asPropertyState(REP_PRIVILEGE_BITS));
- for (Restriction restriction : ace.restrictions) {
- n.setProperty(restriction.getProperty());
- }
+ PermissionEntry.write(parent, ace.isAllow, ace.index, ace.privilegeBits, ace.restrictions);
numEntries++;
}
return numEntries;
@@ -431,16 +424,17 @@ public class PermissionHook implements P
private final PrivilegeBits privilegeBits;
private final boolean isAllow;
private final Set<Restriction> restrictions;
- private final long index;
+ private final int index;
private int hashCode = -1;
- private AcEntry(@Nonnull Tree aceTree, @Nonnull String accessControlledPath, long index) {
+ private AcEntry(@Nonnull Tree aceTree, @Nonnull String accessControlledPath, int index) {
this.accessControlledPath = accessControlledPath;
+ this.index = index;
+
principalName = Text.escapeIllegalJcrChars(checkNotNull(TreeUtil.getString(aceTree, REP_PRINCIPAL_NAME)));
privilegeBits = bitsProvider.getBits(TreeUtil.getStrings(aceTree, REP_PRIVILEGES));
isAllow = NT_REP_GRANT_ACE.equals(TreeUtil.getPrimaryTypeName(aceTree));
restrictions = restrictionProvider.readRestrictions(Strings.emptyToNull(accessControlledPath), aceTree);
- this.index = index;
}
@Override
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/permission/PermissionConstants.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/permission/PermissionConstants.java?rev=1535035&r1=1535034&r2=1535035&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/permission/PermissionConstants.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/permission/PermissionConstants.java Wed Oct 23 14:14:20 2013
@@ -40,11 +40,10 @@ public interface PermissionConstants {
String REP_NUM_PERMISSIONS = "rep:numPermissions";
String REP_IS_ALLOW = "rep:isAllow";
String REP_PRIVILEGE_BITS = "rep:privileges";
- String REP_INDEX = "rep:index";
Set<String> PERMISSION_NODETYPE_NAMES = ImmutableSet.of(NT_REP_PERMISSIONS, NT_REP_PERMISSION_STORE);
Set<String> PERMISSION_NODE_NAMES = ImmutableSet.of(REP_PERMISSION_STORE);
- Set<String> PERMISSION_PROPERTY_NAMES = ImmutableSet.of(REP_ACCESS_CONTROLLED_PATH, REP_PRIVILEGE_BITS, REP_INDEX);
+ Set<String> PERMISSION_PROPERTY_NAMES = ImmutableSet.of(REP_ACCESS_CONTROLLED_PATH, REP_PRIVILEGE_BITS);
/**
* Configuration parameter to enforce backwards compatible permission
Modified: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/permission/AbstractPermissionHookTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/permission/AbstractPermissionHookTest.java?rev=1535035&r1=1535034&r2=1535035&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/permission/AbstractPermissionHookTest.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/permission/AbstractPermissionHookTest.java Wed Oct 23 14:14:20 2013
@@ -134,6 +134,10 @@ public abstract class AbstractPermission
}
}
+ static protected void assertIndex(int expected, Tree entry) {
+ assertEquals(expected, Integer.parseInt(entry.getName()));
+ }
+
@Test
public void testModifyRestrictions() throws Exception {
Tree testAce = root.getTree(testPath + "/rep:policy").getChildren().iterator().next();
@@ -174,7 +178,7 @@ public abstract class AbstractPermission
@Test
public void testReorderAce() throws Exception {
Tree entry = getEntry(testPrincipalName, testPath, 0);
- assertEquals(0, entry.getProperty(REP_INDEX).getValue(Type.LONG).longValue());
+ assertIndex(0, entry);
Tree aclTree = root.getTree(testPath + "/rep:policy");
aclTree.getChildren().iterator().next().orderBefore(null);
@@ -182,13 +186,13 @@ public abstract class AbstractPermission
root.commit();
entry = getEntry(testPrincipalName, testPath, 1);
- assertEquals(1, entry.getProperty(REP_INDEX).getValue(Type.LONG).longValue());
+ assertIndex(1, entry);
}
@Test
public void testReorderAndAddAce() throws Exception {
Tree entry = getEntry(testPrincipalName, testPath, 0);
- assertEquals(0, entry.getProperty(REP_INDEX).getValue(Type.LONG).longValue());
+ assertIndex(0, entry);
Tree aclTree = root.getTree(testPath + "/rep:policy");
// reorder
@@ -201,13 +205,13 @@ public abstract class AbstractPermission
root.commit();
entry = getEntry(testPrincipalName, testPath, 1);
- assertEquals(1, entry.getProperty(REP_INDEX).getValue(Type.LONG).longValue());
+ assertIndex(1, entry);
}
@Test
public void testReorderAddAndRemoveAces() throws Exception {
Tree entry = getEntry(testPrincipalName, testPath, 0);
- assertEquals(0, entry.getProperty(REP_INDEX).getValue(Type.LONG).longValue());
+ assertIndex(0, entry);
Tree aclTree = root.getTree(testPath + "/rep:policy");
@@ -231,7 +235,7 @@ public abstract class AbstractPermission
root.commit();
entry = getEntry(testPrincipalName, testPath, 1);
- assertEquals(1, entry.getProperty(REP_INDEX).getValue(Type.LONG).longValue());
+ assertIndex(1, entry);
}
/**
@@ -261,10 +265,10 @@ public abstract class AbstractPermission
root.commit();
Tree entry = getEntry(principals.get(2).getName(), testPath, 1);
- assertEquals(1, entry.getProperty(REP_INDEX).getValue(Type.LONG).longValue());
+ assertIndex(1, entry);
entry = getEntry(principals.get(1).getName(), testPath, 2);
- assertEquals(2, entry.getProperty(REP_INDEX).getValue(Type.LONG).longValue());
+ assertIndex(2, entry);
}
/**
@@ -293,10 +297,10 @@ public abstract class AbstractPermission
root.commit();
Tree entry = getEntry(EveryonePrincipal.NAME, testPath, 1);
- assertEquals(1, entry.getProperty(REP_INDEX).getValue(Type.LONG).longValue());
+ assertIndex(1, entry);
entry = getEntry(principals.get(2).getName(), testPath, 3);
- assertEquals(3, entry.getProperty(REP_INDEX).getValue(Type.LONG).longValue());
+ assertIndex(3, entry);
for (String pName : new String[]{testPrincipalName, principals.get(0).getName()}) {
try {