jackrabbit-oak-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ang...@apache.org
Subject svn commit: r1447491 - /jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/PermissionValidator.java
Date Mon, 18 Feb 2013 21:01:01 GMT
Author: angela
Date: Mon Feb 18 21:01:01 2013
New Revision: 1447491

URL: http://svn.apache.org/r1447491
Log:
OAK-527: permissions (wip)

Modified:
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/PermissionValidator.java

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/PermissionValidator.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/PermissionValidator.java?rev=1447491&r1=1447490&r2=1447491&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/PermissionValidator.java
(original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/PermissionValidator.java
Mon Feb 18 21:01:01 2013
@@ -25,11 +25,13 @@ import org.apache.jackrabbit.JcrConstant
 import org.apache.jackrabbit.oak.api.CommitFailedException;
 import org.apache.jackrabbit.oak.api.PropertyState;
 import org.apache.jackrabbit.oak.api.Tree;
+import org.apache.jackrabbit.oak.core.TreeImpl;
 import org.apache.jackrabbit.oak.plugins.version.VersionConstants;
 import org.apache.jackrabbit.oak.spi.commit.Validator;
 import org.apache.jackrabbit.oak.spi.security.authorization.PermissionProvider;
 import org.apache.jackrabbit.oak.spi.security.authorization.Permissions;
 import org.apache.jackrabbit.oak.spi.state.NodeState;
+import org.apache.jackrabbit.oak.spi.state.NodeStateUtils;
 
 /**
  * Validator implementation that checks for sufficient permission for all
@@ -39,7 +41,6 @@ class PermissionValidator implements Val
 
     /* TODO
      * - Renaming nodes or Move with same parent are reflected as remove+add -> needs
special handling
-     * - review usage of OAK_CHILD_ORDER property (in particular if the property was removed
      * - Proper handling of jcr:nodeTypeManagement privilege.
      */
 
@@ -76,7 +77,11 @@ class PermissionValidator implements Val
 
     @Override
     public void propertyChanged(PropertyState before, PropertyState after) throws CommitFailedException
{
-        checkPermissions(parentAfter, after, Permissions.MODIFY_PROPERTY);
+        if (TreeImpl.OAK_CHILD_ORDER.equals(after.getName())) {
+            checkPermissions(parentAfter, false, Permissions.MODIFY_CHILD_NODE_COLLECTION);
+        } else {
+            checkPermissions(parentAfter, after, Permissions.MODIFY_PROPERTY);
+        }
     }
 
     @Override
@@ -131,9 +136,11 @@ class PermissionValidator implements Val
 
     private void checkPermissions(@Nonnull Tree parent, @Nonnull PropertyState property,
                                   long defaultPermission) throws CommitFailedException {
-        long toTest = getPermission(parent, property, defaultPermission);
-        if (!permissionProvider.isGranted(parent, property, toTest)) {
-            throw new CommitFailedException(new AccessDeniedException());
+        if (!NodeStateUtils.isHidden((property.getName()))) {
+            long toTest = getPermission(parent, property, defaultPermission);
+            if (!permissionProvider.isGranted(parent, property, toTest)) {
+                throw new CommitFailedException(new AccessDeniedException());
+            }
         }
     }
 



Mime
View raw message