Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionProviderImpl.java URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionProviderImpl.java?rev=1691388&r1=1691387&r2=1691388&view=diff ============================================================================== --- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionProviderImpl.java (original) +++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionProviderImpl.java Thu Jul 16 12:59:17 2015 @@ -39,6 +39,8 @@ import org.apache.jackrabbit.oak.spi.sec import org.apache.jackrabbit.oak.spi.security.authorization.permission.TreePermission; import org.apache.jackrabbit.oak.spi.security.authorization.restriction.RestrictionProvider; import org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeBits; +import org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeBitsProvider; +import org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeConstants; public class PermissionProviderImpl implements PermissionProvider, AccessControlConstants, PermissionConstants, AggregatedPermissionProvider { @@ -110,41 +112,33 @@ public class PermissionProviderImpl impl boolean isAcContent = ctx.definesLocation(location); long permissions = Permissions.getPermissions(jcrActions, location, isAcContent); - boolean isGranted = false; - PropertyState property = location.getProperty(); - Tree tree = (property == null) ? location.getTree() : location.getParent().getTree(); - if (tree != null) { - isGranted = isGranted(tree, property, permissions); - } else if (!isVersionStorePath(oakPath)) { - isGranted = compiledPermissions.isGranted(oakPath, permissions); - } - return isGranted; + return isGranted(location, oakPath, permissions); } //---------------------------------------< AggregatedPermissionProvider >--- @Override - public boolean handles(@Nonnull String path, @Nonnull String jcrAction) { - return true; + public PrivilegeBits supportedPrivileges(@Nullable Tree tree, @Nullable PrivilegeBits privilegeBits) { + return (privilegeBits != null) ? privilegeBits : new PrivilegeBitsProvider(immutableRoot).getBits(PrivilegeConstants.JCR_ALL); } @Override - public boolean handles(@Nonnull Tree tree, @Nonnull PrivilegeBits privilegeBits) { - return true; + public long supportedPermissions(@Nullable Tree tree, @Nullable PropertyState property, long permissions) { + return permissions; } @Override - public boolean handles(@Nonnull Tree tree, long permission) { - return true; + public long supportedPermissions(@Nonnull TreeLocation location, long permissions) { + return permissions; } @Override - public boolean handles(@Nonnull TreePermission treePermission, long permission) { - return true; + public long supportedPermissions(@Nonnull TreePermission treePermission, long permissions) { + return permissions; } @Override - public boolean handlesRepositoryPermissions() { - return true; + public boolean isGranted(@Nonnull TreeLocation location, long permissions) { + return isGranted(location, location.getPath(), permissions); } //-------------------------------------------------------------------------- @@ -159,4 +153,16 @@ public class PermissionProviderImpl impl } return false; } + + private boolean isGranted(@Nonnull TreeLocation location, @Nonnull String oakPath, long permissions) { + boolean isGranted = false; + PropertyState property = location.getProperty(); + Tree tree = (property == null) ? location.getTree() : location.getParent().getTree(); + if (tree != null) { + isGranted = isGranted(tree, property, permissions); + } else if (!isVersionStorePath(location.getPath())) { + isGranted = compiledPermissions.isGranted(oakPath, permissions); + } + return isGranted; + } }
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/permission/AggregatedPermissionProvider.java URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/permission/AggregatedPermissionProvider.java?rev=1691388&r1=1691387&r2=1691388&view=diff ============================================================================== --- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/permission/AggregatedPermissionProvider.java (original) +++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/permission/AggregatedPermissionProvider.java Thu Jul 16 12:59:17 2015 @@ -17,8 +17,11 @@ package org.apache.jackrabbit.oak.spi.security.authorization.permission; import javax.annotation.Nonnull; +import javax.annotation.Nullable; +import org.apache.jackrabbit.oak.api.PropertyState; import org.apache.jackrabbit.oak.api.Tree; +import org.apache.jackrabbit.oak.plugins.tree.TreeLocation; import org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeBits; /** @@ -29,13 +32,24 @@ import org.apache.jackrabbit.oak.spi.sec */ public interface AggregatedPermissionProvider extends PermissionProvider { - boolean handles(@Nonnull String path, @Nonnull String jcrAction); + PrivilegeBits supportedPrivileges(@Nullable Tree tree, @Nullable PrivilegeBits privilegeBits); - boolean handles(@Nonnull Tree tree, @Nonnull PrivilegeBits privilegeBits); + long supportedPermissions(@Nullable Tree tree, @Nullable PropertyState property, long permissions); - boolean handles(@Nonnull Tree tree, long permission); + long supportedPermissions(@Nonnull TreeLocation location, long permissions); - boolean handles(@Nonnull TreePermission treePermission, long permission); + long supportedPermissions(@Nonnull TreePermission treePermission, long permissions); - boolean handlesRepositoryPermissions(); + /** + * Test if the specified permissions are granted for the set of {@code Principal}s + * associated with this provider instance for the item identified by the + * given {@code location} and optionally property. This method will only return {@code true} + * if all permissions are granted. + * + * @param location The {@code TreeLocation} to test the permissions for. + * @param permissions The permissions to be tested. + * @return {@code true} if the specified permissions are granted for the existing + * or non-existing item identified by the given location. + */ + boolean isGranted(@Nonnull TreeLocation location, long permissions); } \ No newline at end of file Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/permission/package-info.java URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/permission/package-info.java?rev=1691388&r1=1691387&r2=1691388&view=diff ============================================================================== --- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/permission/package-info.java (original) +++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/permission/package-info.java Thu Jul 16 12:59:17 2015 @@ -14,7 +14,7 @@ * See the License for the specific language governing permissions and * limitations under the License. */ -@Version("1.1.0") +@Version("2.0") @Export(optional = "provide:=true") package org.apache.jackrabbit.oak.spi.security.authorization.permission; Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/privilege/PrivilegeBits.java URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/privilege/PrivilegeBits.java?rev=1691388&r1=1691387&r2=1691388&view=diff ============================================================================== --- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/privilege/PrivilegeBits.java (original) +++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/privilege/PrivilegeBits.java Thu Jul 16 12:59:17 2015 @@ -355,6 +355,15 @@ public final class PrivilegeBits impleme } } + @Nonnull + public PrivilegeBits modifiable() { + if (d instanceof ModifiableData) { + return this; + } else { + return getInstance(this); + } + } + /** * Returns {@code true} if all privileges defined by the specified * {@code otherBits} are present in this instance. Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/privilege/package-info.java URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/privilege/package-info.java?rev=1691388&r1=1691387&r2=1691388&view=diff ============================================================================== --- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/privilege/package-info.java (original) +++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/privilege/package-info.java Thu Jul 16 12:59:17 2015 @@ -14,7 +14,7 @@ * See the License for the specific language governing permissions and * limitations under the License. */ -@Version("1.0") +@Version("1.1.0") @Export(optional = "provide:=true") package org.apache.jackrabbit.oak.spi.security.privilege;
