jackrabbit-oak-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ang...@apache.org
Subject svn commit: r1461031 - in /jackrabbit/oak/trunk/oak-core/src: main/java/org/apache/jackrabbit/oak/core/ main/java/org/apache/jackrabbit/oak/security/authorization/permission/ test/java/org/apache/jackrabbit/oak/security/authorization/permission/
Date Tue, 26 Mar 2013 09:21:50 GMT
Author: angela
Date: Tue Mar 26 09:21:50 2013
New Revision: 1461031

URL: http://svn.apache.org/r1461031
Log:
OAK-527: permissions (wip)

Modified:
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/core/ImmutableTree.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionHook.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionValidator.java
    jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionHookTest.java

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/core/ImmutableTree.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/core/ImmutableTree.java?rev=1461031&r1=1461030&r2=1461031&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/core/ImmutableTree.java
(original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/core/ImmutableTree.java
Tue Mar 26 09:21:50 2013
@@ -33,7 +33,6 @@ import org.apache.jackrabbit.oak.spi.sta
 import org.apache.jackrabbit.oak.spi.state.NodeState;
 import org.apache.jackrabbit.oak.spi.state.NodeStateUtils;
 
-import static com.google.common.base.Preconditions.checkArgument;
 import static com.google.common.base.Preconditions.checkNotNull;
 import static org.apache.jackrabbit.oak.api.Type.STRING;
 
@@ -171,9 +170,13 @@ public final class ImmutableTree extends
         return typeProvider.getType(this);
     }
 
+    // TODO
     public static int getType(Tree tree) {
-        checkArgument(tree instanceof ImmutableTree);
-        return ((ImmutableTree) tree).getType();
+        if (tree instanceof ImmutableTree) {
+            return ((ImmutableTree) tree).getType();
+        } else {
+            return TypeProvider.TYPE_DEFAULT;
+        }
     }
 
     @Nonnull

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionHook.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionHook.java?rev=1461031&r1=1461030&r2=1461031&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionHook.java
(original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionHook.java
Tue Mar 26 09:21:50 2013
@@ -166,8 +166,6 @@ public class PermissionHook implements P
                 // ignore hidden nodes
             } else if (isACE(name, after)) {
                 addEntry(name, after);
-            } else if (REP_RESTRICTIONS.equals(name)) {
-                updateEntry(parentAfter.getName(), parentBefore.getNodeState(), parentAfter.getNodeState());
             } else {
                 Node before = new BeforeNode(parentBefore.getPath(), name, EMPTY_NODE);
                 AfterNode node = new AfterNode(parentAfter, name);
@@ -181,8 +179,6 @@ public class PermissionHook implements P
                 // ignore hidden nodes
             } else if (isACE(name, before) || isACE(name, after)) {
                 updateEntry(name, before, after);
-            } else if (REP_RESTRICTIONS.equals(name)) {
-                updateEntry(parentAfter.getName(), parentBefore.getNodeState(), parentAfter.getNodeState());
             } else {
                 BeforeNode nodeBefore = new BeforeNode(parentBefore.getPath(), name, before);
                 AfterNode nodeAfter = new AfterNode(parentAfter, name);
@@ -196,8 +192,6 @@ public class PermissionHook implements P
                 // ignore hidden nodes
             } else if (isACE(name, before)) {
                 removeEntry(name, before);
-            } else if (REP_RESTRICTIONS.equals(name)) {
-                updateEntry(parentAfter.getName(), parentBefore.getNodeState(), parentAfter.getNodeState());
             } else {
                 BeforeNode nodeBefore = new BeforeNode(parentBefore.getPath(), name, before);
                 AfterNode after = new AfterNode(parentAfter.getPath(), name, EMPTY_NODE);
@@ -337,10 +331,10 @@ public class PermissionHook implements P
             this.isAllow = isAllow;
             this.restrictions = restrictions;
 
-            // create node name from ace definition (excluding the index)
+            // create node name from ace definition
             StringBuilder name = new StringBuilder();
             name.append((isAllow) ? PREFIX_ALLOW : PREFIX_DENY).append('-');
-            name.append(Objects.hashCode(accessControlledPath, principalName, privilegeBits,
isAllow, restrictions));
+            name.append(Objects.hashCode(accessControlledPath, principalName, index, privilegeBits,
isAllow, restrictions));
             nodeName = name.toString();
         }
 

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionValidator.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionValidator.java?rev=1461031&r1=1461030&r2=1461031&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionValidator.java
(original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionValidator.java
Tue Mar 26 09:21:50 2013
@@ -223,7 +223,8 @@ class PermissionValidator extends Defaul
     // TODO
     public static boolean noTraverse(long permission) {
         return permission == Permissions.MODIFY_ACCESS_CONTROL ||
-                permission == Permissions.VERSION_MANAGEMENT;
+                permission == Permissions.VERSION_MANAGEMENT ||
+                permission == Permissions.REMOVE_NODE;
     }
 
     // TODO

Modified: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionHookTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionHookTest.java?rev=1461031&r1=1461030&r2=1461031&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionHookTest.java
(original)
+++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionHookTest.java
Tue Mar 26 09:21:50 2013
@@ -16,16 +16,21 @@
  */
 package org.apache.jackrabbit.oak.security.authorization.permission;
 
-import java.security.Principal;
+import java.util.HashSet;
+import java.util.Set;
 import javax.jcr.RepositoryException;
 import javax.jcr.security.AccessControlManager;
 
+import com.google.common.collect.ImmutableSet;
 import org.apache.jackrabbit.JcrConstants;
 import org.apache.jackrabbit.api.security.JackrabbitAccessControlList;
 import org.apache.jackrabbit.commons.jackrabbit.authorization.AccessControlUtils;
 import org.apache.jackrabbit.oak.api.Tree;
 import org.apache.jackrabbit.oak.api.Type;
+import org.apache.jackrabbit.oak.security.authorization.AccessControlConstants;
 import org.apache.jackrabbit.oak.security.principal.PrincipalImpl;
+import org.apache.jackrabbit.oak.security.privilege.PrivilegeBits;
+import org.apache.jackrabbit.oak.security.privilege.PrivilegeBitsProvider;
 import org.apache.jackrabbit.oak.security.privilege.PrivilegeConstants;
 import org.apache.jackrabbit.oak.spi.security.authorization.AbstractAccessControlTest;
 import org.apache.jackrabbit.oak.spi.security.principal.EveryonePrincipal;
@@ -36,35 +41,53 @@ import org.junit.Ignore;
 import org.junit.Test;
 
 import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertNull;
 
 /**
  * PermissionHookTest... TODO
  */
-public class PermissionHookTest extends AbstractAccessControlTest implements PermissionConstants
{
+public class PermissionHookTest extends AbstractAccessControlTest implements AccessControlConstants,
PermissionConstants {
+
+    private String testPath = "/testPath";
+    private String testPrincipalName = "admin"; // TODO
+
+    private PrivilegeBitsProvider bitsProvider;
 
-    private AccessControlManager acMgr;
     @Override
     @Before
     public void before() throws Exception {
         super.before();
 
         NodeUtil rootNode = new NodeUtil(root.getTree("/"), namePathMapper);
-        rootNode.addChild("testName", JcrConstants.NT_UNSTRUCTURED);
+        rootNode.addChild("testPath", JcrConstants.NT_UNSTRUCTURED);
+
+        AccessControlManager acMgr = getAccessControlManager(root);
+        JackrabbitAccessControlList acl = AccessControlUtils.getAccessControlList(acMgr,
testPath);
+        acl.addAccessControlEntry(new PrincipalImpl(testPrincipalName), privilegesFromNames(PrivilegeConstants.JCR_ADD_CHILD_NODES));
+        acl.addAccessControlEntry(EveryonePrincipal.getInstance(), privilegesFromNames(PrivilegeConstants.JCR_READ));
+        acMgr.setPolicy(testPath, acl);
         root.commit();
 
-        acMgr = getAccessControlManager(root);
+        bitsProvider = new PrivilegeBitsProvider(root);
     }
 
     @After
     public void after() throws Exception {
         root.refresh();
-        root.getTree("/testName").remove();
-        root.commit();
+        Tree test = root.getTree(testPath);
+        if (test != null) {
+            test.remove();
+            root.commit();
+        }
+    }
+
+    private Tree getPrincipalRoot(String principalName) {
+        return root.getTree(PERMISSIONS_STORE_PATH).getChild(adminSession.getWorkspaceName()).getChild(principalName);
     }
 
     private Tree getEntry(String principalName, String accessControlledPath) throws Exception
{
-        Tree permissionTree = root.getTree(PERMISSIONS_STORE_PATH).getChild(adminSession.getWorkspaceName()).getChild(principalName);
-        for (Tree entry : permissionTree.getChildren()) {
+        Tree principalRoot = getPrincipalRoot(principalName);
+        for (Tree entry : principalRoot.getChildren()) {
             if (accessControlledPath.equals(entry.getProperty(REP_ACCESS_CONTROLLED_PATH).getValue(Type.STRING)))
{
                 return entry;
             }
@@ -73,49 +96,96 @@ public class PermissionHookTest extends 
     }
 
     @Test
-    public void testAddDuplicateAce() {
-        // TODO
-    }
+    public void testDuplicateAce() throws Exception {
+        // add duplicate policy on OAK-API
+        NodeUtil policy = new NodeUtil(root.getTree(testPath + "/rep:policy"));
+        NodeUtil ace = policy.addChild("duplicateAce", NT_REP_GRANT_ACE);
+        ace.setString(REP_PRINCIPAL_NAME, testPrincipalName);
+        ace.setStrings(REP_PRIVILEGES, PrivilegeConstants.JCR_ADD_CHILD_NODES);
+        root.commit();
 
-    @Test
-    public void testRemoveDuplicateAce() {
-        // TODO
-    }
+        Tree principalRoot = getPrincipalRoot(testPrincipalName);
+        assertEquals(2, principalRoot.getChildrenCount());
 
-    @Test
-    public void testAddRestrictionNode() {
-        // TODO add restriction node on oak-api
-    }
+        Set<Integer> index = new HashSet<Integer>(2);
+        for (Tree entry : principalRoot.getChildren()) {
+            assertEquals(bitsProvider.getBits(PrivilegeConstants.JCR_ADD_CHILD_NODES), PrivilegeBits.getInstance(entry.getProperty(REP_PRIVILEGE_BITS)));
+            assertEquals(testPath, entry.getProperty(REP_ACCESS_CONTROLLED_PATH).getValue(Type.STRING));
+            index.add(entry.getProperty(REP_INDEX).getValue(Type.LONG).intValue());
+        }
+        assertEquals(ImmutableSet.of(0, 2), index);
 
-    @Test
-    public void testRemoveRestrictionNode() {
-        // TODO
+        // remove duplicate policy entry again
+        root.getTree(testPath + "/rep:policy/duplicateAce").remove();
+        root.commit();
+
+        assertEquals(1, getPrincipalRoot(testPrincipalName).getChildrenCount());
     }
 
     @Test
-    public void testModifyRestrictions() {
-        // TODO
+    public void testModifyRestrictions() throws Exception {
+        Tree testAce = root.getTree(testPath + "/rep:policy").getChildren().iterator().next();
+        assertEquals(testPrincipalName, testAce.getProperty(REP_PRINCIPAL_NAME).getValue(Type.STRING));
+
+        // add a new restriction node through the OAK API instead of access control manager
+        NodeUtil node = new NodeUtil(testAce);
+        NodeUtil restrictions = node.addChild(REP_RESTRICTIONS, NT_REP_RESTRICTIONS);
+        restrictions.setString(REP_GLOB, "*");
+        String restritionsPath = restrictions.getTree().getPath();
+        root.commit();
+
+        Tree principalRoot = getPrincipalRoot(testPrincipalName);
+        assertEquals(1, principalRoot.getChildrenCount());
+        assertEquals("*", principalRoot.getChildren().iterator().next().getProperty(REP_GLOB).getValue(Type.STRING));
+
+        // modify the restrictions node
+        Tree restrictionsNode = root.getTree(restritionsPath);
+        restrictionsNode.setProperty(REP_GLOB, "/*/jcr:content/*");
+        root.commit();
+
+        principalRoot = getPrincipalRoot(testPrincipalName);
+        assertEquals(1, principalRoot.getChildrenCount());
+        assertEquals("/*/jcr:content/*", principalRoot.getChildren().iterator().next().getProperty(REP_GLOB).getValue(Type.STRING));
+
+        // remove the restriction again
+        root.getTree(restritionsPath).remove();
+        root.commit();
+
+        principalRoot = getPrincipalRoot(testPrincipalName);
+        assertEquals(1, principalRoot.getChildrenCount());
+        assertNull(principalRoot.getChildren().iterator().next().getProperty(REP_GLOB));
+
     }
 
-    @Ignore("PermissionHook#propertyChanged without corresponding child node modifications")
+    @Ignore("PermissionHook#propertyChange") // TODO
     @Test
     public void testReorderAce() throws Exception {
-        Principal testPrincipal = new PrincipalImpl("admin");
-        JackrabbitAccessControlList acl = AccessControlUtils.getAccessControlList(acMgr,
"/testName");
-        acl.addAccessControlEntry(testPrincipal, privilegesFromNames(PrivilegeConstants.JCR_ADD_CHILD_NODES));
-        acl.addAccessControlEntry(EveryonePrincipal.getInstance(), privilegesFromNames(PrivilegeConstants.JCR_READ));
-        acMgr.setPolicy("/testName", acl);
+        Tree entry = getEntry(testPrincipalName, testPath);
+        assertEquals(0, entry.getProperty(REP_INDEX).getValue(Type.LONG).longValue());
+
+        Tree aclTree = root.getTree(testPath + "/rep:policy");
+        aclTree.getChildren().iterator().next().orderBefore(null);
+
         root.commit();
 
-        Tree entry = getEntry("admin", "/testName");
+        entry = getEntry(testPrincipalName, testPath);
+        assertEquals(1, entry.getProperty(REP_INDEX).getValue(Type.LONG).longValue());
+    }
+
+    @Ignore("PermissionHook#propertyChange") // TODO
+    @Test
+    public void testReorderAndAddAce() throws Exception {
+        Tree entry = getEntry(testPrincipalName, testPath);
         assertEquals(0, entry.getProperty(REP_INDEX).getValue(Type.LONG).longValue());
 
-        Tree aclTree = root.getTree("/testName/rep:policy");
+        Tree aclTree = root.getTree(testPath + "/rep:policy");
         aclTree.getChildren().iterator().next().orderBefore(null);
-
+        NodeUtil ace = new NodeUtil(aclTree).addChild("denyEveryoneLockMgt", NT_REP_DENY_ACE);
+        ace.setString(REP_PRINCIPAL_NAME, EveryonePrincipal.NAME);
+        ace.setStrings(REP_PRIVILEGES, PrivilegeConstants.JCR_LOCK_MANAGEMENT);
         root.commit();
 
-        entry = getEntry("admin", "/testName");
+        entry = getEntry(testPrincipalName, testPath);
         assertEquals(1, entry.getProperty(REP_INDEX).getValue(Type.LONG).longValue());
     }
 }
\ No newline at end of file



Mime
View raw message