Search in sources :

Example 41 with PermissionProvider

use of org.apache.jackrabbit.oak.spi.security.authorization.permission.PermissionProvider in project jackrabbit-oak by apache.

the class CugEvaluationTest method testIsGrantedTestGroupEveryone.

@Test
public void testIsGrantedTestGroupEveryone() throws Exception {
    // testGroup + everyone
    PermissionProvider pp = createPermissionProvider(testGroupPrincipal, EveryonePrincipal.getInstance());
    assertTrue(pp.isGranted(content, null, Permissions.READ));
    assertTrue(pp.isGranted(a, null, Permissions.READ));
    assertTrue(pp.isGranted(c, null, Permissions.READ));
    assertTrue(pp.isGranted(content, null, Permissions.READ_ACCESS_CONTROL));
    assertTrue(pp.isGranted(a, null, Permissions.READ_ACCESS_CONTROL));
    assertTrue(pp.isGranted(c, null, Permissions.READ_ACCESS_CONTROL));
}
Also used : PermissionProvider(org.apache.jackrabbit.oak.spi.security.authorization.permission.PermissionProvider) Test(org.junit.Test)

Example 42 with PermissionProvider

use of org.apache.jackrabbit.oak.spi.security.authorization.permission.PermissionProvider in project jackrabbit-oak by apache.

the class CugEvaluationTest method testGetPrivilegesTestUserEveryone.

@Test
public void testGetPrivilegesTestUserEveryone() throws Exception {
    // testUser + everyone
    PermissionProvider pp = createPermissionProvider(getTestUser().getPrincipal(), EveryonePrincipal.getInstance());
    Set<String> r = ImmutableSet.of(PrivilegeConstants.JCR_READ);
    assertEquals(r, pp.getPrivileges(content));
    assertEquals(r, pp.getPrivileges(c));
    assertTrue(pp.getPrivileges(a).isEmpty());
    assertTrue(pp.getPrivileges(content2).isEmpty());
}
Also used : PermissionProvider(org.apache.jackrabbit.oak.spi.security.authorization.permission.PermissionProvider) Test(org.junit.Test)

Example 43 with PermissionProvider

use of org.apache.jackrabbit.oak.spi.security.authorization.permission.PermissionProvider in project jackrabbit-oak by apache.

the class CugEvaluationTest method testGetPrivilegesEveryone.

@Test
public void testGetPrivilegesEveryone() throws Exception {
    // everyone
    PermissionProvider pp = createPermissionProvider(EveryonePrincipal.getInstance());
    assertTrue(pp.getPrivileges(content).isEmpty());
    assertTrue(pp.getPrivileges(content2).isEmpty());
    assertTrue(pp.getPrivileges(a).isEmpty());
    assertTrue(pp.getPrivileges(c).isEmpty());
}
Also used : PermissionProvider(org.apache.jackrabbit.oak.spi.security.authorization.permission.PermissionProvider) Test(org.junit.Test)

Example 44 with PermissionProvider

use of org.apache.jackrabbit.oak.spi.security.authorization.permission.PermissionProvider in project jackrabbit-oak by apache.

the class CompositeAuthorizationConfiguration method getPermissionProvider.

@Nonnull
@Override
public PermissionProvider getPermissionProvider(@Nonnull final Root root, @Nonnull final String workspaceName, @Nonnull final Set<Principal> principals) {
    List<AuthorizationConfiguration> configurations = getConfigurations();
    switch(configurations.size()) {
        case 0:
            throw new IllegalStateException();
        case 1:
            return configurations.get(0).getPermissionProvider(root, workspaceName, principals);
        default:
            List<AggregatedPermissionProvider> aggrPermissionProviders = new ArrayList(configurations.size());
            for (AuthorizationConfiguration conf : configurations) {
                PermissionProvider pProvider = conf.getPermissionProvider(root, workspaceName, principals);
                if (pProvider instanceof AggregatedPermissionProvider) {
                    aggrPermissionProviders.add((AggregatedPermissionProvider) pProvider);
                } else {
                    log.debug("Ignoring permission provider of '{}': Not an AggregatedPermissionProvider", conf.getClass().getName());
                }
            }
            PermissionProvider pp;
            switch(aggrPermissionProviders.size()) {
                case 0:
                    pp = EmptyPermissionProvider.getInstance();
                    break;
                case 1:
                    pp = aggrPermissionProviders.get(0);
                    break;
                default:
                    pp = new CompositePermissionProvider(root, aggrPermissionProviders, getContext());
            }
            return pp;
    }
}
Also used : AuthorizationConfiguration(org.apache.jackrabbit.oak.spi.security.authorization.AuthorizationConfiguration) AggregatedPermissionProvider(org.apache.jackrabbit.oak.spi.security.authorization.permission.AggregatedPermissionProvider) ArrayList(java.util.ArrayList) EmptyPermissionProvider(org.apache.jackrabbit.oak.spi.security.authorization.permission.EmptyPermissionProvider) PermissionProvider(org.apache.jackrabbit.oak.spi.security.authorization.permission.PermissionProvider) AggregatedPermissionProvider(org.apache.jackrabbit.oak.spi.security.authorization.permission.AggregatedPermissionProvider) Nonnull(javax.annotation.Nonnull)

Example 45 with PermissionProvider

use of org.apache.jackrabbit.oak.spi.security.authorization.permission.PermissionProvider in project jackrabbit-oak by apache.

the class CompositePermissionProvider method refresh.

//-------------------------------------------------< PermissionProvider >---
@Override
public void refresh() {
    immutableRoot = RootFactory.createReadOnlyRoot(root);
    privilegeBitsProvider = new PrivilegeBitsProvider(immutableRoot);
    for (PermissionProvider pp : pps) {
        pp.refresh();
    }
}
Also used : PrivilegeBitsProvider(org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeBitsProvider) PermissionProvider(org.apache.jackrabbit.oak.spi.security.authorization.permission.PermissionProvider) AggregatedPermissionProvider(org.apache.jackrabbit.oak.spi.security.authorization.permission.AggregatedPermissionProvider)

Aggregations

PermissionProvider (org.apache.jackrabbit.oak.spi.security.authorization.permission.PermissionProvider)70 Test (org.junit.Test)65 AbstractSecurityTest (org.apache.jackrabbit.oak.AbstractSecurityTest)44 Tree (org.apache.jackrabbit.oak.api.Tree)21 AggregatedPermissionProvider (org.apache.jackrabbit.oak.spi.security.authorization.permission.AggregatedPermissionProvider)18 ContentSession (org.apache.jackrabbit.oak.api.ContentSession)15 Root (org.apache.jackrabbit.oak.api.Root)12 EmptyPermissionProvider (org.apache.jackrabbit.oak.spi.security.authorization.permission.EmptyPermissionProvider)11 TreePermission (org.apache.jackrabbit.oak.spi.security.authorization.permission.TreePermission)11 ImmutableTree (org.apache.jackrabbit.oak.plugins.tree.impl.ImmutableTree)8 PropertyState (org.apache.jackrabbit.oak.api.PropertyState)6 AccessControlManager (javax.jcr.security.AccessControlManager)4 CommitFailedException (org.apache.jackrabbit.oak.api.CommitFailedException)4 AuthorizationConfiguration (org.apache.jackrabbit.oak.spi.security.authorization.AuthorizationConfiguration)4 Principal (java.security.Principal)3 Nonnull (javax.annotation.Nonnull)3 AuthorizationConfigurationImpl (org.apache.jackrabbit.oak.security.authorization.AuthorizationConfigurationImpl)3 ConfigurationParameters (org.apache.jackrabbit.oak.spi.security.ConfigurationParameters)3 OpenAuthorizationConfiguration (org.apache.jackrabbit.oak.spi.security.authorization.OpenAuthorizationConfiguration)3 AccessControlList (javax.jcr.security.AccessControlList)2