-
Notifications
You must be signed in to change notification settings - Fork 213
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
MODE-1920: Initial access management implementation #849
Conversation
I'd like to merge this only after we release 3.3. |
@@ -982,7 +982,8 @@ final AbstractJcrNode addNode( String relPath, | |||
if (parent instanceof AbstractJcrNode) { | |||
// delegate to the parent node ... | |||
Name childName = path.getLastSegment().getName(); | |||
session.checkPermission(absolutePathFor(parent.path(), path.getLastSegment()), ModeShapePermissions.ADD_NODE); | |||
//MODE-1920: check add_child_node permission on parent node | |||
session.checkPermission(parent.path(), ModeShapePermissions.ADD_NODE); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Why was this changed back to 'parent.path()' rather than absolutePathFor(parent.path(), path.getLastSegment())
? If you look at the absolutePathFor
method, it will simply return the parent path if it is absolute; otherwise, it constructs an absolute path. This was changed recently to fix a but where sometimes we would be passing relative paths to the authorization framework.
A couple of things:
|
|
||
@After | ||
public void tearDown() { | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Generally, a test should not have any of these methods that are empty. Just remove them to keep the test as simple as possible.
Briefly before preparing java doc with node structures. -ACLs are stored as a special child nodes. As normal content. 2013/6/20 Randall Hauch notifications@github.com
|
Implementation design |
I'm really not sure how I feel about the ACL-specifics being added below the regular content nodes. I understand the very real benefits, but it doesn't "smell" very good. How does the reference implementation do it? |
It does the same. 2013/6/20 Randall Hauch notifications@github.com
|
Any update on performance? Consider running https://github.com/ModeShape/modeshape-performance tests before and after these changes. |
I will do test 2013/6/27 Randall Hauch notifications@github.com
|
Am I missing an updated commit? I still don't see any documentation of the design inside the JavaDoc (ideally in the Also, I made some suggestions earlier that don't seem to be addressed. |
Sorry, I was waiting for your decision about ACLs added below the content node. If we agree on this way I will just add fixes by following comments otherwise it might require more changes. |
Ah, gotcha. I'm fine with storing the ACLs below the affected/controlled node. It might be nice, however, if we plan to support and groupnames, not just usernames. Maybe "principalName" is a generic term? Once you get to the documentation, it'd be good to include some sample code of how to create an ACL for a node. |
} | ||
|
||
|
||
private class User implements Principal { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Should we have a default implementation in API that does this? Seems useful if we're expecting clients to supply these instances.
Status? |
Few things remains. Should be ready very soon. 2013/7/9 Randall Hauch notifications@github.com
|
Excellent. Just please post as you work. |
Now I think it is ready. Latest commit adds principals implementation to the API and fixes problem with absolute path mentioned above. |
+ * (mode:Permission) protected | ||
[mode:Permission] | ||
- name (string) protected | ||
- privileges (string) multiple protected |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Why did you choose to put these in a separate file, rather than in modeshape_builtins.cnd
?
Nice work, @okulikov. I do like how this is designed and implemented, though I do have a number of small requests that I'd like to see addressed (see above). @hchiorean, please review this and post your thoughts. This will be great to have in 3.4. |
The |
Shouldn't the |
Are the ACL-related nodes reflected in the query results ? I'm guessing the Also, related to the above, do we really want to index those nodes as regular child nodes or would it be better to add some ACL-related information to the |
Do we have unit tests for validating multiple session & workspace interaction in regard to nodes that have ACLs set ? To be more precise, I'm referring to unit tests which validate the following part of the spec:
I'm aware that using child nodes assures pretty much all of the above, however since it's a JCR Spec Feature, we should have dedicated tests IMO. |
We also need to think about federation, because that is not part of the JCR spec. For example, for a node on which a user does not have the |
@hchiorean said:
We should make sure that none of the nodes associated with ACLs are ever indexed, by setting the node types to have the 'noqueryorder' and 'nofulltext' attributes, and by ensuring that the nodes are never indexed (via the However, the query system is already using the session's ability to see nodes before a node appears in the results ... as long as the existing session nodes now take into account the ACLs in addition to the older-style permissions. |
} | ||
|
||
@Override | ||
public Privilege[] getSupportedPrivileges(String path) throws PathNotFoundException, RepositoryException { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Remove the exceptions, since they're never thrown from the method.
@okulikov, overall this PR is looking really good. I did have a number of line comments above, but they're all fairly minor - though I did have a few questions and I'm concerned about the Oh, building locally worked just fine for me. |
Rebased and merged into the 'master' branch. Also, fixed a number of JavaDoc errors and compiler warnings with an additional commit. |
I found a very minor issue in the ACM source code line 117. It passes path instead of username to the default JcrAccessControlList. I don't know how the default ACL is set, but I suppose it might be set differently, such that it references principals beyond "everyone". Anyway, hope this helps. |
@gregjan, can you log a separate JIRA for this? I think the line number has changed: https://github.com/ModeShape/modeshape/blob/master/modeshape-jcr/src/main/java/org/modeshape/jcr/AccessControlManagerImpl.java#L121 |
This implementation contains following changes:
-AccessManager provides implementation for access list policy only where policy is associated with each node. Access list data is stored as special child node. Node types are defined in the file access-manager.cnd. Nodes defined protected;
-AccessManager also implements AdvancedAuthorization interface and SecurityContext interface what allows to plug it with minimal changes
-Unit tests for functional tests of the access list