Author: angela
Date: Mon Oct 21 15:02:04 2013
New Revision: 1534200
URL: http://svn.apache.org/r1534200
Log:
OAK-527: permissions (minor improvement)
Modified:
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AuthorizationConfigurationImpl.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/AccessControlValidator.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionHook.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionProviderImpl.java
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionProviderImplTest.java
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionStoreTest.java
Modified:
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AuthorizationConfigurationImpl.java
URL:
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AuthorizationConfigurationImpl.java?rev=1534200&r1=1534199&r2=1534200&view=diff
==============================================================================
---
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AuthorizationConfigurationImpl.java
(original)
+++
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AuthorizationConfigurationImpl.java
Mon Oct 21 15:02:04 2013
@@ -129,6 +129,6 @@ public class AuthorizationConfiguration
@Nonnull
@Override
public PermissionProvider getPermissionProvider(Root root, Set<Principal>
principals) {
- return new PermissionProviderImpl(root, principals,
getSecurityProvider());
+ return new PermissionProviderImpl(root, principals, this);
}
}
Modified:
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/AccessControlValidator.java
URL:
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/AccessControlValidator.java?rev=1534200&r1=1534199&r2=1534200&view=diff
==============================================================================
---
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/AccessControlValidator.java
(original)
+++
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/AccessControlValidator.java
Mon Oct 21 15:02:04 2013
@@ -252,7 +252,7 @@ class AccessControlValidator extends Def
private static void checkMixinTypes(Tree parentTree) throws
CommitFailedException {
Iterable<String> mixinNames = TreeUtil.getNames(parentTree,
JcrConstants.JCR_MIXINTYPES);
- if (mixinNames != null && Iterables.contains(mixinNames,
MIX_REP_REPO_ACCESS_CONTROLLABLE)) {
+ if (Iterables.contains(mixinNames, MIX_REP_REPO_ACCESS_CONTROLLABLE)) {
checkValidRepoAccessControlled(parentTree);
}
}
Modified:
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionHook.java
URL:
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionHook.java?rev=1534200&r1=1534199&r2=1534200&view=diff
==============================================================================
---
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionHook.java
(original)
+++
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionHook.java
Mon Oct 21 15:02:04 2013
@@ -24,6 +24,8 @@ import java.util.Set;
import javax.annotation.Nonnull;
+import com.google.common.base.Objects;
+import com.google.common.base.Strings;
import org.apache.jackrabbit.oak.api.CommitFailedException;
import org.apache.jackrabbit.oak.api.Tree;
import org.apache.jackrabbit.oak.api.Type;
@@ -47,9 +49,6 @@ import org.apache.jackrabbit.util.Text;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
-import com.google.common.base.Objects;
-import com.google.common.base.Strings;
-
import static com.google.common.base.Preconditions.checkNotNull;
import static org.apache.jackrabbit.JcrConstants.JCR_PRIMARYTYPE;
import static org.apache.jackrabbit.JcrConstants.JCR_SYSTEM;
@@ -90,7 +89,6 @@ public class PermissionHook implements P
private PrivilegeBitsProvider bitsProvider;
private Map<String, Acl> modified = new HashMap<String, Acl>();
-
private Map<String, Acl> deleted = new HashMap<String, Acl>();
public PermissionHook(String workspaceName, RestrictionProvider
restrictionProvider) {
@@ -114,10 +112,10 @@ public class PermissionHook implements P
}
private void apply() {
- for (Map.Entry<String, Acl> entry:deleted.entrySet()) {
+ for (Map.Entry<String, Acl> entry : deleted.entrySet()) {
entry.getValue().remove();
}
- for (Map.Entry<String, Acl> entry:modified.entrySet()) {
+ for (Map.Entry<String, Acl> entry : modified.entrySet()) {
entry.getValue().update();
}
}
@@ -154,7 +152,7 @@ public class PermissionHook implements P
// ignore hidden nodes
return true;
}
- String path = parentPath + "/" + name;
+ String path = parentPath + '/' + name;
Tree tree = getTree(name, after);
if (isACL(tree)) {
Acl acl = new Acl(parentPath, name, new AfterNode(path,
after));
@@ -171,7 +169,7 @@ public class PermissionHook implements P
// ignore hidden nodes
return true;
}
- String path = parentPath + "/" + name;
+ String path = parentPath + '/' + name;
Tree beforeTree = getTree(name, before);
Tree afterTree = getTree(name, after);
if (isACL(beforeTree)) {
@@ -205,7 +203,7 @@ public class PermissionHook implements P
// ignore hidden nodes
return true;
}
- String path = parentPath + "/" + name;
+ String path = parentPath + '/' + name;
Tree tree = getTree(name, before);
if (isACL(tree)) {
Acl acl = new Acl(parentPath, name, new BeforeNode(path,
before));
Modified:
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionProviderImpl.java
URL:
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionProviderImpl.java?rev=1534200&r1=1534199&r2=1534200&view=diff
==============================================================================
---
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionProviderImpl.java
(original)
+++
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionProviderImpl.java
Mon Oct 21 15:02:04 2013
@@ -31,7 +31,6 @@ import org.apache.jackrabbit.oak.core.Im
import org.apache.jackrabbit.oak.core.TreeTypeProviderImpl;
import org.apache.jackrabbit.oak.plugins.version.VersionConstants;
import org.apache.jackrabbit.oak.spi.security.SecurityConfiguration;
-import org.apache.jackrabbit.oak.spi.security.SecurityProvider;
import
org.apache.jackrabbit.oak.spi.security.authorization.AuthorizationConfiguration;
import
org.apache.jackrabbit.oak.spi.security.authorization.accesscontrol.AccessControlConstants;
import
org.apache.jackrabbit.oak.spi.security.authorization.permission.PermissionConstants;
@@ -59,11 +58,11 @@ public class PermissionProviderImpl impl
private ImmutableRoot immutableRoot;
public PermissionProviderImpl(@Nonnull Root root, @Nonnull Set<Principal>
principals,
- @Nonnull SecurityProvider securityProvider) {
+ @Nonnull AuthorizationConfiguration
acConfig) {
this.root = root;
this.workspaceName = root.getContentSession().getWorkspaceName();
+ this.acConfig = acConfig;
- acConfig =
securityProvider.getConfiguration(AuthorizationConfiguration.class);
immutableRoot = getImmutableRoot(root, acConfig);
if (principals.contains(SystemPrincipal.INSTANCE) ||
isAdmin(principals)) {
Modified:
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionProviderImplTest.java
URL:
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionProviderImplTest.java?rev=1534200&r1=1534199&r2=1534200&view=diff
==============================================================================
---
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionProviderImplTest.java
(original)
+++
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionProviderImplTest.java
Mon Oct 21 15:02:04 2013
@@ -62,6 +62,7 @@ public class PermissionProviderImplTest
);
private Group adminstrators;
+ private AuthorizationConfiguration config;
@Override
public void before() throws Exception {
@@ -71,6 +72,7 @@ public class PermissionProviderImplTest
UserManager uMgr = getUserManager(root);
adminstrators = uMgr.createGroup(ADMINISTRATOR_GROUP);
root.commit();
+ config =
getSecurityProvider().getConfiguration(AuthorizationConfiguration.class);
}
@Override
@@ -99,12 +101,16 @@ public class PermissionProviderImplTest
return
ConfigurationParameters.of(ImmutableMap.of(AuthorizationConfiguration.NAME,
acConfig));
}
+ private PermissionProvider createPermissionProvider(ContentSession
session) {
+ return new PermissionProviderImpl(session.getLatestRoot(),
session.getAuthInfo().getPrincipals(), config);
+ }
+
@Test
public void testReadPath() throws Exception {
ContentSession testSession = createTestSession();
try {
Root r = testSession.getLatestRoot();
- PermissionProvider pp = new
PermissionProviderImpl(testSession.getLatestRoot(),
testSession.getAuthInfo().getPrincipals(), getSecurityProvider());
+ PermissionProvider pp = createPermissionProvider(testSession);
Tree tree = r.getTree("/");
assertFalse(tree.exists());
@@ -124,7 +130,7 @@ public class PermissionProviderImplTest
public void testIsGrantedForReadPaths() throws Exception {
ContentSession testSession = createTestSession();
try {
- PermissionProvider pp = new
PermissionProviderImpl(testSession.getLatestRoot(),
testSession.getAuthInfo().getPrincipals(), getSecurityProvider());
+ PermissionProvider pp = createPermissionProvider(testSession) ;
for (String path : READ_PATHS) {
assertTrue(pp.isGranted(path,
Permissions.getString(Permissions.READ)));
assertTrue(pp.isGranted(path,
Permissions.getString(Permissions.READ_NODE)));
@@ -154,7 +160,7 @@ public class PermissionProviderImplTest
public void testGetPrivilegesForReadPaths() throws Exception {
ContentSession testSession = createTestSession();
try {
- PermissionProvider pp = new
PermissionProviderImpl(testSession.getLatestRoot(),
testSession.getAuthInfo().getPrincipals(), getSecurityProvider());
+ PermissionProvider pp = createPermissionProvider(testSession) ;
for (String path : READ_PATHS) {
Tree tree = root.getTree(path);
assertEquals(Collections.singleton(PrivilegeConstants.JCR_READ),
pp.getPrivileges(tree));
@@ -169,7 +175,7 @@ public class PermissionProviderImplTest
public void testHasPrivilegesForReadPaths() throws Exception {
ContentSession testSession = createTestSession();
try {
- PermissionProvider pp = new
PermissionProviderImpl(testSession.getLatestRoot(),
testSession.getAuthInfo().getPrincipals(), getSecurityProvider());
+ PermissionProvider pp = createPermissionProvider(testSession) ;
for (String path : READ_PATHS) {
Tree tree = root.getTree(path);
assertTrue(pp.hasPrivileges(tree,
PrivilegeConstants.JCR_READ));
@@ -193,8 +199,7 @@ public class PermissionProviderImplTest
Root r = testSession.getLatestRoot();
Root immutableRoot = new ImmutableRoot(r, TreeTypeProvider.EMPTY);
- PermissionProvider pp = new
PermissionProviderImpl(testSession.getLatestRoot(),
testSession.getAuthInfo().getPrincipals(), getSecurityProvider());
-
+ PermissionProvider pp = createPermissionProvider(testSession) ;
assertTrue(r.getTree("/").exists());
TreePermission tp =
pp.getTreePermission(immutableRoot.getTree("/"), TreePermission.EMPTY);
assertSame(TreePermission.ALL, tp);
Modified:
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionStoreTest.java
URL:
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionStoreTest.java?rev=1534200&r1=1534199&r2=1534200&view=diff
==============================================================================
---
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionStoreTest.java
(original)
+++
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionStoreTest.java
Mon Oct 21 15:02:04 2013
@@ -28,6 +28,7 @@ import org.apache.jackrabbit.oak.Abstrac
import org.apache.jackrabbit.oak.api.ContentSession;
import org.apache.jackrabbit.oak.api.Root;
import org.apache.jackrabbit.oak.api.Tree;
+import
org.apache.jackrabbit.oak.spi.security.authorization.AuthorizationConfiguration;
import
org.apache.jackrabbit.oak.spi.security.authorization.permission.PermissionConstants;
import
org.apache.jackrabbit.oak.spi.security.authorization.permission.PermissionProvider;
import
org.apache.jackrabbit.oak.spi.security.authorization.permission.Permissions;
@@ -44,6 +45,7 @@ import static org.junit.Assert.assertTru
*/
public class PermissionStoreTest extends AbstractSecurityTest {
+ private AuthorizationConfiguration acConfig;
private ContentSession testSession;
private Root testRoot;
@@ -60,6 +62,7 @@ public class PermissionStoreTest extends
root.commit();
testSession = createTestSession();
testRoot = testSession.getLatestRoot();
+ acConfig =
getSecurityProvider().getConfiguration(AuthorizationConfiguration.class);
}
@Override
@@ -84,6 +87,10 @@ public class PermissionStoreTest extends
}
}
+ private PermissionProviderImpl createPermissionProvider() {
+ return new PermissionProviderImpl(testRoot,
testSession.getAuthInfo().getPrincipals(), acConfig);
+ }
+
@Test
public void testReadAccess() {
Tree ps = testRoot.getTree(PermissionConstants.PERMISSIONS_STORE_PATH);
@@ -92,7 +99,7 @@ public class PermissionStoreTest extends
@Test
public void testGetTreePermission() {
- PermissionProvider pp = new PermissionProviderImpl(testRoot,
testSession.getAuthInfo().getPrincipals(), getSecurityProvider());
+ PermissionProvider pp = createPermissionProvider();
Tree t = root.getTree(PermissionConstants.PERMISSIONS_STORE_PATH);
assertSame(TreePermission.EMPTY, pp.getTreePermission(t,
TreePermission.ALL));
@@ -100,7 +107,7 @@ public class PermissionStoreTest extends
@Test
public void testIsGranted() {
- PermissionProvider pp = new PermissionProviderImpl(testRoot,
testSession.getAuthInfo().getPrincipals(), getSecurityProvider());
+ PermissionProvider pp = createPermissionProvider();
Tree t = root.getTree(PermissionConstants.PERMISSIONS_STORE_PATH);
@@ -110,7 +117,7 @@ public class PermissionStoreTest extends
@Test
public void testIsGrantedAtPath() {
- PermissionProvider pp = new PermissionProviderImpl(testRoot,
testSession.getAuthInfo().getPrincipals(), getSecurityProvider());
+ PermissionProvider pp = createPermissionProvider();
assertFalse(pp.isGranted(PermissionConstants.PERMISSIONS_STORE_PATH,
Session.ACTION_READ));
assertFalse(pp.isGranted(PermissionConstants.PERMISSIONS_STORE_PATH,
Session.ACTION_ADD_NODE));
@@ -118,7 +125,7 @@ public class PermissionStoreTest extends
@Test
public void testHasPrivilege() {
- PermissionProvider pp = new PermissionProviderImpl(testRoot,
testSession.getAuthInfo().getPrincipals(), getSecurityProvider());
+ PermissionProvider pp = createPermissionProvider();
Tree t = root.getTree(PermissionConstants.PERMISSIONS_STORE_PATH);
assertFalse(pp.hasPrivileges(t, PrivilegeConstants.JCR_READ));
@@ -126,7 +133,7 @@ public class PermissionStoreTest extends
@Test
public void testGetPrivilege() {
- PermissionProvider pp = new PermissionProviderImpl(testRoot,
testSession.getAuthInfo().getPrincipals(), getSecurityProvider());
+ PermissionProvider pp = createPermissionProvider();
Tree t = root.getTree(PermissionConstants.PERMISSIONS_STORE_PATH);
Set<String> privilegeNames = pp.getPrivileges(t);
