Author: angela Date: Wed Jul 1 15:54:28 2009 New Revision: 790235 URL: http://svn.apache.org/viewvc?rev=790235&view=rev Log: JCR-1588: JSR 283: Access Control - minor improvement: replace ace nodes instead of removing the acl altogether. Modified: jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/ProtectedItemModifier.java jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/acl/ACLEditor.java jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/principalbased/ACLEditor.java Modified: jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/ProtectedItemModifier.java URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/ProtectedItemModifier.java?rev=790235&r1=790234&r2=790235&view=diff ============================================================================== --- jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/ProtectedItemModifier.java (original) +++ jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/ProtectedItemModifier.java Wed Jul 1 15:54:28 2009 @@ -130,6 +130,10 @@ itemImpl.internalRemove(true); } + protected void markModified(NodeImpl parentImpl) throws RepositoryException { + parentImpl.getOrCreateTransientItemState(); + } + private void checkPermission(ItemImpl item, int perm) throws RepositoryException { if (perm > Permission.NONE) { SessionImpl sImpl = (SessionImpl) item.getSession(); Modified: jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/acl/ACLEditor.java URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/acl/ACLEditor.java?rev=790235&r1=790234&r2=790235&view=diff ============================================================================== --- jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/acl/ACLEditor.java (original) +++ jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/acl/ACLEditor.java Wed Jul 1 15:54:28 2009 @@ -41,6 +41,7 @@ import javax.jcr.Value; import javax.jcr.ValueFactory; import javax.jcr.ValueFormatException; +import javax.jcr.NodeIterator; import javax.jcr.security.AccessControlEntry; import javax.jcr.security.AccessControlException; import javax.jcr.security.AccessControlList; @@ -158,17 +159,17 @@ checkValidPolicy(nodePath, policy); NodeImpl aclNode = getAclNode(nodePath); - /* in order to assert that the parent (ac-controlled node) gets modified - an existing ACL node is removed first and the recreated. - this also asserts that all ACEs are cleared without having to - access and removed the explicitely - */ if (aclNode != null) { - removeItem(aclNode); + // remove all existing aces + for (NodeIterator aceNodes = aclNode.getNodes(); aceNodes.hasNext();) { + NodeImpl aceNode = (NodeImpl) aceNodes.nextNode(); + removeItem(aceNode); + } + } else { + // create the acl node + aclNode = createAclNode(nodePath); } - // now (re) create it - aclNode = createAclNode(nodePath); - + AccessControlEntry[] entries = ((ACLTemplate) policy).getAccessControlEntries(); for (int i = 0; i < entries.length; i++) { JackrabbitAccessControlEntry ace = (JackrabbitAccessControlEntry) entries[i]; @@ -189,6 +190,9 @@ Value[] names = getPrivilegeNames(pvlgs, vf); setProperty(aceNode, P_PRIVILEGES, names); } + + // mark the parent modified. + markModified(((NodeImpl)aclNode.getParent())); } /** Modified: jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/principalbased/ACLEditor.java URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/principalbased/ACLEditor.java?rev=790235&r1=790234&r2=790235&view=diff ============================================================================== --- jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/principalbased/ACLEditor.java (original) +++ jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/principalbased/ACLEditor.java Wed Jul 1 15:54:28 2009 @@ -45,6 +45,7 @@ import javax.jcr.Value; import javax.jcr.ValueFactory; import javax.jcr.PropertyType; +import javax.jcr.NodeIterator; import java.security.Principal; /** @@ -183,22 +184,22 @@ if (acNode == null) { throw new PathNotFoundException("No such node " + nodePath); } + // write the entries to the node - /* - in order to assert that the parent (ac-controlled node) gets - modified an existing ACL node is removed first and the recreated. - this also asserts that all ACEs are cleared without having to - access and removed the explicitely - */ NodeImpl aclNode; if (acNode.hasNode(N_POLICY)) { aclNode = acNode.getNode(N_POLICY); - removeItem(aclNode); + // remove all existing aces + for (NodeIterator aceNodes = aclNode.getNodes(); aceNodes.hasNext();) { + NodeImpl aceNode = (NodeImpl) aceNodes.nextNode(); + removeItem(aceNode); + } + } else { + /* doesn't exist yet -> create */ + aclNode = addNode(acNode, N_POLICY, NT_REP_ACL); } - /* now (re) create it */ - aclNode = addNode(acNode, N_POLICY, NT_REP_ACL); - /* add all entries defined on the template */ + /* add all new entries defined on the template */ AccessControlEntry[] aces = acl.getAccessControlEntries(); for (int i = 0; i < aces.length; i++) { JackrabbitAccessControlEntry ace = (JackrabbitAccessControlEntry) aces[i]; @@ -227,6 +228,9 @@ setProperty(aceNode, pName, value); } } + + // mark the parent modified. + markModified((NodeImpl) aclNode.getParent()); } /**