You are viewing a plain text version of this content. The canonical link for it is here.
Posted to oak-commits@jackrabbit.apache.org by an...@apache.org on 2012/08/10 11:49:56 UTC
svn commit: r1371628 - in
/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization:
PermissionValidator.java PermissionValidatorProvider.java
Author: angela
Date: Fri Aug 10 09:49:55 2012
New Revision: 1371628
URL: http://svn.apache.org/viewvc?rev=1371628&view=rev
Log:
OAK-51 : Implement JCR Access Control Management (work in progress)
Modified:
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/PermissionValidator.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/PermissionValidatorProvider.java
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/PermissionValidator.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/PermissionValidator.java?rev=1371628&r1=1371627&r2=1371628&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/PermissionValidator.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/PermissionValidator.java Fri Aug 10 09:49:55 2012
@@ -36,13 +36,12 @@ import org.apache.jackrabbit.util.Text;
/**
* PermissionValidator... TODO
*/
-public class PermissionValidator implements Validator {
+class PermissionValidator implements Validator {
/* TODO
* - special permissions for protected items (versioning, access control, etc.)
* - Renaming nodes or Move with same parent are reflected as remove+add -> needs special handling
* - review usage of OAK_CHILD_ORDER property (in particular if the property was removed
- *
*/
private final CompiledPermissions compiledPermissions;
@@ -115,11 +114,12 @@ public class PermissionValidator impleme
permission = Permissions.NODE_TYPE_DEFINITION_MANAGEMENT;
} else if (isPrivilegeDefinition(parentPath)) {
permission = Permissions.PRIVILEGE_MANAGEMENT;
- } else if (isAccessControl(parent, property)) {
+ } else if (isAccessControl(parent)) {
permission = Permissions.MODIFY_ACCESS_CONTROL;
+ } else if (isVersion(parent)) {
+ permission = Permissions.VERSION_MANAGEMENT;
} else {
// TODO: identify specific permission depending on type of protection
- // - version property -> version management
// - user/group property -> user management
permission = defaultPermission;
}
@@ -139,16 +139,18 @@ public class PermissionValidator impleme
permission = Permissions.PRIVILEGE_MANAGEMENT;
} else if (isAccessControl(tree)) {
permission = Permissions.MODIFY_ACCESS_CONTROL;
+ } else if (isVersion(tree)) {
+ permission = Permissions.VERSION_MANAGEMENT;
} else {
// TODO: identify specific permission depending on additional types of protection
- // - versioning -> version management
// - user/group -> user management
// - workspace management ???
+ // TODO: identify renaming/move of nodes that only required MODIFY_CHILD_NODE_COLLECTION permission
permission = defaultPermission;
}
if (Permissions.isRepositoryPermissions(permission)) {
- checkPermissions((String) null, permission);
+ checkPermissions(null, permission);
return null; // no need for further validation down the subtree
} else {
checkPermissions(path, permission);
@@ -169,8 +171,8 @@ public class PermissionValidator impleme
return false;
}
- private static boolean isAccessControl(Tree parent, PropertyState property) {
- // TODO: depends on ac-model
+ private static boolean isVersion(Tree parent) {
+ // TODO: add implementation
return false;
}
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/PermissionValidatorProvider.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/PermissionValidatorProvider.java?rev=1371628&r1=1371627&r2=1371628&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/PermissionValidatorProvider.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/PermissionValidatorProvider.java Fri Aug 10 09:49:55 2012
@@ -23,19 +23,12 @@ import org.apache.jackrabbit.oak.spi.com
import org.apache.jackrabbit.oak.spi.commit.ValidatorProvider;
import org.apache.jackrabbit.oak.spi.security.authorization.AccessControlContext;
import org.apache.jackrabbit.oak.spi.state.NodeState;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
/**
* PermissionValidatorProvider... TODO
*/
public class PermissionValidatorProvider implements ValidatorProvider {
- /**
- * logger instance
- */
- private static final Logger log = LoggerFactory.getLogger(PermissionValidatorProvider.class);
-
private final AccessControlContext acContext = null; // TODO
//--------------------------------------------------< ValidatorProvider >---