You are viewing a plain text version of this content. The canonical link for it is here.
Posted to oak-commits@jackrabbit.apache.org by an...@apache.org on 2013/10/31 15:24:13 UTC
svn commit: r1537502 -
/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/CompiledPermissionImpl.java
Author: angela
Date: Thu Oct 31 14:24:13 2013
New Revision: 1537502
URL: http://svn.apache.org/r1537502
Log:
OAK-527: permissions (wip)
Modified:
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/CompiledPermissionImpl.java
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/CompiledPermissionImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/CompiledPermissionImpl.java?rev=1537502&r1=1537501&r2=1537502&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/CompiledPermissionImpl.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/CompiledPermissionImpl.java Thu Oct 31 14:24:13 2013
@@ -50,7 +50,6 @@ import org.apache.jackrabbit.oak.spi.sec
import org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeBits;
import org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeBitsProvider;
import org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeConstants;
-import org.apache.jackrabbit.oak.util.TreeLocation;
import org.apache.jackrabbit.oak.util.TreeUtil;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -194,8 +193,8 @@ final class CompiledPermissionImpl imple
if (VersionConstants.VERSION_STORE_NT_NAMES.contains(ntName) || VersionConstants.NT_ACTIVITY.equals(ntName)) {
return new TreePermissionImpl(tree, TreeTypeProvider.TYPE_VERSION, parentPermission);
} else {
- TreeLocation tl = getLocation(tree, null);
- if (tl == null) {
+ Tree versionableTree = getVersionableTree(tree);
+ if (versionableTree == null) {
log.warn("Cannot retrieve versionable node for " + tree.getPath());
return TreePermission.EMPTY;
} else {
@@ -203,17 +202,11 @@ final class CompiledPermissionImpl imple
// TODO that would match the path of the versionable node
// TODO (or item in the subtree) but that item no longer exists
// TODO -> evaluation by path would be more accurate (-> see #isGranted)
- while (!tl.exists() || tl.getProperty() != null) {
- tl = tl.getParent();
- }
- Tree versionableTree = tl.getTree();
- if (versionableTree == null) {
- log.warn("Cannot retrieve versionable tree for {0}; versionable location {1} does not resolve to an existing tree.", tree.getPath(), tl.getPath());
- return TreePermission.EMPTY;
- } else {
- TreePermission pp = getParentPermission(versionableTree, TreeTypeProvider.TYPE_VERSION);
- return new TreePermissionImpl(versionableTree, TreeTypeProvider.TYPE_VERSION, pp);
+ while (!versionableTree.exists()) {
+ versionableTree = versionableTree.getParent();
}
+ TreePermission pp = getParentPermission(versionableTree, TreeTypeProvider.TYPE_VERSION);
+ return new TreePermissionImpl(versionableTree, TreeTypeProvider.TYPE_VERSION, pp);
}
}
case TreeTypeProvider.TYPE_PERMISSION_STORE:
@@ -247,18 +240,21 @@ final class CompiledPermissionImpl imple
// TODO: OAK-753 decide on where to filter out hidden items.
return true;
case TreeTypeProvider.TYPE_VERSION:
- TreeLocation location = getLocation(tree, property);
- if (location == null) {
+ Tree versionableTree = getVersionableTree(tree);
+ if (versionableTree == null) {
// unable to determine the location of the versionable item -> deny access.
return false;
}
- Tree versionableTree = (property == null) ? location.getTree() : location.getParent().getTree();
- if (versionableTree != null) {
+ if (versionableTree.exists()) {
return internalIsGranted(versionableTree, property, permissions);
} else {
// versionable node does not exist (anymore) in this workspace;
// use best effort calculation based on the item path.
- return isGranted(location.getPath(), permissions);
+ String path = versionableTree.getPath();
+ if (property != null) {
+ path = PathUtils.concat(path, property.getName());
+ }
+ return isGranted(path, permissions);
}
case TreeTypeProvider.TYPE_PERMISSION_STORE:
return false;
@@ -364,17 +360,13 @@ final class CompiledPermissionImpl imple
case TreeTypeProvider.TYPE_HIDDEN:
return PrivilegeBits.EMPTY;
case TreeTypeProvider.TYPE_VERSION:
- TreeLocation location = getLocation(tree, null);
- if (location == null) {
+ Tree versionableTree = getVersionableTree(tree);
+ if (versionableTree == null || !versionableTree.exists()) {
// unable to determine the location of the versionable item -> deny access.
- return PrivilegeBits.EMPTY;
- }
- Tree versionableTree = location.getTree();
- if (versionableTree != null) {
- return getPrivilegeBits(tree);
- } else {
// TODO : add proper handling for cases where the versionable node does not exist (anymore)
return PrivilegeBits.EMPTY;
+ } else {
+ return getPrivilegeBits(versionableTree);
}
case TreeTypeProvider.TYPE_PERMISSION_STORE:
return PrivilegeBits.EMPTY;
@@ -417,9 +409,8 @@ final class CompiledPermissionImpl imple
}
@CheckForNull
- private TreeLocation getLocation(@Nonnull Tree versionStoreTree, @Nullable PropertyState property) {
+ private Tree getVersionableTree(@Nonnull Tree versionStoreTree) {
String relPath = "";
- String propName = (property == null) ? "" : property.getName();
String versionablePath = null;
Tree t = versionStoreTree;
while (t.exists() && !t.isRoot() && !VersionConstants.VERSION_STORE_ROOT_NAMES.contains(t.getName())) {
@@ -429,27 +420,27 @@ final class CompiledPermissionImpl imple
} else if (JcrConstants.NT_VERSIONHISTORY.equals(ntName)) {
PropertyState prop = t.getProperty(workspaceName);
if (prop != null) {
- versionablePath = PathUtils.concat(prop.getValue(Type.PATH), relPath, propName);
+ versionablePath = PathUtils.concat(prop.getValue(Type.PATH), relPath);
}
- return PermissionUtil.createLocation(root, versionablePath);
+ return (versionablePath == null) ? null : root.getTree(versionablePath);
} else if (VersionConstants.NT_CONFIGURATION.equals(ntName)) {
String rootId = TreeUtil.getString(t, VersionConstants.JCR_ROOT);
if (rootId != null) {
versionablePath = new IdentifierManager(root).getPath(rootId);
- return PermissionUtil.createLocation(root, versionablePath);
+ return (versionablePath == null) ? null : root.getTree(versionablePath);
} else {
log.error("Missing mandatory property jcr:root with configuration node.");
return null;
}
} else if (VersionConstants.NT_ACTIVITY.equals(ntName)) {
- return PermissionUtil.createLocation(versionStoreTree, property);
+ return versionStoreTree;
}
t = t.getParent();
}
// intermediate node in the version, configuration or activity store that
// matches none of the special conditions checked above -> regular permission eval.
- return PermissionUtil.createLocation(versionStoreTree, property);
+ return versionStoreTree;
}
private final class TreePermissionImpl implements TreePermission {