Examples with RestrictionDefinition org.apache.jackrabbit.oak.spi.security.authorization.restriction.RestrictionDefinition used on opensource projects

Example 1 with RestrictionDefinition

use of org.apache.jackrabbit.oak.spi.security.authorization.restriction.RestrictionDefinition in project jackrabbit-oak by apache.

the class PrincipalRestrictionProvider method getSupportedRestrictions.

@Nonnull
@Override
public Set<RestrictionDefinition> getSupportedRestrictions(@Nullable String oakPath) {
    Set<RestrictionDefinition> definitions = new HashSet<RestrictionDefinition>(base.getSupportedRestrictions(oakPath));
    definitions.add(new RestrictionDefinitionImpl(REP_NODE_PATH, Type.PATH, true));
    return definitions;
}

Example 2 with RestrictionDefinition

use of org.apache.jackrabbit.oak.spi.security.authorization.restriction.RestrictionDefinition in project jackrabbit-oak by apache.

the class AbstractRestrictionProviderTest method before.

@Before
@Override
public void before() throws Exception {
    super.before();
    valueFactory = new ValueFactoryImpl(root, namePathMapper);
    globValue = valueFactory.createValue("*");
    nameValue = valueFactory.createValue("nt:file", PropertyType.NAME);
    nameValues = new Value[] { valueFactory.createValue("nt:folder", PropertyType.NAME), valueFactory.createValue("nt:file", PropertyType.NAME) };
    RestrictionDefinition glob = new RestrictionDefinitionImpl(REP_GLOB, Type.STRING, false);
    RestrictionDefinition nts = new RestrictionDefinitionImpl(REP_NT_NAMES, Type.NAMES, false);
    RestrictionDefinition mand = new RestrictionDefinitionImpl("mandatory", Type.BOOLEAN, true);
    supported = ImmutableMap.of(glob.getName(), glob, nts.getName(), nts, mand.getName(), mand);
    restrictionProvider = new TestProvider(supported);
}

Example 3 with RestrictionDefinition

use of org.apache.jackrabbit.oak.spi.security.authorization.restriction.RestrictionDefinition in project sling by apache.

the class SlingRestrictionProviderImpl method supportedRestrictions.

private static Map<String, RestrictionDefinition> supportedRestrictions() {
    RestrictionDefinition slingResourceTypes = new RestrictionDefinitionImpl(SLING_RESOURCE_TYPES, Type.STRINGS, false);
    RestrictionDefinition slingResourceTypesWithChildren = new RestrictionDefinitionImpl(SLING_RESOURCE_TYPES_WITH_DESCENDANTS, Type.STRINGS, false);
    Map<String, RestrictionDefinition> supportedRestrictions = new HashMap<String, RestrictionDefinition>();
    supportedRestrictions.put(slingResourceTypes.getName(), slingResourceTypes);
    supportedRestrictions.put(slingResourceTypesWithChildren.getName(), slingResourceTypesWithChildren);
    return Collections.unmodifiableMap(supportedRestrictions);
}

Example 4 with RestrictionDefinition

use of org.apache.jackrabbit.oak.spi.security.authorization.restriction.RestrictionDefinition in project jackrabbit-oak by apache.

the class ACL method addEntry.

// ----------------------------------------< JackrabbitAccessControlList >---
@Override
public boolean addEntry(Principal principal, Privilege[] privileges, boolean isAllow, Map<String, Value> restrictions, Map<String, Value[]> mvRestrictions) throws RepositoryException {
    if (privileges == null || privileges.length == 0) {
        throw new AccessControlException("Privileges may not be null nor an empty array");
    }
    for (Privilege p : privileges) {
        Privilege pv = getPrivilegeManager().getPrivilege(p.getName());
        if (pv.isAbstract()) {
            throw new AccessControlException("Privilege " + p + " is abstract.");
        }
    }
    if (!checkValidPrincipal(principal)) {
        return false;
    }
    for (RestrictionDefinition def : getRestrictionProvider().getSupportedRestrictions(getOakPath())) {
        String jcrName = getNamePathMapper().getJcrName(def.getName());
        if (def.isMandatory() && (restrictions == null || !restrictions.containsKey(jcrName))) {
            throw new AccessControlException("Mandatory restriction " + jcrName + " is missing.");
        }
    }
    Set<Restriction> rs;
    if (restrictions == null && mvRestrictions == null) {
        rs = Collections.emptySet();
    } else {
        rs = new HashSet<Restriction>();
        if (restrictions != null) {
            for (String jcrName : restrictions.keySet()) {
                String oakName = getNamePathMapper().getOakName(jcrName);
                rs.add(getRestrictionProvider().createRestriction(getOakPath(), oakName, restrictions.get(oakName)));
            }
        }
        if (mvRestrictions != null) {
            for (String jcrName : mvRestrictions.keySet()) {
                String oakName = getNamePathMapper().getOakName(jcrName);
                rs.add(getRestrictionProvider().createRestriction(getOakPath(), oakName, mvRestrictions.get(oakName)));
            }
        }
    }
    ACE entry = createACE(principal, getPrivilegeBits(privileges), isAllow, rs);
    if (entries.contains(entry)) {
        log.debug("Entry is already contained in policy -> no modification.");
        return false;
    } else {
        return internalAddEntry(entry);
    }
}

Example 5 with RestrictionDefinition

use of org.apache.jackrabbit.oak.spi.security.authorization.restriction.RestrictionDefinition in project jackrabbit-oak by apache.

the class AbstractAccessControlListTest method testIsMultiValueRestriction.

@Test
public void testIsMultiValueRestriction() throws RepositoryException {
    AbstractAccessControlList acl = createEmptyACL();
    for (RestrictionDefinition def : getRestrictionProvider().getSupportedRestrictions(getTestPath())) {
        boolean isMv = acl.isMultiValueRestriction(getNamePathMapper().getJcrName(def.getName()));
        assertEquals(def.getRequiredType().isArray(), isMv);
    }
}