Search in sources :

Example 1 with AggregatedPermissionProvider

use of org.apache.jackrabbit.oak.spi.security.authorization.permission.AggregatedPermissionProvider in project jackrabbit-oak by apache.

the class CompositePermissionProvider method hasPrivileges.

@Override
public boolean hasPrivileges(@Nullable Tree tree, @Nonnull String... privilegeNames) {
    Tree immutableTree = PermissionUtil.getImmutableTree(tree, immutableRoot);
    PrivilegeBits privilegeBits = privilegeBitsProvider.getBits(privilegeNames);
    if (privilegeBits.isEmpty()) {
        return true;
    }
    boolean hasPrivileges = false;
    PrivilegeBits coveredPrivs = PrivilegeBits.getInstance();
    for (AggregatedPermissionProvider aggregatedPermissionProvider : pps) {
        PrivilegeBits supported = aggregatedPermissionProvider.supportedPrivileges(immutableTree, privilegeBits);
        if (doEvaluate(supported)) {
            Set<String> supportedNames = privilegeBitsProvider.getPrivilegeNames(supported);
            hasPrivileges = aggregatedPermissionProvider.hasPrivileges(immutableTree, supportedNames.toArray(new String[supportedNames.size()]));
            coveredPrivs.add(supported);
            if (!hasPrivileges) {
                break;
            }
        }
    }
    return hasPrivileges && coveredPrivs.includes(privilegeBits);
}
Also used : AggregatedPermissionProvider(org.apache.jackrabbit.oak.spi.security.authorization.permission.AggregatedPermissionProvider) Tree(org.apache.jackrabbit.oak.api.Tree) ImmutableTree(org.apache.jackrabbit.oak.plugins.tree.impl.ImmutableTree) PrivilegeBits(org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeBits)

Example 2 with AggregatedPermissionProvider

use of org.apache.jackrabbit.oak.spi.security.authorization.permission.AggregatedPermissionProvider in project jackrabbit-oak by apache.

the class CompositePermissionProvider method isGranted.

@Override
public boolean isGranted(@Nonnull Tree parent, @Nullable PropertyState property, long permissions) {
    Tree immParent = PermissionUtil.getImmutableTree(parent, immutableRoot);
    boolean isGranted = false;
    long coveredPermissions = Permissions.NO_PERMISSION;
    for (AggregatedPermissionProvider aggregatedPermissionProvider : pps) {
        long supportedPermissions = aggregatedPermissionProvider.supportedPermissions(immParent, property, permissions);
        if (doEvaluate(supportedPermissions)) {
            isGranted = aggregatedPermissionProvider.isGranted(immParent, property, supportedPermissions);
            coveredPermissions |= supportedPermissions;
            if (!isGranted) {
                break;
            }
        }
    }
    return isGranted && coveredPermissions == permissions;
}
Also used : AggregatedPermissionProvider(org.apache.jackrabbit.oak.spi.security.authorization.permission.AggregatedPermissionProvider) Tree(org.apache.jackrabbit.oak.api.Tree) ImmutableTree(org.apache.jackrabbit.oak.plugins.tree.impl.ImmutableTree)

Example 3 with AggregatedPermissionProvider

use of org.apache.jackrabbit.oak.spi.security.authorization.permission.AggregatedPermissionProvider in project jackrabbit-oak by apache.

the class CompositePermissionProvider method getPrivileges.

@Nonnull
@Override
public Set<String> getPrivileges(@Nullable Tree tree) {
    Tree immutableTree = PermissionUtil.getImmutableTree(tree, immutableRoot);
    PrivilegeBits result = PrivilegeBits.getInstance();
    PrivilegeBits denied = PrivilegeBits.getInstance();
    for (AggregatedPermissionProvider aggregatedPermissionProvider : pps) {
        PrivilegeBits supported = aggregatedPermissionProvider.supportedPrivileges(immutableTree, null).modifiable();
        if (doEvaluate(supported)) {
            PrivilegeBits granted = privilegeBitsProvider.getBits(aggregatedPermissionProvider.getPrivileges(immutableTree));
            // add the granted privileges to the result
            if (!granted.isEmpty()) {
                result.add(granted);
            }
            // update the set of denied privs by comparing the granted privs
            // with the complete set of supported privileges
            denied.add(supported.diff(granted));
        }
    }
    // subtract all denied privileges from the result
    if (!denied.isEmpty()) {
        result.diff(denied);
    }
    return privilegeBitsProvider.getPrivilegeNames(result);
}
Also used : AggregatedPermissionProvider(org.apache.jackrabbit.oak.spi.security.authorization.permission.AggregatedPermissionProvider) Tree(org.apache.jackrabbit.oak.api.Tree) ImmutableTree(org.apache.jackrabbit.oak.plugins.tree.impl.ImmutableTree) PrivilegeBits(org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeBits) Nonnull(javax.annotation.Nonnull)

Example 4 with AggregatedPermissionProvider

use of org.apache.jackrabbit.oak.spi.security.authorization.permission.AggregatedPermissionProvider in project jackrabbit-oak by apache.

the class CompositePermissionProvider method isGranted.

@Override
public boolean isGranted(@Nonnull String oakPath, @Nonnull String jcrActions) {
    TreeLocation location = TreeLocation.create(immutableRoot, oakPath);
    boolean isAcContent = ctx.definesLocation(location);
    long permissions = Permissions.getPermissions(jcrActions, location, isAcContent);
    PropertyState property = location.getProperty();
    Tree tree = (property == null) ? location.getTree() : location.getParent().getTree();
    if (tree != null) {
        return isGranted(tree, property, permissions);
    } else {
        boolean isGranted = false;
        long coveredPermissions = Permissions.NO_PERMISSION;
        for (AggregatedPermissionProvider aggregatedPermissionProvider : pps) {
            long supportedPermissions = aggregatedPermissionProvider.supportedPermissions(location, permissions);
            if (doEvaluate(supportedPermissions)) {
                isGranted = aggregatedPermissionProvider.isGranted(location, supportedPermissions);
                coveredPermissions |= supportedPermissions;
                if (!isGranted) {
                    break;
                }
            }
        }
        return isGranted && coveredPermissions == permissions;
    }
}
Also used : AggregatedPermissionProvider(org.apache.jackrabbit.oak.spi.security.authorization.permission.AggregatedPermissionProvider) TreeLocation(org.apache.jackrabbit.oak.plugins.tree.TreeLocation) Tree(org.apache.jackrabbit.oak.api.Tree) ImmutableTree(org.apache.jackrabbit.oak.plugins.tree.impl.ImmutableTree) PropertyState(org.apache.jackrabbit.oak.api.PropertyState)

Example 5 with AggregatedPermissionProvider

use of org.apache.jackrabbit.oak.spi.security.authorization.permission.AggregatedPermissionProvider in project jackrabbit-oak by apache.

the class CompositeTreePermission method create.

private static TreePermission create(@Nonnull LazyTree lazyTree, @Nonnull String childName, @Nonnull NodeState childState, @Nonnull CompositeTreePermission parentPermission) {
    switch(parentPermission.childSize) {
        case 0:
            return TreePermission.EMPTY;
        case 1:
            TreePermission parent = null;
            for (TreePermission tp : parentPermission.treePermissions) {
                if (isValid(tp)) {
                    parent = tp;
                    break;
                }
            }
            return (parent == null) ? TreePermission.EMPTY : parent.getChildPermission(childName, childState);
        default:
            ImmutableTree tree = lazyTree.get();
            TreeType type = getType(tree, parentPermission);
            AggregatedPermissionProvider[] pvds = new AggregatedPermissionProvider[parentPermission.childSize];
            TreePermission[] tps = new TreePermission[parentPermission.childSize];
            int cnt = 0;
            for (int i = 0, j = 0; i < parentPermission.providers.length; i++) {
                parent = parentPermission.treePermissions[i];
                if (isValid(parent)) {
                    AggregatedPermissionProvider provider = parentPermission.providers[i];
                    TreePermission tp = provider.getTreePermission(tree, type, parent);
                    if (!isValid(tp)) {
                        cnt++;
                    }
                    tps[j] = tp;
                    pvds[j] = provider;
                    j++;
                }
            }
            return new CompositeTreePermission(tree, type, parentPermission.typeProvider, pvds, tps, cnt);
    }
}
Also used : TreeType(org.apache.jackrabbit.oak.plugins.tree.TreeType) AggregatedPermissionProvider(org.apache.jackrabbit.oak.spi.security.authorization.permission.AggregatedPermissionProvider) TreePermission(org.apache.jackrabbit.oak.spi.security.authorization.permission.TreePermission) ImmutableTree(org.apache.jackrabbit.oak.plugins.tree.impl.ImmutableTree)

Aggregations

AggregatedPermissionProvider (org.apache.jackrabbit.oak.spi.security.authorization.permission.AggregatedPermissionProvider)6 ImmutableTree (org.apache.jackrabbit.oak.plugins.tree.impl.ImmutableTree)5 Tree (org.apache.jackrabbit.oak.api.Tree)4 Nonnull (javax.annotation.Nonnull)2 PrivilegeBits (org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeBits)2 ArrayList (java.util.ArrayList)1 PropertyState (org.apache.jackrabbit.oak.api.PropertyState)1 TreeLocation (org.apache.jackrabbit.oak.plugins.tree.TreeLocation)1 TreeType (org.apache.jackrabbit.oak.plugins.tree.TreeType)1 AuthorizationConfiguration (org.apache.jackrabbit.oak.spi.security.authorization.AuthorizationConfiguration)1 EmptyPermissionProvider (org.apache.jackrabbit.oak.spi.security.authorization.permission.EmptyPermissionProvider)1 PermissionProvider (org.apache.jackrabbit.oak.spi.security.authorization.permission.PermissionProvider)1 TreePermission (org.apache.jackrabbit.oak.spi.security.authorization.permission.TreePermission)1