You are viewing a plain text version of this content. The canonical link for it is here.
Posted to oak-commits@jackrabbit.apache.org by an...@apache.org on 2013/10/18 09:27:33 UTC
svn commit: r1533341 - in /jackrabbit/oak/trunk/oak-core/src:
main/java/org/apache/jackrabbit/oak/core/
main/java/org/apache/jackrabbit/oak/security/authorization/permission/
test/java/org/apache/jackrabbit/oak/security/authorization/permission/
Author: angela
Date: Fri Oct 18 07:27:33 2013
New Revision: 1533341
URL: http://svn.apache.org/r1533341
Log:
OAK-527: permissions (wip)
- consistency between isGranted and hasPrivileges as well as getTreePermissions vs. getPrivileges
- change compiled permissions to only take immutable tree (see above)
- prevent access to permission store
Added:
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionStoreTest.java
Modified:
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/core/ImmutableTree.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/core/TreeTypeProvider.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/core/TreeTypeProviderImpl.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/AllPermissions.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/CompiledPermissionImpl.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/CompiledPermissions.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/NoPermissions.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionProviderImpl.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionUtil.java
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/permission/AllPermissionsTest.java
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/core/ImmutableTree.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/core/ImmutableTree.java?rev=1533341&r1=1533340&r2=1533341&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/core/ImmutableTree.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/core/ImmutableTree.java Fri Oct 18 07:27:33 2013
@@ -252,22 +252,13 @@ public final class ImmutableTree extends
//------------------------------------------------------------< internal >---
- int getType() {
+ public int getType() {
if (type == TreeTypeProvider.TYPE_NONE) {
type = typeProvider.getType(this);
}
return type;
}
- // TODO
- public static int getType(Tree tree) {
- if (tree instanceof ImmutableTree) {
- return ((ImmutableTree) tree).getType();
- } else {
- return TreeTypeProvider.TYPE_DEFAULT;
- }
- }
-
//--------------------------------------------------------------------------
public interface ParentProvider {
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/core/TreeTypeProvider.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/core/TreeTypeProvider.java?rev=1533341&r1=1533340&r2=1533341&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/core/TreeTypeProvider.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/core/TreeTypeProvider.java Fri Oct 18 07:27:33 2013
@@ -29,10 +29,12 @@ public interface TreeTypeProvider {
int TYPE_DEFAULT = 1;
// version store(s) content
int TYPE_VERSION = 2;
+ // permissions store
+ int TYPE_PERMISSION_STORE = 4;
// access control content
- int TYPE_AC = 4;
+ int TYPE_AC = 8;
// hidden trees
- int TYPE_HIDDEN = 8;
+ int TYPE_HIDDEN = 16;
TreeTypeProvider EMPTY = new TreeTypeProvider() {
@Override
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/core/TreeTypeProviderImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/core/TreeTypeProviderImpl.java?rev=1533341&r1=1533340&r2=1533341&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/core/TreeTypeProviderImpl.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/core/TreeTypeProviderImpl.java Fri Oct 18 07:27:33 2013
@@ -20,6 +20,7 @@ import javax.annotation.Nonnull;
import org.apache.jackrabbit.oak.plugins.version.VersionConstants;
import org.apache.jackrabbit.oak.spi.security.Context;
+import org.apache.jackrabbit.oak.spi.security.authorization.permission.PermissionConstants;
import org.apache.jackrabbit.oak.spi.state.NodeStateUtils;
/**
@@ -48,6 +49,9 @@ public final class TreeTypeProviderImpl
case TYPE_VERSION:
type = TYPE_VERSION;
break;
+ case TYPE_PERMISSION_STORE:
+ type = TYPE_PERMISSION_STORE;
+ break;
case TYPE_AC:
type = TYPE_AC;
break;
@@ -57,6 +61,8 @@ public final class TreeTypeProviderImpl
type = TYPE_HIDDEN;
} else if (VersionConstants.VERSION_STORE_ROOT_NAMES.contains(name)) {
type = TYPE_VERSION;
+ } else if (PermissionConstants.REP_PERMISSION_STORE.equals(name)) {
+ type = TYPE_PERMISSION_STORE;
} else if (contextInfo.definesContextRoot(tree)) {
type = TYPE_AC;
} else {
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/AllPermissions.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/AllPermissions.java?rev=1533341&r1=1533340&r2=1533341&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/AllPermissions.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/AllPermissions.java Fri Oct 18 07:27:33 2013
@@ -21,8 +21,8 @@ import java.util.Set;
import javax.annotation.Nonnull;
import org.apache.jackrabbit.oak.api.PropertyState;
-import org.apache.jackrabbit.oak.api.Tree;
import org.apache.jackrabbit.oak.core.ImmutableRoot;
+import org.apache.jackrabbit.oak.core.ImmutableTree;
import org.apache.jackrabbit.oak.spi.security.authorization.permission.RepositoryPermission;
import org.apache.jackrabbit.oak.spi.security.authorization.permission.TreePermission;
import org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeConstants;
@@ -53,12 +53,12 @@ public final class AllPermissions implem
}
@Override
- public TreePermission getTreePermission(@Nonnull Tree tree, @Nonnull TreePermission parentPermission) {
+ public TreePermission getTreePermission(@Nonnull ImmutableTree tree, @Nonnull TreePermission parentPermission) {
return TreePermission.ALL;
}
@Override
- public boolean isGranted(Tree parent, PropertyState property, long permissions) {
+ public boolean isGranted(ImmutableTree parent, PropertyState property, long permissions) {
return true;
}
@@ -68,12 +68,12 @@ public final class AllPermissions implem
}
@Override
- public Set<String> getPrivileges(Tree tree) {
+ public Set<String> getPrivileges(ImmutableTree tree) {
return Collections.singleton(PrivilegeConstants.JCR_ALL);
}
@Override
- public boolean hasPrivileges(Tree tree, String... privilegeNames) {
+ public boolean hasPrivileges(ImmutableTree tree, String... privilegeNames) {
return true;
}
}
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/CompiledPermissionImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/CompiledPermissionImpl.java?rev=1533341&r1=1533340&r2=1533341&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/CompiledPermissionImpl.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/CompiledPermissionImpl.java Fri Oct 18 07:27:33 2013
@@ -187,11 +187,11 @@ class CompiledPermissionImpl implements
}
@Override
- public TreePermission getTreePermission(@Nonnull Tree tree, @Nonnull TreePermission parentPermission) {
+ public TreePermission getTreePermission(@Nonnull ImmutableTree tree, @Nonnull TreePermission parentPermission) {
if (tree.isRoot()) {
return new TreePermissionImpl(tree, TreeTypeProvider.TYPE_DEFAULT, TreePermission.EMPTY);
}
- int type = PermissionUtil.getType(tree, null);
+ int type = tree.getType();
switch (type) {
case TreeTypeProvider.TYPE_HIDDEN:
// TODO: OAK-753 decide on where to filter out hidden items.
@@ -213,17 +213,19 @@ class CompiledPermissionImpl implements
tl = tl.getParent();
}
Tree versionableTree = tl.getTree();
- TreePermission pp = getParentPermission(versionableTree);
+ TreePermission pp = getParentPermission(versionableTree, TreeTypeProvider.TYPE_VERSION);
return new TreePermissionImpl(versionableTree, TreeTypeProvider.TYPE_VERSION, pp);
}
}
+ case TreeTypeProvider.TYPE_PERMISSION_STORE:
+ return TreePermission.EMPTY;
default:
return new TreePermissionImpl(tree, type, parentPermission);
}
}
@Nonnull
- private TreePermission getParentPermission(@Nonnull Tree tree) {
+ private TreePermission getParentPermission(@Nonnull Tree tree, int type) {
List<Tree> trees = new ArrayList();
while (!tree.isRoot()) {
tree = tree.getParent();
@@ -233,13 +235,13 @@ class CompiledPermissionImpl implements
}
TreePermission pp = TreePermission.EMPTY;
for (Tree tr : trees) {
- pp = new TreePermissionImpl(tr, PermissionUtil.getType(tree, null), pp);
+ pp = new TreePermissionImpl(tr, type, pp);
}
return pp;
}
@Override
- public boolean isGranted(@Nonnull Tree tree, @Nullable PropertyState property, long permissions) {
+ public boolean isGranted(@Nonnull ImmutableTree tree, @Nullable PropertyState property, long permissions) {
int type = PermissionUtil.getType(tree, property);
switch (type) {
case TreeTypeProvider.TYPE_HIDDEN:
@@ -259,6 +261,8 @@ class CompiledPermissionImpl implements
// use best effort calculation based on the item path.
return isGranted(location.getPath(), permissions);
}
+ case TreeTypeProvider.TYPE_PERMISSION_STORE:
+ return false;
default:
return internalIsGranted(tree, property, permissions);
}
@@ -271,13 +275,13 @@ class CompiledPermissionImpl implements
}
@Override
- public Set<String> getPrivileges(@Nullable Tree tree) {
- return bitsProvider.getPrivilegeNames(getPrivilegeBits(tree));
+ public Set<String> getPrivileges(@Nullable ImmutableTree tree) {
+ return bitsProvider.getPrivilegeNames(internalGetPrivileges(tree));
}
@Override
- public boolean hasPrivileges(@Nullable Tree tree, String... privilegeNames) {
- return getPrivilegeBits(tree).includes(bitsProvider.getBits(privilegeNames));
+ public boolean hasPrivileges(@Nullable ImmutableTree tree, String... privilegeNames) {
+ return internalGetPrivileges(tree).includes(bitsProvider.getBits(privilegeNames));
}
//------------------------------------------------------------< private >---
@@ -355,6 +359,31 @@ class CompiledPermissionImpl implements
return (allows | ~permissions) == -1;
}
+ @Nonnull PrivilegeBits internalGetPrivileges(@Nullable ImmutableTree tree) {
+ int type = (tree == null) ? TreeTypeProvider.TYPE_DEFAULT : tree.getType();
+ switch (type) {
+ case TreeTypeProvider.TYPE_HIDDEN:
+ return PrivilegeBits.EMPTY;
+ case TreeTypeProvider.TYPE_VERSION:
+ TreeLocation location = getLocation(tree, null);
+ if (location == null) {
+ // unable to determine the location of the versionable item -> deny access.
+ return PrivilegeBits.EMPTY;
+ }
+ Tree versionableTree = location.getTree();
+ if (versionableTree != null) {
+ return getPrivilegeBits(tree);
+ } else {
+ // TODO : add proper handling for cases where the versionable node does not exist (anymore)
+ return PrivilegeBits.EMPTY;
+ }
+ case TreeTypeProvider.TYPE_PERMISSION_STORE:
+ return PrivilegeBits.EMPTY;
+ default:
+ return getPrivilegeBits(tree);
+ }
+ }
+
@Nonnull
private PrivilegeBits getPrivilegeBits(@Nullable Tree tree) {
EntryPredicate pred = (tree == null)
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/CompiledPermissions.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/CompiledPermissions.java?rev=1533341&r1=1533340&r2=1533341&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/CompiledPermissions.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/CompiledPermissions.java Fri Oct 18 07:27:33 2013
@@ -21,8 +21,8 @@ import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import org.apache.jackrabbit.oak.api.PropertyState;
-import org.apache.jackrabbit.oak.api.Tree;
import org.apache.jackrabbit.oak.core.ImmutableRoot;
+import org.apache.jackrabbit.oak.core.ImmutableTree;
import org.apache.jackrabbit.oak.spi.security.authorization.permission.RepositoryPermission;
import org.apache.jackrabbit.oak.spi.security.authorization.permission.TreePermission;
@@ -35,16 +35,17 @@ public interface CompiledPermissions {
RepositoryPermission getRepositoryPermission();
- TreePermission getTreePermission(@Nonnull Tree tree, @Nonnull TreePermission parentPermission);
+ TreePermission getTreePermission(@Nonnull ImmutableTree tree, @Nonnull TreePermission parentPermission);
/**
*
+ *
* @param parent
* @param property
* @param permissions
* @return
*/
- boolean isGranted(@Nonnull Tree parent, @Nullable PropertyState property, long permissions);
+ boolean isGranted(@Nonnull ImmutableTree parent, @Nullable PropertyState property, long permissions);
/**
*
@@ -56,17 +57,19 @@ public interface CompiledPermissions {
/**
*
+ *
* @param tree
* @return
*/
@Nonnull
- Set<String> getPrivileges(@Nullable Tree tree);
+ Set<String> getPrivileges(@Nullable ImmutableTree tree);
/**
*
+ *
* @param tree
* @param privilegeNames
* @return
*/
- boolean hasPrivileges(@Nullable Tree tree, String... privilegeNames);
+ boolean hasPrivileges(@Nullable ImmutableTree tree, String... privilegeNames);
}
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/NoPermissions.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/NoPermissions.java?rev=1533341&r1=1533340&r2=1533341&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/NoPermissions.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/NoPermissions.java Fri Oct 18 07:27:33 2013
@@ -22,8 +22,8 @@ import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import org.apache.jackrabbit.oak.api.PropertyState;
-import org.apache.jackrabbit.oak.api.Tree;
import org.apache.jackrabbit.oak.core.ImmutableRoot;
+import org.apache.jackrabbit.oak.core.ImmutableTree;
import org.apache.jackrabbit.oak.spi.security.authorization.permission.RepositoryPermission;
import org.apache.jackrabbit.oak.spi.security.authorization.permission.TreePermission;
@@ -52,12 +52,12 @@ public final class NoPermissions impleme
}
@Override
- public TreePermission getTreePermission(@Nonnull Tree tree, @Nonnull TreePermission parentPermission) {
+ public TreePermission getTreePermission(@Nonnull ImmutableTree tree, @Nonnull TreePermission parentPermission) {
return TreePermission.EMPTY;
}
@Override
- public boolean isGranted(@Nonnull Tree parent, @Nullable PropertyState property, long permissions) {
+ public boolean isGranted(@Nonnull ImmutableTree parent, @Nullable PropertyState property, long permissions) {
return false;
}
@@ -67,12 +67,12 @@ public final class NoPermissions impleme
}
@Override
- public Set<String> getPrivileges(@Nullable Tree tree) {
+ public Set<String> getPrivileges(@Nullable ImmutableTree tree) {
return Collections.emptySet();
}
@Override
- public boolean hasPrivileges(@Nullable Tree tree, String... privilegeNames) {
+ public boolean hasPrivileges(@Nullable ImmutableTree tree, String... privilegeNames) {
return false;
}
}
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionProviderImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionProviderImpl.java?rev=1533341&r1=1533340&r2=1533341&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionProviderImpl.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionProviderImpl.java Fri Oct 18 07:27:33 2013
@@ -27,6 +27,7 @@ import org.apache.jackrabbit.oak.api.Pro
import org.apache.jackrabbit.oak.api.Root;
import org.apache.jackrabbit.oak.api.Tree;
import org.apache.jackrabbit.oak.core.ImmutableRoot;
+import org.apache.jackrabbit.oak.core.ImmutableTree;
import org.apache.jackrabbit.oak.core.TreeTypeProviderImpl;
import org.apache.jackrabbit.oak.plugins.version.VersionConstants;
import org.apache.jackrabbit.oak.spi.security.SecurityConfiguration;
@@ -81,12 +82,12 @@ public class PermissionProviderImpl impl
@Nonnull
@Override
public Set<String> getPrivileges(@Nullable Tree tree) {
- return compiledPermissions.getPrivileges(tree);
+ return compiledPermissions.getPrivileges(getImmutableTree(tree));
}
@Override
public boolean hasPrivileges(@Nullable Tree tree, String... privilegeNames) {
- return compiledPermissions.hasPrivileges(tree, privilegeNames);
+ return compiledPermissions.hasPrivileges(getImmutableTree(tree), privilegeNames);
}
@Override
@@ -96,12 +97,12 @@ public class PermissionProviderImpl impl
@Override
public TreePermission getTreePermission(@Nonnull Tree tree, @Nonnull TreePermission parentPermission) {
- return compiledPermissions.getTreePermission(tree, parentPermission);
+ return compiledPermissions.getTreePermission(getImmutableTree(tree), parentPermission);
}
@Override
public boolean isGranted(@Nonnull Tree tree, @Nullable PropertyState property, long permissions) {
- return compiledPermissions.isGranted(tree, property, permissions);
+ return compiledPermissions.isGranted(getImmutableTree(tree), property, permissions);
}
@Override
@@ -133,7 +134,15 @@ public class PermissionProviderImpl impl
return false;
}
- private static ImmutableRoot getImmutableRoot(Root base, SecurityConfiguration acConfig) {
+ private ImmutableTree getImmutableTree(@Nullable Tree tree) {
+ if (tree instanceof ImmutableTree) {
+ return (ImmutableTree) tree;
+ } else {
+ return (tree == null) ? null : immutableRoot.getTree(tree.getPath());
+ }
+ }
+
+ private static ImmutableRoot getImmutableRoot(@Nonnull Root base, @Nonnull SecurityConfiguration acConfig) {
if (base instanceof ImmutableRoot) {
return (ImmutableRoot) base;
} else {
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionUtil.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionUtil.java?rev=1533341&r1=1533340&r2=1533341&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionUtil.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionUtil.java Fri Oct 18 07:27:33 2013
@@ -85,10 +85,10 @@ public final class PermissionUtil implem
return permissionsTree.getChild(Text.escapeIllegalJcrChars(principal.getName()));
}
- public static int getType(@Nonnull Tree tree, @Nullable PropertyState property) {
+ public static int getType(@Nonnull ImmutableTree tree, @Nullable PropertyState property) {
// TODO: OAK-753 decide on where to filter out hidden items.
// TODO: deal with hidden properties
- return ImmutableTree.getType(tree);
+ return tree.getType();
}
@CheckForNull
Modified: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/permission/AllPermissionsTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/permission/AllPermissionsTest.java?rev=1533341&r1=1533340&r2=1533341&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/permission/AllPermissionsTest.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/permission/AllPermissionsTest.java Fri Oct 18 07:27:33 2013
@@ -22,6 +22,9 @@ import java.util.List;
import org.apache.jackrabbit.oak.AbstractSecurityTest;
import org.apache.jackrabbit.oak.api.PropertyState;
import org.apache.jackrabbit.oak.api.Tree;
+import org.apache.jackrabbit.oak.core.ImmutableRoot;
+import org.apache.jackrabbit.oak.core.ImmutableTree;
+import org.apache.jackrabbit.oak.core.TreeTypeProvider;
import org.apache.jackrabbit.oak.plugins.nodetype.NodeTypeConstants;
import org.apache.jackrabbit.oak.plugins.version.VersionConstants;
import org.apache.jackrabbit.oak.spi.security.authorization.permission.Permissions;
@@ -61,12 +64,12 @@ public class AllPermissionsTest extends
@Test
public void testGetTreePermission() {
for (String path : paths) {
- Tree tree = root.getTree(path);
+ ImmutableTree tree = new ImmutableRoot(root, TreeTypeProvider.EMPTY).getTree(path);
assertTrue(tree.exists());
assertSame(TreePermission.ALL, all.getTreePermission(tree, TreePermission.EMPTY));
for (Tree child : tree.getChildren()) {
- assertSame(TreePermission.ALL, all.getTreePermission(child, TreePermission.EMPTY));
+ assertSame(TreePermission.ALL, all.getTreePermission((ImmutableTree) child, TreePermission.EMPTY));
}
}
}
@@ -74,7 +77,7 @@ public class AllPermissionsTest extends
@Test
public void testIsGranted() {
for (String path : paths) {
- Tree tree = root.getTree(path);
+ ImmutableTree tree = new ImmutableRoot(root, TreeTypeProvider.EMPTY).getTree(path);
assertTrue(tree.exists());
assertTrue(all.isGranted(tree, null, Permissions.ALL));
@@ -82,7 +85,7 @@ public class AllPermissionsTest extends
assertTrue(all.isGranted(tree, prop, Permissions.ALL));
}
for (Tree child : tree.getChildren()) {
- assertTrue(all.isGranted(child, null, Permissions.ALL));
+ assertTrue(all.isGranted((ImmutableTree) child, null, Permissions.ALL));
}
}
}
Added: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionStoreTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionStoreTest.java?rev=1533341&view=auto
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionStoreTest.java (added)
+++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionStoreTest.java Fri Oct 18 07:27:33 2013
@@ -0,0 +1,135 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.oak.security.authorization.permission;
+
+import java.util.Set;
+import javax.jcr.Session;
+import javax.jcr.security.AccessControlEntry;
+import javax.jcr.security.AccessControlManager;
+
+import org.apache.jackrabbit.JcrConstants;
+import org.apache.jackrabbit.api.security.JackrabbitAccessControlList;
+import org.apache.jackrabbit.commons.jackrabbit.authorization.AccessControlUtils;
+import org.apache.jackrabbit.oak.AbstractSecurityTest;
+import org.apache.jackrabbit.oak.api.ContentSession;
+import org.apache.jackrabbit.oak.api.Root;
+import org.apache.jackrabbit.oak.api.Tree;
+import org.apache.jackrabbit.oak.spi.security.authorization.permission.PermissionConstants;
+import org.apache.jackrabbit.oak.spi.security.authorization.permission.PermissionProvider;
+import org.apache.jackrabbit.oak.spi.security.authorization.permission.Permissions;
+import org.apache.jackrabbit.oak.spi.security.authorization.permission.TreePermission;
+import org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeConstants;
+import org.junit.Test;
+
+import static org.junit.Assert.assertFalse;
+import static org.junit.Assert.assertSame;
+import static org.junit.Assert.assertTrue;
+
+/**
+ * PermissionStoreTest... TODO
+ */
+public class PermissionStoreTest extends AbstractSecurityTest {
+
+ private ContentSession testSession;
+ private Root testRoot;
+
+ @Override
+ public void before() throws Exception {
+ super.before();
+
+ AccessControlManager acMgr = getAccessControlManager(root);
+ JackrabbitAccessControlList acl = AccessControlUtils.getAccessControlList(acMgr, "/");
+ if (acl != null) {
+ acl.addEntry(getTestUser().getPrincipal(), privilegesFromNames(PrivilegeConstants.JCR_ALL), true);
+ }
+ acMgr.setPolicy("/", acl);
+ root.commit();
+ testSession = createTestSession();
+ testRoot = testSession.getLatestRoot();
+ }
+
+ @Override
+ public void after() throws Exception {
+ try {
+ if (testSession != null) {
+ testSession.close();
+ }
+ AccessControlManager acMgr = getAccessControlManager(root);
+ JackrabbitAccessControlList acl = AccessControlUtils.getAccessControlList(acMgr, "/");
+ if (acl != null) {
+ for (AccessControlEntry ace : acl.getAccessControlEntries()) {
+ if (getTestUser().getPrincipal().equals(ace.getPrincipal())) {
+ acl.removeAccessControlEntry(ace);
+ }
+ }
+ }
+ acMgr.setPolicy("/", acl);
+ root.commit();
+ } finally {
+ super.after();
+ }
+ }
+
+ @Test
+ public void testReadAccess() {
+ Tree ps = testRoot.getTree(PermissionConstants.PERMISSIONS_STORE_PATH);
+ assertFalse(ps.exists());
+ }
+
+ @Test
+ public void testGetTreePermission() {
+ PermissionProvider pp = new PermissionProviderImpl(testRoot, testSession.getAuthInfo().getPrincipals(), getSecurityProvider());
+
+ Tree t = root.getTree(PermissionConstants.PERMISSIONS_STORE_PATH);
+ assertSame(TreePermission.EMPTY, pp.getTreePermission(t, TreePermission.ALL));
+ }
+
+ @Test
+ public void testIsGranted() {
+ PermissionProvider pp = new PermissionProviderImpl(testRoot, testSession.getAuthInfo().getPrincipals(), getSecurityProvider());
+
+ Tree t = root.getTree(PermissionConstants.PERMISSIONS_STORE_PATH);
+
+ assertFalse(pp.isGranted(t, null, Permissions.READ));
+ assertFalse(pp.isGranted(t, t.getProperty(JcrConstants.JCR_PRIMARYTYPE), Permissions.READ));
+ }
+
+ @Test
+ public void testIsGrantedAtPath() {
+ PermissionProvider pp = new PermissionProviderImpl(testRoot, testSession.getAuthInfo().getPrincipals(), getSecurityProvider());
+
+ assertFalse(pp.isGranted(PermissionConstants.PERMISSIONS_STORE_PATH, Session.ACTION_READ));
+ assertFalse(pp.isGranted(PermissionConstants.PERMISSIONS_STORE_PATH, Session.ACTION_ADD_NODE));
+ }
+
+ @Test
+ public void testHasPrivilege() {
+ PermissionProvider pp = new PermissionProviderImpl(testRoot, testSession.getAuthInfo().getPrincipals(), getSecurityProvider());
+
+ Tree t = root.getTree(PermissionConstants.PERMISSIONS_STORE_PATH);
+ assertFalse(pp.hasPrivileges(t, PrivilegeConstants.JCR_READ));
+ }
+
+ @Test
+ public void testGetPrivilege() {
+ PermissionProvider pp = new PermissionProviderImpl(testRoot, testSession.getAuthInfo().getPrincipals(), getSecurityProvider());
+
+ Tree t = root.getTree(PermissionConstants.PERMISSIONS_STORE_PATH);
+ Set<String> privilegeNames = pp.getPrivileges(t);
+ assertTrue(privilegeNames.isEmpty());
+ }
+}
\ No newline at end of file