diff --git a/source/java/org/alfresco/cmis/CMISAccessControlReport.java b/source/java/org/alfresco/cmis/CMISAccessControlReport.java
index 6c358ce686..ae4571826a 100644
--- a/source/java/org/alfresco/cmis/CMISAccessControlReport.java
+++ b/source/java/org/alfresco/cmis/CMISAccessControlReport.java
@@ -37,17 +37,19 @@ public interface CMISAccessControlReport
public List getAccessControlEntries();
/**
- * Is this report incomplete?
- * If so there are other other security constraints that apply
+ * Is this report exact?
+ * If false then there are other other security constraints that apply.
+ * This will always be false as we have global permission and deny entries that are not reported.
+ * We do not explicitly check these cases - and return false - as we have global permission defined by default.
*
- * @return false means the report fully describes security access, true means other
- * security constraints apply but are not reported.
+ * @return true means the report fully describes security access, false means other
+ * security constraints may apply but are not reported.
*/
- public boolean isExtract();
+ public boolean isExact();
/**
* Get ACEs grouped by principal id
- * @return
+ * @return ACEs grouped by principal id
* @throws CMISConstraintException
*/
public List getAccessControlEntriesGroupedByPrincipalId() throws CMISConstraintException;
diff --git a/source/java/org/alfresco/cmis/acl/CMISAccessControlReportImpl.java b/source/java/org/alfresco/cmis/acl/CMISAccessControlReportImpl.java
index 7043e006c5..f19f59b8c6 100644
--- a/source/java/org/alfresco/cmis/acl/CMISAccessControlReportImpl.java
+++ b/source/java/org/alfresco/cmis/acl/CMISAccessControlReportImpl.java
@@ -50,7 +50,7 @@ public class CMISAccessControlReportImpl implements CMISAccessControlReport
/* (non-Javadoc)
* @see org.alfresco.cmis.CMISAccessControlReport#isExtract()
*/
- public boolean isExtract()
+ public boolean isExact()
{
return extract;
}
diff --git a/source/java/org/alfresco/cmis/acl/CMISAccessControlServiceTest.java b/source/java/org/alfresco/cmis/acl/CMISAccessControlServiceTest.java
index cf640bee20..9607d060e7 100644
--- a/source/java/org/alfresco/cmis/acl/CMISAccessControlServiceTest.java
+++ b/source/java/org/alfresco/cmis/acl/CMISAccessControlServiceTest.java
@@ -80,7 +80,7 @@ public class CMISAccessControlServiceTest extends BaseCMISTest
createTestAcls();
CMISAccessControlReport grandParentReport = cmisAccessControlService.getAcl(grandParent, CMISAccessControlFormatEnum.CMIS_BASIC_PERMISSIONS);
- assertFalse(grandParentReport.isExtract());
+ assertFalse(grandParentReport.isExact());
assertEquals(7, grandParentReport.getAccessControlEntries().size());
assertTrue(checkCounts(grandParentReport, PermissionService.ADMINISTRATOR_AUTHORITY, 1, 0));
assertTrue(checkCounts(grandParentReport, PermissionService.ALL_AUTHORITIES, 1, 0));
@@ -91,7 +91,7 @@ public class CMISAccessControlServiceTest extends BaseCMISTest
assertTrue(checkCounts(grandParentReport, "Multi", 1, 0));
CMISAccessControlReport parentReport = cmisAccessControlService.getAcl(parent, CMISAccessControlFormatEnum.CMIS_BASIC_PERMISSIONS);
- assertFalse(parentReport.isExtract());
+ assertFalse(parentReport.isExact());
assertEquals(9, parentReport.getAccessControlEntries().size());
assertTrue(checkCounts(parentReport, PermissionService.ADMINISTRATOR_AUTHORITY, 0, 1));
assertTrue(checkCounts(parentReport, PermissionService.ALL_AUTHORITIES, 0, 1));
@@ -105,7 +105,7 @@ public class CMISAccessControlServiceTest extends BaseCMISTest
assertTrue(checkCounts(parentReport, "Multi", 1, 0));
CMISAccessControlReport childReport = cmisAccessControlService.getAcl(child, CMISAccessControlFormatEnum.CMIS_BASIC_PERMISSIONS);
- assertFalse(childReport.isExtract());
+ assertFalse(childReport.isExact());
assertEquals(12, childReport.getAccessControlEntries().size());
assertTrue(checkCounts(childReport, PermissionService.ADMINISTRATOR_AUTHORITY, 0, 1));
assertTrue(checkCounts(childReport, PermissionService.ALL_AUTHORITIES, 0, 1));
@@ -189,7 +189,7 @@ public class CMISAccessControlServiceTest extends BaseCMISTest
createTestAcls();
CMISAccessControlReport grandParentReport = cmisAccessControlService.getAcl(grandParent, CMISAccessControlFormatEnum.REPOSITORY_SPECIFIC_PERMISSIONS);
- assertFalse(grandParentReport.isExtract());
+ assertFalse(grandParentReport.isExact());
assertEquals(7, grandParentReport.getAccessControlEntries().size());
assertTrue(checkCounts(grandParentReport, PermissionService.ADMINISTRATOR_AUTHORITY, 1, 0));
assertTrue(checkCounts(grandParentReport, PermissionService.ALL_AUTHORITIES, 1, 0));
@@ -200,7 +200,7 @@ public class CMISAccessControlServiceTest extends BaseCMISTest
assertTrue(checkCounts(grandParentReport, "Multi", 1, 0));
CMISAccessControlReport parentReport = cmisAccessControlService.getAcl(parent, CMISAccessControlFormatEnum.REPOSITORY_SPECIFIC_PERMISSIONS);
- assertFalse(parentReport.isExtract());
+ assertFalse(parentReport.isExact());
assertEquals(10, parentReport.getAccessControlEntries().size());
assertTrue(checkCounts(parentReport, PermissionService.ADMINISTRATOR_AUTHORITY, 0, 1));
assertTrue(checkCounts(parentReport, PermissionService.ALL_AUTHORITIES, 0, 1));
@@ -214,7 +214,7 @@ public class CMISAccessControlServiceTest extends BaseCMISTest
assertTrue(checkCounts(parentReport, "Multi", 1, 1));
CMISAccessControlReport childReport = cmisAccessControlService.getAcl(child, CMISAccessControlFormatEnum.REPOSITORY_SPECIFIC_PERMISSIONS);
- assertFalse(childReport.isExtract());
+ assertFalse(childReport.isExact());
assertEquals(16, childReport.getAccessControlEntries().size());
assertTrue(checkCounts(childReport, PermissionService.ADMINISTRATOR_AUTHORITY, 0, 1));
assertTrue(checkCounts(childReport, PermissionService.ALL_AUTHORITIES, 0, 1));
@@ -394,7 +394,7 @@ public class CMISAccessControlServiceTest extends BaseCMISTest
CMISAccessControlReport grandParentReport = cmisAccessControlService.applyAcl(grandParent, null, acesToAdd, CMISAclPropagationEnum.PROPAGATE,
CMISAccessControlFormatEnum.REPOSITORY_SPECIFIC_PERMISSIONS);
- assertFalse(grandParentReport.isExtract());
+ assertFalse(grandParentReport.isExact());
assertEquals(6, grandParentReport.getAccessControlEntries().size());
List acesToRemove = new ArrayList();
@@ -402,7 +402,7 @@ public class CMISAccessControlServiceTest extends BaseCMISTest
grandParentReport = cmisAccessControlService.applyAcl(grandParent, acesToRemove, null, CMISAclPropagationEnum.PROPAGATE,
CMISAccessControlFormatEnum.REPOSITORY_SPECIFIC_PERMISSIONS);
- assertFalse(grandParentReport.isExtract());
+ assertFalse(grandParentReport.isExact());
assertEquals(5, grandParentReport.getAccessControlEntries().size());
try
@@ -422,7 +422,7 @@ public class CMISAccessControlServiceTest extends BaseCMISTest
CMISAccessControlReport parentReport = cmisAccessControlService.applyAcl(parent, null, acesToAdd, CMISAclPropagationEnum.PROPAGATE,
CMISAccessControlFormatEnum.REPOSITORY_SPECIFIC_PERMISSIONS);
- assertFalse(parentReport.isExtract());
+ assertFalse(parentReport.isExact());
assertEquals(8, parentReport.getAccessControlEntries().size());
acesToAdd = new ArrayList();
@@ -433,31 +433,31 @@ public class CMISAccessControlServiceTest extends BaseCMISTest
CMISAccessControlReport childReport = cmisAccessControlService.applyAcl(child, null, acesToAdd, CMISAclPropagationEnum.PROPAGATE,
CMISAccessControlFormatEnum.REPOSITORY_SPECIFIC_PERMISSIONS);
- assertFalse(childReport.isExtract());
+ assertFalse(childReport.isExact());
assertEquals(11, childReport.getAccessControlEntries().size());
grandParentReport = cmisAccessControlService.getAcl(grandParent, CMISAccessControlFormatEnum.CMIS_BASIC_PERMISSIONS);
- assertFalse(grandParentReport.isExtract());
+ assertFalse(grandParentReport.isExact());
assertEquals(5, grandParentReport.getAccessControlEntries().size());
parentReport = cmisAccessControlService.getAcl(parent, CMISAccessControlFormatEnum.CMIS_BASIC_PERMISSIONS);
- assertFalse(parentReport.isExtract());
+ assertFalse(parentReport.isExact());
assertEquals(8, parentReport.getAccessControlEntries().size());
childReport = cmisAccessControlService.getAcl(child, CMISAccessControlFormatEnum.CMIS_BASIC_PERMISSIONS);
- assertFalse(childReport.isExtract());
+ assertFalse(childReport.isExact());
assertEquals(9, childReport.getAccessControlEntries().size());
grandParentReport = cmisAccessControlService.getAcl(grandParent, CMISAccessControlFormatEnum.REPOSITORY_SPECIFIC_PERMISSIONS);
- assertFalse(grandParentReport.isExtract());
+ assertFalse(grandParentReport.isExact());
assertEquals(5, grandParentReport.getAccessControlEntries().size());
parentReport = cmisAccessControlService.getAcl(parent, CMISAccessControlFormatEnum.REPOSITORY_SPECIFIC_PERMISSIONS);
- assertFalse(parentReport.isExtract());
+ assertFalse(parentReport.isExact());
assertEquals(8, parentReport.getAccessControlEntries().size());
childReport = cmisAccessControlService.getAcl(child, CMISAccessControlFormatEnum.REPOSITORY_SPECIFIC_PERMISSIONS);
- assertFalse(childReport.isExtract());
+ assertFalse(childReport.isExact());
assertEquals(11, childReport.getAccessControlEntries().size());
acesToAdd = new ArrayList();
@@ -466,15 +466,15 @@ public class CMISAccessControlServiceTest extends BaseCMISTest
acesToAdd.add(new CMISAccessControlEntryImpl("CMISAll", CMISAccessControlService.CMIS_ALL_PERMISSION));
childReport = cmisAccessControlService.applyAcl(child, null, acesToAdd, CMISAclPropagationEnum.PROPAGATE, CMISAccessControlFormatEnum.REPOSITORY_SPECIFIC_PERMISSIONS);
- assertFalse(childReport.isExtract());
+ assertFalse(childReport.isExact());
assertEquals(14, childReport.getAccessControlEntries().size());
childReport = cmisAccessControlService.applyAcl(child, acesToAdd, acesToAdd, CMISAclPropagationEnum.PROPAGATE, CMISAccessControlFormatEnum.REPOSITORY_SPECIFIC_PERMISSIONS);
- assertFalse(childReport.isExtract());
+ assertFalse(childReport.isExact());
assertEquals(14, childReport.getAccessControlEntries().size());
childReport = cmisAccessControlService.applyAcl(child, acesToAdd, null, CMISAclPropagationEnum.PROPAGATE, CMISAccessControlFormatEnum.REPOSITORY_SPECIFIC_PERMISSIONS);
- assertFalse(childReport.isExtract());
+ assertFalse(childReport.isExact());
assertEquals(11, childReport.getAccessControlEntries().size());
try
diff --git a/source/java/org/alfresco/repo/security/permissions/impl/PermissionServiceTest.java b/source/java/org/alfresco/repo/security/permissions/impl/PermissionServiceTest.java
index aa4c961320..c02763e96c 100644
--- a/source/java/org/alfresco/repo/security/permissions/impl/PermissionServiceTest.java
+++ b/source/java/org/alfresco/repo/security/permissions/impl/PermissionServiceTest.java
@@ -2440,6 +2440,53 @@ public class PermissionServiceTest extends AbstractPermissionTest
assertEquals(0, permissionService.getAllSetPermissions(rootNodeRef).size());
}
+
+ public void testAclInsertionPerformanceShared()
+ {
+ NodeRef parent = nodeService.createNode(rootNodeRef, ContentModel.ASSOC_CHILDREN, QName.createQName("{namespace}one"), ContentModel.TYPE_FOLDER).getChildRef();
+ for(int i = 0; i < 10000; i++)
+ {
+ nodeService.createNode(parent, ContentModel.ASSOC_CHILDREN, QName.createQName("{namespace}child"+i), ContentModel.TYPE_FOLDER).getChildRef();
+ }
+ long start = System.nanoTime();
+ permissionService.setPermission(new SimplePermissionEntry(parent, getPermission(PermissionService.CONSUMER), "andy", AccessStatus.ALLOWED));
+ long end = System.nanoTime();
+
+ assertTrue("Time was "+(end - start)/1000000000.0f, end == start);
+ }
+
+ public void testAclInsertionPerformanceDefining()
+ {
+ NodeRef parent = nodeService.createNode(rootNodeRef, ContentModel.ASSOC_CHILDREN, QName.createQName("{namespace}one"), ContentModel.TYPE_FOLDER).getChildRef();
+ for(int i = 0; i < 10000; i++)
+ {
+ NodeRef created = nodeService.createNode(parent, ContentModel.ASSOC_CHILDREN, QName.createQName("{namespace}child"+i), ContentModel.TYPE_FOLDER).getChildRef();
+ permissionService.setPermission(new SimplePermissionEntry(created, getPermission(PermissionService.CONSUMER), "bob", AccessStatus.ALLOWED));
+ }
+ long start = System.nanoTime();
+ permissionService.setPermission(new SimplePermissionEntry(parent, getPermission(PermissionService.CONSUMER), "andy", AccessStatus.ALLOWED));
+ long end = System.nanoTime();
+
+ assertTrue("Time was "+(end - start)/1000000000.0f, end == start);
+ }
+
+ public void testAclInsertionPerformanceMixed()
+ {
+ NodeRef parent = nodeService.createNode(rootNodeRef, ContentModel.ASSOC_CHILDREN, QName.createQName("{namespace}one"), ContentModel.TYPE_FOLDER).getChildRef();
+ for(int i = 0; i < 10000; i++)
+ {
+ NodeRef created = nodeService.createNode(parent, ContentModel.ASSOC_CHILDREN, QName.createQName("{namespace}child"+i), ContentModel.TYPE_FOLDER).getChildRef();
+ if(i % 2 == 0)
+ {
+ permissionService.setPermission(new SimplePermissionEntry(created, getPermission(PermissionService.CONSUMER), "bob", AccessStatus.ALLOWED));
+ }
+ }
+ long start = System.nanoTime();
+ permissionService.setPermission(new SimplePermissionEntry(parent, getPermission(PermissionService.CONSUMER), "andy", AccessStatus.ALLOWED));
+ long end = System.nanoTime();
+
+ assertTrue("Time was "+(end - start)/1000000000.0f, end == start);
+ }
public void testGetAllSetPermissionsFromAllNodes()
{