jackrabbit-oak-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ang...@apache.org
Subject svn commit: r1470455 - /jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeValidator.java
Date Mon, 22 Apr 2013 11:19:00 GMT
Author: angela
Date: Mon Apr 22 11:18:59 2013
New Revision: 1470455

URL: http://svn.apache.org/r1470455
Log:
OAK-64: privilege mgt (minor improvement, use constant for constraint violation)

Modified:
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeValidator.java

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeValidator.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeValidator.java?rev=1470455&r1=1470454&r2=1470455&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeValidator.java
(original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeValidator.java
Mon Apr 22 11:18:59 2013
@@ -31,9 +31,11 @@ import org.apache.jackrabbit.oak.spi.com
 import org.apache.jackrabbit.oak.spi.commit.Validator;
 import org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeDefinition;
 import org.apache.jackrabbit.oak.spi.state.NodeState;
-import org.apache.jackrabbit.oak.util.TreeUtil;
+import org.apache.jackrabbit.oak.spi.state.NodeStateUtils;
 import org.apache.jackrabbit.util.Text;
 
+import static org.apache.jackrabbit.oak.api.CommitFailedException.CONSTRAINT;
+
 /**
  * Validator implementation that is responsible for validating any modifications
  * made to privileges stored in the repository.
@@ -61,68 +63,67 @@ class PrivilegeValidator extends Default
         if (REP_NEXT.equals(before.getName())) {
             validateNext(PrivilegeBits.getInstance(getPrivilegesTree(rootBefore).getProperty(REP_NEXT)));
         } else {
-            throw new CommitFailedException(
-                    "Constraint", 45,
-                    "Attempt to modify existing privilege definition.");
+            throw new CommitFailedException(CONSTRAINT, 45, "Attempt to modify existing privilege
definition.");
         }
     }
 
     @Override
     public void propertyDeleted(PropertyState before) throws CommitFailedException {
-        throw new CommitFailedException(
-                "Constraint", 46,
-                "Attempt to modify existing privilege definition.");
+        throw new CommitFailedException(CONSTRAINT, 46, "Attempt to modify existing privilege
definition.");
     }
 
     @Override
     public Validator childNodeAdded(String name, NodeState after) throws CommitFailedException
{
-        // make sure privileges have been initialized before
-        getPrivilegesTree(rootBefore);
+        if (isPrivilegeDefinition(after)) {
+            // make sure privileges have been initialized before
+            getPrivilegesTree(rootBefore);
 
-        // the following characteristics are expected to be validated elsewhere:
-        // - permission to allow privilege registration -> permission validator.
-        // - name collisions (-> delegated to NodeTypeValidator since sms are not allowed)
-        // - name must be valid (-> delegated to NameValidator)
+            // the following characteristics are expected to be validated elsewhere:
+            // - permission to allow privilege registration -> permission validator.
+            // - name collisions (-> delegated to NodeTypeValidator since sms are not
allowed)
+            // - name must be valid (-> delegated to NameValidator)
 
-        // name may not contain reserved namespace prefix
-        if (NamespaceConstants.RESERVED_PREFIXES.contains(Text.getNamespacePrefix(name)))
{
-            String msg = "Failed to register custom privilege: Definition uses reserved namespace:
" + name;
-            throw new CommitFailedException("Privilege", 1, msg);
-        }
+            // name may not contain reserved namespace prefix
+            if (NamespaceConstants.RESERVED_PREFIXES.contains(Text.getNamespacePrefix(name)))
{
+                String msg = "Failed to register custom privilege: Definition uses reserved
namespace: " + name;
+                throw new CommitFailedException("Privilege", 1, msg);
+            }
 
-        // primary node type name must be rep:privilege
-        Tree tree = new ImmutableTree(ImmutableTree.ParentProvider.UNSUPPORTED, name, after);
-        if (!NT_REP_PRIVILEGE.equals(TreeUtil.getPrimaryTypeName(tree))) {
-            throw new CommitFailedException("Privilege", 2, "Privilege definition must have
primary node type set to rep:privilege");
+            // validate the definition
+            Tree tree = new ImmutableTree(ImmutableTree.ParentProvider.UNSUPPORTED, name,
after);
+            validateDefinition(tree);
         }
 
-        // additional validation of the definition
-        validateDefinition(tree);
-
-        // privilege definitions may not have child nodes.
+        // privilege definitions may not have child nodes (or another type of nodes
+        // that is not handled by this validator anyway).
         return null;
     }
 
     @Override
     public Validator childNodeChanged(String name, NodeState before, NodeState after) throws
CommitFailedException {
-        throw new CommitFailedException(
-                "Constraint", 41,
-                "Attempt to modify existing privilege definition " + name);
+        if (isPrivilegeDefinition(before)) {
+            throw new CommitFailedException(CONSTRAINT, 41, "Attempt to modify existing privilege
definition " + name);
+        } else {
+            // not handled by this validator
+            return null;
+        }
     }
 
     @Override
     public Validator childNodeDeleted(String name, NodeState before) throws CommitFailedException
{
-        throw new CommitFailedException(
-                "Constraint", 42,
-                "Attempt to un-register privilege " + name);
+        if (isPrivilegeDefinition(before)) {
+            throw new CommitFailedException(CONSTRAINT, 42, "Attempt to un-register privilege
" + name);
+        }  else {
+            // not handled by this validator
+            return null;
+        }
     }
 
     //------------------------------------------------------------< private >---
     private void validateNext(PrivilegeBits bits) throws CommitFailedException {
         PrivilegeBits next = PrivilegeBits.getInstance(getPrivilegesTree(rootAfter).getProperty(REP_NEXT));
         if (!next.equals(bits.nextBits())) {
-            throw new CommitFailedException(
-                    "Constraint", 43, "Next bits not updated");
+            throw new CommitFailedException(CONSTRAINT, 43, "Next bits not updated");
         }
     }
 
@@ -130,8 +131,7 @@ class PrivilegeValidator extends Default
     private Tree getPrivilegesTree(Root root) throws CommitFailedException {
         Tree privilegesTree = root.getTree(PRIVILEGES_PATH);
         if (privilegesTree == null) {
-            throw new CommitFailedException(
-                    "Constraint", 44, "Privilege store not initialized.");
+            throw new CommitFailedException(CONSTRAINT, 44, "Privilege store not initialized.");
         }
         return privilegesTree;
     }
@@ -153,8 +153,7 @@ class PrivilegeValidator extends Default
     private void validateDefinition(Tree definitionTree) throws CommitFailedException {
         PrivilegeBits newBits = PrivilegeBits.getInstance(definitionTree);
         if (newBits.isEmpty()) {
-            throw new CommitFailedException(
-                    "Constraint", 48, "PrivilegeBits are missing.");
+            throw new CommitFailedException(CONSTRAINT, 48, "PrivilegeBits are missing.");
         }
 
         Set<String> privNames = bitsProvider.getPrivilegeNames(newBits);
@@ -164,8 +163,7 @@ class PrivilegeValidator extends Default
         // non-aggregate privilege
         if (declaredNames.isEmpty()) {
             if (!privNames.isEmpty()) {
-                throw new CommitFailedException(
-                        "Constraint", 49, "PrivilegeBits already in used.");
+                throw new CommitFailedException(CONSTRAINT, 49, "PrivilegeBits already in
used.");
             }
             validateNext(newBits);
             return;
@@ -173,8 +171,7 @@ class PrivilegeValidator extends Default
 
         // aggregation of a single privilege
         if (declaredNames.size() == 1) {
-            throw new CommitFailedException(
-                    "Constraint", 50, "Singular aggregation is equivalent to existing privilege.");
+            throw new CommitFailedException(CONSTRAINT, 50, "Singular aggregation is equivalent
to existing privilege.");
         }
 
         // aggregation of >1 privileges
@@ -182,14 +179,13 @@ class PrivilegeValidator extends Default
         for (String aggrName : declaredNames) {
             // aggregated privilege not registered
             if (!definitions.containsKey(aggrName)) {
-                throw new CommitFailedException(
-                        "Constraint", 51, "Declared aggregate '" + aggrName + "' is not a
registered privilege.");
+                throw new CommitFailedException(CONSTRAINT, 51, "Declared aggregate '" +
aggrName + "' is not a registered privilege.");
             }
 
             // check for circular aggregation
             if (isCircularAggregation(definition.getName(), aggrName, definitions)) {
                 String msg = "Detected circular aggregation within custom privilege caused
by " + aggrName;
-                throw new CommitFailedException("Constraint", 52, msg);
+                throw new CommitFailedException(CONSTRAINT, 52, msg);
             }
         }
 
@@ -203,15 +199,13 @@ class PrivilegeValidator extends Default
             // test for exact same aggregation or aggregation with the same net effect
             if (declaredNames.equals(existingDeclared) || aggregateNames.equals(resolveAggregates(existingDeclared,
definitions))) {
                 String msg = "Custom aggregate privilege '" + definition.getName() + "' is
already covered by '" + existing.getName() + '\'';
-                throw new CommitFailedException("Constraint", 53, msg);
+                throw new CommitFailedException(CONSTRAINT, 53, msg);
             }
         }
 
         PrivilegeBits aggrBits = bitsProvider.getBits(declaredNames.toArray(new String[declaredNames.size()]));
         if (!newBits.equals(aggrBits)) {
-            throw new CommitFailedException(
-                    "Constraint", 53,
-                    "Invalid privilege bits for aggregated privilege definition.");
+            throw new CommitFailedException(CONSTRAINT, 53, "Invalid privilege bits for aggregated
privilege definition.");
         }
     }
 
@@ -243,9 +237,7 @@ class PrivilegeValidator extends Default
         for (String name : declared) {
             PrivilegeDefinition d = definitions.get(name);
             if (d == null) {
-                throw new CommitFailedException(
-                        "Constraint", 47,
-                        "Invalid declared aggregate name " + name + ": Unknown privilege.");
+                throw new CommitFailedException(CONSTRAINT, 47, "Invalid declared aggregate
name " + name + ": Unknown privilege.");
             }
 
             Set<String> names = d.getDeclaredAggregateNames();
@@ -257,4 +249,8 @@ class PrivilegeValidator extends Default
         }
         return aggregateNames;
     }
-}
+
+    private static boolean isPrivilegeDefinition(@Nonnull NodeState state) {
+        return NT_REP_PRIVILEGE.equals(NodeStateUtils.getPrimaryTypeName(state));
+    }
+}
\ No newline at end of file



Mime
View raw message