Author: angela
Date: Wed Oct 23 14:14:20 2013
New Revision: 1535035
URL: http://svn.apache.org/r1535035
Log:
OAK-527: permissions (wip)
- rep:index property is obsolete as index forms the node name
Modified:
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionEntry.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionHook.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/permission/PermissionConstants.java
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/permission/AbstractPermissionHookTest.java
Modified:
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionEntry.java
URL:
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionEntry.java?rev=1535035&r1=1535034&r2=1535035&view=diff
==============================================================================
---
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionEntry.java
(original)
+++
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionEntry.java
Wed Oct 23 14:14:20 2013
@@ -16,6 +16,7 @@
*/
package org.apache.jackrabbit.oak.security.authorization.permission;
+import java.util.Set;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
@@ -25,11 +26,15 @@ import org.apache.jackrabbit.oak.api.Tre
import org.apache.jackrabbit.oak.api.Type;
import org.apache.jackrabbit.oak.commons.PathUtils;
import
org.apache.jackrabbit.oak.spi.security.authorization.permission.PermissionConstants;
+import
org.apache.jackrabbit.oak.spi.security.authorization.restriction.Restriction;
import
org.apache.jackrabbit.oak.spi.security.authorization.restriction.RestrictionPattern;
import
org.apache.jackrabbit.oak.spi.security.authorization.restriction.RestrictionProvider;
import org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeBits;
+import org.apache.jackrabbit.oak.spi.state.NodeBuilder;
import org.apache.jackrabbit.util.Text;
+import static org.apache.jackrabbit.JcrConstants.JCR_PRIMARYTYPE;
+
/**
* PermissionEntry... TODO
*/
@@ -63,11 +68,21 @@ final class PermissionEntry implements C
PermissionEntry(String path, Tree entryTree, RestrictionProvider
restrictionsProvider) {
this.path = path;
isAllow = entryTree.getProperty(REP_IS_ALLOW).getValue(Type.BOOLEAN);
+ index = Integer.parseInt(entryTree.getName());
privilegeBits =
PrivilegeBits.getInstance(entryTree.getProperty(REP_PRIVILEGE_BITS));
- index =
entryTree.getProperty(REP_INDEX).getValue(Type.LONG).intValue();
restriction = restrictionsProvider.getPattern(path, entryTree);
}
+ static void write(NodeBuilder parent, boolean isAllow, int index,
PrivilegeBits privilegeBits, Set<Restriction> restrictions) {
+ NodeBuilder n = parent.child(String.valueOf(index))
+ .setProperty(JCR_PRIMARYTYPE, NT_REP_PERMISSIONS, Type.NAME)
+ .setProperty(REP_IS_ALLOW, isAllow)
+
.setProperty(privilegeBits.asPropertyState(REP_PRIVILEGE_BITS));
+ for (Restriction restriction : restrictions) {
+ n.setProperty(restriction.getProperty());
+ }
+ }
+
public boolean matches(@Nonnull Tree tree, @Nullable PropertyState
property) {
return restriction == RestrictionPattern.EMPTY ||
restriction.matches(tree, property);
}
Modified:
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionHook.java
URL:
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionHook.java?rev=1535035&r1=1535034&r2=1535035&view=diff
==============================================================================
---
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionHook.java
(original)
+++
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionHook.java
Wed Oct 23 14:14:20 2013
@@ -410,14 +410,7 @@ public class PermissionHook implements P
}
}
for (AcEntry ace: list) {
- NodeBuilder n = parent.child(String.valueOf(ace.index))
- .setProperty(JCR_PRIMARYTYPE, NT_REP_PERMISSIONS,
Type.NAME)
- .setProperty(REP_IS_ALLOW, ace.isAllow)
- .setProperty(REP_INDEX, ace.index)
-
.setProperty(ace.privilegeBits.asPropertyState(REP_PRIVILEGE_BITS));
- for (Restriction restriction : ace.restrictions) {
- n.setProperty(restriction.getProperty());
- }
+ PermissionEntry.write(parent, ace.isAllow, ace.index,
ace.privilegeBits, ace.restrictions);
numEntries++;
}
return numEntries;
@@ -431,16 +424,17 @@ public class PermissionHook implements P
private final PrivilegeBits privilegeBits;
private final boolean isAllow;
private final Set<Restriction> restrictions;
- private final long index;
+ private final int index;
private int hashCode = -1;
- private AcEntry(@Nonnull Tree aceTree, @Nonnull String
accessControlledPath, long index) {
+ private AcEntry(@Nonnull Tree aceTree, @Nonnull String
accessControlledPath, int index) {
this.accessControlledPath = accessControlledPath;
+ this.index = index;
+
principalName =
Text.escapeIllegalJcrChars(checkNotNull(TreeUtil.getString(aceTree,
REP_PRINCIPAL_NAME)));
privilegeBits = bitsProvider.getBits(TreeUtil.getStrings(aceTree,
REP_PRIVILEGES));
isAllow =
NT_REP_GRANT_ACE.equals(TreeUtil.getPrimaryTypeName(aceTree));
restrictions =
restrictionProvider.readRestrictions(Strings.emptyToNull(accessControlledPath),
aceTree);
- this.index = index;
}
@Override
Modified:
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/permission/PermissionConstants.java
URL:
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/permission/PermissionConstants.java?rev=1535035&r1=1535034&r2=1535035&view=diff
==============================================================================
---
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/permission/PermissionConstants.java
(original)
+++
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/permission/PermissionConstants.java
Wed Oct 23 14:14:20 2013
@@ -40,11 +40,10 @@ public interface PermissionConstants {
String REP_NUM_PERMISSIONS = "rep:numPermissions";
String REP_IS_ALLOW = "rep:isAllow";
String REP_PRIVILEGE_BITS = "rep:privileges";
- String REP_INDEX = "rep:index";
Set<String> PERMISSION_NODETYPE_NAMES =
ImmutableSet.of(NT_REP_PERMISSIONS, NT_REP_PERMISSION_STORE);
Set<String> PERMISSION_NODE_NAMES = ImmutableSet.of(REP_PERMISSION_STORE);
- Set<String> PERMISSION_PROPERTY_NAMES =
ImmutableSet.of(REP_ACCESS_CONTROLLED_PATH, REP_PRIVILEGE_BITS, REP_INDEX);
+ Set<String> PERMISSION_PROPERTY_NAMES =
ImmutableSet.of(REP_ACCESS_CONTROLLED_PATH, REP_PRIVILEGE_BITS);
/**
* Configuration parameter to enforce backwards compatible permission
Modified:
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/permission/AbstractPermissionHookTest.java
URL:
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/permission/AbstractPermissionHookTest.java?rev=1535035&r1=1535034&r2=1535035&view=diff
==============================================================================
---
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/permission/AbstractPermissionHookTest.java
(original)
+++
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/permission/AbstractPermissionHookTest.java
Wed Oct 23 14:14:20 2013
@@ -134,6 +134,10 @@ public abstract class AbstractPermission
}
}
+ static protected void assertIndex(int expected, Tree entry) {
+ assertEquals(expected, Integer.parseInt(entry.getName()));
+ }
+
@Test
public void testModifyRestrictions() throws Exception {
Tree testAce = root.getTree(testPath +
"/rep:policy").getChildren().iterator().next();
@@ -174,7 +178,7 @@ public abstract class AbstractPermission
@Test
public void testReorderAce() throws Exception {
Tree entry = getEntry(testPrincipalName, testPath, 0);
- assertEquals(0,
entry.getProperty(REP_INDEX).getValue(Type.LONG).longValue());
+ assertIndex(0, entry);
Tree aclTree = root.getTree(testPath + "/rep:policy");
aclTree.getChildren().iterator().next().orderBefore(null);
@@ -182,13 +186,13 @@ public abstract class AbstractPermission
root.commit();
entry = getEntry(testPrincipalName, testPath, 1);
- assertEquals(1,
entry.getProperty(REP_INDEX).getValue(Type.LONG).longValue());
+ assertIndex(1, entry);
}
@Test
public void testReorderAndAddAce() throws Exception {
Tree entry = getEntry(testPrincipalName, testPath, 0);
- assertEquals(0,
entry.getProperty(REP_INDEX).getValue(Type.LONG).longValue());
+ assertIndex(0, entry);
Tree aclTree = root.getTree(testPath + "/rep:policy");
// reorder
@@ -201,13 +205,13 @@ public abstract class AbstractPermission
root.commit();
entry = getEntry(testPrincipalName, testPath, 1);
- assertEquals(1,
entry.getProperty(REP_INDEX).getValue(Type.LONG).longValue());
+ assertIndex(1, entry);
}
@Test
public void testReorderAddAndRemoveAces() throws Exception {
Tree entry = getEntry(testPrincipalName, testPath, 0);
- assertEquals(0,
entry.getProperty(REP_INDEX).getValue(Type.LONG).longValue());
+ assertIndex(0, entry);
Tree aclTree = root.getTree(testPath + "/rep:policy");
@@ -231,7 +235,7 @@ public abstract class AbstractPermission
root.commit();
entry = getEntry(testPrincipalName, testPath, 1);
- assertEquals(1,
entry.getProperty(REP_INDEX).getValue(Type.LONG).longValue());
+ assertIndex(1, entry);
}
/**
@@ -261,10 +265,10 @@ public abstract class AbstractPermission
root.commit();
Tree entry = getEntry(principals.get(2).getName(), testPath, 1);
- assertEquals(1,
entry.getProperty(REP_INDEX).getValue(Type.LONG).longValue());
+ assertIndex(1, entry);
entry = getEntry(principals.get(1).getName(), testPath, 2);
- assertEquals(2,
entry.getProperty(REP_INDEX).getValue(Type.LONG).longValue());
+ assertIndex(2, entry);
}
/**
@@ -293,10 +297,10 @@ public abstract class AbstractPermission
root.commit();
Tree entry = getEntry(EveryonePrincipal.NAME, testPath, 1);
- assertEquals(1,
entry.getProperty(REP_INDEX).getValue(Type.LONG).longValue());
+ assertIndex(1, entry);
entry = getEntry(principals.get(2).getName(), testPath, 3);
- assertEquals(3,
entry.getProperty(REP_INDEX).getValue(Type.LONG).longValue());
+ assertIndex(3, entry);
for (String pName : new String[]{testPrincipalName,
principals.get(0).getName()}) {
try {
