jackrabbit-oak-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ang...@apache.org
Subject svn commit: r1532771 [2/2] - in /jackrabbit/oak/trunk/oak-core/src: main/java/org/apache/jackrabbit/oak/core/ main/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/ main/java/org/apache/jackrabbit/oak/security/authorization/permissio...
Date Wed, 16 Oct 2013 14:00:52 GMT
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionValidator.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionValidator.java?rev=1532771&r1=1532770&r2=1532771&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionValidator.java
(original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionValidator.java
Wed Oct 16 14:00:51 2013
@@ -32,6 +32,7 @@ import org.apache.jackrabbit.oak.spi.com
 import org.apache.jackrabbit.oak.spi.commit.VisibleValidator;
 import org.apache.jackrabbit.oak.spi.security.authorization.permission.PermissionProvider;
 import org.apache.jackrabbit.oak.spi.security.authorization.permission.Permissions;
+import org.apache.jackrabbit.oak.spi.security.authorization.permission.TreePermission;
 import org.apache.jackrabbit.oak.spi.state.NodeState;
 import org.apache.jackrabbit.oak.spi.state.NodeStateUtils;
 import org.apache.jackrabbit.oak.util.ChildOrderDiff;
@@ -48,6 +49,7 @@ class PermissionValidator extends Defaul
 
     private final Tree parentBefore;
     private final Tree parentAfter;
+    private final TreePermission parentPermission;
     private final PermissionProvider permissionProvider;
     private final PermissionValidatorProvider provider;
 
@@ -56,10 +58,13 @@ class PermissionValidator extends Defaul
     PermissionValidator(Tree parentBefore, Tree parentAfter,
                         PermissionProvider permissionProvider,
                         PermissionValidatorProvider provider) {
-        this(parentBefore, parentAfter, permissionProvider, provider, Permissions.NO_PERMISSION);
+        this(parentBefore, parentAfter,
+                permissionProvider.getTreePermission(parentBefore, TreePermission.EMPTY),
+                permissionProvider, provider, Permissions.NO_PERMISSION);
     }
 
-    PermissionValidator(Tree parentBefore, Tree parentAfter,
+    private PermissionValidator(Tree parentBefore, Tree parentAfter,
+                        @Nullable TreePermission parentPermission,
                         PermissionProvider permissionProvider,
                         PermissionValidatorProvider provider,
                         long permission) {
@@ -67,6 +72,7 @@ class PermissionValidator extends Defaul
         this.provider = provider;
         this.parentBefore = parentBefore;
         this.parentAfter = parentAfter;
+        this.parentPermission = parentPermission;
         if (Permissions.NO_PERMISSION == permission) {
             this.permission = Permissions.getPermission(getPath(parentBefore, parentAfter),
Permissions.NO_PERMISSION);
         } else {
@@ -116,7 +122,7 @@ class PermissionValidator extends Defaul
     public Validator childNodeChanged(String name, NodeState before, NodeState after) throws
CommitFailedException {
         Tree childBefore = parentBefore.getChild(name);
         Tree childAfter = parentAfter.getChild(name);
-        return nextValidator(childBefore, childAfter);
+        return nextValidator(childBefore, childAfter, permissionProvider.getTreePermission(childBefore,
parentPermission));
     }
 
     @Override
@@ -130,8 +136,8 @@ class PermissionValidator extends Defaul
     }
 
     //------------------------------------------------------------< private >---
-    private Validator nextValidator(@Nullable Tree parentBefore, @Nullable Tree parentAfter)
{
-        Validator validator = new PermissionValidator(parentBefore, parentAfter, permissionProvider,
provider, permission);
+    private Validator nextValidator(@Nullable Tree parentBefore, @Nullable Tree parentAfter,
@Nonnull TreePermission treePermission) {
+        Validator validator = new PermissionValidator(parentBefore, parentAfter, treePermission,
permissionProvider, provider, permission);
         return new VisibleValidator(validator, true, false);
     }
 
@@ -139,20 +145,21 @@ class PermissionValidator extends Defaul
                                        long defaultPermission) throws CommitFailedException
{
         long toTest = getPermission(tree, defaultPermission);
         if (Permissions.isRepositoryPermission(toTest)) {
-            if (!permissionProvider.isGranted(toTest)) {
+            if (!permissionProvider.getRepositoryPermission().isGranted(toTest)) {
                 throw new CommitFailedException(ACCESS, 0, "Access denied");
             }
             return null; // no need for further validation down the subtree
         } else {
-            if (!permissionProvider.isGranted(tree, null, toTest)) {
+            TreePermission tp = permissionProvider.getTreePermission(tree, parentPermission);
+            if (!tp.isGranted(toTest)) {
                 throw new CommitFailedException(ACCESS, 0, "Access denied");
             }
             if (noTraverse(toTest, defaultPermission)) {
                 return null;
             } else {
                 return (isBefore) ?
-                    nextValidator(tree, null) :
-                    nextValidator(null, tree);
+                    nextValidator(tree, null, tp) :
+                    nextValidator(null, tree, tp);
             }
         }
     }
@@ -166,10 +173,10 @@ class PermissionValidator extends Defaul
         }
         long toTest = getPermission(parent, property, defaultPermission);
         if (Permissions.isRepositoryPermission(toTest)) {
-            if (!permissionProvider.isGranted(toTest)) {
+            if (!permissionProvider.getRepositoryPermission().isGranted(toTest)) {
                 throw new CommitFailedException(ACCESS, 0, "Access denied");
             }
-        } else if (!permissionProvider.isGranted(parent, property, toTest)) {
+        } else if (!parentPermission.isGranted(toTest, property)) {
             throw new CommitFailedException(ACCESS, 0, "Access denied");
         }
     }

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/permission/OpenPermissionProvider.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/permission/OpenPermissionProvider.java?rev=1532771&r1=1532770&r2=1532771&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/permission/OpenPermissionProvider.java
(original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/permission/OpenPermissionProvider.java
Wed Oct 16 14:00:51 2013
@@ -56,13 +56,13 @@ public final class OpenPermissionProvide
     }
 
     @Override
-    public ReadStatus getReadStatus(@Nonnull Tree tree, PropertyState property) {
-        return ReadStatus.ALLOW_ALL;
+    public RepositoryPermission getRepositoryPermission() {
+        return RepositoryPermission.ALL;
     }
 
     @Override
-    public boolean isGranted(long repositoryPermissions) {
-        return true;
+    public TreePermission getTreePermission(@Nonnull Tree tree, @Nonnull TreePermission parentPermission)
{
+        return TreePermission.ALL;
     }
 
     @Override

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/permission/PermissionProvider.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/permission/PermissionProvider.java?rev=1532771&r1=1532770&r2=1532771&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/permission/PermissionProvider.java
(original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/permission/PermissionProvider.java
Wed Oct 16 14:00:51 2013
@@ -49,30 +49,9 @@ public interface PermissionProvider {
      */
     boolean hasPrivileges(@Nullable Tree tree, String... privilegeNames);
 
-    /**
-     *
-     * @param tree
-     * @param property
-     * @return
-     */
-    ReadStatus getReadStatus(@Nonnull Tree tree, @Nullable PropertyState property);
+    RepositoryPermission getRepositoryPermission();
 
-    /**
-     * Returns {@code true} if the specified repository level permissions are
-     * {@code granted}; false otherwise.
-     *
-     * @param repositoryPermissions Any valid repository level permission such as
-     * for example:
-     * <ul>
-     *     <li>{@link Permissions#NAMESPACE_MANAGEMENT}</li>
-     *     <li>{@link Permissions#NODE_TYPE_DEFINITION_MANAGEMENT}</li>
-     *     <li>{@link Permissions#PRIVILEGE_MANAGEMENT}</li>
-     *     <li>{@link Permissions#WORKSPACE_MANAGEMENT}</li>
-     * </ul>
-     * @return {@code true} if the specified repository level permissions are
-     * {@code granted}; false otherwise.
-     */
-    boolean isGranted(long repositoryPermissions);
+    TreePermission getTreePermission(@Nonnull Tree tree, @Nonnull TreePermission parentPermission);
 
     /**
      *

Added: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/permission/RepositoryPermission.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/permission/RepositoryPermission.java?rev=1532771&view=auto
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/permission/RepositoryPermission.java
(added)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/permission/RepositoryPermission.java
Wed Oct 16 14:00:51 2013
@@ -0,0 +1,54 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.oak.spi.security.authorization.permission;
+
+/**
+ * RepositoryPermission... TODO
+ */
+public interface RepositoryPermission {
+
+    /**
+     * Returns {@code true} if the specified repository level permissions are
+     * {@code granted}; false otherwise.
+     *
+     * @param repositoryPermissions Any valid repository level permission such as
+     * for example:
+     * <ul>
+     *     <li>{@link Permissions#NAMESPACE_MANAGEMENT}</li>
+     *     <li>{@link Permissions#NODE_TYPE_DEFINITION_MANAGEMENT}</li>
+     *     <li>{@link Permissions#PRIVILEGE_MANAGEMENT}</li>
+     *     <li>{@link Permissions#WORKSPACE_MANAGEMENT}</li>
+     * </ul>
+     * @return {@code true} if the specified repository level permissions are
+     * {@code granted}; false otherwise.
+     */
+    boolean isGranted(long repositoryPermissions);
+
+    RepositoryPermission EMPTY = new RepositoryPermission() {
+        @Override
+        public boolean isGranted(long repositoryPermissions) {
+            return false;
+        }
+    };
+
+    RepositoryPermission ALL = new RepositoryPermission() {
+        @Override
+        public boolean isGranted(long repositoryPermissions) {
+            return true;
+        }
+    };
+}
\ No newline at end of file

Added: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/permission/TreePermission.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/permission/TreePermission.java?rev=1532771&view=auto
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/permission/TreePermission.java
(added)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/permission/TreePermission.java
Wed Oct 16 14:00:51 2013
@@ -0,0 +1,104 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.oak.spi.security.authorization.permission;
+
+import javax.annotation.Nonnull;
+import javax.annotation.Nullable;
+
+import org.apache.jackrabbit.oak.api.PropertyState;
+
+/**
+ * TreePermission... TODO
+ */
+public interface TreePermission {
+
+    boolean canRead();
+
+    boolean canRead(@Nonnull PropertyState property);
+
+    boolean canReadAll();
+
+    boolean canReadProperties();
+
+    boolean isGranted(long permissions);
+
+    boolean isGranted(long permissions, @Nonnull PropertyState property);
+
+    TreePermission EMPTY = new TreePermission() {
+        @Override
+        public boolean canRead() {
+            return false;
+        }
+
+        @Override
+        public boolean canRead(@Nonnull PropertyState property) {
+            return false;
+        }
+
+        @Override
+        public boolean canReadAll() {
+            return false;
+        }
+
+        @Override
+        public boolean canReadProperties() {
+            return false;
+        }
+
+        @Override
+        public boolean isGranted(long permissions) {
+            return false;
+        }
+
+        @Override
+        public boolean isGranted(long permissions, @Nullable PropertyState property) {
+            return false;
+        }
+    };
+
+    TreePermission ALL = new TreePermission() {
+        @Override
+        public boolean canRead() {
+            return true;
+        }
+
+        @Override
+        public boolean canRead(@Nonnull PropertyState property) {
+            return true;
+        }
+
+        @Override
+        public boolean canReadAll() {
+            return true;
+        }
+
+        @Override
+        public boolean canReadProperties() {
+            return true;
+        }
+
+        @Override
+        public boolean isGranted(long permissions) {
+            return true;
+        }
+
+        @Override
+        public boolean isGranted(long permissions, @Nullable PropertyState property) {
+            return true;
+        }
+    };
+}
\ No newline at end of file

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/privilege/PrivilegeBits.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/privilege/PrivilegeBits.java?rev=1532771&r1=1532770&r2=1532771&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/privilege/PrivilegeBits.java
(original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/privilege/PrivilegeBits.java
Wed Oct 16 14:00:51 2013
@@ -359,22 +359,6 @@ public final class PrivilegeBits impleme
     }
 
     /**
-     * Returns {@code true} if this instance includes the jcr:read
-     * privilege. Shortcut for calling {@link PrivilegeBits#includes(PrivilegeBits)}
-     * where the other bits represented the jcr:read privilege.
-     *
-     * @return {@code true} if this instance includes the jcr:read
-     *         privilege; {@code false} otherwise.
-     */
-    public boolean includesRead(long readPermission) {
-        if (this == EMPTY) {
-            return false;
-        } else {
-            return d.includes(readPermission);
-        }
-    }
-
-    /**
      * Adds the other privilege bits to this instance.
      *
      * @param other The other privilege bits to be added.

Modified: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/permission/AllPermissionsTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/permission/AllPermissionsTest.java?rev=1532771&r1=1532770&r2=1532771&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/permission/AllPermissionsTest.java
(original)
+++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/permission/AllPermissionsTest.java
Wed Oct 16 14:00:51 2013
@@ -25,7 +25,8 @@ import org.apache.jackrabbit.oak.api.Tre
 import org.apache.jackrabbit.oak.plugins.nodetype.NodeTypeConstants;
 import org.apache.jackrabbit.oak.plugins.version.VersionConstants;
 import org.apache.jackrabbit.oak.spi.security.authorization.permission.Permissions;
-import org.apache.jackrabbit.oak.spi.security.authorization.permission.ReadStatus;
+import org.apache.jackrabbit.oak.spi.security.authorization.permission.RepositoryPermission;
+import org.apache.jackrabbit.oak.spi.security.authorization.permission.TreePermission;
 import org.junit.Before;
 import org.junit.Test;
 
@@ -53,25 +54,25 @@ public class AllPermissionsTest extends 
     }
 
     @Test
-    public void testGetReadStatus() {
+    public void testGetRepositoryPermission() {
+        assertSame(RepositoryPermission.ALL, all.getRepositoryPermission());
+    }
+
+    @Test
+    public void testGetTreePermission() {
         for (String path : paths) {
             Tree tree = root.getTree(path);
             assertTrue(tree.exists());
 
-            assertSame(ReadStatus.ALLOW_ALL, all.getReadStatus(tree, null));
+            assertSame(TreePermission.ALL, all.getTreePermission(tree, TreePermission.EMPTY));
             for (Tree child : tree.getChildren()) {
-                assertSame(ReadStatus.ALLOW_ALL, all.getReadStatus(child, null));
-            }
-            for (PropertyState ps : tree.getProperties()) {
-                assertSame(ReadStatus.ALLOW_ALL, all.getReadStatus(tree, ps));
+                assertSame(TreePermission.ALL, all.getTreePermission(child, TreePermission.EMPTY));
             }
         }
     }
 
     @Test
     public void testIsGranted() {
-        assertTrue(all.isGranted(Permissions.ALL));
-
         for (String path : paths) {
             Tree tree = root.getTree(path);
             assertTrue(tree.exists());

Modified: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionProviderImplTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionProviderImplTest.java?rev=1532771&r1=1532770&r2=1532771&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionProviderImplTest.java
(original)
+++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionProviderImplTest.java
Wed Oct 16 14:00:51 2013
@@ -16,6 +16,7 @@
  */
 package org.apache.jackrabbit.oak.security.authorization.permission;
 
+import java.util.Collections;
 import java.util.HashMap;
 import java.util.Map;
 
@@ -26,6 +27,7 @@ import org.apache.jackrabbit.api.securit
 import org.apache.jackrabbit.oak.AbstractSecurityTest;
 import org.apache.jackrabbit.oak.api.ContentSession;
 import org.apache.jackrabbit.oak.api.Root;
+import org.apache.jackrabbit.oak.api.Tree;
 import org.apache.jackrabbit.oak.core.ImmutableRoot;
 import org.apache.jackrabbit.oak.core.TreeTypeProvider;
 import org.apache.jackrabbit.oak.plugins.name.NamespaceConstants;
@@ -35,11 +37,14 @@ import org.apache.jackrabbit.oak.spi.sec
 import org.apache.jackrabbit.oak.spi.security.authorization.accesscontrol.AccessControlConstants;
 import org.apache.jackrabbit.oak.spi.security.authorization.permission.PermissionConstants;
 import org.apache.jackrabbit.oak.spi.security.authorization.permission.PermissionProvider;
-import org.apache.jackrabbit.oak.spi.security.authorization.permission.ReadStatus;
+import org.apache.jackrabbit.oak.spi.security.authorization.permission.Permissions;
+import org.apache.jackrabbit.oak.spi.security.authorization.permission.RepositoryPermission;
+import org.apache.jackrabbit.oak.spi.security.authorization.permission.TreePermission;
 import org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeConstants;
 import org.apache.jackrabbit.oak.util.NodeUtil;
 import org.junit.Test;
 
+import static org.junit.Assert.assertEquals;
 import static org.junit.Assert.assertFalse;
 import static org.junit.Assert.assertSame;
 import static org.junit.Assert.assertTrue;
@@ -97,17 +102,80 @@ public class PermissionProviderImplTest 
         ContentSession testSession = createTestSession();
         try {
             Root r = testSession.getLatestRoot();
-            Root immutableRoot = new ImmutableRoot(r, TreeTypeProvider.EMPTY);
+            PermissionProvider pp = new PermissionProviderImpl(testSession.getLatestRoot(),
testSession.getAuthInfo().getPrincipals(), getSecurityProvider());
+
+            Tree tree = r.getTree("/");
+            assertFalse(tree.exists());
+            assertFalse(pp.getTreePermission(tree, TreePermission.EMPTY).canRead());
+
+            for (String path : READ_PATHS) {
+                tree = r.getTree(path);
+                assertTrue(tree.exists());
+                assertTrue(pp.getTreePermission(tree, TreePermission.EMPTY).canRead());
+            }
+        } finally {
+            testSession.close();
+        }
+    }
 
+    @Test
+    public void testIsGrantedForReadPaths() throws Exception {
+        ContentSession testSession = createTestSession();
+        try {
             PermissionProvider pp = new PermissionProviderImpl(testSession.getLatestRoot(),
testSession.getAuthInfo().getPrincipals(), getSecurityProvider());
+            for (String path : READ_PATHS) {
+                assertTrue(pp.isGranted(path, Permissions.getString(Permissions.READ)));
+                assertTrue(pp.isGranted(path, Permissions.getString(Permissions.READ_NODE)));
+                assertTrue(pp.isGranted(path + '/' + JcrConstants.JCR_PRIMARYTYPE, Permissions.getString(Permissions.READ_PROPERTY)));
+                assertFalse(pp.isGranted(path, Permissions.getString(Permissions.READ_ACCESS_CONTROL)));
+            }
 
-            assertFalse(r.getTree("/").exists());
-            assertSame(ReadStatus.DENY_THIS, pp.getReadStatus(immutableRoot.getTree("/"),
null));
+            for (String path : READ_PATHS) {
+                Tree tree = root.getTree(path);
+                assertTrue(pp.isGranted(tree, null, Permissions.READ));
+                assertTrue(pp.isGranted(tree, null, Permissions.READ_NODE));
+                assertTrue(pp.isGranted(tree, tree.getProperty(JcrConstants.JCR_PRIMARYTYPE),
Permissions.READ_PROPERTY));
+                assertFalse(pp.isGranted(tree, null, Permissions.READ_ACCESS_CONTROL));
+            }
 
+            RepositoryPermission rp = pp.getRepositoryPermission();
+            assertFalse(rp.isGranted(Permissions.READ));
+            assertFalse(rp.isGranted(Permissions.READ_NODE));
+            assertFalse(rp.isGranted(Permissions.READ_PROPERTY));
+            assertFalse(rp.isGranted(Permissions.READ_ACCESS_CONTROL));
+        } finally {
+            testSession.close();
+        }
+    }
+
+    @Test
+    public void testGetPrivilegesForReadPaths() throws Exception {
+        ContentSession testSession = createTestSession();
+        try {
+            PermissionProvider pp = new PermissionProviderImpl(testSession.getLatestRoot(),
testSession.getAuthInfo().getPrincipals(), getSecurityProvider());
+            for (String path : READ_PATHS) {
+                Tree tree = root.getTree(path);
+                assertEquals(Collections.singleton(PrivilegeConstants.JCR_READ), pp.getPrivileges(tree));
+            }
+            assertEquals(Collections.<String>emptySet(), pp.getPrivileges(null));
+        } finally {
+            testSession.close();
+        }
+    }
+
+    @Test
+    public void testHasPrivilegesForReadPaths() throws Exception {
+        ContentSession testSession = createTestSession();
+        try {
+            PermissionProvider pp = new PermissionProviderImpl(testSession.getLatestRoot(),
testSession.getAuthInfo().getPrincipals(), getSecurityProvider());
             for (String path : READ_PATHS) {
-                assertTrue(r.getTree(path).exists());
-                assertSame(ReadStatus.ALLOW_ALL_REGULAR, pp.getReadStatus(immutableRoot.getTree(path),
null));
+                Tree tree = root.getTree(path);
+                assertTrue(pp.hasPrivileges(tree, PrivilegeConstants.JCR_READ));
+                assertTrue(pp.hasPrivileges(tree, PrivilegeConstants.REP_READ_NODES));
+                assertTrue(pp.hasPrivileges(tree, PrivilegeConstants.REP_READ_PROPERTIES));
+                assertFalse(pp.hasPrivileges(tree, PrivilegeConstants.JCR_READ_ACCESS_CONTROL));
             }
+            assertFalse(pp.hasPrivileges(null, PrivilegeConstants.JCR_READ));
         } finally {
             testSession.close();
         }
@@ -126,11 +194,13 @@ public class PermissionProviderImplTest 
             PermissionProvider pp = new PermissionProviderImpl(testSession.getLatestRoot(),
testSession.getAuthInfo().getPrincipals(), getSecurityProvider());
 
             assertTrue(r.getTree("/").exists());
-            assertSame(ReadStatus.ALLOW_ALL, pp.getReadStatus(immutableRoot.getTree("/"),
null));
+            TreePermission tp = pp.getTreePermission(immutableRoot.getTree("/"), TreePermission.EMPTY);
+            assertSame(TreePermission.ALL, tp);
 
             for (String path : READ_PATHS) {
-                assertTrue(r.getTree(path).exists());
-                assertSame(ReadStatus.ALLOW_ALL, pp.getReadStatus(immutableRoot.getTree(path),
null));
+                Tree tree = r.getTree(path);
+                assertTrue(tree.exists());
+                assertSame(TreePermission.ALL, pp.getTreePermission(tree, TreePermission.EMPTY));
             }
         } finally {
             testSession.close();

Modified: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/privilege/PrivilegeBitsTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/privilege/PrivilegeBitsTest.java?rev=1532771&r1=1532770&r2=1532771&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/privilege/PrivilegeBitsTest.java
(original)
+++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/privilege/PrivilegeBitsTest.java
Wed Oct 16 14:00:51 2013
@@ -151,34 +151,6 @@ public class PrivilegeBitsTest extends A
     }
 
     @Test
-    public void testIncludesRead() {
-        // empty
-        assertFalse(PrivilegeBits.EMPTY.includesRead(Permissions.READ));
-
-        // other privilege bits
-        PrivilegeBits pb = READ_NODES_PRIVILEGE_BITS;
-        assertTrue(pb.includesRead(Permissions.READ_NODE));
-        assertFalse(pb.includesRead(Permissions.READ_PROPERTY));
-        assertFalse(pb.includesRead(Permissions.READ));
-
-        assertTrue(PrivilegeBits.getInstance(pb).includesRead(Permissions.READ_NODE));
-
-        PrivilegeBits mod = PrivilegeBits.getInstance();
-        for (int i = 0; i < 100; i++) {
-            mod.add(pb);
-            assertTrue(mod.includesRead(Permissions.READ_NODE));
-
-            pb = pb.nextBits();
-            assertFalse(pb.toString(), pb.includesRead(Permissions.READ_NODE));
-            assertFalse(PrivilegeBits.getInstance(pb).includesRead(Permissions.READ_NODE));
-
-            PrivilegeBits modifiable = PrivilegeBits.getInstance(pb);
-            modifiable.add(READ_NODES_PRIVILEGE_BITS);
-            assertTrue(modifiable.includesRead(Permissions.READ_NODE));
-        }
-    }
-
-    @Test
     public void testIncludes() {
         // empty
         assertTrue(PrivilegeBits.EMPTY.includes(PrivilegeBits.EMPTY));
@@ -280,21 +252,18 @@ public class PrivilegeBitsTest extends A
             assertTrue(tmp.includes(pb));
             assertFalse(tmp.includes(nxt));
             if (READ_NODES_PRIVILEGE_BITS.equals(pb)) {
-                assertTrue(tmp.includesRead(Permissions.READ_NODE));
+                assertTrue(tmp.includes(PrivilegeBits.BUILT_IN.get(PrivilegeConstants.REP_READ_NODES)));
             } else {
-                assertFalse(tmp.includesRead(Permissions.READ_NODE));
+                assertFalse(tmp.includes(PrivilegeBits.BUILT_IN.get(PrivilegeConstants.REP_READ_NODES)));
             }
             tmp.add(nxt);
             assertTrue(tmp.includes(pb) && tmp.includes(nxt));
             if (READ_NODES_PRIVILEGE_BITS.equals(pb)) {
-                assertTrue(tmp.includesRead(Permissions.READ_NODE));
                 assertTrue(tmp.includes(READ_NODES_PRIVILEGE_BITS));
             } else {
-                assertFalse(tmp.toString(), tmp.includesRead(Permissions.READ_NODE));
                 assertFalse(tmp.includes(READ_NODES_PRIVILEGE_BITS));
             }
             tmp.add(READ_NODES_PRIVILEGE_BITS);
-            assertTrue(tmp.includesRead(Permissions.READ_NODE));
             assertTrue(tmp.includes(READ_NODES_PRIVILEGE_BITS));
 
             pb = nxt;



Mime
View raw message