Author: angela
Date: Thu Sep 12 15:46:31 2013
New Revision: 1522632
URL: http://svn.apache.org/r1522632
Log:
OAK-51 : Access Control Management
- composite restrictions
Added:
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/restriction/CompositeRestrictionProviderTest.java
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/restriction/TestProvider.java
Modified:
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/restriction/AbstractRestrictionProvider.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/restriction/CompositeRestrictionProvider.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/restriction/RestrictionProvider.java
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/restriction/AbstractRestrictionProviderTest.java
Modified:
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/restriction/AbstractRestrictionProvider.java
URL:
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/restriction/AbstractRestrictionProvider.java?rev=1522632&r1=1522631&r2=1522632&view=diff
==============================================================================
---
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/restriction/AbstractRestrictionProvider.java
(original)
+++
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/restriction/AbstractRestrictionProvider.java
Thu Sep 12 15:46:31 2013
@@ -70,7 +70,7 @@ public abstract class AbstractRestrictio
}
PropertyState propertyState;
if (requiredType.isArray()) {
- propertyState = PropertyStates.createProperty(oakName,
ImmutableList.of(value));
+ propertyState = PropertyStates.createProperty(oakName,
ImmutableList.of(value), tag);
} else {
propertyState = PropertyStates.createProperty(oakName, value);
}
Modified:
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/restriction/CompositeRestrictionProvider.java
URL:
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/restriction/CompositeRestrictionProvider.java?rev=1522632&r1=1522631&r2=1522632&view=diff
==============================================================================
---
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/restriction/CompositeRestrictionProvider.java
(original)
+++
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/restriction/CompositeRestrictionProvider.java
Thu Sep 12 15:46:31 2013
@@ -17,9 +17,13 @@
package org.apache.jackrabbit.oak.spi.security.authorization.restriction;
import java.util.ArrayList;
+import java.util.Arrays;
import java.util.Collection;
+import java.util.Collections;
+import java.util.HashMap;
import java.util.HashSet;
import java.util.List;
+import java.util.Map;
import java.util.Set;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
@@ -30,6 +34,7 @@ import javax.jcr.security.AccessControlE
import com.google.common.collect.ImmutableSet;
import com.google.common.collect.Sets;
import org.apache.jackrabbit.oak.api.Tree;
+import
org.apache.jackrabbit.oak.spi.security.authorization.accesscontrol.AccessControlConstants;
/**
* Aggregates of a collection of {@link RestrictionProvider} implementations
@@ -43,6 +48,10 @@ public class CompositeRestrictionProvide
this.providers = ImmutableSet.copyOf(providers);
}
+ public static RestrictionProvider newInstance(@Nonnull
RestrictionProvider... providers) {
+ return newInstance(Arrays.<RestrictionProvider>asList(providers));
+ }
+
public static RestrictionProvider newInstance(@Nonnull Collection<?
extends RestrictionProvider> providers) {
switch (providers.size()) {
case 0: return EMPTY;
@@ -87,31 +96,31 @@ public class CompositeRestrictionProvide
public void writeRestrictions(String oakPath, Tree aceTree,
Set<Restriction> restrictions) throws RepositoryException {
for (Restriction r : restrictions) {
RestrictionProvider rp = getProvider(oakPath, getName(r));
- rp.writeRestrictions(oakPath, aceTree, restrictions);
+ rp.writeRestrictions(oakPath, aceTree, Collections.singleton(r));
}
}
@Override
public void validateRestrictions(@Nullable String oakPath, @Nonnull Tree
aceTree) throws AccessControlException, RepositoryException {
- Set<RestrictionDefinition> supported =
getSupportedRestrictions(oakPath);
+ Map<String,RestrictionDefinition> supported = getSupported(oakPath);
Set<String> rNames = new HashSet<String>();
for (Restriction r : readRestrictions(oakPath, aceTree)) {
String name = getName(r);
rNames.add(name);
- boolean valid = false;
- for (RestrictionDefinition def : supported) {
- if (name.equals(def.getName())) {
- valid = def.equals(r.getDefinition());
- break;
- }
+ if (!supported.containsKey(name)) {
+ throw new AccessControlException("Unsupported restriction: " +
name + " at " + oakPath);
}
- if (!valid) {
- throw new AccessControlException("Invalid restriction: " + r +
" at " + oakPath);
+ if (!r.getDefinition().equals(supported.get(name))) {
+ throw new AccessControlException("Invalid restriction: " +
name + " at " + oakPath);
}
}
- for (RestrictionDefinition def : supported) {
- if (def.isMandatory() && !rNames.contains(def.getName())) {
- throw new AccessControlException("Mandatory restriction " +
def.getName() + " is missing.");
+ for (RestrictionDefinition def : supported.values()) {
+ String defName = def.getName();
+ if (hasRestrictionProperty(aceTree, defName) &&
!rNames.contains(defName)) {
+ throw new AccessControlException("Invalid restriction " +
defName + " at " + oakPath);
+ }
+ if (def.isMandatory() && !rNames.contains(defName)) {
+ throw new AccessControlException("Mandatory restriction " +
defName + " is missing.");
}
}
}
@@ -145,6 +154,24 @@ public class CompositeRestrictionProvide
throw new AccessControlException("Unsupported restriction (path = " +
oakPath + "; name = " + oakName + ')');
}
+ private Map<String, RestrictionDefinition> getSupported(@Nullable String
oakPath) {
+ Map<String, RestrictionDefinition> supported = new HashMap<String,
RestrictionDefinition>();
+ for (RestrictionProvider rp : providers) {
+ for (RestrictionDefinition rd :
rp.getSupportedRestrictions(oakPath)) {
+ supported.put(rd.getName(), rd);
+ }
+ }
+ return supported;
+ }
+
+ private static boolean hasRestrictionProperty(Tree aceTree, String name) {
+ if (aceTree.hasProperty(name)) {
+ return true;
+ }
+ Tree restrictionTree =
aceTree.getChild(AccessControlConstants.REP_RESTRICTIONS);
+ return restrictionTree.exists() && restrictionTree.hasProperty(name);
+ }
+
private static String getName(Restriction restriction) {
return restriction.getDefinition().getName();
}
Modified:
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/restriction/RestrictionProvider.java
URL:
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/restriction/RestrictionProvider.java?rev=1522632&r1=1522631&r2=1522632&view=diff
==============================================================================
---
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/restriction/RestrictionProvider.java
(original)
+++
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/restriction/RestrictionProvider.java
Thu Sep 12 15:46:31 2013
@@ -95,7 +95,7 @@ public interface RestrictionProvider {
/**
* Writes the given restrictions to the specified ACE tree. Note, that this
- * method does not validate the specified restrictions (see also
+ * method does not need to validate the specified restrictions (see also
* {@link #validateRestrictions(String,
org.apache.jackrabbit.oak.api.Tree)}).
*
* @param oakPath The path of the access controlled tree or {@code null} if
Modified:
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/restriction/AbstractRestrictionProviderTest.java
URL:
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/restriction/AbstractRestrictionProviderTest.java?rev=1522632&r1=1522631&r2=1522632&view=diff
==============================================================================
---
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/restriction/AbstractRestrictionProviderTest.java
(original)
+++
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/restriction/AbstractRestrictionProviderTest.java
Thu Sep 12 15:46:31 2013
@@ -19,8 +19,6 @@ package org.apache.jackrabbit.oak.spi.se
import java.util.List;
import java.util.Map;
import java.util.Set;
-import javax.annotation.Nonnull;
-import javax.annotation.Nullable;
import javax.jcr.PropertyType;
import javax.jcr.Value;
import javax.jcr.ValueFactory;
@@ -57,6 +55,7 @@ public class AbstractRestrictionProvider
private Value nameValue;
private ValueFactory valueFactory;
+ private Map<String, ? extends RestrictionDefinition> supported;
private AbstractRestrictionProvider restrictionProvider;
@Before
@@ -72,7 +71,11 @@ public class AbstractRestrictionProvider
valueFactory.createValue("nt:file", PropertyType.NAME)
};
- restrictionProvider = new TestProvider();
+ RestrictionDefinition glob = new RestrictionDefinitionImpl(REP_GLOB,
Type.STRING, false);
+ RestrictionDefinition nts = new
RestrictionDefinitionImpl(REP_NT_NAMES, Type.NAMES, false);
+ RestrictionDefinition mand = new
RestrictionDefinitionImpl("mandatory", Type.BOOLEAN, true);
+ supported = ImmutableMap.of(glob.getName(), glob, nts.getName(), nts,
mand.getName(), mand);
+ restrictionProvider = new TestProvider(supported);
}
@After
@@ -98,8 +101,8 @@ public class AbstractRestrictionProvider
public void testGetSupportedRestrictions() throws Exception {
Set<RestrictionDefinition> defs =
restrictionProvider.getSupportedRestrictions(testPath);
assertNotNull(defs);
- assertEquals(TestProvider.supportedRestrictions().size(), defs.size());
- for (RestrictionDefinition def :
TestProvider.supportedRestrictions().values()) {
+ assertEquals(supported.size(), defs.size());
+ for (RestrictionDefinition def : supported.values()) {
assertTrue(defs.contains(def));
}
}
@@ -365,24 +368,4 @@ public class AbstractRestrictionProvider
restrictionProvider.validateRestrictions(testPath, getAceTree(mand,
ntNames));
restrictionProvider.validateRestrictions(testPath, getAceTree(mand,
glob, ntNames));
}
-
- private static final class TestProvider extends
AbstractRestrictionProvider {
-
- private TestProvider() {
- super(supportedRestrictions());
- }
-
- private static Map<String, RestrictionDefinition>
supportedRestrictions() {
- RestrictionDefinition glob = new
RestrictionDefinitionImpl(REP_GLOB, Type.STRING, false);
- RestrictionDefinition nts = new
RestrictionDefinitionImpl(REP_NT_NAMES, Type.NAMES, false);
- RestrictionDefinition mand = new
RestrictionDefinitionImpl("mandatory", Type.BOOLEAN, true);
- return ImmutableMap.of(glob.getName(), glob, nts.getName(), nts,
mand.getName(), mand);
- }
-
- @Nonnull
- @Override
- public RestrictionPattern getPattern(@Nullable String oakPath,
@Nonnull Tree tree) {
- throw new UnsupportedOperationException();
- }
- }
}
\ No newline at end of file
Added:
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/restriction/CompositeRestrictionProviderTest.java
URL:
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/restriction/CompositeRestrictionProviderTest.java?rev=1522632&view=auto
==============================================================================
---
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/restriction/CompositeRestrictionProviderTest.java
(added)
+++
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/restriction/CompositeRestrictionProviderTest.java
Thu Sep 12 15:46:31 2013
@@ -0,0 +1,282 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.oak.spi.security.authorization.restriction;
+
+import java.util.Collections;
+import java.util.Map;
+import java.util.Set;
+import javax.jcr.PropertyType;
+import javax.jcr.RepositoryException;
+import javax.jcr.Value;
+import javax.jcr.ValueFactory;
+import javax.jcr.security.AccessControlException;
+
+import com.google.common.collect.ImmutableMap;
+import com.google.common.collect.ImmutableSet;
+import org.apache.jackrabbit.oak.AbstractSecurityTest;
+import org.apache.jackrabbit.oak.api.Type;
+import org.apache.jackrabbit.oak.plugins.memory.PropertyStates;
+import
org.apache.jackrabbit.oak.security.authorization.restriction.RestrictionProviderImpl;
+import
org.apache.jackrabbit.oak.spi.security.authorization.accesscontrol.AccessControlConstants;
+import org.apache.jackrabbit.oak.util.NodeUtil;
+import org.junit.After;
+import org.junit.Before;
+import org.junit.Test;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertFalse;
+import static org.junit.Assert.assertSame;
+import static org.junit.Assert.assertTrue;
+import static org.junit.Assert.fail;
+
+public class CompositeRestrictionProviderTest extends AbstractSecurityTest
implements AccessControlConstants {
+
+ private RestrictionProvider rp1 = new TestProvider(ImmutableMap.<String,
RestrictionDefinition>of(
+ REP_GLOB, new RestrictionDefinitionImpl(REP_GLOB, Type.STRING,
false),
+ REP_NT_NAMES, new RestrictionDefinitionImpl(REP_NT_NAMES,
Type.NAMES, false)
+ ));
+ private RestrictionProvider rp2 = new TestProvider(ImmutableMap.of(
+ "boolean", new RestrictionDefinitionImpl("boolean", Type.BOOLEAN,
true),
+ "longs", new RestrictionDefinitionImpl("longs", Type.LONGS, false)
+ ));
+ private Set<String> supported = ImmutableSet.of("boolean", "longs",
REP_NT_NAMES, REP_GLOB);
+ private RestrictionProvider provider =
CompositeRestrictionProvider.newInstance(rp1, rp2);
+
+ private ValueFactory vf;
+
+ @Override
+ @Before
+ public void before() throws Exception {
+ super.before();
+ vf = getValueFactory();
+ }
+
+ @Override
+ @After
+ public void after() throws Exception {
+ try {
+ root.refresh();
+ } finally {
+ super.after();
+ }
+ }
+
+ @Test
+ public void testEmpty() {
+ assertSame(RestrictionProvider.EMPTY,
CompositeRestrictionProvider.newInstance(Collections.<RestrictionProvider>emptySet()));
+ }
+
+ @Test
+ public void testSingle() {
+ RestrictionProvider rp = new RestrictionProviderImpl();
+ assertSame(rp,
CompositeRestrictionProvider.newInstance(Collections.singleton(rp)));
+ }
+
+ @Test
+ public void testNewInstance() {
+ RestrictionProvider crp =
CompositeRestrictionProvider.newInstance(ImmutableSet.of(rp1, rp2));
+ RestrictionProvider crp2 =
CompositeRestrictionProvider.newInstance(rp1, rp2);
+
+ assertEquals(crp.getSupportedRestrictions("/testPath"),
crp2.getSupportedRestrictions("/testPath"));
+
+ }
+
+ @Test
+ public void testGetSupportedRestrictions() {
+ String[] paths = new String[] {null, "/testPath"};
+ for (String path : paths) {
+ Set<RestrictionDefinition> defs =
provider.getSupportedRestrictions(path);
+ int expectedSize = rp1.getSupportedRestrictions(path).size() +
rp2.getSupportedRestrictions(path).size();
+ assertEquals(expectedSize, defs.size());
+ assertTrue(defs.containsAll(rp1.getSupportedRestrictions(path)));
+ assertTrue(defs.containsAll(rp2.getSupportedRestrictions(path)));
+ }
+ }
+
+ @Test
+ public void testCreateRestriction() throws Exception {
+ Map<String, Value> valid = ImmutableMap.of(
+ "boolean", vf.createValue(true),
+ "longs", vf.createValue(10),
+ REP_GLOB, vf.createValue("*")
+ );
+ for (String name : valid.keySet()) {
+ provider.createRestriction("/testPath", name, valid.get(name));
+ }
+ }
+
+ @Test
+ public void testCreateRestrictionWithInvalidPath() throws Exception {
+ try {
+ provider.createRestriction(null, REP_GLOB, vf.createValue("*"));
+ fail("rep:glob not supported at 'null' path");
+ } catch (AccessControlException e) {
+ // success
+ }
+ }
+
+ @Test
+ public void testCreateInvalidRestriction() throws Exception {
+ Map<String, Value> invalid = ImmutableMap.of(
+ "boolean", vf.createValue("wrong_type"),
+ REP_GLOB, vf.createValue(true)
+ );
+ for (String name : invalid.keySet()) {
+ try {
+ provider.createRestriction("/testPath", name,
invalid.get(name));
+ fail("invalid restriction " + name);
+ } catch (AccessControlException e) {
+ // success
+ }
+ }
+ }
+
+ @Test
+ public void testMvCreateRestriction() throws RepositoryException {
+ Map<String, Value[]> valid = ImmutableMap.of(
+ "longs", new Value[] {vf.createValue(100)},
+ REP_NT_NAMES, new Value[] {vf.createValue("nt:base",
PropertyType.NAME), vf.createValue("nt:unstructured", PropertyType.NAME)}
+ );
+ for (String name : valid.keySet()) {
+ provider.createRestriction("/testPath", name, valid.get(name));
+ }
+ }
+
+ @Test
+ public void testCreateMvRestrictionWithInvalidPath() throws Exception {
+ try {
+ provider.createRestriction(null, REP_NT_NAMES, new Value[]
{vf.createValue("nt:base", PropertyType.NAME)});
+ fail("rep:glob not supported at 'null' path");
+ } catch (AccessControlException e) {
+ // success
+ }
+ }
+
+ @Test
+ public void testCreateInvalidMvRestriction() throws Exception {
+ Map<String, Value[]> invalid = ImmutableMap.of(
+ "boolean", new Value[] {vf.createValue(true),
vf.createValue(false)},
+ "longs", new Value[] {vf.createValue("wrong_type")},
+ REP_NT_NAMES, new Value[] {vf.createValue(true)}
+ );
+ for (String name : invalid.keySet()) {
+ try {
+ provider.createRestriction("/testPath", name,
invalid.get(name));
+ fail("invalid restriction " + name);
+ } catch (AccessControlException e) {
+ // success
+ }
+ }
+ }
+
+ @Test
+ public void testReadRestrictions() throws Exception {
+ NodeUtil aceNode = new NodeUtil(root.getTree("/")).addChild("test",
NT_REP_GRANT_ACE);
+ aceNode.setBoolean("boolean", true);
+ aceNode.setValues("longs", new Value[] {vf.createValue(10),
vf.createValue(290)});
+ aceNode.setString(REP_GLOB, "*");
+ aceNode.setNames(REP_NT_NAMES); // empty array
+ aceNode.setString("invalid", "val");
+ aceNode.setStrings("invalid2", "val1", "val2", "val3");
+
+ Set<Restriction> restrictions = provider.readRestrictions("/test",
aceNode.getTree());
+ assertEquals(4, restrictions.size());
+ for (Restriction r : restrictions) {
+ String name = r.getDefinition().getName();
+ if (!supported.contains(name)) {
+ fail("read unsupported restriction");
+ }
+ }
+ }
+
+ @Test
+ public void testWriteRestrictions() throws Exception {
+ NodeUtil aceNode = new NodeUtil(root.getTree("/")).addChild("test",
NT_REP_GRANT_ACE);
+ Set<Restriction> restrictions = ImmutableSet.of(
+ provider.createRestriction("/test","boolean",
vf.createValue(true)),
+ provider.createRestriction("/test", "longs"),
+ provider.createRestriction("/test", REP_GLOB,
vf.createValue("*")),
+ provider.createRestriction("/test", REP_NT_NAMES,
vf.createValue("nt:base", PropertyType.NAME), vf.createValue("nt:version",
PropertyType.NAME)));
+ provider.writeRestrictions("/test", aceNode.getTree(), restrictions);
+ }
+
+ @Test
+ public void testWriteUnsupportedRestrictions() throws Exception {
+ NodeUtil aceNode = new NodeUtil(root.getTree("/")).addChild("test",
NT_REP_GRANT_ACE);
+ Restriction invalid = new
RestrictionImpl(PropertyStates.createProperty("invalid", vf.createValue(true)),
false);
+ try {
+ provider.writeRestrictions("/test", aceNode.getTree(),
ImmutableSet.<Restriction>of(invalid));
+ fail("AccessControlException expected");
+ } catch (AccessControlException e) {
+ // success
+ }
+ }
+
+ @Test
+ public void testValidateRestrictions() throws Exception {
+ NodeUtil aceNode = new NodeUtil(root.getTree("/")).addChild("test",
NT_REP_GRANT_ACE);
+ NodeUtil rNode = aceNode.addChild(REP_RESTRICTIONS,
NT_REP_RESTRICTIONS);
+ rNode.setBoolean("boolean", true);
+ rNode.setValues("longs", new Value[] {vf.createValue(10),
vf.createValue(290)});
+ rNode.setString(REP_GLOB, "*");
+ rNode.setNames(REP_NT_NAMES); // empty array
+
+ provider.validateRestrictions("/test", aceNode.getTree());
+
+ // remove mandatory restriction
+ rNode.removeProperty("boolean");
+ try {
+ provider.validateRestrictions("/test", aceNode.getTree());
+ fail("validation should detect missing mandatory restrictions");
+ } catch (AccessControlException e) {
+ // success
+ }
+
+ // set with wrong type
+ rNode.setName("boolean", "nt:base");
+ try {
+ provider.validateRestrictions("/test", aceNode.getTree());
+ fail("validation should detect wrong restriction type");
+ } catch (AccessControlException e) {
+ // success
+ } finally {
+ rNode.setBoolean("boolean", true);
+ }
+
+ rNode.setStrings(REP_GLOB, "*", "/jcr:content");
+ try {
+ provider.validateRestrictions("/test", aceNode.getTree());
+ fail("validation should detect wrong restriction type (multi vs
single valued)");
+ } catch (AccessControlException e) {
+ // success
+ }
+ }
+
+ @Test
+ public void testGetRestrictionPattern() throws Exception {
+ NodeUtil aceNode = new NodeUtil(root.getTree("/")).addChild("test",
NT_REP_GRANT_ACE);
+ NodeUtil rNode = aceNode.addChild(REP_RESTRICTIONS,
NT_REP_RESTRICTIONS);
+ rNode.setString(REP_GLOB, "*");
+
+ assertFalse(provider.getPattern("/test", aceNode.getTree()) instanceof
CompositePattern);
+
+ rNode.setBoolean("boolean", true);
+ rNode.setValues("longs", new Value[]{vf.createValue(10),
vf.createValue(290)});
+
+ assertTrue(provider.getPattern("/test", rNode.getTree()) instanceof
CompositePattern);
+ }
+}
\ No newline at end of file
Added:
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/restriction/TestProvider.java
URL:
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/restriction/TestProvider.java?rev=1522632&view=auto
==============================================================================
---
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/restriction/TestProvider.java
(added)
+++
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/restriction/TestProvider.java
Thu Sep 12 15:46:31 2013
@@ -0,0 +1,65 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.oak.spi.security.authorization.restriction;
+
+import java.util.Map;
+import javax.annotation.Nonnull;
+import javax.annotation.Nullable;
+
+import org.apache.jackrabbit.oak.api.PropertyState;
+import org.apache.jackrabbit.oak.api.Tree;
+
+/**
+ * RestrictionProvider for tests.
+ */
+final class TestProvider extends AbstractRestrictionProvider {
+
+ TestProvider(Map<String, ? extends RestrictionDefinition>
supportedRestrictions) {
+ super(supportedRestrictions);
+ }
+
+ @Nonnull
+ @Override
+ public RestrictionPattern getPattern(@Nullable String oakPath, @Nonnull
Tree tree) {
+ boolean hasRestriction = false;
+ for (RestrictionDefinition rd : getSupportedRestrictions(oakPath)) {
+ if (tree.hasProperty(rd.getName())) {
+ hasRestriction = true;
+ break;
+ }
+ }
+ return (hasRestriction) ? new MatchingPattern() :
RestrictionPattern.EMPTY;
+ }
+
+ private static final class MatchingPattern implements RestrictionPattern {
+
+ @Override
+ public boolean matches(@Nonnull Tree tree, @Nullable PropertyState
property) {
+ return true;
+ }
+
+ @Override
+ public boolean matches(@Nonnull String path) {
+ return true;
+ }
+
+ @Override
+ public boolean matches() {
+ return true;
+ }
+ }
+}
\ No newline at end of file
