Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/restriction/RestrictionImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/restriction/RestrictionImpl.java?rev=1440540&r1=1440539&r2=1440540&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/restriction/RestrictionImpl.java
(original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/restriction/RestrictionImpl.java
Wed Jan 30 17:33:37 2013
@@ -29,12 +29,12 @@ import org.apache.jackrabbit.oak.namepat
import org.apache.jackrabbit.oak.plugins.value.ValueFactoryImpl;
import org.apache.jackrabbit.oak.spi.security.authorization.restriction.Restriction;
-public class RestrictionImpl extends RestrictionDefinitionImpl implements Restriction {
+class RestrictionImpl extends RestrictionDefinitionImpl implements Restriction {
private final PropertyState property;
- public RestrictionImpl(@Nonnull PropertyState property, boolean isMandatory,
- @Nonnull NamePathMapper namePathMapper) {
+ RestrictionImpl(@Nonnull PropertyState property, boolean isMandatory,
+ @Nonnull NamePathMapper namePathMapper) {
super(property.getName(), property.getType().tag(), isMandatory, namePathMapper);
this.property = property;
}
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/AccessControlConfiguration.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/AccessControlConfiguration.java?rev=1440540&r1=1440539&r2=1440540&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/AccessControlConfiguration.java
(original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/AccessControlConfiguration.java
Wed Jan 30 17:33:37 2013
@@ -16,10 +16,13 @@
*/
package org.apache.jackrabbit.oak.spi.security.authorization;
+import java.security.Principal;
+import java.util.Set;
import javax.annotation.Nonnull;
import javax.jcr.security.AccessControlManager;
import org.apache.jackrabbit.oak.api.Root;
+import org.apache.jackrabbit.oak.api.Tree;
import org.apache.jackrabbit.oak.namepath.NamePathMapper;
import org.apache.jackrabbit.oak.spi.security.SecurityConfiguration;
import org.apache.jackrabbit.oak.spi.security.authorization.restriction.RestrictionProvider;
@@ -35,6 +38,11 @@ public interface AccessControlConfigurat
@Nonnull
RestrictionProvider getRestrictionProvider(NamePathMapper namePathMapper);
+ // TODO: define how to pass workspace information
@Nonnull
- PermissionProvider getPermissionProvider(NamePathMapper namePathMapper);
+ PermissionProvider getPermissionProvider(Root root, Set<Principal> principals);
+
+ // TODO: check again
+ @Nonnull
+ PermissionProvider getPermissionProvider(Tree rootTree, Set<Principal> principals);
}
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/ImmutableACL.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/ImmutableACL.java?rev=1440540&r1=1440539&r2=1440540&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/ImmutableACL.java
(original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/ImmutableACL.java
Wed Jan 30 17:33:37 2013
@@ -21,7 +21,6 @@ import java.util.List;
import java.util.Map;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
-import javax.jcr.RepositoryException;
import javax.jcr.Value;
import javax.jcr.security.AccessControlEntry;
import javax.jcr.security.AccessControlException;
@@ -47,10 +46,10 @@ public class ImmutableACL extends Abstra
/**
* Construct a new {@code UnmodifiableAccessControlList}
*
- * @param oakPath The Oak path of this policy or {@code null}.
- * @param entries The access control entries contained in this policy.
+ * @param oakPath The Oak path of this policy or {@code null}.
+ * @param entries The access control entries contained in this policy.
* @param restrictionProvider The restriction provider.
- * @param namePathMapper The {@link NamePathMapper} used for conversion.
+ * @param namePathMapper The {@link NamePathMapper} used for conversion.
*/
public ImmutableACL(@Nullable String oakPath,
@Nonnull List<? extends JackrabbitAccessControlEntry> entries,
@@ -64,8 +63,7 @@ public class ImmutableACL extends Abstra
//--------------------------------------------------< AccessControlList >---
@Override
- public void removeAccessControlEntry(AccessControlEntry ace)
- throws AccessControlException, RepositoryException {
+ public void removeAccessControlEntry(AccessControlEntry ace) throws AccessControlException
{
throw new AccessControlException("Immutable ACL. Use AccessControlManager#getApplicablePolicies
in order to obtain an modifiable ACL.");
}
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/OpenAccessControlConfiguration.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/OpenAccessControlConfiguration.java?rev=1440540&r1=1440539&r2=1440540&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/OpenAccessControlConfiguration.java
(original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/OpenAccessControlConfiguration.java
Wed Jan 30 17:33:37 2013
@@ -20,13 +20,12 @@ import java.security.Principal;
import java.util.Set;
import javax.annotation.Nonnull;
import javax.jcr.security.AccessControlManager;
-import javax.jcr.security.Privilege;
import org.apache.jackrabbit.oak.api.Root;
+import org.apache.jackrabbit.oak.api.Tree;
import org.apache.jackrabbit.oak.namepath.NamePathMapper;
import org.apache.jackrabbit.oak.spi.security.SecurityConfiguration;
import org.apache.jackrabbit.oak.spi.security.authorization.restriction.RestrictionProvider;
-import org.apache.jackrabbit.oak.spi.state.NodeStore;
/**
* This class implements an {@link AccessControlConfiguration} which grants
@@ -48,17 +47,13 @@ public class OpenAccessControlConfigurat
@Nonnull
@Override
- public PermissionProvider getPermissionProvider(NamePathMapper namePathMapper) {
- return new PermissionProvider() {
- @Override
- public Permissions getPermissions(Set<Privilege> privileges) {
- throw new UnsupportedOperationException();
- }
-
- @Override
- public CompiledPermissions getCompiledPermissions(NodeStore nodeStore, Set<Principal>
principals) {
- return AllPermissions.getInstance();
- }
- };
+ public PermissionProvider getPermissionProvider(Root root, Set<Principal> principals)
{
+ return OpenPermissionProvider.getInstance();
+ }
+
+ @Nonnull
+ @Override
+ public PermissionProvider getPermissionProvider(Tree rootTree, Set<Principal> principals)
{
+ return OpenPermissionProvider.getInstance();
}
}
Added: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/OpenPermissionProvider.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/OpenPermissionProvider.java?rev=1440540&view=auto
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/OpenPermissionProvider.java
(added)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/OpenPermissionProvider.java
Wed Jan 30 17:33:37 2013
@@ -0,0 +1,92 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.oak.spi.security.authorization;
+
+import java.util.Collections;
+import java.util.Set;
+import javax.annotation.Nonnull;
+import javax.annotation.Nullable;
+
+import org.apache.jackrabbit.oak.api.PropertyState;
+import org.apache.jackrabbit.oak.api.Tree;
+import org.apache.jackrabbit.oak.security.privilege.PrivilegeConstants;
+
+/**
+ * OpenPermissionProvider... TODO
+ */
+public class OpenPermissionProvider implements PermissionProvider {
+
+ private static final PermissionProvider INSTANCE = new OpenPermissionProvider();
+
+ private OpenPermissionProvider() {
+ }
+
+ public static PermissionProvider getInstance() {
+ return INSTANCE;
+ }
+
+ @Nonnull
+ @Override
+ public Set<String> getPrivilegeNames(@Nullable Tree tree) {
+ return Collections.singleton(PrivilegeConstants.JCR_ALL);
+ }
+
+ @Override
+ public boolean hasPrivileges(@Nullable Tree tree, String... privilegeNames) {
+ return true;
+ }
+
+ @Override
+ public boolean canRead(@Nonnull Tree tree) {
+ return true;
+ }
+
+ @Override
+ public boolean canRead(@Nonnull Tree tree, @Nonnull PropertyState property) {
+ return true;
+ }
+
+ @Override
+ public boolean isGranted(long permissions) {
+ return true;
+ }
+
+ @Override
+ public boolean isGranted(@Nonnull Tree tree, long permissions) {
+ return true;
+ }
+
+ @Override
+ public boolean isGranted(@Nonnull Tree parent, @Nonnull PropertyState property, long
permissions) {
+ return true;
+ }
+
+ @Override
+ public boolean hasPermission(@Nonnull String oakPath, String jcrActions) {
+ return true;
+ }
+
+ @Override
+ public long getPermission(@Nonnull Tree tree, long defaultPermission) {
+ return Permissions.ALL;
+ }
+
+ @Override
+ public long getPermission(@Nonnull Tree parent, @Nonnull PropertyState propertyState,
long defaultPermission) {
+ return Permissions.ALL;
+ }
+}
\ No newline at end of file
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/PermissionProvider.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/PermissionProvider.java?rev=1440540&r1=1440539&r2=1440540&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/PermissionProvider.java
(original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/PermissionProvider.java
Wed Jan 30 17:33:37 2013
@@ -16,12 +16,12 @@
*/
package org.apache.jackrabbit.oak.spi.security.authorization;
-import java.security.Principal;
import java.util.Set;
import javax.annotation.Nonnull;
-import javax.jcr.security.Privilege;
+import javax.annotation.Nullable;
-import org.apache.jackrabbit.oak.spi.state.NodeStore;
+import org.apache.jackrabbit.oak.api.PropertyState;
+import org.apache.jackrabbit.oak.api.Tree;
/**
* PermissionProvider... TODO
@@ -29,9 +29,23 @@ import org.apache.jackrabbit.oak.spi.sta
public interface PermissionProvider {
@Nonnull
- Permissions getPermissions(Set<Privilege> privileges);
+ Set<String> getPrivilegeNames(@Nullable Tree tree);
- // TODO define how permissions eval is bound to a particular revision/branch. (passing
Tree?)
- @Nonnull
- CompiledPermissions getCompiledPermissions(NodeStore nodeStore, Set<Principal>
principals);
+ boolean hasPrivileges(@Nullable Tree tree, String... privilegeNames);
+
+ boolean canRead(@Nonnull Tree tree);
+
+ boolean canRead(@Nonnull Tree tree, @Nonnull PropertyState property);
+
+ boolean isGranted(long permissions);
+
+ boolean isGranted(@Nonnull Tree tree, long permissions);
+
+ boolean isGranted(@Nonnull Tree parent, @Nonnull PropertyState property, long permissions);
+
+ boolean hasPermission(@Nonnull String oakPath, @Nonnull String jcrActions);
+
+ long getPermission(@Nonnull Tree tree, long defaultPermission);
+
+ long getPermission(@Nonnull Tree parent, @Nonnull PropertyState propertyState, long defaultPermission);
}
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/Permissions.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/Permissions.java?rev=1440540&r1=1440539&r2=1440540&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/Permissions.java
(original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/Permissions.java
Wed Jan 30 17:33:37 2013
@@ -16,63 +16,72 @@
*/
package org.apache.jackrabbit.oak.spi.security.authorization;
+import java.util.Arrays;
+import java.util.HashSet;
import java.util.LinkedHashMap;
import java.util.Map;
+import java.util.Set;
+import javax.jcr.Session;
+
+import org.apache.jackrabbit.oak.api.TreeLocation;
/**
* Permissions... TODO
*/
public final class Permissions {
- private Permissions() {}
+ private Permissions() {
+ }
+
+ public static final long NO_PERMISSION = 0;
- public static final int NO_PERMISSION = 0;
+ public static final long READ_NODE = 1;
- public static final int READ_NODE = 1;
+ public static final long READ_PROPERTY = READ_NODE << 1;
- public static final int READ_PROPERTY = READ_NODE << 1;
+ public static final long ADD_PROPERTY = READ_PROPERTY << 1;
- public static final int ADD_PROPERTY = READ_PROPERTY << 1;
+ public static final long MODIFY_PROPERTY = ADD_PROPERTY << 1;
- public static final int MODIFY_PROPERTY = ADD_PROPERTY << 1;
+ public static final long REMOVE_PROPERTY = MODIFY_PROPERTY << 1;
- public static final int REMOVE_PROPERTY = MODIFY_PROPERTY << 1;
+ public static final long ADD_NODE = REMOVE_PROPERTY << 1;
- public static final int ADD_NODE = REMOVE_PROPERTY << 1;
+ public static final long REMOVE_NODE = ADD_NODE << 1;
- public static final int REMOVE_NODE = ADD_NODE << 1;
+ public static final long READ_ACCESS_CONTROL = REMOVE_NODE << 1;
- public static final int READ_ACCESS_CONTROL = REMOVE_NODE << 1;
+ public static final long MODIFY_ACCESS_CONTROL = READ_ACCESS_CONTROL << 1;
- public static final int MODIFY_ACCESS_CONTROL = READ_ACCESS_CONTROL << 1;
+ public static final long NODE_TYPE_MANAGEMENT = MODIFY_ACCESS_CONTROL << 1;
- public static final int NODE_TYPE_MANAGEMENT = MODIFY_ACCESS_CONTROL << 1;
+ public static final long VERSION_MANAGEMENT = NODE_TYPE_MANAGEMENT << 1;
- public static final int VERSION_MANAGEMENT = NODE_TYPE_MANAGEMENT << 1;
+ public static final long LOCK_MANAGEMENT = VERSION_MANAGEMENT << 1;
- public static final int LOCK_MANAGEMENT = VERSION_MANAGEMENT << 1;
+ public static final long LIFECYCLE_MANAGEMENT = LOCK_MANAGEMENT << 1;
- public static final int LIFECYCLE_MANAGEMENT = LOCK_MANAGEMENT << 1;
+ public static final long RETENTION_MANAGEMENT = LIFECYCLE_MANAGEMENT << 1;
- public static final int RETENTION_MANAGEMENT = LIFECYCLE_MANAGEMENT << 1;
+ public static final long MODIFY_CHILD_NODE_COLLECTION = RETENTION_MANAGEMENT <<
1;
- public static final int MODIFY_CHILD_NODE_COLLECTION = RETENTION_MANAGEMENT <<
1;
+ public static final long NODE_TYPE_DEFINITION_MANAGEMENT = MODIFY_CHILD_NODE_COLLECTION
<< 1;
- public static final int NODE_TYPE_DEFINITION_MANAGEMENT = MODIFY_CHILD_NODE_COLLECTION
<< 1;
+ public static final long NAMESPACE_MANAGEMENT = NODE_TYPE_DEFINITION_MANAGEMENT <<
1;
- public static final int NAMESPACE_MANAGEMENT = NODE_TYPE_DEFINITION_MANAGEMENT <<
1;
+ public static final long WORKSPACE_MANAGEMENT = NAMESPACE_MANAGEMENT << 1;
- public static final int WORKSPACE_MANAGEMENT = NAMESPACE_MANAGEMENT << 1;
+ public static final long PRIVILEGE_MANAGEMENT = WORKSPACE_MANAGEMENT << 1;
- public static final int PRIVILEGE_MANAGEMENT = WORKSPACE_MANAGEMENT << 1;
+ public static final long USER_MANAGEMENT = PRIVILEGE_MANAGEMENT << 1;
- public static final int USER_MANAGEMENT = PRIVILEGE_MANAGEMENT << 1;
+ public static final long READ = READ_NODE | READ_PROPERTY;
- public static final int READ = READ_NODE | READ_PROPERTY;
+ public static final long REMOVE = REMOVE_NODE | REMOVE_PROPERTY;
- public static final int SET_PROPERTY = ADD_PROPERTY | MODIFY_PROPERTY | REMOVE_PROPERTY;
+ public static final long SET_PROPERTY = ADD_PROPERTY | MODIFY_PROPERTY | REMOVE_PROPERTY;
- public static final int ALL = (READ
+ public static final long ALL = (READ
| SET_PROPERTY
| ADD_NODE | REMOVE_NODE
| READ_ACCESS_CONTROL | MODIFY_ACCESS_CONTROL
@@ -89,7 +98,8 @@ public final class Permissions {
| USER_MANAGEMENT
);
- private static final Map<Integer,String> PERMISSION_NAMES = new LinkedHashMap<Integer,
String>();
+ private static final Map<Long, String> PERMISSION_NAMES = new LinkedHashMap<Long,
String>();
+
static {
PERMISSION_NAMES.put(ALL, "ALL");
PERMISSION_NAMES.put(READ, "READ");
@@ -101,6 +111,7 @@ public final class Permissions {
PERMISSION_NAMES.put(REMOVE_PROPERTY, "REMOVE_PROPERTY");
PERMISSION_NAMES.put(ADD_NODE, "ADD_NODE");
PERMISSION_NAMES.put(REMOVE_NODE, "REMOVE_NODE");
+ PERMISSION_NAMES.put(REMOVE, "REMOVE");
PERMISSION_NAMES.put(MODIFY_CHILD_NODE_COLLECTION, "MODIFY_CHILD_NODE_COLLECTION");
PERMISSION_NAMES.put(READ_ACCESS_CONTROL, "READ_ACCESS_CONTROL");
PERMISSION_NAMES.put(MODIFY_ACCESS_CONTROL, "MODIFY_ACCESS_CONTROL");
@@ -116,13 +127,13 @@ public final class Permissions {
PERMISSION_NAMES.put(USER_MANAGEMENT, "USER_MANAGEMENT");
}
- public static String getString(int permissions) {
+ public static String getString(long permissions) {
if (PERMISSION_NAMES.containsKey(permissions)) {
return PERMISSION_NAMES.get(permissions);
} else {
StringBuilder sb = new StringBuilder();
- for (Map.Entry<Integer, String> entry : PERMISSION_NAMES.entrySet()) {
- int key = entry.getKey();
+ for (Map.Entry<Long, String> entry : PERMISSION_NAMES.entrySet()) {
+ long key = entry.getKey();
if ((permissions & key) == key) {
if (sb.length() != 0) {
sb.append(',');
@@ -134,10 +145,41 @@ public final class Permissions {
}
}
- public static boolean isRepositoryPermission(int permission) {
+ public static boolean isRepositoryPermission(long permission) {
return permission == NAMESPACE_MANAGEMENT ||
- permission == NODE_TYPE_DEFINITION_MANAGEMENT ||
- permission == PRIVILEGE_MANAGEMENT ||
- permission == WORKSPACE_MANAGEMENT;
+ permission == NODE_TYPE_DEFINITION_MANAGEMENT ||
+ permission == PRIVILEGE_MANAGEMENT ||
+ permission == WORKSPACE_MANAGEMENT;
+ }
+
+ public static boolean includes(long permissions, long permissionsToTest) {
+ return (permissions & permissionsToTest) == permissionsToTest;
+ }
+
+ public static long getPermissions(String jcrActions, TreeLocation location) {
+ Set<String> s = new HashSet<String>(Arrays.asList(jcrActions.split(",")));
+ int permissions = 0;
+ if (s.remove(Session.ACTION_READ)) {
+ permissions |= READ;
+ }
+ if (s.remove(Session.ACTION_ADD_NODE)) {
+ permissions |= ADD_NODE;
+ }
+ if (s.remove(Session.ACTION_SET_PROPERTY)) {
+ permissions |= ADD_PROPERTY | MODIFY_PROPERTY;
+ }
+ if (s.remove(Session.ACTION_REMOVE)) {
+ if (location == TreeLocation.NULL) {
+ permissions |= REMOVE;
+ } else if (location.getProperty() == null) {
+ permissions |= REMOVE_NODE;
+ } else {
+ permissions |= REMOVE_PROPERTY;
+ }
+ }
+ if (!s.isEmpty()) {
+ throw new IllegalArgumentException("Unknown actions: " + s);
+ }
+ return permissions;
}
}
\ No newline at end of file
Added: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/core/ReadOnlyTreeTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/core/ReadOnlyTreeTest.java?rev=1440540&view=auto
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/core/ReadOnlyTreeTest.java
(added)
+++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/core/ReadOnlyTreeTest.java
Wed Jan 30 17:33:37 2013
@@ -0,0 +1,73 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.jackrabbit.oak.core;
+
+import org.apache.jackrabbit.oak.Oak;
+import org.apache.jackrabbit.oak.api.CommitFailedException;
+import org.apache.jackrabbit.oak.api.ContentSession;
+import org.apache.jackrabbit.oak.api.Root;
+import org.apache.jackrabbit.oak.api.Tree;
+import org.junit.After;
+import org.junit.Before;
+import org.junit.Test;
+
+import static org.junit.Assert.assertEquals;
+
+public class ReadOnlyTreeTest {
+
+ private Root root;
+
+ @Before
+ public void setUp() throws CommitFailedException {
+ ContentSession session = new Oak().createContentSession();
+
+ // Add test content
+ root = session.getLatestRoot();
+ Tree tree = root.getTree("/");
+ Tree x = tree.addChild("x");
+ Tree y = x.addChild("y");
+ Tree z = y.addChild("z");
+ root.commit();
+
+ // Acquire a fresh new root to avoid problems from lingering state
+ root = session.getLatestRoot();
+ }
+
+ @After
+ public void tearDown() {
+ root = null;
+ }
+
+ @Test
+ public void testGetPath() {
+ TreeImpl tree = (TreeImpl) root.getTree("/");
+
+ ReadOnlyTree readOnly = new ReadOnlyTree(tree.getNodeState());
+ assertEquals("/", readOnly.getPath());
+
+ readOnly = readOnly.getChild("x");
+ assertEquals("/x", readOnly.getPath());
+
+ readOnly = readOnly.getChild("y");
+ assertEquals("/x/y", readOnly.getPath());
+
+ readOnly = readOnly.getChild("z");
+ assertEquals("/x/y/z", readOnly.getPath());
+ }
+}
Copied: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/permission/AllPermissionsTest.java
(from r1439952, jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/AllPermissionsTest.java)
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/permission/AllPermissionsTest.java?p2=jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/permission/AllPermissionsTest.java&p1=jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/AllPermissionsTest.java&r1=1439952&r2=1440540&rev=1440540&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/AllPermissionsTest.java
(original)
+++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/permission/AllPermissionsTest.java
Wed Jan 30 17:33:37 2013
@@ -14,7 +14,7 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*/
-package org.apache.jackrabbit.oak.spi.security.authorization;
+package org.apache.jackrabbit.oak.security.authorization.permission;
import java.util.ArrayList;
import java.util.List;
@@ -22,6 +22,7 @@ import java.util.List;
import org.apache.jackrabbit.oak.AbstractSecurityTest;
import org.apache.jackrabbit.oak.api.PropertyState;
import org.apache.jackrabbit.oak.api.Tree;
+import org.apache.jackrabbit.oak.spi.security.authorization.Permissions;
import org.junit.Before;
import org.junit.Test;
@@ -71,12 +72,12 @@ public class AllPermissionsTest extends
Tree tree = root.getTree(path);
assertNotNull(tree);
- assertTrue(all.isGranted(tree, Permissions.ALL));
+ assertTrue(all.isGranted(Permissions.ALL, tree));
for (PropertyState prop : tree.getProperties()) {
- assertTrue(all.isGranted(tree, prop, Permissions.ALL));
+ assertTrue(all.isGranted(Permissions.ALL, tree, prop));
}
for (Tree child : tree.getChildren()) {
- assertTrue(all.isGranted(child, Permissions.ALL));
+ assertTrue(all.isGranted(Permissions.ALL, child));
}
}
}
Modified: jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/SessionImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/SessionImpl.java?rev=1440540&r1=1440539&r2=1440540&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/SessionImpl.java
(original)
+++ jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/SessionImpl.java
Wed Jan 30 17:33:37 2013
@@ -74,7 +74,7 @@ public class SessionImpl extends Abstrac
/**
* Local namespace remappings. Prefixes as keys and namespace URIs as values.
- * <p>
+ * <p/>
* This map is only accessed from synchronized methods (see
* <a href="https://issues.apache.org/jira/browse/JCR-1793">JCR-1793</a>).
*/
@@ -227,8 +227,7 @@ public class SessionImpl extends Abstrac
TreeLocation loc = dlg.getLocation(oakPath);
if (loc.getProperty() == null) {
throw new PathNotFoundException(absPath);
- }
- else {
+ } else {
return new PropertyImpl(new PropertyDelegate(dlg, loc));
}
}
@@ -339,7 +338,8 @@ public class SessionImpl extends Abstrac
return dlg.getLockManager().getLockTokens();
} catch (RepositoryException e) {
log.warn("Unable to retrieve lock tokens for this session: {}", e.getMessage());
- return new String[0]; }
+ return new String[0];
+ }
}
/**
@@ -358,19 +358,15 @@ public class SessionImpl extends Abstrac
public boolean hasPermission(String absPath, String actions) throws RepositoryException
{
ensureIsAlive();
- String oakPath = dlg.getOakPathOrNull(absPath);
+ String oakPath = dlg.getNamePathMapper().getOakPathKeepIndex(absPath);
if (oakPath == null) {
- // TODO should we throw an exception here?
- return TODO.unimplemented().returnValue(false);
+ throw new RepositoryException("Invalid JCR path: " + absPath);
}
// TODO implement hasPermission
return TODO.unimplemented().returnValue(true);
}
- /**
- * @see javax.jcr.Session#checkPermission(String, String)
- */
@Override
public void checkPermission(String absPath, String actions) throws AccessControlException,
RepositoryException {
if (!hasPermission(absPath, actions)) {
@@ -395,35 +391,43 @@ public class SessionImpl extends Abstrac
public void setPolicy(String absPath, AccessControlPolicy policy) throws AccessControlException
{
throw new AccessControlException(policy.toString());
}
+
@Override
public void removePolicy(String absPath, AccessControlPolicy policy) throws AccessControlException
{
throw new AccessControlException(policy.toString());
}
+
@Override
public Privilege privilegeFromName(String privilegeName)
throws AccessControlException, RepositoryException {
return dlg.getPrivilegeManager().getPrivilege(privilegeName);
}
+
@Override
public boolean hasPrivileges(String absPath, Privilege[] privileges) {
return true;
}
+
@Override
public Privilege[] getSupportedPrivileges(String absPath) {
return new Privilege[0];
}
+
@Override
public Privilege[] getPrivileges(String absPath) {
return new Privilege[0];
}
+
@Override
public AccessControlPolicy[] getPolicies(String absPath) {
return new AccessControlPolicy[0];
}
+
@Override
public AccessControlPolicy[] getEffectivePolicies(String absPath) {
return new AccessControlPolicy[0];
}
+
@Override
public AccessControlPolicyIterator getApplicablePolicies(String absPath) {
return AccessControlPolicyIteratorAdapter.EMPTY;
@@ -561,7 +565,7 @@ public class SessionImpl extends Abstrac
* Ensure that this session is alive and throw an exception otherwise.
*
* @throws RepositoryException if this session has been rendered invalid
- * for some reason (e.g. if this session has been closed explicitly by logout)
+ * for some reason (e.g. if this session has been closed
explicitly by logout)
*/
private void ensureIsAlive() throws RepositoryException {
// check session status
|