jackrabbit-oak-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ang...@apache.org
Subject svn commit: r1373956 - in /jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege: PrivilegeDefinitionReader.java PrivilegeRegistry.java PrivilegeValidator.java PrivilegeValidatorProvider.java
Date Thu, 16 Aug 2012 17:56:00 GMT
Author: angela
Date: Thu Aug 16 17:55:59 2012
New Revision: 1373956

URL: http://svn.apache.org/viewvc?rev=1373956&view=rev
Log:
OAK-64 : Privilege Management (WIP)

Added:
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeValidator.java
Modified:
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeDefinitionReader.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeRegistry.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeValidatorProvider.java

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeDefinitionReader.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeDefinitionReader.java?rev=1373956&r1=1373955&r2=1373956&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeDefinitionReader.java
(original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeDefinitionReader.java
Thu Aug 16 17:55:59 2012
@@ -32,7 +32,9 @@ import javax.xml.parsers.DocumentBuilder
 import javax.xml.parsers.ParserConfigurationException;
 
 import org.apache.jackrabbit.oak.api.ContentSession;
+import org.apache.jackrabbit.oak.api.CoreValueFactory;
 import org.apache.jackrabbit.oak.api.Tree;
+import org.apache.jackrabbit.oak.namepath.NamePathMapper;
 import org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeDefinition;
 import org.apache.jackrabbit.oak.util.NodeUtil;
 import org.w3c.dom.Attr;
@@ -55,15 +57,20 @@ import static org.apache.jackrabbit.oak.
  */
 class PrivilegeDefinitionReader {
 
-    private final ContentSession contentSession;
+    private final CoreValueFactory valueFactory;
+    private final Tree privilegesTree;
+
+    PrivilegeDefinitionReader(CoreValueFactory valueFactory, Tree privilegesTree) {
+        this.valueFactory = valueFactory;
+        this.privilegesTree = privilegesTree;
+    }
 
     PrivilegeDefinitionReader(ContentSession contentSession) {
-        this.contentSession = contentSession;
+        this(contentSession.getCoreValueFactory(), contentSession.getCurrentRoot().getTree(PRIVILEGES_PATH));
     }
 
     Map<String, PrivilegeDefinition> readDefinitions() {
         Map<String, PrivilegeDefinition> definitions = new HashMap<String, PrivilegeDefinition>();
-        Tree privilegesTree = contentSession.getCurrentRoot().getTree(PRIVILEGES_PATH);
         if (privilegesTree != null) {
             for (Tree child : privilegesTree.getChildren()) {
                 PrivilegeDefinition def = readDefinition(child);
@@ -74,7 +81,7 @@ class PrivilegeDefinitionReader {
     }
 
     PrivilegeDefinition readDefinition(Tree definitionTree) {
-        NodeUtil n = new NodeUtil(definitionTree, contentSession);
+        NodeUtil n = new NodeUtil(definitionTree, valueFactory, NamePathMapper.DEFAULT);
         String name = n.getName();
         boolean isAbstract = n.getBoolean(REP_IS_ABSTRACT);
         String[] declAggrNames = n.getStrings(REP_AGGREGATES);

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeRegistry.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeRegistry.java?rev=1373956&r1=1373955&r2=1373956&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeRegistry.java
(original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeRegistry.java
Thu Aug 16 17:55:59 2012
@@ -22,22 +22,15 @@ import java.util.Set;
 import javax.annotation.Nonnull;
 import javax.jcr.RepositoryException;
 
-import org.apache.jackrabbit.JcrConstants;
 import org.apache.jackrabbit.oak.api.CommitFailedException;
 import org.apache.jackrabbit.oak.api.ContentSession;
 import org.apache.jackrabbit.oak.api.CoreValueFactory;
-import org.apache.jackrabbit.oak.api.PropertyState;
 import org.apache.jackrabbit.oak.api.Root;
 import org.apache.jackrabbit.oak.api.Tree;
 import org.apache.jackrabbit.oak.core.DefaultConflictHandler;
-import org.apache.jackrabbit.oak.core.ReadOnlyTree;
-import org.apache.jackrabbit.oak.plugins.name.NamespaceConstants;
-import org.apache.jackrabbit.oak.spi.commit.Validator;
 import org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeDefinition;
 import org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeProvider;
-import org.apache.jackrabbit.oak.spi.state.NodeState;
 import org.apache.jackrabbit.oak.util.NodeUtil;
-import org.apache.jackrabbit.util.Text;
 
 /**
  * PrivilegeRegistry... TODO
@@ -48,7 +41,7 @@ import org.apache.jackrabbit.util.Text;
  *
  * FIXME: Session#refresh should refresh privileges exposed
  */
-public class PrivilegeRegistry implements PrivilegeProvider, PrivilegeConstants, Validator
{
+public class PrivilegeRegistry implements PrivilegeProvider, PrivilegeConstants {
 
     private static final String[] SIMPLE_PRIVILEGES = new String[] {
             JCR_READ, REP_ADD_PROPERTIES, REP_ALTER_PROPERTIES, REP_REMOVE_PROPERTIES,
@@ -69,14 +62,16 @@ public class PrivilegeRegistry implement
     }
 
     private final ContentSession contentSession;
-    private final PrivilegeDefinitionReader reader;
 
-    private final Map<String, PrivilegeDefinition> definitions = new HashMap<String,
PrivilegeDefinition>();
-
-    public PrivilegeRegistry(ContentSession contentSession) throws RepositoryException {
+    private final Map<String, PrivilegeDefinition> definitions;
 
+    public PrivilegeRegistry(ContentSession contentSession) {
         this.contentSession = contentSession;
+        this.definitions = getAllDefinitions(new PrivilegeDefinitionReader(contentSession));
+    }
 
+    static Map<String, PrivilegeDefinition> getAllDefinitions(PrivilegeDefinitionReader
reader) {
+        Map<String, PrivilegeDefinition> definitions = new HashMap<String, PrivilegeDefinition>();
         for (String privilegeName : SIMPLE_PRIVILEGES) {
             PrivilegeDefinition def = new PrivilegeDefinitionImpl(privilegeName, false);
             definitions.put(privilegeName, def);
@@ -87,9 +82,18 @@ public class PrivilegeRegistry implement
             definitions.put(privilegeName, def);
         }
 
-        this.reader = new PrivilegeDefinitionReader(contentSession);
         definitions.putAll(reader.readDefinitions());
-        updateJcrAllPrivilege();
+        updateJcrAllPrivilege(definitions);
+        return definitions;
+    }
+
+    private static void updateJcrAllPrivilege(Map<String, PrivilegeDefinition> definitions)
{
+        // TODO: add proper implementation taking custom privileges into account.
+        definitions.put(JCR_ALL, new PrivilegeDefinitionImpl(JCR_ALL, false,
+                JCR_READ, JCR_READ_ACCESS_CONTROL, JCR_MODIFY_ACCESS_CONTROL,
+                JCR_VERSION_MANAGEMENT, JCR_LOCK_MANAGEMENT, JCR_LIFECYCLE_MANAGEMENT,
+                JCR_RETENTION_MANAGEMENT, JCR_WORKSPACE_MANAGEMENT, JCR_NODE_TYPE_DEFINITION_MANAGEMENT,
+                JCR_NAMESPACE_MANAGEMENT, REP_PRIVILEGE_MANAGEMENT, REP_WRITE));
     }
 
     //--------------------------------------------------< PrivilegeProvider >---
@@ -125,71 +129,8 @@ public class PrivilegeRegistry implement
         internalRegisterDefinitions(toRegister);
     }
 
-    //----------------------------------------------------------< Validator >---
-    @Override
-    public void propertyAdded(PropertyState after) throws CommitFailedException {
-        // no-op
-    }
-
-    @Override
-    public void propertyChanged(PropertyState before, PropertyState after) throws CommitFailedException
{
-        throw new CommitFailedException("Attempt to modify existing privilege definition.");
-    }
-
-    @Override
-    public void propertyDeleted(PropertyState before) throws CommitFailedException {
-        throw new CommitFailedException("Attempt to modify existing privilege definition.");
-    }
-
-    @Override
-    public Validator childNodeAdded(String name, NodeState after) throws CommitFailedException
{
-        // the following characteristics are expected to be validated elsewhere:
-        // - permission to allow privilege registration -> permission validator.
-        // - name collisions (-> delegated to NodeTypeValidator since sms are not allowed)
-        // - name must be valid (-> delegated to NameValidator)
-
-        // name may not contain reserved namespace prefix
-        if (NamespaceConstants.RESERVED_PREFIXES.contains(Text.getNamespacePrefix(name)))
{
-            String msg = "Failed to register custom privilege: Definition uses reserved namespace:
" + name;
-            throw new CommitFailedException(new RepositoryException(msg));
-        }
-
-        // primary node type name must be rep:privilege
-        Tree tree = new ReadOnlyTree(null, name, after);
-        PropertyState primaryType = tree.getProperty(JcrConstants.JCR_PRIMARYTYPE);
-        if (primaryType == null || !NT_REP_PRIVILEGE.equals(primaryType.getValue().getString()))
{
-            throw new CommitFailedException("Privilege definition must have primary node
type set to rep:privilege");
-        }
-
-        // additional validation of the definition
-        PrivilegeDefinition def = reader.readDefinition(tree);
-        validateDefinition(def);
-
-        // privilege definitions may not have child nodes.
-        return null;
-    }
-
-    @Override
-    public Validator childNodeChanged(String name, NodeState before, NodeState after) throws
CommitFailedException {
-        throw new CommitFailedException("Attempt to modify existing privilege definition
" + name);
-    }
-
-    @Override
-    public Validator childNodeDeleted(String name, NodeState before) throws CommitFailedException
{
-        throw new CommitFailedException("Attempt to un-register privilege " + name);
-    }
-
     //------------------------------------------------------------< private >---
 
-    private void updateJcrAllPrivilege() {
-        // TODO: add proper implementation taking custom privileges into account.
-        definitions.put(JCR_ALL, new PrivilegeDefinitionImpl(JCR_ALL, false,
-                JCR_READ, JCR_READ_ACCESS_CONTROL, JCR_MODIFY_ACCESS_CONTROL,
-                JCR_VERSION_MANAGEMENT, JCR_LOCK_MANAGEMENT, JCR_LIFECYCLE_MANAGEMENT,
-                JCR_RETENTION_MANAGEMENT, JCR_WORKSPACE_MANAGEMENT, JCR_NODE_TYPE_DEFINITION_MANAGEMENT,
-                JCR_NAMESPACE_MANAGEMENT, REP_PRIVILEGE_MANAGEMENT, REP_WRITE));
-    }
-
     private void internalRegisterDefinitions(PrivilegeDefinition toRegister) throws RepositoryException
{
         CoreValueFactory vf = contentSession.getCoreValueFactory();
         Root root = contentSession.getCurrentRoot();
@@ -212,7 +153,7 @@ public class PrivilegeRegistry implement
         }
 
         definitions.put(toRegister.getName(), toRegister);
-        updateJcrAllPrivilege();
+        updateJcrAllPrivilege(definitions);
     }
 
     private void writeDefinition(NodeUtil privilegesNode, PrivilegeDefinition definition)
{
@@ -226,64 +167,4 @@ public class PrivilegeRegistry implement
             privNode.setNames(REP_AGGREGATES, names);
         }
     }
-
-    /**
-     * Validation of the privilege definition including the following steps:
-     *
-     * - all aggregates must have been registered before
-     * - no existing privilege defines the same aggregation
-     * - no cyclic aggregation
-     *
-     * @param definition The new privilege definition to validate.
-     * @throws org.apache.jackrabbit.oak.api.CommitFailedException If any of
-     * the checks listed above fails.
-     */
-    private void validateDefinition(PrivilegeDefinition definition) throws CommitFailedException
{
-        Set<String> aggrNames = definition.getDeclaredAggregateNames();
-        if (aggrNames.isEmpty()) {
-            return;
-        }
-
-        for (String aggrName : aggrNames) {
-            // aggregated privilege not registered
-            if (!definitions.containsKey(aggrName)) {
-                throw new CommitFailedException("Declared aggregate '"+ aggrName +"' is not
a registered privilege.");
-            }
-
-            // check for circular aggregation
-            if (isCircularAggregation(definition.getName(), aggrName)) {
-                String msg = "Detected circular aggregation within custom privilege caused
by " + aggrName;
-                throw new CommitFailedException(msg);
-            }
-        }
-
-        for (PrivilegeDefinition existing : definitions.values()) {
-            if (aggrNames.equals(existing.getDeclaredAggregateNames())) {
-                String msg = "Custom aggregate privilege '" + definition.getName() + "' is
already covered by '" + existing.getName() + '\'';
-                throw new CommitFailedException(msg);
-            }
-        }
-    }
-
-    private boolean isCircularAggregation(String privilegeName, String aggregateName) {
-        if (privilegeName.equals(aggregateName)) {
-            return true;
-        }
-
-        PrivilegeDefinition aggrPriv = definitions.get(aggregateName);
-        if (aggrPriv.getDeclaredAggregateNames().isEmpty()) {
-            return false;
-        } else {
-            boolean isCircular = false;
-            for (String name : aggrPriv.getDeclaredAggregateNames()) {
-                if (privilegeName.equals(name)) {
-                    return true;
-                }
-                if (definitions.containsKey(name)) {
-                    isCircular = isCircularAggregation(privilegeName, name);
-                }
-            }
-            return isCircular;
-        }
-    }
 }
\ No newline at end of file

Added: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeValidator.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeValidator.java?rev=1373956&view=auto
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeValidator.java
(added)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeValidator.java
Thu Aug 16 17:55:59 2012
@@ -0,0 +1,172 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.oak.security.privilege;
+
+import java.util.Map;
+import java.util.Set;
+import javax.jcr.RepositoryException;
+
+import org.apache.jackrabbit.JcrConstants;
+import org.apache.jackrabbit.oak.api.CommitFailedException;
+import org.apache.jackrabbit.oak.api.CoreValueFactory;
+import org.apache.jackrabbit.oak.api.PropertyState;
+import org.apache.jackrabbit.oak.api.Tree;
+import org.apache.jackrabbit.oak.core.ReadOnlyTree;
+import org.apache.jackrabbit.oak.plugins.name.NamespaceConstants;
+import org.apache.jackrabbit.oak.spi.commit.Validator;
+import org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeDefinition;
+import org.apache.jackrabbit.oak.spi.state.NodeState;
+import org.apache.jackrabbit.util.Text;
+
+/**
+ * PrivilegeValidator... TODO
+ */
+class PrivilegeValidator implements PrivilegeConstants, Validator {
+
+    private final Map<String, PrivilegeDefinition> definitions;
+    private final PrivilegeDefinitionReader reader;
+
+    PrivilegeValidator(CoreValueFactory valueFactory, Tree rootBefore) {
+        Tree privilegesBefore = null;
+        Tree system = rootBefore.getChild(JcrConstants.JCR_SYSTEM);
+        if (system != null) {
+            privilegesBefore = system.getChild(REP_PRIVILEGES);
+        }
+
+        if (privilegesBefore == null) {
+            throw new IllegalStateException("Mandatory tree /jcr:system/rep:privileges is
missing");
+        }
+
+        reader = new PrivilegeDefinitionReader(valueFactory, privilegesBefore);
+        definitions = PrivilegeRegistry.getAllDefinitions(reader);
+    }
+
+    //----------------------------------------------------------< Validator >---
+    @Override
+    public void propertyAdded(PropertyState after) throws CommitFailedException {
+        // no-op
+    }
+
+    @Override
+    public void propertyChanged(PropertyState before, PropertyState after) throws CommitFailedException
{
+        throw new CommitFailedException("Attempt to modify existing privilege definition.");
+    }
+
+    @Override
+    public void propertyDeleted(PropertyState before) throws CommitFailedException {
+        throw new CommitFailedException("Attempt to modify existing privilege definition.");
+    }
+
+    @Override
+    public Validator childNodeAdded(String name, NodeState after) throws CommitFailedException
{
+        // the following characteristics are expected to be validated elsewhere:
+        // - permission to allow privilege registration -> permission validator.
+        // - name collisions (-> delegated to NodeTypeValidator since sms are not allowed)
+        // - name must be valid (-> delegated to NameValidator)
+
+        // name may not contain reserved namespace prefix
+        if (NamespaceConstants.RESERVED_PREFIXES.contains(Text.getNamespacePrefix(name)))
{
+            String msg = "Failed to register custom privilege: Definition uses reserved namespace:
" + name;
+            throw new CommitFailedException(new RepositoryException(msg));
+        }
+
+        // primary node type name must be rep:privilege
+        Tree tree = new ReadOnlyTree(null, name, after);
+        PropertyState primaryType = tree.getProperty(JcrConstants.JCR_PRIMARYTYPE);
+        if (primaryType == null || !NT_REP_PRIVILEGE.equals(primaryType.getValue().getString()))
{
+            throw new CommitFailedException("Privilege definition must have primary node
type set to rep:privilege");
+        }
+
+        // additional validation of the definition
+        PrivilegeDefinition def = reader.readDefinition(tree);
+        validateDefinition(def);
+
+        // privilege definitions may not have child nodes.
+        return null;
+    }
+
+    @Override
+    public Validator childNodeChanged(String name, NodeState before, NodeState after) throws
CommitFailedException {
+        throw new CommitFailedException("Attempt to modify existing privilege definition
" + name);
+    }
+
+    @Override
+    public Validator childNodeDeleted(String name, NodeState before) throws CommitFailedException
{
+        throw new CommitFailedException("Attempt to un-register privilege " + name);
+    }
+
+    //------------------------------------------------------------< private >---
+    /**
+     * Validation of the privilege definition including the following steps:
+     *
+     * - all aggregates must have been registered before
+     * - no existing privilege defines the same aggregation
+     * - no cyclic aggregation
+     *
+     * @param definition The new privilege definition to validate.
+     * @throws org.apache.jackrabbit.oak.api.CommitFailedException If any of
+     * the checks listed above fails.
+     */
+    private void validateDefinition(PrivilegeDefinition definition) throws CommitFailedException
{
+        Set<String> aggrNames = definition.getDeclaredAggregateNames();
+        if (aggrNames.isEmpty()) {
+            return;
+        }
+
+        for (String aggrName : aggrNames) {
+            // aggregated privilege not registered
+            if (!definitions.containsKey(aggrName)) {
+                throw new CommitFailedException("Declared aggregate '"+ aggrName +"' is not
a registered privilege.");
+            }
+
+            // check for circular aggregation
+            if (isCircularAggregation(definition.getName(), aggrName)) {
+                String msg = "Detected circular aggregation within custom privilege caused
by " + aggrName;
+                throw new CommitFailedException(msg);
+            }
+        }
+
+        for (PrivilegeDefinition existing : definitions.values()) {
+            if (aggrNames.equals(existing.getDeclaredAggregateNames())) {
+                String msg = "Custom aggregate privilege '" + definition.getName() + "' is
already covered by '" + existing.getName() + '\'';
+                throw new CommitFailedException(msg);
+            }
+        }
+    }
+
+    private boolean isCircularAggregation(String privilegeName, String aggregateName) {
+        if (privilegeName.equals(aggregateName)) {
+            return true;
+        }
+
+        PrivilegeDefinition aggrPriv = definitions.get(aggregateName);
+        if (aggrPriv.getDeclaredAggregateNames().isEmpty()) {
+            return false;
+        } else {
+            boolean isCircular = false;
+            for (String name : aggrPriv.getDeclaredAggregateNames()) {
+                if (privilegeName.equals(name)) {
+                    return true;
+                }
+                if (definitions.containsKey(name)) {
+                    isCircular = isCircularAggregation(privilegeName, name);
+                }
+            }
+            return isCircular;
+        }
+    }
+}
\ No newline at end of file

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeValidatorProvider.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeValidatorProvider.java?rev=1373956&r1=1373955&r2=1373956&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeValidatorProvider.java
(original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeValidatorProvider.java
Thu Aug 16 17:55:59 2012
@@ -17,9 +17,9 @@
 package org.apache.jackrabbit.oak.security.privilege;
 
 import javax.annotation.Nonnull;
-import javax.jcr.RepositoryException;
 
-import org.apache.jackrabbit.oak.api.ContentSession;
+import org.apache.jackrabbit.oak.api.CoreValueFactory;
+import org.apache.jackrabbit.oak.core.ReadOnlyTree;
 import org.apache.jackrabbit.oak.spi.commit.SubtreeValidator;
 import org.apache.jackrabbit.oak.spi.commit.Validator;
 import org.apache.jackrabbit.oak.spi.commit.ValidatorProvider;
@@ -33,16 +33,16 @@ import static org.apache.jackrabbit.oak.
  */
 public class PrivilegeValidatorProvider implements ValidatorProvider {
 
-    private final ContentSession contentSession = null; // TODO
+    private final CoreValueFactory valueFactory;
+
+    public PrivilegeValidatorProvider(CoreValueFactory valueFactory) {
+        this.valueFactory = valueFactory;
+    }
 
     @Nonnull
     @Override
     public Validator getRootValidator(NodeState before, NodeState after) {
-        try {
-            // TODO check again...
-            return new SubtreeValidator(new PrivilegeRegistry(contentSession), JCR_SYSTEM,
REP_PRIVILEGES);
-        } catch (RepositoryException e) {
-            throw new IllegalStateException(e);
-        }
+        // TODO check again...
+        return new SubtreeValidator(new PrivilegeValidator(valueFactory, new ReadOnlyTree(before)),
JCR_SYSTEM, REP_PRIVILEGES);
     }
 }
\ No newline at end of file



Mime
View raw message