Google Git
Sign in
apache / jackrabbit-oak / 89773459d65d1753f05feecbae18333d42e4d775 / . / trunk / oak-security-spi / src / main / java / org / apache / jackrabbit / oak / spi / security / privilege / PrivilegeConstants.java
blob: 755efca9d6ec34074eb88c5329f590535c25c4c4 [file] [log] [blame]
/*
* Licensed to the Apache Software Foundation (ASF) under one or more
* contributor license agreements. See the NOTICE file distributed with
* this work for additional information regarding copyright ownership.
* The ASF licenses this file to You under the Apache License, Version 2.0
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.apache.jackrabbit.oak.spi.security.privilege;
import java.util.Map;
import java.util.Set;
import com.google.common.collect.ImmutableMap;
import com.google.common.collect.ImmutableSet;
import org.apache.jackrabbit.JcrConstants;
/**
* Internal name constants used for the privilege management.
*/
public interface PrivilegeConstants {
//--------------------------------< Constants for Privilege Definitions >---
/**
* Internal (oak) name for the root node of the privilege store.
*/
String REP_PRIVILEGES = "rep:privileges";
/**
* Name of the property that defines if the privilege is abstract.
*/
String REP_IS_ABSTRACT = "rep:isAbstract";
/**
* Name of the privilege definition property that stores the aggregate privilege names.
*/
String REP_AGGREGATES = "rep:aggregates";
/**
* Name of the property storing the value of the next available privilege bits.
*/
String REP_NEXT = "rep:next";
/**
* The internal names of all property definitions that are associated with
* the {@link #NT_REP_PRIVILEGE rep:Privilege} node type
*/
Set<String> PRIVILEGE_PROPERTY_NAMES = ImmutableSet.of(REP_IS_ABSTRACT, REP_AGGREGATES, REP_NEXT);
/**
* Internal (oak) path for the privilege store.
*/
String PRIVILEGES_PATH = '/' + JcrConstants.JCR_SYSTEM + '/' + REP_PRIVILEGES;
/**
* Node type name of the root node of the privilege store
*/
String NT_REP_PRIVILEGES = "rep:Privileges";
/**
* Node type name of the privilege definition nodes
*/
String NT_REP_PRIVILEGE = "rep:Privilege";
/**
* Node type names associated with privilege content
*/
Set<String> PRIVILEGE_NODETYPE_NAMES = ImmutableSet.of(NT_REP_PRIVILEGES, NT_REP_PRIVILEGE);
/**
* Name of the privilege definition property that stores the internal representation
* of this privilege.
*/
String REP_BITS = "rep:bits";
//----------------------------------------------------< Privilege Names >---
/**
* Internal (oak) name of the {@link javax.jcr.security.Privilege#JCR_READ} privilege
*/
String JCR_READ = "jcr:read";
/**
* Internal (oak) name of the {@link javax.jcr.security.Privilege#JCR_MODIFY_PROPERTIES} privilege
*/
String JCR_MODIFY_PROPERTIES = "jcr:modifyProperties";
/**
* Internal (oak) name of the {@link javax.jcr.security.Privilege#JCR_ADD_CHILD_NODES} privilege
*/
String JCR_ADD_CHILD_NODES = "jcr:addChildNodes";
/**
* Internal (oak) name of the {@link javax.jcr.security.Privilege#JCR_REMOVE_NODE} privilege
*/
String JCR_REMOVE_NODE = "jcr:removeNode";
/**
* Internal (oak) name of the {@link javax.jcr.security.Privilege#JCR_REMOVE_CHILD_NODES} privilege
*/
String JCR_REMOVE_CHILD_NODES = "jcr:removeChildNodes";
/**
* Internal (oak) name of the {@link javax.jcr.security.Privilege#JCR_WRITE} privilege
*/
String JCR_WRITE = "jcr:write";
/**
* Internal (oak) name of the {@link javax.jcr.security.Privilege#JCR_READ_ACCESS_CONTROL} privilege
*/
String JCR_READ_ACCESS_CONTROL = "jcr:readAccessControl";
/**
* Internal (oak) name of the {@link javax.jcr.security.Privilege#JCR_MODIFY_ACCESS_CONTROL} privilege
*/
String JCR_MODIFY_ACCESS_CONTROL = "jcr:modifyAccessControl";
/**
* Internal (oak) name of the {@link javax.jcr.security.Privilege#JCR_LOCK_MANAGEMENT} privilege
*/
String JCR_LOCK_MANAGEMENT = "jcr:lockManagement";
/**
* Internal (oak) name of the {@link javax.jcr.security.Privilege#JCR_VERSION_MANAGEMENT} privilege
*/
String JCR_VERSION_MANAGEMENT = "jcr:versionManagement";
/**
* Internal (oak) name of the {@link javax.jcr.security.Privilege#JCR_NODE_TYPE_MANAGEMENT} privilege
*/
String JCR_NODE_TYPE_MANAGEMENT = "jcr:nodeTypeManagement";
/**
* Internal (oak) name of the {@link javax.jcr.security.Privilege#JCR_RETENTION_MANAGEMENT} privilege
*/
String JCR_RETENTION_MANAGEMENT = "jcr:retentionManagement";
/**
* Internal (oak) name of the {@link javax.jcr.security.Privilege#JCR_LIFECYCLE_MANAGEMENT} privilege
*/
String JCR_LIFECYCLE_MANAGEMENT = "jcr:lifecycleManagement";
/**
* Internal (oak) name of the jcr:workspaceManagement privilege
*/
String JCR_WORKSPACE_MANAGEMENT = "jcr:workspaceManagement";
/**
* Internal (oak) name of the jcr:nodeTypeDefinitionManagement privilege
*/
String JCR_NODE_TYPE_DEFINITION_MANAGEMENT = "jcr:nodeTypeDefinitionManagement";
/**
* Internal (oak) name of the jcr:namespaceManagement privilege
*/
String JCR_NAMESPACE_MANAGEMENT = "jcr:namespaceManagement";
/**
* Internal (oak) name of the {@link javax.jcr.security.Privilege#JCR_ALL} privilege
*/
String JCR_ALL = "jcr:all";
/**
* Internal (oak) name of the rep:privilegeManagement privilege
*/
String REP_PRIVILEGE_MANAGEMENT = "rep:privilegeManagement";
/**
* Internal (oak) name of the rep:write privilege
*/
String REP_WRITE = "rep:write";
/**
* Internal (oak) name of the rep:userManagement privilege
*
* @since OAK 1.0
*/
String REP_USER_MANAGEMENT = "rep:userManagement";
/**
* Internal (oak) name of the rep:readNodes privilege
*
* @since OAK 1.0
*/
String REP_READ_NODES = "rep:readNodes";
/**
* Internal (oak) name of the rep:readProperties privilege
*
* @since OAK 1.0
*/
String REP_READ_PROPERTIES = "rep:readProperties";
/**
* Internal (oak) name of the rep:addProperties privilege
*
* @since OAK 1.0
*/
String REP_ADD_PROPERTIES = "rep:addProperties";
/**
* Internal (oak) name of the rep:alterProperties privilege
*
* @since OAK 1.0
*/
String REP_ALTER_PROPERTIES = "rep:alterProperties";
/**
* Internal (oak) name of the rep:removeProperties privilege
*
* @since OAK 1.0
*/
String REP_REMOVE_PROPERTIES = "rep:removeProperties";
/**
* Internal (oak) name of the rep:indexDefinitionManagement privilege
*
* @since OAK 1.0
*/
String REP_INDEX_DEFINITION_MANAGEMENT = "rep:indexDefinitionManagement";
/**
* The internal names of all built-in privileges that are not aggregates.
*/
Set<String> NON_AGGREGATE_PRIVILEGES = ImmutableSet.of(
REP_READ_NODES, REP_READ_PROPERTIES,
REP_ADD_PROPERTIES, REP_ALTER_PROPERTIES, REP_REMOVE_PROPERTIES,
JCR_ADD_CHILD_NODES, JCR_REMOVE_CHILD_NODES, JCR_REMOVE_NODE,
JCR_READ_ACCESS_CONTROL, JCR_MODIFY_ACCESS_CONTROL, JCR_NODE_TYPE_MANAGEMENT,
JCR_VERSION_MANAGEMENT, JCR_LOCK_MANAGEMENT, JCR_LIFECYCLE_MANAGEMENT,
JCR_RETENTION_MANAGEMENT, JCR_WORKSPACE_MANAGEMENT, JCR_NODE_TYPE_DEFINITION_MANAGEMENT,
JCR_NAMESPACE_MANAGEMENT, REP_PRIVILEGE_MANAGEMENT, REP_USER_MANAGEMENT, REP_INDEX_DEFINITION_MANAGEMENT
);
/**
* The internal names and aggregation definition of all built-in privileges
* that are aggregates (except for jcr:all).
*/
Map<String, String[]> AGGREGATE_PRIVILEGES = ImmutableMap.of(
JCR_READ, new String[]{REP_READ_NODES, REP_READ_PROPERTIES},
JCR_MODIFY_PROPERTIES, new String[]{REP_ADD_PROPERTIES, REP_ALTER_PROPERTIES, REP_REMOVE_PROPERTIES},
JCR_WRITE, new String[]{JCR_MODIFY_PROPERTIES, JCR_ADD_CHILD_NODES, JCR_REMOVE_CHILD_NODES, JCR_REMOVE_NODE},
REP_WRITE, new String[]{JCR_WRITE, JCR_NODE_TYPE_MANAGEMENT});
}