jackrabbit-oak-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ang...@apache.org
Subject svn commit: r1443540 - /jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/ImpersonationImpl.java
Date Thu, 07 Feb 2013 15:14:58 GMT
Author: angela
Date: Thu Feb  7 15:14:57 2013
New Revision: 1443540

URL: http://svn.apache.org/viewvc?rev=1443540&view=rev
Log:
OAK-50 : Implement User Management

- Impersonation#grant: add shortcut for principals known to the user mgt.

Modified:
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/ImpersonationImpl.java

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/ImpersonationImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/ImpersonationImpl.java?rev=1443540&r1=1443539&r2=1443540&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/ImpersonationImpl.java
(original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/ImpersonationImpl.java
Thu Feb  7 15:14:57 2013
@@ -59,6 +59,7 @@ class ImpersonationImpl implements Imper
     }
 
     //------------------------------------------------------< Impersonation >---
+
     /**
      * @see org.apache.jackrabbit.api.security.user.Impersonation#getImpersonators()
      */
@@ -87,17 +88,10 @@ class ImpersonationImpl implements Imper
      */
     @Override
     public boolean grantImpersonation(Principal principal) throws RepositoryException {
-        String principalName = principal.getName();
-        Principal p = principalManager.getPrincipal(principalName);
-        if (p == null) {
-            log.debug("Cannot grant impersonation to an unknown principal.");
-            return false;
-        }
-        if (p instanceof Group) {
-            log.debug("Cannot grant impersonation to a principal that is a Group.");
+        if (!isValidPrincipal(principal)) {
             return false;
         }
-
+        String principalName = principal.getName();
         // make sure user does not impersonate himself
         Tree userTree = user.getTree();
         PropertyState prop = userTree.getProperty(REP_PRINCIPAL_NAME);
@@ -106,12 +100,6 @@ class ImpersonationImpl implements Imper
             return false;
         }
 
-        // make sure the given principal doesn't refer to the admin user.
-        if (isAdmin(p)) {
-            log.debug("Admin principal is already granted impersonation.");
-            return false;
-        }
-
         Set<String> impersonators = getImpersonatorNames(userTree);
         if (impersonators.add(principalName)) {
             updateImpersonatorNames(userTree, impersonators);
@@ -166,7 +154,7 @@ class ImpersonationImpl implements Imper
     }
 
     //------------------------------------------------------------< private >---
-    private Set<String> getImpersonatorNames() throws RepositoryException {
+    private Set<String> getImpersonatorNames() {
         return getImpersonatorNames(user.getTree());
     }
 
@@ -204,4 +192,36 @@ class ImpersonationImpl implements Imper
             }
         }
     }
+
+    private boolean isValidPrincipal(Principal principal) {
+        Principal p = null;
+        // shortcut for TreeBasedPrincipal
+        if (principal instanceof TreeBasedPrincipal) {
+            try {
+                Authorizable otherUser = user.getUserManager().getAuthorizable(principal);
+                if (otherUser != null) {
+                    p = otherUser.getPrincipal();
+                }
+
+            } catch (RepositoryException e) {
+                log.debug(e.getMessage());
+            }
+        } else {
+            p = principalManager.getPrincipal(principal.getName());
+        }
+        if (p == null) {
+            log.debug("Cannot grant impersonation to an unknown principal.");
+            return false;
+        }
+        if (p instanceof Group) {
+            log.debug("Cannot grant impersonation to a principal that is a Group.");
+            return false;
+        }
+        // make sure the given principal doesn't refer to the admin user.
+        if (isAdmin(p)) {
+            log.debug("Admin principal is already granted impersonation.");
+            return false;
+        }
+        return true;
+    }
 }



Mime
View raw message