private void writePrivilegeNode(@NotNull Tree privilegesTree, @NotNull PrivilegeDefinition definition) throws RepositoryException { String name = definition.getName(); Tree privNode = TreeUtil.addChild(privilegesTree, name, NT_REP_PRIVILEGE); if (definition.isAbstract()) { privNode.setProperty(REP_IS_ABSTRACT, true); } Set<String> declAggrNames = definition.getDeclaredAggregateNames(); boolean isAggregate = !declAggrNames.isEmpty(); if (isAggregate) { privNode.setProperty(REP_AGGREGATES, declAggrNames, Type.NAMES); } PrivilegeBits bits; if (PrivilegeBits.BUILT_IN.containsKey(name)) { bits = PrivilegeBits.BUILT_IN.get(name); } else if (isAggregate) { bits = bitsMgr.getBits(declAggrNames); if (bits.isEmpty()) { throw new RepositoryException("Illegal aggregation of non-exising privileges on '" + name + "'."); } } else { bits = next(); } bits.writeTo(privNode); }
private void writePrivilegeNode(Tree privilegesTree, PrivilegeDefinition definition) throws RepositoryException { String name = definition.getName(); Tree privNode = TreeUtil.addChild(privilegesTree, name, NT_REP_PRIVILEGE); if (definition.isAbstract()) { privNode.setProperty(REP_IS_ABSTRACT, true); } Set<String> declAggrNames = definition.getDeclaredAggregateNames(); boolean isAggregate = declAggrNames.size() > 0; if (isAggregate) { privNode.setProperty(REP_AGGREGATES, declAggrNames, Type.NAMES); } PrivilegeBits bits; if (PrivilegeBits.BUILT_IN.containsKey(name)) { bits = PrivilegeBits.BUILT_IN.get(name); } else if (isAggregate) { bits = bitsMgr.getBits(declAggrNames); } else { bits = next(); } bits.writeTo(privNode); }
private void writePrivilegeNode(@NotNull Tree privilegesTree, @NotNull PrivilegeDefinition definition) throws RepositoryException { String name = definition.getName(); Tree privNode = TreeUtil.addChild(privilegesTree, name, NT_REP_PRIVILEGE); if (definition.isAbstract()) { privNode.setProperty(REP_IS_ABSTRACT, true); } Set<String> declAggrNames = definition.getDeclaredAggregateNames(); boolean isAggregate = !declAggrNames.isEmpty(); if (isAggregate) { privNode.setProperty(REP_AGGREGATES, declAggrNames, Type.NAMES); } PrivilegeBits bits; if (PrivilegeBits.BUILT_IN.containsKey(name)) { bits = PrivilegeBits.BUILT_IN.get(name); } else if (isAggregate) { bits = bitsMgr.getBits(declAggrNames); if (bits.isEmpty()) { throw new RepositoryException("Illegal aggregation of non-exising privileges on '" + name + "'."); } } else { bits = next(); } bits.writeTo(privNode); }
/** * @param definitions The privilege definitions to write to the repository. * @throws RepositoryException If the privilege store is missing or if there is a privilege registered with the same name. */ private void writeDefinitions(@NotNull Iterable<PrivilegeDefinition> definitions) throws RepositoryException { try { // make sure the privileges path is defined Tree privilegesTree = root.getTree(PRIVILEGES_PATH); if (!privilegesTree.exists()) { throw new RepositoryException("Privilege store does not exist."); } for (PrivilegeDefinition definition : definitions) { if (privilegesTree.hasChild(definition.getName())) { throw new RepositoryException("Privilege definition with name '" + definition.getName() + "' already exists."); } writePrivilegeNode(privilegesTree, definition); } /* update the property storing the next privilege bits with the privileges root tree. this is a cheap way to detect collisions that may arise from concurrent registration of custom privileges. */ getNext().writeTo(privilegesTree); // delegate validation to the commit validation (see above) root.commit(); } catch (CommitFailedException e) { throw e.asRepositoryException(); } }
/** * @param definitions The privilege definitions to write to the repository. * @throws RepositoryException If the privilege store is missing or if there is a privilege registered with the same name. */ private void writeDefinitions(@NotNull Iterable<PrivilegeDefinition> definitions) throws RepositoryException { try { // make sure the privileges path is defined Tree privilegesTree = root.getTree(PRIVILEGES_PATH); if (!privilegesTree.exists()) { throw new RepositoryException("Privilege store does not exist."); } for (PrivilegeDefinition definition : definitions) { if (privilegesTree.hasChild(definition.getName())) { throw new RepositoryException("Privilege definition with name '" + definition.getName() + "' already exists."); } writePrivilegeNode(privilegesTree, definition); } /* update the property storing the next privilege bits with the privileges root tree. this is a cheap way to detect collisions that may arise from concurrent registration of custom privileges. */ getNext().writeTo(privilegesTree); // delegate validation to the commit validation (see above) root.commit(); } catch (CommitFailedException e) { throw e.asRepositoryException(); } }
@Test public void testAggregatesIncludesJcrAll() throws Exception { try { Tree privTree = createPrivilegeTree("test"); privTree.setProperty(PropertyStates.createProperty(REP_AGGREGATES, ImmutableList.of(JCR_ALL, JCR_READ, JCR_WRITE), Type.NAMES)); PrivilegeBits.getInstance(bitsProvider.getBits(JCR_ALL, JCR_READ, JCR_WRITE)).writeTo(privTree); root.commit(); fail("Aggregation containing jcr:all is invalid."); } catch (CommitFailedException e) { // success assertTrue(e.isConstraintViolation()); assertEquals(53, e.getCode()); } finally { root.refresh(); } }
@Test public void testBitsConflict() { try { Tree privTree = createPrivilegeTree("test"); bitsProvider.getBits(JCR_READ).writeTo(privTree); root.commit(); fail("Conflicting privilege bits property must be detected."); } catch (CommitFailedException e) { // success assertTrue(e.isConstraintViolation()); assertEquals(49, e.getCode()); } finally { root.refresh(); } }
@Test public void testNextNotUpdated() { try { Tree privTree = createPrivilegeTree("test"); PrivilegeBits.getInstance(privilegesTree).writeTo(privTree); root.commit(); fail("Outdated rep:next property must be detected."); } catch (CommitFailedException e) { // success assertTrue(e.isConstraintViolation()); assertEquals(43, e.getCode()); } finally { root.refresh(); } }
@Test public void testSingularAggregation() { try { Tree privTree = createPrivilegeTree("test"); privTree.setProperty(PropertyStates.createProperty(REP_AGGREGATES, Collections.singletonList(JCR_READ), Type.NAMES)); PrivilegeBits.getInstance(bitsProvider.getBits(JCR_READ)).writeTo(privTree); root.commit(); fail("Aggregation of a single privilege is invalid."); } catch (CommitFailedException e) { // success assertTrue(e.isConstraintViolation()); assertEquals(50, e.getCode()); } finally { root.refresh(); } }
/** * @param definitions * @throws RepositoryException */ private void writeDefinitions(Iterable<PrivilegeDefinition> definitions) throws RepositoryException { try { // make sure the privileges path is defined Tree privilegesTree = root.getTree(PRIVILEGES_PATH); if (!privilegesTree.exists()) { throw new RepositoryException("Privilege store does not exist."); } for (PrivilegeDefinition definition : definitions) { if (privilegesTree.hasChild(definition.getName())) { throw new RepositoryException("Privilege definition with name '" + definition.getName() + "' already exists."); } writePrivilegeNode(privilegesTree, definition); } /* update the property storing the next privilege bits with the privileges root tree. this is a cheap way to detect collisions that may arise from concurrent registration of custom privileges. */ getNext().writeTo(privilegesTree); // delegate validation to the commit validation (see above) root.commit(); } catch (CommitFailedException e) { throw e.asRepositoryException(); } }