Author: stillalex
Date: Thu Jul 20 14:28:58 2017
New Revision: 1802492

URL: http://svn.apache.org/viewvc?rev=1802492&view=rev
Log:
OAK-6469 CompositePermissionProvider should implement 
AggregatedPermissionProvider


Modified:
    
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/composite/CompositeAuthorizationConfiguration.java
    
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/composite/CompositePermissionProvider.java
    
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/composite/CompositeTreePermission.java

Modified: 
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/composite/CompositeAuthorizationConfiguration.java
URL: 
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/composite/CompositeAuthorizationConfiguration.java?rev=1802492&r1=1802491&r2=1802492&view=diff
==============================================================================
--- 
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/composite/CompositeAuthorizationConfiguration.java
 (original)
+++ 
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/composite/CompositeAuthorizationConfiguration.java
 Thu Jul 20 14:28:58 2017
@@ -174,13 +174,10 @@ public class CompositeAuthorizationConfi
             case 1: return configurations.get(0).getPermissionProvider(root, 
workspaceName, principals);
             default:
                 List<AggregatedPermissionProvider> aggrPermissionProviders = 
new ArrayList<>(configurations.size());
-                CompositePermissionProvider composite = null;
                 for (AuthorizationConfiguration conf : configurations) {
                     PermissionProvider pProvider = 
conf.getPermissionProvider(root, workspaceName, principals);
                     if (pProvider instanceof AggregatedPermissionProvider) {
                         
aggrPermissionProviders.add((AggregatedPermissionProvider) pProvider);
-                    } else if (pProvider instanceof 
CompositePermissionProvider) {
-                        composite = (CompositePermissionProvider) pProvider;
                     } else {
                         log.debug("Ignoring permission provider of '{}': Not 
an AggregatedPermissionProvider", conf.getClass().getName());
                     }
@@ -188,11 +185,7 @@ public class CompositeAuthorizationConfi
                 PermissionProvider pp;
                 switch (aggrPermissionProviders.size()) {
                     case 0 :
-                        if (composite != null) {
-                            pp = composite;
-                        } else {
-                            pp = EmptyPermissionProvider.getInstance();
-                        }
+                        pp = EmptyPermissionProvider.getInstance();
                         break;
                     case 1 :
                         pp = aggrPermissionProviders.get(0);

Modified: 
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/composite/CompositePermissionProvider.java
URL: 
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/composite/CompositePermissionProvider.java?rev=1802492&r1=1802491&r2=1802492&view=diff
==============================================================================
--- 
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/composite/CompositePermissionProvider.java
 (original)
+++ 
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/composite/CompositePermissionProvider.java
 Thu Jul 20 14:28:58 2017
@@ -20,6 +20,7 @@ import static org.apache.jackrabbit.oak.
 
 import java.util.List;
 import java.util.Set;
+import java.util.function.Function;
 
 import javax.annotation.Nonnull;
 import javax.annotation.Nullable;
@@ -29,6 +30,7 @@ import org.apache.jackrabbit.oak.api.Roo
 import org.apache.jackrabbit.oak.api.Tree;
 import org.apache.jackrabbit.oak.plugins.tree.RootFactory;
 import org.apache.jackrabbit.oak.plugins.tree.TreeLocation;
+import org.apache.jackrabbit.oak.plugins.tree.TreeType;
 import org.apache.jackrabbit.oak.plugins.tree.TreeTypeProvider;
 import org.apache.jackrabbit.oak.plugins.tree.impl.ImmutableTree;
 import 
org.apache.jackrabbit.oak.security.authorization.composite.CompositeAuthorizationConfiguration.CompositionType;
@@ -49,7 +51,7 @@ import org.apache.jackrabbit.oak.spi.sec
  * {@link 
org.apache.jackrabbit.oak.spi.security.authorization.permission.AggregatedPermissionProvider}
  * interface.
  */
-class CompositePermissionProvider implements PermissionProvider {
+class CompositePermissionProvider implements AggregatedPermissionProvider {
 
     private final Root root;
     private final AggregatedPermissionProvider[] pps;
@@ -206,37 +208,7 @@ class CompositePermissionProvider implem
         boolean isAcContent = ctx.definesLocation(location);
 
         long permissions = Permissions.getPermissions(jcrActions, location, 
isAcContent);
-
-        PropertyState property = location.getProperty();
-        Tree tree = (property == null) ? location.getTree() : 
location.getParent().getTree();
-
-        if (tree != null) {
-            return isGranted(tree, property, permissions);
-        } else {
-            boolean isGranted = false;
-            long coveredPermissions = Permissions.NO_PERMISSION;
-
-            for (AggregatedPermissionProvider aggregatedPermissionProvider : 
pps) {
-                long supportedPermissions = 
aggregatedPermissionProvider.supportedPermissions(location, permissions);
-                if (doEvaluate(supportedPermissions)) {
-                    if (compositionType == AND) {
-                        isGranted = 
aggregatedPermissionProvider.isGranted(location, supportedPermissions);
-                        if (!isGranted) {
-                            return false;
-                        }
-                        coveredPermissions |= supportedPermissions;
-                    } else {
-                        for (long p : Permissions.aggregates(permissions)) {
-                            if 
(aggregatedPermissionProvider.isGranted(location, p)) {
-                                coveredPermissions |= p;
-                                isGranted = true;
-                            }
-                        }
-                    }
-                }
-            }
-            return isGranted && coveredPermissions == permissions;
-        }
+        return isGranted(location, permissions);
     }
 
     //------------------------------------------------------------< private 
>---
@@ -293,4 +265,92 @@ class CompositePermissionProvider implem
             return isGranted && coveredPermissions == repositoryPermissions;
         }
     }
+
+    //---------------------------------------< AggregatedPermissionProvider 
>---
+
+    @Nonnull
+    @Override
+    public PrivilegeBits supportedPrivileges(@Nullable Tree tree, @Nullable 
PrivilegeBits privilegeBits) {
+        PrivilegeBits result = PrivilegeBits.getInstance();
+        for (AggregatedPermissionProvider aggregatedPermissionProvider : pps) {
+            PrivilegeBits supported = 
aggregatedPermissionProvider.supportedPrivileges(tree, privilegeBits);
+            result.add(supported);
+        }
+        return result;
+    }
+
+    @Override
+    public long supportedPermissions(@Nullable Tree tree, @Nullable 
PropertyState property, long permissions) {
+        return supportedPermissions((aggregatedPermissionProvider) -> 
aggregatedPermissionProvider
+                .supportedPermissions(tree, property, permissions));
+    }
+
+    @Override
+    public long supportedPermissions(TreeLocation location, long permissions) {
+        return supportedPermissions((aggregatedPermissionProvider) -> 
aggregatedPermissionProvider
+                .supportedPermissions(location, permissions));
+    }
+
+    @Override
+    public long supportedPermissions(TreePermission treePermission, 
PropertyState property, long permissions) {
+        return supportedPermissions((aggregatedPermissionProvider) -> 
aggregatedPermissionProvider
+                .supportedPermissions(treePermission, property, permissions));
+    }
+
+    private long supportedPermissions(Function<AggregatedPermissionProvider, 
Long> supported) {
+        long coveredPermissions = Permissions.NO_PERMISSION;
+        for (AggregatedPermissionProvider aggregatedPermissionProvider : pps) {
+            long supportedPermissions = 
supported.apply(aggregatedPermissionProvider);
+            coveredPermissions |= supportedPermissions;
+        }
+        return coveredPermissions;
+    }
+
+    @Override
+    public boolean isGranted(@Nonnull TreeLocation location, long permissions) 
{
+        PropertyState property = location.getProperty();
+        Tree tree = (property == null) ? location.getTree() : 
location.getParent().getTree();
+
+        if (tree != null) {
+            return isGranted(tree, property, permissions);
+        } else {
+            boolean isGranted = false;
+            long coveredPermissions = Permissions.NO_PERMISSION;
+
+            for (AggregatedPermissionProvider aggregatedPermissionProvider : 
pps) {
+                long supportedPermissions = 
aggregatedPermissionProvider.supportedPermissions(location, permissions);
+                if (doEvaluate(supportedPermissions)) {
+                    if (compositionType == AND) {
+                        isGranted = 
aggregatedPermissionProvider.isGranted(location, supportedPermissions);
+                        if (!isGranted) {
+                            return false;
+                        }
+                        coveredPermissions |= supportedPermissions;
+                    } else {
+                        for (long p : Permissions.aggregates(permissions)) {
+                            if 
(aggregatedPermissionProvider.isGranted(location, p)) {
+                                coveredPermissions |= p;
+                                isGranted = true;
+                            }
+                        }
+                    }
+                }
+            }
+            return isGranted && coveredPermissions == permissions;
+        }
+    }
+
+    @Nonnull
+    @Override
+    public TreePermission getTreePermission(@Nonnull Tree tree, @Nonnull 
TreeType type,
+            @Nonnull TreePermission parentPermission) {
+        ImmutableTree immutableTree = (ImmutableTree) 
PermissionUtil.getImmutableTree(tree, immutableRoot);
+        if (tree.isRoot()) {
+            return CompositeTreePermission.create(immutableTree, typeProvider, 
pps, compositionType);
+        } else if (parentPermission instanceof CompositeTreePermission) {
+            return CompositeTreePermission.create(immutableTree, 
((CompositeTreePermission) parentPermission), type);
+        } else {
+            return 
parentPermission.getChildPermission(immutableTree.getName(), 
immutableTree.getNodeState());
+        }
+    }
 }

Modified: 
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/composite/CompositeTreePermission.java
URL: 
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/composite/CompositeTreePermission.java?rev=1802492&r1=1802491&r2=1802492&view=diff
==============================================================================
--- 
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/composite/CompositeTreePermission.java
 (original)
+++ 
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/composite/CompositeTreePermission.java
 Thu Jul 20 14:28:58 2017
@@ -19,6 +19,8 @@ package org.apache.jackrabbit.oak.securi
 import static 
org.apache.jackrabbit.oak.security.authorization.composite.CompositeAuthorizationConfiguration.CompositionType.AND;
 import static 
org.apache.jackrabbit.oak.security.authorization.composite.CompositeAuthorizationConfiguration.CompositionType.OR;
 
+import java.util.function.Supplier;
+
 import javax.annotation.Nonnull;
 import javax.annotation.Nullable;
 
@@ -85,15 +87,16 @@ final class CompositeTreePermission impl
     }
 
     static TreePermission create(@Nonnull final ImmutableTree tree, @Nonnull 
CompositeTreePermission parentPermission) {
-        return create(new LazyTree() {
-            @Override
-            ImmutableTree get() {
-                return tree;
-            }
-        }, tree.getName(), tree.getNodeState(), parentPermission);
+        return create(() -> tree, tree.getName(), tree.getNodeState(), 
parentPermission, null);
     }
 
-    private static TreePermission create(@Nonnull LazyTree lazyTree, @Nonnull 
String childName, @Nonnull NodeState childState, @Nonnull 
CompositeTreePermission parentPermission) {
+    static TreePermission create(@Nonnull final ImmutableTree tree, @Nonnull 
CompositeTreePermission parentPermission,
+            @Nullable TreeType treeType) {
+        return create(() -> tree, tree.getName(), tree.getNodeState(), 
parentPermission, treeType);
+    }
+
+    private static TreePermission create(@Nonnull Supplier<ImmutableTree> 
lazyTree, @Nonnull String childName, @Nonnull NodeState childState, @Nonnull 
CompositeTreePermission parentPermission,
+            @Nullable TreeType treeType) {
         switch (parentPermission.childSize) {
             case 0: return TreePermission.EMPTY;
             case 1:
@@ -107,7 +110,12 @@ final class CompositeTreePermission impl
                 return (parent == null) ? TreePermission.EMPTY : 
parent.getChildPermission(childName, childState);
             default:
                 ImmutableTree tree = lazyTree.get();
-                TreeType type = getType(tree, parentPermission);
+                TreeType type;
+                if (treeType != null) {
+                    type = treeType;
+                } else {
+                    type = getType(tree, parentPermission);
+                }
 
                 AggregatedPermissionProvider[] pvds = new 
AggregatedPermissionProvider[parentPermission.childSize];
                 TreePermission[] tps = new 
TreePermission[parentPermission.childSize];
@@ -134,12 +142,7 @@ final class CompositeTreePermission impl
     @Nonnull
     @Override
     public TreePermission getChildPermission(@Nonnull final String childName, 
@Nonnull final NodeState childState) {
-        return create(new LazyTree() {
-            @Override
-            ImmutableTree get() {
-                return new ImmutableTree(tree, childName, childState);
-            }
-        }, childName, childState, this);
+        return create(() -> new ImmutableTree(tree, childName, childState), 
childName, childState, this, null);
     }
 
     @Override
@@ -254,8 +257,4 @@ final class CompositeTreePermission impl
     private static TreeType getType(@Nonnull Tree tree, @Nonnull 
CompositeTreePermission parent) {
         return parent.typeProvider.getType(tree, parent.type);
     }
-
-    private abstract static class LazyTree {
-        abstract ImmutableTree get();
-    }
 }
\ No newline at end of file


Reply via email to