jackrabbit-oak-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ang...@apache.org
Subject svn commit: r1451563 - in /jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak: core/ security/authorization/ security/authorization/permission/
Date Fri, 01 Mar 2013 10:57:53 GMT
Author: angela
Date: Fri Mar  1 10:57:52 2013
New Revision: 1451563

URL: http://svn.apache.org/r1451563
Log:
OAK-527: permissions (wip)

Modified:
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/core/RootImpl.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlManagerImpl.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/CompiledPermissionImpl.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionConstants.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionHook.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionProviderImpl.java

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/core/RootImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/core/RootImpl.java?rev=1451563&r1=1451562&r2=1451563&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/core/RootImpl.java
(original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/core/RootImpl.java
Fri Mar  1 10:57:52 2013
@@ -227,7 +227,7 @@ public class RootImpl implements Root {
             purgePendingChanges();
             branch.rebase();
             rootTree = TreeImpl.createRoot(this);
-            permissionProvider = createPermissionProvider();
+            permissionProvider = null;
         }
     }
 
@@ -237,9 +237,7 @@ public class RootImpl implements Root {
         branch = store.branch();
         rootTree = TreeImpl.createRoot(this);
         modCount = 0;
-        if (permissionProvider == null) {
-            permissionProvider = createPermissionProvider();
-        } else {
+        if (permissionProvider != null) {
             permissionProvider.refresh();
         }
     }
@@ -396,6 +394,9 @@ public class RootImpl implements Root {
 
     @Nonnull
     PermissionProvider getPermissionProvider() {
+        if (permissionProvider == null) {
+            permissionProvider = createPermissionProvider();
+        }
         return permissionProvider;
     }
 

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlManagerImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlManagerImpl.java?rev=1451563&r1=1451562&r2=1451563&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlManagerImpl.java
(original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlManagerImpl.java
Fri Mar  1 10:57:52 2013
@@ -93,12 +93,13 @@ public class AccessControlManagerImpl im
 
     private final PrivilegeManager privilegeManager;
     private final PrincipalManager principalManager;
-    private final PermissionProvider permissionProvider;
     private final RestrictionProvider restrictionProvider;
     private final ReadOnlyNodeTypeManager ntMgr;
 
-    public AccessControlManagerImpl(Root root, NamePathMapper namePathMapper,
-                                    SecurityProvider securityProvider) {
+    private PermissionProvider permissionProvider;
+
+    public AccessControlManagerImpl(@Nonnull Root root, @Nonnull NamePathMapper namePathMapper,
+                                    @Nonnull SecurityProvider securityProvider) {
         this.root = root;
         this.namePathMapper = namePathMapper;
 
@@ -106,10 +107,6 @@ public class AccessControlManagerImpl im
         principalManager = securityProvider.getPrincipalConfiguration().getPrincipalManager(root,
namePathMapper);
 
         acConfig = securityProvider.getAccessControlConfiguration();
-
-        Subject subject = Subject.getSubject(AccessController.getContext());
-        Set<Principal> principals = (subject != null) ? subject.getPrincipals() : Collections.<Principal>emptySet();
-        permissionProvider = acConfig.getPermissionProvider(root, principals);
         restrictionProvider = acConfig.getRestrictionProvider(namePathMapper);
         ntMgr = ReadOnlyNodeTypeManager.getInstance(root, namePathMapper);
     }
@@ -130,15 +127,13 @@ public class AccessControlManagerImpl im
 
     @Override
     public boolean hasPrivileges(@Nullable String absPath, @Nonnull Privilege[] privileges)
throws RepositoryException {
-        permissionProvider.refresh();
-        return hasPrivileges(absPath, privileges, permissionProvider);
+        return hasPrivileges(absPath, privileges, getPermissionProvider());
     }
 
     @Nonnull
     @Override
     public Privilege[] getPrivileges(@Nullable String absPath) throws RepositoryException
{
-        permissionProvider.refresh();
-        return getPrivileges(absPath, permissionProvider);
+        return getPrivileges(absPath, getPermissionProvider());
     }
 
     @Nonnull
@@ -362,6 +357,18 @@ public class AccessControlManagerImpl im
         return tree;
     }
 
+    @Nonnull
+    private PermissionProvider getPermissionProvider() {
+        if (permissionProvider == null) {
+            Subject subject = Subject.getSubject(AccessController.getContext());
+            Set<Principal> principals = (subject != null) ? subject.getPrincipals()
: Collections.<Principal>emptySet();
+            permissionProvider = acConfig.getPermissionProvider(root, principals);
+        } else {
+            permissionProvider.refresh();
+        }
+        return permissionProvider;
+    }
+
     private void checkPermission(@Nonnull Tree tree) throws AccessDeniedException {
         // TODO
     }

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/CompiledPermissionImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/CompiledPermissionImpl.java?rev=1451563&r1=1451562&r2=1451563&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/CompiledPermissionImpl.java
(original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/CompiledPermissionImpl.java
Fri Mar  1 10:57:52 2013
@@ -20,53 +20,81 @@ import java.security.Principal;
 import java.security.acl.Group;
 import java.util.Collections;
 import java.util.HashMap;
-import java.util.List;
 import java.util.Map;
 import java.util.Set;
 import javax.annotation.CheckForNull;
 import javax.annotation.Nonnull;
 import javax.annotation.Nullable;
 
+import com.google.common.base.Strings;
 import com.google.common.collect.ImmutableSortedMap;
 import org.apache.jackrabbit.oak.api.PropertyState;
 import org.apache.jackrabbit.oak.api.Tree;
 import org.apache.jackrabbit.oak.api.Type;
 import org.apache.jackrabbit.oak.core.ReadOnlyTree;
-import org.apache.jackrabbit.oak.security.authorization.AccessControlConstants;
 import org.apache.jackrabbit.oak.security.privilege.PrivilegeBits;
 import org.apache.jackrabbit.oak.security.privilege.PrivilegeBitsProvider;
 import org.apache.jackrabbit.oak.spi.security.authorization.Permissions;
+import org.apache.jackrabbit.oak.spi.security.authorization.restriction.Restriction;
+import org.apache.jackrabbit.oak.spi.security.authorization.restriction.RestrictionProvider;
+import org.apache.jackrabbit.oak.util.TreeUtil;
 import org.apache.jackrabbit.util.Text;
 
 import static com.google.common.base.Preconditions.checkArgument;
-import static com.google.common.base.Preconditions.checkNotNull;
 
 /**
  * TODO
  */
-class CompiledPermissionImpl implements CompiledPermissions, AccessControlConstants {
+class CompiledPermissionImpl implements CompiledPermissions, PermissionConstants {
 
     private final Set<Principal> principals;
+    private final RestrictionProvider restrictionProvider;
     private final Map<String, ReadOnlyTree> trees;
 
     private PrivilegeBitsProvider bitsProvider;
-    private Map<Key, Entry> userEntries;
-    private Map<Key, Entry> groupEntries;
+    private Map<Key, PermissionEntry> userEntries;
+    private Map<Key, PermissionEntry> groupEntries;
 
     CompiledPermissionImpl(@Nonnull Set<Principal> principals,
                            @Nonnull ReadOnlyTree permissionsTree,
-                           @Nonnull PrivilegeBitsProvider bitsProvider) {
-        this.principals = checkNotNull(principals);
+                           @Nonnull PrivilegeBitsProvider bitsProvider,
+                           @Nonnull RestrictionProvider restrictionProvider) {
         checkArgument(!principals.isEmpty());
+        this.principals = principals;
+        this.restrictionProvider = restrictionProvider;
         this.trees = new HashMap<String, ReadOnlyTree>(principals.size());
-        update(permissionsTree, bitsProvider);
+        refresh(permissionsTree, bitsProvider);
     }
 
-    void update(@Nullable ReadOnlyTree permissionsTree, @Nonnull PrivilegeBitsProvider bitsProvider)
{
-        // TODO: determine if entries need to be reloaded due to changes to the
-        // TODO: affected permission-nodes.
+    void refresh(@Nonnull ReadOnlyTree permissionsTree,
+                 @Nonnull PrivilegeBitsProvider bitsProvider) {
         this.bitsProvider = bitsProvider;
-        buildEntries(permissionsTree);
+        boolean refresh = false;
+        // test if a permission has been added for those principals that didn't have one
before
+        if (trees.size() != principals.size()) {
+            for (Principal principal : principals) {
+                if (!trees.containsKey(principal.getName()) && getPrincipalRoot(permissionsTree,
principal) != null) {
+                    refresh = true;
+                    break;
+                }
+            }
+        }
+        // test if any of the trees has been modified in the mean time
+        if (!refresh) {
+            for (Map.Entry<String, ReadOnlyTree> entry : trees.entrySet()) {
+                ReadOnlyTree t = entry.getValue();
+                ReadOnlyTree t2 = permissionsTree.getChild(t.getName());
+                // TODO: OAK-660 or equivalent comparision
+                if (!t.equals(t2)) {
+                    refresh = true;
+                    break;
+                }
+            }
+        }
+
+        if (refresh) {
+            buildEntries(permissionsTree);
+        }
     }
 
     //------------------------------------------------< CompiledPermissions >---
@@ -124,7 +152,7 @@ class CompiledPermissionImpl implements 
                 ReadOnlyTree t = getPrincipalRoot(permissionsTree, principal);
                 if (t != null) {
                     trees.put(principal.getName(), t);
-                    builder.addEntry(principal, t);
+                    builder.addEntry(principal, t, restrictionProvider);
                 }
             }
             userEntries = builder.userEntries.build();
@@ -155,8 +183,8 @@ class CompiledPermissionImpl implements 
         private long index;
 
         private Key(Tree tree) {
-            path = tree.getProperty("rep:accessControlledPath").getValue(Type.STRING);
-            index = tree.getProperty("rep:index").getValue(Type.LONG);
+            path = Strings.emptyToNull(TreeUtil.getString(tree, REP_ACCESS_CONTROLLED_PATH));
+            index = tree.getProperty(REP_INDEX).getValue(Type.LONG);
         }
 
         @Override
@@ -166,16 +194,16 @@ class CompiledPermissionImpl implements 
         }
     }
 
-    private static final class Entry {
+    private static final class PermissionEntry {
 
         private final boolean isAllow;
         private final PrivilegeBits privilegeBits;
-        private final List<String> restrictions;
+        private final Set<Restriction> restrictions;
 
-        private Entry(Tree entryTree) {
-            isAllow = ('a' == entryTree.getName().charAt(0));
-            privilegeBits = PrivilegeBits.getInstance(entryTree.getProperty(REP_PRIVILEGES));
-            restrictions = null; // TODO
+        private PermissionEntry(String accessControlledPath, Tree entryTree, RestrictionProvider
restrictionsProvider) {
+            isAllow = (PREFIX_ALLOW == entryTree.getName().charAt(0));
+            privilegeBits = PrivilegeBits.getInstance(entryTree.getProperty(REP_PRIVILEGE_BITS));
+            restrictions = restrictionsProvider.readRestrictions(accessControlledPath, entryTree);
         }
     }
 
@@ -185,13 +213,15 @@ class CompiledPermissionImpl implements 
      */
     private static final class EntriesBuilder {
 
-        private ImmutableSortedMap.Builder<Key, Entry> userEntries = ImmutableSortedMap.naturalOrder();
-        private ImmutableSortedMap.Builder<Key, Entry> groupEntries = ImmutableSortedMap.naturalOrder();
+        private ImmutableSortedMap.Builder<Key, PermissionEntry> userEntries = ImmutableSortedMap.naturalOrder();
+        private ImmutableSortedMap.Builder<Key, PermissionEntry> groupEntries = ImmutableSortedMap.naturalOrder();
 
-        private void addEntry(@Nonnull Principal principal, @Nonnull Tree entryTree) {
-            Entry entry = new Entry(entryTree);
-            if (entry.privilegeBits.isEmpty()) {
-                Key key = new Key(entryTree);
+        private void addEntry(@Nonnull Principal principal,
+                              @Nonnull Tree entryTree,
+                              @Nonnull RestrictionProvider restrictionProvider) {
+            Key key = new Key(entryTree);
+            PermissionEntry entry = new PermissionEntry(key.path, entryTree, restrictionProvider);
+            if (!entry.privilegeBits.isEmpty()) {
                 if (principal instanceof Group) {
                     groupEntries.put(key, entry);
                 } else {

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionConstants.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionConstants.java?rev=1451563&r1=1451562&r2=1451563&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionConstants.java
(original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionConstants.java
Fri Mar  1 10:57:52 2013
@@ -41,6 +41,7 @@ interface PermissionConstants {
     String PERMISSIONS_STORE_PATH = JcrConstants.JCR_SYSTEM + '/' + REP_PERMISSION_STORE;
 
     String REP_ACCESS_CONTROLLED_PATH = "rep:accessControlledPath";
+    String REP_PRIVILEGE_BITS = "rep:privileges";
     String REP_INDEX = "rep:index";
     char PREFIX_ALLOW = 'a';
     char PREFIX_DENY = 'd';

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionHook.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionHook.java?rev=1451563&r1=1451562&r2=1451563&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionHook.java
(original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionHook.java
Fri Mar  1 10:57:52 2013
@@ -16,7 +16,6 @@
  */
 package org.apache.jackrabbit.oak.security.authorization.permission;
 
-import java.util.Collections;
 import java.util.Set;
 import javax.annotation.CheckForNull;
 import javax.annotation.Nonnull;
@@ -44,8 +43,6 @@ import org.apache.jackrabbit.oak.spi.sec
 import org.apache.jackrabbit.oak.spi.state.NodeBuilder;
 import org.apache.jackrabbit.oak.spi.state.NodeState;
 import org.apache.jackrabbit.oak.spi.state.NodeStateDiff;
-import org.apache.jackrabbit.oak.spi.state.PropertyBuilder;
-import org.apache.jackrabbit.oak.util.PropertyUtil;
 import org.apache.jackrabbit.oak.util.TreeUtil;
 import org.apache.jackrabbit.util.Text;
 import org.slf4j.Logger;
@@ -122,7 +119,7 @@ public class PermissionHook implements C
         return Lists.newArrayList(ordering.getValue(Type.STRINGS)).indexOf(aceName);
     }
 
-    private static String generateName(NodeBuilder principalRoot, Entry entry) {
+    private static String generateName(NodeBuilder principalRoot, PermissionEntry entry)
{
         StringBuilder name = new StringBuilder();
         name.append((entry.isAllow) ? PREFIX_ALLOW : PREFIX_DENY).append('-').append(principalRoot.getChildNodeCount());
         return name.toString();
@@ -204,12 +201,12 @@ public class PermissionHook implements C
         }
 
         private void addEntry(String name, NodeState ace) {
-            Entry entry = createEntry(name, ace, parentAfter);
-            entry.writeTo(permissionRoot.child(entry.principalName));
+            PermissionEntry entry = createPermissionEntry(name, ace, parentAfter);
+            entry.writeTo(permissionRoot);
         }
 
         private void removeEntry(String name, NodeState ace) {
-            Entry entry = createEntry(name, ace, parentBefore);
+            PermissionEntry entry = createPermissionEntry(name, ace, parentBefore);
             String permissionName = getPermissionNodeName(entry);
             if (permissionName != null) {
                 permissionRoot.child(entry.principalName).removeNode(permissionName);
@@ -222,33 +219,33 @@ public class PermissionHook implements C
         }
 
         @CheckForNull
-        private String getPermissionNodeName(Entry aceEntry) {
-            if (permissionRoot.hasChildNode(aceEntry.principalName)) {
-                NodeBuilder principalRoot = permissionRoot.child(aceEntry.principalName);
+        private String getPermissionNodeName(PermissionEntry permissionEntry) {
+            if (permissionRoot.hasChildNode(permissionEntry.principalName)) {
+                NodeBuilder principalRoot = permissionRoot.child(permissionEntry.principalName);
                 for (String childName : principalRoot.getChildNodeNames()) {
                     NodeState state = principalRoot.child(childName).getNodeState();
-                    if (aceEntry.isSame(childName, state)) {
+                    if (permissionEntry.isSame(childName, state)) {
                         return childName;
                     }
                 }
-                log.warn("No entry node for " + aceEntry);
+                log.warn("No permission entry for " + permissionEntry);
             } else {
                 // inconsistency: removing an ACE that doesn't have a corresponding
                 // entry in the permission store.
-                log.warn("Missing permission node for principal " + aceEntry.principalName);
+                log.warn("Missing permission node for principal " + permissionEntry.principalName);
             }
             return null;
         }
 
         @Nonnull
-        private Entry createEntry(String name, NodeState ace, BaseNode acl) {
+        private PermissionEntry createPermissionEntry(String name, NodeState ace, BaseNode
acl) {
             Tree aceTree = getTree(name, ace);
+            String accessControlledPath = getAccessControlledPath(acl);
             String principalName = checkNotNull(TreeUtil.getString(aceTree, REP_PRINCIPAL_NAME));
             PrivilegeBits privilegeBits = bitsProvider.getBits(TreeUtil.getStrings(aceTree,
REP_PRIVILEGES));
             boolean isAllow = NT_REP_GRANT_ACE.equals(TreeUtil.getPrimaryTypeName(aceTree));
-            String accessControlledPath = getAccessControlledPath(acl);
 
-            return new Entry(accessControlledPath, getAceIndex(acl, name), principalName,
+            return new PermissionEntry(accessControlledPath, getAceIndex(acl, name), principalName,
                     privilegeBits, isAllow, getRestrictions(accessControlledPath, aceTree));
         }
     }
@@ -276,7 +273,7 @@ public class PermissionHook implements C
         abstract NodeState getNodeState();
     }
 
-    private static class BeforeNode extends BaseNode {
+    private static final class BeforeNode extends BaseNode {
 
         private final NodeState nodeState;
 
@@ -297,7 +294,7 @@ public class PermissionHook implements C
         }
     }
 
-    private static class Node extends BaseNode {
+    private static final class Node extends BaseNode {
 
         private final NodeBuilder builder;
 
@@ -321,7 +318,7 @@ public class PermissionHook implements C
         }
     }
 
-    private final class Entry {
+    private final class PermissionEntry {
 
         private final String accessControlledPath;
         private final int index;
@@ -331,7 +328,7 @@ public class PermissionHook implements C
         private final boolean isAllow;
         private final Set<Restriction> restrictions;
 
-        private Entry(@Nonnull String accessControlledPath,
+        private PermissionEntry(@Nonnull String accessControlledPath,
                       int index,
                       @Nonnull String principalName,
                       @Nonnull PrivilegeBits privilegeBits,
@@ -339,33 +336,23 @@ public class PermissionHook implements C
             this.accessControlledPath = accessControlledPath;
             this.index = index;
 
-            this.principalName = principalName;
+            this.principalName = Text.escapeIllegalJcrChars(principalName);
             this.privilegeBits = privilegeBits;
             this.isAllow = isAllow;
             this.restrictions = restrictions;
         }
 
-        private void writeTo(NodeBuilder principalRoot) {
+        private void writeTo(NodeBuilder permissionRoot) {
+            NodeBuilder principalRoot = permissionRoot.child(principalName);
             String entryName = generateName(principalRoot, this);
             NodeBuilder entry = principalRoot.child(entryName)
                     .setProperty(JCR_PRIMARYTYPE, NT_REP_PERMISSIONS)
                     .setProperty(REP_ACCESS_CONTROLLED_PATH, accessControlledPath)
                     .setProperty(REP_INDEX, index)
-                    .setProperty(privilegeBits.asPropertyState(REP_PRIVILEGES));
+                    .setProperty(privilegeBits.asPropertyState(REP_PRIVILEGE_BITS));
             for (Restriction restriction : restrictions) {
                 entry.setProperty(restriction.getProperty());
             }
-
-            PropertyState ordering = principalRoot.getProperty(TreeImpl.OAK_CHILD_ORDER);
-            if (ordering == null) {
-                principalRoot.setProperty(TreeImpl.OAK_CHILD_ORDER, Collections.singleton(entryName),
Type.NAMES);
-            } else {
-                PropertyBuilder pb = PropertyUtil.getPropertyBuilder(Type.NAME, ordering);
-                // TODO: determine ordering index
-                int index = 0;
-                pb.setValue(entryName, index);
-                principalRoot.setProperty(pb.getPropertyState());
-            }
         }
 
         private boolean isSame(String name, NodeState node) {
@@ -391,7 +378,7 @@ public class PermissionHook implements C
 
         public String toString() {
             StringBuilder sb = new StringBuilder();
-            sb.append("entry: ").append(accessControlledPath);
+            sb.append("permission entry: ").append(accessControlledPath);
             sb.append(';').append(principalName);
             sb.append(';').append(isAllow ? "allow" : "deny");
             sb.append(';').append(privilegeBits);

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionProviderImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionProviderImpl.java?rev=1451563&r1=1451562&r2=1451563&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionProviderImpl.java
(original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionProviderImpl.java
Fri Mar  1 10:57:52 2013
@@ -32,11 +32,13 @@ import org.apache.jackrabbit.oak.api.Typ
 import org.apache.jackrabbit.oak.commons.PathUtils;
 import org.apache.jackrabbit.oak.core.ReadOnlyRoot;
 import org.apache.jackrabbit.oak.core.ReadOnlyTree;
+import org.apache.jackrabbit.oak.namepath.NamePathMapper;
 import org.apache.jackrabbit.oak.plugins.version.VersionConstants;
 import org.apache.jackrabbit.oak.security.authorization.AccessControlConstants;
 import org.apache.jackrabbit.oak.security.privilege.PrivilegeBitsProvider;
 import org.apache.jackrabbit.oak.spi.security.Context;
 import org.apache.jackrabbit.oak.spi.security.SecurityProvider;
+import org.apache.jackrabbit.oak.spi.security.authorization.AccessControlConfiguration;
 import org.apache.jackrabbit.oak.spi.security.authorization.PermissionProvider;
 import org.apache.jackrabbit.oak.spi.security.authorization.Permissions;
 import org.apache.jackrabbit.oak.spi.security.principal.AdminPrincipal;
@@ -69,7 +71,8 @@ public class PermissionProviderImpl impl
     public PermissionProviderImpl(@Nonnull Root root, @Nonnull Set<Principal> principals,
                                   @Nonnull SecurityProvider securityProvider) {
         this.root = root;
-        this.acContext = securityProvider.getAccessControlConfiguration().getContext();
+        AccessControlConfiguration acConfig = securityProvider.getAccessControlConfiguration();
+        this.acContext = acConfig.getContext();
         if (principals.contains(SystemPrincipal.INSTANCE) || isAdmin(principals)) {
             compiledPermissions = AllPermissions.getInstance();
         } else {
@@ -77,7 +80,7 @@ public class PermissionProviderImpl impl
             if (permissionsTree == null || principals.isEmpty()) {
                 compiledPermissions = NoPermissions.getInstance();
             } else {
-                compiledPermissions = new CompiledPermissionImpl(principals, permissionsTree,
getBitsProvider());
+                compiledPermissions = new CompiledPermissionImpl(principals, permissionsTree,
getBitsProvider(), acConfig.getRestrictionProvider(NamePathMapper.DEFAULT));
             }
         }
     }
@@ -85,7 +88,7 @@ public class PermissionProviderImpl impl
     @Override
     public void refresh() {
         if (compiledPermissions instanceof CompiledPermissionImpl) {
-            ((CompiledPermissionImpl) compiledPermissions).update(getPermissionsRoot(), getBitsProvider());
+            ((CompiledPermissionImpl) compiledPermissions).refresh(getPermissionsRoot(),
getBitsProvider());
         }
     }
 



Mime
View raw message