Examples of PrivilegeBits

org.apache.jackrabbit.core.security.authorization.PrivilegeBits
PrivilegeBits
org.apache.jackrabbit.oak.security.privilege.PrivilegeBits
{@code PrivilegeBits} TODO
org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeBits
Internal representation of JCR privileges.

Examples of org.apache.jackrabbit.core.security.authorization.PrivilegeBits

        without taking the given target name or target item into account.
        */
        int allows = Permission.NONE;
        int denies = Permission.NONE;


        PrivilegeBits allowBits = PrivilegeBits.getInstance();
        PrivilegeBits denyBits = PrivilegeBits.getInstance();
        PrivilegeBits parentAllowBits = PrivilegeBits.getInstance();
        PrivilegeBits parentDenyBits = PrivilegeBits.getInstance();


        String parentPath = Text.getRelativeParent(filter.getPath(), 1);
        NodeId nodeId = (node == null) ? null : node.getNodeId();


        while (entries.hasNext()) {
            Entry ace = entries.next();
            /*
            Determine if the ACE also takes effect on the parent:
            Some permissions (e.g. add-node or removal) must be determined
            from privileges defined for the parent.
            A 'local' entry defined on the target node never effects the
            parent. For inherited ACEs determine if the ACE matches the
            parent path.
            */
            PrivilegeBits entryBits = ace.getPrivilegeBits();
            boolean isLocal = isExistingNode && ace.isLocal(nodeId);
            boolean matchesParent = (!isLocal && ace.matches(parentPath));
            if (matchesParent) {
                if (ace.isAllow()) {
                    parentAllowBits.addDifference(entryBits, parentDenyBits);

View Full Code Here

Examples of org.apache.jackrabbit.core.security.authorization.PrivilegeBits


                        // remove the existing entry and create a new one that
                        // includes both the new privileges and the existing ones.
                        entries.remove(e);


                        PrivilegeBits mergedBits = PrivilegeBits.getInstance(e.getPrivilegeBits());
                        mergedBits.add(entry.getPrivilegeBits());
                        
                        // omit validation check.
                        entry = new Entry(entry, mergedBits, entry.isAllow());
                    } else {
                        complementEntry = e;
                    }
                }
            }


            // make sure, that the complement entry (if existing) does not
            // grant/deny the same privileges -> remove privileges that are now
            // denied/granted.
            if (complementEntry != null) {


                PrivilegeBits complPrivs = complementEntry.getPrivilegeBits();
                PrivilegeBits diff = PrivilegeBits.getInstance(complPrivs);
                diff.diff(entry.getPrivilegeBits());
                
                if (diff.isEmpty()) {
                    // remove the complement entry as the new entry covers
                    // all privileges granted by the existing entry.
                    entries.remove(complementEntry);
                    updateIndex--;


                } else if (!diff.equals(complPrivs)) {
                    // replace the existing entry having the privileges adjusted
                    int index = entries.indexOf(complementEntry);
                    entries.remove(complementEntry);


                    // combine set of new builtin and custom privileges

View Full Code Here

Examples of org.apache.jackrabbit.core.security.authorization.PrivilegeBits

        without taking the given target name or target item into account.
        */
        int allows = Permission.NONE;
        int denies = Permission.NONE;


        PrivilegeBits allowBits = PrivilegeBits.getInstance();
        PrivilegeBits denyBits = PrivilegeBits.getInstance();
        PrivilegeBits parentAllowBits = PrivilegeBits.getInstance();
        PrivilegeBits parentDenyBits = PrivilegeBits.getInstance();


        String parentPath = Text.getRelativeParent(filter.getPath(), 1);
        NodeId nodeId = (node == null) ? null : node.getNodeId();


        while (entries.hasNext()) {
            ACLTemplate.Entry ace = (ACLTemplate.Entry) entries.next();
            /*
            Determine if the ACE also takes effect on the parent:
            Some permissions (e.g. add-node or removal) must be determined
            from privileges defined for the parent.
            A 'local' entry defined on the target node never effects the
            parent. For inherited ACEs determine if the ACE matches the
            parent path.
            */
            PrivilegeBits entryBits = ace.getPrivilegeBits();
            boolean isLocal = isExistingNode && ace.isLocal(nodeId);
            boolean matchesParent = (!isLocal && ace.matches(parentPath));
            if (matchesParent) {
                if (ace.isAllow()) {
                    parentAllowBits.addDifference(entryBits, parentDenyBits);

View Full Code Here

Examples of org.apache.jackrabbit.core.security.authorization.PrivilegeBits


                        // remove the existing entry and create a new one that
                        // includes both the new privileges and the existing ones.
                        entries.remove(e);


                        PrivilegeBits mergedBits = PrivilegeBits.getInstance(e.getPrivilegeBits());
                        mergedBits.add(entry.getPrivilegeBits());
                        
                        // omit validation check.
                        entry = new Entry(entry, mergedBits, entry.isAllow());
                    } else {
                        complementEntry = e;
                    }
                }
            }


            // make sure, that the complement entry (if existing) does not
            // grant/deny the same privileges -> remove privileges that are now
            // denied/granted.
            if (complementEntry != null) {


                PrivilegeBits complPrivs = complementEntry.getPrivilegeBits();
                PrivilegeBits diff = PrivilegeBits.getInstance(complPrivs);
                diff.diff(entry.getPrivilegeBits());
                
                if (diff.isEmpty()) {
                    // remove the complement entry as the new entry covers
                    // all privileges granted by the existing entry.
                    entries.remove(complementEntry);
                    updateIndex--;


                } else if (!diff.equals(complPrivs)) {
                    // replace the existing entry having the privileges adjusted
                    int index = entries.indexOf(complementEntry);
                    entries.remove(complementEntry);


                    // combine set of new builtin and custom privileges

View Full Code Here

Examples of org.apache.jackrabbit.core.security.authorization.PrivilegeBits

        private Result buildResult(String targetPath,
                                   boolean isAcItem) throws RepositoryException {
            int allows = Permission.NONE;
            int denies = Permission.NONE;


            PrivilegeBits allowBits = PrivilegeBits.getInstance();
            PrivilegeBits denyBits = PrivilegeBits.getInstance();
            PrivilegeBits parentAllowBits = PrivilegeBits.getInstance();
            PrivilegeBits parentDenyBits = PrivilegeBits.getInstance();


            String parentPath = Text.getRelativeParent(targetPath, 1);
            for (AccessControlEntry entry : entries) {
                if (!(entry instanceof ACLTemplate.Entry)) {
                    log.warn("Unexpected AccessControlEntry instance -> ignore");
                    continue;
                }
                ACLTemplate.Entry entr = (ACLTemplate.Entry) entry;
                PrivilegeBits privs = entr.getPrivilegeBits();


                if (!"".equals(parentPath) && entr.matches(parentPath)) {
                    if (entr.isAllow()) {
                        parentAllowBits.addDifference(privs, parentDenyBits);
                    } else {

View Full Code Here

Examples of org.apache.jackrabbit.oak.security.privilege.PrivilegeBits

                return (ace != null) && ace.getPrincipal().equals(principal);
            }
        }));


        for (ACE existing : subList) {
            PrivilegeBits existingBits = getPrivilegeBits(existing);
            PrivilegeBits entryBits = getPrivilegeBits(entry);
            if (entry.getRestrictions().equals(existing.getRestrictions())) {
                if (entry.isAllow() == existing.isAllow()) {
                    if (existingBits.includes(entryBits)) {
                        // no changes
                        return false;
                    } else {
                        // merge existing and new ace
                        existingBits.add(entryBits);
                        int index = entries.indexOf(existing);
                        entries.remove(existing);
                        entries.add(index, createACE(existing, existingBits));
                        return true;
                    }
                } else {
                    // existing is complementary entry -> clean up redundant
                    // privileges defined by the existing entry
                    PrivilegeBits updated = PrivilegeBits.getInstance(existingBits).diff(entryBits);
                    if (updated.isEmpty()) {
                        // remove the existing entry as the new entry covers all privileges
                        entries.remove(existing);
                    } else if (!updated.includes(existingBits)) {
                        // replace the existing entry having it's privileges adjusted
                        int index = entries.indexOf(existing);
                        entries.remove(existing);
                        entries.add(index, createACE(existing, updated));
                    } /* else: no collision that requires adjusting the existing entry.*/

View Full Code Here

Examples of org.apache.jackrabbit.oak.security.privilege.PrivilegeBits

        }
        return privileges;
    }


    private PrivilegeBits getPrivilegeBits(ACE entry) {
        PrivilegeBits bits = PrivilegeBits.getInstance();
        for (Privilege privilege : entry.getPrivileges()) {
            bits.add(getPrivilegeBitsProvider().getBits(privilege.getName()));
        }
        return bits;
    }

View Full Code Here

Examples of org.apache.jackrabbit.oak.security.privilege.PrivilegeBits

                Permissions.includes(permissions, Permissions.MODIFY_CHILD_NODE_COLLECTION));


        long allows = (isReadable) ? Permissions.READ : Permissions.NO_PERMISSION;
        long denies = Permissions.NO_PERMISSION;


        PrivilegeBits allowBits = PrivilegeBits.getInstance();
        if (isReadable) {
            allowBits.add(bitsProvider.getBits(PrivilegeConstants.JCR_READ));
        }
        PrivilegeBits denyBits = PrivilegeBits.getInstance();
        PrivilegeBits parentAllowBits;
        PrivilegeBits parentDenyBits;


        Tree parent;
        String parentPath;


        if (respectParent) {
            parentAllowBits = PrivilegeBits.getInstance();
            parentDenyBits = PrivilegeBits.getInstance();
            parent = (tree != null) ? getParentOrNull(tree) : null;
            parentPath = (path != null) ? Strings.emptyToNull(Text.getRelativeParent(path, 1)) : null;
        } else {
            parentAllowBits = PrivilegeBits.EMPTY;
            parentDenyBits = PrivilegeBits.EMPTY;
            parent = null;
            parentPath = null;
        }


        while (entries.hasNext()) {
            PermissionEntry entry = entries.next();
            if (respectParent && (parent != null || parentPath != null)) {
                boolean matchesParent = (parent != null) ? entry.matches(parent, null) : entry.matches(parentPath);
                if (matchesParent) {
                    if (entry.isAllow) {
                        parentAllowBits.addDifference(entry.privilegeBits, parentDenyBits);
                    } else {
                        parentDenyBits.addDifference(entry.privilegeBits, parentAllowBits);
                    }
                }
            }


            if (entry.isAllow) {

View Full Code Here

Examples of org.apache.jackrabbit.oak.security.privilege.PrivilegeBits

    private PrivilegeBits getPrivilegeBits(@Nullable Tree tree) {
        Iterator<PermissionEntry> entries = (tree == null) ?
                repoEntries.values().iterator() :
                getEntryIterator(tree, null);


        PrivilegeBits allowBits = PrivilegeBits.getInstance();
        PrivilegeBits denyBits = PrivilegeBits.getInstance();


        while (entries.hasNext()) {
            PermissionEntry entry = entries.next();
            if (entry.isAllow) {
                allowBits.addDifference(entry.privilegeBits, denyBits);
            } else {
                denyBits.addDifference(entry.privilegeBits, allowBits);
            }
        }


        // special handling for paths that are always readable
        if (isReadablePath(tree, null)) {

View Full Code Here

Examples of org.apache.jackrabbit.oak.security.privilege.PrivilegeBits

        @Nonnull
        private PermissionEntry createPermissionEntry(String name, NodeState ace, Node acl) {
            Tree aceTree = getTree(name, ace);
            String accessControlledPath = getAccessControlledPath(acl);
            String principalName = checkNotNull(TreeUtil.getString(aceTree, REP_PRINCIPAL_NAME));
            PrivilegeBits privilegeBits = bitsProvider.getBits(TreeUtil.getStrings(aceTree, REP_PRIVILEGES));
            boolean isAllow = NT_REP_GRANT_ACE.equals(TreeUtil.getPrimaryTypeName(aceTree));


            return new PermissionEntry(accessControlledPath, getAceIndex(acl, name), principalName,
                    privilegeBits, isAllow, getRestrictions(accessControlledPath, aceTree));
        }

View Full Code Here

0 1 2 3 4 5

TOP

All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.