jackrabbit-oak-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ang...@apache.org
Subject svn commit: r1466403 - in /jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission: ChildOrderDiff.java PermissionValidator.java
Date Wed, 10 Apr 2013 09:34:55 GMT
Author: angela
Date: Wed Apr 10 09:34:55 2013
New Revision: 1466403

URL: http://svn.apache.org/r1466403
Log:
OAK-527: permissions (wip)

- proper handling of OAK_CHILD_ORDER property to only check permissions if a user-supplied
reorder occured.
- omit permission check for all items inside a hidden tree otherwise

Added:
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/ChildOrderDiff.java
Modified:
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionValidator.java

Added: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/ChildOrderDiff.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/ChildOrderDiff.java?rev=1466403&view=auto
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/ChildOrderDiff.java
(added)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/ChildOrderDiff.java
Wed Apr 10 09:34:55 2013
@@ -0,0 +1,71 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.oak.security.authorization.permission;
+
+import java.util.List;
+import javax.annotation.CheckForNull;
+
+import com.google.common.collect.Lists;
+import org.apache.jackrabbit.oak.api.PropertyState;
+import org.apache.jackrabbit.oak.api.Type;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+/**
+ * Helper class to handle modifications to the hidden
+ * {@link org.apache.jackrabbit.oak.core.TreeImpl#OAK_CHILD_ORDER} property.
+ */
+class ChildOrderDiff {
+
+    /**
+     * logger instance
+     */
+    private static final Logger log = LoggerFactory.getLogger(ChildOrderDiff.class);
+
+    private final PropertyState before;
+    private final PropertyState after;
+
+    ChildOrderDiff(PropertyState before, PropertyState after) {
+        this.before = before;
+        this.after = after;
+    }
+
+    /**
+     * Tests if there was any user-supplied reordering involved with the
+     * modification of the {@link org.apache.jackrabbit.oak.core.TreeImpl#OAK_CHILD_ORDER}
+     * property.
+     *
+     * @return the name of the first reordered child if any user-supplied node
+     * reorder happened; {@code null} otherwise.
+     */
+    @CheckForNull
+    String firstReordered() {
+        List<String> beforeNames = Lists.newArrayList(before.getValue(Type.NAMES));
+        List<String> afterNames = Lists.newArrayList(after.getValue(Type.NAMES));
+        // remove elements from before that have been deleted
+        beforeNames.retainAll(afterNames);
+
+        for (int i = 0; i < beforeNames.size() && i < afterNames.size(); i++)
{
+            String bName = beforeNames.get(i);
+            String aName = afterNames.get(i);
+            if (!bName.equals(aName)) {
+                return aName;
+            }
+        }
+        return null;
+    }
+}
\ No newline at end of file

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionValidator.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionValidator.java?rev=1466403&r1=1466402&r2=1466403&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionValidator.java
(original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionValidator.java
Wed Apr 10 09:34:55 2013
@@ -24,6 +24,7 @@ import org.apache.jackrabbit.JcrConstant
 import org.apache.jackrabbit.oak.api.CommitFailedException;
 import org.apache.jackrabbit.oak.api.PropertyState;
 import org.apache.jackrabbit.oak.api.Tree;
+import org.apache.jackrabbit.oak.core.ImmutableTree;
 import org.apache.jackrabbit.oak.core.TreeImpl;
 import org.apache.jackrabbit.oak.plugins.version.VersionConstants;
 import org.apache.jackrabbit.oak.spi.commit.DefaultValidator;
@@ -85,7 +86,11 @@ class PermissionValidator extends Defaul
     @Override
     public void propertyChanged(PropertyState before, PropertyState after) throws CommitFailedException
{
         if (TreeImpl.OAK_CHILD_ORDER.equals(after.getName())) {
-            checkPermissions(parentAfter, false, Permissions.MODIFY_CHILD_NODE_COLLECTION);
+            String childName = new ChildOrderDiff(before, after).firstReordered();
+            if (childName != null) {
+                Tree child = parentAfter.getChild(childName);
+                checkPermissions(child, false, Permissions.MODIFY_CHILD_NODE_COLLECTION);
+            } // else: no re-order but only internal update
         } else {
             checkPermissions(parentAfter, after, Permissions.MODIFY_PROPERTY);
         }
@@ -140,7 +145,8 @@ class PermissionValidator extends Defaul
 
     private Validator checkPermissions(@Nonnull Tree tree, boolean isBefore,
                                        long defaultPermission) throws CommitFailedException
{
-        if (NodeStateUtils.isHidden(tree.getName())) {
+        if (ImmutableTree.getType(tree) == ImmutableTree.TypeProvider.TYPE_HIDDEN) {
+            // ignore everything below a hidden tree
             return null;
         }
         long toTest = getPermission(tree, defaultPermission);
@@ -166,6 +172,8 @@ class PermissionValidator extends Defaul
     private void checkPermissions(@Nonnull Tree parent, @Nonnull PropertyState property,
                                   long defaultPermission) throws CommitFailedException {
         if (NodeStateUtils.isHidden(property.getName())) {
+            // ignore any hidden properties (except for OAK_CHILD_ORDER which has
+            // been covered in "propertyChanged"
             return;
         }
 



Mime
View raw message