static ReadStatus create(PermissionEntry pe, long permission, boolean skipped) { /* best effort: read status is only calculated if - no permission entries have been filtered out (e.g. an entry that only applies to certain properties and thus not to the target tree itself) - the target does not define access control content - the matching entry doesn't contain any restrictions */ if (skipped || permission == Permissions.READ_ACCESS_CONTROL || pe.restriction != RestrictionPattern.EMPTY) { return (pe.isAllow) ? ALLOW_THIS : DENY_THIS; } else { if (pe.privilegeBits.includes(READ_BITS)) { return (pe.isAllow) ? ALLOW_ALL : DENY_ALL; } else if (pe.privilegeBits.includes(READ_PROPERTIES_BITS)) { return (pe.isAllow) ? ALLOW_THIS_PROPERTIES : DENY_THIS_PROPERTIES; } else { return (pe.isAllow) ? ALLOW_THIS : DENY_THIS; } } }
static ReadStatus create(PermissionEntry pe, long permission, boolean skipped) { /* best effort: read status is only calculated if - no permission entries have been filtered out (e.g. an entry that only applies to certain properties and thus not to the target tree itself) - the target does not define access control content - the matching entry doesn't contain any restrictions */ if (skipped || permission == Permissions.READ_ACCESS_CONTROL || pe.restriction != RestrictionPattern.EMPTY) { return (pe.isAllow) ? ALLOW_THIS : DENY_THIS; } else { if (pe.privilegeBits.includes(READ_BITS)) { return (pe.isAllow) ? ALLOW_ALL : DENY_ALL; } else if (pe.privilegeBits.includes(READ_PROPERTIES_BITS)) { return (pe.isAllow) ? ALLOW_THIS_PROPERTIES : DENY_THIS_PROPERTIES; } else { return (pe.isAllow) ? ALLOW_THIS : DENY_THIS; } } }
static ReadStatus create(PermissionEntry pe, long permission, boolean skipped) { /* best effort: read status is only calculated if - no permission entries have been filtered out (e.g. an entry that only applies to certain properties and thus not to the target tree itself) - the target does not define access control content - the matching entry doesn't contain any restrictions */ if (skipped || permission == Permissions.READ_ACCESS_CONTROL || pe.restriction != RestrictionPattern.EMPTY) { return (pe.isAllow) ? ALLOW_THIS : DENY_THIS; } else { if (pe.privilegeBits.includes(READ_BITS)) { return (pe.isAllow) ? ALLOW_ALL : DENY_ALL; } else if (pe.privilegeBits.includes(READ_PROPERTIES_BITS)) { return (pe.isAllow) ? ALLOW_THIS_PROPERTIES : DENY_THIS_PROPERTIES; } else { return (pe.isAllow) ? ALLOW_THIS : DENY_THIS; } } }
@Override public boolean hasPrivileges(@Nullable Tree tree, @Nonnull String... privilegeNames) { return internalGetPrivileges(tree).includes(bitsProvider.getBits(privilegeNames)); }
@Override public boolean hasPrivileges(@Nullable Tree tree, @NotNull String... privilegeNames) { return internalGetPrivileges(tree).includes(bitsProvider.getBits(privilegeNames)); }
@Override public boolean hasPrivileges(@Nullable Tree tree, @NotNull String... privilegeNames) { return internalGetPrivileges(tree).includes(bitsProvider.getBits(privilegeNames)); }
@Override public boolean canRead(@NotNull PropertyState property) { boolean isAcTree = isAcTree(); if (!isAcTree && isReadableTree) { return true; } if (readStatus != null && readStatus.allowsProperties()) { return true; } long permission = (isAcTree) ? Permissions.READ_ACCESS_CONTROL : Permissions.READ_PROPERTY; Iterator<PermissionEntry> it = getIterator(property, permission); while (it.hasNext()) { PermissionEntry entry = it.next(); if (entry.privilegeBits.includes(READ_BITS.get(permission))) { return entry.isAllow; } } return false; }
@Override public boolean canRead() { boolean isAcTree = isAcTree(); if (!isAcTree && isReadableTree) { return true; } if (readStatus == null) { readStatus = ReadStatus.DENY_THIS; long permission = (isAcTree) ? Permissions.READ_ACCESS_CONTROL : Permissions.READ_NODE; PrivilegeBits requiredBits = READ_BITS.get(permission); Iterator<PermissionEntry> it = getIterator(null, permission); while (it.hasNext()) { PermissionEntry entry = it.next(); if (entry.privilegeBits.includes(requiredBits)) { readStatus = ReadStatus.create(entry, permission, skipped); break; } else if (permission == Permissions.READ_NODE && entry.privilegeBits.includes(READ_BITS.get(Permissions.READ_PROPERTY))) { skipped = true; } } } return readStatus.allowsThis(); }
@Override public boolean canRead(@Nonnull PropertyState property) { boolean isAcTree = isAcTree(); if (!isAcTree && isReadableTree) { return true; } if (readStatus != null && readStatus.allowsProperties()) { return true; } long permission = (isAcTree) ? Permissions.READ_ACCESS_CONTROL : Permissions.READ_PROPERTY; Iterator<PermissionEntry> it = getIterator(property, permission); while (it.hasNext()) { PermissionEntry entry = it.next(); if (entry.privilegeBits.includes(READ_BITS.get(permission))) { return entry.isAllow; } } return false; }
@Override public boolean canRead() { boolean isAcTree = isAcTree(); if (!isAcTree && isReadableTree) { return true; } if (readStatus == null) { readStatus = ReadStatus.DENY_THIS; long permission = (isAcTree) ? Permissions.READ_ACCESS_CONTROL : Permissions.READ_NODE; PrivilegeBits requiredBits = READ_BITS.get(permission); Iterator<PermissionEntry> it = getIterator(null, permission); while (it.hasNext()) { PermissionEntry entry = it.next(); if (entry.privilegeBits.includes(requiredBits)) { readStatus = ReadStatus.create(entry, permission, skipped); break; } else if (permission == Permissions.READ_NODE && entry.privilegeBits.includes(READ_BITS.get(Permissions.READ_PROPERTY))) { skipped = true; } } } return readStatus.allowsThis(); }
@Override public boolean canRead(@NotNull PropertyState property) { boolean isAcTree = isAcTree(); if (!isAcTree && isReadableTree) { return true; } if (readStatus != null && readStatus.allowsProperties()) { return true; } long permission = (isAcTree) ? Permissions.READ_ACCESS_CONTROL : Permissions.READ_PROPERTY; Iterator<PermissionEntry> it = getIterator(property, permission); while (it.hasNext()) { PermissionEntry entry = it.next(); if (entry.privilegeBits.includes(READ_BITS.get(permission))) { return entry.isAllow; } } return false; }
@Override public boolean canRead() { boolean isAcTree = isAcTree(); if (!isAcTree && isReadableTree) { return true; } if (readStatus == null) { readStatus = ReadStatus.DENY_THIS; long permission = (isAcTree) ? Permissions.READ_ACCESS_CONTROL : Permissions.READ_NODE; PrivilegeBits requiredBits = READ_BITS.get(permission); Iterator<PermissionEntry> it = getIterator(null, permission); while (it.hasNext()) { PermissionEntry entry = it.next(); if (entry.privilegeBits.includes(requiredBits)) { readStatus = ReadStatus.create(entry, permission, skipped); break; } else if (permission == Permissions.READ_NODE && entry.privilegeBits.includes(READ_BITS.get(Permissions.READ_PROPERTY))) { skipped = true; } } } return readStatus.allowsThis(); }
@Test public void testIncludes() { // empty assertTrue(PrivilegeBits.EMPTY.includes(PrivilegeBits.EMPTY)); // other privilege bits PrivilegeBits pb = READ_NODES_PRIVILEGE_BITS; PrivilegeBits mod = PrivilegeBits.getInstance(); for (int i = 0; i < 100; i++) { assertFalse(PrivilegeBits.EMPTY.includes(pb)); assertTrue(pb.includes(PrivilegeBits.EMPTY)); mod.add(pb); assertTrue(mod.includes(pb)); PrivilegeBits nxt = pb.nextBits(); assertTrue(nxt.includes(nxt)); assertTrue(nxt.includes(PrivilegeBits.getInstance(nxt))); assertFalse(pb + " should not include " + nxt, pb.includes(nxt)); assertFalse(nxt + " should not include " + pb, nxt.includes(pb)); assertFalse(mod.includes(nxt)); assertFalse(nxt.includes(mod)); pb = nxt; } }
return hasPrivileges && coveredPrivs.includes(privilegeBits);
return hasPrivileges && coveredPrivs.includes(privilegeBits);
return hasPrivileges && coveredPrivs.includes(privilegeBits);
@Test public void testGetPrivileges() throws Exception { PrivilegeBitsProvider pbp = new PrivilegeBitsProvider(readOnlyRoot); PrivilegeBits readNodes = pbp.getBits(REP_READ_NODES); Set<String> expected = ImmutableSet.of(REP_READ_NODES); for (String path : defPrivileges.keySet()) { Set<String> defaultPrivs = defPrivileges.get(path); Tree tree = readOnlyRoot.getTree(path); Set<String> privNames = cppTestUser.getPrivileges(tree); if (pbp.getBits(defaultPrivs).includes(readNodes)) { assertEquals(expected, privNames); } else { assertTrue(privNames.isEmpty()); } } }
@Test public void testHasPrivileges() throws Exception { PrivilegeBitsProvider pbp = new PrivilegeBitsProvider(readOnlyRoot); PrivilegeBits readNodes = pbp.getBits(REP_READ_NODES); for (String path : defPrivileges.keySet()) { Set<String> defaultPrivs = defPrivileges.get(path); PrivilegeBits defaultBits = pbp.getBits(defaultPrivs); Tree tree = readOnlyRoot.getTree(path); if (defaultPrivs.isEmpty()) { assertFalse(path, cppTestUser.hasPrivileges(tree, REP_READ_NODES)); } else if (defaultBits.includes(readNodes)) { assertTrue(path, cppTestUser.hasPrivileges(tree, REP_READ_NODES)); if (!readNodes.equals(defaultBits)) { assertFalse(path, cppTestUser.hasPrivileges(tree, defaultPrivs.toArray(new String[defaultPrivs.size()]))); } } else { assertFalse(path, cppTestUser.hasPrivileges(tree, REP_READ_NODES)); assertFalse(path, cppTestUser.hasPrivileges(tree, defaultPrivs.toArray(new String[defaultPrivs.size()]))); } } }
@Test public void testRetainSimple() { PrivilegeBits pb = PrivilegeBits.getInstance(READ_NODES_PRIVILEGE_BITS); assertEquals(pb, pb.retain(pb)); assertEquals(pb, pb.retain(READ_NODES_PRIVILEGE_BITS)); pb = PrivilegeBits.getInstance(READ_NODES_PRIVILEGE_BITS); pb.retain(PrivilegeBits.getInstance()); assertTrue(pb.isEmpty()); pb = PrivilegeBits.getInstance(READ_NODES_PRIVILEGE_BITS); pb.retain(PrivilegeBits.EMPTY); assertTrue(pb.isEmpty()); PrivilegeBits write = PrivilegeBits.BUILT_IN.get(PrivilegeBits.REP_WRITE); pb = PrivilegeBits.getInstance().add(write); assertEquals(pb, pb.retain(pb)); assertEquals(pb, pb.retain(write)); pb.retain(READ_NODES_PRIVILEGE_BITS); assertTrue(pb.isEmpty()); pb.add(READ_NODES_PRIVILEGE_BITS).add(write); pb.retain(write); assertEquivalent(write, pb); assertFalse(pb.includes(READ_NODES_PRIVILEGE_BITS)); PrivilegeBits lock = PrivilegeBits.BUILT_IN.get(PrivilegeBits.JCR_LOCK_MANAGEMENT); PrivilegeBits lw = PrivilegeBits.getInstance(write, lock); pb.add(READ_NODES_PRIVILEGE_BITS).add(write).add(lock); pb.retain(lw); assertEquivalent(lw, pb); assertFalse(pb.includes(READ_NODES_PRIVILEGE_BITS)); }