Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionValidator.java URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionValidator.java?rev=1532771&r1=1532770&r2=1532771&view=diff ============================================================================== --- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionValidator.java (original) +++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionValidator.java Wed Oct 16 14:00:51 2013 @@ -32,6 +32,7 @@ import org.apache.jackrabbit.oak.spi.com import org.apache.jackrabbit.oak.spi.commit.VisibleValidator; import org.apache.jackrabbit.oak.spi.security.authorization.permission.PermissionProvider; import org.apache.jackrabbit.oak.spi.security.authorization.permission.Permissions; +import org.apache.jackrabbit.oak.spi.security.authorization.permission.TreePermission; import org.apache.jackrabbit.oak.spi.state.NodeState; import org.apache.jackrabbit.oak.spi.state.NodeStateUtils; import org.apache.jackrabbit.oak.util.ChildOrderDiff; @@ -48,6 +49,7 @@ class PermissionValidator extends Defaul private final Tree parentBefore; private final Tree parentAfter; + private final TreePermission parentPermission; private final PermissionProvider permissionProvider; private final PermissionValidatorProvider provider; @@ -56,10 +58,13 @@ class PermissionValidator extends Defaul PermissionValidator(Tree parentBefore, Tree parentAfter, PermissionProvider permissionProvider, PermissionValidatorProvider provider) { - this(parentBefore, parentAfter, permissionProvider, provider, Permissions.NO_PERMISSION); + this(parentBefore, parentAfter, + permissionProvider.getTreePermission(parentBefore, TreePermission.EMPTY), + permissionProvider, provider, Permissions.NO_PERMISSION); } - PermissionValidator(Tree parentBefore, Tree parentAfter, + private PermissionValidator(Tree parentBefore, Tree parentAfter, + @Nullable TreePermission parentPermission, PermissionProvider permissionProvider, PermissionValidatorProvider provider, long permission) { @@ -67,6 +72,7 @@ class PermissionValidator extends Defaul this.provider = provider; this.parentBefore = parentBefore; this.parentAfter = parentAfter; + this.parentPermission = parentPermission; if (Permissions.NO_PERMISSION == permission) { this.permission = Permissions.getPermission(getPath(parentBefore, parentAfter), Permissions.NO_PERMISSION); } else { @@ -116,7 +122,7 @@ class PermissionValidator extends Defaul public Validator childNodeChanged(String name, NodeState before, NodeState after) throws CommitFailedException { Tree childBefore = parentBefore.getChild(name); Tree childAfter = parentAfter.getChild(name); - return nextValidator(childBefore, childAfter); + return nextValidator(childBefore, childAfter, permissionProvider.getTreePermission(childBefore, parentPermission)); } @Override @@ -130,8 +136,8 @@ class PermissionValidator extends Defaul } //------------------------------------------------------------< private >--- - private Validator nextValidator(@Nullable Tree parentBefore, @Nullable Tree parentAfter) { - Validator validator = new PermissionValidator(parentBefore, parentAfter, permissionProvider, provider, permission); + private Validator nextValidator(@Nullable Tree parentBefore, @Nullable Tree parentAfter, @Nonnull TreePermission treePermission) { + Validator validator = new PermissionValidator(parentBefore, parentAfter, treePermission, permissionProvider, provider, permission); return new VisibleValidator(validator, true, false); } @@ -139,20 +145,21 @@ class PermissionValidator extends Defaul long defaultPermission) throws CommitFailedException { long toTest = getPermission(tree, defaultPermission); if (Permissions.isRepositoryPermission(toTest)) { - if (!permissionProvider.isGranted(toTest)) { + if (!permissionProvider.getRepositoryPermission().isGranted(toTest)) { throw new CommitFailedException(ACCESS, 0, "Access denied"); } return null; // no need for further validation down the subtree } else { - if (!permissionProvider.isGranted(tree, null, toTest)) { + TreePermission tp = permissionProvider.getTreePermission(tree, parentPermission); + if (!tp.isGranted(toTest)) { throw new CommitFailedException(ACCESS, 0, "Access denied"); } if (noTraverse(toTest, defaultPermission)) { return null; } else { return (isBefore) ? - nextValidator(tree, null) : - nextValidator(null, tree); + nextValidator(tree, null, tp) : + nextValidator(null, tree, tp); } } } @@ -166,10 +173,10 @@ class PermissionValidator extends Defaul } long toTest = getPermission(parent, property, defaultPermission); if (Permissions.isRepositoryPermission(toTest)) { - if (!permissionProvider.isGranted(toTest)) { + if (!permissionProvider.getRepositoryPermission().isGranted(toTest)) { throw new CommitFailedException(ACCESS, 0, "Access denied"); } - } else if (!permissionProvider.isGranted(parent, property, toTest)) { + } else if (!parentPermission.isGranted(toTest, property)) { throw new CommitFailedException(ACCESS, 0, "Access denied"); } }
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/permission/OpenPermissionProvider.java URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/permission/OpenPermissionProvider.java?rev=1532771&r1=1532770&r2=1532771&view=diff ============================================================================== --- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/permission/OpenPermissionProvider.java (original) +++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/permission/OpenPermissionProvider.java Wed Oct 16 14:00:51 2013 @@ -56,13 +56,13 @@ public final class OpenPermissionProvide } @Override - public ReadStatus getReadStatus(@Nonnull Tree tree, PropertyState property) { - return ReadStatus.ALLOW_ALL; + public RepositoryPermission getRepositoryPermission() { + return RepositoryPermission.ALL; } @Override - public boolean isGranted(long repositoryPermissions) { - return true; + public TreePermission getTreePermission(@Nonnull Tree tree, @Nonnull TreePermission parentPermission) { + return TreePermission.ALL; } @Override Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/permission/PermissionProvider.java URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/permission/PermissionProvider.java?rev=1532771&r1=1532770&r2=1532771&view=diff ============================================================================== --- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/permission/PermissionProvider.java (original) +++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/permission/PermissionProvider.java Wed Oct 16 14:00:51 2013 @@ -49,30 +49,9 @@ public interface PermissionProvider { */ boolean hasPrivileges(@Nullable Tree tree, String... privilegeNames); - /** - * - * @param tree - * @param property - * @return - */ - ReadStatus getReadStatus(@Nonnull Tree tree, @Nullable PropertyState property); + RepositoryPermission getRepositoryPermission(); - /** - * Returns {@code true} if the specified repository level permissions are - * {@code granted}; false otherwise. - * - * @param repositoryPermissions Any valid repository level permission such as - * for example: - * <ul> - * <li>{@link Permissions#NAMESPACE_MANAGEMENT}</li> - * <li>{@link Permissions#NODE_TYPE_DEFINITION_MANAGEMENT}</li> - * <li>{@link Permissions#PRIVILEGE_MANAGEMENT}</li> - * <li>{@link Permissions#WORKSPACE_MANAGEMENT}</li> - * </ul> - * @return {@code true} if the specified repository level permissions are - * {@code granted}; false otherwise. - */ - boolean isGranted(long repositoryPermissions); + TreePermission getTreePermission(@Nonnull Tree tree, @Nonnull TreePermission parentPermission); /** * Added: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/permission/RepositoryPermission.java URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/permission/RepositoryPermission.java?rev=1532771&view=auto ============================================================================== --- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/permission/RepositoryPermission.java (added) +++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/permission/RepositoryPermission.java Wed Oct 16 14:00:51 2013 @@ -0,0 +1,54 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.jackrabbit.oak.spi.security.authorization.permission; + +/** + * RepositoryPermission... TODO + */ +public interface RepositoryPermission { + + /** + * Returns {@code true} if the specified repository level permissions are + * {@code granted}; false otherwise. + * + * @param repositoryPermissions Any valid repository level permission such as + * for example: + * <ul> + * <li>{@link Permissions#NAMESPACE_MANAGEMENT}</li> + * <li>{@link Permissions#NODE_TYPE_DEFINITION_MANAGEMENT}</li> + * <li>{@link Permissions#PRIVILEGE_MANAGEMENT}</li> + * <li>{@link Permissions#WORKSPACE_MANAGEMENT}</li> + * </ul> + * @return {@code true} if the specified repository level permissions are + * {@code granted}; false otherwise. + */ + boolean isGranted(long repositoryPermissions); + + RepositoryPermission EMPTY = new RepositoryPermission() { + @Override + public boolean isGranted(long repositoryPermissions) { + return false; + } + }; + + RepositoryPermission ALL = new RepositoryPermission() { + @Override + public boolean isGranted(long repositoryPermissions) { + return true; + } + }; +} \ No newline at end of file Added: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/permission/TreePermission.java URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/permission/TreePermission.java?rev=1532771&view=auto ============================================================================== --- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/permission/TreePermission.java (added) +++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/permission/TreePermission.java Wed Oct 16 14:00:51 2013 @@ -0,0 +1,104 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.jackrabbit.oak.spi.security.authorization.permission; + +import javax.annotation.Nonnull; +import javax.annotation.Nullable; + +import org.apache.jackrabbit.oak.api.PropertyState; + +/** + * TreePermission... TODO + */ +public interface TreePermission { + + boolean canRead(); + + boolean canRead(@Nonnull PropertyState property); + + boolean canReadAll(); + + boolean canReadProperties(); + + boolean isGranted(long permissions); + + boolean isGranted(long permissions, @Nonnull PropertyState property); + + TreePermission EMPTY = new TreePermission() { + @Override + public boolean canRead() { + return false; + } + + @Override + public boolean canRead(@Nonnull PropertyState property) { + return false; + } + + @Override + public boolean canReadAll() { + return false; + } + + @Override + public boolean canReadProperties() { + return false; + } + + @Override + public boolean isGranted(long permissions) { + return false; + } + + @Override + public boolean isGranted(long permissions, @Nullable PropertyState property) { + return false; + } + }; + + TreePermission ALL = new TreePermission() { + @Override + public boolean canRead() { + return true; + } + + @Override + public boolean canRead(@Nonnull PropertyState property) { + return true; + } + + @Override + public boolean canReadAll() { + return true; + } + + @Override + public boolean canReadProperties() { + return true; + } + + @Override + public boolean isGranted(long permissions) { + return true; + } + + @Override + public boolean isGranted(long permissions, @Nullable PropertyState property) { + return true; + } + }; +} \ No newline at end of file Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/privilege/PrivilegeBits.java URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/privilege/PrivilegeBits.java?rev=1532771&r1=1532770&r2=1532771&view=diff ============================================================================== --- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/privilege/PrivilegeBits.java (original) +++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/privilege/PrivilegeBits.java Wed Oct 16 14:00:51 2013 @@ -359,22 +359,6 @@ public final class PrivilegeBits impleme } /** - * Returns {@code true} if this instance includes the jcr:read - * privilege. Shortcut for calling {@link PrivilegeBits#includes(PrivilegeBits)} - * where the other bits represented the jcr:read privilege. - * - * @return {@code true} if this instance includes the jcr:read - * privilege; {@code false} otherwise. - */ - public boolean includesRead(long readPermission) { - if (this == EMPTY) { - return false; - } else { - return d.includes(readPermission); - } - } - - /** * Adds the other privilege bits to this instance. * * @param other The other privilege bits to be added. Modified: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/permission/AllPermissionsTest.java URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/permission/AllPermissionsTest.java?rev=1532771&r1=1532770&r2=1532771&view=diff ============================================================================== --- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/permission/AllPermissionsTest.java (original) +++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/permission/AllPermissionsTest.java Wed Oct 16 14:00:51 2013 @@ -25,7 +25,8 @@ import org.apache.jackrabbit.oak.api.Tre import org.apache.jackrabbit.oak.plugins.nodetype.NodeTypeConstants; import org.apache.jackrabbit.oak.plugins.version.VersionConstants; import org.apache.jackrabbit.oak.spi.security.authorization.permission.Permissions; -import org.apache.jackrabbit.oak.spi.security.authorization.permission.ReadStatus; +import org.apache.jackrabbit.oak.spi.security.authorization.permission.RepositoryPermission; +import org.apache.jackrabbit.oak.spi.security.authorization.permission.TreePermission; import org.junit.Before; import org.junit.Test; @@ -53,25 +54,25 @@ public class AllPermissionsTest extends } @Test - public void testGetReadStatus() { + public void testGetRepositoryPermission() { + assertSame(RepositoryPermission.ALL, all.getRepositoryPermission()); + } + + @Test + public void testGetTreePermission() { for (String path : paths) { Tree tree = root.getTree(path); assertTrue(tree.exists()); - assertSame(ReadStatus.ALLOW_ALL, all.getReadStatus(tree, null)); + assertSame(TreePermission.ALL, all.getTreePermission(tree, TreePermission.EMPTY)); for (Tree child : tree.getChildren()) { - assertSame(ReadStatus.ALLOW_ALL, all.getReadStatus(child, null)); - } - for (PropertyState ps : tree.getProperties()) { - assertSame(ReadStatus.ALLOW_ALL, all.getReadStatus(tree, ps)); + assertSame(TreePermission.ALL, all.getTreePermission(child, TreePermission.EMPTY)); } } } @Test public void testIsGranted() { - assertTrue(all.isGranted(Permissions.ALL)); - for (String path : paths) { Tree tree = root.getTree(path); assertTrue(tree.exists()); Modified: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionProviderImplTest.java URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionProviderImplTest.java?rev=1532771&r1=1532770&r2=1532771&view=diff ============================================================================== --- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionProviderImplTest.java (original) +++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionProviderImplTest.java Wed Oct 16 14:00:51 2013 @@ -16,6 +16,7 @@ */ package org.apache.jackrabbit.oak.security.authorization.permission; +import java.util.Collections; import java.util.HashMap; import java.util.Map; @@ -26,6 +27,7 @@ import org.apache.jackrabbit.api.securit import org.apache.jackrabbit.oak.AbstractSecurityTest; import org.apache.jackrabbit.oak.api.ContentSession; import org.apache.jackrabbit.oak.api.Root; +import org.apache.jackrabbit.oak.api.Tree; import org.apache.jackrabbit.oak.core.ImmutableRoot; import org.apache.jackrabbit.oak.core.TreeTypeProvider; import org.apache.jackrabbit.oak.plugins.name.NamespaceConstants; @@ -35,11 +37,14 @@ import org.apache.jackrabbit.oak.spi.sec import org.apache.jackrabbit.oak.spi.security.authorization.accesscontrol.AccessControlConstants; import org.apache.jackrabbit.oak.spi.security.authorization.permission.PermissionConstants; import org.apache.jackrabbit.oak.spi.security.authorization.permission.PermissionProvider; -import org.apache.jackrabbit.oak.spi.security.authorization.permission.ReadStatus; +import org.apache.jackrabbit.oak.spi.security.authorization.permission.Permissions; +import org.apache.jackrabbit.oak.spi.security.authorization.permission.RepositoryPermission; +import org.apache.jackrabbit.oak.spi.security.authorization.permission.TreePermission; import org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeConstants; import org.apache.jackrabbit.oak.util.NodeUtil; import org.junit.Test; +import static org.junit.Assert.assertEquals; import static org.junit.Assert.assertFalse; import static org.junit.Assert.assertSame; import static org.junit.Assert.assertTrue; @@ -97,17 +102,80 @@ public class PermissionProviderImplTest ContentSession testSession = createTestSession(); try { Root r = testSession.getLatestRoot(); - Root immutableRoot = new ImmutableRoot(r, TreeTypeProvider.EMPTY); + PermissionProvider pp = new PermissionProviderImpl(testSession.getLatestRoot(), testSession.getAuthInfo().getPrincipals(), getSecurityProvider()); + + Tree tree = r.getTree("/"); + assertFalse(tree.exists()); + assertFalse(pp.getTreePermission(tree, TreePermission.EMPTY).canRead()); + + for (String path : READ_PATHS) { + tree = r.getTree(path); + assertTrue(tree.exists()); + assertTrue(pp.getTreePermission(tree, TreePermission.EMPTY).canRead()); + } + } finally { + testSession.close(); + } + } + @Test + public void testIsGrantedForReadPaths() throws Exception { + ContentSession testSession = createTestSession(); + try { PermissionProvider pp = new PermissionProviderImpl(testSession.getLatestRoot(), testSession.getAuthInfo().getPrincipals(), getSecurityProvider()); + for (String path : READ_PATHS) { + assertTrue(pp.isGranted(path, Permissions.getString(Permissions.READ))); + assertTrue(pp.isGranted(path, Permissions.getString(Permissions.READ_NODE))); + assertTrue(pp.isGranted(path + '/' + JcrConstants.JCR_PRIMARYTYPE, Permissions.getString(Permissions.READ_PROPERTY))); + assertFalse(pp.isGranted(path, Permissions.getString(Permissions.READ_ACCESS_CONTROL))); + } - assertFalse(r.getTree("/").exists()); - assertSame(ReadStatus.DENY_THIS, pp.getReadStatus(immutableRoot.getTree("/"), null)); + for (String path : READ_PATHS) { + Tree tree = root.getTree(path); + assertTrue(pp.isGranted(tree, null, Permissions.READ)); + assertTrue(pp.isGranted(tree, null, Permissions.READ_NODE)); + assertTrue(pp.isGranted(tree, tree.getProperty(JcrConstants.JCR_PRIMARYTYPE), Permissions.READ_PROPERTY)); + assertFalse(pp.isGranted(tree, null, Permissions.READ_ACCESS_CONTROL)); + } + RepositoryPermission rp = pp.getRepositoryPermission(); + assertFalse(rp.isGranted(Permissions.READ)); + assertFalse(rp.isGranted(Permissions.READ_NODE)); + assertFalse(rp.isGranted(Permissions.READ_PROPERTY)); + assertFalse(rp.isGranted(Permissions.READ_ACCESS_CONTROL)); + } finally { + testSession.close(); + } + } + + @Test + public void testGetPrivilegesForReadPaths() throws Exception { + ContentSession testSession = createTestSession(); + try { + PermissionProvider pp = new PermissionProviderImpl(testSession.getLatestRoot(), testSession.getAuthInfo().getPrincipals(), getSecurityProvider()); + for (String path : READ_PATHS) { + Tree tree = root.getTree(path); + assertEquals(Collections.singleton(PrivilegeConstants.JCR_READ), pp.getPrivileges(tree)); + } + assertEquals(Collections.<String>emptySet(), pp.getPrivileges(null)); + } finally { + testSession.close(); + } + } + + @Test + public void testHasPrivilegesForReadPaths() throws Exception { + ContentSession testSession = createTestSession(); + try { + PermissionProvider pp = new PermissionProviderImpl(testSession.getLatestRoot(), testSession.getAuthInfo().getPrincipals(), getSecurityProvider()); for (String path : READ_PATHS) { - assertTrue(r.getTree(path).exists()); - assertSame(ReadStatus.ALLOW_ALL_REGULAR, pp.getReadStatus(immutableRoot.getTree(path), null)); + Tree tree = root.getTree(path); + assertTrue(pp.hasPrivileges(tree, PrivilegeConstants.JCR_READ)); + assertTrue(pp.hasPrivileges(tree, PrivilegeConstants.REP_READ_NODES)); + assertTrue(pp.hasPrivileges(tree, PrivilegeConstants.REP_READ_PROPERTIES)); + assertFalse(pp.hasPrivileges(tree, PrivilegeConstants.JCR_READ_ACCESS_CONTROL)); } + assertFalse(pp.hasPrivileges(null, PrivilegeConstants.JCR_READ)); } finally { testSession.close(); } @@ -126,11 +194,13 @@ public class PermissionProviderImplTest PermissionProvider pp = new PermissionProviderImpl(testSession.getLatestRoot(), testSession.getAuthInfo().getPrincipals(), getSecurityProvider()); assertTrue(r.getTree("/").exists()); - assertSame(ReadStatus.ALLOW_ALL, pp.getReadStatus(immutableRoot.getTree("/"), null)); + TreePermission tp = pp.getTreePermission(immutableRoot.getTree("/"), TreePermission.EMPTY); + assertSame(TreePermission.ALL, tp); for (String path : READ_PATHS) { - assertTrue(r.getTree(path).exists()); - assertSame(ReadStatus.ALLOW_ALL, pp.getReadStatus(immutableRoot.getTree(path), null)); + Tree tree = r.getTree(path); + assertTrue(tree.exists()); + assertSame(TreePermission.ALL, pp.getTreePermission(tree, TreePermission.EMPTY)); } } finally { testSession.close(); Modified: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/privilege/PrivilegeBitsTest.java URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/privilege/PrivilegeBitsTest.java?rev=1532771&r1=1532770&r2=1532771&view=diff ============================================================================== --- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/privilege/PrivilegeBitsTest.java (original) +++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/privilege/PrivilegeBitsTest.java Wed Oct 16 14:00:51 2013 @@ -151,34 +151,6 @@ public class PrivilegeBitsTest extends A } @Test - public void testIncludesRead() { - // empty - assertFalse(PrivilegeBits.EMPTY.includesRead(Permissions.READ)); - - // other privilege bits - PrivilegeBits pb = READ_NODES_PRIVILEGE_BITS; - assertTrue(pb.includesRead(Permissions.READ_NODE)); - assertFalse(pb.includesRead(Permissions.READ_PROPERTY)); - assertFalse(pb.includesRead(Permissions.READ)); - - assertTrue(PrivilegeBits.getInstance(pb).includesRead(Permissions.READ_NODE)); - - PrivilegeBits mod = PrivilegeBits.getInstance(); - for (int i = 0; i < 100; i++) { - mod.add(pb); - assertTrue(mod.includesRead(Permissions.READ_NODE)); - - pb = pb.nextBits(); - assertFalse(pb.toString(), pb.includesRead(Permissions.READ_NODE)); - assertFalse(PrivilegeBits.getInstance(pb).includesRead(Permissions.READ_NODE)); - - PrivilegeBits modifiable = PrivilegeBits.getInstance(pb); - modifiable.add(READ_NODES_PRIVILEGE_BITS); - assertTrue(modifiable.includesRead(Permissions.READ_NODE)); - } - } - - @Test public void testIncludes() { // empty assertTrue(PrivilegeBits.EMPTY.includes(PrivilegeBits.EMPTY)); @@ -280,21 +252,18 @@ public class PrivilegeBitsTest extends A assertTrue(tmp.includes(pb)); assertFalse(tmp.includes(nxt)); if (READ_NODES_PRIVILEGE_BITS.equals(pb)) { - assertTrue(tmp.includesRead(Permissions.READ_NODE)); + assertTrue(tmp.includes(PrivilegeBits.BUILT_IN.get(PrivilegeConstants.REP_READ_NODES))); } else { - assertFalse(tmp.includesRead(Permissions.READ_NODE)); + assertFalse(tmp.includes(PrivilegeBits.BUILT_IN.get(PrivilegeConstants.REP_READ_NODES))); } tmp.add(nxt); assertTrue(tmp.includes(pb) && tmp.includes(nxt)); if (READ_NODES_PRIVILEGE_BITS.equals(pb)) { - assertTrue(tmp.includesRead(Permissions.READ_NODE)); assertTrue(tmp.includes(READ_NODES_PRIVILEGE_BITS)); } else { - assertFalse(tmp.toString(), tmp.includesRead(Permissions.READ_NODE)); assertFalse(tmp.includes(READ_NODES_PRIVILEGE_BITS)); } tmp.add(READ_NODES_PRIVILEGE_BITS); - assertTrue(tmp.includesRead(Permissions.READ_NODE)); assertTrue(tmp.includes(READ_NODES_PRIVILEGE_BITS)); pb = nxt;
