Mailing-List: contact oak-commits-help@jackrabbit.apache.org; run by ezmlm
Precedence: bulk
Reply-To: oak-dev@jackrabbit.apache.org
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Subject: svn commit: r1434824 - in /jackrabbit/oak/trunk/oak-core/src:
 main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlManagerImpl.java
 test/java/org/apache/jackrabbit/oak/security/authorization/AccessControlManagerImplTest.java
Date: Thu, 17 Jan 2013 17:58:29 -0000
To: oak-commits@jackrabbit.apache.org
From: angela@apache.org
Message-Id: <20130117175829.CC0B62388A2C@eris.apache.org>

Author: angela
Date: Thu Jan 17 17:58:29 2013
New Revision: 1434824

URL: http://svn.apache.org/viewvc?rev=1434824&view=rev
Log:
OAK-51 : Access Control Management (WIP)

Modified:
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlManagerImpl.java
    jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/AccessControlManagerImplTest.java

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlManagerImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlManagerImpl.java?rev=1434824&r1=1434823&r2=1434824&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlManagerImpl.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlManagerImpl.java Thu Jan 17 17:58:29 2013
@@ -159,16 +159,22 @@ public class AccessControlManagerImpl im
     public AccessControlPolicyIterator getApplicablePolicies(String absPath) throws RepositoryException {
         String oakPath = getOakPath(absPath);
         Tree tree = getTree(oakPath);
+
         AccessControlPolicy policy = null;
         NodeUtil aclNode = getAclNode(oakPath, tree);
         if (aclNode == null) {
-            // create an empty acl unless the node is protected or cannot have
-            // mixin set (e.g. due to a lock)
-            String mixinName = getMixinName(oakPath);
-            if (ntMgr.isNodeType(tree, mixinName) || ntMgr.getEffectiveNodeType(tree).supportsMixin(mixinName)) {
-                policy = new NodeACL(oakPath);
+            if (tree.hasChild(getAclName(oakPath))) {
+                // policy child node without tree being access controlled
+                log.warn("Colliding policy child without node being access controllable ({}).", absPath);
             } else {
-                log.warn("Node {} cannot be made access controllable.", absPath);
+                // create an empty acl unless the node is protected or cannot have
+                // mixin set (e.g. due to a lock)
+                String mixinName = getMixinName(oakPath);
+                if (ntMgr.isNodeType(tree, mixinName) || ntMgr.getEffectiveNodeType(tree).supportsMixin(mixinName)) {
+                    policy = new NodeACL(oakPath);
+                } else {
+                    log.warn("Node {} cannot be made access controllable.", absPath);
+                }
             }
         } // else: acl already present -> getPolicies must be used.
 
@@ -390,18 +396,20 @@ public class AccessControlManagerImpl im
         String aclName = getAclName(oakPath);
         String mixinName = getMixinName(oakPath);
 
-        if (isAccessControlled(accessControlledTree, mixinName) && accessControlledTree.hasChild(aclName)) {
+        if (isAccessControlled(accessControlledTree, mixinName)) {
             Tree aclTree = accessControlledTree.getChild(aclName);
-            List<JackrabbitAccessControlEntry> entries = new ArrayList<JackrabbitAccessControlEntry>();
-            for (Tree child : aclTree.getChildren()) {
-                if (isACE(child)) {
-                    entries.add(createACE(oakPath, child, restrictionProvider));
+            if (aclTree != null) {
+                List<JackrabbitAccessControlEntry> entries = new ArrayList<JackrabbitAccessControlEntry>();
+                for (Tree child : aclTree.getChildren()) {
+                    if (isACE(child)) {
+                        entries.add(createACE(oakPath, child, restrictionProvider));
+                    }
+                }
+                if (isReadOnly) {
+                    acl = new ImmutableACL(oakPath, entries, restrictionProvider, namePathMapper);
+                } else {
+                    acl = new NodeACL(oakPath, entries);
                 }
-            }
-            if (isReadOnly) {
-                acl = new ImmutableACL(oakPath, entries, restrictionProvider, namePathMapper);
-            } else {
-                acl = new NodeACL(oakPath, entries);
             }
         }
         return acl;
@@ -490,9 +498,15 @@ public class AccessControlManagerImpl im
     }
 
     @CheckForNull
-    private static NodeUtil getAclNode(String oakPath, Tree accessControlledTree) {
-        Tree policyTree = accessControlledTree.getChild(getAclName(oakPath));
-        return (policyTree == null) ? null : new NodeUtil(policyTree);
+    private NodeUtil getAclNode(String oakPath, Tree accessControlledTree) throws RepositoryException {
+        if (isAccessControlled(accessControlledTree, getMixinName(oakPath))) {
+            Tree policyTree = accessControlledTree.getChild(getAclName(oakPath));
+            if (policyTree != null) {
+                return new NodeUtil(policyTree);
+            }
+        }
+
+        return null;
     }
 
     @Nonnull

Modified: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/AccessControlManagerImplTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/AccessControlManagerImplTest.java?rev=1434824&r1=1434823&r2=1434824&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/AccessControlManagerImplTest.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/AccessControlManagerImplTest.java Thu Jan 17 17:58:29 2013
@@ -269,6 +269,37 @@ public class AccessControlManagerImplTes
     }
 
     @Test
+    public void testGetApplicablePoliciesWithCollidingNode() throws Exception {
+        NodeUtil testTree = new NodeUtil(root.getTree(testPath));
+        testTree.addChild(AccessControlConstants.REP_POLICY, JcrConstants.NT_UNSTRUCTURED);
+
+        AccessControlPolicyIterator itr = acMgr.getApplicablePolicies(testPath);
+        assertNotNull(itr);
+        assertFalse(itr.hasNext());
+    }
+
+    @Test
+    public void testGetApplicablePoliciesOnAclNode() throws Exception {
+        AccessControlPolicy policy = getApplicablePolicy(testPath);
+        acMgr.setPolicy(testPath, policy);
+
+        String aclPath = testPath + "/rep:policy";
+        assertNotNull(root.getTree(aclPath));
+
+        try {
+            AccessControlPolicyIterator itr = acMgr.getApplicablePolicies(aclPath);
+            fail("Getting applicable policies for ACL node.");
+        } catch (AccessControlException e) {
+            // success
+        }
+    }
+
+    @Test
+    public void testGetApplicablePoliciesOnAceNode() throws Exception {
+        // TODO
+    }
+
+    @Test
     public void testGetPoliciesNodeNotAccessControlled() throws Exception {
         AccessControlPolicy[] policies = acMgr.getPolicies(testPath);
         assertNotNull(policies);