SAIL-342: Alfresco to CMIS ACL mapping: change isExtract to isExact on CMISAccessControlReport

git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@19057 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261

source/java/org/alfresco/cmis/CMISAccessControlReport.java

@@ -37,17 +37,19 @@ public interface CMISAccessControlReport
     public List<? extends CMISAccessControlEntry> getAccessControlEntries();
     
     /**
-     * Is this report incomplete?
+     * Is this report exact?
-     * If so there are other other security constraints that apply
+     * If <code>false</code> then there are other other security constraints that apply.
+     * This will always be false as we have global permission and deny entries that are not reported.
+     * We do not explicitly check these cases - and return false - as we have global permission defined by default. 
      * 
-     * @return <code>false</code> means the report fully describes security access, <code>true</code> means other
+     * @return <code>true</code> means the report fully describes security access, <code>false</code> means other
-     * security constraints apply but are not reported. 
+     * security constraints <i>may</i> apply but are not reported. 
      */
-    public boolean isExtract();
+    public boolean isExact();
     
     /**
      * Get ACEs grouped by principal id
-     * @return
+     * @return ACEs grouped by principal id
      * @throws CMISConstraintException 
      */
     public List<? extends CMISAccessControlEntriesGroupedByPrincipalId> getAccessControlEntriesGroupedByPrincipalId() throws CMISConstraintException;

source/java/org/alfresco/cmis/acl/CMISAccessControlReportImpl.java

@@ -50,7 +50,7 @@ public class CMISAccessControlReportImpl implements CMISAccessControlReport
     /* (non-Javadoc)
      * @see org.alfresco.cmis.CMISAccessControlReport#isExtract()
      */
-    public boolean isExtract()
+    public boolean isExact()
     {
        return extract;
     }

source/java/org/alfresco/cmis/acl/CMISAccessControlServiceTest.java

@@ -80,7 +80,7 @@ public class CMISAccessControlServiceTest extends BaseCMISTest
         createTestAcls();
 
         CMISAccessControlReport grandParentReport = cmisAccessControlService.getAcl(grandParent, CMISAccessControlFormatEnum.CMIS_BASIC_PERMISSIONS);
-        assertFalse(grandParentReport.isExtract());
+        assertFalse(grandParentReport.isExact());
         assertEquals(7, grandParentReport.getAccessControlEntries().size());
         assertTrue(checkCounts(grandParentReport, PermissionService.ADMINISTRATOR_AUTHORITY, 1, 0));
         assertTrue(checkCounts(grandParentReport, PermissionService.ALL_AUTHORITIES, 1, 0));
@@ -91,7 +91,7 @@ public class CMISAccessControlServiceTest extends BaseCMISTest
         assertTrue(checkCounts(grandParentReport, "Multi", 1, 0));
 
         CMISAccessControlReport parentReport = cmisAccessControlService.getAcl(parent, CMISAccessControlFormatEnum.CMIS_BASIC_PERMISSIONS);
-        assertFalse(parentReport.isExtract());
+        assertFalse(parentReport.isExact());
         assertEquals(9, parentReport.getAccessControlEntries().size());
         assertTrue(checkCounts(parentReport, PermissionService.ADMINISTRATOR_AUTHORITY, 0, 1));
         assertTrue(checkCounts(parentReport, PermissionService.ALL_AUTHORITIES, 0, 1));
@@ -105,7 +105,7 @@ public class CMISAccessControlServiceTest extends BaseCMISTest
         assertTrue(checkCounts(parentReport, "Multi", 1, 0));
 
         CMISAccessControlReport childReport = cmisAccessControlService.getAcl(child, CMISAccessControlFormatEnum.CMIS_BASIC_PERMISSIONS);
-        assertFalse(childReport.isExtract());
+        assertFalse(childReport.isExact());
         assertEquals(12, childReport.getAccessControlEntries().size());
         assertTrue(checkCounts(childReport, PermissionService.ADMINISTRATOR_AUTHORITY, 0, 1));
         assertTrue(checkCounts(childReport, PermissionService.ALL_AUTHORITIES, 0, 1));
@@ -189,7 +189,7 @@ public class CMISAccessControlServiceTest extends BaseCMISTest
         createTestAcls();
 
         CMISAccessControlReport grandParentReport = cmisAccessControlService.getAcl(grandParent, CMISAccessControlFormatEnum.REPOSITORY_SPECIFIC_PERMISSIONS);
-        assertFalse(grandParentReport.isExtract());
+        assertFalse(grandParentReport.isExact());
         assertEquals(7, grandParentReport.getAccessControlEntries().size());
         assertTrue(checkCounts(grandParentReport, PermissionService.ADMINISTRATOR_AUTHORITY, 1, 0));
         assertTrue(checkCounts(grandParentReport, PermissionService.ALL_AUTHORITIES, 1, 0));
@@ -200,7 +200,7 @@ public class CMISAccessControlServiceTest extends BaseCMISTest
         assertTrue(checkCounts(grandParentReport, "Multi", 1, 0));
 
         CMISAccessControlReport parentReport = cmisAccessControlService.getAcl(parent, CMISAccessControlFormatEnum.REPOSITORY_SPECIFIC_PERMISSIONS);
-        assertFalse(parentReport.isExtract());
+        assertFalse(parentReport.isExact());
         assertEquals(10, parentReport.getAccessControlEntries().size());
         assertTrue(checkCounts(parentReport, PermissionService.ADMINISTRATOR_AUTHORITY, 0, 1));
         assertTrue(checkCounts(parentReport, PermissionService.ALL_AUTHORITIES, 0, 1));
@@ -214,7 +214,7 @@ public class CMISAccessControlServiceTest extends BaseCMISTest
         assertTrue(checkCounts(parentReport, "Multi", 1, 1));
 
         CMISAccessControlReport childReport = cmisAccessControlService.getAcl(child, CMISAccessControlFormatEnum.REPOSITORY_SPECIFIC_PERMISSIONS);
-        assertFalse(childReport.isExtract());
+        assertFalse(childReport.isExact());
         assertEquals(16, childReport.getAccessControlEntries().size());
         assertTrue(checkCounts(childReport, PermissionService.ADMINISTRATOR_AUTHORITY, 0, 1));
         assertTrue(checkCounts(childReport, PermissionService.ALL_AUTHORITIES, 0, 1));
@@ -394,7 +394,7 @@ public class CMISAccessControlServiceTest extends BaseCMISTest
 
         CMISAccessControlReport grandParentReport = cmisAccessControlService.applyAcl(grandParent, null, acesToAdd, CMISAclPropagationEnum.PROPAGATE,
                 CMISAccessControlFormatEnum.REPOSITORY_SPECIFIC_PERMISSIONS);
-        assertFalse(grandParentReport.isExtract());
+        assertFalse(grandParentReport.isExact());
         assertEquals(6, grandParentReport.getAccessControlEntries().size());
 
         List<CMISAccessControlEntry> acesToRemove = new ArrayList<CMISAccessControlEntry>();
@@ -402,7 +402,7 @@ public class CMISAccessControlServiceTest extends BaseCMISTest
 
         grandParentReport = cmisAccessControlService.applyAcl(grandParent, acesToRemove, null, CMISAclPropagationEnum.PROPAGATE,
                 CMISAccessControlFormatEnum.REPOSITORY_SPECIFIC_PERMISSIONS);
-        assertFalse(grandParentReport.isExtract());
+        assertFalse(grandParentReport.isExact());
         assertEquals(5, grandParentReport.getAccessControlEntries().size());
 
         try
@@ -422,7 +422,7 @@ public class CMISAccessControlServiceTest extends BaseCMISTest
 
         CMISAccessControlReport parentReport = cmisAccessControlService.applyAcl(parent, null, acesToAdd, CMISAclPropagationEnum.PROPAGATE,
                 CMISAccessControlFormatEnum.REPOSITORY_SPECIFIC_PERMISSIONS);
-        assertFalse(parentReport.isExtract());
+        assertFalse(parentReport.isExact());
         assertEquals(8, parentReport.getAccessControlEntries().size());
 
         acesToAdd = new ArrayList<CMISAccessControlEntry>();
@@ -433,31 +433,31 @@ public class CMISAccessControlServiceTest extends BaseCMISTest
 
         CMISAccessControlReport childReport = cmisAccessControlService.applyAcl(child, null, acesToAdd, CMISAclPropagationEnum.PROPAGATE,
                 CMISAccessControlFormatEnum.REPOSITORY_SPECIFIC_PERMISSIONS);
-        assertFalse(childReport.isExtract());
+        assertFalse(childReport.isExact());
         assertEquals(11, childReport.getAccessControlEntries().size());
 
         grandParentReport = cmisAccessControlService.getAcl(grandParent, CMISAccessControlFormatEnum.CMIS_BASIC_PERMISSIONS);
-        assertFalse(grandParentReport.isExtract());
+        assertFalse(grandParentReport.isExact());
         assertEquals(5, grandParentReport.getAccessControlEntries().size());
 
         parentReport = cmisAccessControlService.getAcl(parent, CMISAccessControlFormatEnum.CMIS_BASIC_PERMISSIONS);
-        assertFalse(parentReport.isExtract());
+        assertFalse(parentReport.isExact());
         assertEquals(8, parentReport.getAccessControlEntries().size());
 
         childReport = cmisAccessControlService.getAcl(child, CMISAccessControlFormatEnum.CMIS_BASIC_PERMISSIONS);
-        assertFalse(childReport.isExtract());
+        assertFalse(childReport.isExact());
         assertEquals(9, childReport.getAccessControlEntries().size());
 
         grandParentReport = cmisAccessControlService.getAcl(grandParent, CMISAccessControlFormatEnum.REPOSITORY_SPECIFIC_PERMISSIONS);
-        assertFalse(grandParentReport.isExtract());
+        assertFalse(grandParentReport.isExact());
         assertEquals(5, grandParentReport.getAccessControlEntries().size());
 
         parentReport = cmisAccessControlService.getAcl(parent, CMISAccessControlFormatEnum.REPOSITORY_SPECIFIC_PERMISSIONS);
-        assertFalse(parentReport.isExtract());
+        assertFalse(parentReport.isExact());
         assertEquals(8, parentReport.getAccessControlEntries().size());
 
         childReport = cmisAccessControlService.getAcl(child, CMISAccessControlFormatEnum.REPOSITORY_SPECIFIC_PERMISSIONS);
-        assertFalse(childReport.isExtract());
+        assertFalse(childReport.isExact());
         assertEquals(11, childReport.getAccessControlEntries().size());
 
         acesToAdd = new ArrayList<CMISAccessControlEntry>();
@@ -466,15 +466,15 @@ public class CMISAccessControlServiceTest extends BaseCMISTest
         acesToAdd.add(new CMISAccessControlEntryImpl("CMISAll", CMISAccessControlService.CMIS_ALL_PERMISSION));
 
         childReport = cmisAccessControlService.applyAcl(child, null, acesToAdd, CMISAclPropagationEnum.PROPAGATE, CMISAccessControlFormatEnum.REPOSITORY_SPECIFIC_PERMISSIONS);
-        assertFalse(childReport.isExtract());
+        assertFalse(childReport.isExact());
         assertEquals(14, childReport.getAccessControlEntries().size());
 
         childReport = cmisAccessControlService.applyAcl(child, acesToAdd, acesToAdd, CMISAclPropagationEnum.PROPAGATE, CMISAccessControlFormatEnum.REPOSITORY_SPECIFIC_PERMISSIONS);
-        assertFalse(childReport.isExtract());
+        assertFalse(childReport.isExact());
         assertEquals(14, childReport.getAccessControlEntries().size());
 
         childReport = cmisAccessControlService.applyAcl(child, acesToAdd, null, CMISAclPropagationEnum.PROPAGATE, CMISAccessControlFormatEnum.REPOSITORY_SPECIFIC_PERMISSIONS);
-        assertFalse(childReport.isExtract());
+        assertFalse(childReport.isExact());
         assertEquals(11, childReport.getAccessControlEntries().size());
 
         try

source/java/org/alfresco/repo/security/permissions/impl/PermissionServiceTest.java

@@ -2441,6 +2441,53 @@ public class PermissionServiceTest extends AbstractPermissionTest
 
     }
     
+    public void testAclInsertionPerformanceShared()
+    {
+        NodeRef parent = nodeService.createNode(rootNodeRef, ContentModel.ASSOC_CHILDREN, QName.createQName("{namespace}one"), ContentModel.TYPE_FOLDER).getChildRef();
+        for(int i = 0; i < 10000; i++)
+        {
+            nodeService.createNode(parent, ContentModel.ASSOC_CHILDREN, QName.createQName("{namespace}child"+i), ContentModel.TYPE_FOLDER).getChildRef();
+        }
+        long start = System.nanoTime();
+        permissionService.setPermission(new SimplePermissionEntry(parent, getPermission(PermissionService.CONSUMER), "andy", AccessStatus.ALLOWED));
+        long end = System.nanoTime();
+        
+        assertTrue("Time was "+(end - start)/1000000000.0f, end == start);
+    }
+    
+    public void testAclInsertionPerformanceDefining()
+    {
+        NodeRef parent = nodeService.createNode(rootNodeRef, ContentModel.ASSOC_CHILDREN, QName.createQName("{namespace}one"), ContentModel.TYPE_FOLDER).getChildRef();
+        for(int i = 0; i < 10000; i++)
+        {
+            NodeRef created = nodeService.createNode(parent, ContentModel.ASSOC_CHILDREN, QName.createQName("{namespace}child"+i), ContentModel.TYPE_FOLDER).getChildRef();
+            permissionService.setPermission(new SimplePermissionEntry(created, getPermission(PermissionService.CONSUMER), "bob", AccessStatus.ALLOWED));
+        }
+        long start = System.nanoTime();
+        permissionService.setPermission(new SimplePermissionEntry(parent, getPermission(PermissionService.CONSUMER), "andy", AccessStatus.ALLOWED));
+        long end = System.nanoTime();
+
+        assertTrue("Time was "+(end - start)/1000000000.0f, end == start);
+    }
+
+    public void testAclInsertionPerformanceMixed()
+    {
+        NodeRef parent = nodeService.createNode(rootNodeRef, ContentModel.ASSOC_CHILDREN, QName.createQName("{namespace}one"), ContentModel.TYPE_FOLDER).getChildRef();
+        for(int i = 0; i < 10000; i++)
+        {
+            NodeRef created = nodeService.createNode(parent, ContentModel.ASSOC_CHILDREN, QName.createQName("{namespace}child"+i), ContentModel.TYPE_FOLDER).getChildRef();
+            if(i % 2 == 0)
+            {
+                permissionService.setPermission(new SimplePermissionEntry(created, getPermission(PermissionService.CONSUMER), "bob", AccessStatus.ALLOWED));
+            }
+        }
+        long start = System.nanoTime();
+        permissionService.setPermission(new SimplePermissionEntry(parent, getPermission(PermissionService.CONSUMER), "andy", AccessStatus.ALLOWED));
+        long end = System.nanoTime();
+
+        assertTrue("Time was "+(end - start)/1000000000.0f, end == start);
+    }
+
     public void testGetAllSetPermissionsFromAllNodes()
     {
         runAs(AuthenticationUtil.getAdminUserName());