Author: angela
Date: Thu May 4 11:15:02 2017
New Revision: 1793770
URL: http://svn.apache.org/viewvc?rev=1793770&view=rev
Log:
OAK-6169 : Add /jcr:root to o.a.j.oak.spi.query.QueryConstants
OAK-6168 : UserUtil.getAuthorizableRootPath when user/group path are equal or
nested
OAK-5882 : Improve coverage for oak.security code in oak-core (wip)
minor improvement to simplify QueryUtil
Added:
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/query/QueryUtilTest.java
(with props)
Modified:
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/AccessControlManagerImpl.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/query/QueryUtil.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/query/QueryConstants.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/util/UserUtil.java
Modified:
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/AccessControlManagerImpl.java
URL:
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/AccessControlManagerImpl.java?rev=1793770&r1=1793769&r2=1793770&view=diff
==============================================================================
---
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/AccessControlManagerImpl.java
(original)
+++
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/AccessControlManagerImpl.java
Thu May 4 11:15:02 2017
@@ -51,7 +51,6 @@ import com.google.common.base.Predicate;
import com.google.common.collect.ImmutableSet;
import com.google.common.collect.Iterables;
import com.google.common.collect.Lists;
-import com.google.common.collect.Maps;
import com.google.common.collect.Sets;
import com.google.common.primitives.Ints;
import org.apache.jackrabbit.JcrConstants;
@@ -75,6 +74,7 @@ import org.apache.jackrabbit.oak.plugins
import org.apache.jackrabbit.oak.plugins.nodetype.ReadOnlyNodeTypeManager;
import
org.apache.jackrabbit.oak.security.authorization.permission.PermissionUtil;
import
org.apache.jackrabbit.oak.security.authorization.restriction.PrincipalRestrictionProvider;
+import org.apache.jackrabbit.oak.spi.query.QueryConstants;
import org.apache.jackrabbit.oak.spi.security.ConfigurationParameters;
import org.apache.jackrabbit.oak.spi.security.SecurityProvider;
import org.apache.jackrabbit.oak.spi.security.authorization.accesscontrol.ACE;
@@ -559,7 +559,7 @@ public class AccessControlManagerImpl ex
@Nonnull
private static Result searchAces(@Nonnull Set<Principal> principals,
@Nonnull Root root) throws RepositoryException {
- StringBuilder stmt = new StringBuilder("/jcr:root");
+ StringBuilder stmt = new
StringBuilder(QueryConstants.SEARCH_ROOT_PATH);
stmt.append("//element(*,");
stmt.append(NT_REP_ACE);
stmt.append(")[");
Modified:
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/query/QueryUtil.java
URL:
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/query/QueryUtil.java?rev=1793770&r1=1793769&r2=1793770&view=diff
==============================================================================
---
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/query/QueryUtil.java
(original)
+++
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/query/QueryUtil.java
Thu May 4 11:15:02 2017
@@ -24,6 +24,7 @@ import javax.jcr.Value;
import org.apache.jackrabbit.api.security.user.QueryBuilder;
import org.apache.jackrabbit.oak.commons.QueryUtils;
import org.apache.jackrabbit.oak.namepath.NamePathMapper;
+import org.apache.jackrabbit.oak.spi.query.QueryConstants;
import org.apache.jackrabbit.oak.spi.security.ConfigurationParameters;
import org.apache.jackrabbit.oak.spi.security.user.AuthorizableType;
import org.apache.jackrabbit.oak.spi.security.user.UserConstants;
@@ -46,17 +47,8 @@ public final class QueryUtil {
*/
@Nonnull
public static String getSearchRoot(AuthorizableType type,
ConfigurationParameters config) {
- String path;
- if (type == AuthorizableType.USER) {
- path = UserUtil.getAuthorizableRootPath(config,
AuthorizableType.USER);
- } else if (type == AuthorizableType.GROUP) {
- path = UserUtil.getAuthorizableRootPath(config,
AuthorizableType.GROUP);
- } else {
- path = UserUtil.getAuthorizableRootPath(config,
AuthorizableType.AUTHORIZABLE);
- }
- StringBuilder searchRoot = new StringBuilder();
- searchRoot.append("/jcr:root").append(path);
- return searchRoot.toString();
+ String path = UserUtil.getAuthorizableRootPath(config, type);
+ return QueryConstants.SEARCH_ROOT_PATH + path;
}
/**
Modified:
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/query/QueryConstants.java
URL:
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/query/QueryConstants.java?rev=1793770&r1=1793769&r2=1793770&view=diff
==============================================================================
---
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/query/QueryConstants.java
(original)
+++
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/query/QueryConstants.java
Thu May 4 11:15:02 2017
@@ -50,4 +50,5 @@ public abstract class QueryConstants {
*/
public static final String FUNCTION_RESTRICTION_PREFIX = "function*";
+ public static final String SEARCH_ROOT_PATH = "/jcr:root";
}
\ No newline at end of file
Modified:
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/util/UserUtil.java
URL:
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/util/UserUtil.java?rev=1793770&r1=1793769&r2=1793770&view=diff
==============================================================================
---
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/util/UserUtil.java
(original)
+++
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/util/UserUtil.java
Thu May 4 11:15:02 2017
@@ -112,7 +112,7 @@ public final class UserUtil implements U
default:
path =
parameters.getConfigValue(UserConstants.PARAM_USER_PATH,
UserConstants.DEFAULT_USER_PATH);
String groupRoot =
parameters.getConfigValue(UserConstants.PARAM_GROUP_PATH,
UserConstants.DEFAULT_GROUP_PATH);
- while (!Text.isDescendant(path, groupRoot)) {
+ while (!Text.isDescendantOrEqual(path, groupRoot)) {
path = Text.getRelativeParent(path, 1);
}
}
Added:
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/query/QueryUtilTest.java
URL:
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/query/QueryUtilTest.java?rev=1793770&view=auto
==============================================================================
---
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/query/QueryUtilTest.java
(added)
+++
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/query/QueryUtilTest.java
Thu May 4 11:15:02 2017
@@ -0,0 +1,127 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.oak.security.user.query;
+
+import java.util.Map;
+
+import javax.annotation.Nonnull;
+
+import com.google.common.collect.ImmutableMap;
+import org.apache.jackrabbit.oak.spi.query.QueryConstants;
+import org.apache.jackrabbit.oak.spi.security.ConfigurationParameters;
+import org.apache.jackrabbit.oak.spi.security.user.AuthorizableType;
+import org.apache.jackrabbit.oak.spi.security.user.UserConstants;
+import org.junit.Test;
+
+import static org.junit.Assert.assertEquals;
+
+public class QueryUtilTest {
+
+ private static void assertSearchRoot(@Nonnull Map<AuthorizableType,
String> mapping, @Nonnull ConfigurationParameters params) {
+ for (AuthorizableType type : mapping.keySet()) {
+ String expected = QueryConstants.SEARCH_ROOT_PATH +
mapping.get(type);
+ assertEquals(expected, QueryUtil.getSearchRoot(type, params));
+ }
+ }
+
+ @Test
+ public void testGetSearchRootDefault() {
+ Map<AuthorizableType, String> defaultPaths = ImmutableMap.of(
+ AuthorizableType.USER, UserConstants.DEFAULT_USER_PATH,
+ AuthorizableType.GROUP, UserConstants.DEFAULT_GROUP_PATH,
+ AuthorizableType.AUTHORIZABLE,
"/rep:security/rep:authorizables");
+
+ assertSearchRoot(defaultPaths, ConfigurationParameters.EMPTY);
+ }
+
+ @Test
+ public void testGetSearchRootSingleConfiguredPath() {
+ String path = "/configured/user_and_group/path";
+
+ for (AuthorizableType type : AuthorizableType.values()) {
+ assertEquals(QueryConstants.SEARCH_ROOT_PATH + path,
QueryUtil.getSearchRoot(type,
ConfigurationParameters.of(UserConstants.PARAM_USER_PATH, path,
UserConstants.PARAM_GROUP_PATH, path)));
+ }
+ }
+
+ @Test
+ public void testGetSearchRootUserPathParentOfGroup() {
+ ConfigurationParameters params = ConfigurationParameters.of(
+ UserConstants.PARAM_USER_PATH, "/configured/users",
+ UserConstants.PARAM_GROUP_PATH, "/configured/users/groups");
+
+ Map<AuthorizableType, String> paths = ImmutableMap.of(
+ AuthorizableType.USER, "/configured/users",
+ AuthorizableType.GROUP, "/configured/users/groups",
+ AuthorizableType.AUTHORIZABLE, "/configured/users");
+
+ assertSearchRoot(paths, params);
+ }
+
+ @Test
+ public void testGetSearchRootGroupPathParentOfUser() {
+ ConfigurationParameters params = ConfigurationParameters.of(
+ UserConstants.PARAM_USER_PATH, "/configured/groups/users",
+ UserConstants.PARAM_GROUP_PATH, "/configured/groups");
+
+ Map<AuthorizableType, String> paths = ImmutableMap.of(
+ AuthorizableType.USER, "/configured/groups/users",
+ AuthorizableType.GROUP, "/configured/groups",
+ AuthorizableType.AUTHORIZABLE, "/configured/groups");
+
+ assertSearchRoot(paths, params);
+ }
+
+ @Test
+ public void testGetSearchRootNoCommonAncestor() {
+ ConfigurationParameters params = ConfigurationParameters.of(
+ UserConstants.PARAM_USER_PATH, "/users",
+ UserConstants.PARAM_GROUP_PATH, "/groups");
+
+ Map<AuthorizableType, String> paths = ImmutableMap.of(
+ AuthorizableType.USER, "/users",
+ AuthorizableType.GROUP, "/groups",
+ AuthorizableType.AUTHORIZABLE, "/");
+
+ assertSearchRoot(paths, params);
+ }
+
+ @Test
+ public void testGetSearchRoot() {
+ ConfigurationParameters params = ConfigurationParameters.of(
+ UserConstants.PARAM_USER_PATH, "/configured/user/path",
+ UserConstants.PARAM_GROUP_PATH, "/configured/group/path");
+
+ Map<AuthorizableType, String> paths = ImmutableMap.of(
+ AuthorizableType.USER, "/configured/user/path",
+ AuthorizableType.GROUP, "/configured/group/path",
+ AuthorizableType.AUTHORIZABLE, "/configured");
+
+ assertSearchRoot(paths, params);
+ }
+
+ @Test
+ public void testNodeTypeName() {
+ Map<AuthorizableType, String> ntNames = ImmutableMap.of(
+ AuthorizableType.USER, UserConstants.NT_REP_USER,
+ AuthorizableType.GROUP, UserConstants.NT_REP_GROUP,
+ AuthorizableType.AUTHORIZABLE,
UserConstants.NT_REP_AUTHORIZABLE);
+
+ for (AuthorizableType type : ntNames.keySet()) {
+ assertEquals(ntNames.get(type), QueryUtil.getNodeTypeName(type));
+ }
+ }
+}
\ No newline at end of file
Propchange:
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/query/QueryUtilTest.java
------------------------------------------------------------------------------
svn:eol-style = native