use of org.apache.jackrabbit.oak.spi.security.authorization.permission.AggregatedPermissionProvider in project jackrabbit-oak by apache.
the class CompositePermissionProvider method hasPrivileges.
@Override
public boolean hasPrivileges(@Nullable Tree tree, @Nonnull String... privilegeNames) {
Tree immutableTree = PermissionUtil.getImmutableTree(tree, immutableRoot);
PrivilegeBits privilegeBits = privilegeBitsProvider.getBits(privilegeNames);
if (privilegeBits.isEmpty()) {
return true;
}
boolean hasPrivileges = false;
PrivilegeBits coveredPrivs = PrivilegeBits.getInstance();
for (AggregatedPermissionProvider aggregatedPermissionProvider : pps) {
PrivilegeBits supported = aggregatedPermissionProvider.supportedPrivileges(immutableTree, privilegeBits);
if (doEvaluate(supported)) {
Set<String> supportedNames = privilegeBitsProvider.getPrivilegeNames(supported);
hasPrivileges = aggregatedPermissionProvider.hasPrivileges(immutableTree, supportedNames.toArray(new String[supportedNames.size()]));
coveredPrivs.add(supported);
if (!hasPrivileges) {
break;
}
}
}
return hasPrivileges && coveredPrivs.includes(privilegeBits);
}
use of org.apache.jackrabbit.oak.spi.security.authorization.permission.AggregatedPermissionProvider in project jackrabbit-oak by apache.
the class CompositePermissionProvider method isGranted.
@Override
public boolean isGranted(@Nonnull Tree parent, @Nullable PropertyState property, long permissions) {
Tree immParent = PermissionUtil.getImmutableTree(parent, immutableRoot);
boolean isGranted = false;
long coveredPermissions = Permissions.NO_PERMISSION;
for (AggregatedPermissionProvider aggregatedPermissionProvider : pps) {
long supportedPermissions = aggregatedPermissionProvider.supportedPermissions(immParent, property, permissions);
if (doEvaluate(supportedPermissions)) {
isGranted = aggregatedPermissionProvider.isGranted(immParent, property, supportedPermissions);
coveredPermissions |= supportedPermissions;
if (!isGranted) {
break;
}
}
}
return isGranted && coveredPermissions == permissions;
}
use of org.apache.jackrabbit.oak.spi.security.authorization.permission.AggregatedPermissionProvider in project jackrabbit-oak by apache.
the class CompositePermissionProvider method getPrivileges.
@Nonnull
@Override
public Set<String> getPrivileges(@Nullable Tree tree) {
Tree immutableTree = PermissionUtil.getImmutableTree(tree, immutableRoot);
PrivilegeBits result = PrivilegeBits.getInstance();
PrivilegeBits denied = PrivilegeBits.getInstance();
for (AggregatedPermissionProvider aggregatedPermissionProvider : pps) {
PrivilegeBits supported = aggregatedPermissionProvider.supportedPrivileges(immutableTree, null).modifiable();
if (doEvaluate(supported)) {
PrivilegeBits granted = privilegeBitsProvider.getBits(aggregatedPermissionProvider.getPrivileges(immutableTree));
// add the granted privileges to the result
if (!granted.isEmpty()) {
result.add(granted);
}
// update the set of denied privs by comparing the granted privs
// with the complete set of supported privileges
denied.add(supported.diff(granted));
}
}
// subtract all denied privileges from the result
if (!denied.isEmpty()) {
result.diff(denied);
}
return privilegeBitsProvider.getPrivilegeNames(result);
}
use of org.apache.jackrabbit.oak.spi.security.authorization.permission.AggregatedPermissionProvider in project jackrabbit-oak by apache.
the class CompositePermissionProvider method isGranted.
@Override
public boolean isGranted(@Nonnull String oakPath, @Nonnull String jcrActions) {
TreeLocation location = TreeLocation.create(immutableRoot, oakPath);
boolean isAcContent = ctx.definesLocation(location);
long permissions = Permissions.getPermissions(jcrActions, location, isAcContent);
PropertyState property = location.getProperty();
Tree tree = (property == null) ? location.getTree() : location.getParent().getTree();
if (tree != null) {
return isGranted(tree, property, permissions);
} else {
boolean isGranted = false;
long coveredPermissions = Permissions.NO_PERMISSION;
for (AggregatedPermissionProvider aggregatedPermissionProvider : pps) {
long supportedPermissions = aggregatedPermissionProvider.supportedPermissions(location, permissions);
if (doEvaluate(supportedPermissions)) {
isGranted = aggregatedPermissionProvider.isGranted(location, supportedPermissions);
coveredPermissions |= supportedPermissions;
if (!isGranted) {
break;
}
}
}
return isGranted && coveredPermissions == permissions;
}
}
use of org.apache.jackrabbit.oak.spi.security.authorization.permission.AggregatedPermissionProvider in project jackrabbit-oak by apache.
the class CompositeTreePermission method create.
private static TreePermission create(@Nonnull LazyTree lazyTree, @Nonnull String childName, @Nonnull NodeState childState, @Nonnull CompositeTreePermission parentPermission) {
switch(parentPermission.childSize) {
case 0:
return TreePermission.EMPTY;
case 1:
TreePermission parent = null;
for (TreePermission tp : parentPermission.treePermissions) {
if (isValid(tp)) {
parent = tp;
break;
}
}
return (parent == null) ? TreePermission.EMPTY : parent.getChildPermission(childName, childState);
default:
ImmutableTree tree = lazyTree.get();
TreeType type = getType(tree, parentPermission);
AggregatedPermissionProvider[] pvds = new AggregatedPermissionProvider[parentPermission.childSize];
TreePermission[] tps = new TreePermission[parentPermission.childSize];
int cnt = 0;
for (int i = 0, j = 0; i < parentPermission.providers.length; i++) {
parent = parentPermission.treePermissions[i];
if (isValid(parent)) {
AggregatedPermissionProvider provider = parentPermission.providers[i];
TreePermission tp = provider.getTreePermission(tree, type, parent);
if (!isValid(tp)) {
cnt++;
}
tps[j] = tp;
pvds[j] = provider;
j++;
}
}
return new CompositeTreePermission(tree, type, parentPermission.typeProvider, pvds, tps, cnt);
}
}
Aggregations