incubator-sling-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cziege...@apache.org
Subject svn commit: r1559031 - in /sling/trunk/bundles/resourceaccesssecurity/src/main/java/org/apache/sling/resourceaccesssecurity: ResourceAccessGate.java impl/ResourceAccessSecurityImpl.java
Date Fri, 17 Jan 2014 07:16:45 GMT
Author: cziegeler
Date: Fri Jan 17 07:16:44 2014
New Revision: 1559031

URL: http://svn.apache.org/r1559031
Log:
SLING-2698 - resource access security service for resource providers. Implement canDelete,
canExecute, and canCreate

Modified:
    sling/trunk/bundles/resourceaccesssecurity/src/main/java/org/apache/sling/resourceaccesssecurity/ResourceAccessGate.java
    sling/trunk/bundles/resourceaccesssecurity/src/main/java/org/apache/sling/resourceaccesssecurity/impl/ResourceAccessSecurityImpl.java

Modified: sling/trunk/bundles/resourceaccesssecurity/src/main/java/org/apache/sling/resourceaccesssecurity/ResourceAccessGate.java
URL: http://svn.apache.org/viewvc/sling/trunk/bundles/resourceaccesssecurity/src/main/java/org/apache/sling/resourceaccesssecurity/ResourceAccessGate.java?rev=1559031&r1=1559030&r2=1559031&view=diff
==============================================================================
--- sling/trunk/bundles/resourceaccesssecurity/src/main/java/org/apache/sling/resourceaccesssecurity/ResourceAccessGate.java
(original)
+++ sling/trunk/bundles/resourceaccesssecurity/src/main/java/org/apache/sling/resourceaccesssecurity/ResourceAccessGate.java
Fri Jan 17 07:16:44 2014
@@ -42,7 +42,7 @@ import aQute.bnd.annotation.ConsumerType
  * <li><b>operations</b>: set of operations on which the service should
be
  * called ("read,create,update,delete,execute", default all of them)</li>
  * <li><b>finaloperations</b>: set of operations on which the service answer
is
- * final an no other service should be called (default none of them)</li>
+ * final and no other service should be called (default none of them)</li>
  * </ul>
  *
  * The resource access gate can either have the context {@link #PROVIDER_CONTEXT},

Modified: sling/trunk/bundles/resourceaccesssecurity/src/main/java/org/apache/sling/resourceaccesssecurity/impl/ResourceAccessSecurityImpl.java
URL: http://svn.apache.org/viewvc/sling/trunk/bundles/resourceaccesssecurity/src/main/java/org/apache/sling/resourceaccesssecurity/impl/ResourceAccessSecurityImpl.java?rev=1559031&r1=1559030&r2=1559031&view=diff
==============================================================================
--- sling/trunk/bundles/resourceaccesssecurity/src/main/java/org/apache/sling/resourceaccesssecurity/impl/ResourceAccessSecurityImpl.java
(original)
+++ sling/trunk/bundles/resourceaccesssecurity/src/main/java/org/apache/sling/resourceaccesssecurity/impl/ResourceAccessSecurityImpl.java
Fri Jan 17 07:16:44 2014
@@ -61,9 +61,13 @@ public class ResourceAccessSecurityImpl 
             final Iterator<ResourceAccessGateHandler> iter = handlers.iterator();
             return new Iterator<ResourceAccessGateHandler>() {
 
-                private ResourceAccessGateHandler next = peek();
+                private ResourceAccessGateHandler next;
 
-                private ResourceAccessGateHandler peek() {
+                {
+                    peek();
+                }
+
+                private void peek() {
                     this.next = null;
                     while ( iter.hasNext() && next == null ) {
                         final ResourceAccessGateHandler handler = iter.next();
@@ -71,7 +75,6 @@ public class ResourceAccessSecurityImpl 
                             next = handler;
                         }
                     }
-                    return next;
                 }
 
                 @Override
@@ -85,7 +88,7 @@ public class ResourceAccessSecurityImpl 
                         throw new NoSuchElementException();
                     }
                     final ResourceAccessGateHandler handler = this.next;
-                    this.next = peek();
+                    peek();
                     return handler;
                 }
 
@@ -93,7 +96,6 @@ public class ResourceAccessSecurityImpl 
                 public void remove() {
                     throw new UnsupportedOperationException();
                 }
-
             };
         }
 
@@ -153,55 +155,151 @@ public class ResourceAccessSecurityImpl 
     }
 
     @Override
-    public boolean canCreate(String absPathName,
-            ResourceResolver resourceResolver) {
-        // TODO Auto-generated method stub
-        return false;
+    public boolean canCreate(final String path,
+            final ResourceResolver resolver) {
+        final Iterator<ResourceAccessGateHandler> handlers = getMatchingResourceAccessGateHandlerIterator(
+                path, ResourceAccessGate.Operation.CREATE);
+        boolean result = true;
+        if ( handlers != null ) {
+            GateResult finalGateResult = null;
+
+            while ( handlers.hasNext() ) {
+                final ResourceAccessGateHandler resourceAccessGateHandler  = handlers.next();
+
+                final GateResult gateResult = resourceAccessGateHandler.getResourceAccessGate().canCreate(path,
resolver);
+                if ( gateResult == GateResult.GRANTED || gateResult == GateResult.DENIED
) {
+                    finalGateResult = gateResult;
+                    if (resourceAccessGateHandler.isFinalOperation(ResourceAccessGate.Operation.CREATE))
{
+                        break;
+                    }
+                }
+            }
+
+            if ( finalGateResult == GateResult.GRANTED ) {
+                result = true;
+            } else if ( finalGateResult == GateResult.DENIED ) {
+                result = false;
+            }
+        }
+        return result;
     }
 
     @Override
-    public boolean canUpdate(Resource resource) {
-        // TODO Auto-generated method stub
-        return false;
+    public boolean canUpdate(final Resource resource) {
+        final Iterator<ResourceAccessGateHandler> handlers = getMatchingResourceAccessGateHandlerIterator(
+                resource.getPath(), ResourceAccessGate.Operation.UPDATE);
+        boolean result = true;
+        if ( handlers != null ) {
+            GateResult finalGateResult = null;
+
+            while ( handlers.hasNext() ) {
+                final ResourceAccessGateHandler resourceAccessGateHandler  = handlers.next();
+
+                final GateResult gateResult = resourceAccessGateHandler.getResourceAccessGate().canUpdate(resource);
+                if ( gateResult == GateResult.GRANTED || gateResult == GateResult.DENIED
) {
+                    finalGateResult = gateResult;
+                    if (resourceAccessGateHandler.isFinalOperation(ResourceAccessGate.Operation.UPDATE))
{
+                        break;
+                    }
+                }
+            }
+
+            if ( finalGateResult == GateResult.GRANTED ) {
+                result = true;
+            } else if ( finalGateResult == GateResult.DENIED ) {
+                result = false;
+            }
+        }
+        return result;
     }
 
     @Override
-    public boolean canDelete(Resource resource) {
-        // TODO Auto-generated method stub
-        return false;
+    public boolean canDelete(final Resource resource) {
+        final Iterator<ResourceAccessGateHandler> handlers = getMatchingResourceAccessGateHandlerIterator(
+                resource.getPath(), ResourceAccessGate.Operation.DELETE);
+        boolean result = true;
+        if ( handlers != null ) {
+            GateResult finalGateResult = null;
+
+            while ( handlers.hasNext() ) {
+                final ResourceAccessGateHandler resourceAccessGateHandler  = handlers.next();
+
+                final GateResult gateResult = resourceAccessGateHandler.getResourceAccessGate().canDelete(resource);
+                if ( gateResult == GateResult.GRANTED || gateResult == GateResult.DENIED
) {
+                    finalGateResult = gateResult;
+                    if (resourceAccessGateHandler.isFinalOperation(ResourceAccessGate.Operation.DELETE))
{
+                        break;
+                    }
+                }
+            }
+
+            if ( finalGateResult == GateResult.GRANTED ) {
+                result = true;
+            } else if ( finalGateResult == GateResult.DENIED ) {
+                result = false;
+            }
+        }
+        return result;
     }
 
     @Override
-    public boolean canExecute(Resource resource) {
-        // TODO Auto-generated method stub
-        return false;
+    public boolean canExecute(final Resource resource) {
+        final Iterator<ResourceAccessGateHandler> handlers = getMatchingResourceAccessGateHandlerIterator(
+                resource.getPath(), ResourceAccessGate.Operation.EXECUTE);
+        boolean result = true;
+        if ( handlers != null ) {
+            GateResult finalGateResult = null;
+
+            while ( handlers.hasNext() ) {
+                final ResourceAccessGateHandler resourceAccessGateHandler  = handlers.next();
+
+                final GateResult gateResult = resourceAccessGateHandler.getResourceAccessGate().canExecute(resource);
+                if ( gateResult == GateResult.GRANTED || gateResult == GateResult.DENIED
) {
+                    finalGateResult = gateResult;
+                    if (resourceAccessGateHandler.isFinalOperation(ResourceAccessGate.Operation.EXECUTE))
{
+                        break;
+                    }
+                }
+            }
+
+            if ( finalGateResult == GateResult.GRANTED ) {
+                result = true;
+            } else if ( finalGateResult == GateResult.DENIED ) {
+                result = false;
+            }
+        }
+        return result;
     }
 
     @Override
-    public boolean canReadValue(Resource resource, String valueName) {
+    public boolean canReadValue(final Resource resource, final String valueName) {
         // TODO Auto-generated method stub
         return false;
     }
 
     @Override
-    public boolean canSetValue(Resource resource, String valueName) {
+    public boolean canSetValue(final Resource resource, final String valueName) {
         // TODO Auto-generated method stub
         return false;
     }
 
     @Override
-    public boolean canDeleteValue(Resource resource, String valueName) {
+    public boolean canDeleteValue(final Resource resource, final String valueName) {
         // TODO Auto-generated method stub
         return false;
     }
 
     @Override
-    public String transformQuery(String query, String language,
-            ResourceResolver resourceResolver) throws AccessSecurityException {
+    public String transformQuery(final String query,
+            final String language,
+            final ResourceResolver resourceResolver)
+    throws AccessSecurityException {
         return query;
     }
 
-
+    /**
+     * Add a new resource access gate
+     */
     protected void bindResourceAccessGate(final ServiceReference ref) {
         synchronized ( this ) {
             final List<ResourceAccessGateHandler> newList = new ArrayList<ResourceAccessGateHandler>(this.allHandlers);
@@ -213,6 +311,9 @@ public class ResourceAccessSecurityImpl 
         }
     }
 
+    /**
+     * Remove a resource access gate
+     */
     protected void unbindResourceAccessGate(final ServiceReference ref) {
         synchronized ( this ) {
             final List<ResourceAccessGateHandler> newList = new ArrayList<ResourceAccessGateHandler>(this.allHandlers);



Mime
View raw message