You are viewing a plain text version of this content. The canonical link for it is here.
Posted to oak-commits@jackrabbit.apache.org by an...@apache.org on 2013/07/31 11:11:30 UTC
svn commit: r1508779 - in /jackrabbit/oak/trunk/oak-core/src:
main/java/org/apache/jackrabbit/oak/security/user/
test/java/org/apache/jackrabbit/oak/security/user/
Author: angela
Date: Wed Jul 31 09:11:29 2013
New Revision: 1508779
URL: http://svn.apache.org/r1508779
Log:
OAK-50: user mgt
- consistency of everyone group -> add tests and fixes
Added:
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/EveryoneGroupTest.java
Modified:
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/AuthorizableImpl.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/GroupImpl.java
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/AuthorizableImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/AuthorizableImpl.java?rev=1508779&r1=1508778&r2=1508779&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/AuthorizableImpl.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/AuthorizableImpl.java Wed Jul 31 09:11:29 2013
@@ -22,6 +22,8 @@ import javax.annotation.Nonnull;
import javax.jcr.RepositoryException;
import javax.jcr.Value;
+import com.google.common.collect.ImmutableSet;
+import com.google.common.collect.Iterators;
import org.apache.jackrabbit.api.security.user.Authorizable;
import org.apache.jackrabbit.api.security.user.Group;
import org.apache.jackrabbit.api.security.user.User;
@@ -251,6 +253,12 @@ abstract class AuthorizableImpl implemen
MembershipProvider mMgr = getMembershipProvider();
Iterator<String> oakPaths = mMgr.getMembership(getTree(), includeInherited);
+
+ Authorizable everyoneGroup = userManager.getAuthorizable(EveryonePrincipal.getInstance());
+ if (everyoneGroup != null && everyoneGroup instanceof GroupImpl) {
+ String everyonePath = ((GroupImpl) everyoneGroup).getTree().getPath();
+ oakPaths = Iterators.concat(oakPaths, ImmutableSet.of(everyonePath).iterator());
+ }
if (oakPaths.hasNext()) {
AuthorizableIterator groups = AuthorizableIterator.create(oakPaths, userManager, AuthorizableType.GROUP);
return new RangeIteratorAdapter(groups, groups.getSize());
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/GroupImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/GroupImpl.java?rev=1508779&r1=1508778&r2=1508779&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/GroupImpl.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/GroupImpl.java Wed Jul 31 09:11:29 2013
@@ -19,9 +19,11 @@ package org.apache.jackrabbit.oak.securi
import java.security.Principal;
import java.util.Enumeration;
import java.util.Iterator;
+import javax.annotation.Nullable;
import javax.jcr.RepositoryException;
import com.google.common.base.Function;
+import com.google.common.base.Predicate;
import com.google.common.base.Predicates;
import com.google.common.collect.Iterators;
import org.apache.jackrabbit.api.security.user.Authorizable;
@@ -169,7 +171,25 @@ class GroupImpl extends AuthorizableImpl
UserManagerImpl userMgr = getUserManager();
if (isEveryone()) {
String propName = getUserManager().getNamePathMapper().getJcrName((REP_PRINCIPAL_NAME));
- return userMgr.findAuthorizables(propName, null, UserManager.SEARCH_TYPE_AUTHORIZABLE);
+ return Iterators.filter(
+ userMgr.findAuthorizables(propName, null, UserManager.SEARCH_TYPE_AUTHORIZABLE),
+ new Predicate<Authorizable>() {
+ @Override
+ public boolean apply(@Nullable Authorizable authorizable) {
+ if (authorizable == null) {
+ return false;
+ }
+ if (authorizable.isGroup()) {
+ try {
+ return !((GroupImpl) authorizable).isEveryone();
+ } catch (RepositoryException e) {
+ log.warn("Unable to evaluate if authorizable is the 'everyone' group.", e);
+ }
+ }
+ return true;
+ }
+ }
+ );
} else {
Iterator oakPaths = getMembershipProvider().getMembers(getTree(), AuthorizableType.AUTHORIZABLE, includeInherited);
if (oakPaths.hasNext()) {
@@ -196,10 +216,10 @@ class GroupImpl extends AuthorizableImpl
return false;
}
- if (isEveryone()) {
- return true;
- } else if (getID().equals(authorizable.getID())) {
+ if (getID().equals(authorizable.getID())) {
return false;
+ } else if (isEveryone()) {
+ return true;
} else {
Tree authorizableTree = ((AuthorizableImpl) authorizable).getTree();
MembershipProvider mgr = getUserManager().getMembershipProvider();
Added: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/EveryoneGroupTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/EveryoneGroupTest.java?rev=1508779&view=auto
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/EveryoneGroupTest.java (added)
+++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/EveryoneGroupTest.java Wed Jul 31 09:11:29 2013
@@ -0,0 +1,174 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.oak.security.user;
+
+import java.util.HashSet;
+import java.util.Iterator;
+import java.util.Set;
+
+import com.google.common.collect.ImmutableSet;
+import org.apache.jackrabbit.api.security.user.Authorizable;
+import org.apache.jackrabbit.api.security.user.Group;
+import org.apache.jackrabbit.api.security.user.UserManager;
+import org.apache.jackrabbit.oak.AbstractSecurityTest;
+import org.apache.jackrabbit.oak.spi.security.principal.EveryonePrincipal;
+import org.junit.Test;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertFalse;
+import static org.junit.Assert.assertTrue;
+
+/**
+ * Testing special behavior of the everyone group.
+ *
+ * @since OAK 1.0
+ */
+public class EveryoneGroupTest extends AbstractSecurityTest {
+
+ private Group everyoneGroup;
+ private Set<Authorizable> authorizables;
+
+ @Override
+ public void before() throws Exception {
+ super.before();
+
+ UserManager userMgr = getUserManager(root);
+ everyoneGroup = userMgr.createGroup(EveryonePrincipal.getInstance());
+
+ authorizables = new HashSet<Authorizable>(2);
+ authorizables.add(userMgr.createGroup("testGroup"));
+ authorizables.add(userMgr.createUser("testUser", "pw"));
+ root.commit();
+ }
+
+ @Override
+ public void after() throws Exception {
+ try {
+ if (everyoneGroup != null) {
+ everyoneGroup.remove();
+ }
+ for (Authorizable a : authorizables) {
+ a.remove();
+ }
+ root.commit();
+ } finally {
+ super.after();
+ }
+ }
+
+ @Test
+ public void testGetPrincipal() throws Exception {
+ assertEquals(EveryonePrincipal.getInstance(), everyoneGroup.getPrincipal());
+ assertEquals(EveryonePrincipal.NAME, everyoneGroup.getPrincipal().getName());
+ }
+
+ @Test
+ public void testEveryoneIsMember() throws Exception {
+ assertFalse(everyoneGroup.isMember(everyoneGroup));
+ }
+
+ @Test
+ public void testEveryoneIsDeclaredMember() throws Exception {
+ assertFalse(everyoneGroup.isDeclaredMember(everyoneGroup));
+ }
+
+ @Test
+ public void testIsMember() throws Exception {
+ for (Authorizable a : authorizables) {
+ assertTrue(everyoneGroup.isMember(a));
+ }
+ }
+
+ @Test
+ public void testIsDeclaredMember() throws Exception {
+ for (Authorizable a : authorizables) {
+ assertTrue(everyoneGroup.isDeclaredMember(a));
+ }
+ }
+
+ @Test
+ public void testGetMembers() throws Exception {
+ Set<Authorizable> members = ImmutableSet.copyOf(everyoneGroup.getMembers());
+
+ assertFalse(members.contains(everyoneGroup));
+ for (Authorizable a : authorizables) {
+ assertTrue(members.contains(a));
+ }
+ }
+
+ @Test
+ public void testGetDeclaredMembers() throws Exception {
+ Set<Authorizable> members = ImmutableSet.copyOf(everyoneGroup.getDeclaredMembers());
+
+ assertFalse(members.contains(everyoneGroup));
+ for (Authorizable a : authorizables) {
+ assertTrue(members.contains(a));
+ }
+ }
+
+ @Test
+ public void testAddEveryoneAsMember() throws Exception {
+ assertFalse(everyoneGroup.addMember(everyoneGroup));
+ }
+
+ @Test
+ public void testAddMember() throws Exception {
+ for (Authorizable a : authorizables) {
+ assertFalse(everyoneGroup.addMember(a));
+ }
+ }
+
+ @Test
+ public void testRemoveEveryoneFromMembers() throws Exception {
+ assertFalse(everyoneGroup.removeMember(everyoneGroup));
+ }
+
+ @Test
+ public void testRemoveMember() throws Exception {
+ for (Authorizable a : authorizables) {
+ assertFalse(everyoneGroup.removeMember(a));
+ }
+ }
+
+ @Test
+ public void testEveryoneMemberOf() throws Exception {
+ Iterator<Group> groups = everyoneGroup.memberOf();
+ assertFalse(groups.hasNext());
+ }
+
+ @Test
+ public void testEveryoneDeclaredMemberOf() throws Exception {
+ Iterator<Group> groups = everyoneGroup.declaredMemberOf();
+ assertFalse(groups.hasNext());
+ }
+
+ @Test
+ public void testMemberOfIncludesEveryone() throws Exception {
+ for (Authorizable a : authorizables) {
+ Set<Group> groups = ImmutableSet.copyOf(a.memberOf());
+ assertTrue(groups.contains(everyoneGroup));
+ }
+ }
+
+ @Test
+ public void testDeclaredMemberOfIncludesEveryone() throws Exception {
+ for (Authorizable a : authorizables) {
+ Set<Group> groups = ImmutableSet.copyOf(a.declaredMemberOf());
+ assertTrue(groups.contains(everyoneGroup));
+ }
+ }
+}
\ No newline at end of file