Author: mduerig
Date: Tue Nov 26 14:38:29 2013
New Revision: 1545674
URL: http://svn.apache.org/r1545674
Log:
OAK-710 : PermissionValidator: Proper permission evaluation for moving/renaming
nodes (WIP)
Remove method unwrap from ImmutableTree, which duplicates method getNodeState
on AbstractTree and replace callers of the former with the latter
Modified:
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/core/ImmutableRoot.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/core/ImmutableTree.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/MoveAwarePermissionValidator.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionValidator.java
Modified:
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/core/ImmutableRoot.java
URL:
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/core/ImmutableRoot.java?rev=1545674&r1=1545673&r2=1545674&view=diff
==============================================================================
---
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/core/ImmutableRoot.java
(original)
+++
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/core/ImmutableRoot.java
Tue Nov 26 14:38:29 2013
@@ -18,7 +18,11 @@
*/
package org.apache.jackrabbit.oak.core;
+import static com.google.common.base.Preconditions.checkArgument;
+import static org.apache.jackrabbit.oak.commons.PathUtils.elements;
+
import java.io.InputStream;
+
import javax.annotation.Nonnull;
import org.apache.jackrabbit.oak.api.Blob;
@@ -32,9 +36,6 @@ import org.apache.jackrabbit.oak.query.Q
import org.apache.jackrabbit.oak.spi.commit.CommitHook;
import org.apache.jackrabbit.oak.spi.state.NodeState;
-import static com.google.common.base.Preconditions.checkArgument;
-import static org.apache.jackrabbit.oak.commons.PathUtils.elements;
-
/**
* Simple implementation of the Root interface that only supports simple read
* operations based on the {@code NodeState} (or {@code ImmutableTree})
@@ -112,7 +113,7 @@ public final class ImmutableRoot impleme
return new QueryEngineImpl() {
@Override
protected ExecutionContext getExecutionContext() {
- return new ExecutionContext(rootTree.unwrap(), rootTree, new
PropertyIndexProvider());
+ return new ExecutionContext(rootTree.getNodeState(), rootTree,
new PropertyIndexProvider());
}
};
}
Modified:
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/core/ImmutableTree.java
URL:
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/core/ImmutableTree.java?rev=1545674&r1=1545673&r2=1545674&view=diff
==============================================================================
---
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/core/ImmutableTree.java
(original)
+++
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/core/ImmutableTree.java
Tue Nov 26 14:38:29 2013
@@ -251,9 +251,6 @@ public final class ImmutableTree extends
}
//--------------------------------------------------------------------------
- public NodeState unwrap() {
- return state;
- }
public int getType() {
if (type == TreeTypeProvider.TYPE_NONE) {
Modified:
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/MoveAwarePermissionValidator.java
URL:
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/MoveAwarePermissionValidator.java?rev=1545674&r1=1545673&r2=1545674&view=diff
==============================================================================
---
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/MoveAwarePermissionValidator.java
(original)
+++
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/MoveAwarePermissionValidator.java
Tue Nov 26 14:38:29 2013
@@ -77,7 +77,7 @@ public class MoveAwarePermissionValidato
ImmutableTree parent = moveCtx.rootBefore.getTree("/");
TreePermission tp = getPermissionProvider().getTreePermission(parent,
TreePermission.EMPTY);
for (String n : source.getPath().split("/")) {
- tp = tp.getChildPermission(n, parent.getChild(n).unwrap());
+ tp = tp.getChildPermission(n, parent.getChild(n).getNodeState());
}
Validator validator = createValidator(source, dest, tp, this);
return new VisibleValidator(validator, true, false);
@@ -134,7 +134,7 @@ public class MoveAwarePermissionValidato
ImmutableTree rootTree = rootBefore.getTree("/");
TreePermission tp =
getPermissionProvider().getTreePermission(rootTree, TreePermission.EMPTY);
for (String seg : Text.explode(sourcePath, '/')) {
- tp = tp.getChildPermission(seg,
rootTree.getChild(seg).unwrap());
+ tp = tp.getChildPermission(seg,
rootTree.getChild(seg).getNodeState());
}
return diff(source, child, validator);
} // FIXME: else...
@@ -161,7 +161,7 @@ public class MoveAwarePermissionValidato
private boolean diff(ImmutableTree source, ImmutableTree dest,
MoveAwarePermissionValidator validator) throws
CommitFailedException {
Validator nextValidator = validator.visibleValidator(source, dest);
- CommitFailedException e = EditorDiff.process(nextValidator ,
source.unwrap(), dest.unwrap());
+ CommitFailedException e = EditorDiff.process(nextValidator ,
source.getNodeState(), dest.getNodeState());
if (e != null) {
throw e;
}
Modified:
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionValidator.java
URL:
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionValidator.java?rev=1545674&r1=1545673&r2=1545674&view=diff
==============================================================================
---
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionValidator.java
(original)
+++
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionValidator.java
Tue Nov 26 14:38:29 2013
@@ -16,6 +16,9 @@
*/
package org.apache.jackrabbit.oak.security.authorization.permission;
+import static com.google.common.base.Preconditions.checkNotNull;
+import static org.apache.jackrabbit.oak.api.CommitFailedException.ACCESS;
+
import javax.annotation.CheckForNull;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
@@ -39,9 +42,6 @@ import org.apache.jackrabbit.oak.spi.sta
import org.apache.jackrabbit.oak.util.ChildOrderDiff;
import org.apache.jackrabbit.oak.util.TreeUtil;
-import static com.google.common.base.Preconditions.checkNotNull;
-import static org.apache.jackrabbit.oak.api.CommitFailedException.ACCESS;
-
/**
* Validator implementation that checks for sufficient permission for all
* write operations executed by a given content session.
@@ -185,7 +185,7 @@ class PermissionValidator extends Defaul
}
return null; // no need for further validation down the subtree
} else {
- TreePermission tp =
parentPermission.getChildPermission(tree.getName(), tree.unwrap());
+ TreePermission tp =
parentPermission.getChildPermission(tree.getName(), tree.getNodeState());
if (!tp.isGranted(toTest)) {
throw new CommitFailedException(ACCESS, 0, "Access denied");
}
