You are viewing a plain text version of this content. The canonical link for it is here.
Posted to oak-commits@jackrabbit.apache.org by ju...@apache.org on 2013/12/19 18:51:06 UTC
svn commit: r1552379 - in
/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission:
MoveAwarePermissionValidator.java PermissionValidator.java
PermissionValidatorProvider.java
Author: jukka
Date: Thu Dec 19 17:51:05 2013
New Revision: 1552379
URL: http://svn.apache.org/r1552379
Log:
OAK-1296: Use TypePredicate instead of NodeType.isNodeType() for NodeState type checks
Adjust PermissionValidator to use TypePredicate
Modified:
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/MoveAwarePermissionValidator.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionValidator.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionValidatorProvider.java
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/MoveAwarePermissionValidator.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/MoveAwarePermissionValidator.java?rev=1552379&r1=1552378&r2=1552379&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/MoveAwarePermissionValidator.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/MoveAwarePermissionValidator.java Thu Dec 19 17:51:05 2013
@@ -23,6 +23,7 @@ import org.apache.jackrabbit.oak.api.Com
import org.apache.jackrabbit.oak.api.Tree;
import org.apache.jackrabbit.oak.core.ImmutableRoot;
import org.apache.jackrabbit.oak.core.ImmutableTree;
+import org.apache.jackrabbit.oak.core.TreeTypeProvider;
import org.apache.jackrabbit.oak.spi.commit.EditorDiff;
import org.apache.jackrabbit.oak.spi.commit.MoveTracker;
import org.apache.jackrabbit.oak.spi.commit.Validator;
@@ -41,13 +42,14 @@ public class MoveAwarePermissionValidato
private final MoveContext moveCtx;
- MoveAwarePermissionValidator(@Nonnull ImmutableTree rootTreeBefore,
- @Nonnull ImmutableTree rootTreeAfter,
+ MoveAwarePermissionValidator(@Nonnull NodeState rootBefore,
+ @Nonnull NodeState rootAfter,
+ @Nonnull TreeTypeProvider typeProvider,
@Nonnull PermissionProvider permissionProvider,
@Nonnull PermissionValidatorProvider provider,
@Nonnull MoveTracker moveTracker) {
- super(rootTreeBefore, rootTreeAfter, permissionProvider, provider);
- moveCtx = new MoveContext(moveTracker, rootTreeBefore, rootTreeAfter);
+ super(rootBefore, rootAfter, typeProvider, permissionProvider, provider);
+ moveCtx = new MoveContext(moveTracker, rootBefore, rootAfter);
}
MoveAwarePermissionValidator(@Nullable ImmutableTree parentBefore,
@@ -112,11 +114,11 @@ public class MoveAwarePermissionValidato
private final ImmutableRoot rootAfter;
private MoveContext(@Nonnull MoveTracker moveTracker,
- @Nonnull ImmutableTree treeBefore,
- @Nonnull ImmutableTree treeAfter) {
+ @Nonnull NodeState before,
+ @Nonnull NodeState after) {
this.moveTracker = moveTracker;
- rootBefore = new ImmutableRoot(treeBefore);
- rootAfter = new ImmutableRoot(treeAfter);
+ rootBefore = new ImmutableRoot(before);
+ rootAfter = new ImmutableRoot(after);
}
private boolean containsMove(Tree parentBefore, Tree parentAfter) {
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionValidator.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionValidator.java?rev=1552379&r1=1552378&r2=1552379&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionValidator.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionValidator.java Thu Dec 19 17:51:05 2013
@@ -17,7 +17,11 @@
package org.apache.jackrabbit.oak.security.authorization.permission;
import static com.google.common.base.Preconditions.checkNotNull;
+import static org.apache.jackrabbit.JcrConstants.JCR_CREATED;
+import static org.apache.jackrabbit.JcrConstants.MIX_REFERENCEABLE;
import static org.apache.jackrabbit.oak.api.CommitFailedException.ACCESS;
+import static org.apache.jackrabbit.oak.plugins.nodetype.NodeTypeConstants.JCR_CREATEDBY;
+import static org.apache.jackrabbit.oak.plugins.nodetype.NodeTypeConstants.MIX_CREATED;
import javax.annotation.CheckForNull;
import javax.annotation.Nonnull;
@@ -29,7 +33,9 @@ import org.apache.jackrabbit.oak.api.Pro
import org.apache.jackrabbit.oak.api.Tree;
import org.apache.jackrabbit.oak.core.AbstractTree;
import org.apache.jackrabbit.oak.core.ImmutableTree;
+import org.apache.jackrabbit.oak.core.TreeTypeProvider;
import org.apache.jackrabbit.oak.plugins.lock.LockConstants;
+import org.apache.jackrabbit.oak.plugins.nodetype.TypePredicate;
import org.apache.jackrabbit.oak.plugins.version.VersionConstants;
import org.apache.jackrabbit.oak.spi.commit.DefaultValidator;
import org.apache.jackrabbit.oak.spi.commit.Validator;
@@ -54,23 +60,31 @@ class PermissionValidator extends Defaul
private final PermissionProvider permissionProvider;
private final PermissionValidatorProvider provider;
+ private final TypePredicate isReferenceable;
+ private final TypePredicate isCreated;
+
private final long permission;
- PermissionValidator(@Nonnull ImmutableTree rootTreeBefore,
- @Nonnull ImmutableTree rootTreeAfter,
+ PermissionValidator(@Nonnull NodeState rootBefore,
+ @Nonnull NodeState rootAfter,
+ @Nonnull TreeTypeProvider typeProvider,
@Nonnull PermissionProvider permissionProvider,
@Nonnull PermissionValidatorProvider provider) {
- this.parentBefore = rootTreeBefore;
- this.parentAfter = rootTreeAfter;
+ this.parentBefore = new ImmutableTree(rootBefore, typeProvider);
+ this.parentAfter = new ImmutableTree(rootAfter, typeProvider);
this.parentPermission = permissionProvider.getTreePermission(parentBefore, TreePermission.EMPTY);
this.permissionProvider = permissionProvider;
this.provider = provider;
+ this.isReferenceable = new TypePredicate(rootAfter, MIX_REFERENCEABLE);
+ this.isCreated = new TypePredicate(rootAfter, MIX_CREATED);
+
permission = Permissions.getPermission(PermissionUtil.getPath(parentBefore, parentAfter), Permissions.NO_PERMISSION);
}
- PermissionValidator(@Nullable ImmutableTree parentBefore,
+ protected PermissionValidator(
+ @Nullable ImmutableTree parentBefore,
@Nullable ImmutableTree parentAfter,
@Nullable TreePermission parentPermission,
@Nonnull PermissionValidator parentValidator) {
@@ -81,6 +95,9 @@ class PermissionValidator extends Defaul
permissionProvider = parentValidator.permissionProvider;
provider = parentValidator.provider;
+ this.isReferenceable = parentValidator.isReferenceable;
+ this.isCreated = parentValidator.isCreated;
+
if (Permissions.NO_PERMISSION == parentValidator.permission) {
this.permission = Permissions.getPermission(PermissionUtil.getPath(parentBefore, parentAfter), Permissions.NO_PERMISSION);
} else {
@@ -245,7 +262,7 @@ class PermissionValidator extends Defaul
return perm;
}
- private long getPermission(@Nonnull Tree parent, @Nonnull PropertyState propertyState, long defaultPermission) {
+ private long getPermission(@Nonnull ImmutableTree parent, @Nonnull PropertyState propertyState, long defaultPermission) {
if (permission != Permissions.NO_PERMISSION) {
return permission;
}
@@ -264,7 +281,7 @@ class PermissionValidator extends Defaul
} else if (JcrConstants.JCR_MIXINTYPES.equals(name)) {
perm = Permissions.NODE_TYPE_MANAGEMENT;
} else if (JcrConstants.JCR_UUID.equals(name)) {
- if (isNodeType(parent, JcrConstants.MIX_REFERENCEABLE)) {
+ if (isReferenceable.apply(parent.getNodeState())) {
// property added or removed: jcr:uuid is autocreated in
// JCR, thus can't determine here if this was a user supplied
// modification or not.
@@ -303,19 +320,16 @@ class PermissionValidator extends Defaul
private boolean isImmutableProperty(String name) {
// TODO: review; cant' rely on autocreated/protected definition as this doesn't reveal if a given property is expected to be never modified after creation
- if (JcrConstants.JCR_UUID.equals(name) && isNodeType(parentAfter, JcrConstants.MIX_REFERENCEABLE)) {
+ if (JcrConstants.JCR_UUID.equals(name) && isReferenceable.apply(parentAfter.getNodeState())) {
return true;
- } else if (("jcr:created".equals(name) || "jcr:createdBy".equals(name)) && isNodeType(parentAfter, "mix:created")) {
+ } else if ((JCR_CREATED.equals(name) || JCR_CREATEDBY.equals(name))
+ && isCreated.apply(parentAfter.getNodeState())) {
return true;
} else {
return false;
}
}
- private boolean isNodeType(Tree parent, String ntName) {
- return provider.getNodeTypeManager().isNodeType(parent, ntName);
- }
-
private boolean isVersionstorageTree(Tree tree) {
return permission == Permissions.VERSION_MANAGEMENT &&
VersionConstants.REP_VERSIONSTORAGE.equals(TreeUtil.getPrimaryTypeName(tree));
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionValidatorProvider.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionValidatorProvider.java?rev=1552379&r1=1552378&r2=1552379&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionValidatorProvider.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionValidatorProvider.java Thu Dec 19 17:51:05 2013
@@ -22,9 +22,8 @@ import java.util.Set;
import javax.annotation.Nonnull;
import org.apache.jackrabbit.oak.core.ImmutableRoot;
-import org.apache.jackrabbit.oak.core.ImmutableTree;
+import org.apache.jackrabbit.oak.core.TreeTypeProvider;
import org.apache.jackrabbit.oak.core.TreeTypeProviderImpl;
-import org.apache.jackrabbit.oak.plugins.nodetype.ReadOnlyNodeTypeManager;
import org.apache.jackrabbit.oak.spi.commit.MoveTracker;
import org.apache.jackrabbit.oak.spi.commit.Validator;
import org.apache.jackrabbit.oak.spi.commit.ValidatorProvider;
@@ -52,7 +51,6 @@ public class PermissionValidatorProvider
private final Set<Principal> principals;
private final MoveTracker moveTracker;
- private ReadOnlyNodeTypeManager ntMgr;
private Context acCtx;
private Context userCtx;
@@ -73,17 +71,15 @@ public class PermissionValidatorProvider
@Nonnull
@Override
public Validator getRootValidator(NodeState before, NodeState after) {
- ntMgr = ReadOnlyNodeTypeManager.getInstance(after);
-
- ImmutableTree treeBefore = createTree(before);
- ImmutableTree treeAfter = createTree(after);
+ TreeTypeProvider tp =
+ new TreeTypeProviderImpl(getAccessControlContext());
PermissionProvider pp = acConfig.getPermissionProvider(
- new ImmutableRoot(treeBefore), workspaceName, principals);
+ new ImmutableRoot(before), workspaceName, principals);
if (moveTracker.isEmpty()) {
- return new PermissionValidator(treeBefore, treeAfter, pp, this);
+ return new PermissionValidator(before, after, tp, pp, this);
} else {
- return new MoveAwarePermissionValidator(treeBefore, treeAfter, pp, this, moveTracker);
+ return new MoveAwarePermissionValidator(before, after, tp, pp, this, moveTracker);
}
}
@@ -104,16 +100,8 @@ public class PermissionValidatorProvider
return userCtx;
}
- ReadOnlyNodeTypeManager getNodeTypeManager() {
- return ntMgr;
- }
-
boolean requiresJr2Permissions(long permission) {
return Permissions.includes(jr2Permissions, permission);
}
- private ImmutableTree createTree(NodeState root) {
- return new ImmutableTree(root, new TreeTypeProviderImpl(getAccessControlContext()));
- }
-
}