jackrabbit-oak-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ang...@apache.org
Subject svn commit: r1537553 - in /jackrabbit/oak/trunk: oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/ oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/accesscontrol/ oak-core/src/test/java/or...
Date Thu, 31 Oct 2013 16:54:21 GMT
Author: angela
Date: Thu Oct 31 16:54:20 2013
New Revision: 1537553

URL: http://svn.apache.org/r1537553
Log:
OAK-51 Access Control Management (adjust code to implement API modifications -> see JCR-3641)

Modified:
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/ACL.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/accesscontrol/AbstractAccessControlList.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/accesscontrol/ImmutableACL.java
    jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/ACLTest.java
    jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/accesscontrol/ImmutableACLTest.java
    jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/accesscontrol/TestACL.java
    jackrabbit/oak/trunk/oak-parent/pom.xml

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/ACL.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/ACL.java?rev=1537553&r1=1537552&r2=1537553&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/ACL.java
(original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/ACL.java
Thu Oct 31 16:54:20 2013
@@ -90,10 +90,10 @@ abstract class ACL extends AbstractAcces
     }
 
     //----------------------------------------< JackrabbitAccessControlList >---
-
     @Override
     public boolean addEntry(Principal principal, Privilege[] privileges,
-                            boolean isAllow, Map<String, Value> restrictions) throws
RepositoryException {
+                            boolean isAllow, Map<String, Value> restrictions,
+                            Map<String, Value[]> mvRestrictions) throws RepositoryException
{
         if (privileges == null || privileges.length == 0) {
             throw new AccessControlException("Privileges may not be null nor an empty array");
         }
@@ -114,13 +114,21 @@ abstract class ACL extends AbstractAcces
         }
 
         Set<Restriction> rs;
-        if (restrictions == null) {
+        if (restrictions == null && mvRestrictions == null) {
             rs = Collections.emptySet();
         } else {
-            rs = new HashSet<Restriction>(restrictions.size());
-            for (String jcrName : restrictions.keySet()) {
-                String oakName = getNamePathMapper().getOakName(jcrName);
-                rs.add(getRestrictionProvider().createRestriction(getOakPath(), oakName,
restrictions.get(oakName)));
+            rs = new HashSet<Restriction>();
+            if (restrictions != null) {
+                for (String jcrName : restrictions.keySet()) {
+                    String oakName = getNamePathMapper().getOakName(jcrName);
+                    rs.add(getRestrictionProvider().createRestriction(getOakPath(), oakName,
restrictions.get(oakName)));
+                }
+            }
+            if (mvRestrictions != null) {
+                for (String jcrName : mvRestrictions.keySet()) {
+                    String oakName = getNamePathMapper().getOakName(jcrName);
+                    rs.add(getRestrictionProvider().createRestriction(getOakPath(), oakName,
mvRestrictions.get(oakName)));
+                }
             }
         }
 

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/accesscontrol/AbstractAccessControlList.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/accesscontrol/AbstractAccessControlList.java?rev=1537553&r1=1537552&r2=1537553&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/accesscontrol/AbstractAccessControlList.java
(original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/accesscontrol/AbstractAccessControlList.java
Thu Oct 31 16:54:20 2013
@@ -20,6 +20,7 @@ import java.security.Principal;
 import java.util.Collection;
 import java.util.Collections;
 import java.util.List;
+import java.util.Map;
 import javax.annotation.CheckForNull;
 import javax.annotation.Nonnull;
 import javax.annotation.Nullable;
@@ -27,6 +28,7 @@ import javax.jcr.PropertyType;
 import javax.jcr.RepositoryException;
 import javax.jcr.Value;
 import javax.jcr.security.AccessControlEntry;
+import javax.jcr.security.AccessControlException;
 import javax.jcr.security.Privilege;
 
 import com.google.common.base.Function;
@@ -131,4 +133,9 @@ public abstract class AbstractAccessCont
     public boolean addEntry(Principal principal, Privilege[] privileges, boolean isAllow)
throws RepositoryException {
         return addEntry(principal, privileges, isAllow, Collections.<String, Value>emptyMap());
     }
+
+    @Override
+    public boolean addEntry(Principal principal, Privilege[] privileges, boolean isAllow,
Map<String, Value> restrictions) throws AccessControlException, RepositoryException
{
+        return addEntry(principal, privileges, isAllow, restrictions, null);
+    }
 }
\ No newline at end of file

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/accesscontrol/ImmutableACL.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/accesscontrol/ImmutableACL.java?rev=1537553&r1=1537552&r2=1537553&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/accesscontrol/ImmutableACL.java
(original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/accesscontrol/ImmutableACL.java
Thu Oct 31 16:54:20 2013
@@ -76,6 +76,11 @@ public class ImmutableACL extends Abstra
     }
 
     @Override
+    public boolean addEntry(Principal principal, Privilege[] privileges, boolean isAllow,
Map<String, Value> restrictions, Map<String, Value[]> mvRestrictions) throws AccessControlException
{
+        throw new AccessControlException("Immutable ACL. Use AccessControlManager#getPolicy
or #getApplicablePolicies in order to obtain an modifiable ACL.");
+    }
+
+    @Override
     public void orderBefore(AccessControlEntry srcEntry, AccessControlEntry destEntry) throws
AccessControlException {
         throw new AccessControlException("Immutable ACL. Use AccessControlManager#getPolicy
or #getApplicablePolicy in order to obtain a modifiable ACL.");
     }

Modified: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/ACLTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/ACLTest.java?rev=1537553&r1=1537552&r2=1537553&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/ACLTest.java
(original)
+++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/ACLTest.java
Thu Oct 31 16:54:20 2013
@@ -30,12 +30,15 @@ import javax.annotation.Nullable;
 import javax.jcr.PropertyType;
 import javax.jcr.RepositoryException;
 import javax.jcr.Value;
+import javax.jcr.ValueFactory;
+import javax.jcr.ValueFormatException;
 import javax.jcr.security.AccessControlEntry;
 import javax.jcr.security.AccessControlException;
 import javax.jcr.security.Privilege;
 
 import com.google.common.collect.ImmutableSet;
 import com.google.common.collect.Sets;
+import org.apache.jackrabbit.JcrConstants;
 import org.apache.jackrabbit.api.security.JackrabbitAccessControlEntry;
 import org.apache.jackrabbit.api.security.JackrabbitAccessControlList;
 import org.apache.jackrabbit.api.security.authorization.PrivilegeManager;
@@ -640,6 +643,31 @@ public class ACLTest extends AbstractAcc
     }
 
     @Test
+    public void testMvRestrictions() throws Exception {
+
+        ValueFactory vf = getValueFactory();
+        Value[] vs = new Value[] {
+                vf.createValue(JcrConstants.NT_FILE, PropertyType.NAME),
+                vf.createValue(JcrConstants.NT_FOLDER, PropertyType.NAME)
+        };
+        Map<String, Value[]> mvRestrictions = Collections.singletonMap(REP_NT_NAMES,
vs);
+        Map<String, Value> restrictions = Collections.singletonMap(REP_GLOB, vf.createValue("/.*"));
+
+        assertTrue(acl.addEntry(testPrincipal, testPrivileges, false, restrictions, mvRestrictions));
+        assertFalse(acl.addEntry(testPrincipal, testPrivileges, false, restrictions, mvRestrictions));
+        assertEquals(1, acl.getAccessControlEntries().length);
+        JackrabbitAccessControlEntry ace = (JackrabbitAccessControlEntry) acl.getAccessControlEntries()[0];
+        try {
+            ace.getRestriction(REP_NT_NAMES);
+            fail();
+        } catch (ValueFormatException e) {
+            // success
+        }
+        Value[] vvs = ace.getRestrictions(REP_NT_NAMES);
+        assertArrayEquals(vs, vvs);
+    }
+
+    @Test
     public void testUnsupportedRestrictions() throws Exception {
         Map<String, Value> restrictions = Collections.singletonMap("unknownRestriction",
getValueFactory().createValue("value"));
         try {

Modified: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/accesscontrol/ImmutableACLTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/accesscontrol/ImmutableACLTest.java?rev=1537553&r1=1537552&r2=1537553&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/accesscontrol/ImmutableACLTest.java
(original)
+++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/accesscontrol/ImmutableACLTest.java
Thu Oct 31 16:54:20 2013
@@ -86,6 +86,13 @@ public class ImmutableACLTest extends Ab
             // success
         }
 
+        try {
+            acl.addEntry(testPrincipal, testPrivileges, false, Collections.<String, Value>emptyMap(),
Collections.<String, Value[]>emptyMap());
+            fail(msg);
+        } catch (AccessControlException e) {
+            // success
+        }
+
         AccessControlEntry[] entries = acl.getAccessControlEntries();
         if (entries.length > 1) {
             try {

Modified: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/accesscontrol/TestACL.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/accesscontrol/TestACL.java?rev=1537553&r1=1537552&r2=1537553&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/accesscontrol/TestACL.java
(original)
+++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/accesscontrol/TestACL.java
Thu Oct 31 16:54:20 2013
@@ -21,8 +21,10 @@ import java.util.ArrayList;
 import java.util.List;
 import java.util.Map;
 import javax.annotation.Nonnull;
+import javax.jcr.RepositoryException;
 import javax.jcr.Value;
 import javax.jcr.security.AccessControlEntry;
+import javax.jcr.security.AccessControlException;
 import javax.jcr.security.Privilege;
 
 import com.google.common.collect.Lists;
@@ -67,6 +69,11 @@ public final class TestACL extends Abstr
     }
 
     @Override
+    public boolean addEntry(Principal principal, Privilege[] privileges, boolean isAllow,
Map<String, Value> restrictions, Map<String, Value[]> mvRestrictions) throws AccessControlException,
RepositoryException {
+        throw new UnsupportedOperationException();
+    }
+
+    @Override
     public void orderBefore(AccessControlEntry srcEntry, AccessControlEntry destEntry) {
         throw new UnsupportedOperationException();
     }

Modified: jackrabbit/oak/trunk/oak-parent/pom.xml
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-parent/pom.xml?rev=1537553&r1=1537552&r2=1537553&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-parent/pom.xml (original)
+++ jackrabbit/oak/trunk/oak-parent/pom.xml Thu Oct 31 16:54:20 2013
@@ -40,7 +40,7 @@
     <project.reporting.outputEncoding>
       ${project.build.sourceEncoding}
     </project.reporting.outputEncoding>
-    <jackrabbit.version>2.7.1</jackrabbit.version>
+    <jackrabbit.version>2.8-SNAPSHOT</jackrabbit.version>
     <mongo.host>127.0.0.1</mongo.host>
     <mongo.port>27017</mongo.port>
     <mongo.db>MongoMKDB</mongo.db>



Mime
View raw message