jackrabbit-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ang...@apache.org
Subject svn commit: r986263 - in /jackrabbit/trunk/jackrabbit-core/src: main/java/org/apache/jackrabbit/core/security/user/UserAccessControlProvider.java test/java/org/apache/jackrabbit/core/security/user/UserAccessControlProviderTest.java
Date Tue, 17 Aug 2010 10:33:28 GMT
Author: angela
Date: Tue Aug 17 10:33:28 2010
New Revision: 986263

URL: http://svn.apache.org/viewvc?rev=986263&view=rev
Log:
JCR-2710 : Add support for large number of users in a group [fix UserAccessControlProvider]

Modified:
    jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/UserAccessControlProvider.java
    jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/UserAccessControlProviderTest.java

Modified: jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/UserAccessControlProvider.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/UserAccessControlProvider.java?rev=986263&r1=986262&r2=986263&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/UserAccessControlProvider.java
(original)
+++ jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/UserAccessControlProvider.java
Tue Aug 17 10:33:28 2010
@@ -26,7 +26,6 @@ import javax.jcr.ItemNotFoundException;
 import javax.jcr.Node;
 import javax.jcr.RepositoryException;
 import javax.jcr.Session;
-import javax.jcr.Value;
 import javax.jcr.observation.Event;
 import javax.jcr.observation.EventIterator;
 import javax.jcr.security.AccessControlPolicy;
@@ -39,6 +38,7 @@ import org.apache.jackrabbit.core.ItemIm
 import org.apache.jackrabbit.core.NodeImpl;
 import org.apache.jackrabbit.core.SessionImpl;
 import org.apache.jackrabbit.core.id.ItemId;
+import org.apache.jackrabbit.core.nodetype.NodeTypeImpl;
 import org.apache.jackrabbit.core.observation.SynchronousEventListener;
 import org.apache.jackrabbit.core.security.SecurityConstants;
 import org.apache.jackrabbit.core.security.authorization.AbstractAccessControlProvider;
@@ -100,6 +100,7 @@ public class UserAccessControlProvider e
     private String userAdminGroupPath;
     private String groupAdminGroupPath;
     private String administratorsGroupPath;
+    private boolean membersInProperty;
 
     /**
      *
@@ -160,6 +161,9 @@ public class UserAccessControlProvider e
             }
             usersPath = (uMgr instanceof UserManagerImpl) ? ((UserManagerImpl) uMgr).getUsersPath()
: UserConstants.USERS_PATH;
             groupsPath = (uMgr instanceof UserManagerImpl) ? ((UserManagerImpl) uMgr).getGroupsPath()
: UserConstants.GROUPS_PATH;
+
+            membersInProperty = (!(uMgr instanceof UserManagerImpl)) || ((UserManagerImpl)
uMgr).getGroupMembershipSplitSize() <= 0;
+
         } else {
             throw new RepositoryException("SessionImpl (system session) expected.");
         }
@@ -318,15 +322,12 @@ public class UserAccessControlProvider e
             implements SynchronousEventListener {
 
         private final String userNodePath;
-
-        private boolean isUserAdmin;
-        private boolean isGroupAdmin;
+        private Set<Principal> principals;
 
         protected CompiledPermissionsImpl(Set<Principal> principals, String userNodePath)
throws RepositoryException {
             this.userNodePath = userNodePath;
-            isUserAdmin = containsGroup(principals, userAdminGroup);
-            isGroupAdmin = containsGroup(principals, groupAdminGroup);
-
+            this.principals = principals;
+            
             int events = Event.PROPERTY_CHANGED | Event.PROPERTY_ADDED | Event.PROPERTY_REMOVED;
             observationMgr.addEventListener(this, events, groupsPath, true, null, null, false);
         }
@@ -369,6 +370,7 @@ public class UserAccessControlProvider e
             }
 
             if (Text.isDescendant(usersPath, jcrPath)) {
+                boolean isUserAdmin = containsGroup(principals, userAdminGroup);
                 /*
                  below the user-tree
                  - determine position of target relative to the editing user
@@ -409,6 +411,7 @@ public class UserAccessControlProvider e
                     } // else: normal user that isn't allowed to modify another user.
                 }
             } else if (Text.isDescendant(groupsPath, jcrPath)) {
+                boolean isGroupAdmin = containsGroup(principals, groupAdminGroup);
                 /*
                 below group-tree:
                 - test if the user is group-administrator.
@@ -493,36 +496,28 @@ public class UserAccessControlProvider e
                 Event ev = events.nextEvent();
                 try {
                     String evPath = ev.getPath();
+                    int type = ev.getType();
                     String repMembers = session.getJCRName(UserConstants.P_MEMBERS);
                     if (repMembers.equals(Text.getName(evPath))) {
-                        // recalculate the is...Admin flags
-                        Node userNode = session.getNode(userNodePath);
-                        String nodePath = Text.getRelativeParent(evPath, 1);
-                        if (userAdminGroupPath.equals(nodePath)) {
-                            isUserAdmin = false;
-                            if (ev.getType() != Event.PROPERTY_REMOVED) {
-                                Value[] vs = session.getProperty(evPath).getValues();
-                                for (int i = 0; i < vs.length && !isUserAdmin;
i++) {
-                                    isUserAdmin = userNode.getIdentifier().equals(vs[i].getString());
-                                }
-                            }
-                        } else if (groupAdminGroupPath.equals(nodePath)) {
-                            isGroupAdmin = false;
-                            if (ev.getType() != Event.PROPERTY_REMOVED) {
-                                Value[] vs = session.getProperty(evPath).getValues();
-                                for (int i = 0; i < vs.length && !isGroupAdmin;
i++) {
-                                    isGroupAdmin = userNode.getIdentifier().equals(vs[i].getString());
-                                }
-                            }
-                        }
                         // invalidate the cached results
                         clearCache();
                         // only need to clear the cache once. stop processing
                         break;
-                    }
+                    } else if (!membersInProperty) {
+                        /* the affected property is not rep:Members and members are
+                           stored in a tree structure (user manager configuration.
+                           test if the parent node is of type rep:Members in order
+                           to determine if any membership modification occurred.*/
+                        Node parent = session.getNodeByIdentifier(ev.getIdentifier());
+                        if (UserConstants.NT_REP_MEMBERS.equals(((NodeTypeImpl) parent.getPrimaryNodeType()).getQName()))
{
+                            clearCache();
+                        }
+
+                    } // else: not interested.
                 } catch (RepositoryException e) {
                     // should never get here
-                    log.error("Internal error ", e.getMessage());
+                    log.warn("Internal error ", e.getMessage());
+                    clearCache();
                 }
             }
         }

Modified: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/UserAccessControlProviderTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/UserAccessControlProviderTest.java?rev=986263&r1=986262&r2=986263&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/UserAccessControlProviderTest.java
(original)
+++ jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/UserAccessControlProviderTest.java
Tue Aug 17 10:33:28 2010
@@ -25,7 +25,6 @@ import org.apache.jackrabbit.core.securi
 import org.apache.jackrabbit.core.security.authorization.CompiledPermissions;
 import org.apache.jackrabbit.core.security.authorization.Permission;
 import org.apache.jackrabbit.core.security.authorization.PrivilegeRegistry;
-import org.apache.jackrabbit.core.security.user.UserAccessControlProvider;
 import org.apache.jackrabbit.spi.Path;
 import org.apache.jackrabbit.test.NotExecutableException;
 



Mime
View raw message