trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionValidatorProvider.java - jackrabbit-oak - Git at Google

 /*
  * Licensed to the Apache Software Foundation (ASF) under one or more
  * contributor license agreements.  See the NOTICE file distributed with
  * this work for additional information regarding copyright ownership.
  * The ASF licenses this file to You under the Apache License, Version 2.0
  * (the "License"); you may not use this file except in compliance with
  * the License.  You may obtain a copy of the License at
  *
  *      http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
 package org.apache.jackrabbit.oak.security.authorization.permission;

 import java.security.Principal;
 import java.util.Set;
 import org.apache.jackrabbit.oak.api.Root;
 import org.apache.jackrabbit.oak.api.Tree;
 import org.apache.jackrabbit.oak.plugins.tree.TreeProvider;
 import org.apache.jackrabbit.oak.security.authorization.ProviderCtx;
 import org.apache.jackrabbit.oak.spi.commit.CommitInfo;
 import org.apache.jackrabbit.oak.spi.commit.MoveTracker;
 import org.apache.jackrabbit.oak.spi.commit.Validator;
 import org.apache.jackrabbit.oak.spi.commit.ValidatorProvider;
 import org.apache.jackrabbit.oak.spi.security.ConfigurationParameters;
 import org.apache.jackrabbit.oak.spi.security.Context;
 import org.apache.jackrabbit.oak.spi.security.authorization.AuthorizationConfiguration;
 import org.apache.jackrabbit.oak.spi.security.authorization.permission.PermissionConstants;
 import org.apache.jackrabbit.oak.spi.security.authorization.permission.PermissionProvider;
 import org.apache.jackrabbit.oak.spi.security.authorization.permission.Permissions;
 import org.apache.jackrabbit.oak.spi.security.user.UserConfiguration;
 import org.apache.jackrabbit.oak.spi.state.NodeState;
 import org.jetbrains.annotations.NotNull;

 /**
  * {@code ValidatorProvider} implementation for permission evaluation associated
  * with write operations.
  */
 public class PermissionValidatorProvider extends ValidatorProvider {

     private final AuthorizationConfiguration acConfig;
     private final long jr2Permissions;

     private final String workspaceName;
     private final Set<Principal> principals;
     private final MoveTracker moveTracker;

     private final ProviderCtx providerCtx;

     private Context acCtx;
     private Context userCtx;

     public PermissionValidatorProvider(@NotNull String workspaceName,
                                        @NotNull Set<Principal> principals, @NotNull MoveTracker moveTracker,
                                        @NotNull ProviderCtx providerCtx) {
         this.acConfig = providerCtx.getSecurityProvider().getConfiguration(AuthorizationConfiguration.class);

         ConfigurationParameters params = acConfig.getParameters();
         String compatValue = params.getConfigValue(PermissionConstants.PARAM_PERMISSIONS_JR2, null, String.class);
         jr2Permissions = Permissions.getPermissions(compatValue);

         this.workspaceName = workspaceName;
         this.principals = principals;
         this.moveTracker = moveTracker;

         this.providerCtx = providerCtx;
     }

     //--------------------------------------------------< ValidatorProvider >---

     @Override @NotNull
     public Validator getRootValidator(
             NodeState before, NodeState after, CommitInfo info) {
         PermissionProvider pp = acConfig.getPermissionProvider(createReadOnlyRoot(before), workspaceName, principals);
         if (moveTracker.isEmpty()) {
             return new PermissionValidator(before, after, pp, this);
         } else {
             return new MoveAwarePermissionValidator(before, after, pp, this, moveTracker);
         }
     }

     //--------------------------------------------------------------------------

     Context getAccessControlContext() {
         if (acCtx == null) {
             acCtx = acConfig.getContext();
         }
         return acCtx;
     }

     Context getUserContext() {
         if (userCtx == null) {
             UserConfiguration uc = providerCtx.getSecurityProvider().getConfiguration(UserConfiguration.class);
             userCtx = uc.getContext();
         }
         return userCtx;
     }

     TreeProvider getTreeProvider() {
         return providerCtx.getTreeProvider();
     }

     boolean requiresJr2Permissions(long permission) {
         return Permissions.includes(jr2Permissions, permission);
     }

     Root createReadOnlyRoot(@NotNull NodeState nodeState) {
         return providerCtx.getRootProvider().createReadOnlyRoot(nodeState);
     }

     Tree createReadOnlyTree(@NotNull NodeState nodeState) {
         return providerCtx.getTreeProvider().createReadOnlyTree(nodeState);
     }
 }
	/*
	* Licensed to the Apache Software Foundation (ASF) under one or more
	* contributor license agreements. See the NOTICE file distributed with
	* this work for additional information regarding copyright ownership.
	* The ASF licenses this file to You under the Apache License, Version 2.0
	* (the "License"); you may not use this file except in compliance with
	* the License. You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing, software
	* distributed under the License is distributed on an "AS IS" BASIS,
	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	* See the License for the specific language governing permissions and
	* limitations under the License.
	*/
	package org.apache.jackrabbit.oak.security.authorization.permission;

	import java.security.Principal;
	import java.util.Set;
	import org.apache.jackrabbit.oak.api.Root;
	import org.apache.jackrabbit.oak.api.Tree;
	import org.apache.jackrabbit.oak.plugins.tree.TreeProvider;
	import org.apache.jackrabbit.oak.security.authorization.ProviderCtx;
	import org.apache.jackrabbit.oak.spi.commit.CommitInfo;
	import org.apache.jackrabbit.oak.spi.commit.MoveTracker;
	import org.apache.jackrabbit.oak.spi.commit.Validator;
	import org.apache.jackrabbit.oak.spi.commit.ValidatorProvider;
	import org.apache.jackrabbit.oak.spi.security.ConfigurationParameters;
	import org.apache.jackrabbit.oak.spi.security.Context;
	import org.apache.jackrabbit.oak.spi.security.authorization.AuthorizationConfiguration;
	import org.apache.jackrabbit.oak.spi.security.authorization.permission.PermissionConstants;
	import org.apache.jackrabbit.oak.spi.security.authorization.permission.PermissionProvider;
	import org.apache.jackrabbit.oak.spi.security.authorization.permission.Permissions;
	import org.apache.jackrabbit.oak.spi.security.user.UserConfiguration;
	import org.apache.jackrabbit.oak.spi.state.NodeState;
	import org.jetbrains.annotations.NotNull;

	/**
	* {@code ValidatorProvider} implementation for permission evaluation associated
	* with write operations.
	*/
	public class PermissionValidatorProvider extends ValidatorProvider {

	private final AuthorizationConfiguration acConfig;
	private final long jr2Permissions;

	private final String workspaceName;
	private final Set<Principal> principals;
	private final MoveTracker moveTracker;

	private final ProviderCtx providerCtx;

	private Context acCtx;
	private Context userCtx;

	public PermissionValidatorProvider(@NotNull String workspaceName,
	@NotNull Set<Principal> principals, @NotNull MoveTracker moveTracker,
	@NotNull ProviderCtx providerCtx) {
	this.acConfig = providerCtx.getSecurityProvider().getConfiguration(AuthorizationConfiguration.class);

	ConfigurationParameters params = acConfig.getParameters();
	String compatValue = params.getConfigValue(PermissionConstants.PARAM_PERMISSIONS_JR2, null, String.class);
	jr2Permissions = Permissions.getPermissions(compatValue);

	this.workspaceName = workspaceName;
	this.principals = principals;
	this.moveTracker = moveTracker;

	this.providerCtx = providerCtx;
	}

	//--------------------------------------------------< ValidatorProvider >---

	@Override @NotNull
	public Validator getRootValidator(
	NodeState before, NodeState after, CommitInfo info) {
	PermissionProvider pp = acConfig.getPermissionProvider(createReadOnlyRoot(before), workspaceName, principals);
	if (moveTracker.isEmpty()) {
	return new PermissionValidator(before, after, pp, this);
	} else {
	return new MoveAwarePermissionValidator(before, after, pp, this, moveTracker);
	}
	}

	//--------------------------------------------------------------------------

	Context getAccessControlContext() {
	if (acCtx == null) {
	acCtx = acConfig.getContext();
	}
	return acCtx;
	}

	Context getUserContext() {
	if (userCtx == null) {
	UserConfiguration uc = providerCtx.getSecurityProvider().getConfiguration(UserConfiguration.class);
	userCtx = uc.getContext();
	}
	return userCtx;
	}

	TreeProvider getTreeProvider() {
	return providerCtx.getTreeProvider();
	}

	boolean requiresJr2Permissions(long permission) {
	return Permissions.includes(jr2Permissions, permission);
	}

	Root createReadOnlyRoot(@NotNull NodeState nodeState) {
	return providerCtx.getRootProvider().createReadOnlyRoot(nodeState);
	}

	Tree createReadOnlyTree(@NotNull NodeState nodeState) {
	return providerCtx.getTreeProvider().createReadOnlyTree(nodeState);
	}
	}