Return-Path: X-Original-To: apmail-jackrabbit-oak-commits-archive@minotaur.apache.org Delivered-To: apmail-jackrabbit-oak-commits-archive@minotaur.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 9B2A1EB29 for ; Wed, 30 Jan 2013 17:34:00 +0000 (UTC) Received: (qmail 55476 invoked by uid 500); 30 Jan 2013 17:34:00 -0000 Delivered-To: apmail-jackrabbit-oak-commits-archive@jackrabbit.apache.org Received: (qmail 55455 invoked by uid 500); 30 Jan 2013 17:34:00 -0000 Mailing-List: contact oak-commits-help@jackrabbit.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: oak-dev@jackrabbit.apache.org Delivered-To: mailing list oak-commits@jackrabbit.apache.org Received: (qmail 55445 invoked by uid 99); 30 Jan 2013 17:34:00 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 30 Jan 2013 17:34:00 +0000 X-ASF-Spam-Status: No, hits=-2000.0 required=5.0 tests=ALL_TRUSTED X-Spam-Check-By: apache.org Received: from [140.211.11.4] (HELO eris.apache.org) (140.211.11.4) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 30 Jan 2013 17:33:58 +0000 Received: from eris.apache.org (localhost [127.0.0.1]) by eris.apache.org (Postfix) with ESMTP id 5106D2388A56; Wed, 30 Jan 2013 17:33:39 +0000 (UTC) Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Subject: svn commit: r1440540 [2/2] - in /jackrabbit/oak/trunk: oak-core/src/main/java/org/apache/jackrabbit/oak/core/ oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/ oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorizati... Date: Wed, 30 Jan 2013 17:33:37 -0000 To: oak-commits@jackrabbit.apache.org From: angela@apache.org X-Mailer: svnmailer-1.0.8-patched Message-Id: <20130130173339.5106D2388A56@eris.apache.org> X-Virus-Checked: Checked by ClamAV on apache.org Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/restriction/RestrictionImpl.java URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/restriction/RestrictionImpl.java?rev=1440540&r1=1440539&r2=1440540&view=diff ============================================================================== --- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/restriction/RestrictionImpl.java (original) +++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/restriction/RestrictionImpl.java Wed Jan 30 17:33:37 2013 @@ -29,12 +29,12 @@ import org.apache.jackrabbit.oak.namepat import org.apache.jackrabbit.oak.plugins.value.ValueFactoryImpl; import org.apache.jackrabbit.oak.spi.security.authorization.restriction.Restriction; -public class RestrictionImpl extends RestrictionDefinitionImpl implements Restriction { +class RestrictionImpl extends RestrictionDefinitionImpl implements Restriction { private final PropertyState property; - public RestrictionImpl(@Nonnull PropertyState property, boolean isMandatory, - @Nonnull NamePathMapper namePathMapper) { + RestrictionImpl(@Nonnull PropertyState property, boolean isMandatory, + @Nonnull NamePathMapper namePathMapper) { super(property.getName(), property.getType().tag(), isMandatory, namePathMapper); this.property = property; } Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/AccessControlConfiguration.java URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/AccessControlConfiguration.java?rev=1440540&r1=1440539&r2=1440540&view=diff ============================================================================== --- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/AccessControlConfiguration.java (original) +++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/AccessControlConfiguration.java Wed Jan 30 17:33:37 2013 @@ -16,10 +16,13 @@ */ package org.apache.jackrabbit.oak.spi.security.authorization; +import java.security.Principal; +import java.util.Set; import javax.annotation.Nonnull; import javax.jcr.security.AccessControlManager; import org.apache.jackrabbit.oak.api.Root; +import org.apache.jackrabbit.oak.api.Tree; import org.apache.jackrabbit.oak.namepath.NamePathMapper; import org.apache.jackrabbit.oak.spi.security.SecurityConfiguration; import org.apache.jackrabbit.oak.spi.security.authorization.restriction.RestrictionProvider; @@ -35,6 +38,11 @@ public interface AccessControlConfigurat @Nonnull RestrictionProvider getRestrictionProvider(NamePathMapper namePathMapper); + // TODO: define how to pass workspace information @Nonnull - PermissionProvider getPermissionProvider(NamePathMapper namePathMapper); + PermissionProvider getPermissionProvider(Root root, Set principals); + + // TODO: check again + @Nonnull + PermissionProvider getPermissionProvider(Tree rootTree, Set principals); } Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/ImmutableACL.java URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/ImmutableACL.java?rev=1440540&r1=1440539&r2=1440540&view=diff ============================================================================== --- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/ImmutableACL.java (original) +++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/ImmutableACL.java Wed Jan 30 17:33:37 2013 @@ -21,7 +21,6 @@ import java.util.List; import java.util.Map; import javax.annotation.Nonnull; import javax.annotation.Nullable; -import javax.jcr.RepositoryException; import javax.jcr.Value; import javax.jcr.security.AccessControlEntry; import javax.jcr.security.AccessControlException; @@ -47,10 +46,10 @@ public class ImmutableACL extends Abstra /** * Construct a new {@code UnmodifiableAccessControlList} * - * @param oakPath The Oak path of this policy or {@code null}. - * @param entries The access control entries contained in this policy. + * @param oakPath The Oak path of this policy or {@code null}. + * @param entries The access control entries contained in this policy. * @param restrictionProvider The restriction provider. - * @param namePathMapper The {@link NamePathMapper} used for conversion. + * @param namePathMapper The {@link NamePathMapper} used for conversion. */ public ImmutableACL(@Nullable String oakPath, @Nonnull List entries, @@ -64,8 +63,7 @@ public class ImmutableACL extends Abstra //--------------------------------------------------< AccessControlList >--- @Override - public void removeAccessControlEntry(AccessControlEntry ace) - throws AccessControlException, RepositoryException { + public void removeAccessControlEntry(AccessControlEntry ace) throws AccessControlException { throw new AccessControlException("Immutable ACL. Use AccessControlManager#getApplicablePolicies in order to obtain an modifiable ACL."); } Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/OpenAccessControlConfiguration.java URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/OpenAccessControlConfiguration.java?rev=1440540&r1=1440539&r2=1440540&view=diff ============================================================================== --- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/OpenAccessControlConfiguration.java (original) +++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/OpenAccessControlConfiguration.java Wed Jan 30 17:33:37 2013 @@ -20,13 +20,12 @@ import java.security.Principal; import java.util.Set; import javax.annotation.Nonnull; import javax.jcr.security.AccessControlManager; -import javax.jcr.security.Privilege; import org.apache.jackrabbit.oak.api.Root; +import org.apache.jackrabbit.oak.api.Tree; import org.apache.jackrabbit.oak.namepath.NamePathMapper; import org.apache.jackrabbit.oak.spi.security.SecurityConfiguration; import org.apache.jackrabbit.oak.spi.security.authorization.restriction.RestrictionProvider; -import org.apache.jackrabbit.oak.spi.state.NodeStore; /** * This class implements an {@link AccessControlConfiguration} which grants @@ -48,17 +47,13 @@ public class OpenAccessControlConfigurat @Nonnull @Override - public PermissionProvider getPermissionProvider(NamePathMapper namePathMapper) { - return new PermissionProvider() { - @Override - public Permissions getPermissions(Set privileges) { - throw new UnsupportedOperationException(); - } - - @Override - public CompiledPermissions getCompiledPermissions(NodeStore nodeStore, Set principals) { - return AllPermissions.getInstance(); - } - }; + public PermissionProvider getPermissionProvider(Root root, Set principals) { + return OpenPermissionProvider.getInstance(); + } + + @Nonnull + @Override + public PermissionProvider getPermissionProvider(Tree rootTree, Set principals) { + return OpenPermissionProvider.getInstance(); } } Added: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/OpenPermissionProvider.java URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/OpenPermissionProvider.java?rev=1440540&view=auto ============================================================================== --- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/OpenPermissionProvider.java (added) +++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/OpenPermissionProvider.java Wed Jan 30 17:33:37 2013 @@ -0,0 +1,92 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.jackrabbit.oak.spi.security.authorization; + +import java.util.Collections; +import java.util.Set; +import javax.annotation.Nonnull; +import javax.annotation.Nullable; + +import org.apache.jackrabbit.oak.api.PropertyState; +import org.apache.jackrabbit.oak.api.Tree; +import org.apache.jackrabbit.oak.security.privilege.PrivilegeConstants; + +/** + * OpenPermissionProvider... TODO + */ +public class OpenPermissionProvider implements PermissionProvider { + + private static final PermissionProvider INSTANCE = new OpenPermissionProvider(); + + private OpenPermissionProvider() { + } + + public static PermissionProvider getInstance() { + return INSTANCE; + } + + @Nonnull + @Override + public Set getPrivilegeNames(@Nullable Tree tree) { + return Collections.singleton(PrivilegeConstants.JCR_ALL); + } + + @Override + public boolean hasPrivileges(@Nullable Tree tree, String... privilegeNames) { + return true; + } + + @Override + public boolean canRead(@Nonnull Tree tree) { + return true; + } + + @Override + public boolean canRead(@Nonnull Tree tree, @Nonnull PropertyState property) { + return true; + } + + @Override + public boolean isGranted(long permissions) { + return true; + } + + @Override + public boolean isGranted(@Nonnull Tree tree, long permissions) { + return true; + } + + @Override + public boolean isGranted(@Nonnull Tree parent, @Nonnull PropertyState property, long permissions) { + return true; + } + + @Override + public boolean hasPermission(@Nonnull String oakPath, String jcrActions) { + return true; + } + + @Override + public long getPermission(@Nonnull Tree tree, long defaultPermission) { + return Permissions.ALL; + } + + @Override + public long getPermission(@Nonnull Tree parent, @Nonnull PropertyState propertyState, long defaultPermission) { + return Permissions.ALL; + } +} \ No newline at end of file Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/PermissionProvider.java URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/PermissionProvider.java?rev=1440540&r1=1440539&r2=1440540&view=diff ============================================================================== --- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/PermissionProvider.java (original) +++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/PermissionProvider.java Wed Jan 30 17:33:37 2013 @@ -16,12 +16,12 @@ */ package org.apache.jackrabbit.oak.spi.security.authorization; -import java.security.Principal; import java.util.Set; import javax.annotation.Nonnull; -import javax.jcr.security.Privilege; +import javax.annotation.Nullable; -import org.apache.jackrabbit.oak.spi.state.NodeStore; +import org.apache.jackrabbit.oak.api.PropertyState; +import org.apache.jackrabbit.oak.api.Tree; /** * PermissionProvider... TODO @@ -29,9 +29,23 @@ import org.apache.jackrabbit.oak.spi.sta public interface PermissionProvider { @Nonnull - Permissions getPermissions(Set privileges); + Set getPrivilegeNames(@Nullable Tree tree); - // TODO define how permissions eval is bound to a particular revision/branch. (passing Tree?) - @Nonnull - CompiledPermissions getCompiledPermissions(NodeStore nodeStore, Set principals); + boolean hasPrivileges(@Nullable Tree tree, String... privilegeNames); + + boolean canRead(@Nonnull Tree tree); + + boolean canRead(@Nonnull Tree tree, @Nonnull PropertyState property); + + boolean isGranted(long permissions); + + boolean isGranted(@Nonnull Tree tree, long permissions); + + boolean isGranted(@Nonnull Tree parent, @Nonnull PropertyState property, long permissions); + + boolean hasPermission(@Nonnull String oakPath, @Nonnull String jcrActions); + + long getPermission(@Nonnull Tree tree, long defaultPermission); + + long getPermission(@Nonnull Tree parent, @Nonnull PropertyState propertyState, long defaultPermission); } Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/Permissions.java URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/Permissions.java?rev=1440540&r1=1440539&r2=1440540&view=diff ============================================================================== --- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/Permissions.java (original) +++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/Permissions.java Wed Jan 30 17:33:37 2013 @@ -16,63 +16,72 @@ */ package org.apache.jackrabbit.oak.spi.security.authorization; +import java.util.Arrays; +import java.util.HashSet; import java.util.LinkedHashMap; import java.util.Map; +import java.util.Set; +import javax.jcr.Session; + +import org.apache.jackrabbit.oak.api.TreeLocation; /** * Permissions... TODO */ public final class Permissions { - private Permissions() {} + private Permissions() { + } + + public static final long NO_PERMISSION = 0; - public static final int NO_PERMISSION = 0; + public static final long READ_NODE = 1; - public static final int READ_NODE = 1; + public static final long READ_PROPERTY = READ_NODE << 1; - public static final int READ_PROPERTY = READ_NODE << 1; + public static final long ADD_PROPERTY = READ_PROPERTY << 1; - public static final int ADD_PROPERTY = READ_PROPERTY << 1; + public static final long MODIFY_PROPERTY = ADD_PROPERTY << 1; - public static final int MODIFY_PROPERTY = ADD_PROPERTY << 1; + public static final long REMOVE_PROPERTY = MODIFY_PROPERTY << 1; - public static final int REMOVE_PROPERTY = MODIFY_PROPERTY << 1; + public static final long ADD_NODE = REMOVE_PROPERTY << 1; - public static final int ADD_NODE = REMOVE_PROPERTY << 1; + public static final long REMOVE_NODE = ADD_NODE << 1; - public static final int REMOVE_NODE = ADD_NODE << 1; + public static final long READ_ACCESS_CONTROL = REMOVE_NODE << 1; - public static final int READ_ACCESS_CONTROL = REMOVE_NODE << 1; + public static final long MODIFY_ACCESS_CONTROL = READ_ACCESS_CONTROL << 1; - public static final int MODIFY_ACCESS_CONTROL = READ_ACCESS_CONTROL << 1; + public static final long NODE_TYPE_MANAGEMENT = MODIFY_ACCESS_CONTROL << 1; - public static final int NODE_TYPE_MANAGEMENT = MODIFY_ACCESS_CONTROL << 1; + public static final long VERSION_MANAGEMENT = NODE_TYPE_MANAGEMENT << 1; - public static final int VERSION_MANAGEMENT = NODE_TYPE_MANAGEMENT << 1; + public static final long LOCK_MANAGEMENT = VERSION_MANAGEMENT << 1; - public static final int LOCK_MANAGEMENT = VERSION_MANAGEMENT << 1; + public static final long LIFECYCLE_MANAGEMENT = LOCK_MANAGEMENT << 1; - public static final int LIFECYCLE_MANAGEMENT = LOCK_MANAGEMENT << 1; + public static final long RETENTION_MANAGEMENT = LIFECYCLE_MANAGEMENT << 1; - public static final int RETENTION_MANAGEMENT = LIFECYCLE_MANAGEMENT << 1; + public static final long MODIFY_CHILD_NODE_COLLECTION = RETENTION_MANAGEMENT << 1; - public static final int MODIFY_CHILD_NODE_COLLECTION = RETENTION_MANAGEMENT << 1; + public static final long NODE_TYPE_DEFINITION_MANAGEMENT = MODIFY_CHILD_NODE_COLLECTION << 1; - public static final int NODE_TYPE_DEFINITION_MANAGEMENT = MODIFY_CHILD_NODE_COLLECTION << 1; + public static final long NAMESPACE_MANAGEMENT = NODE_TYPE_DEFINITION_MANAGEMENT << 1; - public static final int NAMESPACE_MANAGEMENT = NODE_TYPE_DEFINITION_MANAGEMENT << 1; + public static final long WORKSPACE_MANAGEMENT = NAMESPACE_MANAGEMENT << 1; - public static final int WORKSPACE_MANAGEMENT = NAMESPACE_MANAGEMENT << 1; + public static final long PRIVILEGE_MANAGEMENT = WORKSPACE_MANAGEMENT << 1; - public static final int PRIVILEGE_MANAGEMENT = WORKSPACE_MANAGEMENT << 1; + public static final long USER_MANAGEMENT = PRIVILEGE_MANAGEMENT << 1; - public static final int USER_MANAGEMENT = PRIVILEGE_MANAGEMENT << 1; + public static final long READ = READ_NODE | READ_PROPERTY; - public static final int READ = READ_NODE | READ_PROPERTY; + public static final long REMOVE = REMOVE_NODE | REMOVE_PROPERTY; - public static final int SET_PROPERTY = ADD_PROPERTY | MODIFY_PROPERTY | REMOVE_PROPERTY; + public static final long SET_PROPERTY = ADD_PROPERTY | MODIFY_PROPERTY | REMOVE_PROPERTY; - public static final int ALL = (READ + public static final long ALL = (READ | SET_PROPERTY | ADD_NODE | REMOVE_NODE | READ_ACCESS_CONTROL | MODIFY_ACCESS_CONTROL @@ -89,7 +98,8 @@ public final class Permissions { | USER_MANAGEMENT ); - private static final Map PERMISSION_NAMES = new LinkedHashMap(); + private static final Map PERMISSION_NAMES = new LinkedHashMap(); + static { PERMISSION_NAMES.put(ALL, "ALL"); PERMISSION_NAMES.put(READ, "READ"); @@ -101,6 +111,7 @@ public final class Permissions { PERMISSION_NAMES.put(REMOVE_PROPERTY, "REMOVE_PROPERTY"); PERMISSION_NAMES.put(ADD_NODE, "ADD_NODE"); PERMISSION_NAMES.put(REMOVE_NODE, "REMOVE_NODE"); + PERMISSION_NAMES.put(REMOVE, "REMOVE"); PERMISSION_NAMES.put(MODIFY_CHILD_NODE_COLLECTION, "MODIFY_CHILD_NODE_COLLECTION"); PERMISSION_NAMES.put(READ_ACCESS_CONTROL, "READ_ACCESS_CONTROL"); PERMISSION_NAMES.put(MODIFY_ACCESS_CONTROL, "MODIFY_ACCESS_CONTROL"); @@ -116,13 +127,13 @@ public final class Permissions { PERMISSION_NAMES.put(USER_MANAGEMENT, "USER_MANAGEMENT"); } - public static String getString(int permissions) { + public static String getString(long permissions) { if (PERMISSION_NAMES.containsKey(permissions)) { return PERMISSION_NAMES.get(permissions); } else { StringBuilder sb = new StringBuilder(); - for (Map.Entry entry : PERMISSION_NAMES.entrySet()) { - int key = entry.getKey(); + for (Map.Entry entry : PERMISSION_NAMES.entrySet()) { + long key = entry.getKey(); if ((permissions & key) == key) { if (sb.length() != 0) { sb.append(','); @@ -134,10 +145,41 @@ public final class Permissions { } } - public static boolean isRepositoryPermission(int permission) { + public static boolean isRepositoryPermission(long permission) { return permission == NAMESPACE_MANAGEMENT || - permission == NODE_TYPE_DEFINITION_MANAGEMENT || - permission == PRIVILEGE_MANAGEMENT || - permission == WORKSPACE_MANAGEMENT; + permission == NODE_TYPE_DEFINITION_MANAGEMENT || + permission == PRIVILEGE_MANAGEMENT || + permission == WORKSPACE_MANAGEMENT; + } + + public static boolean includes(long permissions, long permissionsToTest) { + return (permissions & permissionsToTest) == permissionsToTest; + } + + public static long getPermissions(String jcrActions, TreeLocation location) { + Set s = new HashSet(Arrays.asList(jcrActions.split(","))); + int permissions = 0; + if (s.remove(Session.ACTION_READ)) { + permissions |= READ; + } + if (s.remove(Session.ACTION_ADD_NODE)) { + permissions |= ADD_NODE; + } + if (s.remove(Session.ACTION_SET_PROPERTY)) { + permissions |= ADD_PROPERTY | MODIFY_PROPERTY; + } + if (s.remove(Session.ACTION_REMOVE)) { + if (location == TreeLocation.NULL) { + permissions |= REMOVE; + } else if (location.getProperty() == null) { + permissions |= REMOVE_NODE; + } else { + permissions |= REMOVE_PROPERTY; + } + } + if (!s.isEmpty()) { + throw new IllegalArgumentException("Unknown actions: " + s); + } + return permissions; } } \ No newline at end of file Added: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/core/ReadOnlyTreeTest.java URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/core/ReadOnlyTreeTest.java?rev=1440540&view=auto ============================================================================== --- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/core/ReadOnlyTreeTest.java (added) +++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/core/ReadOnlyTreeTest.java Wed Jan 30 17:33:37 2013 @@ -0,0 +1,73 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.jackrabbit.oak.core; + +import org.apache.jackrabbit.oak.Oak; +import org.apache.jackrabbit.oak.api.CommitFailedException; +import org.apache.jackrabbit.oak.api.ContentSession; +import org.apache.jackrabbit.oak.api.Root; +import org.apache.jackrabbit.oak.api.Tree; +import org.junit.After; +import org.junit.Before; +import org.junit.Test; + +import static org.junit.Assert.assertEquals; + +public class ReadOnlyTreeTest { + + private Root root; + + @Before + public void setUp() throws CommitFailedException { + ContentSession session = new Oak().createContentSession(); + + // Add test content + root = session.getLatestRoot(); + Tree tree = root.getTree("/"); + Tree x = tree.addChild("x"); + Tree y = x.addChild("y"); + Tree z = y.addChild("z"); + root.commit(); + + // Acquire a fresh new root to avoid problems from lingering state + root = session.getLatestRoot(); + } + + @After + public void tearDown() { + root = null; + } + + @Test + public void testGetPath() { + TreeImpl tree = (TreeImpl) root.getTree("/"); + + ReadOnlyTree readOnly = new ReadOnlyTree(tree.getNodeState()); + assertEquals("/", readOnly.getPath()); + + readOnly = readOnly.getChild("x"); + assertEquals("/x", readOnly.getPath()); + + readOnly = readOnly.getChild("y"); + assertEquals("/x/y", readOnly.getPath()); + + readOnly = readOnly.getChild("z"); + assertEquals("/x/y/z", readOnly.getPath()); + } +} Copied: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/permission/AllPermissionsTest.java (from r1439952, jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/AllPermissionsTest.java) URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/permission/AllPermissionsTest.java?p2=jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/permission/AllPermissionsTest.java&p1=jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/AllPermissionsTest.java&r1=1439952&r2=1440540&rev=1440540&view=diff ============================================================================== --- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/AllPermissionsTest.java (original) +++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/permission/AllPermissionsTest.java Wed Jan 30 17:33:37 2013 @@ -14,7 +14,7 @@ * See the License for the specific language governing permissions and * limitations under the License. */ -package org.apache.jackrabbit.oak.spi.security.authorization; +package org.apache.jackrabbit.oak.security.authorization.permission; import java.util.ArrayList; import java.util.List; @@ -22,6 +22,7 @@ import java.util.List; import org.apache.jackrabbit.oak.AbstractSecurityTest; import org.apache.jackrabbit.oak.api.PropertyState; import org.apache.jackrabbit.oak.api.Tree; +import org.apache.jackrabbit.oak.spi.security.authorization.Permissions; import org.junit.Before; import org.junit.Test; @@ -71,12 +72,12 @@ public class AllPermissionsTest extends Tree tree = root.getTree(path); assertNotNull(tree); - assertTrue(all.isGranted(tree, Permissions.ALL)); + assertTrue(all.isGranted(Permissions.ALL, tree)); for (PropertyState prop : tree.getProperties()) { - assertTrue(all.isGranted(tree, prop, Permissions.ALL)); + assertTrue(all.isGranted(Permissions.ALL, tree, prop)); } for (Tree child : tree.getChildren()) { - assertTrue(all.isGranted(child, Permissions.ALL)); + assertTrue(all.isGranted(Permissions.ALL, child)); } } } Modified: jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/SessionImpl.java URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/SessionImpl.java?rev=1440540&r1=1440539&r2=1440540&view=diff ============================================================================== --- jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/SessionImpl.java (original) +++ jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/SessionImpl.java Wed Jan 30 17:33:37 2013 @@ -74,7 +74,7 @@ public class SessionImpl extends Abstrac /** * Local namespace remappings. Prefixes as keys and namespace URIs as values. - *

+ *

* This map is only accessed from synchronized methods (see * JCR-1793). */ @@ -227,8 +227,7 @@ public class SessionImpl extends Abstrac TreeLocation loc = dlg.getLocation(oakPath); if (loc.getProperty() == null) { throw new PathNotFoundException(absPath); - } - else { + } else { return new PropertyImpl(new PropertyDelegate(dlg, loc)); } } @@ -339,7 +338,8 @@ public class SessionImpl extends Abstrac return dlg.getLockManager().getLockTokens(); } catch (RepositoryException e) { log.warn("Unable to retrieve lock tokens for this session: {}", e.getMessage()); - return new String[0]; } + return new String[0]; + } } /** @@ -358,19 +358,15 @@ public class SessionImpl extends Abstrac public boolean hasPermission(String absPath, String actions) throws RepositoryException { ensureIsAlive(); - String oakPath = dlg.getOakPathOrNull(absPath); + String oakPath = dlg.getNamePathMapper().getOakPathKeepIndex(absPath); if (oakPath == null) { - // TODO should we throw an exception here? - return TODO.unimplemented().returnValue(false); + throw new RepositoryException("Invalid JCR path: " + absPath); } // TODO implement hasPermission return TODO.unimplemented().returnValue(true); } - /** - * @see javax.jcr.Session#checkPermission(String, String) - */ @Override public void checkPermission(String absPath, String actions) throws AccessControlException, RepositoryException { if (!hasPermission(absPath, actions)) { @@ -395,35 +391,43 @@ public class SessionImpl extends Abstrac public void setPolicy(String absPath, AccessControlPolicy policy) throws AccessControlException { throw new AccessControlException(policy.toString()); } + @Override public void removePolicy(String absPath, AccessControlPolicy policy) throws AccessControlException { throw new AccessControlException(policy.toString()); } + @Override public Privilege privilegeFromName(String privilegeName) throws AccessControlException, RepositoryException { return dlg.getPrivilegeManager().getPrivilege(privilegeName); } + @Override public boolean hasPrivileges(String absPath, Privilege[] privileges) { return true; } + @Override public Privilege[] getSupportedPrivileges(String absPath) { return new Privilege[0]; } + @Override public Privilege[] getPrivileges(String absPath) { return new Privilege[0]; } + @Override public AccessControlPolicy[] getPolicies(String absPath) { return new AccessControlPolicy[0]; } + @Override public AccessControlPolicy[] getEffectivePolicies(String absPath) { return new AccessControlPolicy[0]; } + @Override public AccessControlPolicyIterator getApplicablePolicies(String absPath) { return AccessControlPolicyIteratorAdapter.EMPTY; @@ -561,7 +565,7 @@ public class SessionImpl extends Abstrac * Ensure that this session is alive and throw an exception otherwise. * * @throws RepositoryException if this session has been rendered invalid - * for some reason (e.g. if this session has been closed explicitly by logout) + * for some reason (e.g. if this session has been closed explicitly by logout) */ private void ensureIsAlive() throws RepositoryException { // check session status