jackrabbit-oak-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ang...@apache.org
Subject svn commit: r1468950 - in /jackrabbit/oak/trunk/oak-core/src: main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlManagerImpl.java test/java/org/apache/jackrabbit/oak/security/authorization/AccessControlManagerImplTest.java
Date Wed, 17 Apr 2013 14:54:09 GMT
Author: angela
Date: Wed Apr 17 14:54:09 2013
New Revision: 1468950

URL: http://svn.apache.org/r1468950
Log:
OAK-51 : Access Control Management (wip)

Modified:
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlManagerImpl.java
    jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/AccessControlManagerImplTest.java

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlManagerImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlManagerImpl.java?rev=1468950&r1=1468949&r2=1468950&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlManagerImpl.java
(original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlManagerImpl.java
Wed Apr 17 14:54:09 2013
@@ -21,6 +21,7 @@ import java.text.ParseException;
 import java.util.ArrayList;
 import java.util.Collections;
 import java.util.HashSet;
+import java.util.Iterator;
 import java.util.List;
 import java.util.Set;
 import javax.annotation.CheckForNull;
@@ -210,8 +211,43 @@ public class AccessControlManagerImpl im
         checkValidPolicy(oakPath, policy);
 
         if (policy instanceof PrincipalACL) {
-            // TODO : OAK-758
-            throw new RepositoryException("not yet implemented");
+            PrincipalACL principalAcl = (PrincipalACL) policy;
+            AccessControlPolicy[] plcs = getPolicies(principalAcl.principal);
+            PrincipalACL existing = (plcs.length == 0) ? null : (PrincipalACL) plcs[0];
+
+            // TODO: handle re-ordered entries...
+            // write new entries
+            List<JackrabbitAccessControlEntry> entries = principalAcl.getEntries();
+            if (existing != null) {
+                entries.removeAll(existing.getEntries());
+            }
+            for (JackrabbitAccessControlEntry ace : entries) {
+                String path = getOakPath(ace.getRestriction(REP_NODE_PATH).getString());
+                Tree tree = getTree(path, Permissions.MODIFY_ACCESS_CONTROL);
+                NodeUtil aclNode = getAclNode(path, tree);
+                if (aclNode == null) {
+                    aclNode = createAclNode(path, tree);
+                }
+                aclNode.getTree().setOrderableChildren(true);
+                writeACE(path, aclNode, ace, principalAcl.rProvider);
+            }
+
+            // remove entries that are not longer present in the acl to write
+            if (existing != null) {
+                List<JackrabbitAccessControlEntry> toRemove = existing.getEntries();
+                toRemove.removeAll(principalAcl.getEntries());
+                for (JackrabbitAccessControlEntry ace : toRemove) {
+                    String path = getOakPath(ace.getRestriction(REP_NODE_PATH).getString());
+                    NodeUtil aclNode = checkNotNull(getAclNode(path, getTree(path, Permissions.MODIFY_ACCESS_CONTROL)));
+                    Iterator<Tree> children = aclNode.getTree().getChildren().iterator();
+                    while (children.hasNext()) {
+                        Tree child = children.next();
+                        if (ace.equals(createACE(path, child, principalAcl.rProvider))) {
+                            child.remove();
+                        }
+                    }
+                }
+            }
         } else {
             Tree tree = getTree(oakPath, Permissions.MODIFY_ACCESS_CONTROL);
             NodeUtil aclNode = getAclNode(oakPath, tree);
@@ -227,24 +263,7 @@ public class AccessControlManagerImpl im
 
             ACL acl = (ACL) policy;
             for (JackrabbitAccessControlEntry ace : acl.getEntries()) {
-                boolean isAllow = ace.isAllow();
-                String nodeName = generateAceName(aclNode, isAllow);
-                String ntName = (isAllow) ? NT_REP_GRANT_ACE : NT_REP_DENY_ACE;
-
-                NodeUtil aceNode = aclNode.addChild(nodeName, ntName);
-                aceNode.setString(REP_PRINCIPAL_NAME, ace.getPrincipal().getName());
-                aceNode.setNames(REP_PRIVILEGES, AccessControlUtils.namesFromPrivileges(ace.getPrivileges()));
-                Set<Restriction> restrictions;
-                if (ace instanceof ACE) {
-                    restrictions = ((ACE) ace).getRestrictions();
-                } else {
-                    String[] rNames = ace.getRestrictionNames();
-                    restrictions = new HashSet<Restriction>(rNames.length);
-                    for (String rName : rNames) {
-                        restrictions.add(restrictionProvider.createRestriction(oakPath, rName,
ace.getRestriction(rName)));
-                    }
-                }
-                restrictionProvider.writeRestrictions(oakPath, aceNode.getTree(), restrictions);
+                writeACE(oakPath, aclNode, ace, restrictionProvider);
             }
         }
     }
@@ -255,8 +274,20 @@ public class AccessControlManagerImpl im
         checkValidPolicy(oakPath, policy);
 
         if (policy instanceof PrincipalACL) {
-            // TODO : OAK-758
-            throw new RepositoryException("not yet implemented");
+            PrincipalACL principalAcl = (PrincipalACL) policy;
+            for (JackrabbitAccessControlEntry ace : principalAcl.getEntries()) {
+                String path = getOakPath(ace.getRestriction(REP_NODE_PATH).getString());
+                Tree tree = getTree(path, Permissions.MODIFY_ACCESS_CONTROL);
+                NodeUtil aclNode = checkNotNull(getAclNode(oakPath, tree));
+
+                Iterator<Tree> children = aclNode.getTree().getChildren().iterator();
+                while (children.hasNext()) {
+                    Tree child = children.next();
+                    if (ace.equals(createACE(path, child, principalAcl.rProvider))) {
+                        child.remove();
+                    }
+                }
+            }
         } else {
             Tree tree = getTree(oakPath, Permissions.MODIFY_ACCESS_CONTROL);
             NodeUtil aclNode = getAclNode(oakPath, tree);
@@ -481,7 +512,7 @@ public class AccessControlManagerImpl im
                 }
             }
         }
-        return new PrincipalACL(principalPath, entries, restrProvider);
+        return new PrincipalACL(principalPath, principal, entries, restrProvider);
     }
 
     @Nonnull
@@ -524,6 +555,29 @@ public class AccessControlManagerImpl im
         }
     }
 
+    private static void writeACE(String oakPath, NodeUtil aclNode,
+                          JackrabbitAccessControlEntry ace,
+                          RestrictionProvider rProvider) throws RepositoryException {
+        boolean isAllow = ace.isAllow();
+        String nodeName = generateAceName(aclNode, isAllow);
+        String ntName = (isAllow) ? NT_REP_GRANT_ACE : NT_REP_DENY_ACE;
+
+        NodeUtil aceNode = aclNode.addChild(nodeName, ntName);
+        aceNode.setString(REP_PRINCIPAL_NAME, ace.getPrincipal().getName());
+        aceNode.setNames(REP_PRIVILEGES, AccessControlUtils.namesFromPrivileges(ace.getPrivileges()));
+        Set<Restriction> restrictions;
+        if (ace instanceof ACE) {
+            restrictions = ((ACE) ace).getRestrictions();
+        } else {
+            String[] rNames = ace.getRestrictionNames();
+            restrictions = new HashSet<Restriction>(rNames.length);
+            for (String rName : rNames) {
+                restrictions.add(rProvider.createRestriction(oakPath, rName, ace.getRestriction(rName)));
+            }
+        }
+        rProvider.writeRestrictions(oakPath, aceNode.getTree(), restrictions);
+    }
+
     @Nonnull
     private Principal getPrincipal(@Nonnull Tree aceTree) {
         String principalName = checkNotNull(TreeUtil.getString(aceTree, REP_PRINCIPAL_NAME));
@@ -703,11 +757,14 @@ public class AccessControlManagerImpl im
 
     private final class PrincipalACL extends NodeACL {
 
+        private final Principal principal;
         private final RestrictionProvider rProvider;
 
-        private PrincipalACL(String oakPath, List<JackrabbitAccessControlEntry> entries,
+        private PrincipalACL(String oakPath, Principal principal,
+                             List<JackrabbitAccessControlEntry> entries,
                              RestrictionProvider restrictionProvider) {
             super(oakPath, entries);
+            this.principal = principal;
             rProvider = restrictionProvider;
         }
 

Modified: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/AccessControlManagerImplTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/AccessControlManagerImplTest.java?rev=1468950&r1=1468949&r2=1468950&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/AccessControlManagerImplTest.java
(original)
+++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/AccessControlManagerImplTest.java
Wed Apr 17 14:54:09 2013
@@ -1261,4 +1261,13 @@ public class AccessControlManagerImplTes
             }
         }
     }
+
+    //-----------------------------------< getApplicablePolicies(Principal) >---
+    // TODO
+
+    //---------------------------------------------< getPolicies(Principal) >---
+    // TODO
+
+    //------------------------------------< getEffectivePolicies(Principal) >---
+    // TODO
 }



Mime
View raw message