/** * Creates a mutable instance of privilege bits. * * @param base The base for this mutable instance. * @return a new instance of privilege bits. */ @NotNull public static PrivilegeBits getInstance(@NotNull PrivilegeBits... base) { PrivilegeBits bts = getInstance(); for (PrivilegeBits baseBits : base) { bts.add(baseBits); } return bts; }
@NotNull private PrivilegeBits getPrivilegeBits(@Nullable Tree tree) { EntryPredicate pred = (tree == null) ? new EntryPredicate() : new EntryPredicate(tree, null, false); Iterator<PermissionEntry> entries = getEntryIterator(pred); PrivilegeBits allowBits = PrivilegeBits.getInstance(); PrivilegeBits denyBits = PrivilegeBits.getInstance(); while (entries.hasNext()) { PermissionEntry entry = entries.next(); if (entry.isAllow) { allowBits.addDifference(entry.privilegeBits, denyBits); } else { denyBits.addDifference(entry.privilegeBits, allowBits); } } // special handling for paths that are always readable if (tree != null && readPolicy.isReadableTree(tree, false)) { allowBits.add(bitsProvider.getBits(PrivilegeConstants.JCR_READ)); } return allowBits; }
/** * Creates a mutable instance of privilege bits. * * @param base The base for this mutable instance. * @return a new instance of privilege bits. */ @Nonnull public static PrivilegeBits getInstance(@Nonnull PrivilegeBits... base) { PrivilegeBits bts = getInstance(); for (PrivilegeBits baseBits : base) { bts.add(baseBits); } return bts; }
@NotNull private PrivilegeBits getPrivilegeBits(@Nullable Tree tree) { EntryPredicate pred = (tree == null) ? new EntryPredicate() : new EntryPredicate(tree, null, false); Iterator<PermissionEntry> entries = getEntryIterator(pred); PrivilegeBits allowBits = PrivilegeBits.getInstance(); PrivilegeBits denyBits = PrivilegeBits.getInstance(); while (entries.hasNext()) { PermissionEntry entry = entries.next(); if (entry.isAllow) { allowBits.addDifference(entry.privilegeBits, denyBits); } else { denyBits.addDifference(entry.privilegeBits, allowBits); } } // special handling for paths that are always readable if (tree != null && readPolicy.isReadableTree(tree, false)) { allowBits.add(bitsProvider.getBits(PrivilegeConstants.JCR_READ)); } return allowBits; }
/** * Adds the other privilege bits to this instance. * * @param other The other privilege bits to be added. * @return The updated instance. * @throws UnsupportedOperationException if this instance is immutable. */ @Nonnull public PrivilegeBits add(@Nonnull PrivilegeBits other) { if (d instanceof ModifiableData) { ((ModifiableData) d).add(other.d); return this; } else { throw unsupported(); } }
@Nonnull private PrivilegeBits getPrivilegeBits(@Nullable Tree tree) { EntryPredicate pred = (tree == null) ? new EntryPredicate() : new EntryPredicate(tree, null, false); Iterator<PermissionEntry> entries = getEntryIterator(pred); PrivilegeBits allowBits = PrivilegeBits.getInstance(); PrivilegeBits denyBits = PrivilegeBits.getInstance(); while (entries.hasNext()) { PermissionEntry entry = entries.next(); if (entry.isAllow) { allowBits.addDifference(entry.privilegeBits, denyBits); } else { denyBits.addDifference(entry.privilegeBits, allowBits); } } // special handling for paths that are always readable if (tree != null && readPolicy.isReadableTree(tree, false)) { allowBits.add(bitsProvider.getBits(PrivilegeConstants.JCR_READ)); } return allowBits; }
/** * Adds the other privilege bits to this instance. * * @param other The other privilege bits to be added. * @return The updated instance. * @throws UnsupportedOperationException if this instance is immutable. */ @NotNull public PrivilegeBits add(@NotNull PrivilegeBits other) { if (d instanceof ModifiableData) { ((ModifiableData) d).add(other.d); return this; } else { throw unsupported(); } }
@NotNull @Override public PrivilegeBits supportedPrivileges(@Nullable Tree tree, @Nullable PrivilegeBits privilegeBits) { PrivilegeBits result = PrivilegeBits.getInstance(); for (AggregatedPermissionProvider aggregatedPermissionProvider : pps) { PrivilegeBits supported = aggregatedPermissionProvider.supportedPrivileges(tree, privilegeBits); result.add(supported); } return result; }
@NotNull @Override public PrivilegeBits supportedPrivileges(@Nullable Tree tree, @Nullable PrivilegeBits privilegeBits) { PrivilegeBits result = PrivilegeBits.getInstance(); for (AggregatedPermissionProvider aggregatedPermissionProvider : pps) { PrivilegeBits supported = aggregatedPermissionProvider.supportedPrivileges(tree, privilegeBits); result.add(supported); } return result; }
@Nonnull @Override public PrivilegeBits supportedPrivileges(@Nullable Tree tree, @Nullable PrivilegeBits privilegeBits) { PrivilegeBits result = PrivilegeBits.getInstance(); for (AggregatedPermissionProvider aggregatedPermissionProvider : pps) { PrivilegeBits supported = aggregatedPermissionProvider.supportedPrivileges(tree, privilegeBits); result.add(supported); } return result; }
@Test public void testGetInstanceFromBase() { PrivilegeBits pb = PrivilegeBits.getInstance(READ_NODES_PRIVILEGE_BITS); pb.add(PrivilegeBits.BUILT_IN.get(PrivilegeConstants.JCR_READ_ACCESS_CONTROL)); pb.add(PrivilegeBits.BUILT_IN.get(PrivilegeConstants.JCR_NODE_TYPE_MANAGEMENT)); PrivilegeBits pb2 = PrivilegeBits.getInstance(READ_NODES_PRIVILEGE_BITS, PrivilegeBits.BUILT_IN.get(PrivilegeConstants.JCR_READ_ACCESS_CONTROL), PrivilegeBits.BUILT_IN.get(PrivilegeConstants.JCR_NODE_TYPE_MANAGEMENT)); assertEquivalent(pb, pb2); }
private static PrivilegeBits toBits(Set<String> supported, PrivilegeBitsProvider pbp) { PrivilegeBits suppBits = PrivilegeBits.getInstance(); for (String s : supported) { suppBits.add(pbp.getBits(s)); } return suppBits; }
ACE createEntry(boolean isAllow, String... privilegeName) throws RepositoryException { if (privilegeName.length == 1) { return createEntry(testPrincipal, PrivilegeBits.BUILT_IN.get(privilegeName[0]), isAllow); } else { PrivilegeBits bits = PrivilegeBits.getInstance(); for (String n : privilegeName) { bits.add(PrivilegeBits.BUILT_IN.get(n)); } return createEntry(testPrincipal, bits.unmodifiable(), isAllow); } }
@Nonnull @Override public Set<String> getPrivileges(@Nullable Tree tree) { Tree immutableTree = PermissionUtil.getImmutableTree(tree, immutableRoot); PrivilegeBits result = PrivilegeBits.getInstance(); PrivilegeBits denied = PrivilegeBits.getInstance(); for (AggregatedPermissionProvider aggregatedPermissionProvider : pps) { PrivilegeBits supported = aggregatedPermissionProvider.supportedPrivileges(immutableTree, null).modifiable(); if (doEvaluate(supported)) { PrivilegeBits granted = privilegeBitsProvider.getBits(aggregatedPermissionProvider.getPrivileges(immutableTree)); // add the granted privileges to the result if (!granted.isEmpty()) { result.add(granted); } if (compositionType == AND) { // update the set of denied privs by comparing the granted privs // with the complete set of supported privileges denied.add(supported.diff(granted)); } } } // subtract all denied privileges from the result if (!denied.isEmpty()) { result.diff(denied); } return privilegeBitsProvider.getPrivilegeNames(result); }
@Test public void testGetBitsBuiltInIterable() { PrivilegeBits bits = bitsProvider.getBits(ImmutableList.of(JCR_ADD_CHILD_NODES, JCR_REMOVE_CHILD_NODES)); assertFalse(bits.isEmpty()); PrivilegeBits mod = PrivilegeBits.getInstance(bitsProvider.getBits(JCR_ADD_CHILD_NODES)).add(bitsProvider.getBits(JCR_REMOVE_CHILD_NODES)); assertEquals(bits, mod.unmodifiable()); }
@Test public void testAllAggregation() throws Exception { PrivilegeBits all = bitsProvider.getBits(JCR_ALL); PrivilegeManager pMgr = getSecurityProvider().getConfiguration(PrivilegeConfiguration.class).getPrivilegeManager(root, NamePathMapper.DEFAULT); Iterable<Privilege> declaredAggr = Arrays.asList(pMgr.getPrivilege(JCR_ALL).getDeclaredAggregatePrivileges()); String[] allAggregates = Iterables.toArray(Iterables.transform( declaredAggr, new Function<Privilege, String>() { @Override public String apply(@Nullable Privilege privilege) { return checkNotNull(privilege).getName(); } }), String.class); PrivilegeBits all2 = bitsProvider.getBits(allAggregates); assertEquals(all, all2); assertEquals(Collections.singleton(JCR_ALL), bitsProvider.getPrivilegeNames(all2)); PrivilegeBits bits = PrivilegeBits.getInstance(); for (String name : allAggregates) { bits.add(bitsProvider.getBits(name)); } assertEquals(all, bits.unmodifiable()); } }
@Test public void testGetBitsBuiltInNames() { PrivilegeBits bits = bitsProvider.getBits(JCR_ADD_CHILD_NODES, JCR_REMOVE_CHILD_NODES); assertFalse(bits.isEmpty()); PrivilegeBits mod = PrivilegeBits.getInstance(bitsProvider.getBits(JCR_ADD_CHILD_NODES)).add(bitsProvider.getBits(JCR_REMOVE_CHILD_NODES)); assertEquals(bits, mod.unmodifiable()); }
@Test public void testUnmodifiable() { assertSame(PrivilegeBits.EMPTY, PrivilegeBits.EMPTY.unmodifiable()); // other privilege bits PrivilegeBits pb = READ_NODES_PRIVILEGE_BITS; PrivilegeBits mod = PrivilegeBits.getInstance(pb); for (int i = 0; i < 100; i++) { PrivilegeBits nxt = pb.nextBits(); assertSame(nxt, nxt.unmodifiable()); assertEquals(nxt, nxt.unmodifiable()); mod.add(nxt); assertNotSame(mod, mod.unmodifiable()); pb = nxt; } }
@Test public void testIsEmpty() { // empty assertTrue(PrivilegeBits.EMPTY.isEmpty()); // any other bits should not be empty PrivilegeBits pb = READ_NODES_PRIVILEGE_BITS; PrivilegeBits mod = PrivilegeBits.getInstance(pb); for (int i = 0; i < 100; i++) { assertFalse(pb.isEmpty()); assertFalse(PrivilegeBits.getInstance(pb).isEmpty()); pb = pb.nextBits(); mod.add(pb); assertFalse(mod.isEmpty()); PrivilegeBits tmp = PrivilegeBits.getInstance(pb); tmp.diff(pb); assertTrue(tmp.toString(), tmp.isEmpty()); } }
@Test public void testIncludes() { // empty assertTrue(PrivilegeBits.EMPTY.includes(PrivilegeBits.EMPTY)); // other privilege bits PrivilegeBits pb = READ_NODES_PRIVILEGE_BITS; PrivilegeBits mod = PrivilegeBits.getInstance(); for (int i = 0; i < 100; i++) { assertFalse(PrivilegeBits.EMPTY.includes(pb)); assertTrue(pb.includes(PrivilegeBits.EMPTY)); mod.add(pb); assertTrue(mod.includes(pb)); PrivilegeBits nxt = pb.nextBits(); assertTrue(nxt.includes(nxt)); assertTrue(nxt.includes(PrivilegeBits.getInstance(nxt))); assertFalse(pb + " should not include " + nxt, pb.includes(nxt)); assertFalse(nxt + " should not include " + pb, nxt.includes(pb)); assertFalse(mod.includes(nxt)); assertFalse(nxt.includes(mod)); pb = nxt; } }