Skip to content

[WIP] Acl support #104

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
lsmith77 wants to merge 7 commits into
base: 1.x
Choose a base branch
from
Open

[WIP] Acl support #104

Show file tree
Hide file tree
Changes from 5 commits
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
966c60c
WIP
dbu Feb 10, 2015
aefeeef
WIP setPolicy()
lsmith77 Feb 10, 2015
76e3894
WIP
dbu Feb 10, 2015
930e4e1
cleanup
lsmith77 Feb 10, 2015
5b49287
use correct phpcr
dbu Feb 10, 2015
21c436b
fix json syntax
dbu Feb 13, 2015
3bdb976
wip
dbu May 1, 2015
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 3 additions & 3 deletions composer.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,16 +19,16 @@
"php": ">=5.3.3",
"ext-xml":"*",
"ext-curl":"*",
"phpcr/phpcr": "~2.1.2",
"phpcr/phpcr": "dev-acl",
"phpcr/phpcr-utils": "~1.1",
"jackalope/jackalope": "~1.2.0"
"jackalope/jackalope": "dev-acl"
Copy link
Copy Markdown
Member Author

@lsmith77 lsmith77 Feb 10, 2015

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

needs to be changed to the final version

},
"provide": {
"jackalope/jackalope-transport": "1.1.0"
},
"require-dev": {
"psr/log": "~1.0",
"phpcr/phpcr-api-tests": "~2.1.0",
"phpcr/phpcr-api-tests": "dev-acl",
Copy link
Copy Markdown
Member Author

@lsmith77 lsmith77 Feb 10, 2015

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

needs to be changed to the final version

"symfony/console": "~2.0"
},
"autoload": {
Expand Down
108 changes: 108 additions & 0 deletions prop.xml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,108 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
Copy link
Copy Markdown
Member

@dbu dbu Feb 10, 2015

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

sample privileges response. needs to be removed again

<D:multistatus xmlns:D="DAV:">
<D:response>
<D:href>http://localhost:8080/server/testsWorkspace/jcr%3aroot/</D:href>
<D:propstat>
<D:prop>
<D:supported-privilege-set>
<D:supported-privilege>
<D:privilege>
<jcr:all xmlns:jcr="http://www.jcp.org/jcr/1.0"/>
</D:privilege>
<D:supported-privilege>
<D:privilege>
<jcr:workspaceManagement xmlns:jcr="http://www.jcp.org/jcr/1.0"/>
</D:privilege>
</D:supported-privilege>
<D:supported-privilege>
<D:privilege>
<jcr:lifecycleManagement xmlns:jcr="http://www.jcp.org/jcr/1.0"/>
</D:privilege>
</D:supported-privilege>
<D:supported-privilege>
<D:privilege>
<jcr:versionManagement xmlns:jcr="http://www.jcp.org/jcr/1.0"/>
</D:privilege>
</D:supported-privilege>
<D:supported-privilege>
<D:privilege>
<jcr:lockManagement xmlns:jcr="http://www.jcp.org/jcr/1.0"/>
</D:privilege>
</D:supported-privilege>
<D:supported-privilege>
<D:privilege>
<jcr:read xmlns:jcr="http://www.jcp.org/jcr/1.0"/>
</D:privilege>
</D:supported-privilege>
<D:supported-privilege>
<D:privilege>
<jcr:modifyAccessControl xmlns:jcr="http://www.jcp.org/jcr/1.0"/>
</D:privilege>
</D:supported-privilege>
<D:supported-privilege>
<D:privilege>
<rep:write xmlns:rep="internal"/>
</D:privilege>
<D:supported-privilege>
<D:privilege>
<jcr:nodeTypeManagement xmlns:jcr="http://www.jcp.org/jcr/1.0"/>
</D:privilege>
</D:supported-privilege>
<D:supported-privilege>
<D:privilege>
<jcr:write xmlns:jcr="http://www.jcp.org/jcr/1.0"/>
</D:privilege>
<D:supported-privilege>
<D:privilege>
<jcr:removeNode xmlns:jcr="http://www.jcp.org/jcr/1.0"/>
</D:privilege>
</D:supported-privilege>
<D:supported-privilege>
<D:privilege>
<jcr:addChildNodes xmlns:jcr="http://www.jcp.org/jcr/1.0"/>
</D:privilege>
</D:supported-privilege>
<D:supported-privilege>
<D:privilege>
<jcr:modifyProperties xmlns:jcr="http://www.jcp.org/jcr/1.0"/>
</D:privilege>
</D:supported-privilege>
<D:supported-privilege>
<D:privilege>
<jcr:removeChildNodes xmlns:jcr="http://www.jcp.org/jcr/1.0"/>
</D:privilege>
</D:supported-privilege>
</D:supported-privilege>
</D:supported-privilege>
<D:supported-privilege>
<D:privilege>
<rep:privilegeManagement xmlns:rep="internal"/>
</D:privilege>
</D:supported-privilege>
<D:supported-privilege>
<D:privilege>
<jcr:namespaceManagement xmlns:jcr="http://www.jcp.org/jcr/1.0"/>
</D:privilege>
</D:supported-privilege>
<D:supported-privilege>
<D:privilege>
<jcr:nodeTypeDefinitionManagement xmlns:jcr="http://www.jcp.org/jcr/1.0"/>
</D:privilege>
</D:supported-privilege>
<D:supported-privilege>
<D:privilege>
<jcr:retentionManagement xmlns:jcr="http://www.jcp.org/jcr/1.0"/>
</D:privilege>
</D:supported-privilege>
<D:supported-privilege>
<D:privilege>
<jcr:readAccessControl xmlns:jcr="http://www.jcp.org/jcr/1.0"/>
</D:privilege>
</D:supported-privilege>
</D:supported-privilege>
</D:supported-privilege-set>
</D:prop>
<D:status>HTTP/1.1 200 OK</D:status>
</D:propstat>
</D:response>
</D:multistatus>
116 changes: 115 additions & 1 deletion src/Jackalope/Transport/Jackrabbit/Client.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,8 @@
use PHPCR\ItemExistsException;
use PHPCR\Query\InvalidQueryException;
use PHPCR\RepositoryInterface;
use PHPCR\Security\AccessControlEntryInterface;
use PHPCR\Security\AccessControlPolicyInterface;
use PHPCR\SimpleCredentials;
use PHPCR\PropertyType;
use PHPCR\SessionInterface;
Expand All @@ -33,6 +35,10 @@
use Jackalope\Transport\LockingInterface;
use Jackalope\Transport\ObservationInterface;
use Jackalope\Transport\WorkspaceManagementInterface;
use Jackalope\Transport\AccessControlInterface;
use Jackalope\Transport\SetPolicyOperation;
use Jackalope\Security\AccessControlList;
use Jackalope\Security\Privilege;
use Jackalope\NotImplementedException;
use Jackalope\Node;
use Jackalope\Property;
Expand Down Expand Up @@ -66,7 +72,18 @@
* @author Lukas Kahwe Smith <smith@pooteeweet.org>
* @author Daniel Barsotti <daniel.barsotti@liip.ch>
*/
class Client extends BaseTransport implements QueryTransport, PermissionInterface, WritingInterface, VersioningInterface, NodeTypeCndManagementInterface, LockingInterface, ObservationInterface, WorkspaceManagementInterface
class Client
extends BaseTransport
implements
QueryTransport,
PermissionInterface,
WritingInterface,
VersioningInterface,
NodeTypeCndManagementInterface,
LockingInterface,
AccessControlInterface,
ObservationInterface,
WorkspaceManagementInterface
{
/**
* minimal version needed for the backend server
Expand Down Expand Up @@ -477,6 +494,7 @@ public function getNode($path)
$path = $this->encodeAndValidatePathForDavex($path);
$path .= '.'.$this->getFetchDepth().'.json';

$path = str_replace('%3A', ':', $path);
Copy link
Copy Markdown
Member Author

@lsmith77 lsmith77 Feb 10, 2015

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

needs a proper fix

Copy link
Copy Markdown
Member

@dbu dbu Feb 10, 2015

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

afaik can simply be reverted

$request = $this->getRequest(Request::GET, $path);
try {
return $request->executeJson();
Expand Down Expand Up @@ -2072,6 +2090,7 @@ public function rollbackSave()
protected function getMimePart($name, $value, $mime_boundary)
{
$data = '';
$name = $name ?: ':diff';
Copy link
Copy Markdown
Member Author

@lsmith77 lsmith77 Feb 10, 2015

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

might need to be adjusted again

Copy link
Copy Markdown
Member

@dbu dbu Feb 10, 2015

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this is a hack for debugging, we should not need to do it like this.


$eol = "\r\n";
$data .= '--' . $mime_boundary . $eol ;
Expand Down Expand Up @@ -2122,4 +2141,99 @@ protected function getMimePart($name, $value, $mime_boundary)

return $data;
}

public function getSupportedPrivileges($path = null)
{
$path = $this->workspaceUriRoot . $path ?: '';

$request = $this->getRequest(Request::PROPFIND, $path);
$request->setBody($this->buildPropfindRequest(array('D:supported-privilege-set')));
$dom = $request->executeDom();

$set = $dom->getElementsByTagNameNS(self::NS_DAV, 'supported-privilege-set');
if ($set->length != 1) {
throw new RepositoryException('Unexpected answer from server: '.$dom->saveXML());
}

$privileges = array();
foreach ($set->item(0)->childNodes as $privilege) {
$privileges[] = $this->parsePrivileges($privilege);
}

return $privileges;
}

private function parsePrivileges(\DOMElement $node)
{
$privilege = null;
$children = array();

foreach ($node->childNodes as $child) {
switch ($child->tagName) {
case 'D:privilege':
$privilege = $child;
break;
case 'D:supported-privilege':
$children[] = $this->parsePrivileges($child);
break;
default:
// ignore
}
}

if (!$privilege) {
throw new \Exception('invalid stuff'.$node->tagName);
}
$name = '{'.$privilege->firstChild->namespaceURI.'}'.$privilege->firstChild->localName;

return new Privilege($name, $children);
}

public function setPolicy(array $operation)
{
foreach ($operation as $op) {
$this->setPolicyJsop($op);
}
}

private function setPolicyJsop($operation)
{
if (!$operation->policy instanceof AccessControlList) {
throw new \Exception('wrong class');
}

$value = $operation->srcPath . '/rep:policy : {
jcr:primaryType : "rep:ACL"';

$id = 0;

foreach ($operation->policy->getAccessControlEntries() as $entry) {
$value .= ",\n" .
'entry' . $id++ . ' : {
jcr:primaryType : "rep:grantACE",
rep:principalName : "' . $entry->getPrincipal()->getName() . '",
rep:privileges : [' . $this->buildPrivilegeList($entry) . ']
}';
}
$value .= '
}
';
//var_dump($value);die;
Copy link
Copy Markdown
Member

@dbu dbu Feb 10, 2015

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

remove


$this->setJsopBody("\n+".$value, '');
}

private function buildPrivilegeList(AccessControlEntryInterface $entry)
{
$privileges = array();
foreach ($entry->getPrivileges() as $privilege) {
$privileges[] = str_replace('{http://www.jcp.org/jcr/1.0}', 'jcr:', $privilege->getName());
Copy link
Copy Markdown
Member Author

@lsmith77 lsmith77 Feb 10, 2015

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

maybe we should have a helper to switch back and forth from prefix to full namespace

Copy link
Copy Markdown
Member

@dbu dbu Feb 10, 2015

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

the namespace handler would allow that. we should definitely not do like its now, there can be other namespaces than jcr. was a hack to see if its basically working.

and i am not entirely sure whether we really need to convert or whether jackrabbit would also understand the long name.

}

if (0 === count($privileges)) {
return '';
}

return '"' . implode('", "', $privileges) . '"';
}
}
19 changes: 18 additions & 1 deletion src/Jackalope/Transport/Jackrabbit/LoggingClient.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,8 +5,10 @@
use Jackalope\FactoryInterface;
use Jackalope\Transport\AbstractReadWriteLoggingWrapper;

use Jackalope\Transport\AccessControlInterface;
use Jackalope\Transport\QueryInterface as QueryTransport;
use Jackalope\Transport\PermissionInterface;
use Jackalope\Transport\SetPolicyOperation;
use Jackalope\Transport\VersioningInterface;
use Jackalope\Transport\NodeTypeCndManagementInterface;
use Jackalope\Transport\LockingInterface;
Expand All @@ -27,7 +29,7 @@
*
* @author Lukas Kahwe Smith <smith@pooteeweet.org>
*/
class LoggingClient extends AbstractReadWriteLoggingWrapper implements QueryTransport, PermissionInterface, VersioningInterface, NodeTypeCndManagementInterface, LockingInterface, ObservationInterface, WorkspaceManagementInterface
class LoggingClient extends AbstractReadWriteLoggingWrapper implements QueryTransport, PermissionInterface, VersioningInterface, NodeTypeCndManagementInterface, LockingInterface, ObservationInterface, WorkspaceManagementInterface, AccessControlInterface
{
/**
* @var Client
Expand Down Expand Up @@ -243,4 +245,19 @@ public function deleteWorkspace($name)
{
$this->transport->deleteWorkspace($name);
}

public function getSupportedPrivileges($path = null)
{
return $this->transport->getSupportedPrivileges($path);
}

/**
* @param SetPolicyOperation[] $operation
* @throws \Exception
*/
public function setPolicy(array $operation)
{
$this->transport->setPolicy($operation);
}

}
1 change: 0 additions & 1 deletion tests/inc/ImplementationLoader.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -42,7 +42,6 @@ protected function __construct()
$this->unsupportedChapters = array(
'PermissionsAndCapabilities',
'ShareableNodes',
'AccessControlManagement',
'LifecycleManagement',
'RetentionAndHold',
'Transactions',
Expand Down