private static boolean doEvaluate(PrivilegeBits supportedPrivileges) { return !supportedPrivileges.isEmpty(); }
private static boolean doEvaluate(PrivilegeBits supportedPrivileges) { return !supportedPrivileges.isEmpty(); }
private static boolean doEvaluate(PrivilegeBits supportedPrivileges) { return !supportedPrivileges.isEmpty(); }
public ACE(Principal principal, PrivilegeBits privilegeBits, boolean isAllow, Set<Restriction> restrictions, NamePathMapper namePathMapper) throws AccessControlException { if (principal == null || privilegeBits == null || privilegeBits.isEmpty()) { throw new AccessControlException(); } this.principal = principal; this.privilegeBits = privilegeBits; this.isAllow = isAllow; this.restrictions = (restrictions == null) ? Collections.<Restriction>emptySet() : ImmutableSet.copyOf(restrictions); this.namePathMapper = namePathMapper; }
public ACE(Principal principal, PrivilegeBits privilegeBits, boolean isAllow, Set<Restriction> restrictions, NamePathMapper namePathMapper) throws AccessControlException { if (principal == null || privilegeBits == null || privilegeBits.isEmpty()) { throw new AccessControlException(); } this.principal = principal; this.privilegeBits = privilegeBits; this.isAllow = isAllow; this.restrictions = (restrictions == null) ? Collections.<Restriction>emptySet() : ImmutableSet.copyOf(restrictions); this.namePathMapper = namePathMapper; this.valueFactory = new PartialValueFactory(namePathMapper); }
@NotNull @Override public PrivilegeBits supportedPrivileges(@Nullable Tree tree, @Nullable PrivilegeBits privilegeBits) { if (tree == null) { return PrivilegeBits.EMPTY; } PrivilegeBits pb; if (privilegeBits == null) { pb = PrivilegeBits.BUILT_IN.get(PrivilegeConstants.JCR_READ); } else { pb = PrivilegeBits.getInstance(privilegeBits); pb.retain(PrivilegeBits.BUILT_IN.get(PrivilegeConstants.JCR_READ)); } if (pb.isEmpty() || !includesCug(tree)) { return PrivilegeBits.EMPTY; } else { return pb; } }
@NotNull @Override public PrivilegeBits supportedPrivileges(@Nullable Tree tree, @Nullable PrivilegeBits privilegeBits) { if (tree == null) { return PrivilegeBits.EMPTY; } PrivilegeBits pb; if (privilegeBits == null) { pb = PrivilegeBits.BUILT_IN.get(PrivilegeConstants.JCR_READ); } else { pb = PrivilegeBits.getInstance(privilegeBits); pb.retain(PrivilegeBits.BUILT_IN.get(PrivilegeConstants.JCR_READ)); } if (pb.isEmpty() || !includesCug(tree)) { return PrivilegeBits.EMPTY; } else { return pb; } }
@NotNull @Override public PrivilegeBits supportedPrivileges(@Nullable Tree tree, @Nullable PrivilegeBits privilegeBits) { if (tree == null) { return PrivilegeBits.EMPTY; } PrivilegeBits pb; if (privilegeBits == null) { pb = SUPPORTED_PRIVBITS; } else { pb = PrivilegeBits.getInstance(privilegeBits); pb.retain(SUPPORTED_PRIVBITS); } if (pb.isEmpty() || !Utils.isSupportedPath(supportedPath, tree.getPath())) { return PrivilegeBits.EMPTY; } else { return pb; } }
private void writePrivilegeNode(@NotNull Tree privilegesTree, @NotNull PrivilegeDefinition definition) throws RepositoryException { String name = definition.getName(); Tree privNode = TreeUtil.addChild(privilegesTree, name, NT_REP_PRIVILEGE); if (definition.isAbstract()) { privNode.setProperty(REP_IS_ABSTRACT, true); } Set<String> declAggrNames = definition.getDeclaredAggregateNames(); boolean isAggregate = !declAggrNames.isEmpty(); if (isAggregate) { privNode.setProperty(REP_AGGREGATES, declAggrNames, Type.NAMES); } PrivilegeBits bits; if (PrivilegeBits.BUILT_IN.containsKey(name)) { bits = PrivilegeBits.BUILT_IN.get(name); } else if (isAggregate) { bits = bitsMgr.getBits(declAggrNames); if (bits.isEmpty()) { throw new RepositoryException("Illegal aggregation of non-exising privileges on '" + name + "'."); } } else { bits = next(); } bits.writeTo(privNode); }
@NotNull @Override public PrivilegeBits supportedPrivileges(@Nullable Tree tree, @Nullable PrivilegeBits privilegeBits) { PrivilegeBits supported; if (tree == null) { supported = PrivilegeBits.getInstance( PrivilegeBits.BUILT_IN.get(JCR_NAMESPACE_MANAGEMENT), PrivilegeBits.BUILT_IN.get(JCR_NODE_TYPE_DEFINITION_MANAGEMENT)); } else if (isSupported(tree)) { supported = PrivilegeBits.BUILT_IN.get(JCR_WRITE); } else { supported = PrivilegeBits.EMPTY; } if (privilegeBits != null && !supported.isEmpty()) { return PrivilegeBits.getInstance(privilegeBits).retain(supported); } else { return supported; } }
@Test public void testGetBitsBuiltInSingleton() { PrivilegeBits bits = bitsProvider.getBits(ImmutableList.of(JCR_LOCK_MANAGEMENT)); assertFalse(bits.isEmpty()); assertEquals(PrivilegeBits.BUILT_IN.get(JCR_LOCK_MANAGEMENT), bits); }
@NotNull @Override public Set<String> getPrivileges(@Nullable Tree tree) { Tree immutableTree = PermissionUtil.getReadOnlyTree(tree, immutableRoot); PrivilegeBits result = PrivilegeBits.getInstance(); PrivilegeBits denied = PrivilegeBits.getInstance(); for (AggregatedPermissionProvider aggregatedPermissionProvider : pps) { PrivilegeBits supported = aggregatedPermissionProvider.supportedPrivileges(immutableTree, null).modifiable(); if (doEvaluate(supported)) { PrivilegeBits granted = privilegeBitsProvider.getBits(aggregatedPermissionProvider.getPrivileges(immutableTree)); // add the granted privileges to the result if (!granted.isEmpty()) { result.add(granted); } if (compositionType == AND) { // update the set of denied privs by comparing the granted privs // with the complete set of supported privileges denied.add(supported.diff(granted)); } } } // subtract all denied privileges from the result if (!denied.isEmpty()) { result.diff(denied); } return privilegeBitsProvider.getPrivilegeNames(result); }
@Test public void testGetBitsBuiltInSingleName() { PrivilegeBits bits = bitsProvider.getBits(JCR_LOCK_MANAGEMENT); assertFalse(bits.isEmpty()); assertEquals(PrivilegeBits.BUILT_IN.get(JCR_LOCK_MANAGEMENT), bits); }
/** * @see org.apache.jackrabbit.oak.spi.security.authorization.permission.AggregatedPermissionProvider#supportedPrivileges(org.apache.jackrabbit.oak.api.Tree, org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeBits) */ @Test public void testSupportedPrivilegesForNullTree() { PrivilegeBits readBits = PrivilegeBits.BUILT_IN.get(PrivilegeConstants.JCR_READ); PrivilegeBits readNodeBits = PrivilegeBits.BUILT_IN.get(PrivilegeConstants.REP_READ_NODES); PrivilegeBits readPropBits = PrivilegeBits.BUILT_IN.get(PrivilegeConstants.REP_READ_PROPERTIES); PrivilegeBitsProvider provider = new PrivilegeBitsProvider(root); assertTrue(cugPermProvider.supportedPrivileges(null, readBits).isEmpty()); assertTrue(cugPermProvider.supportedPrivileges(null, readNodeBits).isEmpty()); assertTrue(cugPermProvider.supportedPrivileges(null, readPropBits).isEmpty()); assertTrue(cugPermProvider.supportedPrivileges(null, provider.getBits(PrivilegeConstants.JCR_ALL)).isEmpty()); assertTrue(cugPermProvider.supportedPrivileges(null, provider.getBits(PrivilegeConstants.REP_READ_NODES, PrivilegeConstants.JCR_READ_ACCESS_CONTROL)).isEmpty()); assertTrue(cugPermProvider.supportedPrivileges(null, provider.getBits(PrivilegeConstants.REP_WRITE)).isEmpty()); assertTrue(cugPermProvider.supportedPrivileges(null, provider.getBits(PrivilegeConstants.JCR_ADD_CHILD_NODES, PrivilegeConstants.JCR_REMOVE_CHILD_NODES, PrivilegeConstants.JCR_REMOVE_NODE)).isEmpty()); assertTrue(cugPermProvider.supportedPrivileges(null, provider.getBits(PrivilegeConstants.JCR_READ_ACCESS_CONTROL)).isEmpty()); }
@Test public void testIsEmpty() { // empty assertTrue(PrivilegeBits.EMPTY.isEmpty()); // any other bits should not be empty PrivilegeBits pb = READ_NODES_PRIVILEGE_BITS; PrivilegeBits mod = PrivilegeBits.getInstance(pb); for (int i = 0; i < 100; i++) { assertFalse(pb.isEmpty()); assertFalse(PrivilegeBits.getInstance(pb).isEmpty()); pb = pb.nextBits(); mod.add(pb); assertFalse(mod.isEmpty()); PrivilegeBits tmp = PrivilegeBits.getInstance(pb); tmp.diff(pb); assertTrue(tmp.toString(), tmp.isEmpty()); } }
@Test public void testAll() { PrivilegeBits all = bitsProvider.getBits(JCR_ALL); assertFalse(all.isEmpty()); assertEquals(Collections.singleton(JCR_ALL), bitsProvider.getPrivilegeNames(all)); }
@Test public void testSupportedPrivileges2() { for (String p : PATHS) { assertTrue(p, cugPermProvider.supportedPrivileges(root.getTree(p), null).isEmpty()); } }
@Test public void testSupportedPrivileges() { PrivilegeBits bits = new PrivilegeBitsProvider(root).getBits(PrivilegeConstants.JCR_READ); for (String p : PATHS) { assertTrue(p, cugPermProvider.supportedPrivileges(root.getTree(p), bits).isEmpty()); } }
@Test public void testGetBitsBuiltInIterable() { PrivilegeBits bits = bitsProvider.getBits(ImmutableList.of(JCR_ADD_CHILD_NODES, JCR_REMOVE_CHILD_NODES)); assertFalse(bits.isEmpty()); PrivilegeBits mod = PrivilegeBits.getInstance(bitsProvider.getBits(JCR_ADD_CHILD_NODES)).add(bitsProvider.getBits(JCR_REMOVE_CHILD_NODES)); assertEquals(bits, mod.unmodifiable()); }
@Test public void testGetBitsBuiltInNames() { PrivilegeBits bits = bitsProvider.getBits(JCR_ADD_CHILD_NODES, JCR_REMOVE_CHILD_NODES); assertFalse(bits.isEmpty()); PrivilegeBits mod = PrivilegeBits.getInstance(bitsProvider.getBits(JCR_ADD_CHILD_NODES)).add(bitsProvider.getBits(JCR_REMOVE_CHILD_NODES)); assertEquals(bits, mod.unmodifiable()); }