Author: angela
Date: Thu Feb 20 14:17:33 2014
New Revision: 1570201
URL: http://svn.apache.org/r1570201
Log:
cleanup TODOs
Modified:
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/CompiledPermissionImpl.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/MoveAwarePermissionValidator.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionEntry.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionEntryCache.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionEntryProviderImpl.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionProviderImpl.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/ReadStatus.java
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionStoreTest.java
Modified:
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/CompiledPermissionImpl.java
URL:
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/CompiledPermissionImpl.java?rev=1570201&r1=1570200&r2=1570201&view=diff
==============================================================================
---
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/CompiledPermissionImpl.java
(original)
+++
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/CompiledPermissionImpl.java
Thu Feb 20 14:17:33 2014
@@ -41,6 +41,7 @@ import org.apache.jackrabbit.oak.core.Im
import org.apache.jackrabbit.oak.plugins.identifier.IdentifierManager;
import org.apache.jackrabbit.oak.plugins.tree.ImmutableTree;
import org.apache.jackrabbit.oak.plugins.version.VersionConstants;
+import org.apache.jackrabbit.oak.spi.security.ConfigurationParameters;
import
org.apache.jackrabbit.oak.spi.security.authorization.AuthorizationConfiguration;
import
org.apache.jackrabbit.oak.spi.security.authorization.permission.PermissionConstants;
import
org.apache.jackrabbit.oak.spi.security.authorization.permission.Permissions;
@@ -59,10 +60,6 @@ import static com.google.common.collect.
import static
org.apache.jackrabbit.oak.spi.security.authorization.permission.TreePermission.ALL;
import static
org.apache.jackrabbit.oak.spi.security.authorization.permission.TreePermission.EMPTY;
-/**
- * TODO: WIP
- * FIXME: decide on where to filter out hidden items (OAK-753)
- */
final class CompiledPermissionImpl implements CompiledPermissions,
PermissionConstants {
private static final Logger log =
LoggerFactory.getLogger(CompiledPermissionImpl.class);
@@ -111,8 +108,9 @@ final class CompiledPermissionImpl imple
}
}
- userStore = new PermissionEntryProviderImpl(store, cache, userNames);
- groupStore = new PermissionEntryProviderImpl(store, cache, groupNames);
+ ConfigurationParameters options = acConfig.getParameters();
+ userStore = new PermissionEntryProviderImpl(store, cache, userNames,
options);
+ groupStore = new PermissionEntryProviderImpl(store, cache, groupNames,
options);
typeProvider = new TreeTypeProvider(acConfig.getContext());
}
@@ -158,7 +156,6 @@ final class CompiledPermissionImpl imple
int type = typeProvider.getType(tree, parentType);
switch (type) {
case TreeTypeProvider.TYPE_HIDDEN:
- // TODO: OAK-753 decide on where to filter out hidden items.
return ALL;
case TreeTypeProvider.TYPE_VERSION:
String ntName = TreeUtil.getPrimaryTypeName(tree);
@@ -173,10 +170,12 @@ final class CompiledPermissionImpl imple
log.warn("Cannot retrieve versionable node for " +
tree.getPath());
return EMPTY;
} else {
- // TODO: may return wrong results in case of
restrictions
- // TODO that would match the path of the versionable
node
- // TODO (or item in the subtree) but that item no
longer exists
- // TODO -> evaluation by path would be more accurate
(-> see #isGranted)
+ /**
+ * NOTE: may return wrong results in case of
restrictions
+ * that would match the path of the versionable node
+ * (or item in the subtree) but that item no longer
exists
+ * -> evaluation by path might be more accurate (->
see #isGranted)
+ */
while (!versionableTree.exists()) {
versionableTree = versionableTree.getParent();
}
@@ -212,7 +211,6 @@ final class CompiledPermissionImpl imple
int type = typeProvider.getType(tree);
switch (type) {
case TreeTypeProvider.TYPE_HIDDEN:
- // TODO: OAK-753 decide on where to filter out hidden items.
return true;
case TreeTypeProvider.TYPE_VERSION:
Tree versionableTree = getVersionableTree(tree);
@@ -336,7 +334,6 @@ final class CompiledPermissionImpl imple
Tree versionableTree = getVersionableTree(tree);
if (versionableTree == null || !versionableTree.exists()) {
// unable to determine the location of the versionable
item -> deny access.
- // TODO : add proper handling for cases where the
versionable node does not exist (anymore)
return PrivilegeBits.EMPTY;
} else {
return getPrivilegeBits(versionableTree);
@@ -513,13 +510,11 @@ final class CompiledPermissionImpl imple
@Override
public boolean canReadAll() {
- // TODO: best effort approach to detect full read-access within a
given tree.
return readStatus != null && readStatus.allowsAll();
}
@Override
public boolean canReadProperties() {
- // TODO: best effort approach to detect full read-property
permission
return readStatus != null && readStatus.allowsProperties();
}
Modified:
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/MoveAwarePermissionValidator.java
URL:
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/MoveAwarePermissionValidator.java?rev=1570201&r1=1570200&r2=1570201&view=diff
==============================================================================
---
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/MoveAwarePermissionValidator.java
(original)
+++
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/MoveAwarePermissionValidator.java
Thu Feb 20 14:17:33 2014
@@ -35,9 +35,6 @@ import org.apache.jackrabbit.oak.spi.sta
import static org.apache.jackrabbit.oak.api.CommitFailedException.ACCESS;
-/**
- * MoveAwarePermissionValidator... TODO
- */
public class MoveAwarePermissionValidator extends PermissionValidator {
private final MoveContext moveCtx;
@@ -125,7 +122,6 @@ public class MoveAwarePermissionValidato
}
private boolean processAdd(ImmutableTree child,
MoveAwarePermissionValidator validator) throws CommitFailedException {
- // FIXME: respect and properly handle move-operations in the
subtree
String sourcePath = moveTracker.getSourcePath(child.getPath());
if (sourcePath != null) {
ImmutableTree source = rootBefore.getTree(sourcePath);
@@ -140,7 +136,6 @@ public class MoveAwarePermissionValidato
}
private boolean processDelete(ImmutableTree child,
MoveAwarePermissionValidator validator) throws CommitFailedException {
- // FIXME: respect and properly handle move-operations in the
subtree
String destPath = moveTracker.getDestPath(child.getPath());
if (destPath != null) {
ImmutableTree dest = rootAfter.getTree(destPath);
Modified:
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionEntry.java
URL:
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionEntry.java?rev=1570201&r1=1570200&r2=1570201&view=diff
==============================================================================
---
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionEntry.java
(original)
+++
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionEntry.java
Thu Feb 20 14:17:33 2014
@@ -35,9 +35,6 @@ import org.apache.jackrabbit.util.Text;
import static org.apache.jackrabbit.JcrConstants.JCR_PRIMARYTYPE;
-/**
- * PermissionEntry... TODO
- */
final class PermissionEntry implements Comparable<PermissionEntry>,
PermissionConstants {
/**
Modified:
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionEntryCache.java
URL:
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionEntryCache.java?rev=1570201&r1=1570200&r2=1570201&view=diff
==============================================================================
---
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionEntryCache.java
(original)
+++
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionEntryCache.java
Thu Feb 20 14:17:33 2014
@@ -36,7 +36,7 @@ import org.apache.jackrabbit.oak.spi.sec
* Every newly loaded principal permission set can be pushed down to the base
* cache if it does not exist there yet, or if it's newer.
*
- * Todo:
+ * TODO:
* - currently only the entries of 'everyone' are globally cached. this should
be improved to dynamically cache those
* principals that are used often
* - report cache usage metrics
Modified:
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionEntryProviderImpl.java
URL:
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionEntryProviderImpl.java?rev=1570201&r1=1570200&r2=1570201&view=diff
==============================================================================
---
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionEntryProviderImpl.java
(original)
+++
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionEntryProviderImpl.java
Thu Feb 20 14:17:33 2014
@@ -30,14 +30,14 @@ import com.google.common.base.Strings;
import com.google.common.collect.Iterators;
import org.apache.jackrabbit.commons.iterator.AbstractLazyIterator;
import org.apache.jackrabbit.oak.api.Tree;
+import org.apache.jackrabbit.oak.spi.security.ConfigurationParameters;
import
org.apache.jackrabbit.oak.spi.security.authorization.accesscontrol.AccessControlConstants;
-/**
- * {@code PermissionEntryProviderImpl} ... TODO
- */
class PermissionEntryProviderImpl implements PermissionEntryProvider {
- private static final long MAX_SIZE = 250; // TODO define size or make
configurable
+ public static final String EAGER_CACHE_SIZE_PARAM = "eagerCacheSize";
+
+ private static final long DEFAULT_SIZE = 250;
private final Set<String> principalNames;
@@ -49,11 +49,14 @@ class PermissionEntryProviderImpl implem
private final PermissionEntryCache.Local cache;
+ private final long maxSize;
+
PermissionEntryProviderImpl(@Nonnull PermissionStore store, @Nonnull
PermissionEntryCache.Local cache,
- @Nonnull Set<String> principalNames) {
+ @Nonnull Set<String> principalNames, @Nonnull
ConfigurationParameters options) {
this.store = store;
this.cache = cache;
this.principalNames = Collections.unmodifiableSet(principalNames);
+ this.maxSize = options.getConfigValue(EAGER_CACHE_SIZE_PARAM,
DEFAULT_SIZE);
init();
}
@@ -61,7 +64,7 @@ class PermissionEntryProviderImpl implem
long cnt = 0;
existingNames.clear();
for (String name: principalNames) {
- if (cnt > MAX_SIZE) {
+ if (cnt > maxSize) {
if (cache.hasEntries(store, name)) {
existingNames.add(name);
}
@@ -73,7 +76,7 @@ class PermissionEntryProviderImpl implem
}
}
}
- if (cnt < MAX_SIZE) {
+ if (cnt < maxSize) {
// cache all entries of all principals
pathEntryMap = new HashMap<String, Collection<PermissionEntry>>();
for (String name: principalNames) {
Modified:
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionProviderImpl.java
URL:
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionProviderImpl.java?rev=1570201&r1=1570200&r2=1570201&view=diff
==============================================================================
---
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionProviderImpl.java
(original)
+++
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionProviderImpl.java
Thu Feb 20 14:17:33 2014
@@ -40,9 +40,6 @@ import org.apache.jackrabbit.oak.spi.sec
import org.apache.jackrabbit.oak.spi.security.principal.SystemPrincipal;
import org.apache.jackrabbit.oak.plugins.tree.TreeLocation;
-/**
- * PermissionProviderImpl... TODO
- */
public class PermissionProviderImpl implements PermissionProvider,
AccessControlConstants, PermissionConstants {
private final Root root;
Modified:
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/ReadStatus.java
URL:
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/ReadStatus.java?rev=1570201&r1=1570200&r2=1570201&view=diff
==============================================================================
---
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/ReadStatus.java
(original)
+++
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/ReadStatus.java
Thu Feb 20 14:17:33 2014
@@ -21,9 +21,6 @@ import org.apache.jackrabbit.oak.spi.sec
import org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeBits;
import org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeConstants;
-/**
- * ReadStatus... TODO
- */
final class ReadStatus {
private static final int THIS = 1;
@@ -80,6 +77,7 @@ final class ReadStatus {
}
boolean allowsAll() {
- return false; // TODO: calculation of allows-all requires knowledge of
permissions defined in the subtree
+ // NOTE: calculation of allows-all requires knowledge of permissions
defined in the subtree
+ return false;
}
}
\ No newline at end of file
Modified:
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionStoreTest.java
URL:
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionStoreTest.java?rev=1570201&r1=1570200&r2=1570201&view=diff
==============================================================================
---
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionStoreTest.java
(original)
+++
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionStoreTest.java
Thu Feb 20 14:17:33 2014
@@ -40,9 +40,6 @@ import static org.junit.Assert.assertFal
import static org.junit.Assert.assertSame;
import static org.junit.Assert.assertTrue;
-/**
- * PermissionStoreTest... TODO
- */
public class PermissionStoreTest extends AbstractSecurityTest {
private AuthorizationConfiguration acConfig;
