jackrabbit-oak-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ang...@apache.org
Subject svn commit: r1466161 - in /jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization: AccessControlManagerImpl.java permission/PermissionProviderImpl.java
Date Tue, 09 Apr 2013 18:01:51 GMT
Author: angela
Date: Tue Apr  9 18:01:50 2013
New Revision: 1466161

URL: http://svn.apache.org/r1466161
Log:
OAK-527: permissions (wip)

Modified:
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlManagerImpl.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionProviderImpl.java

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlManagerImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlManagerImpl.java?rev=1466161&r1=1466160&r2=1466161&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlManagerImpl.java
(original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlManagerImpl.java
Tue Apr  9 18:01:50 2013
@@ -118,7 +118,7 @@ public class AccessControlManagerImpl im
     @Nonnull
     @Override
     public Privilege[] getSupportedPrivileges(@Nullable String absPath) throws RepositoryException
{
-        checkValidPath(absPath);
+        getTree(getOakPath(absPath), Permissions.NO_PERMISSION);
         return privilegeManager.getRegisteredPrivileges();
     }
 
@@ -351,26 +351,18 @@ public class AccessControlManagerImpl im
             throw new PathNotFoundException("No tree at " + oakPath);
         }
         if (permissions != Permissions.NO_PERMISSION) {
-            checkPermission(tree, permissions);
+            if (permissionProvider != null && !permissionProvider.isGranted(tree,
null, permissions)) {
+                throw new AccessDeniedException("Access denied at " + tree);
+            }
+            // check if the tree is access controlled
+            if (acConfig.getContext().definesTree(tree)) {
+                throw new AccessControlException("Tree " + tree.getPath() + " defines access
control content.");
+            }
         }
 
-        // check if the tree is access controlled
-        if (acConfig.getContext().definesTree(tree)) {
-            throw new AccessControlException("Tree " + tree.getPath() + " defines access
control content.");
-        }
         return tree;
     }
 
-    private void checkPermission(@Nonnull Tree tree, long permissions) throws AccessDeniedException
{
-        if (permissionProvider != null && !permissionProvider.isGranted(tree, null,
permissions)) {
-            throw new AccessDeniedException("Access denied at " + tree);
-        }
-    }
-
-    private void checkValidPath(@Nullable String jcrPath) throws RepositoryException {
-        getTree(getOakPath(jcrPath), Permissions.NO_PERMISSION);
-    }
-
     private static void checkValidPolicy(@Nullable String oakPath, @Nonnull AccessControlPolicy
policy) throws AccessControlException {
         if (policy instanceof ACL) {
             String path = ((ACL) policy).getOakPath();

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionProviderImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionProviderImpl.java?rev=1466161&r1=1466160&r2=1466161&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionProviderImpl.java
(original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionProviderImpl.java
Tue Apr  9 18:01:50 2013
@@ -107,9 +107,9 @@ public class PermissionProviderImpl impl
         // TODO: OAK-753 decide on where to filter out hidden items.
         if (isHidden(tree, property)) {
             return ReadStatus.DENY_ALL;
-        } else if (isAccessControlContent(tree) && canReadAccessControlContent(tree,
property)) {
+        } else if (isAccessControlContent(tree)) {
             // TODO: review if read-ac permission is never fine-granular
-            return ReadStatus.ALLOW_ALL;
+            return canReadAccessControlContent(tree, null) ? ReadStatus.ALLOW_ALL : ReadStatus.DENY_ALL;
         } else if (isVersionContent(tree)) {
             return getVersionContentReadStatus(tree, property);
         } else {
@@ -124,7 +124,9 @@ public class PermissionProviderImpl impl
 
     @Override
     public boolean isGranted(@Nonnull Tree tree, @Nullable PropertyState property, long permissions)
{
-        if (isVersionContent(tree)) {
+        if (isHidden(tree, property)) {
+            return false;
+        } else if (isVersionContent(tree)) {
             TreeLocation location = getVersionableLocation(tree, property);
             if (location == null) {
                 // TODO: review permission evaluation on hierarchy nodes within the different
version stores.



Mime
View raw message