Package org.apache.jackrabbit.oak.security.privilege

Examples of org.apache.jackrabbit.oak.security.privilege.PrivilegeBits

187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
                return (ace != null) && ace.getPrincipal().equals(principal);
            }
        }));

        for (ACE existing : subList) {
            PrivilegeBits existingBits = getPrivilegeBits(existing);
            PrivilegeBits entryBits = getPrivilegeBits(entry);
            if (entry.getRestrictions().equals(existing.getRestrictions())) {
                if (entry.isAllow() == existing.isAllow()) {
                    if (existingBits.includes(entryBits)) {
                        // no changes
                        return false;
                    } else {
                        // merge existing and new ace
                        existingBits.add(entryBits);
                        int index = entries.indexOf(existing);
                        entries.remove(existing);
                        entries.add(index, createACE(existing, existingBits));
                        return true;
                    }
                } else {
                    // existing is complementary entry -> clean up redundant
                    // privileges defined by the existing entry
                    PrivilegeBits updated = PrivilegeBits.getInstance(existingBits).diff(entryBits);
                    if (updated.isEmpty()) {
                        // remove the existing entry as the new entry covers all privileges
                        entries.remove(existing);
                    } else if (!updated.includes(existingBits)) {
                        // replace the existing entry having it's privileges adjusted
                        int index = entries.indexOf(existing);
                        entries.remove(existing);
                        entries.add(index, createACE(existing, updated));
                    } /* else: no collision that requires adjusting the existing entry.*/
 
View Full Code Here
236
237
238
239
240
241
242
243
244
245
246
        }
        return privileges;
    }

    private PrivilegeBits getPrivilegeBits(ACE entry) {
        PrivilegeBits bits = PrivilegeBits.getInstance();
        for (Privilege privilege : entry.getPrivileges()) {
            bits.add(getPrivilegeBitsProvider().getBits(privilege.getName()));
        }
        return bits;
    }
View Full Code Here
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
                Permissions.includes(permissions, Permissions.MODIFY_CHILD_NODE_COLLECTION));

        long allows = (isReadable) ? Permissions.READ : Permissions.NO_PERMISSION;
        long denies = Permissions.NO_PERMISSION;

        PrivilegeBits allowBits = PrivilegeBits.getInstance();
        if (isReadable) {
            allowBits.add(bitsProvider.getBits(PrivilegeConstants.JCR_READ));
        }
        PrivilegeBits denyBits = PrivilegeBits.getInstance();
        PrivilegeBits parentAllowBits;
        PrivilegeBits parentDenyBits;

        Tree parent;
        String parentPath;

        if (respectParent) {
            parentAllowBits = PrivilegeBits.getInstance();
            parentDenyBits = PrivilegeBits.getInstance();
            parent = (tree != null) ? getParentOrNull(tree) : null;
            parentPath = (path != null) ? Strings.emptyToNull(Text.getRelativeParent(path, 1)) : null;
        } else {
            parentAllowBits = PrivilegeBits.EMPTY;
            parentDenyBits = PrivilegeBits.EMPTY;
            parent = null;
            parentPath = null;
        }

        while (entries.hasNext()) {
            PermissionEntry entry = entries.next();
            if (respectParent && (parent != null || parentPath != null)) {
                boolean matchesParent = (parent != null) ? entry.matches(parent, null) : entry.matches(parentPath);
                if (matchesParent) {
                    if (entry.isAllow) {
                        parentAllowBits.addDifference(entry.privilegeBits, parentDenyBits);
                    } else {
                        parentDenyBits.addDifference(entry.privilegeBits, parentAllowBits);
                    }
                }
            }

            if (entry.isAllow) {
View Full Code Here
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
    private PrivilegeBits getPrivilegeBits(@Nullable Tree tree) {
        Iterator<PermissionEntry> entries = (tree == null) ?
                repoEntries.values().iterator() :
                getEntryIterator(tree, null);

        PrivilegeBits allowBits = PrivilegeBits.getInstance();
        PrivilegeBits denyBits = PrivilegeBits.getInstance();

        while (entries.hasNext()) {
            PermissionEntry entry = entries.next();
            if (entry.isAllow) {
                allowBits.addDifference(entry.privilegeBits, denyBits);
            } else {
                denyBits.addDifference(entry.privilegeBits, allowBits);
            }
        }

        // special handling for paths that are always readable
        if (isReadablePath(tree, null)) {
View Full Code Here
229
230
231
232
233
234
235
236
237
238
239
        @Nonnull
        private PermissionEntry createPermissionEntry(String name, NodeState ace, Node acl) {
            Tree aceTree = getTree(name, ace);
            String accessControlledPath = getAccessControlledPath(acl);
            String principalName = checkNotNull(TreeUtil.getString(aceTree, REP_PRINCIPAL_NAME));
            PrivilegeBits privilegeBits = bitsProvider.getBits(TreeUtil.getStrings(aceTree, REP_PRIVILEGES));
            boolean isAllow = NT_REP_GRANT_ACE.equals(TreeUtil.getPrimaryTypeName(aceTree));

            return new PermissionEntry(accessControlledPath, getAceIndex(acl, name), principalName,
                    privilegeBits, isAllow, getRestrictions(accessControlledPath, aceTree));
        }
View Full Code Here
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
        setupPermission(principal, path, false, index, privilegeNames, restrictions);
    }

    private void setupPermission(Principal principal, String path, boolean isAllow,
                                 int index, String[] privilegeName, Set<Restriction> restrictions) throws CommitFailedException {
        PrivilegeBits pb = pbp.getBits(privilegeName);
        String name = ((isAllow) ? PREFIX_ALLOW : PREFIX_DENY) + "-" + Objects.hashCode(path, principal, index, pb, isAllow, restrictions);
        Tree principalRoot = root.getTree(PERMISSIONS_STORE_PATH + '/' + principal.getName());
        Tree entry = principalRoot.addChild(name);
        entry.setProperty(JCR_PRIMARYTYPE, NT_REP_PERMISSIONS);
        entry.setProperty(REP_ACCESS_CONTROLLED_PATH, path);
        entry.setProperty(REP_INDEX, index);
        entry.setProperty(pb.asPropertyState(REP_PRIVILEGE_BITS));
        for (Restriction restriction : restrictions) {
            entry.setProperty(restriction.getProperty());
        }
        root.commit();
    }
View Full Code Here
229
230
231
232
233
234
235
236
237
238
239
        @Nonnull
        private PermissionEntry createPermissionEntry(String name, NodeState ace, Node acl) {
            Tree aceTree = getTree(name, ace);
            String accessControlledPath = getAccessControlledPath(acl);
            String principalName = checkNotNull(TreeUtil.getString(aceTree, REP_PRINCIPAL_NAME));
            PrivilegeBits privilegeBits = bitsProvider.getBits(TreeUtil.getStrings(aceTree, REP_PRIVILEGES));
            boolean isAllow = NT_REP_GRANT_ACE.equals(TreeUtil.getPrimaryTypeName(aceTree));

            return new PermissionEntry(accessControlledPath, getAceIndex(acl, name), principalName,
                    privilegeBits, isAllow, getRestrictions(accessControlledPath, aceTree));
        }
View Full Code Here
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
        setupPermission(principal, path, false, index, privilegeNames, Collections.<Restriction>emptySet());
    }

    private void setupPermission(Principal principal, String path, boolean isAllow,
                                 int index, String[] privilegeName, Set<Restriction> restrictions) throws CommitFailedException {
        PrivilegeBits pb = pbp.getBits(privilegeName);
        String name = ((isAllow) ? PREFIX_ALLOW : PREFIX_DENY) + "-" + Objects.hashCode(path, principal, index, pb, isAllow, restrictions);
        Tree principalRoot = root.getTree(PERMISSIONS_STORE_PATH + '/' + principal.getName());
        Tree entry = principalRoot.addChild(name);
        entry.setProperty(JCR_PRIMARYTYPE, NT_REP_PERMISSIONS);
        entry.setProperty(REP_ACCESS_CONTROLLED_PATH, path);
        entry.setProperty(REP_INDEX, index);
        entry.setProperty(pb.asPropertyState(REP_PRIVILEGE_BITS));
        for (Restriction restriction : restrictions) {
            entry.setProperty(restriction.getProperty());
        }
        root.commit();
    }
View Full Code Here
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
            }
        }));

        for (JackrabbitAccessControlEntry ace : subList) {
            ACE existing = (ACE) ace;
            PrivilegeBits existingBits = getPrivilegeBits(existing);
            PrivilegeBits entryBits = getPrivilegeBits(entry);
            if (entry.getRestrictions().equals(existing.getRestrictions())) {
                if (isRedundantOrExtending(existing, entry)) {
                    if (existingBits.includes(entryBits)) {
                        return false;
                    } else {
                        // merge existing and new ace
                        existingBits.add(entryBits);
                        int index = entries.indexOf(existing);
                        entries.remove(existing);
                        entries.add(index, createACE(existing, existingBits));
                        return true;
                    }
                }

                // clean up redundant privileges defined by the existing entry
                // and append the new entry at the end of the list.
                PrivilegeBits updated = PrivilegeBits.getInstance(existingBits).diff(entryBits);
                if (updated.isEmpty()) {
                    // remove the existing entry as the new entry covers all privileges
                    entries.remove(ace);
                } else if (!updated.includes(existingBits)) {
                    // replace the existing entry having it's privileges adjusted
                    int index = entries.indexOf(existing);
                    entries.remove(ace);
                    entries.add(index, createACE(existing, updated));
                } /* else: no collision that requires adjusting the existing entry.*/
 
View Full Code Here
246
247
248
249
250
251
252
253
254
255
256
        }
        return privileges;
    }

    private PrivilegeBits getPrivilegeBits(ACE entry) {
        PrivilegeBits bits = PrivilegeBits.getInstance();
        for (Privilege privilege : entry.getPrivileges()) {
            bits.add(getPrivilegeBitsProvider().getBits(privilege.getName()));
        }
        return bits;
    }
View Full Code Here
TOP

Related Classes of org.apache.jackrabbit.oak.security.privilege.PrivilegeBits

  • org.apache.jackrabbit.oak.security.authorization.ACL
  • org.apache.jackrabbit.oak.security.authorization.permission.CompiledPermissionImpl
  • org.apache.jackrabbit.oak.security.authorization.permission.CompiledPermissionImplTest
  • org.apache.jackrabbit.oak.security.authorization.permission.PermissionHook$Diff
    • Copyright © 2018 www.massapicom. All rights reserved.
    All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.