jackrabbit-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ang...@apache.org
Subject svn commit: r790235 - in /jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core: ProtectedItemModifier.java security/authorization/acl/ACLEditor.java security/authorization/principalbased/ACLEditor.java
Date Wed, 01 Jul 2009 15:54:29 GMT
Author: angela
Date: Wed Jul  1 15:54:28 2009
New Revision: 790235

URL: http://svn.apache.org/viewvc?rev=790235&view=rev
Log:
 JCR-1588: JSR 283: Access Control

- minor improvement: replace ace nodes instead of removing the acl altogether.

Modified:
    jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/ProtectedItemModifier.java
    jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/acl/ACLEditor.java
    jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/principalbased/ACLEditor.java

Modified: jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/ProtectedItemModifier.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/ProtectedItemModifier.java?rev=790235&r1=790234&r2=790235&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/ProtectedItemModifier.java
(original)
+++ jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/ProtectedItemModifier.java
Wed Jul  1 15:54:28 2009
@@ -130,6 +130,10 @@
         itemImpl.internalRemove(true);
     }
 
+    protected void markModified(NodeImpl parentImpl) throws RepositoryException {
+        parentImpl.getOrCreateTransientItemState();
+    }
+
     private void checkPermission(ItemImpl item, int perm) throws RepositoryException {
         if (perm > Permission.NONE) {
             SessionImpl sImpl = (SessionImpl) item.getSession();

Modified: jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/acl/ACLEditor.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/acl/ACLEditor.java?rev=790235&r1=790234&r2=790235&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/acl/ACLEditor.java
(original)
+++ jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/acl/ACLEditor.java
Wed Jul  1 15:54:28 2009
@@ -41,6 +41,7 @@
 import javax.jcr.Value;
 import javax.jcr.ValueFactory;
 import javax.jcr.ValueFormatException;
+import javax.jcr.NodeIterator;
 import javax.jcr.security.AccessControlEntry;
 import javax.jcr.security.AccessControlException;
 import javax.jcr.security.AccessControlList;
@@ -158,17 +159,17 @@
         checkValidPolicy(nodePath, policy);
 
         NodeImpl aclNode = getAclNode(nodePath);
-        /* in order to assert that the parent (ac-controlled node) gets modified
-           an existing ACL node is removed first and the recreated.
-           this also asserts that all ACEs are cleared without having to
-           access and removed the explicitely
-         */
         if (aclNode != null) {
-            removeItem(aclNode);
+            // remove all existing aces
+            for (NodeIterator aceNodes = aclNode.getNodes(); aceNodes.hasNext();) {
+                NodeImpl aceNode = (NodeImpl) aceNodes.nextNode();
+                removeItem(aceNode);
+            }
+        } else {
+            // create the acl node
+            aclNode = createAclNode(nodePath);
         }
-        // now (re) create it
-        aclNode = createAclNode(nodePath);
-
+        
         AccessControlEntry[] entries = ((ACLTemplate) policy).getAccessControlEntries();
         for (int i = 0; i < entries.length; i++) {
             JackrabbitAccessControlEntry ace = (JackrabbitAccessControlEntry) entries[i];
@@ -189,6 +190,9 @@
             Value[] names = getPrivilegeNames(pvlgs, vf);
             setProperty(aceNode, P_PRIVILEGES, names);
         }
+
+        // mark the parent modified.
+        markModified(((NodeImpl)aclNode.getParent()));
     }
 
     /**

Modified: jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/principalbased/ACLEditor.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/principalbased/ACLEditor.java?rev=790235&r1=790234&r2=790235&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/principalbased/ACLEditor.java
(original)
+++ jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/principalbased/ACLEditor.java
Wed Jul  1 15:54:28 2009
@@ -45,6 +45,7 @@
 import javax.jcr.Value;
 import javax.jcr.ValueFactory;
 import javax.jcr.PropertyType;
+import javax.jcr.NodeIterator;
 import java.security.Principal;
 
 /**
@@ -183,22 +184,22 @@
         if (acNode == null) {
             throw new PathNotFoundException("No such node " + nodePath);
         }
+
         // write the entries to the node
-        /*
-         in order to assert that the parent (ac-controlled node) gets
-         modified an existing ACL node is removed first and the recreated.
-         this also asserts that all ACEs are cleared without having to
-         access and removed the explicitely
-        */
         NodeImpl aclNode;
         if (acNode.hasNode(N_POLICY)) {
             aclNode = acNode.getNode(N_POLICY);
-            removeItem(aclNode);
+            // remove all existing aces
+            for (NodeIterator aceNodes = aclNode.getNodes(); aceNodes.hasNext();) {
+                NodeImpl aceNode = (NodeImpl) aceNodes.nextNode();
+                removeItem(aceNode);
+            }
+        } else {
+            /* doesn't exist yet -> create */
+            aclNode = addNode(acNode, N_POLICY, NT_REP_ACL);
         }
-        /* now (re) create it */
-        aclNode = addNode(acNode, N_POLICY, NT_REP_ACL);
 
-        /* add all entries defined on the template */
+        /* add all new entries defined on the template */
         AccessControlEntry[] aces = acl.getAccessControlEntries();
         for (int i = 0; i < aces.length; i++) {
             JackrabbitAccessControlEntry ace = (JackrabbitAccessControlEntry) aces[i];
@@ -227,6 +228,9 @@
                 setProperty(aceNode, pName, value);
             }
         }
+
+        // mark the parent modified.
+        markModified((NodeImpl) aclNode.getParent());
     }
 
     /**



Mime
View raw message