mirror of
https://github.com/Alfresco/alfresco-community-repo.git
synced 2025-08-07 17:49:17 +00:00
SAIL-342: Alfresco to CMIS ACL mapping: change isExtract to isExact on CMISAccessControlReport
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@19057 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
This commit is contained in:
Andrew Hind
@@ -37,17 +37,19 @@ public interface CMISAccessControlReport
|
||||
public List<? extends CMISAccessControlEntry> getAccessControlEntries();
|
||||
|
||||
/**
|
||||
* Is this report incomplete?
|
||||
* If so there are other other security constraints that apply
|
||||
* Is this report exact?
|
||||
* If <code>false</code> then there are other other security constraints that apply.
|
||||
* This will always be false as we have global permission and deny entries that are not reported.
|
||||
* We do not explicitly check these cases - and return false - as we have global permission defined by default.
|
||||
*
|
||||
* @return <code>false</code> means the report fully describes security access, <code>true</code> means other
|
||||
* security constraints apply but are not reported.
|
||||
* @return <code>true</code> means the report fully describes security access, <code>false</code> means other
|
||||
* security constraints <i>may</i> apply but are not reported.
|
||||
*/
|
||||
public boolean isExtract();
|
||||
public boolean isExact();
|
||||
|
||||
/**
|
||||
* Get ACEs grouped by principal id
|
||||
* @return
|
||||
* @return ACEs grouped by principal id
|
||||
* @throws CMISConstraintException
|
||||
*/
|
||||
public List<? extends CMISAccessControlEntriesGroupedByPrincipalId> getAccessControlEntriesGroupedByPrincipalId() throws CMISConstraintException;
|
||||
|
||||
@@ -50,7 +50,7 @@ public class CMISAccessControlReportImpl implements CMISAccessControlReport
|
||||
/* (non-Javadoc)
|
||||
* @see org.alfresco.cmis.CMISAccessControlReport#isExtract()
|
||||
*/
|
||||
public boolean isExtract()
|
||||
public boolean isExact()
|
||||
{
|
||||
return extract;
|
||||
}
|
||||
|
||||
@@ -80,7 +80,7 @@ public class CMISAccessControlServiceTest extends BaseCMISTest
|
||||
createTestAcls();
|
||||
|
||||
CMISAccessControlReport grandParentReport = cmisAccessControlService.getAcl(grandParent, CMISAccessControlFormatEnum.CMIS_BASIC_PERMISSIONS);
|
||||
assertFalse(grandParentReport.isExtract());
|
||||
assertFalse(grandParentReport.isExact());
|
||||
assertEquals(7, grandParentReport.getAccessControlEntries().size());
|
||||
assertTrue(checkCounts(grandParentReport, PermissionService.ADMINISTRATOR_AUTHORITY, 1, 0));
|
||||
assertTrue(checkCounts(grandParentReport, PermissionService.ALL_AUTHORITIES, 1, 0));
|
||||
@@ -91,7 +91,7 @@ public class CMISAccessControlServiceTest extends BaseCMISTest
|
||||
assertTrue(checkCounts(grandParentReport, "Multi", 1, 0));
|
||||
|
||||
CMISAccessControlReport parentReport = cmisAccessControlService.getAcl(parent, CMISAccessControlFormatEnum.CMIS_BASIC_PERMISSIONS);
|
||||
assertFalse(parentReport.isExtract());
|
||||
assertFalse(parentReport.isExact());
|
||||
assertEquals(9, parentReport.getAccessControlEntries().size());
|
||||
assertTrue(checkCounts(parentReport, PermissionService.ADMINISTRATOR_AUTHORITY, 0, 1));
|
||||
assertTrue(checkCounts(parentReport, PermissionService.ALL_AUTHORITIES, 0, 1));
|
||||
@@ -105,7 +105,7 @@ public class CMISAccessControlServiceTest extends BaseCMISTest
|
||||
assertTrue(checkCounts(parentReport, "Multi", 1, 0));
|
||||
|
||||
CMISAccessControlReport childReport = cmisAccessControlService.getAcl(child, CMISAccessControlFormatEnum.CMIS_BASIC_PERMISSIONS);
|
||||
assertFalse(childReport.isExtract());
|
||||
assertFalse(childReport.isExact());
|
||||
assertEquals(12, childReport.getAccessControlEntries().size());
|
||||
assertTrue(checkCounts(childReport, PermissionService.ADMINISTRATOR_AUTHORITY, 0, 1));
|
||||
assertTrue(checkCounts(childReport, PermissionService.ALL_AUTHORITIES, 0, 1));
|
||||
@@ -189,7 +189,7 @@ public class CMISAccessControlServiceTest extends BaseCMISTest
|
||||
createTestAcls();
|
||||
|
||||
CMISAccessControlReport grandParentReport = cmisAccessControlService.getAcl(grandParent, CMISAccessControlFormatEnum.REPOSITORY_SPECIFIC_PERMISSIONS);
|
||||
assertFalse(grandParentReport.isExtract());
|
||||
assertFalse(grandParentReport.isExact());
|
||||
assertEquals(7, grandParentReport.getAccessControlEntries().size());
|
||||
assertTrue(checkCounts(grandParentReport, PermissionService.ADMINISTRATOR_AUTHORITY, 1, 0));
|
||||
assertTrue(checkCounts(grandParentReport, PermissionService.ALL_AUTHORITIES, 1, 0));
|
||||
@@ -200,7 +200,7 @@ public class CMISAccessControlServiceTest extends BaseCMISTest
|
||||
assertTrue(checkCounts(grandParentReport, "Multi", 1, 0));
|
||||
|
||||
CMISAccessControlReport parentReport = cmisAccessControlService.getAcl(parent, CMISAccessControlFormatEnum.REPOSITORY_SPECIFIC_PERMISSIONS);
|
||||
assertFalse(parentReport.isExtract());
|
||||
assertFalse(parentReport.isExact());
|
||||
assertEquals(10, parentReport.getAccessControlEntries().size());
|
||||
assertTrue(checkCounts(parentReport, PermissionService.ADMINISTRATOR_AUTHORITY, 0, 1));
|
||||
assertTrue(checkCounts(parentReport, PermissionService.ALL_AUTHORITIES, 0, 1));
|
||||
@@ -214,7 +214,7 @@ public class CMISAccessControlServiceTest extends BaseCMISTest
|
||||
assertTrue(checkCounts(parentReport, "Multi", 1, 1));
|
||||
|
||||
CMISAccessControlReport childReport = cmisAccessControlService.getAcl(child, CMISAccessControlFormatEnum.REPOSITORY_SPECIFIC_PERMISSIONS);
|
||||
assertFalse(childReport.isExtract());
|
||||
assertFalse(childReport.isExact());
|
||||
assertEquals(16, childReport.getAccessControlEntries().size());
|
||||
assertTrue(checkCounts(childReport, PermissionService.ADMINISTRATOR_AUTHORITY, 0, 1));
|
||||
assertTrue(checkCounts(childReport, PermissionService.ALL_AUTHORITIES, 0, 1));
|
||||
@@ -394,7 +394,7 @@ public class CMISAccessControlServiceTest extends BaseCMISTest
|
||||
|
||||
CMISAccessControlReport grandParentReport = cmisAccessControlService.applyAcl(grandParent, null, acesToAdd, CMISAclPropagationEnum.PROPAGATE,
|
||||
CMISAccessControlFormatEnum.REPOSITORY_SPECIFIC_PERMISSIONS);
|
||||
assertFalse(grandParentReport.isExtract());
|
||||
assertFalse(grandParentReport.isExact());
|
||||
assertEquals(6, grandParentReport.getAccessControlEntries().size());
|
||||
|
||||
List<CMISAccessControlEntry> acesToRemove = new ArrayList<CMISAccessControlEntry>();
|
||||
@@ -402,7 +402,7 @@ public class CMISAccessControlServiceTest extends BaseCMISTest
|
||||
|
||||
grandParentReport = cmisAccessControlService.applyAcl(grandParent, acesToRemove, null, CMISAclPropagationEnum.PROPAGATE,
|
||||
CMISAccessControlFormatEnum.REPOSITORY_SPECIFIC_PERMISSIONS);
|
||||
assertFalse(grandParentReport.isExtract());
|
||||
assertFalse(grandParentReport.isExact());
|
||||
assertEquals(5, grandParentReport.getAccessControlEntries().size());
|
||||
|
||||
try
|
||||
@@ -422,7 +422,7 @@ public class CMISAccessControlServiceTest extends BaseCMISTest
|
||||
|
||||
CMISAccessControlReport parentReport = cmisAccessControlService.applyAcl(parent, null, acesToAdd, CMISAclPropagationEnum.PROPAGATE,
|
||||
CMISAccessControlFormatEnum.REPOSITORY_SPECIFIC_PERMISSIONS);
|
||||
assertFalse(parentReport.isExtract());
|
||||
assertFalse(parentReport.isExact());
|
||||
assertEquals(8, parentReport.getAccessControlEntries().size());
|
||||
|
||||
acesToAdd = new ArrayList<CMISAccessControlEntry>();
|
||||
@@ -433,31 +433,31 @@ public class CMISAccessControlServiceTest extends BaseCMISTest
|
||||
|
||||
CMISAccessControlReport childReport = cmisAccessControlService.applyAcl(child, null, acesToAdd, CMISAclPropagationEnum.PROPAGATE,
|
||||
CMISAccessControlFormatEnum.REPOSITORY_SPECIFIC_PERMISSIONS);
|
||||
assertFalse(childReport.isExtract());
|
||||
assertFalse(childReport.isExact());
|
||||
assertEquals(11, childReport.getAccessControlEntries().size());
|
||||
|
||||
grandParentReport = cmisAccessControlService.getAcl(grandParent, CMISAccessControlFormatEnum.CMIS_BASIC_PERMISSIONS);
|
||||
assertFalse(grandParentReport.isExtract());
|
||||
assertFalse(grandParentReport.isExact());
|
||||
assertEquals(5, grandParentReport.getAccessControlEntries().size());
|
||||
|
||||
parentReport = cmisAccessControlService.getAcl(parent, CMISAccessControlFormatEnum.CMIS_BASIC_PERMISSIONS);
|
||||
assertFalse(parentReport.isExtract());
|
||||
assertFalse(parentReport.isExact());
|
||||
assertEquals(8, parentReport.getAccessControlEntries().size());
|
||||
|
||||
childReport = cmisAccessControlService.getAcl(child, CMISAccessControlFormatEnum.CMIS_BASIC_PERMISSIONS);
|
||||
assertFalse(childReport.isExtract());
|
||||
assertFalse(childReport.isExact());
|
||||
assertEquals(9, childReport.getAccessControlEntries().size());
|
||||
|
||||
grandParentReport = cmisAccessControlService.getAcl(grandParent, CMISAccessControlFormatEnum.REPOSITORY_SPECIFIC_PERMISSIONS);
|
||||
assertFalse(grandParentReport.isExtract());
|
||||
assertFalse(grandParentReport.isExact());
|
||||
assertEquals(5, grandParentReport.getAccessControlEntries().size());
|
||||
|
||||
parentReport = cmisAccessControlService.getAcl(parent, CMISAccessControlFormatEnum.REPOSITORY_SPECIFIC_PERMISSIONS);
|
||||
assertFalse(parentReport.isExtract());
|
||||
assertFalse(parentReport.isExact());
|
||||
assertEquals(8, parentReport.getAccessControlEntries().size());
|
||||
|
||||
childReport = cmisAccessControlService.getAcl(child, CMISAccessControlFormatEnum.REPOSITORY_SPECIFIC_PERMISSIONS);
|
||||
assertFalse(childReport.isExtract());
|
||||
assertFalse(childReport.isExact());
|
||||
assertEquals(11, childReport.getAccessControlEntries().size());
|
||||
|
||||
acesToAdd = new ArrayList<CMISAccessControlEntry>();
|
||||
@@ -466,15 +466,15 @@ public class CMISAccessControlServiceTest extends BaseCMISTest
|
||||
acesToAdd.add(new CMISAccessControlEntryImpl("CMISAll", CMISAccessControlService.CMIS_ALL_PERMISSION));
|
||||
|
||||
childReport = cmisAccessControlService.applyAcl(child, null, acesToAdd, CMISAclPropagationEnum.PROPAGATE, CMISAccessControlFormatEnum.REPOSITORY_SPECIFIC_PERMISSIONS);
|
||||
assertFalse(childReport.isExtract());
|
||||
assertFalse(childReport.isExact());
|
||||
assertEquals(14, childReport.getAccessControlEntries().size());
|
||||
|
||||
childReport = cmisAccessControlService.applyAcl(child, acesToAdd, acesToAdd, CMISAclPropagationEnum.PROPAGATE, CMISAccessControlFormatEnum.REPOSITORY_SPECIFIC_PERMISSIONS);
|
||||
assertFalse(childReport.isExtract());
|
||||
assertFalse(childReport.isExact());
|
||||
assertEquals(14, childReport.getAccessControlEntries().size());
|
||||
|
||||
childReport = cmisAccessControlService.applyAcl(child, acesToAdd, null, CMISAclPropagationEnum.PROPAGATE, CMISAccessControlFormatEnum.REPOSITORY_SPECIFIC_PERMISSIONS);
|
||||
assertFalse(childReport.isExtract());
|
||||
assertFalse(childReport.isExact());
|
||||
assertEquals(11, childReport.getAccessControlEntries().size());
|
||||
|
||||
try
|
||||
|
||||
@@ -2441,6 +2441,53 @@ public class PermissionServiceTest extends AbstractPermissionTest
|
||||
|
||||
}
|
||||
|
||||
public void testAclInsertionPerformanceShared()
|
||||
{
|
||||
NodeRef parent = nodeService.createNode(rootNodeRef, ContentModel.ASSOC_CHILDREN, QName.createQName("{namespace}one"), ContentModel.TYPE_FOLDER).getChildRef();
|
||||
for(int i = 0; i < 10000; i++)
|
||||
{
|
||||
nodeService.createNode(parent, ContentModel.ASSOC_CHILDREN, QName.createQName("{namespace}child"+i), ContentModel.TYPE_FOLDER).getChildRef();
|
||||
}
|
||||
long start = System.nanoTime();
|
||||
permissionService.setPermission(new SimplePermissionEntry(parent, getPermission(PermissionService.CONSUMER), "andy", AccessStatus.ALLOWED));
|
||||
long end = System.nanoTime();
|
||||
|
||||
assertTrue("Time was "+(end - start)/1000000000.0f, end == start);
|
||||
}
|
||||
|
||||
public void testAclInsertionPerformanceDefining()
|
||||
{
|
||||
NodeRef parent = nodeService.createNode(rootNodeRef, ContentModel.ASSOC_CHILDREN, QName.createQName("{namespace}one"), ContentModel.TYPE_FOLDER).getChildRef();
|
||||
for(int i = 0; i < 10000; i++)
|
||||
{
|
||||
NodeRef created = nodeService.createNode(parent, ContentModel.ASSOC_CHILDREN, QName.createQName("{namespace}child"+i), ContentModel.TYPE_FOLDER).getChildRef();
|
||||
permissionService.setPermission(new SimplePermissionEntry(created, getPermission(PermissionService.CONSUMER), "bob", AccessStatus.ALLOWED));
|
||||
}
|
||||
long start = System.nanoTime();
|
||||
permissionService.setPermission(new SimplePermissionEntry(parent, getPermission(PermissionService.CONSUMER), "andy", AccessStatus.ALLOWED));
|
||||
long end = System.nanoTime();
|
||||
|
||||
assertTrue("Time was "+(end - start)/1000000000.0f, end == start);
|
||||
}
|
||||
|
||||
public void testAclInsertionPerformanceMixed()
|
||||
{
|
||||
NodeRef parent = nodeService.createNode(rootNodeRef, ContentModel.ASSOC_CHILDREN, QName.createQName("{namespace}one"), ContentModel.TYPE_FOLDER).getChildRef();
|
||||
for(int i = 0; i < 10000; i++)
|
||||
{
|
||||
NodeRef created = nodeService.createNode(parent, ContentModel.ASSOC_CHILDREN, QName.createQName("{namespace}child"+i), ContentModel.TYPE_FOLDER).getChildRef();
|
||||
if(i % 2 == 0)
|
||||
{
|
||||
permissionService.setPermission(new SimplePermissionEntry(created, getPermission(PermissionService.CONSUMER), "bob", AccessStatus.ALLOWED));
|
||||
}
|
||||
}
|
||||
long start = System.nanoTime();
|
||||
permissionService.setPermission(new SimplePermissionEntry(parent, getPermission(PermissionService.CONSUMER), "andy", AccessStatus.ALLOWED));
|
||||
long end = System.nanoTime();
|
||||
|
||||
assertTrue("Time was "+(end - start)/1000000000.0f, end == start);
|
||||
}
|
||||
|
||||
public void testGetAllSetPermissionsFromAllNodes()
|
||||
{
|
||||
runAs(AuthenticationUtil.getAdminUserName());
|
||||
|
||||
Reference in New Issue
Block a user