jackrabbit-oak-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ang...@apache.org
Subject svn commit: r1440540 [2/2] - in /jackrabbit/oak/trunk: oak-core/src/main/java/org/apache/jackrabbit/oak/core/ oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/ oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorizati...
Date Wed, 30 Jan 2013 17:33:37 GMT
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/restriction/RestrictionImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/restriction/RestrictionImpl.java?rev=1440540&r1=1440539&r2=1440540&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/restriction/RestrictionImpl.java
(original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/restriction/RestrictionImpl.java
Wed Jan 30 17:33:37 2013
@@ -29,12 +29,12 @@ import org.apache.jackrabbit.oak.namepat
 import org.apache.jackrabbit.oak.plugins.value.ValueFactoryImpl;
 import org.apache.jackrabbit.oak.spi.security.authorization.restriction.Restriction;
 
-public class RestrictionImpl extends RestrictionDefinitionImpl implements Restriction {
+class RestrictionImpl extends RestrictionDefinitionImpl implements Restriction {
 
     private final PropertyState property;
 
-    public RestrictionImpl(@Nonnull PropertyState property, boolean isMandatory,
-                           @Nonnull NamePathMapper namePathMapper) {
+    RestrictionImpl(@Nonnull PropertyState property, boolean isMandatory,
+                    @Nonnull NamePathMapper namePathMapper) {
         super(property.getName(), property.getType().tag(), isMandatory, namePathMapper);
         this.property = property;
     }

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/AccessControlConfiguration.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/AccessControlConfiguration.java?rev=1440540&r1=1440539&r2=1440540&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/AccessControlConfiguration.java
(original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/AccessControlConfiguration.java
Wed Jan 30 17:33:37 2013
@@ -16,10 +16,13 @@
  */
 package org.apache.jackrabbit.oak.spi.security.authorization;
 
+import java.security.Principal;
+import java.util.Set;
 import javax.annotation.Nonnull;
 import javax.jcr.security.AccessControlManager;
 
 import org.apache.jackrabbit.oak.api.Root;
+import org.apache.jackrabbit.oak.api.Tree;
 import org.apache.jackrabbit.oak.namepath.NamePathMapper;
 import org.apache.jackrabbit.oak.spi.security.SecurityConfiguration;
 import org.apache.jackrabbit.oak.spi.security.authorization.restriction.RestrictionProvider;
@@ -35,6 +38,11 @@ public interface AccessControlConfigurat
     @Nonnull
     RestrictionProvider getRestrictionProvider(NamePathMapper namePathMapper);
 
+    // TODO: define how to pass workspace information
     @Nonnull
-    PermissionProvider getPermissionProvider(NamePathMapper namePathMapper);
+    PermissionProvider getPermissionProvider(Root root, Set<Principal> principals);
+
+    // TODO: check again
+    @Nonnull
+    PermissionProvider getPermissionProvider(Tree rootTree, Set<Principal> principals);
 }

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/ImmutableACL.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/ImmutableACL.java?rev=1440540&r1=1440539&r2=1440540&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/ImmutableACL.java
(original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/ImmutableACL.java
Wed Jan 30 17:33:37 2013
@@ -21,7 +21,6 @@ import java.util.List;
 import java.util.Map;
 import javax.annotation.Nonnull;
 import javax.annotation.Nullable;
-import javax.jcr.RepositoryException;
 import javax.jcr.Value;
 import javax.jcr.security.AccessControlEntry;
 import javax.jcr.security.AccessControlException;
@@ -47,10 +46,10 @@ public class ImmutableACL extends Abstra
     /**
      * Construct a new {@code UnmodifiableAccessControlList}
      *
-     * @param oakPath The Oak path of this policy or {@code null}.
-     * @param entries The access control entries contained in this policy.
+     * @param oakPath             The Oak path of this policy or {@code null}.
+     * @param entries             The access control entries contained in this policy.
      * @param restrictionProvider The restriction provider.
-     * @param namePathMapper The {@link NamePathMapper} used for conversion.
+     * @param namePathMapper      The {@link NamePathMapper} used for conversion.
      */
     public ImmutableACL(@Nullable String oakPath,
                         @Nonnull List<? extends JackrabbitAccessControlEntry> entries,
@@ -64,8 +63,7 @@ public class ImmutableACL extends Abstra
     //--------------------------------------------------< AccessControlList >---
 
     @Override
-    public void removeAccessControlEntry(AccessControlEntry ace)
-            throws AccessControlException, RepositoryException {
+    public void removeAccessControlEntry(AccessControlEntry ace) throws AccessControlException
{
         throw new AccessControlException("Immutable ACL. Use AccessControlManager#getApplicablePolicies
in order to obtain an modifiable ACL.");
     }
 

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/OpenAccessControlConfiguration.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/OpenAccessControlConfiguration.java?rev=1440540&r1=1440539&r2=1440540&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/OpenAccessControlConfiguration.java
(original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/OpenAccessControlConfiguration.java
Wed Jan 30 17:33:37 2013
@@ -20,13 +20,12 @@ import java.security.Principal;
 import java.util.Set;
 import javax.annotation.Nonnull;
 import javax.jcr.security.AccessControlManager;
-import javax.jcr.security.Privilege;
 
 import org.apache.jackrabbit.oak.api.Root;
+import org.apache.jackrabbit.oak.api.Tree;
 import org.apache.jackrabbit.oak.namepath.NamePathMapper;
 import org.apache.jackrabbit.oak.spi.security.SecurityConfiguration;
 import org.apache.jackrabbit.oak.spi.security.authorization.restriction.RestrictionProvider;
-import org.apache.jackrabbit.oak.spi.state.NodeStore;
 
 /**
  * This class implements an {@link AccessControlConfiguration} which grants
@@ -48,17 +47,13 @@ public class OpenAccessControlConfigurat
 
     @Nonnull
     @Override
-    public PermissionProvider getPermissionProvider(NamePathMapper namePathMapper) {
-        return new PermissionProvider() {
-            @Override
-            public Permissions getPermissions(Set<Privilege> privileges) {
-                throw new UnsupportedOperationException();
-            }
-
-            @Override
-            public CompiledPermissions getCompiledPermissions(NodeStore nodeStore, Set<Principal>
principals) {
-                return AllPermissions.getInstance();
-            }
-        };
+    public PermissionProvider getPermissionProvider(Root root, Set<Principal> principals)
{
+        return OpenPermissionProvider.getInstance();
+    }
+
+    @Nonnull
+    @Override
+    public PermissionProvider getPermissionProvider(Tree rootTree, Set<Principal> principals)
{
+        return OpenPermissionProvider.getInstance();
     }
 }

Added: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/OpenPermissionProvider.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/OpenPermissionProvider.java?rev=1440540&view=auto
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/OpenPermissionProvider.java
(added)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/OpenPermissionProvider.java
Wed Jan 30 17:33:37 2013
@@ -0,0 +1,92 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.oak.spi.security.authorization;
+
+import java.util.Collections;
+import java.util.Set;
+import javax.annotation.Nonnull;
+import javax.annotation.Nullable;
+
+import org.apache.jackrabbit.oak.api.PropertyState;
+import org.apache.jackrabbit.oak.api.Tree;
+import org.apache.jackrabbit.oak.security.privilege.PrivilegeConstants;
+
+/**
+ * OpenPermissionProvider... TODO
+ */
+public class OpenPermissionProvider implements PermissionProvider {
+
+    private static final PermissionProvider INSTANCE = new OpenPermissionProvider();
+
+    private OpenPermissionProvider() {
+    }
+
+    public static PermissionProvider getInstance() {
+        return INSTANCE;
+    }
+
+    @Nonnull
+    @Override
+    public Set<String> getPrivilegeNames(@Nullable Tree tree) {
+        return Collections.singleton(PrivilegeConstants.JCR_ALL);
+    }
+
+    @Override
+    public boolean hasPrivileges(@Nullable Tree tree, String... privilegeNames) {
+        return true;
+    }
+
+    @Override
+    public boolean canRead(@Nonnull Tree tree) {
+        return true;
+    }
+
+    @Override
+    public boolean canRead(@Nonnull Tree tree, @Nonnull PropertyState property) {
+        return true;
+    }
+
+    @Override
+    public boolean isGranted(long permissions) {
+        return true;
+    }
+
+    @Override
+    public boolean isGranted(@Nonnull Tree tree, long permissions) {
+        return true;
+    }
+
+    @Override
+    public boolean isGranted(@Nonnull Tree parent, @Nonnull PropertyState property, long
permissions) {
+        return true;
+    }
+
+    @Override
+    public boolean hasPermission(@Nonnull String oakPath, String jcrActions) {
+        return true;
+    }
+
+    @Override
+    public long getPermission(@Nonnull Tree tree, long defaultPermission) {
+        return Permissions.ALL;
+    }
+
+    @Override
+    public long getPermission(@Nonnull Tree parent, @Nonnull PropertyState propertyState,
long defaultPermission) {
+        return Permissions.ALL;
+    }
+}
\ No newline at end of file

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/PermissionProvider.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/PermissionProvider.java?rev=1440540&r1=1440539&r2=1440540&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/PermissionProvider.java
(original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/PermissionProvider.java
Wed Jan 30 17:33:37 2013
@@ -16,12 +16,12 @@
  */
 package org.apache.jackrabbit.oak.spi.security.authorization;
 
-import java.security.Principal;
 import java.util.Set;
 import javax.annotation.Nonnull;
-import javax.jcr.security.Privilege;
+import javax.annotation.Nullable;
 
-import org.apache.jackrabbit.oak.spi.state.NodeStore;
+import org.apache.jackrabbit.oak.api.PropertyState;
+import org.apache.jackrabbit.oak.api.Tree;
 
 /**
  * PermissionProvider... TODO
@@ -29,9 +29,23 @@ import org.apache.jackrabbit.oak.spi.sta
 public interface PermissionProvider {
 
     @Nonnull
-    Permissions getPermissions(Set<Privilege> privileges);
+    Set<String> getPrivilegeNames(@Nullable Tree tree);
 
-    // TODO define how permissions eval is bound to a particular revision/branch. (passing
Tree?)
-    @Nonnull
-    CompiledPermissions getCompiledPermissions(NodeStore nodeStore, Set<Principal>
principals);
+    boolean hasPrivileges(@Nullable Tree tree, String... privilegeNames);
+
+    boolean canRead(@Nonnull Tree tree);
+
+    boolean canRead(@Nonnull Tree tree, @Nonnull PropertyState property);
+
+    boolean isGranted(long permissions);
+
+    boolean isGranted(@Nonnull Tree tree, long permissions);
+
+    boolean isGranted(@Nonnull Tree parent, @Nonnull PropertyState property, long permissions);
+
+    boolean hasPermission(@Nonnull String oakPath, @Nonnull String jcrActions);
+
+    long getPermission(@Nonnull Tree tree, long defaultPermission);
+
+    long getPermission(@Nonnull Tree parent, @Nonnull PropertyState propertyState, long defaultPermission);
 }

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/Permissions.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/Permissions.java?rev=1440540&r1=1440539&r2=1440540&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/Permissions.java
(original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/Permissions.java
Wed Jan 30 17:33:37 2013
@@ -16,63 +16,72 @@
  */
 package org.apache.jackrabbit.oak.spi.security.authorization;
 
+import java.util.Arrays;
+import java.util.HashSet;
 import java.util.LinkedHashMap;
 import java.util.Map;
+import java.util.Set;
+import javax.jcr.Session;
+
+import org.apache.jackrabbit.oak.api.TreeLocation;
 
 /**
  * Permissions... TODO
  */
 public final class Permissions {
 
-    private Permissions() {}
+    private Permissions() {
+    }
+
+    public static final long NO_PERMISSION = 0;
 
-    public static final int NO_PERMISSION = 0;
+    public static final long READ_NODE = 1;
 
-    public static final int READ_NODE = 1;
+    public static final long READ_PROPERTY = READ_NODE << 1;
 
-    public static final int READ_PROPERTY = READ_NODE << 1;
+    public static final long ADD_PROPERTY = READ_PROPERTY << 1;
 
-    public static final int ADD_PROPERTY = READ_PROPERTY << 1;
+    public static final long MODIFY_PROPERTY = ADD_PROPERTY << 1;
 
-    public static final int MODIFY_PROPERTY = ADD_PROPERTY << 1;
+    public static final long REMOVE_PROPERTY = MODIFY_PROPERTY << 1;
 
-    public static final int REMOVE_PROPERTY = MODIFY_PROPERTY << 1;
+    public static final long ADD_NODE = REMOVE_PROPERTY << 1;
 
-    public static final int ADD_NODE = REMOVE_PROPERTY << 1;
+    public static final long REMOVE_NODE = ADD_NODE << 1;
 
-    public static final int REMOVE_NODE = ADD_NODE << 1;
+    public static final long READ_ACCESS_CONTROL = REMOVE_NODE << 1;
 
-    public static final int READ_ACCESS_CONTROL = REMOVE_NODE << 1;
+    public static final long MODIFY_ACCESS_CONTROL = READ_ACCESS_CONTROL << 1;
 
-    public static final int MODIFY_ACCESS_CONTROL = READ_ACCESS_CONTROL << 1;
+    public static final long NODE_TYPE_MANAGEMENT = MODIFY_ACCESS_CONTROL << 1;
 
-    public static final int NODE_TYPE_MANAGEMENT = MODIFY_ACCESS_CONTROL << 1;
+    public static final long VERSION_MANAGEMENT = NODE_TYPE_MANAGEMENT << 1;
 
-    public static final int VERSION_MANAGEMENT = NODE_TYPE_MANAGEMENT << 1;
+    public static final long LOCK_MANAGEMENT = VERSION_MANAGEMENT << 1;
 
-    public static final int LOCK_MANAGEMENT = VERSION_MANAGEMENT << 1;
+    public static final long LIFECYCLE_MANAGEMENT = LOCK_MANAGEMENT << 1;
 
-    public static final int LIFECYCLE_MANAGEMENT = LOCK_MANAGEMENT << 1;
+    public static final long RETENTION_MANAGEMENT = LIFECYCLE_MANAGEMENT << 1;
 
-    public static final int RETENTION_MANAGEMENT = LIFECYCLE_MANAGEMENT << 1;
+    public static final long MODIFY_CHILD_NODE_COLLECTION = RETENTION_MANAGEMENT <<
1;
 
-    public static final int MODIFY_CHILD_NODE_COLLECTION = RETENTION_MANAGEMENT <<
1;
+    public static final long NODE_TYPE_DEFINITION_MANAGEMENT = MODIFY_CHILD_NODE_COLLECTION
<< 1;
 
-    public static final int NODE_TYPE_DEFINITION_MANAGEMENT = MODIFY_CHILD_NODE_COLLECTION
<< 1;
+    public static final long NAMESPACE_MANAGEMENT = NODE_TYPE_DEFINITION_MANAGEMENT <<
1;
 
-    public static final int NAMESPACE_MANAGEMENT = NODE_TYPE_DEFINITION_MANAGEMENT <<
1;
+    public static final long WORKSPACE_MANAGEMENT = NAMESPACE_MANAGEMENT << 1;
 
-    public static final int WORKSPACE_MANAGEMENT = NAMESPACE_MANAGEMENT << 1;
+    public static final long PRIVILEGE_MANAGEMENT = WORKSPACE_MANAGEMENT << 1;
 
-    public static final int PRIVILEGE_MANAGEMENT = WORKSPACE_MANAGEMENT << 1;
+    public static final long USER_MANAGEMENT = PRIVILEGE_MANAGEMENT << 1;
 
-    public static final int USER_MANAGEMENT = PRIVILEGE_MANAGEMENT << 1;
+    public static final long READ = READ_NODE | READ_PROPERTY;
 
-    public static final int READ = READ_NODE | READ_PROPERTY;
+    public static final long REMOVE = REMOVE_NODE | REMOVE_PROPERTY;
 
-    public static final int SET_PROPERTY = ADD_PROPERTY | MODIFY_PROPERTY | REMOVE_PROPERTY;
+    public static final long SET_PROPERTY = ADD_PROPERTY | MODIFY_PROPERTY | REMOVE_PROPERTY;
 
-    public static final int ALL = (READ
+    public static final long ALL = (READ
             | SET_PROPERTY
             | ADD_NODE | REMOVE_NODE
             | READ_ACCESS_CONTROL | MODIFY_ACCESS_CONTROL
@@ -89,7 +98,8 @@ public final class Permissions {
             | USER_MANAGEMENT
     );
 
-    private static final Map<Integer,String> PERMISSION_NAMES = new LinkedHashMap<Integer,
String>();
+    private static final Map<Long, String> PERMISSION_NAMES = new LinkedHashMap<Long,
String>();
+
     static {
         PERMISSION_NAMES.put(ALL, "ALL");
         PERMISSION_NAMES.put(READ, "READ");
@@ -101,6 +111,7 @@ public final class Permissions {
         PERMISSION_NAMES.put(REMOVE_PROPERTY, "REMOVE_PROPERTY");
         PERMISSION_NAMES.put(ADD_NODE, "ADD_NODE");
         PERMISSION_NAMES.put(REMOVE_NODE, "REMOVE_NODE");
+        PERMISSION_NAMES.put(REMOVE, "REMOVE");
         PERMISSION_NAMES.put(MODIFY_CHILD_NODE_COLLECTION, "MODIFY_CHILD_NODE_COLLECTION");
         PERMISSION_NAMES.put(READ_ACCESS_CONTROL, "READ_ACCESS_CONTROL");
         PERMISSION_NAMES.put(MODIFY_ACCESS_CONTROL, "MODIFY_ACCESS_CONTROL");
@@ -116,13 +127,13 @@ public final class Permissions {
         PERMISSION_NAMES.put(USER_MANAGEMENT, "USER_MANAGEMENT");
     }
 
-    public static String getString(int permissions) {
+    public static String getString(long permissions) {
         if (PERMISSION_NAMES.containsKey(permissions)) {
             return PERMISSION_NAMES.get(permissions);
         } else {
             StringBuilder sb = new StringBuilder();
-            for (Map.Entry<Integer, String> entry : PERMISSION_NAMES.entrySet()) {
-                int key = entry.getKey();
+            for (Map.Entry<Long, String> entry : PERMISSION_NAMES.entrySet()) {
+                long key = entry.getKey();
                 if ((permissions & key) == key) {
                     if (sb.length() != 0) {
                         sb.append(',');
@@ -134,10 +145,41 @@ public final class Permissions {
         }
     }
 
-    public static boolean isRepositoryPermission(int permission) {
+    public static boolean isRepositoryPermission(long permission) {
         return permission == NAMESPACE_MANAGEMENT ||
-               permission == NODE_TYPE_DEFINITION_MANAGEMENT ||
-               permission == PRIVILEGE_MANAGEMENT ||
-               permission == WORKSPACE_MANAGEMENT;
+                permission == NODE_TYPE_DEFINITION_MANAGEMENT ||
+                permission == PRIVILEGE_MANAGEMENT ||
+                permission == WORKSPACE_MANAGEMENT;
+    }
+
+    public static boolean includes(long permissions, long permissionsToTest) {
+        return (permissions & permissionsToTest) == permissionsToTest;
+    }
+
+    public static long getPermissions(String jcrActions, TreeLocation location) {
+        Set<String> s = new HashSet<String>(Arrays.asList(jcrActions.split(",")));
+        int permissions = 0;
+        if (s.remove(Session.ACTION_READ)) {
+            permissions |= READ;
+        }
+        if (s.remove(Session.ACTION_ADD_NODE)) {
+            permissions |= ADD_NODE;
+        }
+        if (s.remove(Session.ACTION_SET_PROPERTY)) {
+            permissions |= ADD_PROPERTY | MODIFY_PROPERTY;
+        }
+        if (s.remove(Session.ACTION_REMOVE)) {
+            if (location == TreeLocation.NULL) {
+                permissions |= REMOVE;
+            } else if (location.getProperty() == null) {
+                permissions |= REMOVE_NODE;
+            } else {
+                permissions |= REMOVE_PROPERTY;
+            }
+        }
+        if (!s.isEmpty()) {
+            throw new IllegalArgumentException("Unknown actions: " + s);
+        }
+        return permissions;
     }
 }
\ No newline at end of file

Added: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/core/ReadOnlyTreeTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/core/ReadOnlyTreeTest.java?rev=1440540&view=auto
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/core/ReadOnlyTreeTest.java
(added)
+++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/core/ReadOnlyTreeTest.java
Wed Jan 30 17:33:37 2013
@@ -0,0 +1,73 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.jackrabbit.oak.core;
+
+import org.apache.jackrabbit.oak.Oak;
+import org.apache.jackrabbit.oak.api.CommitFailedException;
+import org.apache.jackrabbit.oak.api.ContentSession;
+import org.apache.jackrabbit.oak.api.Root;
+import org.apache.jackrabbit.oak.api.Tree;
+import org.junit.After;
+import org.junit.Before;
+import org.junit.Test;
+
+import static org.junit.Assert.assertEquals;
+
+public class ReadOnlyTreeTest {
+
+    private Root root;
+
+    @Before
+    public void setUp() throws CommitFailedException {
+        ContentSession session = new Oak().createContentSession();
+
+        // Add test content
+        root = session.getLatestRoot();
+        Tree tree = root.getTree("/");
+        Tree x = tree.addChild("x");
+        Tree y = x.addChild("y");
+        Tree z = y.addChild("z");
+        root.commit();
+
+        // Acquire a fresh new root to avoid problems from lingering state
+        root = session.getLatestRoot();
+    }
+
+    @After
+    public void tearDown() {
+        root = null;
+    }
+
+    @Test
+    public void testGetPath() {
+        TreeImpl tree = (TreeImpl) root.getTree("/");
+
+        ReadOnlyTree readOnly = new ReadOnlyTree(tree.getNodeState());
+        assertEquals("/", readOnly.getPath());
+
+        readOnly = readOnly.getChild("x");
+        assertEquals("/x", readOnly.getPath());
+
+        readOnly = readOnly.getChild("y");
+        assertEquals("/x/y", readOnly.getPath());
+
+        readOnly = readOnly.getChild("z");
+        assertEquals("/x/y/z", readOnly.getPath());
+    }
+}

Copied: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/permission/AllPermissionsTest.java
(from r1439952, jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/AllPermissionsTest.java)
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/permission/AllPermissionsTest.java?p2=jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/permission/AllPermissionsTest.java&p1=jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/AllPermissionsTest.java&r1=1439952&r2=1440540&rev=1440540&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/AllPermissionsTest.java
(original)
+++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/permission/AllPermissionsTest.java
Wed Jan 30 17:33:37 2013
@@ -14,7 +14,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
-package org.apache.jackrabbit.oak.spi.security.authorization;
+package org.apache.jackrabbit.oak.security.authorization.permission;
 
 import java.util.ArrayList;
 import java.util.List;
@@ -22,6 +22,7 @@ import java.util.List;
 import org.apache.jackrabbit.oak.AbstractSecurityTest;
 import org.apache.jackrabbit.oak.api.PropertyState;
 import org.apache.jackrabbit.oak.api.Tree;
+import org.apache.jackrabbit.oak.spi.security.authorization.Permissions;
 import org.junit.Before;
 import org.junit.Test;
 
@@ -71,12 +72,12 @@ public class AllPermissionsTest extends 
             Tree tree = root.getTree(path);
             assertNotNull(tree);
 
-            assertTrue(all.isGranted(tree, Permissions.ALL));
+            assertTrue(all.isGranted(Permissions.ALL, tree));
             for (PropertyState prop : tree.getProperties()) {
-                assertTrue(all.isGranted(tree, prop, Permissions.ALL));
+                assertTrue(all.isGranted(Permissions.ALL, tree, prop));
             }
             for (Tree child : tree.getChildren()) {
-                assertTrue(all.isGranted(child, Permissions.ALL));
+                assertTrue(all.isGranted(Permissions.ALL, child));
             }
         }
     }

Modified: jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/SessionImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/SessionImpl.java?rev=1440540&r1=1440539&r2=1440540&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/SessionImpl.java
(original)
+++ jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/SessionImpl.java
Wed Jan 30 17:33:37 2013
@@ -74,7 +74,7 @@ public class SessionImpl extends Abstrac
 
     /**
      * Local namespace remappings. Prefixes as keys and namespace URIs as values.
-     * <p>
+     * <p/>
      * This map is only accessed from synchronized methods (see
      * <a href="https://issues.apache.org/jira/browse/JCR-1793">JCR-1793</a>).
      */
@@ -227,8 +227,7 @@ public class SessionImpl extends Abstrac
                     TreeLocation loc = dlg.getLocation(oakPath);
                     if (loc.getProperty() == null) {
                         throw new PathNotFoundException(absPath);
-                    }
-                    else {
+                    } else {
                         return new PropertyImpl(new PropertyDelegate(dlg, loc));
                     }
                 }
@@ -339,7 +338,8 @@ public class SessionImpl extends Abstrac
             return dlg.getLockManager().getLockTokens();
         } catch (RepositoryException e) {
             log.warn("Unable to retrieve lock tokens for this session: {}", e.getMessage());
-            return new String[0];        }
+            return new String[0];
+        }
     }
 
     /**
@@ -358,19 +358,15 @@ public class SessionImpl extends Abstrac
     public boolean hasPermission(String absPath, String actions) throws RepositoryException
{
         ensureIsAlive();
 
-        String oakPath = dlg.getOakPathOrNull(absPath);
+        String oakPath = dlg.getNamePathMapper().getOakPathKeepIndex(absPath);
         if (oakPath == null) {
-            // TODO should we throw an exception here?
-            return TODO.unimplemented().returnValue(false);
+            throw new RepositoryException("Invalid JCR path: " + absPath);
         }
 
         // TODO implement hasPermission
         return TODO.unimplemented().returnValue(true);
     }
 
-    /**
-     * @see javax.jcr.Session#checkPermission(String, String)
-     */
     @Override
     public void checkPermission(String absPath, String actions) throws AccessControlException,
RepositoryException {
         if (!hasPermission(absPath, actions)) {
@@ -395,35 +391,43 @@ public class SessionImpl extends Abstrac
             public void setPolicy(String absPath, AccessControlPolicy policy) throws AccessControlException
{
                 throw new AccessControlException(policy.toString());
             }
+
             @Override
             public void removePolicy(String absPath, AccessControlPolicy policy) throws AccessControlException
{
                 throw new AccessControlException(policy.toString());
             }
+
             @Override
             public Privilege privilegeFromName(String privilegeName)
                     throws AccessControlException, RepositoryException {
                 return dlg.getPrivilegeManager().getPrivilege(privilegeName);
             }
+
             @Override
             public boolean hasPrivileges(String absPath, Privilege[] privileges) {
                 return true;
             }
+
             @Override
             public Privilege[] getSupportedPrivileges(String absPath) {
                 return new Privilege[0];
             }
+
             @Override
             public Privilege[] getPrivileges(String absPath) {
                 return new Privilege[0];
             }
+
             @Override
             public AccessControlPolicy[] getPolicies(String absPath) {
                 return new AccessControlPolicy[0];
             }
+
             @Override
             public AccessControlPolicy[] getEffectivePolicies(String absPath) {
                 return new AccessControlPolicy[0];
             }
+
             @Override
             public AccessControlPolicyIterator getApplicablePolicies(String absPath) {
                 return AccessControlPolicyIteratorAdapter.EMPTY;
@@ -561,7 +565,7 @@ public class SessionImpl extends Abstrac
      * Ensure that this session is alive and throw an exception otherwise.
      *
      * @throws RepositoryException if this session has been rendered invalid
-     * for some reason (e.g. if this session has been closed explicitly by logout)
+     *                             for some reason (e.g. if this session has been closed
explicitly by logout)
      */
     private void ensureIsAlive() throws RepositoryException {
         // check session status



Mime
View raw message