Example 51 with TreePermission
use of org.apache.jackrabbit.oak.spi.security.authorization.permission.TreePermission in project jackrabbit-oak by apache.
the class AccessControlTest method testCombinedSetup.
@Test
public void testCombinedSetup() throws Exception {
AccessControlManager acMgr = getAccessControlManager(root);
JackrabbitAccessControlList acl = AccessControlUtils.getAccessControlList(acMgr, "/content");
acl.addAccessControlEntry(getTestGroupPrincipal(), AccessControlUtils.privilegesFromNames(acMgr, PrivilegeConstants.JCR_READ_ACCESS_CONTROL));
acMgr.setPolicy(acl.getPath(), acl);
root.commit();
PermissionProvider combined = getConfig(AuthorizationConfiguration.class).getPermissionProvider(root, root.getContentSession().getWorkspaceName(), ImmutableSet.of(getTestGroupPrincipal()));
for (String acPath : acPaths) {
boolean canReadAc = Text.isDescendantOrEqual("/content", acPath);
Tree acTree = root.getTree(acPath);
assertEquals(canReadAc, combined.hasPrivileges(acTree, PrivilegeConstants.JCR_READ_ACCESS_CONTROL));
assertEquals(canReadAc, combined.getPrivileges(acTree).contains(PrivilegeConstants.JCR_READ_ACCESS_CONTROL));
assertEquals(canReadAc, combined.isGranted(acPath, JackrabbitSession.ACTION_READ_ACCESS_CONTROL));
assertEquals(canReadAc, combined.isGranted(acTree, null, Permissions.READ_ACCESS_CONTROL));
Tree t = root.getTree("/");
TreePermission tp = combined.getTreePermission(t, TreePermission.EMPTY);
for (String name : PathUtils.elements(acPath)) {
t = t.getChild(name);
tp = combined.getTreePermission(t, tp);
}
assertEquals(canReadAc, tp.canRead());
assertEquals(canReadAc, tp.isGranted(Permissions.READ_ACCESS_CONTROL));
}
}
Also used :
AccessControlManager(javax.jcr.security.AccessControlManager)
AuthorizationConfiguration(org.apache.jackrabbit.oak.spi.security.authorization.AuthorizationConfiguration)
PermissionProvider(org.apache.jackrabbit.oak.spi.security.authorization.permission.PermissionProvider)
Tree(org.apache.jackrabbit.oak.api.Tree)
TreePermission(org.apache.jackrabbit.oak.spi.security.authorization.permission.TreePermission)
JackrabbitAccessControlList(org.apache.jackrabbit.api.security.JackrabbitAccessControlList)
Test(org.junit.Test)
Example 52 with TreePermission
use of org.apache.jackrabbit.oak.spi.security.authorization.permission.TreePermission in project jackrabbit-oak by apache.
the class AccessControlTest method testTreePermission.
@Test
public void testTreePermission() {
for (String acPath : acPaths) {
Tree t = root.getTree("/");
TreePermission tp = pp.getTreePermission(t, TreePermission.EMPTY);
for (String name : PathUtils.elements(acPath)) {
t = t.getChild(name);
tp = pp.getTreePermission(t, tp);
}
assertSame(TreePermission.NO_RECOURSE, tp);
assertEquals(Permissions.NO_PERMISSION, pp.supportedPermissions(tp, null, Permissions.READ));
}
}
Also used :
Tree(org.apache.jackrabbit.oak.api.Tree)
TreePermission(org.apache.jackrabbit.oak.spi.security.authorization.permission.TreePermission)
Test(org.junit.Test)
Example 53 with TreePermission
use of org.apache.jackrabbit.oak.spi.security.authorization.permission.TreePermission in project jackrabbit-oak by apache.
the class PermissionValidator method checkPermissions.
@CheckForNull
Validator checkPermissions(@Nonnull Tree tree, boolean isBefore, long defaultPermission) throws CommitFailedException {
long toTest = getPermission(tree, defaultPermission);
if (Permissions.isRepositoryPermission(toTest)) {
if (!permissionProvider.getRepositoryPermission().isGranted(toTest)) {
throw new CommitFailedException(ACCESS, 0, "Access denied");
}
// no need for further validation down the subtree
return null;
} else {
NodeState ns = getNodeState(tree);
if (ns == null) {
throw new CommitFailedException(ACCESS, 0, "Access denied");
}
TreePermission tp = parentPermission.getChildPermission(tree.getName(), ns);
if (!tp.isGranted(toTest)) {
throw new CommitFailedException(ACCESS, 0, "Access denied");
}
if (noTraverse(toTest, defaultPermission)) {
return null;
} else {
return (isBefore) ? nextValidator(tree, null, tp) : nextValidator(null, tree, tp);
}
}
}
Also used :
NodeState(org.apache.jackrabbit.oak.spi.state.NodeState)
TreePermission(org.apache.jackrabbit.oak.spi.security.authorization.permission.TreePermission)
CommitFailedException(org.apache.jackrabbit.oak.api.CommitFailedException)
CheckForNull(javax.annotation.CheckForNull)
Example 54 with TreePermission
use of org.apache.jackrabbit.oak.spi.security.authorization.permission.TreePermission in project jackrabbit-oak by apache.
the class CompositeTreePermission method canReadProperties.
@Override
public boolean canReadProperties() {
if (canReadProperties == null) {
boolean readable = false;
for (int i = 0; i < providers.length; i++) {
TreePermission tp = treePermissions[i];
long supported = providers[i].supportedPermissions(tp, null, Permissions.READ_PROPERTY);
if (doEvaluate(supported)) {
readable = tp.canReadProperties();
if (!readable) {
break;
}
}
}
canReadProperties = readable;
}
return canReadProperties;
}
Also used :
TreePermission(org.apache.jackrabbit.oak.spi.security.authorization.permission.TreePermission)
Example 55 with TreePermission
use of org.apache.jackrabbit.oak.spi.security.authorization.permission.TreePermission in project jackrabbit-oak by apache.
the class CompiledPermissionImpl method buildParentPermission.
@Nonnull
private TreePermission buildParentPermission(@Nonnull Tree tree) {
List<Tree> trees = new ArrayList<Tree>();
while (!tree.isRoot()) {
tree = tree.getParent();
trees.add(0, tree);
}
TreePermission pp = EMPTY;
TreeType type = TreeType.DEFAULT;
for (Tree tr : trees) {
type = typeProvider.getType(tr, type);
pp = new TreePermissionImpl(tr, type, pp);
}
return pp;
}
Also used :
TreeType(org.apache.jackrabbit.oak.plugins.tree.TreeType)
ArrayList(java.util.ArrayList)
Tree(org.apache.jackrabbit.oak.api.Tree)
ImmutableTree(org.apache.jackrabbit.oak.plugins.tree.impl.ImmutableTree)
TreePermission(org.apache.jackrabbit.oak.spi.security.authorization.permission.TreePermission)
Nonnull(javax.annotation.Nonnull)
Aggregations
TreePermission (org.apache.jackrabbit.oak.spi.security.authorization.permission.TreePermission)109
Test (org.junit.Test)94
Tree (org.apache.jackrabbit.oak.api.Tree)53
AbstractSecurityTest (org.apache.jackrabbit.oak.AbstractSecurityTest)41
ImmutableTree (org.apache.jackrabbit.oak.plugins.tree.impl.ImmutableTree)22
PermissionProvider (org.apache.jackrabbit.oak.spi.security.authorization.permission.PermissionProvider)11
NodeState (org.apache.jackrabbit.oak.spi.state.NodeState)10
AggregatedPermissionProvider (org.apache.jackrabbit.oak.spi.security.authorization.permission.AggregatedPermissionProvider)8
PropertyState (org.apache.jackrabbit.oak.api.PropertyState)6
Nonnull (javax.annotation.Nonnull)4
AccessControlManager (javax.jcr.security.AccessControlManager)4
Root (org.apache.jackrabbit.oak.api.Root)4
JackrabbitAccessControlList (org.apache.jackrabbit.api.security.JackrabbitAccessControlList)3
TreeType (org.apache.jackrabbit.oak.plugins.tree.TreeType)3
NodeUtil (org.apache.jackrabbit.oak.util.NodeUtil)3
Field (java.lang.reflect.Field)2
AuthorizationConfiguration (org.apache.jackrabbit.oak.spi.security.authorization.AuthorizationConfiguration)2
ArrayList (java.util.ArrayList)1
HashMap (java.util.HashMap)1
CheckForNull (javax.annotation.CheckForNull)1
