jackrabbit-oak-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ang...@apache.org
Subject svn commit: r1475715 - in /jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak: security/authorization/permission/PermissionValidator.java security/user/UserValidator.java spi/commit/VisibleValidator.java spi/state/NodeStateUtils.java
Date Thu, 25 Apr 2013 11:49:21 GMT
Author: angela
Date: Thu Apr 25 11:49:21 2013
New Revision: 1475715

URL: http://svn.apache.org/r1475715
Log:
OAK-527: permissions (wrap permission validator to ignore hidden nodes)
OAK-50: user mgt (wrap user validator to ignore hidden properties and nodes)

Added:
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/commit/VisibleValidator.java
Modified:
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionValidator.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserValidator.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/state/NodeStateUtils.java

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionValidator.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionValidator.java?rev=1475715&r1=1475714&r2=1475715&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionValidator.java
(original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionValidator.java
Thu Apr 25 11:49:21 2013
@@ -24,12 +24,11 @@ import org.apache.jackrabbit.JcrConstant
 import org.apache.jackrabbit.oak.api.CommitFailedException;
 import org.apache.jackrabbit.oak.api.PropertyState;
 import org.apache.jackrabbit.oak.api.Tree;
-import org.apache.jackrabbit.oak.core.ImmutableTree;
 import org.apache.jackrabbit.oak.core.TreeImpl;
-import org.apache.jackrabbit.oak.core.TreeTypeProvider;
 import org.apache.jackrabbit.oak.plugins.version.VersionConstants;
 import org.apache.jackrabbit.oak.spi.commit.DefaultValidator;
 import org.apache.jackrabbit.oak.spi.commit.Validator;
+import org.apache.jackrabbit.oak.spi.commit.VisibleValidator;
 import org.apache.jackrabbit.oak.spi.security.authorization.permission.PermissionProvider;
 import org.apache.jackrabbit.oak.spi.security.authorization.permission.Permissions;
 import org.apache.jackrabbit.oak.spi.state.NodeState;
@@ -140,15 +139,12 @@ class PermissionValidator extends Defaul
 
     //------------------------------------------------------------< private >---
     private Validator nextValidator(@Nullable Tree parentBefore, @Nullable Tree parentAfter)
{
-        return new PermissionValidator(parentBefore, parentAfter, permissionProvider, provider,
permission);
+        Validator validator = new PermissionValidator(parentBefore, parentAfter, permissionProvider,
provider, permission);
+        return new VisibleValidator(validator, true, false);
     }
 
     private Validator checkPermissions(@Nonnull Tree tree, boolean isBefore,
                                        long defaultPermission) throws CommitFailedException
{
-        if (ImmutableTree.getType(tree) == TreeTypeProvider.TYPE_HIDDEN) {
-            // ignore everything below a hidden tree
-            return null;
-        }
         long toTest = getPermission(tree, defaultPermission);
         if (Permissions.isRepositoryPermission(toTest)) {
             if (!permissionProvider.isGranted(toTest)) {
@@ -176,7 +172,6 @@ class PermissionValidator extends Defaul
             // been covered in "propertyChanged"
             return;
         }
-
         long toTest = getPermission(parent, property, defaultPermission);
         if (Permissions.isRepositoryPermission(toTest)) {
             if (!permissionProvider.isGranted(toTest)) {

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserValidator.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserValidator.java?rev=1475715&r1=1475714&r2=1475715&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserValidator.java
(original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserValidator.java
Thu Apr 25 11:49:21 2013
@@ -26,6 +26,7 @@ import org.apache.jackrabbit.oak.api.Tre
 import org.apache.jackrabbit.oak.api.Type;
 import org.apache.jackrabbit.oak.spi.commit.DefaultValidator;
 import org.apache.jackrabbit.oak.spi.commit.Validator;
+import org.apache.jackrabbit.oak.spi.commit.VisibleValidator;
 import org.apache.jackrabbit.oak.spi.security.user.AuthorizableType;
 import org.apache.jackrabbit.oak.spi.security.user.UserConstants;
 import org.apache.jackrabbit.oak.spi.security.user.util.PasswordUtility;
@@ -138,7 +139,7 @@ class UserValidator extends DefaultValid
                 throw constraintViolation(26, "Mandatory property rep:principalName missing.");
             }
         }
-        return new UserValidator(null, tree, provider);
+        return new VisibleValidator(new UserValidator(null, tree, provider), true, true);
     }
 
     @Override

Added: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/commit/VisibleValidator.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/commit/VisibleValidator.java?rev=1475715&view=auto
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/commit/VisibleValidator.java
(added)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/commit/VisibleValidator.java
Thu Apr 25 11:49:21 2013
@@ -0,0 +1,128 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.oak.spi.commit;
+
+import javax.annotation.CheckForNull;
+import javax.annotation.Nonnull;
+import javax.annotation.Nullable;
+
+import org.apache.jackrabbit.oak.api.CommitFailedException;
+import org.apache.jackrabbit.oak.api.PropertyState;
+import org.apache.jackrabbit.oak.spi.state.NodeState;
+import org.apache.jackrabbit.oak.spi.state.NodeStateUtils;
+
+/**
+ * Validator implementation that allows to exclude hidden nodes and/or properties
+ * for the validation process.
+ */
+public class VisibleValidator implements Validator {
+
+    private final Validator validator;
+    private final boolean hideNodes;
+    private final boolean hideProperties;
+
+    public VisibleValidator(@Nonnull Validator validator, boolean hideNodes, boolean hideProperties)
{
+        this.validator = validator;
+        this.hideNodes = hideNodes;
+        this.hideProperties = hideProperties;
+    }
+
+    private Validator getValidator(@Nullable Validator validator) {
+        if (validator == null) {
+            return null;
+        } else {
+            return new VisibleValidator(validator, hideNodes, hideProperties);
+        }
+    }
+
+    private boolean isVisibleNode(String name) {
+        if (hideNodes) {
+            return !NodeStateUtils.isHidden(name);
+        } else {
+            return true;
+        }
+    }
+
+    private boolean isVisibleProperty(String name) {
+        if (hideProperties) {
+            return !NodeStateUtils.isHidden(name);
+        } else {
+            return true;
+        }
+    }
+
+    //----------------------------------------------------------< Validator >---
+
+    @Override
+    public void enter(NodeState before, NodeState after) throws CommitFailedException {
+        validator.enter(before, after);
+    }
+
+    @Override
+    public void leave(NodeState before, NodeState after) throws CommitFailedException {
+        validator.leave(before, after);
+    }
+
+    @Override
+    public void propertyAdded(PropertyState after) throws CommitFailedException {
+        if (isVisibleProperty(after.getName())) {
+            validator.propertyAdded(after);
+        }
+    }
+
+    @Override
+    public void propertyChanged(PropertyState before, PropertyState after) throws CommitFailedException
{
+        if (isVisibleProperty(after.getName())) {
+            validator.propertyChanged(before, after);
+        }
+    }
+
+    @Override
+    public void propertyDeleted(PropertyState before) throws CommitFailedException {
+        if (isVisibleProperty(before.getName())) {
+            validator.propertyDeleted(before);
+        }
+    }
+
+    @Override @CheckForNull
+    public Validator childNodeAdded(String name, NodeState after) throws CommitFailedException
{
+        if (isVisibleNode(name)) {
+            return getValidator(validator.childNodeAdded(name, after));
+        } else {
+            return null;
+        }
+    }
+
+    @Override @CheckForNull
+    public Validator childNodeChanged(String name, NodeState before, NodeState after) throws
CommitFailedException {
+        if (isVisibleNode(name)) {
+            return getValidator(validator.childNodeChanged(name, before, after));
+        } else {
+            return null;
+        }
+    }
+
+    @Override @CheckForNull
+    public Validator childNodeDeleted(String name, NodeState before)
+            throws CommitFailedException {
+        if (isVisibleNode(name)) {
+            return getValidator(validator.childNodeDeleted(name, before));
+        } else {
+            return null;
+        }
+    }
+}
\ No newline at end of file

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/state/NodeStateUtils.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/state/NodeStateUtils.java?rev=1475715&r1=1475714&r2=1475715&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/state/NodeStateUtils.java
(original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/state/NodeStateUtils.java
Thu Apr 25 11:49:21 2013
@@ -17,6 +17,7 @@
 package org.apache.jackrabbit.oak.spi.state;
 
 import javax.annotation.CheckForNull;
+import javax.annotation.Nonnull;
 
 import org.apache.jackrabbit.JcrConstants;
 import org.apache.jackrabbit.oak.api.PropertyState;
@@ -37,8 +38,8 @@ public final class NodeStateUtils {
      * @param name the node or property name
      * @return true if the item is hidden
      */
-    public static boolean isHidden(String name) {
-        return name.startsWith(":");
+    public static boolean isHidden(@Nonnull String name) {
+        return !name.isEmpty() && name.charAt(0) == ':';
     }
 
     @CheckForNull



Mime
View raw message