jackrabbit-oak-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ang...@apache.org
Subject svn commit: r1443385 - in /jackrabbit/oak/trunk/oak-core/src: main/java/org/apache/jackrabbit/oak/security/authorization/ main/java/org/apache/jackrabbit/oak/spi/security/authorization/ test/java/org/apache/jackrabbit/oak/security/authorization/
Date Thu, 07 Feb 2013 10:18:55 GMT
Author: angela
Date: Thu Feb  7 10:18:55 2013
New Revision: 1443385

URL: http://svn.apache.org/viewvc?rev=1443385&view=rev
Log:
OAK-51 : Access Control Management (WIP)

Modified:
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/ACL.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlManagerImpl.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/AbstractAccessControlList.java
    jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/AccessControlManagerImplTest.java

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/ACL.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/ACL.java?rev=1443385&r1=1443384&r2=1443385&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/ACL.java
(original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/ACL.java
Thu Feb  7 10:18:55 2013
@@ -42,6 +42,9 @@ import org.slf4j.LoggerFactory;
 
 /**
  * ACL... TODO
+ *
+ * TODO: - remove redundant entries from the list
+ * TODO: - remove redundant privileges from entries
  */
 abstract class ACL extends AbstractAccessControlList {
 

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlManagerImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlManagerImpl.java?rev=1443385&r1=1443384&r2=1443385&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlManagerImpl.java
(original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlManagerImpl.java
Thu Feb  7 10:18:55 2013
@@ -57,6 +57,7 @@ import org.apache.jackrabbit.oak.api.Roo
 import org.apache.jackrabbit.oak.api.Tree;
 import org.apache.jackrabbit.oak.api.Type;
 import org.apache.jackrabbit.oak.commons.PathUtils;
+import org.apache.jackrabbit.oak.core.TreeImpl;
 import org.apache.jackrabbit.oak.namepath.NamePathMapper;
 import org.apache.jackrabbit.oak.plugins.memory.MemoryPropertyBuilder;
 import org.apache.jackrabbit.oak.plugins.nodetype.ReadOnlyNodeTypeManager;
@@ -217,7 +218,7 @@ public class AccessControlManagerImpl im
                     aceTree.remove();
                 }
             } else {
-                aclNode = createAclTree(oakPath, tree);
+                aclNode = createAclNode(oakPath, tree);
             }
 
             ACL acl = (ACL) policy;
@@ -383,7 +384,7 @@ public class AccessControlManagerImpl im
      * @throws RepositoryException if an error occurs
      */
     @Nonnull
-    private NodeUtil createAclTree(@Nullable String oakPath, @Nonnull Tree tree) throws RepositoryException
{
+    private NodeUtil createAclNode(@Nullable String oakPath, @Nonnull Tree tree) throws RepositoryException
{
         String mixinName = getMixinName(oakPath);
 
         if (!isAccessControlled(tree, mixinName)) {
@@ -396,7 +397,9 @@ public class AccessControlManagerImpl im
                 tree.setProperty(pb.getPropertyState());
             }
         }
-        return new NodeUtil(tree).addChild(getAclName(oakPath), NT_REP_ACL);
+        NodeUtil aclNode = new NodeUtil(tree).addChild(getAclName(oakPath), NT_REP_ACL);
+        aclNode.setStrings(TreeImpl.OAK_CHILD_ORDER, new String[0]);
+        return aclNode;
     }
 
     @CheckForNull

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/AbstractAccessControlList.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/AbstractAccessControlList.java?rev=1443385&r1=1443384&r2=1443385&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/AbstractAccessControlList.java
(original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/AbstractAccessControlList.java
Thu Feb  7 10:18:55 2013
@@ -75,7 +75,7 @@ public abstract class AbstractAccessCont
     @Override
     public AccessControlEntry[] getAccessControlEntries() throws RepositoryException {
         List<JackrabbitAccessControlEntry> entries = getEntries();
-        return entries.toArray(new AccessControlEntry[entries.size()]);
+        return entries.toArray(new JackrabbitAccessControlEntry[entries.size()]);
     }
 
     @Override

Modified: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/AccessControlManagerImplTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/AccessControlManagerImplTest.java?rev=1443385&r1=1443384&r2=1443385&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/AccessControlManagerImplTest.java
(original)
+++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/AccessControlManagerImplTest.java
Thu Feb  7 10:18:55 2013
@@ -19,6 +19,7 @@ package org.apache.jackrabbit.oak.securi
 import java.security.Principal;
 import java.util.ArrayList;
 import java.util.Arrays;
+import java.util.Collections;
 import java.util.Iterator;
 import java.util.List;
 import java.util.Map;
@@ -606,6 +607,50 @@ public class AccessControlManagerImplTes
         assertEquals("*/something", restr.getString(REP_GLOB, null));
     }
 
+    @Ignore()
+    @Test
+    public void testModifyExistingPolicy() throws Exception {
+        ACL acl = getApplicablePolicy(testPath);
+        acl.addAccessControlEntry(testPrincipal, testPrivileges);
+        AccessControlEntry allowTest = acl.getAccessControlEntries()[0];
+
+        acMgr.setPolicy(testPath, acl);
+        root.commit();
+
+        acl = (ACL) acMgr.getPolicies(testPath)[0];
+        acl.addEntry(EveryonePrincipal.getInstance(), testPrivileges, false, getGlobRestriction("*/something"));
+
+        AccessControlEntry[] aces = acl.getAccessControlEntries();
+        assertEquals(2, aces.length);
+        AccessControlEntry denyEveryone = aces[1];
+        assertEquals(EveryonePrincipal.getInstance(), denyEveryone.getPrincipal());
+
+        acl.orderBefore(denyEveryone, allowTest);
+        acMgr.setPolicy(testPath, acl);
+        root.commit();
+
+        acl = (ACL) acMgr.getPolicies(testPath)[0];
+        aces = acl.getAccessControlEntries();
+        assertEquals(2, aces.length);
+        assertEquals(denyEveryone, aces[0]);
+        assertEquals(allowTest, aces[1]);
+
+        acl.addEntry(testPrincipal, new Privilege[] {acMgr.privilegeFromName(PrivilegeConstants.JCR_ALL)},
+                false, Collections.<String, Value>emptyMap());
+        AccessControlEntry denyTest = acl.getAccessControlEntries()[2];
+
+        acl.orderBefore(denyTest, allowTest);
+        acMgr.setPolicy(testPath, acl);
+
+        acl = (ACL) acMgr.getPolicies(testPath)[0];
+        aces = acl.getAccessControlEntries();
+        assertEquals(3, aces.length);
+
+        assertEquals(denyEveryone, aces[0]);
+        assertEquals(denyTest, aces[1]);
+        assertEquals(allowTest, aces[2]);
+    }
+
     @Test
     public void testSetInvalidPolicy() throws Exception {
         // TODO



Mime
View raw message