jackrabbit-oak-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ang...@apache.org
Subject svn commit: r1436496 - in /jackrabbit/oak/trunk/oak-core/src: main/java/org/apache/jackrabbit/oak/security/authorization/ main/java/org/apache/jackrabbit/oak/security/authorization/restriction/ main/java/org/apache/jackrabbit/oak/security/privilege/ ma...
Date Mon, 21 Jan 2013 17:25:25 GMT
Author: angela
Date: Mon Jan 21 17:25:25 2013
New Revision: 1436496

URL: http://svn.apache.org/viewvc?rev=1436496&view=rev
Log:
OAK-51 : Access Control Management (WIP)

Added:
    jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/restriction/
    jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/restriction/RestrictionDefinitionImplTest.java
    jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/restriction/RestrictionImplTest.java
    jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/restriction/RestrictionProviderImplTest.java
Modified:
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlManagerImpl.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlValidator.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/restriction/RestrictionDefinitionImpl.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/restriction/RestrictionImpl.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeDefinitionImpl.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/ACE.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/ImmutableACL.java
    jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/AccessControlManagerImplTest.java
    jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/AccessControlValidatorTest.java
    jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/ACETest.java
    jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/AbstractAccessControlListTest.java
    jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/AbstractAccessControlTest.java
    jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/ImmutableACLTest.java
    jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/TestACL.java

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlManagerImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlManagerImpl.java?rev=1436496&r1=1436495&r2=1436496&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlManagerImpl.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlManagerImpl.java Mon Jan 21 17:25:25 2013
@@ -488,9 +488,7 @@ public class AccessControlManagerImpl im
 
     @Nonnull
     private Principal getPrincipal(@Nonnull NodeUtil aceNode) {
-        String principalName = aceNode.getString(REP_PRINCIPAL_NAME, null);
-        checkNotNull(principalName);
-
+        String principalName = checkNotNull(aceNode.getString(REP_PRINCIPAL_NAME, null));
         Principal principal = principalProvider.getPrincipal(principalName);
         if (principal == null) {
             log.debug("Unknown principal " + principalName);

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlValidator.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlValidator.java?rev=1436496&r1=1436495&r2=1436496&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlValidator.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlValidator.java Mon Jan 21 17:25:25 2013
@@ -208,9 +208,7 @@ class AccessControlValidator implements 
 
     private void checkValidRestrictions(NodeUtil aceNode) throws CommitFailedException {
         String path;
-        NodeUtil aclNode = aceNode.getParent();
-        checkNotNull(aclNode);
-
+        NodeUtil aclNode = checkNotNull(aceNode.getParent());
         String aclPath = aclNode.getTree().getPath();
         if (REP_REPO_POLICY.equals(Text.getName(aclPath))) {
             path = null;

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/restriction/RestrictionDefinitionImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/restriction/RestrictionDefinitionImpl.java?rev=1436496&r1=1436495&r2=1436496&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/restriction/RestrictionDefinitionImpl.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/restriction/RestrictionDefinitionImpl.java Mon Jan 21 17:25:25 2013
@@ -17,10 +17,14 @@
 package org.apache.jackrabbit.oak.security.authorization.restriction;
 
 import javax.annotation.Nonnull;
+import javax.jcr.PropertyType;
 
+import com.google.common.base.Objects;
 import org.apache.jackrabbit.oak.namepath.NamePathMapper;
 import org.apache.jackrabbit.oak.spi.security.authorization.restriction.RestrictionDefinition;
 
+import static com.google.common.base.Preconditions.checkNotNull;
+
 /**
  * RestrictionDefinitionImpl... TODO
  */
@@ -29,17 +33,34 @@ public class RestrictionDefinitionImpl i
     private final String name;
     private final int type;
     private final boolean isMandatory;
+    private final NamePathMapper namePathMapper;
 
-    final NamePathMapper namePathMapper;
-
-    public RestrictionDefinitionImpl(String name, int type, boolean isMandatory,
-                                     NamePathMapper namePathMapper) {
-        this.name = name;
+    /**
+     * Create a new instance.
+     *
+     * @param name The oak name of the restriction definition.
+     * @param type The required type of this definition. Any valid JCR
+     * {@link javax.jcr.PropertyType} except {@link javax.jcr.PropertyType#UNDEFINED}
+     * is allowed.
+     * @param isMandatory A boolean indicating if the restriction is mandatory.
+     * @param namePathMapper The name path mapper used to calculate the JCR name.
+     */
+    public RestrictionDefinitionImpl(@Nonnull String name, int type, boolean isMandatory,
+                                     @Nonnull NamePathMapper namePathMapper) {
+        this.name = checkNotNull(name);
+        if (type == PropertyType.UNDEFINED) {
+            throw new IllegalArgumentException("'undefined' is not a valid required definition type.");
+        }
         this.type = type;
         this.isMandatory = isMandatory;
-        this.namePathMapper = namePathMapper;
+        this.namePathMapper = checkNotNull(namePathMapper);
+    }
+
+    NamePathMapper getNamePathMapper() {
+        return namePathMapper;
     }
 
+    //----------------------------------------------< RestrictionDefinition >---
     @Nonnull
     @Override
     public String getName() {
@@ -61,4 +82,25 @@ public class RestrictionDefinitionImpl i
     public boolean isMandatory() {
         return isMandatory;
     }
+
+    //-------------------------------------------------------------< Object >---
+
+    @Override
+    public int hashCode() {
+        return Objects.hashCode(name, type, isMandatory);
+    }
+
+    @Override
+    public boolean equals(Object o) {
+        if (o == this) {
+            return true;
+        }
+
+        if (o instanceof RestrictionDefinitionImpl) {
+            RestrictionDefinitionImpl other = (RestrictionDefinitionImpl) o;
+            return type == other.type && isMandatory == other.isMandatory && name.equals(other.name);
+        }
+
+        return false;
+    }
 }

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/restriction/RestrictionImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/restriction/RestrictionImpl.java?rev=1436496&r1=1436495&r2=1436496&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/restriction/RestrictionImpl.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/restriction/RestrictionImpl.java Mon Jan 21 17:25:25 2013
@@ -23,6 +23,7 @@ package org.apache.jackrabbit.oak.securi
 import javax.annotation.Nonnull;
 import javax.jcr.Value;
 
+import com.google.common.base.Objects;
 import org.apache.jackrabbit.oak.api.PropertyState;
 import org.apache.jackrabbit.oak.namepath.NamePathMapper;
 import org.apache.jackrabbit.oak.plugins.value.ValueFactoryImpl;
@@ -38,6 +39,7 @@ public class RestrictionImpl extends Res
         this.property = property;
     }
 
+    //--------------------------------------------------------< Restriction >---
     @Nonnull
     @Override
     public PropertyState getProperty() {
@@ -47,6 +49,26 @@ public class RestrictionImpl extends Res
     @Nonnull
     @Override
     public Value getValue() {
-        return ValueFactoryImpl.createValue(property, namePathMapper);
+        return ValueFactoryImpl.createValue(property, getNamePathMapper());
+    }
+
+    //-------------------------------------------------------------< Object >---
+
+    @Override
+    public int hashCode() {
+        return Objects.hashCode(getName(), getRequiredType(), isMandatory(), getValue());
+    }
+
+    @Override
+    public boolean equals(Object o) {
+        if (o == this) {
+            return true;
+        }
+        if (o instanceof RestrictionImpl) {
+            RestrictionImpl other = (RestrictionImpl) o;
+            return super.equals(other) && getValue().equals(other.getValue());
+        }
+
+        return false;
     }
 }

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeDefinitionImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeDefinitionImpl.java?rev=1436496&r1=1436495&r2=1436496&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeDefinitionImpl.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeDefinitionImpl.java Mon Jan 21 17:25:25 2013
@@ -20,6 +20,7 @@ import java.util.Collections;
 import java.util.Set;
 import javax.annotation.Nonnull;
 
+import com.google.common.base.Objects;
 import com.google.common.collect.ImmutableSet;
 import org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeDefinition;
 
@@ -69,10 +70,7 @@ class PrivilegeDefinitionImpl implements
     //-------------------------------------------------------------< Object >---
     @Override
     public int hashCode() {
-        int result = name.hashCode();
-        result = 31 * result + (isAbstract ? 1 : 0);
-        result = 31 * result + declaredAggregateNames.hashCode();
-        return result;
+        return Objects.hashCode(name, isAbstract(),  declaredAggregateNames);
     }
 
     @Override

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/ACE.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/ACE.java?rev=1436496&r1=1436495&r2=1436496&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/ACE.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/ACE.java Mon Jan 21 17:25:25 2013
@@ -28,6 +28,7 @@ import javax.jcr.security.AccessControlE
 import javax.jcr.security.Privilege;
 
 import com.google.common.base.Function;
+import com.google.common.base.Objects;
 import com.google.common.collect.Collections2;
 import com.google.common.collect.ImmutableSet;
 import org.apache.jackrabbit.api.security.JackrabbitAccessControlEntry;
@@ -125,7 +126,7 @@ public class ACE implements JackrabbitAc
     @Override
     public int hashCode() {
         if (hashCode == 0) {
-            hashCode = buildHashCode();
+            hashCode = Objects.hashCode(principal, aggrPrivNames(), isAllow, restrictions);
         }
         return hashCode;
     }
@@ -137,10 +138,10 @@ public class ACE implements JackrabbitAc
         }
         if (obj instanceof ACE) {
             ACE other = (ACE) obj;
-            return principal.equals(other.principal) &&
-                   aggrPrivNames().equals(other.aggrPrivNames()) &&
-                   isAllow == other.isAllow &&
-                   restrictions.equals(other.restrictions);
+            return principal.equals(other.principal)
+                    && isAllow == other.isAllow
+                    && aggrPrivNames().equals(other.aggrPrivNames())
+                    && restrictions.equals(other.restrictions);
         }
         return false;
     }
@@ -154,20 +155,6 @@ public class ACE implements JackrabbitAc
     }
 
     //------------------------------------------------------------< private >---
-    /**
-     * Build the hash code.
-     *
-     * @return the hash code.
-     */
-    private int buildHashCode() {
-        int h = 17;
-        h = 37 * h + principal.hashCode();
-        h = 37 * h + aggrPrivNames().hashCode();
-        h = 37 * h + Boolean.valueOf(isAllow).hashCode();
-        h = 37 * h + restrictions.hashCode();
-        return h;
-    }
-
     private Set<String> aggrPrivNames() {
         if (aggrPrivNames == null) {
             aggrPrivNames = new HashSet<String>();

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/ImmutableACL.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/ImmutableACL.java?rev=1436496&r1=1436495&r2=1436496&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/ImmutableACL.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/ImmutableACL.java Mon Jan 21 17:25:25 2013
@@ -27,6 +27,7 @@ import javax.jcr.security.AccessControlE
 import javax.jcr.security.AccessControlException;
 import javax.jcr.security.Privilege;
 
+import com.google.common.base.Objects;
 import com.google.common.collect.ImmutableList;
 import org.apache.jackrabbit.api.security.JackrabbitAccessControlEntry;
 import org.apache.jackrabbit.oak.namepath.NamePathMapper;
@@ -49,6 +50,7 @@ public class ImmutableACL extends Abstra
      * @param oakPath The Oak path of this policy or {@code null}.
      * @param entries The access control entries contained in this policy.
      * @param restrictionProvider The restriction provider.
+     * @param namePathMapper The {@link NamePathMapper} used for conversion.
      */
     public ImmutableACL(@Nullable String oakPath,
                         @Nonnull List<? extends JackrabbitAccessControlEntry> entries,
@@ -95,12 +97,7 @@ public class ImmutableACL extends Abstra
     @Override
     public int hashCode() {
         if (hashCode == 0) {
-            int result = 17;
-            result = 37 * result + (getOakPath() != null ? getOakPath().hashCode() : 0);
-            for (AccessControlEntry entry : entries) {
-                result = 37 * result + entry.hashCode();
-            }
-            hashCode = result;
+            hashCode = Objects.hashCode(getOakPath(), entries);
         }
         return hashCode;
     }
@@ -112,9 +109,7 @@ public class ImmutableACL extends Abstra
         }
         if (obj instanceof ImmutableACL) {
             ImmutableACL other = (ImmutableACL) obj;
-            String path = getOakPath();
-            String otherPath = other.getOakPath();
-            return ((path == null) ? otherPath == null : path.equals(otherPath))
+            return Objects.equal(getOakPath(), other.getOakPath())
                     && entries.equals(other.entries);
         }
         return false;

Modified: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/AccessControlManagerImplTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/AccessControlManagerImplTest.java?rev=1436496&r1=1436495&r2=1436496&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/AccessControlManagerImplTest.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/AccessControlManagerImplTest.java Mon Jan 21 17:25:25 2013
@@ -36,13 +36,11 @@ import javax.jcr.security.Privilege;
 import org.apache.jackrabbit.JcrConstants;
 import org.apache.jackrabbit.api.security.authorization.PrivilegeManager;
 import org.apache.jackrabbit.oak.TestNameMapper;
-import org.apache.jackrabbit.oak.api.Root;
 import org.apache.jackrabbit.oak.api.Tree;
 import org.apache.jackrabbit.oak.namepath.NameMapper;
 import org.apache.jackrabbit.oak.namepath.NamePathMapper;
 import org.apache.jackrabbit.oak.namepath.NamePathMapperImpl;
 import org.apache.jackrabbit.oak.plugins.name.Namespaces;
-import org.apache.jackrabbit.oak.plugins.name.ReadWriteNamespaceRegistry;
 import org.apache.jackrabbit.oak.plugins.value.ValueFactoryImpl;
 import org.apache.jackrabbit.oak.security.principal.PrincipalImpl;
 import org.apache.jackrabbit.oak.security.privilege.PrivilegeConstants;
@@ -82,19 +80,7 @@ public class AccessControlManagerImplTes
     public void before() throws Exception {
         super.before();
 
-        NamespaceRegistry nsRegistry = new ReadWriteNamespaceRegistry() {
-            @Override
-            protected Root getWriteRoot() {
-                return root;
-            }
-
-            @Override
-            protected Tree getReadTree() {
-                return root.getTree("/");
-            }
-        };
-        nsRegistry.registerNamespace(TestNameMapper.TEST_PREFIX, TestNameMapper.TEST_URI);
-
+        registerNamespace(TestNameMapper.TEST_PREFIX, TestNameMapper.TEST_URI);
         nameMapper = new TestNameMapper(Namespaces.getNamespaceMap(root.getTree("/")));
         npMapper = new NamePathMapperImpl(nameMapper);
 
@@ -452,7 +438,7 @@ public class AccessControlManagerImplTes
         assertNull(acl.getOakPath());
         assertFalse(acMgr.getApplicablePolicies(path).hasNext());
 
-        acMgr.removePolicy(null, acl);
+        acMgr.removePolicy(path, acl);
         assertEquals(0, acMgr.getPolicies(path).length);
         assertTrue(acMgr.getApplicablePolicies(path).hasNext());
     }

Modified: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/AccessControlValidatorTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/AccessControlValidatorTest.java?rev=1436496&r1=1436495&r2=1436496&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/AccessControlValidatorTest.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/AccessControlValidatorTest.java Mon Jan 21 17:25:25 2013
@@ -263,7 +263,7 @@ public class AccessControlValidatorTest 
         NodeUtil acl = createAcl();
 
         String privName = "invalidPrivilegeName";
-        NodeUtil invalidAce = createACE(acl, "invalid", NT_REP_GRANT_ACE, testPrincipal.getName(), privName);
+        createACE(acl, "invalid", NT_REP_GRANT_ACE, testPrincipal.getName(), privName);
         try {
             root.commit();
             fail("Creating an ACE with invalid privilege should fail.");
@@ -278,10 +278,8 @@ public class AccessControlValidatorTest 
         PrivilegeManager pMgr = getSecurityProvider().getPrivilegeConfiguration().getPrivilegeManager(root, getNamePathMapper());
         pMgr.registerPrivilege("abstractPrivilege", true, new String[0]);
 
-        root.rebase();
-
         NodeUtil acl = createAcl();
-        NodeUtil invalidAce = createACE(acl, "invalid", NT_REP_GRANT_ACE, testPrincipal.getName(), "abstractPrivilege");
+        createACE(acl, "invalid", NT_REP_GRANT_ACE, testPrincipal.getName(), "abstractPrivilege");
         try {
             root.commit();
             fail("Creating an ACE with an abstract privilege should fail.");

Added: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/restriction/RestrictionDefinitionImplTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/restriction/RestrictionDefinitionImplTest.java?rev=1436496&view=auto
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/restriction/RestrictionDefinitionImplTest.java (added)
+++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/restriction/RestrictionDefinitionImplTest.java Mon Jan 21 17:25:25 2013
@@ -0,0 +1,144 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.oak.security.authorization.restriction;
+
+import java.util.ArrayList;
+import java.util.List;
+import javax.jcr.PropertyType;
+
+import org.apache.jackrabbit.oak.TestNameMapper;
+import org.apache.jackrabbit.oak.namepath.NamePathMapper;
+import org.apache.jackrabbit.oak.namepath.NamePathMapperImpl;
+import org.apache.jackrabbit.oak.plugins.name.Namespaces;
+import org.apache.jackrabbit.oak.spi.security.authorization.AbstractAccessControlTest;
+import org.apache.jackrabbit.oak.spi.security.authorization.restriction.RestrictionDefinition;
+import org.junit.Before;
+import org.junit.Test;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertFalse;
+import static org.junit.Assert.assertTrue;
+import static org.junit.Assert.fail;
+
+/**
+ * Tests for {@link RestrictionDefinitionImpl}.
+ */
+public class RestrictionDefinitionImplTest extends AbstractAccessControlTest {
+
+    private String name;
+    private RestrictionDefinitionImpl definition;
+
+    @Before
+    public void before() throws Exception {
+        super.before();
+
+        registerNamespace(TestNameMapper.TEST_PREFIX, TestNameMapper.TEST_URI);
+        NamePathMapper npMapper = new NamePathMapperImpl(new TestNameMapper(Namespaces.getNamespaceMap(root.getTree("/")), TestNameMapper.LOCAL_MAPPING));
+
+        name = TestNameMapper.TEST_PREFIX + ":defName";
+        definition = new RestrictionDefinitionImpl(name, PropertyType.NAME, true, npMapper);
+    }
+
+    @Test
+    public void testGetName() {
+        assertEquals(name, definition.getName());
+    }
+
+    @Test
+    public void testGetJcrName() {
+        assertEquals(TestNameMapper.TEST_LOCAL_PREFIX + ":defName", definition.getJcrName());
+    }
+
+    @Test
+    public void testGetRequiredType() {
+        assertEquals(PropertyType.NAME, definition.getRequiredType());
+    }
+
+    @Test
+    public void testIsMandatory() {
+        assertTrue(definition.isMandatory());
+    }
+
+    @Test
+    public void testInvalid() {
+        try {
+            new RestrictionDefinitionImpl(null, PropertyType.BOOLEAN, false, namePathMapper);
+            fail("Creating RestrictionDefinition with null name should fail.");
+        } catch (NullPointerException e) {
+            // success
+        }
+
+        try {
+            new RestrictionDefinitionImpl(name, PropertyType.BOOLEAN, false, null);
+            fail("Creating RestrictionDefinition with null name/path mapper should fail.");
+        } catch (NullPointerException e) {
+            // success
+        }
+
+        try {
+            new RestrictionDefinitionImpl(name, PropertyType.UNDEFINED, false, namePathMapper);
+            fail("Creating RestrictionDefinition with undefined required type should fail.");
+        } catch (IllegalArgumentException e) {
+            // success
+        }
+    }
+
+    @Test
+    public void testEquals() {
+        // same definition
+        assertEquals(definition, new RestrictionDefinitionImpl(name, PropertyType.NAME, true, definition.getNamePathMapper()));
+
+        // same def but different namepathmapper.
+        RestrictionDefinition definition2 = new RestrictionDefinitionImpl(name, PropertyType.NAME, true, namePathMapper);
+        assertFalse(definition.getJcrName().equals(definition2.getJcrName()));
+        assertEquals(definition, definition2);
+    }
+
+    @Test
+    public void testNotEqual() {
+        List<RestrictionDefinition> defs = new ArrayList<RestrictionDefinition>();
+        // - different type
+        defs.add(new RestrictionDefinitionImpl(name, PropertyType.STRING, true, namePathMapper));
+        // - different name
+        defs.add(new RestrictionDefinitionImpl("otherName", PropertyType.NAME, true, namePathMapper));
+        // - different mandatory flag
+        defs.add(new RestrictionDefinitionImpl(name, PropertyType.NAME, false, namePathMapper));
+        // - different impl
+        defs.add(new RestrictionDefinition() {
+            @Override
+            public String getName() {
+                return name;
+            }
+            @Override
+            public String getJcrName() {
+                throw new UnsupportedOperationException();
+            }
+            @Override
+            public int getRequiredType() {
+                return PropertyType.NAME;
+            }
+            @Override
+            public boolean isMandatory() {
+                return true;
+            }
+        });
+
+        for (RestrictionDefinition rd : defs) {
+            assertFalse(definition.equals(rd));
+        }
+    }
+}
\ No newline at end of file

Added: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/restriction/RestrictionImplTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/restriction/RestrictionImplTest.java?rev=1436496&view=auto
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/restriction/RestrictionImplTest.java (added)
+++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/restriction/RestrictionImplTest.java Mon Jan 21 17:25:25 2013
@@ -0,0 +1,158 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.oak.security.authorization.restriction;
+
+import java.util.ArrayList;
+import java.util.List;
+import javax.annotation.Nonnull;
+import javax.jcr.PropertyType;
+import javax.jcr.Value;
+
+import org.apache.jackrabbit.oak.TestNameMapper;
+import org.apache.jackrabbit.oak.api.PropertyState;
+import org.apache.jackrabbit.oak.api.Type;
+import org.apache.jackrabbit.oak.namepath.NamePathMapper;
+import org.apache.jackrabbit.oak.namepath.NamePathMapperImpl;
+import org.apache.jackrabbit.oak.plugins.memory.PropertyStates;
+import org.apache.jackrabbit.oak.plugins.name.Namespaces;
+import org.apache.jackrabbit.oak.plugins.value.ValueFactoryImpl;
+import org.apache.jackrabbit.oak.spi.security.authorization.AbstractAccessControlTest;
+import org.apache.jackrabbit.oak.spi.security.authorization.restriction.Restriction;
+import org.junit.Before;
+import org.junit.Test;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertFalse;
+import static org.junit.Assert.assertTrue;
+import static org.junit.Assert.fail;
+
+/**
+ * Tests for {@link RestrictionImpl}
+ */
+public class RestrictionImplTest extends AbstractAccessControlTest {
+
+    private String name;
+    private RestrictionImpl restriction;
+
+    @Before
+    public void before() throws Exception {
+        super.before();
+
+        registerNamespace(TestNameMapper.TEST_PREFIX, TestNameMapper.TEST_URI);
+        NamePathMapper npMapper = new NamePathMapperImpl(new TestNameMapper(Namespaces.getNamespaceMap(root.getTree("/")), TestNameMapper.LOCAL_MAPPING));
+
+        name = TestNameMapper.TEST_PREFIX + ":defName";
+        PropertyState property = createProperty(name);
+        restriction = new RestrictionImpl(property, true, npMapper);
+    }
+
+    private static PropertyState createProperty(String name) {
+        return PropertyStates.createProperty(name, "value", Type.NAME);
+    }
+
+    @Test
+    public void testGetName() {
+        assertEquals(name, restriction.getName());
+    }
+
+    @Test
+    public void testGetJcrName() {
+        assertEquals(TestNameMapper.TEST_LOCAL_PREFIX + ":defName", restriction.getJcrName());
+    }
+
+    @Test
+    public void testGetRequiredType() {
+        assertEquals(PropertyType.NAME, restriction.getRequiredType());
+    }
+
+    @Test
+    public void testIsMandatory() {
+        assertTrue(restriction.isMandatory());
+    }
+
+    @Test
+    public void testInvalid() {
+        try {
+            new RestrictionImpl(null, false, namePathMapper);
+            fail("Creating RestrictionDefinition with null name should fail.");
+        } catch (NullPointerException e) {
+            // success
+        }
+
+        try {
+            new RestrictionImpl(createProperty(name), false, null);
+            fail("Creating RestrictionDefinition with null name/path mapper should fail.");
+        } catch (NullPointerException e) {
+            // success
+        }
+    }
+
+        @Test
+    public void testEquals() {
+        // same definition
+        assertEquals(restriction, new RestrictionImpl(createProperty(name), true, restriction.getNamePathMapper()));
+
+        // same def but different namepathmapper.
+        Restriction r2 = new RestrictionImpl(createProperty(name), true, namePathMapper);
+        assertFalse(restriction.getJcrName().equals(r2.getJcrName()));
+        assertEquals(restriction, r2);
+    }
+
+    @Test
+    public void testNotEqual() {
+        List<Restriction> rs = new ArrayList<Restriction>();
+        // - different type
+        rs.add(new RestrictionImpl(PropertyStates.createProperty(name, PropertyType.STRING), true, namePathMapper));
+        // - different name
+        rs.add(new RestrictionImpl(PropertyStates.createProperty("otherName", PropertyType.NAME), true, namePathMapper));
+        // - different mandatory flag
+        rs.add(new RestrictionImpl(createProperty(name), false, namePathMapper));
+        // - different impl
+        rs.add(new Restriction() {
+            @Override
+            public String getName() {
+                return name;
+            }
+            @Override
+            public String getJcrName() {
+                throw new UnsupportedOperationException();
+            }
+            @Override
+            public int getRequiredType() {
+                return PropertyType.NAME;
+            }
+            @Override
+            public boolean isMandatory() {
+                return true;
+            }
+            @Override
+            public PropertyState getProperty() {
+                return createProperty(name);
+            }
+
+            @Nonnull
+            @Override
+            public Value getValue() {
+                return ValueFactoryImpl.createValue(createProperty(name), namePathMapper);
+            }
+        });
+
+        for (Restriction r : rs) {
+            assertFalse(restriction.equals(r));
+        }
+    }
+}
\ No newline at end of file

Added: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/restriction/RestrictionProviderImplTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/restriction/RestrictionProviderImplTest.java?rev=1436496&view=auto
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/restriction/RestrictionProviderImplTest.java (added)
+++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/restriction/RestrictionProviderImplTest.java Mon Jan 21 17:25:25 2013
@@ -0,0 +1,82 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.oak.security.authorization.restriction;
+
+import java.util.Set;
+
+import javax.jcr.PropertyType;
+
+import org.apache.jackrabbit.oak.security.authorization.AccessControlConstants;
+import org.apache.jackrabbit.oak.spi.security.authorization.AbstractAccessControlTest;
+import org.apache.jackrabbit.oak.spi.security.authorization.restriction.RestrictionDefinition;
+import org.junit.Before;
+import org.junit.Test;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertFalse;
+import static org.junit.Assert.assertNotNull;
+import static org.junit.Assert.assertTrue;
+
+/**
+ * Tests for {@link RestrictionProviderImpl}
+ */
+public class RestrictionProviderImplTest extends AbstractAccessControlTest implements AccessControlConstants {
+
+    private RestrictionProviderImpl provider;
+
+    @Before
+    public void before() throws Exception {
+        super.before();
+
+        provider = new RestrictionProviderImpl(namePathMapper);
+    }
+
+    @Test
+    public void testGetSupportedDefinitions() {
+        assertTrue(provider.getSupportedRestrictions(null).isEmpty());
+
+        Set<RestrictionDefinition> defs = provider.getSupportedRestrictions("/testPath");
+        assertNotNull(defs);
+        assertEquals(1, defs.size());
+
+        RestrictionDefinition def = defs.iterator().next();
+        assertEquals(REP_GLOB, def.getName());
+        assertEquals(PropertyType.STRING, def.getRequiredType());
+        assertFalse(def.isMandatory());
+    }
+
+    @Test
+    public void testCreateRestriction() {
+        // TODO
+    }
+
+    @Test
+    public void testReadRestrictions() {
+        // TODO
+    }
+
+    @Test
+    public void testWriteRestrictions() {
+        // TODO
+    }
+
+    @Test
+    public void testValidateRestrictions() {
+        // TODO
+    }
+
+}
\ No newline at end of file

Modified: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/ACETest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/ACETest.java?rev=1436496&r1=1436495&r2=1436496&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/ACETest.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/ACETest.java Mon Jan 21 17:25:25 2013
@@ -16,7 +16,6 @@
  */
 package org.apache.jackrabbit.oak.spi.security.authorization;
 
-import java.security.AccessControlException;
 import java.security.Principal;
 import java.util.ArrayList;
 import java.util.Arrays;
@@ -26,9 +25,11 @@ import java.util.Map;
 import javax.jcr.RepositoryException;
 import javax.jcr.Value;
 import javax.jcr.security.AccessControlEntry;
+import javax.jcr.security.AccessControlException;
 import javax.jcr.security.AccessControlManager;
 import javax.jcr.security.Privilege;
 
+import com.google.common.collect.Lists;
 import org.apache.jackrabbit.api.security.JackrabbitAccessControlEntry;
 import org.apache.jackrabbit.commons.jackrabbit.authorization.AccessControlUtils;
 import org.apache.jackrabbit.oak.security.privilege.PrivilegeConstants;
@@ -64,13 +65,19 @@ public class ACETest extends AbstractAcc
         acMgr = getAccessControlManager();
     }
 
+    private ACE createEntry(String... privilegeNames)
+            throws RepositoryException {
+        Privilege[] privs = AccessControlUtils.privilegesFromNames(acMgr, privilegeNames);
+        return createEntry(testPrincipal, privs, true);
+    }
+
     private ACE createEntry(String[] privilegeNames, boolean isAllow)
             throws RepositoryException {
         Privilege[] privs = AccessControlUtils.privilegesFromNames(acMgr, privilegeNames);
         return createEntry(testPrincipal, privs, isAllow);
     }
 
-    private ACE createEntry(Principal principal, Privilege[] privileges, boolean isAllow) throws javax.jcr.security.AccessControlException {
+    private ACE createEntry(Principal principal, Privilege[] privileges, boolean isAllow) throws AccessControlException {
         return new ACE(principal, privileges, isAllow, null);
     }
 
@@ -123,9 +130,9 @@ public class ACETest extends AbstractAcc
 
         Map<AccessControlEntry, AccessControlEntry> equalAces = new HashMap<AccessControlEntry, AccessControlEntry>();
 
-        ACE ace = createEntry(new String[] {PrivilegeConstants.JCR_ALL}, true);
+        ACE ace = createEntry(PrivilegeConstants.JCR_ALL);
         // create same entry again
-        equalAces.put(ace, createEntry(new String[] {PrivilegeConstants.JCR_ALL}, true));
+        equalAces.put(ace, createEntry(PrivilegeConstants.JCR_ALL));
 
         // create entry with declared aggregate privileges
         Privilege[] declaredAllPrivs = acMgr.privilegeFromName(PrivilegeConstants.JCR_ALL).getDeclaredAggregatePrivileges();
@@ -151,6 +158,15 @@ public class ACETest extends AbstractAcc
     }
 
     @Test
+    public void testEquals2() throws RepositoryException  {
+        ACE ace = createEntry(PrivilegeConstants.JCR_ADD_CHILD_NODES, PrivilegeConstants.JCR_READ);
+        // priv array contains duplicates
+        ACE ace2 = createEntry(PrivilegeConstants.JCR_ADD_CHILD_NODES, PrivilegeConstants.JCR_ADD_CHILD_NODES, PrivilegeConstants.JCR_READ);
+
+        assertEquals(ace, ace2);
+    }
+
+    @Test
     public void testNotEquals() throws RepositoryException  {
         ACE ace = createEntry(new String[] {PrivilegeConstants.JCR_ALL}, true);
         List<JackrabbitAccessControlEntry> otherAces = new ArrayList<JackrabbitAccessControlEntry>();
@@ -216,65 +232,61 @@ public class ACETest extends AbstractAcc
 
     @Test
     public void testHashCode() throws RepositoryException  {
+        JackrabbitAccessControlEntry ace = createEntry(PrivilegeConstants.JCR_ALL);
+        Privilege[] declaredAllPrivs = acMgr.privilegeFromName(PrivilegeConstants.JCR_ALL).getDeclaredAggregatePrivileges();
+        Privilege[] aggregateAllPrivs = acMgr.privilegeFromName(PrivilegeConstants.JCR_ALL).getAggregatePrivileges();
+        List<Privilege> l = Lists.newArrayList(aggregateAllPrivs);
+        l.add(l.remove(0));
+        Privilege[] reordered = l.toArray(new Privilege[l.size()]);
 
         Map<AccessControlEntry, AccessControlEntry> equivalent = new HashMap<AccessControlEntry, AccessControlEntry>();
-        JackrabbitAccessControlEntry ace = createEntry(new String[] {PrivilegeConstants.JCR_ALL}, true);
         // create same entry again
-        equivalent.put(ace, createEntry(new String[] {PrivilegeConstants.JCR_ALL}, true));
+        equivalent.put(ace, createEntry(PrivilegeConstants.JCR_ALL));
+        // create entry with duplicate privs
+        equivalent.put(ace, createEntry(PrivilegeConstants.JCR_ALL, PrivilegeConstants.JCR_ALL));
         // create entry with declared aggregate privileges
-        Privilege[] declaredAllPrivs = acMgr.privilegeFromName(PrivilegeConstants.JCR_ALL).getDeclaredAggregatePrivileges();
         equivalent.put(ace, createEntry(testPrincipal, declaredAllPrivs, true));
         // create entry with aggregate privileges
-        Privilege[] aggregateAllPrivs = acMgr.privilegeFromName(PrivilegeConstants.JCR_ALL).getAggregatePrivileges();
         equivalent.put(ace, createEntry(testPrincipal, aggregateAllPrivs, true));
         // create entry with different privilege order
-        List<Privilege> reordered = new ArrayList<Privilege>(Arrays.asList(aggregateAllPrivs));
-        reordered.add(reordered.remove(0));
-        equivalent.put(createEntry(testPrincipal, reordered.toArray(new Privilege[reordered.size()]), true),
-                      createEntry(testPrincipal, aggregateAllPrivs, true));
+        equivalent.put(ace, createEntry(testPrincipal, reordered, true));
+        equivalent.put(createEntry(testPrincipal, declaredAllPrivs, true),
+                createEntry(testPrincipal, reordered, true));
         // even if entries are build with aggregated or declared aggregate privileges
         equivalent.put(createEntry(testPrincipal, declaredAllPrivs, true),
-                      createEntry(testPrincipal, aggregateAllPrivs, true));
+                createEntry(testPrincipal, aggregateAllPrivs, true));
 
         for (AccessControlEntry entry : equivalent.keySet()) {
             AccessControlEntry eqv = equivalent.get(entry);
             assertEquals(entry.hashCode(), eqv.hashCode());
         }
+    }
+
+    @Test
+    public void testHashCode2() throws Exception {
+        JackrabbitAccessControlEntry ace = createEntry(new String[] {PrivilegeConstants.JCR_ALL}, true);
+        final Privilege[] privs = AccessControlUtils.privilegesFromNames(acMgr, PrivilegeConstants.JCR_ALL);
 
         // and the opposite:
         List<JackrabbitAccessControlEntry> otherAces = new ArrayList<JackrabbitAccessControlEntry>();
-        try {
-            // ACE template with different principal
-            Principal princ = new Principal() {
-                public String getName() {
-                    return "a name";
-                }
-            };
-            Privilege[] privs = new Privilege[] {
-                    acMgr.privilegeFromName(PrivilegeConstants.JCR_ALL)
-            };
-            otherAces.add(createEntry(princ, privs, true));
-        } catch (RepositoryException e) {
-        }
+        // ACE template with different principal
+        Principal princ = new Principal() {
+            public String getName() {
+                return "a name";
+            }
+        };
+        otherAces.add(createEntry(princ, privs, true));
+
         // ACE template with different privileges
-        try {
-            otherAces.add(createEntry(new String[] {PrivilegeConstants.JCR_READ}, true));
-        } catch (RepositoryException e) {
-        }
+        otherAces.add(createEntry(new String[] {PrivilegeConstants.JCR_READ}, true));
+
         // ACE template with different 'allow' flag
-        try {
-            otherAces.add(createEntry(new String[] {PrivilegeConstants.JCR_ALL}, false));
-        } catch (RepositoryException e) {
-        }
+        otherAces.add(createEntry(new String[] {PrivilegeConstants.JCR_ALL}, false));
+
         // ACE template with different privileges and 'allows
-        try {
-            otherAces.add(createEntry(new String[] {PrivilegeConstants.REP_WRITE}, false));
-        } catch (RepositoryException e) {
-        }
+        otherAces.add(createEntry(new String[] {PrivilegeConstants.REP_WRITE}, false));
+
         // other ace impl
-        final Privilege[] privs = new Privilege[] {
-                acMgr.privilegeFromName(PrivilegeConstants.JCR_ALL)
-        };
         JackrabbitAccessControlEntry pe = new JackrabbitAccessControlEntry() {
             public boolean isAllow() {
                 return true;

Modified: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/AbstractAccessControlListTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/AbstractAccessControlListTest.java?rev=1436496&r1=1436495&r2=1436496&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/AbstractAccessControlListTest.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/AbstractAccessControlListTest.java Mon Jan 21 17:25:25 2013
@@ -20,8 +20,10 @@ import java.util.ArrayList;
 import java.util.Arrays;
 import java.util.Collections;
 import java.util.HashMap;
+import java.util.HashSet;
 import java.util.List;
 import java.util.Map;
+import java.util.Set;
 import javax.jcr.PropertyType;
 import javax.jcr.RepositoryException;
 import javax.jcr.security.Privilege;
@@ -58,12 +60,16 @@ public abstract class AbstractAccessCont
         return createACL(getTestPath(), Collections.<JackrabbitAccessControlEntry>emptyList(), namePathMapper);
     }
 
+    protected AbstractAccessControlList createACL(JackrabbitAccessControlEntry... entries) {
+        return createACL(getTestPath(), Lists.newArrayList(entries), namePathMapper);
+    }
+
     protected AbstractAccessControlList createACL(List<JackrabbitAccessControlEntry> entries) {
-        return createACL(getTestPath(), entries);
+        return createACL(getTestPath(), entries, namePathMapper);
     }
 
-    protected AbstractAccessControlList createACL(String jcrPath, List<JackrabbitAccessControlEntry> entries) {
-        return createACL(jcrPath, entries, namePathMapper);
+    protected AbstractAccessControlList createACL(String jcrPath, JackrabbitAccessControlEntry... entries) {
+        return createACL(jcrPath, Lists.newArrayList(entries), namePathMapper);
     }
 
     protected abstract AbstractAccessControlList createACL(String jcrPath,
@@ -81,6 +87,18 @@ public abstract class AbstractAccessCont
         return entries;
     }
 
+    protected static Privilege[] getAggregatedPrivileges(Privilege... privileges) {
+        Set<Privilege> aggr = new HashSet<Privilege>();
+        for (Privilege p : privileges) {
+            if (p.isAggregate()) {
+                aggr.addAll(Arrays.asList(p.getAggregatePrivileges()));
+            } else {
+                aggr.add(p);
+            }
+        }
+        return aggr.toArray(new Privilege[aggr.size()]);
+    }
+
     @Test
     public void testGetPath() {
         NameMapper nameMapper = new GlobalNameMapper() {

Modified: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/AbstractAccessControlTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/AbstractAccessControlTest.java?rev=1436496&r1=1436495&r2=1436496&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/AbstractAccessControlTest.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/AbstractAccessControlTest.java Mon Jan 21 17:25:25 2013
@@ -16,12 +16,16 @@
  */
 package org.apache.jackrabbit.oak.spi.security.authorization;
 
+import javax.jcr.NamespaceRegistry;
 import javax.jcr.RepositoryException;
 import javax.jcr.security.Privilege;
 
 import org.apache.jackrabbit.api.security.authorization.PrivilegeManager;
 import org.apache.jackrabbit.oak.AbstractSecurityTest;
+import org.apache.jackrabbit.oak.api.Root;
+import org.apache.jackrabbit.oak.api.Tree;
 import org.apache.jackrabbit.oak.namepath.NamePathMapper;
+import org.apache.jackrabbit.oak.plugins.name.ReadWriteNamespaceRegistry;
 import org.apache.jackrabbit.oak.security.authorization.AccessControlManagerImpl;
 import org.apache.jackrabbit.oak.spi.security.authorization.restriction.RestrictionProvider;
 
@@ -33,6 +37,21 @@ public abstract class AbstractAccessCont
     private PrivilegeManager privMgr;
     private RestrictionProvider restrictionProvider;
 
+    protected void registerNamespace(String prefix, String uri) throws RepositoryException {
+        NamespaceRegistry nsRegistry = new ReadWriteNamespaceRegistry() {
+            @Override
+            protected Root getWriteRoot() {
+                return root;
+            }
+
+            @Override
+            protected Tree getReadTree() {
+                return root.getTree("/");
+            }
+        };
+        nsRegistry.registerNamespace(prefix, uri);
+    }
+
     protected NamePathMapper getNamePathMapper() {
         return namePathMapper;
     }

Modified: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/ImmutableACLTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/ImmutableACLTest.java?rev=1436496&r1=1436495&r2=1436496&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/ImmutableACLTest.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/ImmutableACLTest.java Mon Jan 21 17:25:25 2013
@@ -30,6 +30,7 @@ import org.apache.jackrabbit.api.securit
 import org.apache.jackrabbit.oak.namepath.NamePathMapper;
 import org.apache.jackrabbit.oak.security.principal.PrincipalImpl;
 import org.apache.jackrabbit.oak.security.privilege.PrivilegeConstants;
+import org.apache.jackrabbit.oak.spi.security.authorization.restriction.Restriction;
 import org.apache.jackrabbit.oak.spi.security.authorization.restriction.RestrictionProvider;
 import org.junit.Before;
 import org.junit.Test;
@@ -128,7 +129,7 @@ public class ImmutableACLTest extends Ab
 
     @Test
     public void testEmptyIsImmutable() throws Exception {
-        JackrabbitAccessControlList acl = createACL(Collections.<JackrabbitAccessControlEntry>emptyList());
+        JackrabbitAccessControlList acl = createEmptyACL();
 
         assertTrue(acl.isEmpty());
         assertEquals(0, acl.size());
@@ -137,24 +138,63 @@ public class ImmutableACLTest extends Ab
     }
 
     @Test
-    public void testEquals() throws Exception {
-        List<JackrabbitAccessControlEntry> entries = Collections.<JackrabbitAccessControlEntry>singletonList(new ACE(testPrincipal, testPrivileges, true, null));
+    public void testEqualsForEmpty() throws Exception {
 
-        JackrabbitAccessControlList empty = createACL(Collections.<JackrabbitAccessControlEntry>emptyList());
-        JackrabbitAccessControlList acl = createACL(entries);
+        JackrabbitAccessControlList acl = createEmptyACL();
 
-        assertEquals(empty, createACL(Collections.<JackrabbitAccessControlEntry>emptyList()));
-        assertEquals(acl, createACL(entries));
+        assertEquals(acl, createEmptyACL());
+        assertFalse(acl.equals(createACL(new ACE(testPrincipal, testPrivileges, true, Collections.<Restriction>emptySet()))));
+        assertFalse(acl.equals(new TestACL(getTestPath(), getRestrictionProvider(), Collections.<JackrabbitAccessControlEntry>emptyList())));
+    }
 
-        String testPath = getTestPath();
-        RestrictionProvider restrictionProvider = getRestrictionProvider();
+    @Test
+    public void testEquals() throws Exception {
+        RestrictionProvider rp = getRestrictionProvider();
+        ACE ace1 = new ACE(testPrincipal, privilegesFromNames(PrivilegeConstants.JCR_VERSION_MANAGEMENT), false, null);
+        ACE ace2 = new ACE(testPrincipal, testPrivileges, true, null);
+        ACE ace2b = new ACE(testPrincipal, getAggregatedPrivileges(testPrivileges), true, null);
+
+        JackrabbitAccessControlList acl = createACL(ace1, ace2);
+        JackrabbitAccessControlList repoAcl = createACL((String) null, ace1, ace2);
+
+        assertEquals(acl, createACL(ace1, ace2));
+        assertEquals(acl, createACL(ace1, ace2b));
+
+        assertEquals(repoAcl, createACL((String) null, ace1, ace2b));
+
+        assertFalse(acl.equals(createACL(ace2, ace1)));
+        assertFalse(acl.equals(repoAcl));
+        assertFalse(acl.equals(createEmptyACL()));
+        assertFalse(acl.equals(createACL("/anotherPath", ace1, ace2)));
+        assertFalse(acl.equals(new TestACL("/anotherPath", rp, ace1, ace2)));
+        assertFalse(acl.equals(new TestACL("/anotherPath", rp, ace1, ace2)));
+        assertFalse(acl.equals(new TestACL("/anotherPath", rp)));
+        assertFalse(acl.equals(new TestACL(getTestPath(), rp, ace1, ace2)));
+    }
 
-        assertFalse(empty.equals(acl));
-        assertFalse(acl.equals(empty));
-        assertFalse(acl.equals(createACL("/anotherPath", entries)));
-        assertFalse(acl.equals(new TestACL("/anotherPath", entries, restrictionProvider)));
-        assertFalse(acl.equals(new TestACL("/anotherPath", Collections.<JackrabbitAccessControlEntry>emptyList(), restrictionProvider)));
-        assertFalse(acl.equals(new TestACL(testPath, entries, restrictionProvider)));
-        assertFalse(empty.equals(new TestACL(testPath, Collections.<JackrabbitAccessControlEntry>emptyList(), restrictionProvider)));
+    @Test
+    public void testHashCode() throws Exception {
+        RestrictionProvider rp = getRestrictionProvider();
+        ACE ace1 = new ACE(testPrincipal, privilegesFromNames(PrivilegeConstants.JCR_VERSION_MANAGEMENT), false, null);
+        ACE ace2 = new ACE(testPrincipal, testPrivileges, true, null);
+        ACE ace2b = new ACE(testPrincipal, getAggregatedPrivileges(testPrivileges), true, null);
+
+        JackrabbitAccessControlList acl = createACL(ace1, ace2);
+        JackrabbitAccessControlList repoAcl = createACL((String) null, ace1, ace2);
+
+        int hc = acl.hashCode();
+        assertTrue(hc == createACL(ace1, ace2).hashCode());
+        assertTrue(hc == createACL(ace1, ace2b).hashCode());
+
+        assertTrue(repoAcl.hashCode() == createACL((String) null, ace1, ace2b).hashCode());
+
+        assertFalse(hc == createACL(ace2, ace1).hashCode());
+        assertFalse(hc == repoAcl.hashCode());
+        assertFalse(hc == createEmptyACL().hashCode());
+        assertFalse(hc == createACL("/anotherPath", ace1, ace2).hashCode());
+        assertFalse(hc == new TestACL("/anotherPath", rp, ace1, ace2).hashCode());
+        assertFalse(hc == new TestACL("/anotherPath", rp, ace1, ace2).hashCode());
+        assertFalse(hc == new TestACL("/anotherPath", rp).hashCode());
+        assertFalse(hc == new TestACL(getTestPath(), rp, ace1, ace2).hashCode());
     }
 }
\ No newline at end of file

Modified: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/TestACL.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/TestACL.java?rev=1436496&r1=1436495&r2=1436496&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/TestACL.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/TestACL.java Mon Jan 21 17:25:25 2013
@@ -25,6 +25,7 @@ import javax.jcr.Value;
 import javax.jcr.security.AccessControlEntry;
 import javax.jcr.security.Privilege;
 
+import com.google.common.collect.Lists;
 import org.apache.jackrabbit.api.security.JackrabbitAccessControlEntry;
 import org.apache.jackrabbit.oak.namepath.NamePathMapper;
 import org.apache.jackrabbit.oak.spi.security.authorization.restriction.RestrictionProvider;
@@ -37,13 +38,18 @@ public final class TestACL extends Abstr
     private final List<JackrabbitAccessControlEntry> entries = new ArrayList<JackrabbitAccessControlEntry>();
     private final RestrictionProvider restrictionProvider;
 
-    public TestACL(String jcrPath, List<JackrabbitAccessControlEntry> entries,
-                   RestrictionProvider restrictionProvider) {
+    public TestACL(String jcrPath, RestrictionProvider restrictionProvider,
+                   List<JackrabbitAccessControlEntry> entries) {
         super(jcrPath, NamePathMapper.DEFAULT);
         this.entries.addAll(entries);
         this.restrictionProvider = restrictionProvider;
     }
 
+    public TestACL(String jcrPath, RestrictionProvider restrictionProvider,
+                   JackrabbitAccessControlEntry... entry) {
+        this(jcrPath, restrictionProvider, Lists.newArrayList(entry));
+    }
+
     @Override
     public boolean isEmpty() {
         return entries.isEmpty();



Mime
View raw message