Author: angela
Date: Thu May  4 11:15:02 2017
New Revision: 1793770

URL: http://svn.apache.org/viewvc?rev=1793770&view=rev
Log:
OAK-6169 : Add /jcr:root to o.a.j.oak.spi.query.QueryConstants
OAK-6168 : UserUtil.getAuthorizableRootPath when user/group path are equal or 
nested 
OAK-5882 : Improve coverage for oak.security code in oak-core (wip)
minor improvement to simplify QueryUtil

Added:
    
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/query/QueryUtilTest.java
   (with props)
Modified:
    
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/AccessControlManagerImpl.java
    
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/query/QueryUtil.java
    
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/query/QueryConstants.java
    
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/util/UserUtil.java

Modified: 
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/AccessControlManagerImpl.java
URL: 
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/AccessControlManagerImpl.java?rev=1793770&r1=1793769&r2=1793770&view=diff
==============================================================================
--- 
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/AccessControlManagerImpl.java
 (original)
+++ 
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/AccessControlManagerImpl.java
 Thu May  4 11:15:02 2017
@@ -51,7 +51,6 @@ import com.google.common.base.Predicate;
 import com.google.common.collect.ImmutableSet;
 import com.google.common.collect.Iterables;
 import com.google.common.collect.Lists;
-import com.google.common.collect.Maps;
 import com.google.common.collect.Sets;
 import com.google.common.primitives.Ints;
 import org.apache.jackrabbit.JcrConstants;
@@ -75,6 +74,7 @@ import org.apache.jackrabbit.oak.plugins
 import org.apache.jackrabbit.oak.plugins.nodetype.ReadOnlyNodeTypeManager;
 import 
org.apache.jackrabbit.oak.security.authorization.permission.PermissionUtil;
 import 
org.apache.jackrabbit.oak.security.authorization.restriction.PrincipalRestrictionProvider;
+import org.apache.jackrabbit.oak.spi.query.QueryConstants;
 import org.apache.jackrabbit.oak.spi.security.ConfigurationParameters;
 import org.apache.jackrabbit.oak.spi.security.SecurityProvider;
 import org.apache.jackrabbit.oak.spi.security.authorization.accesscontrol.ACE;
@@ -559,7 +559,7 @@ public class AccessControlManagerImpl ex
 
     @Nonnull
     private static Result searchAces(@Nonnull Set<Principal> principals, 
@Nonnull Root root) throws RepositoryException {
-        StringBuilder stmt = new StringBuilder("/jcr:root");
+        StringBuilder stmt = new 
StringBuilder(QueryConstants.SEARCH_ROOT_PATH);
         stmt.append("//element(*,");
         stmt.append(NT_REP_ACE);
         stmt.append(")[");

Modified: 
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/query/QueryUtil.java
URL: 
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/query/QueryUtil.java?rev=1793770&r1=1793769&r2=1793770&view=diff
==============================================================================
--- 
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/query/QueryUtil.java
 (original)
+++ 
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/query/QueryUtil.java
 Thu May  4 11:15:02 2017
@@ -24,6 +24,7 @@ import javax.jcr.Value;
 import org.apache.jackrabbit.api.security.user.QueryBuilder;
 import org.apache.jackrabbit.oak.commons.QueryUtils;
 import org.apache.jackrabbit.oak.namepath.NamePathMapper;
+import org.apache.jackrabbit.oak.spi.query.QueryConstants;
 import org.apache.jackrabbit.oak.spi.security.ConfigurationParameters;
 import org.apache.jackrabbit.oak.spi.security.user.AuthorizableType;
 import org.apache.jackrabbit.oak.spi.security.user.UserConstants;
@@ -46,17 +47,8 @@ public final class QueryUtil {
      */
     @Nonnull
     public static String getSearchRoot(AuthorizableType type, 
ConfigurationParameters config) {
-        String path;
-        if (type == AuthorizableType.USER) {
-            path = UserUtil.getAuthorizableRootPath(config, 
AuthorizableType.USER);
-        } else if (type == AuthorizableType.GROUP) {
-            path = UserUtil.getAuthorizableRootPath(config, 
AuthorizableType.GROUP);
-        } else {
-            path = UserUtil.getAuthorizableRootPath(config, 
AuthorizableType.AUTHORIZABLE);
-        }
-        StringBuilder searchRoot = new StringBuilder();
-        searchRoot.append("/jcr:root").append(path);
-        return searchRoot.toString();
+        String path = UserUtil.getAuthorizableRootPath(config, type);
+        return QueryConstants.SEARCH_ROOT_PATH + path;
     }
 
     /**

Modified: 
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/query/QueryConstants.java
URL: 
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/query/QueryConstants.java?rev=1793770&r1=1793769&r2=1793770&view=diff
==============================================================================
--- 
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/query/QueryConstants.java
 (original)
+++ 
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/query/QueryConstants.java
 Thu May  4 11:15:02 2017
@@ -50,4 +50,5 @@ public abstract class QueryConstants {
      */
     public static final String FUNCTION_RESTRICTION_PREFIX = "function*";
 
+    public static final String SEARCH_ROOT_PATH = "/jcr:root";
 }
\ No newline at end of file

Modified: 
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/util/UserUtil.java
URL: 
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/util/UserUtil.java?rev=1793770&r1=1793769&r2=1793770&view=diff
==============================================================================
--- 
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/util/UserUtil.java
 (original)
+++ 
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/util/UserUtil.java
 Thu May  4 11:15:02 2017
@@ -112,7 +112,7 @@ public final class UserUtil implements U
                 default:
                     path = 
parameters.getConfigValue(UserConstants.PARAM_USER_PATH, 
UserConstants.DEFAULT_USER_PATH);
                     String groupRoot = 
parameters.getConfigValue(UserConstants.PARAM_GROUP_PATH, 
UserConstants.DEFAULT_GROUP_PATH);
-                    while (!Text.isDescendant(path, groupRoot)) {
+                    while (!Text.isDescendantOrEqual(path, groupRoot)) {
                         path = Text.getRelativeParent(path, 1);
                     }
             }

Added: 
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/query/QueryUtilTest.java
URL: 
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/query/QueryUtilTest.java?rev=1793770&view=auto
==============================================================================
--- 
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/query/QueryUtilTest.java
 (added)
+++ 
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/query/QueryUtilTest.java
 Thu May  4 11:15:02 2017
@@ -0,0 +1,127 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.oak.security.user.query;
+
+import java.util.Map;
+
+import javax.annotation.Nonnull;
+
+import com.google.common.collect.ImmutableMap;
+import org.apache.jackrabbit.oak.spi.query.QueryConstants;
+import org.apache.jackrabbit.oak.spi.security.ConfigurationParameters;
+import org.apache.jackrabbit.oak.spi.security.user.AuthorizableType;
+import org.apache.jackrabbit.oak.spi.security.user.UserConstants;
+import org.junit.Test;
+
+import static org.junit.Assert.assertEquals;
+
+public class QueryUtilTest {
+
+    private static void assertSearchRoot(@Nonnull Map<AuthorizableType, 
String> mapping, @Nonnull ConfigurationParameters params) {
+        for (AuthorizableType type : mapping.keySet()) {
+            String expected = QueryConstants.SEARCH_ROOT_PATH + 
mapping.get(type);
+            assertEquals(expected, QueryUtil.getSearchRoot(type, params));
+        }
+    }
+
+    @Test
+    public void testGetSearchRootDefault() {
+        Map<AuthorizableType, String> defaultPaths = ImmutableMap.of(
+                AuthorizableType.USER, UserConstants.DEFAULT_USER_PATH,
+                AuthorizableType.GROUP, UserConstants.DEFAULT_GROUP_PATH,
+                AuthorizableType.AUTHORIZABLE, 
"/rep:security/rep:authorizables");
+
+        assertSearchRoot(defaultPaths, ConfigurationParameters.EMPTY);
+    }
+
+    @Test
+    public void testGetSearchRootSingleConfiguredPath() {
+        String path = "/configured/user_and_group/path";
+
+        for (AuthorizableType type : AuthorizableType.values()) {
+            assertEquals(QueryConstants.SEARCH_ROOT_PATH + path, 
QueryUtil.getSearchRoot(type, 
ConfigurationParameters.of(UserConstants.PARAM_USER_PATH, path, 
UserConstants.PARAM_GROUP_PATH, path)));
+        }
+    }
+
+    @Test
+    public void testGetSearchRootUserPathParentOfGroup() {
+        ConfigurationParameters params = ConfigurationParameters.of(
+                UserConstants.PARAM_USER_PATH, "/configured/users",
+                UserConstants.PARAM_GROUP_PATH, "/configured/users/groups");
+
+        Map<AuthorizableType, String> paths = ImmutableMap.of(
+                AuthorizableType.USER, "/configured/users",
+                AuthorizableType.GROUP, "/configured/users/groups",
+                AuthorizableType.AUTHORIZABLE, "/configured/users");
+
+        assertSearchRoot(paths, params);
+    }
+
+    @Test
+    public void testGetSearchRootGroupPathParentOfUser() {
+        ConfigurationParameters params = ConfigurationParameters.of(
+                UserConstants.PARAM_USER_PATH, "/configured/groups/users",
+                UserConstants.PARAM_GROUP_PATH, "/configured/groups");
+
+        Map<AuthorizableType, String> paths = ImmutableMap.of(
+                AuthorizableType.USER, "/configured/groups/users",
+                AuthorizableType.GROUP, "/configured/groups",
+                AuthorizableType.AUTHORIZABLE, "/configured/groups");
+
+        assertSearchRoot(paths, params);
+    }
+
+    @Test
+    public void testGetSearchRootNoCommonAncestor() {
+        ConfigurationParameters params = ConfigurationParameters.of(
+                UserConstants.PARAM_USER_PATH, "/users",
+                UserConstants.PARAM_GROUP_PATH, "/groups");
+
+        Map<AuthorizableType, String> paths = ImmutableMap.of(
+                AuthorizableType.USER, "/users",
+                AuthorizableType.GROUP, "/groups",
+                AuthorizableType.AUTHORIZABLE, "/");
+
+        assertSearchRoot(paths, params);
+    }
+
+    @Test
+    public void testGetSearchRoot() {
+        ConfigurationParameters params = ConfigurationParameters.of(
+                UserConstants.PARAM_USER_PATH, "/configured/user/path",
+                UserConstants.PARAM_GROUP_PATH, "/configured/group/path");
+
+        Map<AuthorizableType, String> paths = ImmutableMap.of(
+                AuthorizableType.USER, "/configured/user/path",
+                AuthorizableType.GROUP, "/configured/group/path",
+                AuthorizableType.AUTHORIZABLE, "/configured");
+
+        assertSearchRoot(paths, params);
+    }
+
+    @Test
+    public void testNodeTypeName() {
+        Map<AuthorizableType, String> ntNames = ImmutableMap.of(
+                AuthorizableType.USER, UserConstants.NT_REP_USER,
+                AuthorizableType.GROUP, UserConstants.NT_REP_GROUP,
+                AuthorizableType.AUTHORIZABLE, 
UserConstants.NT_REP_AUTHORIZABLE);
+
+        for (AuthorizableType type : ntNames.keySet()) {
+            assertEquals(ntNames.get(type), QueryUtil.getNodeTypeName(type));
+        }
+    }
+}
\ No newline at end of file

Propchange: 
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/query/QueryUtilTest.java
------------------------------------------------------------------------------
    svn:eol-style = native


Reply via email to