svn commit: r1371628 - in /jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization: PermissionValidator.java PermissionValidatorProvider.java

[an...@apache.org]

Author: angela
Date: Fri Aug 10 09:49:55 2012
New Revision: 1371628

URL: http://svn.apache.org/viewvc?rev=1371628&view=rev
Log:
OAK-51 : Implement JCR Access Control Management  (work in progress)

Modified:
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/PermissionValidator.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/PermissionValidatorProvider.java

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/PermissionValidator.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/PermissionValidator.java?rev=1371628&r1=1371627&r2=1371628&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/PermissionValidator.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/PermissionValidator.java Fri Aug 10 09:49:55 2012
@@ -36,13 +36,12 @@ import org.apache.jackrabbit.util.Text;
 /**
  * PermissionValidator... TODO
  */
-public class PermissionValidator implements Validator {
+class PermissionValidator implements Validator {
 
     /* TODO
      * - special permissions for protected items (versioning, access control, etc.)
      * - Renaming nodes or Move with same parent are reflected as remove+add -> needs special handling
      * - review usage of OAK_CHILD_ORDER property (in particular if the property was removed
-     *
      */
 
     private final CompiledPermissions compiledPermissions;
@@ -115,11 +114,12 @@ public class PermissionValidator impleme
             permission = Permissions.NODE_TYPE_DEFINITION_MANAGEMENT;
         } else if (isPrivilegeDefinition(parentPath)) {
             permission = Permissions.PRIVILEGE_MANAGEMENT;
-        } else if (isAccessControl(parent, property)) {
+        } else if (isAccessControl(parent)) {
             permission = Permissions.MODIFY_ACCESS_CONTROL;
+        } else if (isVersion(parent)) {
+            permission = Permissions.VERSION_MANAGEMENT;
         } else {
             // TODO: identify specific permission depending on type of protection
-            // - version property -> version management
             // - user/group property -> user management
             permission = defaultPermission;
         }
@@ -139,16 +139,18 @@ public class PermissionValidator impleme
             permission = Permissions.PRIVILEGE_MANAGEMENT;
         } else if (isAccessControl(tree)) {
             permission = Permissions.MODIFY_ACCESS_CONTROL;
+        } else if (isVersion(tree)) {
+            permission = Permissions.VERSION_MANAGEMENT;
         } else {
             // TODO: identify specific permission depending on additional types of protection
-            // - versioning -> version management
             // - user/group -> user management
             // - workspace management ???
+            // TODO: identify renaming/move of nodes that only required MODIFY_CHILD_NODE_COLLECTION permission
             permission = defaultPermission;
         }
 
         if (Permissions.isRepositoryPermissions(permission)) {
-            checkPermissions((String) null, permission);
+            checkPermissions(null, permission);
             return null; // no need for further validation down the subtree
         } else {
             checkPermissions(path, permission);
@@ -169,8 +171,8 @@ public class PermissionValidator impleme
         return false;
     }
 
-    private static boolean isAccessControl(Tree parent, PropertyState property) {
-        // TODO: depends on ac-model
+    private static boolean isVersion(Tree parent) {
+        // TODO: add implementation
         return false;
     }
 

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/PermissionValidatorProvider.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/PermissionValidatorProvider.java?rev=1371628&r1=1371627&r2=1371628&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/PermissionValidatorProvider.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/PermissionValidatorProvider.java Fri Aug 10 09:49:55 2012
@@ -23,19 +23,12 @@ import org.apache.jackrabbit.oak.spi.com
 import org.apache.jackrabbit.oak.spi.commit.ValidatorProvider;
 import org.apache.jackrabbit.oak.spi.security.authorization.AccessControlContext;
 import org.apache.jackrabbit.oak.spi.state.NodeState;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
 
 /**
  * PermissionValidatorProvider... TODO
  */
 public class PermissionValidatorProvider implements ValidatorProvider {
 
-    /**
-     * logger instance
-     */
-    private static final Logger log = LoggerFactory.getLogger(PermissionValidatorProvider.class);
-
     private final AccessControlContext acContext = null; // TODO
 
     //--------------------------------------------------< ValidatorProvider >---