jackrabbit-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ang...@apache.org
Subject svn commit: r1693235 - in /jackrabbit/trunk: jackrabbit-api/src/main/java/org/apache/jackrabbit/api/ jackrabbit-core/src/main/java/org/apache/jackrabbit/core/ jackrabbit-core/src/test/java/org/apache/jackrabbit/core/integration/ jackrabbit-core/src/tes...
Date Wed, 29 Jul 2015 10:20:35 GMT
Author: angela
Date: Wed Jul 29 10:20:34 2015
New Revision: 1693235

URL: http://svn.apache.org/r1693235
Log:
JCR-3885 : Extend set of Actions in JackrabbitSession to reflect other operations than regular
read/write

Modified:
    jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/JackrabbitSession.java
    jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/SessionImpl.java
    jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/integration/SessionImplTest.java
    jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/UserImporterTest.java

Modified: jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/JackrabbitSession.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/JackrabbitSession.java?rev=1693235&r1=1693234&r2=1693235&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/JackrabbitSession.java
(original)
+++ jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/JackrabbitSession.java
Wed Jul 29 10:20:34 2015
@@ -19,17 +19,176 @@ package org.apache.jackrabbit.api;
 import org.apache.jackrabbit.api.security.user.UserManager;
 import org.apache.jackrabbit.api.security.principal.PrincipalManager;
 
+import javax.annotation.Nonnull;
 import javax.jcr.Session;
 import javax.jcr.AccessDeniedException;
 import javax.jcr.RepositoryException;
 import javax.jcr.UnsupportedRepositoryOperationException;
 
 /**
- * <code>JackrabbitSession</code>...
+ * Jackrabbit specific extension of the JCR {@link javax.jcr.Session} interface.
  */
 public interface JackrabbitSession extends Session {
 
     /**
+     * A constant representing the {@code add_property} action string, used to
+     * determine if this {@code Session} has permission to add a new property.
+     *
+     * @see #hasPermission(String, String...)
+     */
+    String ACTION_ADD_PROPERTY = "add_property";
+
+    /**
+     * A constant representing the {@code modify_property} action string, used to
+     * determine if this {@code Session} has permission to modify a property.
+     *
+     * @see #hasPermission(String, String...)
+     */
+    String ACTION_MODIFY_PROPERTY = "modify_property";
+
+    /**
+     * A constant representing the {@code remove_property} action string, used to
+     * determine if this {@code Session} has permission to remove a property.
+     *
+     * @see #hasPermission(String, String...)
+     */
+    String ACTION_REMOVE_PROPERTY = "remove_property";
+
+    /**
+     * A constant representing the {@code remove_node} action string, used to
+     * determine if this {@code Session} has permission to remove a node.
+     *
+     * @see #hasPermission(String, String...)
+     */
+    String ACTION_REMOVE_NODE = "remove_node";
+
+    /**
+     * A constant representing the {@code node_type_management} action string,
+     * used to determine if this {@code Session} has permission to write
+     * node type information of a node.
+     *
+     * @see #hasPermission(String, String...)
+     */
+    String ACTION_NODE_TYPE_MANAGEMENT = "node_type_management";
+
+    /**
+     * A constant representing the {@code versioning} action string,
+     * used to determine if this {@code Session} has permission to perform
+     * version operations on a node.
+     *
+     * @see #hasPermission(String, String...)
+     */
+    String ACTION_VERSIONING = "versioning";
+
+    /**
+     * A constant representing the {@code locking} action string,
+     * used to determine if this {@code Session} has permission to lock or
+     * unlock a node.
+     *
+     * @see #hasPermission(String, String...)
+     */
+    String ACTION_LOCKING = "locking";
+
+    /**
+     * A constant representing the {@code read_access_control} action string,
+     * used to determine if this {@code Session} has permission to read
+     * access control content at the given path.
+     *
+     * @see #hasPermission(String, String...)
+     */
+    String ACTION_READ_ACCESS_CONTROL = "read_access_control";
+
+    /**
+     * A constant representing the {@code modify_access_control} action string,
+     * used to determine if this {@code Session} has permission to modify
+     * access control content at the given path.
+     *
+     * @see #hasPermission(String, String...)
+     */
+    String ACTION_MODIFY_ACCESS_CONTROL = "modify_access_control";
+
+    /**
+     * A constant representing the {@code user_management} action string,
+     * used to determine if this {@code Session} has permission to perform
+     * user management operations at the given path.
+     *
+     * @see #hasPermission(String, String...)
+     */
+    String ACTION_USER_MANAGEMENT = "user_management";
+
+    /**
+     * Returns {@code true} if this {@code Session} has permission to
+     * perform the specified actions at the specified {@code absPath} and
+     * {@code false} otherwise.
+     * <p>
+     * The {@code actions} parameter is a list of action strings. Apart
+     * from the actions defined on {@link Session}, this variant also allows
+     * to specify the following additional actions to provide better permission
+     * discovery:
+     * <ul>
+     * <li> {@link
+     * #ACTION_ADD_PROPERTY {@code add_property}: If {@code hasPermission(path,
+     * "add_property")} returns {@code true}, then this {@code Session} has
+     * permission to add a new property at {@code path}.</li>
+     * <li> {@link #ACTION_MODIFY_PROPERTY {@code modify_property}}: If
+     * {@code hasPermission(path, "modify_property")} returns
+     * {@code true}, then this {@code Session} has permission to change
+     * a property at {@code path}. </li>
+     * <li> {@link
+     * #ACTION_REMOVE_PROPERTY {@code remove_property}}: If {@code hasPermission(path,
+     * "remove_property")} returns {@code true}, then this {@code Session} has
+     * permission to remove a property at {@code path}. </li>
+     * <li> {@link #ACTION_REMOVE_NODE {@code remove_node}}: If
+     * {@code hasPermission(path, "remove_node")} returns {@code true}, then
+     * this {@code Session} has permission to remove a node at {@code path}. </li>
+     * <li> {@link #ACTION_NODE_TYPE_MANAGEMENT {@code node_type_management}}: If
+     * {@code hasPermission(path, "node_type_management")} returns {@code true}, then
+     * this {@code Session} has permission to explicitly set or change the node type
+     * information associated with a node at {@code path}. </li>
+     * <li> {@link #ACTION_VERSIONING {@code versioning}}: If
+     * {@code hasPermission(path, "versioning")} returns {@code true}, then
+     * this {@code Session} has permission to perform version related operations
+     * on a node at {@code path}. </li>
+     * <li> {@link #ACTION_LOCKING {@code locking}}: If
+     * {@code hasPermission(path, "locking")} returns {@code true}, then
+     * this {@code Session} has permission to lock and unlock a node at {@code path}. </li>
+     * <li> {@link #ACTION_READ_ACCESS_CONTROL {@code read_access_control}}: If
+     * {@code hasPermission(path, "read_access_control")} returns {@code true}, then
+     * this {@code Session} has permission to read access control content stored
+     * at an item at {@code path}. </li>
+     * <li> {@link #ACTION_MODIFY_ACCESS_CONTROL {@code modify_access_control}}: If
+     * {@code hasPermission(path, "modify_access_control")} returns {@code true}, then
+     * this {@code Session} has permission to modify access control content
+     * at an item at {@code path}. </li>
+     * <li> {@link #ACTION_USER_MANAGEMENT {@code user_management}}: If
+     * {@code hasPermission(path, "user_management")} returns {@code true}, then
+     * this {@code Session} has permission to perform user management operations
+     * at an item at {@code path}. </li>
+     * </ul>
+     *
+     * When more than one action is specified, this method will only return
+     * {@code true} if this {@code Session} has permission to perform <i>all</i>
+     * of the listed actions at the specified path.
+     * <p>
+     * The information returned through this method will only reflect the permission
+     * status (both JCR defined and implementation-specific) and not
+     * other restrictions that may exist, such as node type or other
+     * implementation enforced constraints. For example, even though
+     * {@code hasPermission} may indicate that a particular {@code Session} may
+     * add a property at {@code /A/B/C}, the node type of the node at {@code /A/B}
+     * may prevent the addition of a property called {@code C}.
+     *
+     * @param absPath an absolute path.
+     * @param actions one or serveral actions.
+     * @return {@code true} if this {@code Session} has permission to
+     *         perform the specified actions at the specified
+     *         {@code absPath}.
+     * @throws RepositoryException if an error occurs.
+     * @see {@link Session#hasPermission(String, String)}
+     */
+    public boolean hasPermission(@Nonnull String absPath, @Nonnull String... actions) throws
RepositoryException;
+
+    /**
      * Returns the <code>PrincipalManager</code> for the current <code>Session</code>.
      *
      * @return the <code>PrincipalManager</code> associated with this <code>Session</code>.

Modified: jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/SessionImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/SessionImpl.java?rev=1693235&r1=1693234&r2=1693235&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/SessionImpl.java
(original)
+++ jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/SessionImpl.java
Wed Jul 29 10:20:34 2015
@@ -677,6 +677,14 @@ public class SessionImpl extends Abstrac
 
     //----------------------------------------------------< JackrabbitSession >
     /**
+     * @see JackrabbitSession#hasPermission(String, String...)
+     */
+    @Override
+    public boolean hasPermission(String absPath, String... actions) throws RepositoryException
{
+        return hasPermission(absPath, Text.implode(actions, ","));
+    }
+
+    /**
      * @see JackrabbitSession#getPrincipalManager()
      */
     public PrincipalManager getPrincipalManager() throws RepositoryException, AccessDeniedException
{

Modified: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/integration/SessionImplTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/integration/SessionImplTest.java?rev=1693235&r1=1693234&r2=1693235&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/integration/SessionImplTest.java
(original)
+++ jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/integration/SessionImplTest.java
Wed Jul 29 10:20:34 2015
@@ -25,6 +25,7 @@ import javax.jcr.Session;
 import javax.jcr.SimpleCredentials;
 import javax.security.auth.Subject;
 
+import org.apache.jackrabbit.api.JackrabbitSession;
 import org.apache.jackrabbit.core.RepositoryImpl;
 import org.apache.jackrabbit.core.SessionImpl;
 import org.apache.jackrabbit.core.id.NodeId;
@@ -174,4 +175,31 @@ public class SessionImplTest extends Abs
         assertFalse(superuser.itemExists(dummyPath));
         assertFalse(superuser.nodeExists(dummyPath));
     }
+
+    /**
+     * @see <a href="https://issues.apache.org/jira/browse/JCR-3885">JCR-3885</a>
+     */
+    public void testSessionHasPermission() throws Exception {
+        JackrabbitSession js = (JackrabbitSession) superuser;
+
+        assertEquals(superuser.hasPermission("/", Session.ACTION_READ), js.hasPermission("/",
new String[] {Session.ACTION_READ}));
+        assertEquals(superuser.hasPermission("/", Session.ACTION_READ + "," + Session.ACTION_ADD_NODE)
, js.hasPermission("/", Session.ACTION_READ, Session.ACTION_ADD_NODE));
+
+        try {
+            js.hasPermission("/", new String[0]);
+            fail();
+        } catch (IllegalArgumentException e) {
+            // success
+        }
+
+        try {
+            js.hasPermission("/", new String[] {""});
+            fail();
+        } catch (IllegalArgumentException e) {
+            // success
+        }
+
+        // note: that's a bit unexpected
+        assertEquals(superuser.hasPermission("/", ",,"), js.hasPermission("/", "", "", ""));
+    }
 }

Modified: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/UserImporterTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/UserImporterTest.java?rev=1693235&r1=1693234&r2=1693235&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/UserImporterTest.java
(original)
+++ jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/UserImporterTest.java
Wed Jul 29 10:20:34 2015
@@ -1582,6 +1582,11 @@ public class UserImporterTest extends Ab
         private DummySession() {
         }
 
+        @Override
+        public boolean hasPermission(String absPath, String... actions) throws RepositoryException
{
+            return false;
+        }
+
         public PrincipalManager getPrincipalManager() throws AccessDeniedException, UnsupportedRepositoryOperationException,
RepositoryException {
             return null;
         }



Mime
View raw message