You are viewing a plain text version of this content. The canonical link for it is here.
Posted to oak-commits@jackrabbit.apache.org by an...@apache.org on 2013/02/27 18:06:58 UTC
svn commit: r1450848 - in /jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization: AccessControlManagerImpl.java restriction/PrincipalRestrictionProvider.java restriction/RestrictionProviderImpl.java

Author: angela
Date: Wed Feb 27 17:06:58 2013
New Revision: 1450848

URL: http://svn.apache.org/r1450848
Log:
OAK-51 : Access Control Management (wip, annotations, minor improvement)

Modified:
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlManagerImpl.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/restriction/PrincipalRestrictionProvider.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/restriction/RestrictionProviderImpl.java

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlManagerImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlManagerImpl.java?rev=1450848&r1=1450847&r2=1450848&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlManagerImpl.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlManagerImpl.java Wed Feb 27 17:06:58 2013
@@ -384,8 +384,8 @@ public class AccessControlManagerImpl im
         return ntMgr.isNodeType(tree, nodeTypeName);
     }
 
-    private boolean isACE(@Nonnull Tree tree) {
-        return ntMgr.isNodeType(tree, NT_REP_ACE);
+    private boolean isACE(@Nullable Tree tree) {
+        return tree != null && ntMgr.isNodeType(tree, NT_REP_ACE);
     }
 
     /**
@@ -520,7 +520,7 @@ public class AccessControlManagerImpl im
 
     @Nonnull
     private Set<Privilege> getPrivileges(@Nonnull Tree aceTree) throws RepositoryException {
-        String[] privNames = TreeUtil.getStrings(aceTree, REP_PRIVILEGES);
+        String[] privNames = checkNotNull(TreeUtil.getStrings(aceTree, REP_PRIVILEGES));
         Set<Privilege> privileges = new HashSet<Privilege>(privNames.length);
         for (String name : privNames) {
             privileges.add(privilegeManager.getPrivilege(name));

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/restriction/PrincipalRestrictionProvider.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/restriction/PrincipalRestrictionProvider.java?rev=1450848&r1=1450847&r2=1450848&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/restriction/PrincipalRestrictionProvider.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/restriction/PrincipalRestrictionProvider.java Wed Feb 27 17:06:58 2013
@@ -20,6 +20,7 @@ import java.util.HashSet;
 import java.util.Iterator;
 import java.util.Set;
 import javax.annotation.Nonnull;
+import javax.annotation.Nullable;
 import javax.jcr.PropertyType;
 import javax.jcr.RepositoryException;
 import javax.jcr.Value;
@@ -50,7 +51,7 @@ public class PrincipalRestrictionProvide
 
     @Nonnull
     @Override
-    public Set<RestrictionDefinition> getSupportedRestrictions(String oakPath) {
+    public Set<RestrictionDefinition> getSupportedRestrictions(@Nullable String oakPath) {
         Set<RestrictionDefinition> definitions = new HashSet<RestrictionDefinition>(base.getSupportedRestrictions(oakPath));
         definitions.add(new RestrictionDefinitionImpl(REP_NODE_PATH, PropertyType.PATH, true, namePathMapper));
         return definitions;
@@ -58,12 +59,12 @@ public class PrincipalRestrictionProvide
 
     @Nonnull
     @Override
-    public Restriction createRestriction(String oakPath, @Nonnull String jcrName, @Nonnull Value value) throws RepositoryException {
+    public Restriction createRestriction(@Nullable String oakPath, @Nonnull String jcrName, @Nonnull Value value) throws RepositoryException {
         return base.createRestriction(oakPath, jcrName, value);
     }
 
     @Override
-    public Set<Restriction> readRestrictions(String oakPath, Tree aceTree) {
+    public Set<Restriction> readRestrictions(@Nullable String oakPath, @Nonnull Tree aceTree) {
         Set<Restriction> restrictions = new HashSet<Restriction>(base.readRestrictions(oakPath, aceTree));
         String value = (oakPath == null) ? "" : oakPath;
         PropertyState nodePathProp = PropertyStates.createProperty(REP_NODE_PATH, value, Type.PATH);

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/restriction/RestrictionProviderImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/restriction/RestrictionProviderImpl.java?rev=1450848&r1=1450847&r2=1450848&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/restriction/RestrictionProviderImpl.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/restriction/RestrictionProviderImpl.java Wed Feb 27 17:06:58 2013
@@ -60,7 +60,7 @@ public class RestrictionProviderImpl imp
     @Nonnull
     @Override
     public Set<RestrictionDefinition> getSupportedRestrictions(String oakPath) {
-        if (oakPath == null) {
+        if (isUnsupportedPath(oakPath)) {
             return Collections.emptySet();
         } else {
             return ImmutableSet.copyOf(supported.values());
@@ -69,7 +69,7 @@ public class RestrictionProviderImpl imp
 
     @Override
     public Restriction createRestriction(String oakPath, String jcrName, Value value) throws RepositoryException {
-        if (oakPath == null) {
+        if (isUnsupportedPath(oakPath)) {
             throw new AccessControlException("Unsupported restriction: " + oakPath);
         }
 
@@ -88,7 +88,7 @@ public class RestrictionProviderImpl imp
 
     @Override
     public Set<Restriction> readRestrictions(String oakPath, Tree aceTree) {
-        if (oakPath == null) {
+        if (isUnsupportedPath(oakPath)) {
             return Collections.emptySet();
         } else {
             Set<Restriction> restrictions = new HashSet<Restriction>();
@@ -121,7 +121,7 @@ public class RestrictionProviderImpl imp
     @Override
     public void validateRestrictions(String oakPath, Tree aceTree) throws javax.jcr.security.AccessControlException {
         Map<String, PropertyState> restrictionProperties = getRestrictionProperties(aceTree);
-        if (oakPath == null && !restrictionProperties.isEmpty()) {
+        if (isUnsupportedPath(oakPath) && !restrictionProperties.isEmpty()) {
             throw new AccessControlException("Restrictions not supported with 'null' path.");
         }
         for (Map.Entry<String, PropertyState> entry : restrictionProperties.entrySet()) {
@@ -175,4 +175,8 @@ public class RestrictionProviderImpl imp
         return !AccessControlConstants.ACE_PROPERTY_NAMES.contains(propertyName) &&
                 !NamespaceRegistry.PREFIX_JCR.equals(Text.getNamespacePrefix(propertyName));
     }
+
+    private static boolean isUnsupportedPath(String oakPath) {
+        return oakPath == null;
+    }
 }