You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@jackrabbit.apache.org by an...@apache.org on 2015/07/29 12:20:35 UTC
svn commit: r1693235 - in /jackrabbit/trunk:
jackrabbit-api/src/main/java/org/apache/jackrabbit/api/
jackrabbit-core/src/main/java/org/apache/jackrabbit/core/
jackrabbit-core/src/test/java/org/apache/jackrabbit/core/integration/
jackrabbit-core/src/tes...
Author: angela
Date: Wed Jul 29 10:20:34 2015
New Revision: 1693235
URL: http://svn.apache.org/r1693235
Log:
JCR-3885 : Extend set of Actions in JackrabbitSession to reflect other operations than regular read/write
Modified:
jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/JackrabbitSession.java
jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/SessionImpl.java
jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/integration/SessionImplTest.java
jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/UserImporterTest.java
Modified: jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/JackrabbitSession.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/JackrabbitSession.java?rev=1693235&r1=1693234&r2=1693235&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/JackrabbitSession.java (original)
+++ jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/JackrabbitSession.java Wed Jul 29 10:20:34 2015
@@ -19,17 +19,176 @@ package org.apache.jackrabbit.api;
import org.apache.jackrabbit.api.security.user.UserManager;
import org.apache.jackrabbit.api.security.principal.PrincipalManager;
+import javax.annotation.Nonnull;
import javax.jcr.Session;
import javax.jcr.AccessDeniedException;
import javax.jcr.RepositoryException;
import javax.jcr.UnsupportedRepositoryOperationException;
/**
- * <code>JackrabbitSession</code>...
+ * Jackrabbit specific extension of the JCR {@link javax.jcr.Session} interface.
*/
public interface JackrabbitSession extends Session {
/**
+ * A constant representing the {@code add_property} action string, used to
+ * determine if this {@code Session} has permission to add a new property.
+ *
+ * @see #hasPermission(String, String...)
+ */
+ String ACTION_ADD_PROPERTY = "add_property";
+
+ /**
+ * A constant representing the {@code modify_property} action string, used to
+ * determine if this {@code Session} has permission to modify a property.
+ *
+ * @see #hasPermission(String, String...)
+ */
+ String ACTION_MODIFY_PROPERTY = "modify_property";
+
+ /**
+ * A constant representing the {@code remove_property} action string, used to
+ * determine if this {@code Session} has permission to remove a property.
+ *
+ * @see #hasPermission(String, String...)
+ */
+ String ACTION_REMOVE_PROPERTY = "remove_property";
+
+ /**
+ * A constant representing the {@code remove_node} action string, used to
+ * determine if this {@code Session} has permission to remove a node.
+ *
+ * @see #hasPermission(String, String...)
+ */
+ String ACTION_REMOVE_NODE = "remove_node";
+
+ /**
+ * A constant representing the {@code node_type_management} action string,
+ * used to determine if this {@code Session} has permission to write
+ * node type information of a node.
+ *
+ * @see #hasPermission(String, String...)
+ */
+ String ACTION_NODE_TYPE_MANAGEMENT = "node_type_management";
+
+ /**
+ * A constant representing the {@code versioning} action string,
+ * used to determine if this {@code Session} has permission to perform
+ * version operations on a node.
+ *
+ * @see #hasPermission(String, String...)
+ */
+ String ACTION_VERSIONING = "versioning";
+
+ /**
+ * A constant representing the {@code locking} action string,
+ * used to determine if this {@code Session} has permission to lock or
+ * unlock a node.
+ *
+ * @see #hasPermission(String, String...)
+ */
+ String ACTION_LOCKING = "locking";
+
+ /**
+ * A constant representing the {@code read_access_control} action string,
+ * used to determine if this {@code Session} has permission to read
+ * access control content at the given path.
+ *
+ * @see #hasPermission(String, String...)
+ */
+ String ACTION_READ_ACCESS_CONTROL = "read_access_control";
+
+ /**
+ * A constant representing the {@code modify_access_control} action string,
+ * used to determine if this {@code Session} has permission to modify
+ * access control content at the given path.
+ *
+ * @see #hasPermission(String, String...)
+ */
+ String ACTION_MODIFY_ACCESS_CONTROL = "modify_access_control";
+
+ /**
+ * A constant representing the {@code user_management} action string,
+ * used to determine if this {@code Session} has permission to perform
+ * user management operations at the given path.
+ *
+ * @see #hasPermission(String, String...)
+ */
+ String ACTION_USER_MANAGEMENT = "user_management";
+
+ /**
+ * Returns {@code true} if this {@code Session} has permission to
+ * perform the specified actions at the specified {@code absPath} and
+ * {@code false} otherwise.
+ * <p>
+ * The {@code actions} parameter is a list of action strings. Apart
+ * from the actions defined on {@link Session}, this variant also allows
+ * to specify the following additional actions to provide better permission
+ * discovery:
+ * <ul>
+ * <li> {@link
+ * #ACTION_ADD_PROPERTY {@code add_property}: If {@code hasPermission(path,
+ * "add_property")} returns {@code true}, then this {@code Session} has
+ * permission to add a new property at {@code path}.</li>
+ * <li> {@link #ACTION_MODIFY_PROPERTY {@code modify_property}}: If
+ * {@code hasPermission(path, "modify_property")} returns
+ * {@code true}, then this {@code Session} has permission to change
+ * a property at {@code path}. </li>
+ * <li> {@link
+ * #ACTION_REMOVE_PROPERTY {@code remove_property}}: If {@code hasPermission(path,
+ * "remove_property")} returns {@code true}, then this {@code Session} has
+ * permission to remove a property at {@code path}. </li>
+ * <li> {@link #ACTION_REMOVE_NODE {@code remove_node}}: If
+ * {@code hasPermission(path, "remove_node")} returns {@code true}, then
+ * this {@code Session} has permission to remove a node at {@code path}. </li>
+ * <li> {@link #ACTION_NODE_TYPE_MANAGEMENT {@code node_type_management}}: If
+ * {@code hasPermission(path, "node_type_management")} returns {@code true}, then
+ * this {@code Session} has permission to explicitly set or change the node type
+ * information associated with a node at {@code path}. </li>
+ * <li> {@link #ACTION_VERSIONING {@code versioning}}: If
+ * {@code hasPermission(path, "versioning")} returns {@code true}, then
+ * this {@code Session} has permission to perform version related operations
+ * on a node at {@code path}. </li>
+ * <li> {@link #ACTION_LOCKING {@code locking}}: If
+ * {@code hasPermission(path, "locking")} returns {@code true}, then
+ * this {@code Session} has permission to lock and unlock a node at {@code path}. </li>
+ * <li> {@link #ACTION_READ_ACCESS_CONTROL {@code read_access_control}}: If
+ * {@code hasPermission(path, "read_access_control")} returns {@code true}, then
+ * this {@code Session} has permission to read access control content stored
+ * at an item at {@code path}. </li>
+ * <li> {@link #ACTION_MODIFY_ACCESS_CONTROL {@code modify_access_control}}: If
+ * {@code hasPermission(path, "modify_access_control")} returns {@code true}, then
+ * this {@code Session} has permission to modify access control content
+ * at an item at {@code path}. </li>
+ * <li> {@link #ACTION_USER_MANAGEMENT {@code user_management}}: If
+ * {@code hasPermission(path, "user_management")} returns {@code true}, then
+ * this {@code Session} has permission to perform user management operations
+ * at an item at {@code path}. </li>
+ * </ul>
+ *
+ * When more than one action is specified, this method will only return
+ * {@code true} if this {@code Session} has permission to perform <i>all</i>
+ * of the listed actions at the specified path.
+ * <p>
+ * The information returned through this method will only reflect the permission
+ * status (both JCR defined and implementation-specific) and not
+ * other restrictions that may exist, such as node type or other
+ * implementation enforced constraints. For example, even though
+ * {@code hasPermission} may indicate that a particular {@code Session} may
+ * add a property at {@code /A/B/C}, the node type of the node at {@code /A/B}
+ * may prevent the addition of a property called {@code C}.
+ *
+ * @param absPath an absolute path.
+ * @param actions one or serveral actions.
+ * @return {@code true} if this {@code Session} has permission to
+ * perform the specified actions at the specified
+ * {@code absPath}.
+ * @throws RepositoryException if an error occurs.
+ * @see {@link Session#hasPermission(String, String)}
+ */
+ public boolean hasPermission(@Nonnull String absPath, @Nonnull String... actions) throws RepositoryException;
+
+ /**
* Returns the <code>PrincipalManager</code> for the current <code>Session</code>.
*
* @return the <code>PrincipalManager</code> associated with this <code>Session</code>.
Modified: jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/SessionImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/SessionImpl.java?rev=1693235&r1=1693234&r2=1693235&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/SessionImpl.java (original)
+++ jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/SessionImpl.java Wed Jul 29 10:20:34 2015
@@ -677,6 +677,14 @@ public class SessionImpl extends Abstrac
//----------------------------------------------------< JackrabbitSession >
/**
+ * @see JackrabbitSession#hasPermission(String, String...)
+ */
+ @Override
+ public boolean hasPermission(String absPath, String... actions) throws RepositoryException {
+ return hasPermission(absPath, Text.implode(actions, ","));
+ }
+
+ /**
* @see JackrabbitSession#getPrincipalManager()
*/
public PrincipalManager getPrincipalManager() throws RepositoryException, AccessDeniedException {
Modified: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/integration/SessionImplTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/integration/SessionImplTest.java?rev=1693235&r1=1693234&r2=1693235&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/integration/SessionImplTest.java (original)
+++ jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/integration/SessionImplTest.java Wed Jul 29 10:20:34 2015
@@ -25,6 +25,7 @@ import javax.jcr.Session;
import javax.jcr.SimpleCredentials;
import javax.security.auth.Subject;
+import org.apache.jackrabbit.api.JackrabbitSession;
import org.apache.jackrabbit.core.RepositoryImpl;
import org.apache.jackrabbit.core.SessionImpl;
import org.apache.jackrabbit.core.id.NodeId;
@@ -174,4 +175,31 @@ public class SessionImplTest extends Abs
assertFalse(superuser.itemExists(dummyPath));
assertFalse(superuser.nodeExists(dummyPath));
}
+
+ /**
+ * @see <a href="https://issues.apache.org/jira/browse/JCR-3885">JCR-3885</a>
+ */
+ public void testSessionHasPermission() throws Exception {
+ JackrabbitSession js = (JackrabbitSession) superuser;
+
+ assertEquals(superuser.hasPermission("/", Session.ACTION_READ), js.hasPermission("/", new String[] {Session.ACTION_READ}));
+ assertEquals(superuser.hasPermission("/", Session.ACTION_READ + "," + Session.ACTION_ADD_NODE) , js.hasPermission("/", Session.ACTION_READ, Session.ACTION_ADD_NODE));
+
+ try {
+ js.hasPermission("/", new String[0]);
+ fail();
+ } catch (IllegalArgumentException e) {
+ // success
+ }
+
+ try {
+ js.hasPermission("/", new String[] {""});
+ fail();
+ } catch (IllegalArgumentException e) {
+ // success
+ }
+
+ // note: that's a bit unexpected
+ assertEquals(superuser.hasPermission("/", ",,"), js.hasPermission("/", "", "", ""));
+ }
}
Modified: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/UserImporterTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/UserImporterTest.java?rev=1693235&r1=1693234&r2=1693235&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/UserImporterTest.java (original)
+++ jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/UserImporterTest.java Wed Jul 29 10:20:34 2015
@@ -1582,6 +1582,11 @@ public class UserImporterTest extends Ab
private DummySession() {
}
+ @Override
+ public boolean hasPermission(String absPath, String... actions) throws RepositoryException {
+ return false;
+ }
+
public PrincipalManager getPrincipalManager() throws AccessDeniedException, UnsupportedRepositoryOperationException, RepositoryException {
return null;
}