jackrabbit-oak-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ju...@apache.org
Subject svn commit: r1558161 - in /jackrabbit/oak/trunk: oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/ oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/privilege/ oak-upgrade/src/main/java/org/apache/jackrabbit/oak/upgrade/ ...
Date Tue, 14 Jan 2014 18:51:27 GMT
Author: jukka
Date: Tue Jan 14 18:51:27 2014
New Revision: 1558161

URL: http://svn.apache.org/r1558161
Log:
OAK-519: Migration of custom jr2.x privileges into OAK

Merge PrivilegeMigrator into RepositoryUpgrade

Removed:
    jackrabbit/oak/trunk/oak-upgrade/src/main/java/org/apache/jackrabbit/oak/upgrade/security/PrivilegeMigrator.java
Modified:
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeDefinitionWriter.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/privilege/PrivilegeBits.java
    jackrabbit/oak/trunk/oak-upgrade/src/main/java/org/apache/jackrabbit/oak/upgrade/RepositoryUpgrade.java
    jackrabbit/oak/trunk/oak-upgrade/src/test/java/org/apache/jackrabbit/oak/upgrade/RepositoryUpgradeTest.java

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeDefinitionWriter.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeDefinitionWriter.java?rev=1558161&r1=1558160&r2=1558161&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeDefinitionWriter.java
(original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeDefinitionWriter.java
Tue Jan 14 18:51:27 2014
@@ -42,7 +42,7 @@ import org.apache.jackrabbit.oak.util.No
  * PrivilegeDefinitionWriter is responsible for writing privilege definitions
  * to the repository without applying any validation checks.
  */
-public class PrivilegeDefinitionWriter implements PrivilegeConstants {
+class PrivilegeDefinitionWriter implements PrivilegeConstants {
 
     /**
      * The internal names of all built-in privileges that are not aggregates.
@@ -71,14 +71,14 @@ public class PrivilegeDefinitionWriter i
 
     private PrivilegeBits next;
 
-    public PrivilegeDefinitionWriter(Root root) {
+    PrivilegeDefinitionWriter(Root root) {
         this.root = root;
         this.bitsMgr = new PrivilegeBitsProvider(root);
         Tree privilegesTree = bitsMgr.getPrivilegesTree();
         if (privilegesTree.exists() && privilegesTree.hasProperty(REP_NEXT)) {
             next = PrivilegeBits.getInstance(privilegesTree);
         } else {
-            next = PrivilegeBits.BUILT_IN.get(REP_USER_MANAGEMENT).nextBits();
+            next = PrivilegeBits.NEXT_AFTER_BUILT_INS;
         }
     }
 
@@ -88,7 +88,7 @@ public class PrivilegeDefinitionWriter i
      * @param definition The new privilege definition.
      * @throws RepositoryException If the definition can't be written.
      */
-    public void writeDefinition(PrivilegeDefinition definition) throws RepositoryException
{
+    void writeDefinition(PrivilegeDefinition definition) throws RepositoryException {
         writeDefinitions(Collections.singleton(definition));
     }
 

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/privilege/PrivilegeBits.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/privilege/PrivilegeBits.java?rev=1558161&r1=1558160&r2=1558161&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/privilege/PrivilegeBits.java
(original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/privilege/PrivilegeBits.java
Tue Jan 14 18:51:27 2014
@@ -94,6 +94,9 @@ public final class PrivilegeBits impleme
         BUILT_IN.put(REP_WRITE, PrivilegeBits.getInstance(WRITE2));
     }
 
+    public static PrivilegeBits NEXT_AFTER_BUILT_INS =
+            getInstance(USER_MNGMT).nextBits();
+
     private final Data d;
 
     /**

Modified: jackrabbit/oak/trunk/oak-upgrade/src/main/java/org/apache/jackrabbit/oak/upgrade/RepositoryUpgrade.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-upgrade/src/main/java/org/apache/jackrabbit/oak/upgrade/RepositoryUpgrade.java?rev=1558161&r1=1558160&r2=1558161&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-upgrade/src/main/java/org/apache/jackrabbit/oak/upgrade/RepositoryUpgrade.java
(original)
+++ jackrabbit/oak/trunk/oak-upgrade/src/main/java/org/apache/jackrabbit/oak/upgrade/RepositoryUpgrade.java
Tue Jan 14 18:51:27 2014
@@ -27,6 +27,7 @@ import java.util.Set;
 import javax.jcr.NamespaceException;
 import javax.jcr.NamespaceRegistry;
 import javax.jcr.RepositoryException;
+import javax.jcr.security.Privilege;
 import javax.jcr.version.OnParentVersionAction;
 
 import org.apache.jackrabbit.core.NamespaceRegistryImpl;
@@ -36,6 +37,7 @@ import org.apache.jackrabbit.core.fs.Fil
 import org.apache.jackrabbit.core.fs.FileSystemException;
 import org.apache.jackrabbit.core.nodetype.NodeTypeRegistry;
 import org.apache.jackrabbit.core.persistence.PersistenceManager;
+import org.apache.jackrabbit.core.security.authorization.PrivilegeRegistry;
 import org.apache.jackrabbit.oak.api.PropertyState;
 import org.apache.jackrabbit.oak.api.Type;
 import org.apache.jackrabbit.oak.plugins.index.CompositeIndexEditorProvider;
@@ -50,6 +52,7 @@ import org.apache.jackrabbit.oak.spi.com
 import org.apache.jackrabbit.oak.spi.commit.CompositeEditorProvider;
 import org.apache.jackrabbit.oak.spi.commit.CompositeHook;
 import org.apache.jackrabbit.oak.spi.commit.EditorHook;
+import org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeBits;
 import org.apache.jackrabbit.oak.spi.state.ChildNodeEntry;
 import org.apache.jackrabbit.oak.spi.state.NodeBuilder;
 import org.apache.jackrabbit.oak.spi.state.NodeState;
@@ -107,6 +110,13 @@ import static org.apache.jackrabbit.oak.
 import static org.apache.jackrabbit.oak.plugins.nodetype.NodeTypeConstants.JCR_IS_QUERYABLE;
 import static org.apache.jackrabbit.oak.plugins.nodetype.NodeTypeConstants.JCR_IS_QUERY_ORDERABLE;
 import static org.apache.jackrabbit.oak.plugins.nodetype.NodeTypeConstants.JCR_NODE_TYPES;
+import static org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeConstants.NT_REP_PRIVILEGE;
+import static org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeConstants.NT_REP_PRIVILEGES;
+import static org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeConstants.REP_AGGREGATES;
+import static org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeConstants.REP_BITS;
+import static org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeConstants.REP_IS_ABSTRACT;
+import static org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeConstants.REP_NEXT;
+import static org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeConstants.REP_PRIVILEGES;
 import static org.apache.jackrabbit.spi.commons.name.NameConstants.ANY_NAME;
 
 public class RepositoryUpgrade {
@@ -379,8 +389,66 @@ public class RepositoryUpgrade {
         return properties;
     }
 
+    @SuppressWarnings("deprecation")
     private void copyPrivileges(NodeBuilder root) throws RepositoryException {
-        // TODO
+        PrivilegeRegistry registry = source.getPrivilegeRegistry();
+        NodeBuilder privileges = root.child(JCR_SYSTEM).child(REP_PRIVILEGES);
+        privileges.setProperty(JCR_PRIMARYTYPE, NT_REP_PRIVILEGES, NAME);
+
+        PrivilegeBits next = PrivilegeBits.NEXT_AFTER_BUILT_INS;
+
+        logger.info("Copying registered privileges");
+        for (Privilege privilege : registry.getRegisteredPrivileges()) {
+            String name = privilege.getName();
+            NodeBuilder def = privileges.child(name);
+            def.setProperty(JCR_PRIMARYTYPE, NT_REP_PRIVILEGE, NAME);
+
+            if (privilege.isAbstract()) {
+                def.setProperty(REP_IS_ABSTRACT, true);
+            }
+
+            Privilege[] aggregate = privilege.getDeclaredAggregatePrivileges();
+            if (aggregate.length > 0) {
+                List<String> names = newArrayListWithCapacity(aggregate.length);
+                for (Privilege p : aggregate) {
+                    names.add(p.getName());
+                }
+                def.setProperty(REP_AGGREGATES, names, NAMES);
+            }
+
+            PrivilegeBits bits = PrivilegeBits.BUILT_IN.get(name);
+            if (bits != null) {
+                def.setProperty(bits.asPropertyState(REP_BITS));
+            } else if (aggregate.length == 0) {
+                bits = next;
+                next = next.nextBits();
+                def.setProperty(bits.asPropertyState(REP_BITS));
+            }
+        }
+
+        privileges.setProperty(next.asPropertyState(REP_NEXT));
+
+        // resolve privilege bits also for all aggregates
+        for (String name : privileges.getChildNodeNames()) {
+            resolvePrivilegeBits(privileges, name);
+        }
+    }
+
+    private PrivilegeBits resolvePrivilegeBits(
+            NodeBuilder privileges, String name) {
+        NodeBuilder def = privileges.getChildNode(name);
+
+        PropertyState b = def.getProperty(REP_BITS);
+        if (b != null) {
+            return PrivilegeBits.getInstance(b);
+        }
+
+        PrivilegeBits bits = PrivilegeBits.getInstance();
+        for (String n : def.getNames(REP_AGGREGATES)) {
+            bits.add(resolvePrivilegeBits(privileges, n));
+        }
+        def.setProperty(bits.asPropertyState(REP_BITS));
+        return bits;
     }
 
     private void copyNodeTypes(NodeBuilder root) throws RepositoryException {

Modified: jackrabbit/oak/trunk/oak-upgrade/src/test/java/org/apache/jackrabbit/oak/upgrade/RepositoryUpgradeTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-upgrade/src/test/java/org/apache/jackrabbit/oak/upgrade/RepositoryUpgradeTest.java?rev=1558161&r1=1558160&r2=1558161&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-upgrade/src/test/java/org/apache/jackrabbit/oak/upgrade/RepositoryUpgradeTest.java
(original)
+++ jackrabbit/oak/trunk/oak-upgrade/src/test/java/org/apache/jackrabbit/oak/upgrade/RepositoryUpgradeTest.java
Tue Jan 14 18:51:27 2014
@@ -35,13 +35,18 @@ import javax.jcr.Value;
 import javax.jcr.nodetype.NodeType;
 import javax.jcr.nodetype.NodeTypeManager;
 import javax.jcr.nodetype.NodeTypeTemplate;
+import javax.jcr.security.Privilege;
 
+import org.apache.jackrabbit.api.JackrabbitSession;
+import org.apache.jackrabbit.api.JackrabbitWorkspace;
+import org.apache.jackrabbit.api.security.authorization.PrivilegeManager;
 import org.apache.jackrabbit.oak.plugins.index.IndexConstants;
 import org.apache.jackrabbit.oak.spi.security.user.UserConstants;
 import org.junit.Test;
 
 import static junit.framework.Assert.assertEquals;
 import static junit.framework.Assert.assertFalse;
+import static junit.framework.Assert.assertNotNull;
 import static junit.framework.Assert.assertTrue;
 
 public class RepositoryUpgradeTest extends AbstractRepositoryUpgradeTest {
@@ -60,17 +65,23 @@ public class RepositoryUpgradeTest exten
     protected void createSourceContent(Repository repository) throws Exception {
         Session session = repository.login(CREDENTIALS);
         try {
-            NamespaceRegistry registry =
-                session.getWorkspace().getNamespaceRegistry();
+            JackrabbitWorkspace workspace =
+                    (JackrabbitWorkspace) session.getWorkspace();
+
+            NamespaceRegistry registry = workspace.getNamespaceRegistry();
             registry.registerNamespace("test", "http://www.example.org/");
 
-            NodeTypeManager manager =
-                session.getWorkspace().getNodeTypeManager();
-            NodeTypeTemplate template = manager.createNodeTypeTemplate();
+            PrivilegeManager privilegeManager = workspace.getPrivilegeManager();
+            privilegeManager.registerPrivilege("test:privilege", false, null);
+            privilegeManager.registerPrivilege(
+                    "test:aggregate", false, new String[] { "jcr:read", "test:privilege"
});
+
+            NodeTypeManager nodeTypeManager = workspace.getNodeTypeManager();
+            NodeTypeTemplate template = nodeTypeManager.createNodeTypeTemplate();
             template.setName("test:unstructured");
             template.setDeclaredSuperTypeNames(
                     new String[] { "nt:unstructured" });
-            manager.registerNodeType(template, false);
+            nodeTypeManager.registerNodeType(template, false);
 
             Node root = session.getRootNode();
 
@@ -136,6 +147,30 @@ public class RepositoryUpgradeTest exten
     }
 
     @Test
+    public void verifyCustomPrivileges() throws Exception {
+        JackrabbitSession session = createAdminSession();
+        try {
+            JackrabbitWorkspace workspace =
+                    (JackrabbitWorkspace) session.getWorkspace();
+            PrivilegeManager manager = workspace.getPrivilegeManager();
+
+            Privilege privilege = manager.getPrivilege("test:privilege");
+            assertNotNull(privilege);
+            assertFalse(privilege.isAbstract());
+            assertFalse(privilege.isAggregate());
+            assertEquals(0, privilege.getDeclaredAggregatePrivileges().length);
+
+            Privilege aggregate = manager.getPrivilege("test:aggregate");
+            assertNotNull(aggregate);
+            assertFalse(aggregate.isAbstract());
+            assertTrue(aggregate.isAggregate());
+            assertEquals(2, aggregate.getDeclaredAggregatePrivileges().length);
+        } finally {
+            session.logout();
+        }
+    }
+
+    @Test
     public void verifyCustomNodeTypes() throws Exception {
         Session session = createAdminSession();
         try {



Mime
View raw message