jackrabbit-oak-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ang...@apache.org
Subject svn commit: r1396022 - in /jackrabbit/oak/trunk: oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/ oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/privilege/ oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/p...
Date Tue, 09 Oct 2012 13:24:11 GMT
Author: angela
Date: Tue Oct  9 13:24:10 2012
New Revision: 1396022

URL: http://svn.apache.org/viewvc?rev=1396022&view=rev
Log:
OAK-64 : Privilege Management (WIP)

Modified:
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeDefinitionReader.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeMigrator.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeRegistry.java
    jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/privilege/PrivilegeManagerImpl.java
    jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/privilege/CustomPrivilegeTest.java

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeDefinitionReader.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeDefinitionReader.java?rev=1396022&r1=1396021&r2=1396022&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeDefinitionReader.java
(original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeDefinitionReader.java
Tue Oct  9 13:24:10 2012
@@ -31,7 +31,7 @@ import javax.xml.parsers.DocumentBuilder
 import javax.xml.parsers.DocumentBuilderFactory;
 import javax.xml.parsers.ParserConfigurationException;
 
-import org.apache.jackrabbit.oak.api.ContentSession;
+import org.apache.jackrabbit.oak.api.Root;
 import org.apache.jackrabbit.oak.api.Tree;
 import org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeDefinition;
 import org.apache.jackrabbit.oak.util.NodeUtil;
@@ -61,8 +61,8 @@ class PrivilegeDefinitionReader {
         this.privilegesTree = privilegesTree;
     }
 
-    PrivilegeDefinitionReader(ContentSession contentSession) {
-        this(contentSession.getLatestRoot().getTree(PRIVILEGES_PATH));
+    PrivilegeDefinitionReader(Root root) {
+        this(root.getTree(PRIVILEGES_PATH));
     }
 
     Map<String, PrivilegeDefinition> readDefinitions() {

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeMigrator.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeMigrator.java?rev=1396022&r1=1396021&r2=1396022&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeMigrator.java
(original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeMigrator.java
Tue Oct  9 13:24:10 2012
@@ -42,7 +42,7 @@ public class PrivilegeMigrator {
      * @throws RepositoryException
      */
     public void migrateCustomPrivileges() throws RepositoryException {
-        PrivilegeRegistry pr = new PrivilegeRegistry(contentSession);
+        PrivilegeRegistry pr = new PrivilegeRegistry(contentSession, contentSession.getLatestRoot());
         InputStream stream = null;
         // TODO: order custom privileges such that validation succeeds.
         // FIXME: user proper path to jr2 custom privileges stored in fs

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeRegistry.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeRegistry.java?rev=1396022&r1=1396021&r2=1396022&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeRegistry.java
(original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeRegistry.java
Tue Oct  9 13:24:10 2012
@@ -38,7 +38,7 @@ import org.apache.jackrabbit.oak.util.No
  * TODO: define if/how built-in privileges are reflected in the mk
  * TODO: define if custom privileges are read with editing content session (thus enforcing
read permissions)
  *
- * FIXME: Session#refresh should refresh privileges exposed
+ * FIXME: Privilege registation should result in Session#refresh in order to have the new
privilege also exposed in the content.
  */
 public class PrivilegeRegistry implements PrivilegeProvider, PrivilegeConstants {
 
@@ -50,12 +50,14 @@ public class PrivilegeRegistry implement
     }
 
     private final ContentSession contentSession;
+    private final Root root;
 
     private final Map<String, PrivilegeDefinition> definitions;
 
-    public PrivilegeRegistry(ContentSession contentSession) {
+    public PrivilegeRegistry(ContentSession contentSession, Root root) {
         this.contentSession = contentSession;
-        this.definitions = readDefinitions();
+        this.root = root;
+        this.definitions = readDefinitions(root);
     }
 
     static Map<String, PrivilegeDefinition> getAllDefinitions(PrivilegeDefinitionReader
reader) {
@@ -76,8 +78,8 @@ public class PrivilegeRegistry implement
         return definitions;
     }
 
-    private Map<String, PrivilegeDefinition> readDefinitions() {
-        return getAllDefinitions(new PrivilegeDefinitionReader(contentSession));
+    private Map<String, PrivilegeDefinition> readDefinitions(Root root) {
+        return getAllDefinitions(new PrivilegeDefinitionReader(root));
     }
 
     private static void updateJcrAllPrivilege(Map<String, PrivilegeDefinition> definitions)
{
@@ -90,7 +92,7 @@ public class PrivilegeRegistry implement
     @Override
     public void refresh() {
         // re-read the definitions (TODO: evaluate if it was better to always read privileges
on demand only.)
-        definitions.putAll(readDefinitions());
+        definitions.putAll(readDefinitions(root));
     }
 
     @Nonnull
@@ -118,19 +120,19 @@ public class PrivilegeRegistry implement
     //------------------------------------------------------------< private >---
 
     private void internalRegisterDefinitions(PrivilegeDefinition toRegister) throws RepositoryException
{
-        Root root = contentSession.getLatestRoot();
+        Root latestRoot = contentSession.getLatestRoot();
         try {
             // make sure the privileges path is defined
-            Tree privilegesTree = root.getTree(PRIVILEGES_PATH);
+            Tree privilegesTree = latestRoot.getTree(PRIVILEGES_PATH);
             if (privilegesTree == null) {
                 throw new RepositoryException("Repository doesn't contain node " + PRIVILEGES_PATH);
             }
 
-            NodeUtil privilegesNode = new NodeUtil(privilegesTree, root.getValueFactory());
+            NodeUtil privilegesNode = new NodeUtil(privilegesTree, latestRoot.getValueFactory());
             writeDefinition(privilegesNode, toRegister);
 
             // delegate validation to the commit validation (see above)
-            root.commit();
+            latestRoot.commit();
 
         } catch (CommitFailedException e) {
             Throwable t = e.getCause();
@@ -141,6 +143,7 @@ public class PrivilegeRegistry implement
             }
         }
 
+        // TODO: should be covered by refresh instead
         definitions.put(toRegister.getName(), toRegister);
         updateJcrAllPrivilege(definitions);
     }

Modified: jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/privilege/PrivilegeManagerImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/privilege/PrivilegeManagerImpl.java?rev=1396022&r1=1396021&r2=1396022&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/privilege/PrivilegeManagerImpl.java
(original)
+++ jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/privilege/PrivilegeManagerImpl.java
Tue Oct  9 13:24:10 2012
@@ -47,7 +47,7 @@ public class PrivilegeManagerImpl implem
     private final SessionDelegate sessionDelegate;
 
     public PrivilegeManagerImpl(SessionDelegate sessionDelegate) {
-        this.provider = new PrivilegeRegistry(sessionDelegate.getContentSession());
+        this.provider = new PrivilegeRegistry(sessionDelegate.getContentSession(), sessionDelegate.getRoot());
         this.sessionDelegate = sessionDelegate;
     }
 
@@ -86,6 +86,7 @@ public class PrivilegeManagerImpl implem
         }
 
         PrivilegeDefinition def = provider.registerDefinition(oakName, isAbstract, getOakNames(declaredAggregateNames));
+        // TODO: should be called by provider
         sessionDelegate.refresh(true);
         return new PrivilegeImpl(def);
     }

Modified: jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/privilege/CustomPrivilegeTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/privilege/CustomPrivilegeTest.java?rev=1396022&r1=1396021&r2=1396022&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/privilege/CustomPrivilegeTest.java
(original)
+++ jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/privilege/CustomPrivilegeTest.java
Tue Oct  9 13:24:10 2012
@@ -24,6 +24,7 @@ import java.util.Map;
 import java.util.concurrent.Executors;
 import javax.jcr.AccessDeniedException;
 import javax.jcr.NamespaceException;
+import javax.jcr.Node;
 import javax.jcr.Repository;
 import javax.jcr.RepositoryException;
 import javax.jcr.Session;
@@ -302,6 +303,29 @@ public class CustomPrivilegeTest extends
     }
 
     @Test
+    public void testRegisterCustomPrivilegesVisibleInContent() throws RepositoryException
{
+        Workspace workspace = session.getWorkspace();
+        workspace.getNamespaceRegistry().registerNamespace("test", "http://www.apache.org/jackrabbit/test");
+
+        Map<String, String[]> newCustomPrivs = new HashMap<String, String[]>();
+        newCustomPrivs.put("new", new String[0]);
+        newCustomPrivs.put("test:new", new String[0]);
+
+        for (String name : newCustomPrivs.keySet()) {
+            boolean isAbstract = true;
+            String[] aggrNames = newCustomPrivs.get(name);
+
+            Privilege registered = privilegeManager.registerPrivilege(name, isAbstract, aggrNames);
+
+            Node privilegeRoot = session.getNode(PrivilegeConstants.PRIVILEGES_PATH);
+            assertTrue(privilegeRoot.hasNode(name));
+            Node privNode = privilegeRoot.getNode(name);
+            assertTrue(privNode.getProperty(PrivilegeConstants.REP_IS_ABSTRACT).getBoolean());
+            assertFalse(privNode.hasProperty(PrivilegeConstants.REP_AGGREGATES));
+        }
+    }
+
+    @Test
     public void testCustomPrivilegeVisibleToNewSession() throws RepositoryException {
         boolean isAbstract = false;
         String privName = "testCustomPrivilegeVisibleToNewSession";



Mime
View raw message