jackrabbit-oak-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ang...@apache.org
Subject svn commit: r1534200 - in /jackrabbit/oak/trunk/oak-core/src: main/java/org/apache/jackrabbit/oak/security/authorization/ main/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/ main/java/org/apache/jackrabbit/oak/security/authorizati...
Date Mon, 21 Oct 2013 15:02:04 GMT
Author: angela
Date: Mon Oct 21 15:02:04 2013
New Revision: 1534200

URL: http://svn.apache.org/r1534200
Log:
OAK-527: permissions (minor improvement)

Modified:
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AuthorizationConfigurationImpl.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/AccessControlValidator.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionHook.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionProviderImpl.java
    jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionProviderImplTest.java
    jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionStoreTest.java

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AuthorizationConfigurationImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AuthorizationConfigurationImpl.java?rev=1534200&r1=1534199&r2=1534200&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AuthorizationConfigurationImpl.java
(original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AuthorizationConfigurationImpl.java
Mon Oct 21 15:02:04 2013
@@ -129,6 +129,6 @@ public class  AuthorizationConfiguration
     @Nonnull
     @Override
     public PermissionProvider getPermissionProvider(Root root, Set<Principal> principals)
{
-        return new PermissionProviderImpl(root, principals, getSecurityProvider());
+        return new PermissionProviderImpl(root, principals, this);
     }
 }

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/AccessControlValidator.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/AccessControlValidator.java?rev=1534200&r1=1534199&r2=1534200&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/AccessControlValidator.java
(original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/AccessControlValidator.java
Mon Oct 21 15:02:04 2013
@@ -252,7 +252,7 @@ class AccessControlValidator extends Def
 
     private static void checkMixinTypes(Tree parentTree) throws CommitFailedException {
         Iterable<String> mixinNames = TreeUtil.getNames(parentTree, JcrConstants.JCR_MIXINTYPES);
-        if (mixinNames != null && Iterables.contains(mixinNames, MIX_REP_REPO_ACCESS_CONTROLLABLE))
{
+        if (Iterables.contains(mixinNames, MIX_REP_REPO_ACCESS_CONTROLLABLE)) {
             checkValidRepoAccessControlled(parentTree);
         }
     }

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionHook.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionHook.java?rev=1534200&r1=1534199&r2=1534200&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionHook.java
(original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionHook.java
Mon Oct 21 15:02:04 2013
@@ -24,6 +24,8 @@ import java.util.Set;
 
 import javax.annotation.Nonnull;
 
+import com.google.common.base.Objects;
+import com.google.common.base.Strings;
 import org.apache.jackrabbit.oak.api.CommitFailedException;
 import org.apache.jackrabbit.oak.api.Tree;
 import org.apache.jackrabbit.oak.api.Type;
@@ -47,9 +49,6 @@ import org.apache.jackrabbit.util.Text;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
-import com.google.common.base.Objects;
-import com.google.common.base.Strings;
-
 import static com.google.common.base.Preconditions.checkNotNull;
 import static org.apache.jackrabbit.JcrConstants.JCR_PRIMARYTYPE;
 import static org.apache.jackrabbit.JcrConstants.JCR_SYSTEM;
@@ -90,7 +89,6 @@ public class PermissionHook implements P
     private PrivilegeBitsProvider bitsProvider;
 
     private Map<String, Acl> modified = new HashMap<String, Acl>();
-
     private Map<String, Acl> deleted = new HashMap<String, Acl>();
 
     public PermissionHook(String workspaceName, RestrictionProvider restrictionProvider)
{
@@ -114,10 +112,10 @@ public class PermissionHook implements P
     }
 
     private void apply() {
-        for (Map.Entry<String, Acl> entry:deleted.entrySet()) {
+        for (Map.Entry<String, Acl> entry : deleted.entrySet()) {
             entry.getValue().remove();
         }
-        for (Map.Entry<String, Acl> entry:modified.entrySet()) {
+        for (Map.Entry<String, Acl> entry : modified.entrySet()) {
             entry.getValue().update();
         }
     }
@@ -154,7 +152,7 @@ public class PermissionHook implements P
                 // ignore hidden nodes
                 return true;
             }
-            String path = parentPath + "/" + name;
+            String path = parentPath + '/' + name;
             Tree tree = getTree(name, after);
             if (isACL(tree)) {
                 Acl acl = new Acl(parentPath, name, new AfterNode(path, after));
@@ -171,7 +169,7 @@ public class PermissionHook implements P
                 // ignore hidden nodes
                 return true;
             }
-            String path = parentPath + "/" + name;
+            String path = parentPath + '/' + name;
             Tree beforeTree = getTree(name, before);
             Tree afterTree = getTree(name, after);
             if (isACL(beforeTree)) {
@@ -205,7 +203,7 @@ public class PermissionHook implements P
                 // ignore hidden nodes
                 return true;
             }
-            String path = parentPath + "/" + name;
+            String path = parentPath + '/' + name;
             Tree tree = getTree(name, before);
             if (isACL(tree)) {
                 Acl acl = new Acl(parentPath, name, new BeforeNode(path, before));

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionProviderImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionProviderImpl.java?rev=1534200&r1=1534199&r2=1534200&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionProviderImpl.java
(original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionProviderImpl.java
Mon Oct 21 15:02:04 2013
@@ -31,7 +31,6 @@ import org.apache.jackrabbit.oak.core.Im
 import org.apache.jackrabbit.oak.core.TreeTypeProviderImpl;
 import org.apache.jackrabbit.oak.plugins.version.VersionConstants;
 import org.apache.jackrabbit.oak.spi.security.SecurityConfiguration;
-import org.apache.jackrabbit.oak.spi.security.SecurityProvider;
 import org.apache.jackrabbit.oak.spi.security.authorization.AuthorizationConfiguration;
 import org.apache.jackrabbit.oak.spi.security.authorization.accesscontrol.AccessControlConstants;
 import org.apache.jackrabbit.oak.spi.security.authorization.permission.PermissionConstants;
@@ -59,11 +58,11 @@ public class PermissionProviderImpl impl
     private ImmutableRoot immutableRoot;
 
     public PermissionProviderImpl(@Nonnull Root root, @Nonnull Set<Principal> principals,
-                                  @Nonnull SecurityProvider securityProvider) {
+                                  @Nonnull AuthorizationConfiguration acConfig) {
         this.root = root;
         this.workspaceName = root.getContentSession().getWorkspaceName();
+        this.acConfig = acConfig;
 
-        acConfig = securityProvider.getConfiguration(AuthorizationConfiguration.class);
         immutableRoot = getImmutableRoot(root, acConfig);
 
         if (principals.contains(SystemPrincipal.INSTANCE) || isAdmin(principals)) {

Modified: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionProviderImplTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionProviderImplTest.java?rev=1534200&r1=1534199&r2=1534200&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionProviderImplTest.java
(original)
+++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionProviderImplTest.java
Mon Oct 21 15:02:04 2013
@@ -62,6 +62,7 @@ public class PermissionProviderImplTest 
     );
 
     private Group adminstrators;
+    private AuthorizationConfiguration config;
 
     @Override
     public void before() throws Exception {
@@ -71,6 +72,7 @@ public class PermissionProviderImplTest 
         UserManager uMgr = getUserManager(root);
         adminstrators = uMgr.createGroup(ADMINISTRATOR_GROUP);
         root.commit();
+        config = getSecurityProvider().getConfiguration(AuthorizationConfiguration.class);
     }
 
     @Override
@@ -99,12 +101,16 @@ public class PermissionProviderImplTest 
         return ConfigurationParameters.of(ImmutableMap.of(AuthorizationConfiguration.NAME,
acConfig));
     }
 
+    private PermissionProvider createPermissionProvider(ContentSession session) {
+        return new PermissionProviderImpl(session.getLatestRoot(), session.getAuthInfo().getPrincipals(),
config);
+    }
+
     @Test
     public void testReadPath() throws Exception {
         ContentSession testSession = createTestSession();
         try {
             Root r = testSession.getLatestRoot();
-            PermissionProvider pp = new PermissionProviderImpl(testSession.getLatestRoot(),
testSession.getAuthInfo().getPrincipals(), getSecurityProvider());
+            PermissionProvider pp = createPermissionProvider(testSession);
 
             Tree tree = r.getTree("/");
             assertFalse(tree.exists());
@@ -124,7 +130,7 @@ public class PermissionProviderImplTest 
     public void testIsGrantedForReadPaths() throws Exception {
         ContentSession testSession = createTestSession();
         try {
-            PermissionProvider pp = new PermissionProviderImpl(testSession.getLatestRoot(),
testSession.getAuthInfo().getPrincipals(), getSecurityProvider());
+            PermissionProvider pp = createPermissionProvider(testSession) ;
             for (String path : READ_PATHS) {
                 assertTrue(pp.isGranted(path, Permissions.getString(Permissions.READ)));
                 assertTrue(pp.isGranted(path, Permissions.getString(Permissions.READ_NODE)));
@@ -154,7 +160,7 @@ public class PermissionProviderImplTest 
     public void testGetPrivilegesForReadPaths() throws Exception {
         ContentSession testSession = createTestSession();
         try {
-            PermissionProvider pp = new PermissionProviderImpl(testSession.getLatestRoot(),
testSession.getAuthInfo().getPrincipals(), getSecurityProvider());
+            PermissionProvider pp = createPermissionProvider(testSession) ;
             for (String path : READ_PATHS) {
                 Tree tree = root.getTree(path);
                 assertEquals(Collections.singleton(PrivilegeConstants.JCR_READ), pp.getPrivileges(tree));
@@ -169,7 +175,7 @@ public class PermissionProviderImplTest 
     public void testHasPrivilegesForReadPaths() throws Exception {
         ContentSession testSession = createTestSession();
         try {
-            PermissionProvider pp = new PermissionProviderImpl(testSession.getLatestRoot(),
testSession.getAuthInfo().getPrincipals(), getSecurityProvider());
+            PermissionProvider pp = createPermissionProvider(testSession) ;
             for (String path : READ_PATHS) {
                 Tree tree = root.getTree(path);
                 assertTrue(pp.hasPrivileges(tree, PrivilegeConstants.JCR_READ));
@@ -193,8 +199,7 @@ public class PermissionProviderImplTest 
             Root r = testSession.getLatestRoot();
             Root immutableRoot = new ImmutableRoot(r, TreeTypeProvider.EMPTY);
 
-            PermissionProvider pp = new PermissionProviderImpl(testSession.getLatestRoot(),
testSession.getAuthInfo().getPrincipals(), getSecurityProvider());
-
+            PermissionProvider pp = createPermissionProvider(testSession) ;
             assertTrue(r.getTree("/").exists());
             TreePermission tp = pp.getTreePermission(immutableRoot.getTree("/"), TreePermission.EMPTY);
             assertSame(TreePermission.ALL, tp);

Modified: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionStoreTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionStoreTest.java?rev=1534200&r1=1534199&r2=1534200&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionStoreTest.java
(original)
+++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionStoreTest.java
Mon Oct 21 15:02:04 2013
@@ -28,6 +28,7 @@ import org.apache.jackrabbit.oak.Abstrac
 import org.apache.jackrabbit.oak.api.ContentSession;
 import org.apache.jackrabbit.oak.api.Root;
 import org.apache.jackrabbit.oak.api.Tree;
+import org.apache.jackrabbit.oak.spi.security.authorization.AuthorizationConfiguration;
 import org.apache.jackrabbit.oak.spi.security.authorization.permission.PermissionConstants;
 import org.apache.jackrabbit.oak.spi.security.authorization.permission.PermissionProvider;
 import org.apache.jackrabbit.oak.spi.security.authorization.permission.Permissions;
@@ -44,6 +45,7 @@ import static org.junit.Assert.assertTru
  */
 public class PermissionStoreTest extends AbstractSecurityTest {
 
+    private AuthorizationConfiguration acConfig;
     private ContentSession testSession;
     private Root testRoot;
 
@@ -60,6 +62,7 @@ public class PermissionStoreTest extends
         root.commit();
         testSession = createTestSession();
         testRoot = testSession.getLatestRoot();
+        acConfig = getSecurityProvider().getConfiguration(AuthorizationConfiguration.class);
     }
 
     @Override
@@ -84,6 +87,10 @@ public class PermissionStoreTest extends
         }
     }
 
+    private PermissionProviderImpl createPermissionProvider() {
+        return new PermissionProviderImpl(testRoot, testSession.getAuthInfo().getPrincipals(),
acConfig);
+    }
+
     @Test
     public void testReadAccess() {
         Tree ps = testRoot.getTree(PermissionConstants.PERMISSIONS_STORE_PATH);
@@ -92,7 +99,7 @@ public class PermissionStoreTest extends
 
     @Test
     public void testGetTreePermission() {
-        PermissionProvider pp = new PermissionProviderImpl(testRoot, testSession.getAuthInfo().getPrincipals(),
getSecurityProvider());
+        PermissionProvider pp = createPermissionProvider();
 
         Tree t = root.getTree(PermissionConstants.PERMISSIONS_STORE_PATH);
         assertSame(TreePermission.EMPTY, pp.getTreePermission(t, TreePermission.ALL));
@@ -100,7 +107,7 @@ public class PermissionStoreTest extends
 
     @Test
     public void testIsGranted() {
-        PermissionProvider pp = new PermissionProviderImpl(testRoot, testSession.getAuthInfo().getPrincipals(),
getSecurityProvider());
+        PermissionProvider pp = createPermissionProvider();
 
         Tree t = root.getTree(PermissionConstants.PERMISSIONS_STORE_PATH);
 
@@ -110,7 +117,7 @@ public class PermissionStoreTest extends
 
     @Test
     public void testIsGrantedAtPath() {
-        PermissionProvider pp = new PermissionProviderImpl(testRoot, testSession.getAuthInfo().getPrincipals(),
getSecurityProvider());
+        PermissionProvider pp = createPermissionProvider();
 
         assertFalse(pp.isGranted(PermissionConstants.PERMISSIONS_STORE_PATH, Session.ACTION_READ));
         assertFalse(pp.isGranted(PermissionConstants.PERMISSIONS_STORE_PATH, Session.ACTION_ADD_NODE));
@@ -118,7 +125,7 @@ public class PermissionStoreTest extends
 
     @Test
     public void testHasPrivilege() {
-        PermissionProvider pp = new PermissionProviderImpl(testRoot, testSession.getAuthInfo().getPrincipals(),
getSecurityProvider());
+        PermissionProvider pp = createPermissionProvider();
 
         Tree t = root.getTree(PermissionConstants.PERMISSIONS_STORE_PATH);
         assertFalse(pp.hasPrivileges(t, PrivilegeConstants.JCR_READ));
@@ -126,7 +133,7 @@ public class PermissionStoreTest extends
 
     @Test
     public void testGetPrivilege() {
-        PermissionProvider pp = new PermissionProviderImpl(testRoot, testSession.getAuthInfo().getPrincipals(),
getSecurityProvider());
+        PermissionProvider pp = createPermissionProvider();
 
         Tree t = root.getTree(PermissionConstants.PERMISSIONS_STORE_PATH);
         Set<String> privilegeNames = pp.getPrivileges(t);



Mime
View raw message