Search in sources :

Example 1 with ReadOnlyNodeTypeManager

use of org.apache.jackrabbit.oak.plugins.nodetype.ReadOnlyNodeTypeManager in project jackrabbit-oak by apache.

the class CugAccessControlManagerTest method testRemovePolicyRemovesMixin.

@Test
public void testRemovePolicyRemovesMixin() throws Exception {
    ReadOnlyNodeTypeManager ntMgr = ReadOnlyNodeTypeManager.getInstance(root, NamePathMapper.DEFAULT);
    CugPolicy cug = getApplicableCug(SUPPORTED_PATH);
    cugAccessControlManager.setPolicy(SUPPORTED_PATH, cug);
    root.commit();
    assertTrue(ntMgr.isNodeType(root.getTree(SUPPORTED_PATH), MIX_REP_CUG_MIXIN));
    cugAccessControlManager.removePolicy(SUPPORTED_PATH, cugAccessControlManager.getPolicies(SUPPORTED_PATH)[0]);
    root.commit();
    assertFalse(ntMgr.isNodeType(root.getTree(SUPPORTED_PATH), MIX_REP_CUG_MIXIN));
}
Also used : CugPolicy(org.apache.jackrabbit.oak.spi.security.authorization.cug.CugPolicy) ReadOnlyNodeTypeManager(org.apache.jackrabbit.oak.plugins.nodetype.ReadOnlyNodeTypeManager) Test(org.junit.Test)

Example 2 with ReadOnlyNodeTypeManager

use of org.apache.jackrabbit.oak.plugins.nodetype.ReadOnlyNodeTypeManager in project jackrabbit-oak by apache.

the class AuthorizablePropertiesImpl method getAuthorizableProperty.

/**
     * Returns the valid authorizable property identified by the specified
     * property location or {@code null} if that property does not exist or
     * isn't a authorizable property because it is protected or outside of the
     * scope of the {@code authorizableTree}.
     *
     * @param authorizableTree The tree of the target authorizable.
     * @param propertyLocation Location to be tested.
     * @param verifyAncestor   If true the property is tested to be a descendant
     *                         of the node of this authorizable; otherwise it is expected that this
     *                         test has been executed by the caller.
     * @return a valid authorizable property or {@code null} if no such property
     *         exists or fi the property is protected or not defined by the rep:authorizable
     *         node type or one of it's sub-node types.
     * @throws RepositoryException If an error occurs.
     */
@CheckForNull
private PropertyState getAuthorizableProperty(@Nonnull Tree authorizableTree, @Nonnull TreeLocation propertyLocation, boolean verifyAncestor) throws RepositoryException {
    PropertyState property = propertyLocation.getProperty();
    if (property == null) {
        return null;
    }
    String authorizablePath = authorizableTree.getPath();
    if (verifyAncestor && !Text.isDescendant(authorizablePath, propertyLocation.getPath())) {
        log.debug("Attempt to access property outside of authorizable scope.");
        return null;
    }
    Tree parent = propertyLocation.getParent().getTree();
    if (parent == null) {
        log.debug("Unable to determine definition of authorizable property at " + propertyLocation.getPath());
        return null;
    }
    ReadOnlyNodeTypeManager nodeTypeManager = authorizable.getUserManager().getNodeTypeManager();
    PropertyDefinition def = nodeTypeManager.getDefinition(parent, property, true);
    if (def.isProtected() || (authorizablePath.equals(parent.getPath()) && !def.getDeclaringNodeType().isNodeType(UserConstants.NT_REP_AUTHORIZABLE))) {
        return null;
    }
    return property;
}
Also used : Tree(org.apache.jackrabbit.oak.api.Tree) ReadOnlyNodeTypeManager(org.apache.jackrabbit.oak.plugins.nodetype.ReadOnlyNodeTypeManager) PropertyDefinition(javax.jcr.nodetype.PropertyDefinition) PropertyState(org.apache.jackrabbit.oak.api.PropertyState) CheckForNull(javax.annotation.CheckForNull)

Example 3 with ReadOnlyNodeTypeManager

use of org.apache.jackrabbit.oak.plugins.nodetype.ReadOnlyNodeTypeManager in project jackrabbit-oak by apache.

the class AuthorizablePropertiesImpl method checkProtectedProperty.

private void checkProtectedProperty(@Nonnull Tree parent, @Nonnull PropertyState property) throws RepositoryException {
    ReadOnlyNodeTypeManager nodeTypeManager = authorizable.getUserManager().getNodeTypeManager();
    PropertyDefinition def = nodeTypeManager.getDefinition(parent, property, false);
    if (def.isProtected()) {
        throw new ConstraintViolationException("Attempt to set an protected property " + property.getName());
    }
}
Also used : ConstraintViolationException(javax.jcr.nodetype.ConstraintViolationException) ReadOnlyNodeTypeManager(org.apache.jackrabbit.oak.plugins.nodetype.ReadOnlyNodeTypeManager) PropertyDefinition(javax.jcr.nodetype.PropertyDefinition)

Example 4 with ReadOnlyNodeTypeManager

use of org.apache.jackrabbit.oak.plugins.nodetype.ReadOnlyNodeTypeManager in project jackrabbit-oak by apache.

the class PasswordExpiryTest method testCreateUser.

@Test
public void testCreateUser() throws Exception {
    String newUserId = "newuser" + UUID.randomUUID();
    User user = null;
    try {
        user = getUserManager(root).createUser(newUserId, newUserId);
        root.commit();
        Tree pwdTree = root.getTree(user.getPath()).getChild(UserConstants.REP_PWD);
        assertTrue(pwdTree.exists());
        assertTrue(TreeUtil.isNodeType(pwdTree, UserConstants.NT_REP_PASSWORD, root.getTree(NodeTypeConstants.NODE_TYPES_PATH)));
        ReadOnlyNodeTypeManager ntMgr = ReadOnlyNodeTypeManager.getInstance(root, getNamePathMapper());
        assertTrue(ntMgr.getDefinition(pwdTree.getParent(), pwdTree).isProtected());
        PropertyState property = pwdTree.getProperty(UserConstants.REP_PASSWORD_LAST_MODIFIED);
        assertNotNull(property);
        assertEquals(Type.LONG, property.getType());
        assertTrue(property.getValue(Type.LONG, 0) > 0);
        // protected properties must not be exposed by User#hasProperty
        assertFalse(user.hasProperty(UserConstants.REP_PWD + "/" + UserConstants.REP_PASSWORD_LAST_MODIFIED));
    } finally {
        if (user != null) {
            user.remove();
            root.commit();
        }
    }
}
Also used : User(org.apache.jackrabbit.api.security.user.User) Tree(org.apache.jackrabbit.oak.api.Tree) ReadOnlyNodeTypeManager(org.apache.jackrabbit.oak.plugins.nodetype.ReadOnlyNodeTypeManager) PropertyState(org.apache.jackrabbit.oak.api.PropertyState) AbstractSecurityTest(org.apache.jackrabbit.oak.AbstractSecurityTest) Test(org.junit.Test)

Example 5 with ReadOnlyNodeTypeManager

use of org.apache.jackrabbit.oak.plugins.nodetype.ReadOnlyNodeTypeManager in project jackrabbit-oak by apache.

the class IndexDefinition method collectIndexRules.

private Map<String, List<IndexingRule>> collectIndexRules(NodeState indexRules, List<IndexingRule> definedIndexRules) {
    if (!indexRules.exists()) {
        return Collections.emptyMap();
    }
    if (!hasOrderableChildren(indexRules)) {
        log.warn("IndexRule node does not have orderable children in [{}]", IndexDefinition.this);
    }
    Map<String, List<IndexingRule>> nt2rules = newHashMap();
    ReadOnlyNodeTypeManager ntReg = createNodeTypeManager(TreeFactory.createReadOnlyTree(root));
    //Use Tree API to read ordered child nodes
    Tree ruleTree = TreeFactory.createReadOnlyTree(indexRules);
    final List<String> allNames = getAllNodeTypes(ntReg);
    for (Tree ruleEntry : ruleTree.getChildren()) {
        IndexingRule rule = new IndexingRule(ruleEntry.getName(), indexRules.getChildNode(ruleEntry.getName()));
        definedIndexRules.add(rule);
        // register under node type and all its sub types
        log.trace("Found rule '{}' for NodeType '{}'", rule, rule.getNodeTypeName());
        List<String> ntNames = allNames;
        if (!rule.inherited) {
            //Trim the list to rule's nodeType so that inheritance check
            //is not performed for other nodeTypes
            ntNames = Collections.singletonList(rule.getNodeTypeName());
        }
        for (String ntName : ntNames) {
            if (ntReg.isNodeType(ntName, rule.getNodeTypeName())) {
                List<IndexingRule> perNtConfig = nt2rules.get(ntName);
                if (perNtConfig == null) {
                    perNtConfig = new ArrayList<IndexingRule>();
                    nt2rules.put(ntName, perNtConfig);
                }
                log.trace("Registering rule '{}' for name '{}'", rule, ntName);
                perNtConfig.add(new IndexingRule(rule, ntName));
            }
        }
    }
    for (Map.Entry<String, List<IndexingRule>> e : nt2rules.entrySet()) {
        e.setValue(ImmutableList.copyOf(e.getValue()));
    }
    return ImmutableMap.copyOf(nt2rules);
}
Also used : Tree(org.apache.jackrabbit.oak.api.Tree) List(java.util.List) Lists.newArrayList(com.google.common.collect.Lists.newArrayList) ArrayList(java.util.ArrayList) ImmutableList(com.google.common.collect.ImmutableList) ReadOnlyNodeTypeManager(org.apache.jackrabbit.oak.plugins.nodetype.ReadOnlyNodeTypeManager) Map(java.util.Map) ImmutableMap(com.google.common.collect.ImmutableMap) Maps.newHashMap(com.google.common.collect.Maps.newHashMap)

Aggregations

ReadOnlyNodeTypeManager (org.apache.jackrabbit.oak.plugins.nodetype.ReadOnlyNodeTypeManager)5 Tree (org.apache.jackrabbit.oak.api.Tree)3 PropertyDefinition (javax.jcr.nodetype.PropertyDefinition)2 PropertyState (org.apache.jackrabbit.oak.api.PropertyState)2 Test (org.junit.Test)2 ImmutableList (com.google.common.collect.ImmutableList)1 ImmutableMap (com.google.common.collect.ImmutableMap)1 Lists.newArrayList (com.google.common.collect.Lists.newArrayList)1 Maps.newHashMap (com.google.common.collect.Maps.newHashMap)1 ArrayList (java.util.ArrayList)1 List (java.util.List)1 Map (java.util.Map)1 CheckForNull (javax.annotation.CheckForNull)1 ConstraintViolationException (javax.jcr.nodetype.ConstraintViolationException)1 User (org.apache.jackrabbit.api.security.user.User)1 AbstractSecurityTest (org.apache.jackrabbit.oak.AbstractSecurityTest)1 CugPolicy (org.apache.jackrabbit.oak.spi.security.authorization.cug.CugPolicy)1