jackrabbit-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ang...@apache.org
Subject svn commit: r1653976 - in /jackrabbit/trunk: jackrabbit-jcr-client/src/test/java/org/apache/jackrabbit/client/ jackrabbit-jcr2spi/src/main/java/org/apache/jackrabbit/jcr2spi/security/authorization/jackrabbit/acl/ jackrabbit-jcr2spi/src/test/java/org/ap...
Date Thu, 22 Jan 2015 17:57:19 GMT
Author: angela
Date: Thu Jan 22 17:57:18 2015
New Revision: 1653976

URL: http://svn.apache.org/r1653976
Log:
JCR-2113 : JSR 283 Access Control Management (improve privilege discovery as discussed during
f2f meeting with alfusainey and david, january 21)

Modified:
    jackrabbit/trunk/jackrabbit-jcr-client/src/test/java/org/apache/jackrabbit/client/RepositoryFactoryImplTest.java
    jackrabbit/trunk/jackrabbit-jcr2spi/src/main/java/org/apache/jackrabbit/jcr2spi/security/authorization/jackrabbit/acl/AccessControlProviderImpl.java
    jackrabbit/trunk/jackrabbit-jcr2spi/src/test/java/org/apache/jackrabbit/jcr2spi/AbstractJCR2SPITest.java
    jackrabbit/trunk/jackrabbit-spi-commons/src/main/java/org/apache/jackrabbit/spi/commons/logging/RepositoryServiceLogger.java
    jackrabbit/trunk/jackrabbit-spi/src/main/java/org/apache/jackrabbit/spi/RepositoryService.java
    jackrabbit/trunk/jackrabbit-spi2dav/src/main/java/org/apache/jackrabbit/spi2dav/RepositoryServiceImpl.java
    jackrabbit/trunk/jackrabbit-spi2jcr/src/main/java/org/apache/jackrabbit/spi2jcr/RepositoryServiceImpl.java
    jackrabbit/trunk/jackrabbit-webdav/src/main/java/org/apache/jackrabbit/webdav/security/CurrentUserPrivilegeSetProperty.java

Modified: jackrabbit/trunk/jackrabbit-jcr-client/src/test/java/org/apache/jackrabbit/client/RepositoryFactoryImplTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-jcr-client/src/test/java/org/apache/jackrabbit/client/RepositoryFactoryImplTest.java?rev=1653976&r1=1653975&r2=1653976&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-jcr-client/src/test/java/org/apache/jackrabbit/client/RepositoryFactoryImplTest.java
(original)
+++ jackrabbit/trunk/jackrabbit-jcr-client/src/test/java/org/apache/jackrabbit/client/RepositoryFactoryImplTest.java
Thu Jan 22 17:57:18 2015
@@ -302,8 +302,8 @@ public class RepositoryFactoryImplTest e
         }
 
         @Override
-        public PrivilegeDefinition[] getPrivileges(SessionInfo sessionInfo, NodeId id) throws
RepositoryException {
-            return new PrivilegeDefinition[0];
+        public Name[] getPrivilegeNames(SessionInfo sessionInfo, NodeId id) throws RepositoryException
{
+            return new Name[0];
         }
 
         @Override

Modified: jackrabbit/trunk/jackrabbit-jcr2spi/src/main/java/org/apache/jackrabbit/jcr2spi/security/authorization/jackrabbit/acl/AccessControlProviderImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-jcr2spi/src/main/java/org/apache/jackrabbit/jcr2spi/security/authorization/jackrabbit/acl/AccessControlProviderImpl.java?rev=1653976&r1=1653975&r2=1653976&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-jcr2spi/src/main/java/org/apache/jackrabbit/jcr2spi/security/authorization/jackrabbit/acl/AccessControlProviderImpl.java
(original)
+++ jackrabbit/trunk/jackrabbit-jcr2spi/src/main/java/org/apache/jackrabbit/jcr2spi/security/authorization/jackrabbit/acl/AccessControlProviderImpl.java
Thu Jan 22 17:57:18 2015
@@ -32,6 +32,7 @@ import org.apache.jackrabbit.jcr2spi.nod
 import org.apache.jackrabbit.jcr2spi.security.authorization.AccessControlProvider;
 import org.apache.jackrabbit.jcr2spi.security.authorization.PrivilegeImpl;
 import org.apache.jackrabbit.jcr2spi.state.UpdatableItemStateManager;
+import org.apache.jackrabbit.spi.Name;
 import org.apache.jackrabbit.spi.NodeId;
 import org.apache.jackrabbit.spi.PrivilegeDefinition;
 import org.apache.jackrabbit.spi.RepositoryService;
@@ -42,7 +43,7 @@ public class AccessControlProviderImpl i
 
     private RepositoryService service;
 
-    private Map<String, Privilege> privileges = new HashMap<String, Privilege>();
+    private Map<Name, Privilege> privileges = new HashMap<Name, Privilege>();
 
     @Override
     public void init(RepositoryConfig config, RepositoryService service) {
@@ -51,17 +52,13 @@ public class AccessControlProviderImpl i
 
     @Override
     public Privilege privilegeFromName(SessionInfo sessionInfo, NamePathResolver resolver,
String privilegeName) throws RepositoryException {
-        Privilege priv = privileges.get(privilegeName);
-
+        Name name = resolver.getQName(privilegeName);
+        Privilege priv = getPrivilegeFromName(sessionInfo, resolver, name);
         if (priv == null) {
-            readPrivilegesFromService(sessionInfo, resolver);
-            if (privileges.containsKey(privilegeName)) {
-                priv = privileges.get(privilegeName);
-            } else {
-                throw new AccessControlException("Unknown privilege " + privilegeName);
-            }
+            throw new AccessControlException("Unknown privilege " + privilegeName);
+        } else {
+            return priv;
         }
-        return priv;
     }
 
     @Override
@@ -77,13 +74,15 @@ public class AccessControlProviderImpl i
 
     @Override
     public Set<Privilege> getPrivileges(SessionInfo sessionInfo, NodeId id, NamePathResolver
npResolver) throws RepositoryException {
-        PrivilegeDefinition[] defs = service.getPrivileges(sessionInfo, id);
-        Set<Privilege> privileges = new HashSet<Privilege>(defs.length);
-        for (PrivilegeDefinition def : defs) {
-            Privilege p = new PrivilegeImpl(def, defs, npResolver);
-            privileges.add(p);
+        Name[] privNames = service.getPrivilegeNames(sessionInfo, id);
+        Set<Privilege> pvs = new HashSet<Privilege>(privNames.length);
+        for (Name name : privNames) {
+            Privilege priv = getPrivilegeFromName(sessionInfo, npResolver, name);
+            if (priv != null) {
+                pvs.add(priv);
+            }
         }
-        return privileges;        
+        return pvs;
     }
 
     @Override
@@ -97,10 +96,22 @@ public class AccessControlProviderImpl i
     }
 
     //--------------------------------------------------------------------------
+
     private void readPrivilegesFromService(SessionInfo sessionInfo, NamePathResolver resolver)
throws RepositoryException {
         PrivilegeDefinition[] defs = service.getPrivilegeDefinitions(sessionInfo);
         for (PrivilegeDefinition d : defs) {
-            privileges.put(resolver.getJCRName(d.getName()), new PrivilegeImpl(d, defs, resolver));
+            privileges.put(d.getName(), new PrivilegeImpl(d, defs, resolver));
         }
     }
+
+    private Privilege getPrivilegeFromName(SessionInfo sessionInfo, NamePathResolver resolver,
Name privilegeName) throws RepositoryException {
+        Privilege priv = privileges.get(privilegeName);
+        if (priv == null) {
+            readPrivilegesFromService(sessionInfo, resolver);
+            if (privileges.containsKey(privilegeName)) {
+                priv = privileges.get(privilegeName);
+            }
+        }
+        return priv;
+    }
 }

Modified: jackrabbit/trunk/jackrabbit-jcr2spi/src/test/java/org/apache/jackrabbit/jcr2spi/AbstractJCR2SPITest.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-jcr2spi/src/test/java/org/apache/jackrabbit/jcr2spi/AbstractJCR2SPITest.java?rev=1653976&r1=1653975&r2=1653976&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-jcr2spi/src/test/java/org/apache/jackrabbit/jcr2spi/AbstractJCR2SPITest.java
(original)
+++ jackrabbit/trunk/jackrabbit-jcr2spi/src/test/java/org/apache/jackrabbit/jcr2spi/AbstractJCR2SPITest.java
Thu Jan 22 17:57:18 2015
@@ -179,8 +179,8 @@ public abstract class AbstractJCR2SPITes
             }
 
             @Override
-            public PrivilegeDefinition[] getPrivileges(SessionInfo sessionInfo, NodeId nodeId)
throws RepositoryException {
-                return AbstractJCR2SPITest.this.getPrivileges(sessionInfo, nodeId);
+            public Name[] getPrivilegeNames(SessionInfo sessionInfo, NodeId nodeId) throws
RepositoryException {
+                return AbstractJCR2SPITest.this.getPrivilegeNames(sessionInfo, nodeId);
             }
             
             @Override
@@ -291,9 +291,9 @@ public abstract class AbstractJCR2SPITes
         return repositoryService.getSupportedPrivileges(sessionInfo, nodeId);
     }
     
-    public PrivilegeDefinition[] getPrivileges(
+    public Name[] getPrivilegeNames(
             SessionInfo sessionInfo, NodeId nodeId) throws RepositoryException {
-        return repositoryService.getPrivileges(sessionInfo, nodeId);
+        return repositoryService.getPrivilegeNames(sessionInfo, nodeId);
     }
     //-----------------------------------< SessionInfo creation and release >---
 

Modified: jackrabbit/trunk/jackrabbit-spi-commons/src/main/java/org/apache/jackrabbit/spi/commons/logging/RepositoryServiceLogger.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-spi-commons/src/main/java/org/apache/jackrabbit/spi/commons/logging/RepositoryServiceLogger.java?rev=1653976&r1=1653975&r2=1653976&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-spi-commons/src/main/java/org/apache/jackrabbit/spi/commons/logging/RepositoryServiceLogger.java
(original)
+++ jackrabbit/trunk/jackrabbit-spi-commons/src/main/java/org/apache/jackrabbit/spi/commons/logging/RepositoryServiceLogger.java
Thu Jan 22 17:57:18 2015
@@ -202,10 +202,10 @@ public class RepositoryServiceLogger ext
         }, "getSupportedPrivileges(SessionInfo, NodeId)", new Object[]{unwrap(sessionInfo),
nodeId});
     }
 
-    public PrivilegeDefinition[] getPrivileges(final SessionInfo sessionInfo, final NodeId
nodeId) throws RepositoryException {
-        return (PrivilegeDefinition[]) execute(new Callable() {
+    public Name[] getPrivilegeNames(final SessionInfo sessionInfo, final NodeId nodeId) throws
RepositoryException {
+        return (Name[]) execute(new Callable() {
             public Object call() throws RepositoryException {
-                return service.getPrivileges(unwrap(sessionInfo), nodeId);
+                return service.getPrivilegeNames(unwrap(sessionInfo), nodeId);
             }
         }, "getPrivileges(SessionInfo, NodeId)", new Object[]{unwrap(sessionInfo), nodeId});
     }

Modified: jackrabbit/trunk/jackrabbit-spi/src/main/java/org/apache/jackrabbit/spi/RepositoryService.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-spi/src/main/java/org/apache/jackrabbit/spi/RepositoryService.java?rev=1653976&r1=1653975&r2=1653976&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-spi/src/main/java/org/apache/jackrabbit/spi/RepositoryService.java
(original)
+++ jackrabbit/trunk/jackrabbit-spi/src/main/java/org/apache/jackrabbit/spi/RepositoryService.java
Thu Jan 22 17:57:18 2015
@@ -231,12 +231,13 @@ public interface RepositoryService {
     /**
      * TODO
      * 
+     *
      * @param sessionInfo
      * @param id
      * @return
      * @throws RepositoryException
      */
-    public PrivilegeDefinition[] getPrivileges(SessionInfo sessionInfo, NodeId id) throws
RepositoryException;
+    public Name[] getPrivilegeNames(SessionInfo sessionInfo, NodeId id) throws RepositoryException;
     
     /**
      * TODO

Modified: jackrabbit/trunk/jackrabbit-spi2dav/src/main/java/org/apache/jackrabbit/spi2dav/RepositoryServiceImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-spi2dav/src/main/java/org/apache/jackrabbit/spi2dav/RepositoryServiceImpl.java?rev=1653976&r1=1653975&r2=1653976&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-spi2dav/src/main/java/org/apache/jackrabbit/spi2dav/RepositoryServiceImpl.java
(original)
+++ jackrabbit/trunk/jackrabbit-spi2dav/src/main/java/org/apache/jackrabbit/spi2dav/RepositoryServiceImpl.java
Thu Jan 22 17:57:18 2015
@@ -926,18 +926,42 @@ public class RepositoryServiceImpl imple
     }
 
     @Override
-    public PrivilegeDefinition[] getPrivileges(SessionInfo sessionInfo, NodeId nodeId) throws
RepositoryException {
+    public Name[] getPrivilegeNames(SessionInfo sessionInfo, NodeId nodeId) throws RepositoryException
{
         String uri = (nodeId == null) ? uriResolver.getWorkspaceUri(sessionInfo.getWorkspaceName())
: getItemUri(nodeId, sessionInfo);
-        return internalGetUserPrivilegeDefinitions(sessionInfo, uri);
-    }
-    
-    private PrivilegeDefinition[] internalGetUserPrivilegeDefinitions(SessionInfo sessionInfo,
String uri) throws RepositoryException {
         DavPropertyNameSet nameSet = new DavPropertyNameSet();
         nameSet.add(SecurityConstants.CURRENT_USER_PRIVILEGE_SET);
+
         DavMethodBase method = null;
-        
-        // TODO
-        return new PrivilegeDefinition[0];
+        try {
+            method = new PropFindMethod(uri, nameSet, DEPTH_0);
+            getClient(sessionInfo).executeMethod(method);
+
+            MultiStatusResponse[] responses = method.getResponseBodyAsMultiStatus().getResponses();
+            if (responses.length < 1) {
+                throw new PathNotFoundException("Unable to retrieve privileges definitions.");
+            }
+
+            DavPropertyName displayName = SecurityConstants.SUPPORTED_PRIVILEGE_SET;
+            DavProperty<?> p = responses[0].getProperties(DavServletResponse.SC_OK).get(displayName);
+            if (p == null) {
+                return new Name[0];
+            } else {
+                Collection<Privilege> privs = new CurrentUserPrivilegeSetProperty(p).getValue();
+                Set<Name> privNames = new HashSet<Name>(privs.size());
+                for (Privilege priv : privs) {
+                    privNames.add(nameFactory.create(priv.getNamespace().getURI(), priv.getName()));
+                }
+                return privNames.toArray(new Name[privNames.size()]);
+            }
+        } catch (IOException e) {
+            throw new RepositoryException(e);
+        } catch (DavException e) {
+            throw ExceptionConverter.generate(e);
+        } finally {
+            if (method != null) {
+                method.releaseConnection();
+            }
+        }
     }
     
     private PrivilegeDefinition[] internalGetPrivilegeDefinitions(SessionInfo sessionInfo,
String uri) throws RepositoryException {

Modified: jackrabbit/trunk/jackrabbit-spi2jcr/src/main/java/org/apache/jackrabbit/spi2jcr/RepositoryServiceImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-spi2jcr/src/main/java/org/apache/jackrabbit/spi2jcr/RepositoryServiceImpl.java?rev=1653976&r1=1653975&r2=1653976&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-spi2jcr/src/main/java/org/apache/jackrabbit/spi2jcr/RepositoryServiceImpl.java
(original)
+++ jackrabbit/trunk/jackrabbit-spi2jcr/src/main/java/org/apache/jackrabbit/spi2jcr/RepositoryServiceImpl.java
Thu Jan 22 17:57:18 2015
@@ -375,26 +375,17 @@ public class RepositoryServiceImpl imple
     }
 
     @Override
-    public PrivilegeDefinition[] getPrivileges(SessionInfo sessionInfo, NodeId nodeId) throws
RepositoryException {
+    public Name[] getPrivilegeNames(SessionInfo sessionInfo, NodeId nodeId) throws RepositoryException
{
         SessionInfoImpl sInfo = getSessionInfoImpl(sessionInfo);
         String path = (nodeId == null) ? null : pathForId(nodeId, sInfo);
         NamePathResolver npResolver = sInfo.getNamePathResolver();
         
         Privilege[] privs = sInfo.getSession().getAccessControlManager().getPrivileges(path);
-        List<PrivilegeDefinition> pDefs = new ArrayList<PrivilegeDefinition>(privs.length);
+        List<Name> names = new ArrayList<Name>(privs.length);
         for (Privilege priv : privs) {
-            Name privName = npResolver.getQName(priv.getName());
-            Set<Name> aggrNames = null;
-            if (priv.isAggregate()) {
-                aggrNames = new HashSet<Name>();
-                for (Privilege dap : priv.getDeclaredAggregatePrivileges()) {
-                    aggrNames.add(npResolver.getQName(dap.getName()));
-                }
-            }
-            PrivilegeDefinition def = new PrivilegeDefinitionImpl(privName, priv.isAbstract(),
aggrNames);
-            pDefs.add(def);
+            names.add(npResolver.getQName(priv.getName()));
         }
-        return pDefs.toArray(new PrivilegeDefinition[pDefs.size()]);
+        return names.toArray(new Name[names.size()]);
     }
     
     public PrivilegeDefinition[] getSupportedPrivileges(SessionInfo sessionInfo, NodeId nodeId)
throws RepositoryException {

Modified: jackrabbit/trunk/jackrabbit-webdav/src/main/java/org/apache/jackrabbit/webdav/security/CurrentUserPrivilegeSetProperty.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-webdav/src/main/java/org/apache/jackrabbit/webdav/security/CurrentUserPrivilegeSetProperty.java?rev=1653976&r1=1653975&r2=1653976&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-webdav/src/main/java/org/apache/jackrabbit/webdav/security/CurrentUserPrivilegeSetProperty.java
(original)
+++ jackrabbit/trunk/jackrabbit-webdav/src/main/java/org/apache/jackrabbit/webdav/security/CurrentUserPrivilegeSetProperty.java
Thu Jan 22 17:57:18 2015
@@ -29,8 +29,6 @@ import java.util.Set;
 
 /**
  * <code>CurrentUserPrivilegeSetProperty</code>...
- *
- * TODO: should respect aggregation of privileges.....
  */
 public class CurrentUserPrivilegeSetProperty extends AbstractDavProperty<Collection<Privilege>>
{
 



Mime
View raw message