jackrabbit-oak-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ang...@apache.org
Subject svn commit: r1508464 - in /jackrabbit/oak/trunk/oak-core/src: main/java/org/apache/jackrabbit/oak/security/privilege/ main/java/org/apache/jackrabbit/oak/spi/security/privilege/ test/java/org/apache/jackrabbit/oak/security/privilege/ test/java/org/apac...
Date Tue, 30 Jul 2013 14:28:41 GMT
Author: angela
Date: Tue Jul 30 14:28:40 2013
New Revision: 1508464

URL: http://svn.apache.org/r1508464
Log:
OAK-64 : Privilege Management

- javadoc
- tests
- fixing leftover of Tree#getChild returning null -> changed to test for existence

Modified:
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeDefinitionReader.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeManagerImpl.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/privilege/PrivilegeBits.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/privilege/PrivilegeUtil.java
    jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeDefinitionReaderTest.java
    jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeDefinitionWriterTest.java
    jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/privilege/PrivilegeBitsTest.java

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeDefinitionReader.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeDefinitionReader.java?rev=1508464&r1=1508463&r2=1508464&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeDefinitionReader.java
(original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeDefinitionReader.java
Tue Jul 30 14:28:40 2013
@@ -21,7 +21,6 @@ import java.util.Map;
 
 import javax.annotation.CheckForNull;
 import javax.annotation.Nonnull;
-import javax.annotation.Nullable;
 
 import org.apache.jackrabbit.oak.api.Root;
 import org.apache.jackrabbit.oak.api.Tree;
@@ -76,7 +75,7 @@ class PrivilegeDefinitionReader implemen
         }
     }
 
-    private static boolean isPrivilegeDefinition(@Nullable Tree tree) {
-        return tree != null && NT_REP_PRIVILEGE.equals(TreeUtil.getPrimaryTypeName(tree));
+    private static boolean isPrivilegeDefinition(@Nonnull Tree tree) {
+        return tree.exists() && NT_REP_PRIVILEGE.equals(TreeUtil.getPrimaryTypeName(tree));
     }
 }
\ No newline at end of file

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeManagerImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeManagerImpl.java?rev=1508464&r1=1508463&r2=1508464&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeManagerImpl.java
(original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeManagerImpl.java
Tue Jul 30 14:28:40 2013
@@ -194,7 +194,6 @@ class PrivilegeManagerImpl implements Pr
             for (Privilege decl : getDeclaredAggregatePrivileges()) {
                 aggr.add(decl);
                 if (decl.isAggregate()) {
-                    // TODO: defensive check to prevent circular aggregation that might occur
with inconsistent repositories
                     aggr.addAll(Arrays.asList(decl.getAggregatePrivileges()));
                 }
             }

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/privilege/PrivilegeBits.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/privilege/PrivilegeBits.java?rev=1508464&r1=1508463&r2=1508464&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/privilege/PrivilegeBits.java
(original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/privilege/PrivilegeBits.java
Tue Jul 30 14:28:40 2013
@@ -32,7 +32,7 @@ import org.apache.jackrabbit.oak.spi.sec
 import static com.google.common.base.Preconditions.checkArgument;
 
 /**
- * {@code PrivilegeBits} TODO
+ * Internal representation of JCR privileges.
  */
 public final class PrivilegeBits implements PrivilegeConstants {
 

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/privilege/PrivilegeUtil.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/privilege/PrivilegeUtil.java?rev=1508464&r1=1508463&r2=1508464&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/privilege/PrivilegeUtil.java
(original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/privilege/PrivilegeUtil.java
Tue Jul 30 14:28:40 2013
@@ -23,7 +23,7 @@ import org.apache.jackrabbit.oak.api.Tre
 import org.apache.jackrabbit.oak.util.TreeUtil;
 
 /**
- * PrivilegeUtil... TODO
+ * Privilege management related utility methods.
  */
 public final class PrivilegeUtil implements PrivilegeConstants {
 
@@ -41,8 +41,12 @@ public final class PrivilegeUtil impleme
     }
 
     /**
-     * @param definitionTree
-     * @return
+     * Reads the privilege definition stored in the specified definition tree.
+     * Note, that this utility does not check the existence nor the node type
+     * of the specified tree.
+     *
+     * @param definitionTree An existing tree storing a privilege definition.
+     * @return A new instance of {@code PrivilegeDefinition}.
      */
     @Nonnull
     public static PrivilegeDefinition readDefinition(@Nonnull Tree definitionTree) {

Modified: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeDefinitionReaderTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeDefinitionReaderTest.java?rev=1508464&r1=1508463&r2=1508464&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeDefinitionReaderTest.java
(original)
+++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeDefinitionReaderTest.java
Tue Jul 30 14:28:40 2013
@@ -16,17 +16,40 @@
  */
 package org.apache.jackrabbit.oak.security.privilege;
 
+import org.apache.jackrabbit.oak.AbstractSecurityTest;
+import org.apache.jackrabbit.oak.Oak;
+import org.apache.jackrabbit.oak.api.ContentRepository;
+import org.apache.jackrabbit.oak.api.Root;
+import org.apache.jackrabbit.oak.spi.security.OpenSecurityProvider;
+import org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeConstants;
 import org.junit.Test;
 
-public class PrivilegeDefinitionReaderTest {
+import static org.junit.Assert.assertNotNull;
+import static org.junit.Assert.assertNull;
+
+public class PrivilegeDefinitionReaderTest extends AbstractSecurityTest implements PrivilegeConstants
{
+
+    @Test
+    public void testReadNonExisting() throws Exception {
+        PrivilegeDefinitionReader reader = new PrivilegeDefinitionReader(root);
+        assertNull(reader.readDefinition("nonexisting"));
+    }
 
     @Test
-    public void testReadDefinition() {
-        // TODO
+    public void testReadDefinition() throws Exception {
+        PrivilegeDefinitionReader reader = new PrivilegeDefinitionReader(root);
+        assertNotNull(reader.readDefinition(JCR_READ));
     }
 
     @Test
-    public void testReadDefinitions() {
-        // TODO
+    public void testMissingPermissionRoot() throws Exception {
+        ContentRepository repo = new Oak().with(new OpenSecurityProvider()).createContentRepository();
+        Root tmpRoot = repo.login(null, null).getLatestRoot();
+        try {
+            PrivilegeDefinitionReader reader = new PrivilegeDefinitionReader(tmpRoot);
+            assertNull(reader.readDefinition(JCR_READ));
+        } finally {
+            tmpRoot.getContentSession().close();
+        }
     }
 }

Modified: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeDefinitionWriterTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeDefinitionWriterTest.java?rev=1508464&r1=1508463&r2=1508464&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeDefinitionWriterTest.java
(original)
+++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeDefinitionWriterTest.java
Tue Jul 30 14:28:40 2013
@@ -16,12 +16,74 @@
  */
 package org.apache.jackrabbit.oak.security.privilege;
 
+import java.util.Collections;
+import javax.jcr.RepositoryException;
+
+import org.apache.jackrabbit.oak.AbstractSecurityTest;
+import org.apache.jackrabbit.oak.Oak;
+import org.apache.jackrabbit.oak.api.ContentRepository;
+import org.apache.jackrabbit.oak.api.Root;
+import org.apache.jackrabbit.oak.api.Tree;
+import org.apache.jackrabbit.oak.spi.security.OpenSecurityProvider;
+import org.apache.jackrabbit.oak.spi.security.privilege.ImmutablePrivilegeDefinition;
+import org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeConstants;
+import org.apache.jackrabbit.oak.util.TreeUtil;
+import org.junit.After;
 import org.junit.Test;
 
-public class PrivilegeDefinitionWriterTest {
+import static org.junit.Assert.assertArrayEquals;
+import static org.junit.Assert.assertTrue;
+import static org.junit.Assert.fail;
+
+public class PrivilegeDefinitionWriterTest extends AbstractSecurityTest implements PrivilegeConstants
{
+
+    @After
+    @Override
+    public void after() throws Exception {
+        try {
+            root.refresh();
+        } finally {
+            super.after();
+        }
+    }
+
+    @Test
+    public void testNameCollision() {
+        try {
+            PrivilegeDefinitionWriter writer = new PrivilegeDefinitionWriter(root);
+            writer.writeDefinition(new ImmutablePrivilegeDefinition(JCR_READ, true, Collections.<String>emptySet()));
+            fail("name collision");
+        } catch (RepositoryException e) {
+            // success
+        }
+    }
+
+    @Test
+    public void testMissingPrivilegeRoot() throws Exception {
+        ContentRepository repo = new Oak().with(new OpenSecurityProvider()).createContentRepository();
+        Root tmpRoot = repo.login(null, null).getLatestRoot();
+        try {
+            PrivilegeDefinitionWriter writer = new PrivilegeDefinitionWriter(tmpRoot);
+            writer.writeDefinition(new ImmutablePrivilegeDefinition("newName", true, Collections.<String>emptySet()));
+            fail("missing privilege root");
+        } catch (RepositoryException e) {
+            // success
+        } finally {
+            tmpRoot.getContentSession().close();
+        }
+    }
 
     @Test
-    public void testWriteDefinition() {
-        // TODO
+    public void testWriteDefinition() throws Exception {
+        PrivilegeDefinitionWriter writer = new PrivilegeDefinitionWriter(root);
+        writer.writeDefinition(new ImmutablePrivilegeDefinition("tmp", true, JCR_READ_ACCESS_CONTROL,
JCR_MODIFY_ACCESS_CONTROL));
+
+        Tree privRoot = root.getTree(PRIVILEGES_PATH);
+        assertTrue(privRoot.hasChild("tmp"));
+
+        Tree tmpTree = privRoot.getChild("tmp");
+        assertTrue(TreeUtil.getBoolean(tmpTree, REP_IS_ABSTRACT));
+        assertArrayEquals(new String[] {JCR_READ_ACCESS_CONTROL, JCR_MODIFY_ACCESS_CONTROL},
+                TreeUtil.getStrings(tmpTree, REP_AGGREGATES));
     }
 }
\ No newline at end of file

Modified: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/privilege/PrivilegeBitsTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/privilege/PrivilegeBitsTest.java?rev=1508464&r1=1508463&r2=1508464&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/privilege/PrivilegeBitsTest.java
(original)
+++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/privilege/PrivilegeBitsTest.java
Tue Jul 30 14:28:40 2013
@@ -17,8 +17,12 @@
 package org.apache.jackrabbit.oak.spi.security.privilege;
 
 import java.util.Collections;
+import java.util.HashMap;
+import java.util.Map;
 
+import org.apache.jackrabbit.oak.AbstractSecurityTest;
 import org.apache.jackrabbit.oak.api.PropertyState;
+import org.apache.jackrabbit.oak.api.Tree;
 import org.apache.jackrabbit.oak.api.Type;
 import org.apache.jackrabbit.oak.plugins.memory.PropertyStates;
 import org.apache.jackrabbit.oak.spi.security.authorization.permission.Permissions;
@@ -31,7 +35,7 @@ import static org.junit.Assert.assertSam
 import static org.junit.Assert.assertTrue;
 import static org.junit.Assert.fail;
 
-public class PrivilegeBitsTest implements PrivilegeConstants {
+public class PrivilegeBitsTest extends AbstractSecurityTest implements PrivilegeConstants
{
 
     private static final long NO_PRIVILEGE = 0;
     private static final PrivilegeBits READ_NODES_PRIVILEGE_BITS = PrivilegeBits.BUILT_IN.get(REP_READ_NODES);
@@ -537,11 +541,67 @@ public class PrivilegeBitsTest implement
 
     @Test
     public void testGetInstanceFromTree() {
-        // TODO
+        Tree privRoot = root.getTree(PRIVILEGES_PATH);
+        try {
+            Tree tmp = privRoot.addChild("tmpPrivilege");
+            PrivilegeBits tmpBits = PrivilegeBits.getInstance(privRoot.getProperty(REP_NEXT));
+            tmpBits.writeTo(tmp);
+
+            Map<Tree, PrivilegeBits> treeToBits = new HashMap<Tree, PrivilegeBits>();
+            treeToBits.put(privRoot.getChild(JCR_READ), PrivilegeBits.BUILT_IN.get(JCR_READ));
+            treeToBits.put(tmp, tmpBits);
+            treeToBits.put(privRoot, tmpBits);
+
+            for (Tree tree : treeToBits.keySet()) {
+                assertEquals(treeToBits.get(tree), PrivilegeBits.getInstance(tree));
+            }
+        } finally {
+            root.refresh();
+        }
     }
 
     @Test
     public void testCalculatePermissions() {
-        // TODO
+        PrivilegeBitsProvider provider = new PrivilegeBitsProvider(root);
+
+        Map<PrivilegeBits, Long> simple = new HashMap<PrivilegeBits, Long>();
+        simple.put(PrivilegeBits.EMPTY, Permissions.NO_PERMISSION);
+        simple.put(provider.getBits(JCR_READ), Permissions.READ);
+        simple.put(provider.getBits(JCR_LOCK_MANAGEMENT), Permissions.LOCK_MANAGEMENT);
+        simple.put(provider.getBits(JCR_VERSION_MANAGEMENT), Permissions.VERSION_MANAGEMENT);
+        simple.put(provider.getBits(JCR_READ_ACCESS_CONTROL), Permissions.READ_ACCESS_CONTROL);
+        simple.put(provider.getBits(JCR_MODIFY_ACCESS_CONTROL), Permissions.MODIFY_ACCESS_CONTROL);
+        simple.put(provider.getBits(REP_READ_NODES), Permissions.READ_NODE);
+        simple.put(provider.getBits(REP_READ_PROPERTIES), Permissions.READ_PROPERTY);
+        simple.put(provider.getBits(REP_USER_MANAGEMENT), Permissions.USER_MANAGEMENT);
+        for (PrivilegeBits pb : simple.keySet()) {
+            long expected = simple.get(pb).longValue();
+            assertTrue(expected == PrivilegeBits.calculatePermissions(pb, PrivilegeBits.EMPTY,
true));
+        }
+
+        // jcr:add aggregate
+        PrivilegeBits all = provider.getBits(JCR_ALL);
+        assertFalse(Permissions.ALL == PrivilegeBits.calculatePermissions(all, PrivilegeBits.EMPTY,
true));
+        assertTrue(Permissions.ALL == PrivilegeBits.calculatePermissions(all, all, true));
+
+        // parent aware permissions
+        // a) jcr:addChildNodes
+        PrivilegeBits addChild = provider.getBits(JCR_ADD_CHILD_NODES);
+        assertFalse(Permissions.ADD_NODE == PrivilegeBits.calculatePermissions(addChild,
PrivilegeBits.EMPTY, true));
+        assertTrue(Permissions.ADD_NODE == PrivilegeBits.calculatePermissions(PrivilegeBits.EMPTY,
addChild, true));
+
+        // b) jcr:removeChildNodes and jcr:removeNode
+        PrivilegeBits removeChild = provider.getBits(JCR_REMOVE_CHILD_NODES);
+        assertFalse(Permissions.REMOVE_NODE == PrivilegeBits.calculatePermissions(removeChild,
PrivilegeBits.EMPTY, true));
+        assertFalse(Permissions.REMOVE_NODE == PrivilegeBits.calculatePermissions(PrivilegeBits.EMPTY,
removeChild, true));
+
+        PrivilegeBits removeNode = provider.getBits(JCR_REMOVE_NODE);
+        assertFalse(Permissions.REMOVE_NODE == PrivilegeBits.calculatePermissions(removeNode,
PrivilegeBits.EMPTY, true));
+        assertFalse(Permissions.REMOVE_NODE == PrivilegeBits.calculatePermissions(PrivilegeBits.EMPTY,
removeNode, true));
+
+        PrivilegeBits remove = provider.getBits(JCR_REMOVE_CHILD_NODES, JCR_REMOVE_NODE);
+        assertFalse(Permissions.REMOVE_NODE == PrivilegeBits.calculatePermissions(remove,
PrivilegeBits.EMPTY, true));
+        assertFalse(Permissions.REMOVE_NODE == PrivilegeBits.calculatePermissions(PrivilegeBits.EMPTY,
remove, true));
+        assertTrue(Permissions.REMOVE_NODE == PrivilegeBits.calculatePermissions(remove,
remove, true));
     }
 }
\ No newline at end of file



Mime
View raw message