jackrabbit-oak-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ang...@apache.org
Subject svn commit: r1570201 - in /jackrabbit/oak/trunk/oak-core/src: main/java/org/apache/jackrabbit/oak/security/authorization/permission/ test/java/org/apache/jackrabbit/oak/security/authorization/permission/
Date Thu, 20 Feb 2014 14:17:33 GMT
Author: angela
Date: Thu Feb 20 14:17:33 2014
New Revision: 1570201

URL: http://svn.apache.org/r1570201
Log:
cleanup TODOs

Modified:
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/CompiledPermissionImpl.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/MoveAwarePermissionValidator.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionEntry.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionEntryCache.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionEntryProviderImpl.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionProviderImpl.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/ReadStatus.java
    jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionStoreTest.java

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/CompiledPermissionImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/CompiledPermissionImpl.java?rev=1570201&r1=1570200&r2=1570201&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/CompiledPermissionImpl.java
(original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/CompiledPermissionImpl.java
Thu Feb 20 14:17:33 2014
@@ -41,6 +41,7 @@ import org.apache.jackrabbit.oak.core.Im
 import org.apache.jackrabbit.oak.plugins.identifier.IdentifierManager;
 import org.apache.jackrabbit.oak.plugins.tree.ImmutableTree;
 import org.apache.jackrabbit.oak.plugins.version.VersionConstants;
+import org.apache.jackrabbit.oak.spi.security.ConfigurationParameters;
 import org.apache.jackrabbit.oak.spi.security.authorization.AuthorizationConfiguration;
 import org.apache.jackrabbit.oak.spi.security.authorization.permission.PermissionConstants;
 import org.apache.jackrabbit.oak.spi.security.authorization.permission.Permissions;
@@ -59,10 +60,6 @@ import static com.google.common.collect.
 import static org.apache.jackrabbit.oak.spi.security.authorization.permission.TreePermission.ALL;
 import static org.apache.jackrabbit.oak.spi.security.authorization.permission.TreePermission.EMPTY;
 
-/**
- * TODO: WIP
- * FIXME: decide on where to filter out hidden items (OAK-753)
- */
 final class CompiledPermissionImpl implements CompiledPermissions, PermissionConstants {
 
     private static final Logger log = LoggerFactory.getLogger(CompiledPermissionImpl.class);
@@ -111,8 +108,9 @@ final class CompiledPermissionImpl imple
             }
         }
 
-        userStore = new PermissionEntryProviderImpl(store, cache, userNames);
-        groupStore = new PermissionEntryProviderImpl(store, cache, groupNames);
+        ConfigurationParameters options = acConfig.getParameters();
+        userStore = new PermissionEntryProviderImpl(store, cache, userNames, options);
+        groupStore = new PermissionEntryProviderImpl(store, cache, groupNames, options);
 
         typeProvider = new TreeTypeProvider(acConfig.getContext());
     }
@@ -158,7 +156,6 @@ final class CompiledPermissionImpl imple
         int type = typeProvider.getType(tree, parentType);
         switch (type) {
             case TreeTypeProvider.TYPE_HIDDEN:
-                // TODO: OAK-753 decide on where to filter out hidden items.
                 return ALL;
             case TreeTypeProvider.TYPE_VERSION:
                 String ntName = TreeUtil.getPrimaryTypeName(tree);
@@ -173,10 +170,12 @@ final class CompiledPermissionImpl imple
                         log.warn("Cannot retrieve versionable node for " + tree.getPath());
                         return EMPTY;
                     } else {
-                        // TODO: may return wrong results in case of restrictions
-                        // TODO that would match the path of the versionable node
-                        // TODO (or item in the subtree) but that item no longer exists
-                        // TODO -> evaluation by path would be more accurate (-> see
#isGranted)
+                        /**
+                         * NOTE: may return wrong results in case of restrictions
+                         * that would match the path of the versionable node
+                         * (or item in the subtree) but that item no longer exists
+                         * -> evaluation by path might be more accurate (-> see #isGranted)
+                         */
                         while (!versionableTree.exists()) {
                             versionableTree = versionableTree.getParent();
                         }
@@ -212,7 +211,6 @@ final class CompiledPermissionImpl imple
         int type = typeProvider.getType(tree);
         switch (type) {
             case TreeTypeProvider.TYPE_HIDDEN:
-                // TODO: OAK-753 decide on where to filter out hidden items.
                 return true;
             case TreeTypeProvider.TYPE_VERSION:
                 Tree versionableTree = getVersionableTree(tree);
@@ -336,7 +334,6 @@ final class CompiledPermissionImpl imple
                 Tree versionableTree = getVersionableTree(tree);
                 if (versionableTree == null || !versionableTree.exists()) {
                     // unable to determine the location of the versionable item -> deny
access.
-                    // TODO : add proper handling for cases where the versionable node does
not exist (anymore)
                     return PrivilegeBits.EMPTY;
                 }  else {
                     return getPrivilegeBits(versionableTree);
@@ -513,13 +510,11 @@ final class CompiledPermissionImpl imple
 
         @Override
         public boolean canReadAll() {
-            // TODO: best effort approach to detect full read-access within a given tree.
             return readStatus != null && readStatus.allowsAll();
         }
 
         @Override
         public boolean canReadProperties() {
-                // TODO: best effort approach to detect full read-property permission
             return readStatus != null && readStatus.allowsProperties();
         }
 

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/MoveAwarePermissionValidator.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/MoveAwarePermissionValidator.java?rev=1570201&r1=1570200&r2=1570201&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/MoveAwarePermissionValidator.java
(original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/MoveAwarePermissionValidator.java
Thu Feb 20 14:17:33 2014
@@ -35,9 +35,6 @@ import org.apache.jackrabbit.oak.spi.sta
 
 import static org.apache.jackrabbit.oak.api.CommitFailedException.ACCESS;
 
-/**
- * MoveAwarePermissionValidator... TODO
- */
 public class MoveAwarePermissionValidator extends PermissionValidator {
 
     private final MoveContext moveCtx;
@@ -125,7 +122,6 @@ public class MoveAwarePermissionValidato
         }
 
         private boolean processAdd(ImmutableTree child, MoveAwarePermissionValidator validator)
throws CommitFailedException {
-            // FIXME: respect and properly handle move-operations in the subtree
             String sourcePath = moveTracker.getSourcePath(child.getPath());
             if (sourcePath != null) {
                 ImmutableTree source = rootBefore.getTree(sourcePath);
@@ -140,7 +136,6 @@ public class MoveAwarePermissionValidato
         }
 
         private boolean processDelete(ImmutableTree child, MoveAwarePermissionValidator validator)
throws CommitFailedException {
-            // FIXME: respect and properly handle move-operations in the subtree
             String destPath = moveTracker.getDestPath(child.getPath());
             if (destPath != null) {
                 ImmutableTree dest = rootAfter.getTree(destPath);

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionEntry.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionEntry.java?rev=1570201&r1=1570200&r2=1570201&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionEntry.java
(original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionEntry.java
Thu Feb 20 14:17:33 2014
@@ -35,9 +35,6 @@ import org.apache.jackrabbit.util.Text;
 
 import static org.apache.jackrabbit.JcrConstants.JCR_PRIMARYTYPE;
 
-/**
- * PermissionEntry... TODO
- */
 final class PermissionEntry implements Comparable<PermissionEntry>, PermissionConstants
{
 
     /**

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionEntryCache.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionEntryCache.java?rev=1570201&r1=1570200&r2=1570201&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionEntryCache.java
(original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionEntryCache.java
Thu Feb 20 14:17:33 2014
@@ -36,7 +36,7 @@ import org.apache.jackrabbit.oak.spi.sec
  * Every newly loaded principal permission set can be pushed down to the base
  * cache if it does not exist there yet, or if it's newer.
  *
- * Todo:
+ * TODO:
  * - currently only the entries of 'everyone' are globally cached. this should be improved
to dynamically cache those
  *   principals that are used often
  * - report cache usage metrics

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionEntryProviderImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionEntryProviderImpl.java?rev=1570201&r1=1570200&r2=1570201&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionEntryProviderImpl.java
(original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionEntryProviderImpl.java
Thu Feb 20 14:17:33 2014
@@ -30,14 +30,14 @@ import com.google.common.base.Strings;
 import com.google.common.collect.Iterators;
 import org.apache.jackrabbit.commons.iterator.AbstractLazyIterator;
 import org.apache.jackrabbit.oak.api.Tree;
+import org.apache.jackrabbit.oak.spi.security.ConfigurationParameters;
 import org.apache.jackrabbit.oak.spi.security.authorization.accesscontrol.AccessControlConstants;
 
-/**
- * {@code PermissionEntryProviderImpl} ...  TODO
- */
 class PermissionEntryProviderImpl implements PermissionEntryProvider {
 
-    private static final long MAX_SIZE = 250; // TODO define size or make configurable
+    public static final String EAGER_CACHE_SIZE_PARAM = "eagerCacheSize";
+
+    private static final long DEFAULT_SIZE = 250;
 
     private final Set<String> principalNames;
 
@@ -49,11 +49,14 @@ class PermissionEntryProviderImpl implem
 
     private final PermissionEntryCache.Local cache;
 
+    private final long maxSize;
+
     PermissionEntryProviderImpl(@Nonnull PermissionStore store, @Nonnull PermissionEntryCache.Local
cache,
-                                @Nonnull Set<String> principalNames) {
+                                @Nonnull Set<String> principalNames, @Nonnull ConfigurationParameters
options) {
         this.store = store;
         this.cache = cache;
         this.principalNames = Collections.unmodifiableSet(principalNames);
+        this.maxSize = options.getConfigValue(EAGER_CACHE_SIZE_PARAM, DEFAULT_SIZE);
         init();
     }
 
@@ -61,7 +64,7 @@ class PermissionEntryProviderImpl implem
         long cnt = 0;
         existingNames.clear();
         for (String name: principalNames) {
-            if (cnt > MAX_SIZE) {
+            if (cnt > maxSize) {
                 if (cache.hasEntries(store, name)) {
                     existingNames.add(name);
                 }
@@ -73,7 +76,7 @@ class PermissionEntryProviderImpl implem
                 }
             }
         }
-        if (cnt < MAX_SIZE) {
+        if (cnt < maxSize) {
             // cache all entries of all principals
             pathEntryMap = new HashMap<String, Collection<PermissionEntry>>();
             for (String name: principalNames) {

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionProviderImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionProviderImpl.java?rev=1570201&r1=1570200&r2=1570201&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionProviderImpl.java
(original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionProviderImpl.java
Thu Feb 20 14:17:33 2014
@@ -40,9 +40,6 @@ import org.apache.jackrabbit.oak.spi.sec
 import org.apache.jackrabbit.oak.spi.security.principal.SystemPrincipal;
 import org.apache.jackrabbit.oak.plugins.tree.TreeLocation;
 
-/**
- * PermissionProviderImpl... TODO
- */
 public class PermissionProviderImpl implements PermissionProvider, AccessControlConstants,
PermissionConstants {
 
     private final Root root;

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/ReadStatus.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/ReadStatus.java?rev=1570201&r1=1570200&r2=1570201&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/ReadStatus.java
(original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/ReadStatus.java
Thu Feb 20 14:17:33 2014
@@ -21,9 +21,6 @@ import org.apache.jackrabbit.oak.spi.sec
 import org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeBits;
 import org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeConstants;
 
-/**
- * ReadStatus... TODO
- */
 final class ReadStatus {
 
     private static final int THIS = 1;
@@ -80,6 +77,7 @@ final class ReadStatus {
     }
 
     boolean allowsAll() {
-        return false; // TODO: calculation of allows-all requires knowledge of permissions
defined in the subtree
+        // NOTE: calculation of allows-all requires knowledge of permissions defined in the
subtree
+        return false;
     }
 }
\ No newline at end of file

Modified: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionStoreTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionStoreTest.java?rev=1570201&r1=1570200&r2=1570201&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionStoreTest.java
(original)
+++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionStoreTest.java
Thu Feb 20 14:17:33 2014
@@ -40,9 +40,6 @@ import static org.junit.Assert.assertFal
 import static org.junit.Assert.assertSame;
 import static org.junit.Assert.assertTrue;
 
-/**
- * PermissionStoreTest... TODO
- */
 public class PermissionStoreTest extends AbstractSecurityTest {
 
     private AuthorizationConfiguration acConfig;



Mime
View raw message