Return-Path: Delivered-To: apmail-portals-jetspeed-dev-archive@www.apache.org Received: (qmail 85677 invoked from network); 28 Jan 2006 19:10:38 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (209.237.227.199) by minotaur.apache.org with SMTP; 28 Jan 2006 19:10:38 -0000 Received: (qmail 20331 invoked by uid 500); 28 Jan 2006 19:10:35 -0000 Delivered-To: apmail-portals-jetspeed-dev-archive@portals.apache.org Received: (qmail 20291 invoked by uid 500); 28 Jan 2006 19:10:35 -0000 Mailing-List: contact jetspeed-dev-help@portals.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "Jetspeed Developers List" Delivered-To: mailing list jetspeed-dev@portals.apache.org Received: (qmail 20280 invoked by uid 99); 28 Jan 2006 19:10:35 -0000 Received: from asf.osuosl.org (HELO asf.osuosl.org) (140.211.166.49) by apache.org (qpsmtpd/0.29) with ESMTP; Sat, 28 Jan 2006 11:10:35 -0800 X-ASF-Spam-Status: No, hits=-9.4 required=10.0 tests=ALL_TRUSTED,NO_REAL_NAME X-Spam-Check-By: apache.org Received: from [209.237.227.194] (HELO minotaur.apache.org) (209.237.227.194) by apache.org (qpsmtpd/0.29) with SMTP; Sat, 28 Jan 2006 11:10:31 -0800 Received: (qmail 85094 invoked by uid 65534); 28 Jan 2006 19:10:10 -0000 Message-ID: <20060128191010.85093.qmail@minotaur.apache.org> Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Subject: svn commit: r373218 [1/2] - in /portals/jetspeed-2/trunk: applications/j2-admin/src/java/org/apache/jetspeed/portlets/customizer/ applications/j2-admin/src/java/org/apache/jetspeed/portlets/selector/ commons/src/java/org/apache/jetspeed/security/ compo... Date: Sat, 28 Jan 2006 19:09:59 -0000 To: jetspeed-dev@portals.apache.org From: dlestrat@apache.org X-Mailer: svnmailer-1.0.5 X-Virus-Checked: Checked by ClamAV on apache.org X-Spam-Rating: minotaur.apache.org 1.6.2 0/1000/N Author: dlestrat Date: Sat Jan 28 11:09:33 2006 New Revision: 373218 URL: http://svn.apache.org/viewcvs?rev=373218&view=rev Log: Committing contribution from David Jencks. For detail, see https://issues.apache.org/jira/browse/JS2-475. Modified: portals/jetspeed-2/trunk/applications/j2-admin/src/java/org/apache/jetspeed/portlets/customizer/CustomizerPortlet.java portals/jetspeed-2/trunk/applications/j2-admin/src/java/org/apache/jetspeed/portlets/selector/PortletSelector.java portals/jetspeed-2/trunk/commons/src/java/org/apache/jetspeed/security/FolderPermission.java portals/jetspeed-2/trunk/commons/src/java/org/apache/jetspeed/security/FragmentPermission.java portals/jetspeed-2/trunk/commons/src/java/org/apache/jetspeed/security/PagePermission.java portals/jetspeed-2/trunk/commons/src/java/org/apache/jetspeed/security/PortalResourcePermission.java portals/jetspeed-2/trunk/commons/src/java/org/apache/jetspeed/security/PortletPermission.java portals/jetspeed-2/trunk/components/page-manager/src/java/org/apache/jetspeed/om/folder/impl/FolderImpl.java portals/jetspeed-2/trunk/components/page-manager/src/java/org/apache/jetspeed/om/folder/psml/FolderImpl.java portals/jetspeed-2/trunk/components/page-manager/src/java/org/apache/jetspeed/om/page/ContentFragmentImpl.java portals/jetspeed-2/trunk/components/page-manager/src/java/org/apache/jetspeed/om/page/ContentPageImpl.java portals/jetspeed-2/trunk/components/page-manager/src/java/org/apache/jetspeed/om/page/impl/BaseElementImpl.java portals/jetspeed-2/trunk/components/page-manager/src/java/org/apache/jetspeed/om/page/impl/FragmentImpl.java portals/jetspeed-2/trunk/components/page-manager/src/java/org/apache/jetspeed/om/page/impl/PageImpl.java portals/jetspeed-2/trunk/components/page-manager/src/java/org/apache/jetspeed/om/page/psml/AbstractBaseElement.java portals/jetspeed-2/trunk/components/page-manager/src/java/org/apache/jetspeed/om/page/psml/FragmentImpl.java portals/jetspeed-2/trunk/components/page-manager/src/java/org/apache/jetspeed/page/document/impl/NodeImpl.java portals/jetspeed-2/trunk/components/page-manager/src/java/org/apache/jetspeed/page/document/psml/AbstractNode.java portals/jetspeed-2/trunk/components/page-manager/src/java/org/apache/jetspeed/page/impl/DatabasePageManager.java portals/jetspeed-2/trunk/components/page-manager/src/java/org/apache/jetspeed/page/psml/CastorXmlPageManager.java portals/jetspeed-2/trunk/components/page-manager/src/test/org/apache/jetspeed/page/TestCastorXmlPageManager.java portals/jetspeed-2/trunk/components/portal/src/java/org/apache/jetspeed/aggregator/impl/PortletAggregatorFragmentImpl.java portals/jetspeed-2/trunk/components/portal/src/java/org/apache/jetspeed/layout/impl/AddPortletAction.java portals/jetspeed-2/trunk/components/portal/src/java/org/apache/jetspeed/layout/impl/BasePortletAction.java portals/jetspeed-2/trunk/components/portal/src/java/org/apache/jetspeed/layout/impl/GetPageAction.java portals/jetspeed-2/trunk/components/portal/src/java/org/apache/jetspeed/layout/impl/GetPagesAction.java portals/jetspeed-2/trunk/components/portal/src/java/org/apache/jetspeed/layout/impl/GetPortletsAction.java portals/jetspeed-2/trunk/components/portal/src/java/org/apache/jetspeed/layout/impl/MovePortletAction.java portals/jetspeed-2/trunk/components/portal/src/java/org/apache/jetspeed/layout/impl/PortletActionSecurityPathBehavior.java portals/jetspeed-2/trunk/components/portal/src/java/org/apache/jetspeed/layout/impl/RemovePortletAction.java portals/jetspeed-2/trunk/components/portal/src/java/org/apache/jetspeed/velocity/PageActionAccess.java portals/jetspeed-2/trunk/components/portal/src/test/resources/assembly/test-layout-api.xml portals/jetspeed-2/trunk/components/registry/src/test/org/apache/jetspeed/components/portletentity/TestPortletEntityDAO.java portals/jetspeed-2/trunk/jetspeed-api/src/java/org/apache/jetspeed/om/common/SecuredResource.java Modified: portals/jetspeed-2/trunk/applications/j2-admin/src/java/org/apache/jetspeed/portlets/customizer/CustomizerPortlet.java URL: http://svn.apache.org/viewcvs/portals/jetspeed-2/trunk/applications/j2-admin/src/java/org/apache/jetspeed/portlets/customizer/CustomizerPortlet.java?rev=373218&r1=373217&r2=373218&view=diff ============================================================================== --- portals/jetspeed-2/trunk/applications/j2-admin/src/java/org/apache/jetspeed/portlets/customizer/CustomizerPortlet.java (original) +++ portals/jetspeed-2/trunk/applications/j2-admin/src/java/org/apache/jetspeed/portlets/customizer/CustomizerPortlet.java Sat Jan 28 11:09:33 2006 @@ -15,52 +15,34 @@ */ package org.apache.jetspeed.portlets.customizer; -import java.io.File; import java.io.IOException; -import java.io.Serializable; -import java.sql.Types; -import java.util.ArrayList; -import java.util.Arrays; -import java.util.HashMap; +import java.security.AccessControlException; +import java.security.AccessController; import java.util.Iterator; import java.util.LinkedList; import java.util.List; import java.util.Locale; -import java.util.Map; -import java.util.ResourceBundle; -import javax.portlet.ActionRequest; -import javax.portlet.ActionResponse; import javax.portlet.PortletConfig; import javax.portlet.PortletContext; import javax.portlet.PortletException; -import javax.portlet.PortletRequest; -import javax.portlet.PortletResponse; import javax.portlet.RenderRequest; import javax.portlet.RenderResponse; import javax.security.auth.Subject; import org.apache.jetspeed.CommonPortletServices; +import org.apache.jetspeed.JetspeedActions; import org.apache.jetspeed.PortalReservedParameters; import org.apache.jetspeed.components.portletregistry.PortletRegistry; -import org.apache.jetspeed.om.common.SecuredResource; import org.apache.jetspeed.om.common.portlet.MutablePortletApplication; import org.apache.jetspeed.om.common.portlet.PortletDefinitionComposite; import org.apache.jetspeed.page.PageManager; import org.apache.jetspeed.portlets.PortletInfo; import org.apache.jetspeed.portlets.pam.PortletApplicationResources; import org.apache.jetspeed.request.RequestContext; -import org.apache.jetspeed.search.ParsedObject; -import org.apache.jetspeed.search.SearchEngine; -import org.apache.jetspeed.security.PermissionManager; import org.apache.jetspeed.security.PortletPermission; -import org.apache.jetspeed.security.SecurityException; -import org.apache.jetspeed.security.User; -import org.apache.jetspeed.security.UserManager; -import org.apache.portals.bridges.frameworks.model.ModelBean; import org.apache.portals.bridges.velocity.AbstractVelocityMessagingPortlet; import org.apache.portals.gems.util.StatusMessage; -import org.apache.portals.gems.util.ValidationHelper; import org.apache.portals.messaging.PortletMessaging; import org.apache.velocity.context.Context; @@ -73,7 +55,6 @@ public class CustomizerPortlet extends AbstractVelocityMessagingPortlet { protected PortletRegistry registry; - protected PermissionManager permissionManager; protected PageManager pageManager; public void init(PortletConfig config) @@ -86,11 +67,6 @@ { throw new PortletException("Failed to find the Portlet Registry on portlet initialization"); } - permissionManager = (PermissionManager)context.getAttribute(CommonPortletServices.CPS_PERMISSION_MANAGER); - if (null == permissionManager) - { - throw new PortletException("Failed to find the Permission Manager on portlet initialization"); - } pageManager = (PageManager)context.getAttribute(CommonPortletServices.CPS_PAGE_MANAGER_COMPONENT); if (null == pageManager) { @@ -154,14 +130,14 @@ // SECURITY filtering String uniqueName = appName + "::" + portlet.getName(); - if (subject != null) + try + { + AccessController.checkPermission(new PortletPermission(portlet.getUniqueName(), JetspeedActions.MASK_VIEW)); + list.add(new PortletInfo(uniqueName, portlet.getDisplayNameText(locale), portlet.getDescriptionText(locale))); + } + catch (AccessControlException ace) { - if (permissionManager.checkPermission(subject, - new PortletPermission(portlet.getUniqueName(), - SecuredResource.VIEW_ACTION, subject ))) - { - list.add(new PortletInfo(uniqueName, portlet.getDisplayNameText(locale), portlet.getDescriptionText(locale))); - } + //continue } } this.publishRenderMessage(request, PORTLET_LIST, list); Modified: portals/jetspeed-2/trunk/applications/j2-admin/src/java/org/apache/jetspeed/portlets/selector/PortletSelector.java URL: http://svn.apache.org/viewcvs/portals/jetspeed-2/trunk/applications/j2-admin/src/java/org/apache/jetspeed/portlets/selector/PortletSelector.java?rev=373218&r1=373217&r2=373218&view=diff ============================================================================== --- portals/jetspeed-2/trunk/applications/j2-admin/src/java/org/apache/jetspeed/portlets/selector/PortletSelector.java (original) +++ portals/jetspeed-2/trunk/applications/j2-admin/src/java/org/apache/jetspeed/portlets/selector/PortletSelector.java Sat Jan 28 11:09:33 2006 @@ -15,6 +15,8 @@ package org.apache.jetspeed.portlets.selector; import java.io.IOException; +import java.security.AccessControlException; +import java.security.AccessController; import java.sql.Types; import java.util.ArrayList; import java.util.Collection; @@ -35,9 +37,9 @@ import javax.security.auth.Subject; import org.apache.jetspeed.CommonPortletServices; +import org.apache.jetspeed.JetspeedActions; import org.apache.jetspeed.PortalReservedParameters; import org.apache.jetspeed.components.portletregistry.PortletRegistry; -import org.apache.jetspeed.om.common.SecuredResource; import org.apache.jetspeed.om.common.portlet.MutablePortletApplication; import org.apache.jetspeed.om.common.portlet.PortletDefinitionComposite; import org.apache.jetspeed.portlets.PortletInfo; @@ -45,7 +47,6 @@ import org.apache.jetspeed.request.RequestContext; import org.apache.jetspeed.search.ParsedObject; import org.apache.jetspeed.search.SearchEngine; -import org.apache.jetspeed.security.PermissionManager; import org.apache.jetspeed.security.PortletPermission; import org.apache.portals.gems.browser.BrowserIterator; import org.apache.portals.gems.browser.BrowserPortlet; @@ -67,7 +68,6 @@ protected PortletRegistry registry; protected SearchEngine searchEngine; - protected PermissionManager permissionManager; public void init(PortletConfig config) throws PortletException @@ -83,11 +83,6 @@ if (null == searchEngine) { throw new PortletException("Failed to find the Search Engine on portlet initialization"); - } - permissionManager = (PermissionManager)context.getAttribute(CommonPortletServices.CPS_PERMISSION_MANAGER); - if (null == permissionManager) - { - throw new PortletException("Failed to find the Permission Manager on portlet initialization"); } } @@ -261,19 +256,19 @@ // SECURITY filtering String uniqueName = appName + "::" + portlet.getName(); - if (subject != null) + try { - if (permissionManager.checkPermission(subject, - new PortletPermission(portlet.getUniqueName(), - SecuredResource.VIEW_ACTION, subject ))) + AccessController.checkPermission(new PortletPermission(portlet.getUniqueName(), JetspeedActions.MASK_VIEW)); + String name = portlet.getDisplayNameText(locale); + if (name == null) { - String name = portlet.getDisplayNameText(locale); - if (name == null) - { - name = portlet.getName(); - } - list.add(new PortletInfo(uniqueName, name, portlet.getDescriptionText(locale))); + name = portlet.getName(); } + list.add(new PortletInfo(uniqueName, name, portlet.getDescriptionText(locale))); + } + catch (AccessControlException ace) + { + //continue } } BrowserIterator iterator = new PortletIterator( Modified: portals/jetspeed-2/trunk/commons/src/java/org/apache/jetspeed/security/FolderPermission.java URL: http://svn.apache.org/viewcvs/portals/jetspeed-2/trunk/commons/src/java/org/apache/jetspeed/security/FolderPermission.java?rev=373218&r1=373217&r2=373218&view=diff ============================================================================== --- portals/jetspeed-2/trunk/commons/src/java/org/apache/jetspeed/security/FolderPermission.java (original) +++ portals/jetspeed-2/trunk/commons/src/java/org/apache/jetspeed/security/FolderPermission.java Sat Jan 28 11:09:33 2006 @@ -15,36 +15,26 @@ package org.apache.jetspeed.security; import java.security.Permission; -import java.security.PermissionCollection; -import java.util.StringTokenizer; - -import javax.security.auth.Subject; - -//import org.apache.commons.logging.Log; -//import org.apache.commons.logging.LogFactory; -import org.apache.jetspeed.JetspeedActions; -import org.apache.jetspeed.security.PortalResourcePermission; -import org.apache.jetspeed.security.PortalResourcePermissionCollection; /** *

Folder permission.

*

This code was partially inspired from:

* - * + *

* This class represents access to a portal content/folder or document. A FolderPermission consists * of a pathname and a set of actions valid for that pathname. - *

+ *

* Pathname is the pathname of the folder or document granted the specified * actions. A pathname that ends in "/*" (where "/" is - * the separator character) indicates all the folders and documents contained in that folder. + * the separator character) indicates all the folders and documents contained in that folder. * A pathname that ends with "/-" indicates (recursively) all documents * and subfolders contained in that directory. A pathname consisting of * the special token "<<ALL FILES>>" matches any folder or document. - *

+ *

* * @author David Sean Taylor * @author Christophe Lombart @@ -52,241 +42,203 @@ */ public class FolderPermission extends PortalResourcePermission { - public static final char RECURSIVE_CHAR = '-'; - public static final char WILD_CHAR = '*'; - public static final String WILD_CHAR_STR = new String(new char[]{WILD_CHAR}); - public static final char FOLDER_SEPARATOR = '/'; - public static final String FOLDER_SEPARATOR_STR = new String(new char[]{FOLDER_SEPARATOR}); - - //private final static Log log = LogFactory.getLog(FolderPermission.class); - - // does path indicate a folder? (wildcard or recursive) - private transient boolean folder; - - // is it a recursive directory specification? - private transient boolean recursive; - - private transient String cpath; - - /** - *

Constructor for FolderPermission.

- * @param name The portlet name. - * @param actions The actions on the portlet. - */ - public FolderPermission(String name, String actions) - { - this(name, actions, null); - } - - /** - *

Constructor for FolderPermission.

- * @param name The portlet name. - * @param actions The actions on the portlet. - */ - public FolderPermission(String name, String actions, Subject subject) - { - super(name, actions, subject); - parseActions(actions); - this.subject = subject; - } - - - /** - *

Overrides Permission.newPermissionCollection().

- * @see java.security.Permission#newPermissionCollection() - */ - public PermissionCollection newPermissionCollection() - { - return new PortalResourcePermissionCollection(); - } - - /** - *

Parses the actions string.

- *

Actions are separated by commas or white space.

- * @param actions The actions - */ - private void parseActions(String actions) - { - mask = 0; - if (actions != null) - { - StringTokenizer tokenizer = new StringTokenizer(actions, ",\t "); - while (tokenizer.hasMoreTokens()) - { - String token = tokenizer.nextToken(); - if (token.equals(JetspeedActions.VIEW)) - mask |= JetspeedActions.MASK_VIEW; - else if (token.equals(JetspeedActions.VIEW) || token.equals(JetspeedActions.RESTORE)) - mask |= JetspeedActions.MASK_VIEW; - else if (token.equals(JetspeedActions.EDIT)) - mask |= JetspeedActions.MASK_EDIT; - else if (token.equals(JetspeedActions.MINIMIZE)) - mask |= JetspeedActions.MASK_MINIMIZE; - else if (token.equals(JetspeedActions.MAXIMIZE)) - mask |= JetspeedActions.MASK_MAXIMIZE; - else if (token.equals(JetspeedActions.HELP)) - mask |= JetspeedActions.MASK_HELP; - else if (token.equals(JetspeedActions.SECURE)) - mask |= JetspeedActions.MASK_SECURE; - else - throw new IllegalArgumentException("Unknown action: " + token); - } - } - - if ((cpath = getName()) == null) - throw new NullPointerException("name can't be null"); - - if (cpath.equals("<>")) - { - folder = true; - recursive = true; - cpath = ""; - return; - } - int len = cpath.length(); - - if (len == 0) - { - throw new IllegalArgumentException("invalid folder reference"); - } - - char last = cpath.charAt(len - 1); - - if (last == RECURSIVE_CHAR && (len == 1 || cpath.charAt(len - 2) == FOLDER_SEPARATOR)) - { - folder = true; - recursive = true; - cpath = cpath.substring(0, --len); - } - else if (last == WILD_CHAR && (len == 1 || cpath.charAt(len - 2) == FOLDER_SEPARATOR)) - { - folder = true; - //recursive = false; - cpath = cpath.substring(0, --len); - } - } - - /** - * Checks if this FolderPermission object "implies" the specified permission. - *

- * More specifically, this method returns true if:

- *

    - *
  • p is an instanceof FolderPermission,

    - *

  • p's actions are a proper subset of this - * object's actions, and

    - *

  • p's pathname is implied by this object's - * pathname. For example, "/tmp/*" implies "/tmp/foo", since - * "/tmp/*" encompasses the "/tmp" folder and all subfolders or documents in that - * directory, including the one named "foo". - *
- * @param p the permission to check against. - * - * @return true if the specified permission is implied by this object, - * false if not. - */ - public boolean implies(Permission p) - { - if (!(p instanceof FolderPermission)) - { - return false; - } - - FolderPermission that = (FolderPermission) p; - return ((this.mask & that.mask) == that.mask) && impliesIgnoreMask(that); - } - - /** - * Checks if the Permission's actions are a proper subset of the - * this object's actions. Returns the effective mask iff the - * this FolderPermission's path also implies that FolderPermission's path. - * - * @param that the FolderPermission to check against. - * @return the effective mask - */ - boolean impliesIgnoreMask(FolderPermission that) - { - if (this.folder) - { - if (this.recursive) - { - // make sure that.path is longer then path so - // something like /foo/- does not imply /foo - if (that.folder) - { - return (that.cpath.length() >= this.cpath.length()) && that.cpath.startsWith(this.cpath); - } - else - { - return ((that.cpath.length() > this.cpath.length()) && that.cpath.startsWith(this.cpath)); - } - } - else - { - if (that.folder) - { - // if the permission passed in is a folder - // specification, make sure that a non-recursive - // permission (i.e., this object) can't imply a recursive - // permission. - if (that.recursive) - return false; - else - return (this.cpath.equals(that.cpath)); - } - else - { - int last = that.cpath.lastIndexOf(FOLDER_SEPARATOR); - if (last == -1) - return false; - else - { - // this.cpath.equals(that.cpath.substring(0, last+1)); - // Use regionMatches to avoid creating new string - - return (this.cpath.length() == (last + 1)) && this.cpath.regionMatches(0, that.cpath, 0, last + 1); - } - } - } - } - else - { - return (this.cpath.equals(that.cpath)); - } - } - - /** - * Checks two FolderPermission objects for equality. Checks that obj is - * a FolderPermission, and has the same pathname and actions as this object. - *

- * @param obj the object we are testing for equality with this object. - * @return true if obj is a FolderPermission, and has the same pathname and - * actions as this FolderPermission object. - */ - public boolean equals(Object obj) - { - if (obj == this) - return true; - - if (!(obj instanceof FolderPermission)) - return false; - - FolderPermission that = (FolderPermission) obj; - - return (this.mask == that.mask) && this.cpath.equals(that.cpath) && (this.folder == that.folder) - && (this.recursive == that.recursive); - } - - /** - * Returns the hash code value for this object. - * - * @return a hash code value for this object. - */ - - public int hashCode() - { - return this.cpath.hashCode(); - } - - + public static final char RECURSIVE_CHAR = '-'; + public static final char WILD_CHAR = '*'; + public static final String WILD_CHAR_STR = new String(new char[]{WILD_CHAR}); + public static final char FOLDER_SEPARATOR = '/'; + public static final String FOLDER_SEPARATOR_STR = new String(new char[]{FOLDER_SEPARATOR}); + + // does path indicate a folder? (wildcard or recursive) + private boolean folder; + + // is it a recursive directory specification? + private boolean recursive; + + private String cpath; + + /** + *

Constructor for FolderPermission.

+ * + * @param name The portlet name. + * @param actions The actions on the portlet. + */ + public FolderPermission(String name, String actions) + { + super(name, actions); + parsePath(); + } + + /** + *

Constructor for FolderPermission.

+ * + * @param name The portlet name. + * @param mask The mask of actions on the portlet. + */ + public FolderPermission(String name, int mask) + { + super(name, mask); + parsePath(); + } + + /** + *

Parses the path.

+ */ + private void parsePath() + { + if ((cpath = getName()) == null) + throw new NullPointerException("name can't be null"); + + if (cpath.equals("<>")) + { + folder = true; + recursive = true; + cpath = ""; + return; + } + int len = cpath.length(); + + if (len == 0) + { + throw new IllegalArgumentException("invalid folder reference"); + } + + char last = cpath.charAt(len - 1); + + if (last == RECURSIVE_CHAR && (len == 1 || cpath.charAt(len - 2) == FOLDER_SEPARATOR)) + { + folder = true; + recursive = true; + cpath = cpath.substring(0, --len); + } + else if (last == WILD_CHAR && (len == 1 || cpath.charAt(len - 2) == FOLDER_SEPARATOR)) + { + folder = true; + //recursive = false; + cpath = cpath.substring(0, --len); + } + } + + /** + * Checks if this FolderPermission object "implies" the specified permission. + *

+ * More specifically, this method returns true if:

+ *

    + *
  • p is an instanceof FolderPermission,

    + *

  • p's actions are a proper subset of this + * object's actions, and

    + *

  • p's pathname is implied by this object's + * pathname. For example, "/tmp/*" implies "/tmp/foo", since + * "/tmp/*" encompasses the "/tmp" folder and all subfolders or documents in that + * directory, including the one named "foo". + *
+ * + * @param p the permission to check against. + * @return true if the specified permission is implied by this object, + * false if not. + */ + public boolean implies(Permission p) + { + if (!(p instanceof FolderPermission)) + { + return false; + } + + FolderPermission that = (FolderPermission) p; + return ((this.mask & that.mask) == that.mask) && impliesIgnoreMask(that); + } + + /** + * Checks if the Permission's actions are a proper subset of the + * this object's actions. Returns the effective mask iff the + * this FolderPermission's path also implies that FolderPermission's path. + * + * @param that the FolderPermission to check against. + * @return the effective mask + */ + boolean impliesIgnoreMask(FolderPermission that) + { + if (this.folder) + { + if (this.recursive) + { + // make sure that.path is longer then path so + // something like /foo/- does not imply /foo + if (that.folder) + { + return (that.cpath.length() >= this.cpath.length()) && that.cpath.startsWith(this.cpath); + } + else + { + return ((that.cpath.length() >= this.cpath.length()) && that.cpath.startsWith(this.cpath)); + } + } + else + { + if (that.folder) + { + // if the permission passed in is a folder + // specification, make sure that a non-recursive + // permission (i.e., this object) can't imply a recursive + // permission. + if (that.recursive) + return false; + else + return (this.cpath.equals(that.cpath)); + } + else + { + int last = that.cpath.lastIndexOf(FOLDER_SEPARATOR); + if (last == -1) + return false; + else + { + // this.cpath.equals(that.cpath.substring(0, last+1)); + // Use regionMatches to avoid creating new string + + return (this.cpath.length() == (last + 1)) && this.cpath.regionMatches(0, that.cpath, 0, last + 1); + } + } + } + } + else + { + return (this.cpath.equals(that.cpath)); + } + } + + /** + * Checks two FolderPermission objects for equality. Checks that obj is + * a FolderPermission, and has the same pathname and actions as this object. + *

+ * + * @param obj the object we are testing for equality with this object. + * @return true if obj is a FolderPermission, and has the same pathname and + * actions as this FolderPermission object. + */ + public boolean equals(Object obj) + { + if (obj == this) + return true; + + if (!(obj instanceof FolderPermission)) + return false; + + FolderPermission that = (FolderPermission) obj; + + return (this.mask == that.mask) && this.cpath.equals(that.cpath) && (this.folder == that.folder) + && (this.recursive == that.recursive); + } + + /** + * Returns the hash code value for this object. + * + * @return a hash code value for this object. + */ + + public int hashCode() + { + return this.cpath.hashCode(); + } + -} +} \ No newline at end of file Modified: portals/jetspeed-2/trunk/commons/src/java/org/apache/jetspeed/security/FragmentPermission.java URL: http://svn.apache.org/viewcvs/portals/jetspeed-2/trunk/commons/src/java/org/apache/jetspeed/security/FragmentPermission.java?rev=373218&r1=373217&r2=373218&view=diff ============================================================================== --- portals/jetspeed-2/trunk/commons/src/java/org/apache/jetspeed/security/FragmentPermission.java (original) +++ portals/jetspeed-2/trunk/commons/src/java/org/apache/jetspeed/security/FragmentPermission.java Sat Jan 28 11:09:33 2006 @@ -14,56 +14,53 @@ */ package org.apache.jetspeed.security; -import java.security.AccessControlContext; -import java.security.AccessController; import java.security.Permission; -import java.security.PermissionCollection; - -import javax.security.auth.Subject; /** *

Fragment permission.

*

This code was partially inspired from articles from:

* - * + *

* This class represents access to a fragment within a * content document. A FragmentPermission consists * of a path, fragment name, or a simple fragment name * pattern and a set of actions valid for that pathname. - *

+ *

* Here are some examples of valid fragment permissions names: - *

  • "/folder/page.psml/app::portlet" matches fragments - * within a page for a specified portlet contained in a app
  • - *
  • "security::*" matches fragments for portlets from the security app
  • - *
  • "<<ALL FRAGMENTS>>" matches any fragment
  • - *

    + *

  • "/folder/page.psml/app::portlet" matches fragments + * within a page for a specified portlet contained in a app
  • + *
  • "security::*" matches fragments for portlets from the security app
  • + *
  • "<<ALL FRAGMENTS>>" matches any fragment
  • + *

    * * @author Randy Watler */ public class FragmentPermission extends PortalResourcePermission -{ +{ /** *

    Constructor for FragmentPermission.

    - * @param name The fragment name. + * + * @param name The fragment name. * @param actions The actions on the fragment. */ public FragmentPermission(String name, String actions) { - this(name, actions, null); + super(name, actions); } /** *

    Constructor for FragmentPermission.

    + * * @param name The fragment name. - * @param actions The actions on the fragment. + * @param mask The mask of actions on the fragment. */ - public FragmentPermission(String name, String actions, Subject subject) + public FragmentPermission(String name, int mask) { - super(name, actions, subject); + super(name, mask); } public boolean implies(Permission permission) @@ -89,16 +86,16 @@ ruleName = ruleName.substring(0, ruleName.length() - 3); testName = testName.substring(0, testNamesSeparator); } - + // trim path components from test name if rule // is not prefixed with the path if (!ruleName.startsWith(FolderPermission.FOLDER_SEPARATOR_STR) && - testName.startsWith(FolderPermission.FOLDER_SEPARATOR_STR)) + testName.startsWith(FolderPermission.FOLDER_SEPARATOR_STR)) { int testPathIndex = testName.lastIndexOf(FolderPermission.FOLDER_SEPARATOR); testName = testName.substring(testPathIndex + 1); } - + // remaining name parts must match if (!ruleName.equals(testName)) { @@ -106,37 +103,22 @@ } } - // Get the subject. - // It was either provide in the constructor. - Subject user = fragmentPerm.getSubject(); - // Or we get it from the AccessControlContext. - if (null == user) - { - AccessControlContext context = AccessController.getContext(); - user = Subject.getSubject(context); - } - // No user was passed. The permission must be denied. - if (null == user) - { - return false; - } - - // The action bits in FragmentPerm (permission) + // The action bits in FragmentPerm (permission) // must be set in the current mask permission. - if ((mask & fragmentPerm.mask) != fragmentPerm.mask) - { - return false; - } + return (mask & fragmentPerm.mask) == fragmentPerm.mask; - return true; } /** - *

    Overrides Permission.newPermissionCollection().

    - * @see java.security.Permission#newPermissionCollection() + * @see java.security.Permission#equals(Object) */ - public PermissionCollection newPermissionCollection() + public boolean equals(Object object) { - return new PortalResourcePermissionCollection(); + if (!(object instanceof FragmentPermission)) + return false; + + FragmentPermission p = (FragmentPermission) object; + return ((p.mask == mask) && (p.getName().equals(getName()))); } -} + +} \ No newline at end of file Modified: portals/jetspeed-2/trunk/commons/src/java/org/apache/jetspeed/security/PagePermission.java URL: http://svn.apache.org/viewcvs/portals/jetspeed-2/trunk/commons/src/java/org/apache/jetspeed/security/PagePermission.java?rev=373218&r1=373217&r2=373218&view=diff ============================================================================== --- portals/jetspeed-2/trunk/commons/src/java/org/apache/jetspeed/security/PagePermission.java (original) +++ portals/jetspeed-2/trunk/commons/src/java/org/apache/jetspeed/security/PagePermission.java Sat Jan 28 11:09:33 2006 @@ -14,42 +14,40 @@ */ package org.apache.jetspeed.security; -import java.security.AccessControlContext; -import java.security.AccessController; import java.security.Permission; -import java.security.PermissionCollection; - -import javax.security.auth.Subject; /** *

    Folder permission.

    *

    This code was partially inspired from articles from:

    * + * * @author David Sean Taylor */ public class PagePermission extends PortalResourcePermission -{ +{ /** *

    Constructor for PagePermission.

    - * @param name The portlet name. + * + * @param name The portlet name. * @param actions The actions on the portlet. */ public PagePermission(String name, String actions) { - this(name, actions, null); + super(name, actions); } /** *

    Constructor for PagePermission.

    + * * @param name The portlet name. - * @param actions The actions on the portlet. + * @param mask The mask for actions on the portlet. */ - public PagePermission(String name, String actions, Subject subject) + public PagePermission(String name, int mask) { - super(name, actions, subject); + super(name, mask); } public boolean implies(Permission permission) @@ -61,7 +59,7 @@ return false; } - // The portlet name must be the same. + // The page name must be the same. if (!(permission.getName().equals(getName()))) { return false; @@ -69,38 +67,22 @@ PagePermission pagePerm = (PagePermission) permission; - // Get the subject. - // It was either provide in the constructor. - Subject user = pagePerm.getSubject(); - // Or we get it from the AccessControlContext. - if (null == user) - { - AccessControlContext context = AccessController.getContext(); - user = Subject.getSubject(context); - } - // No user was passed. The permission must be denied. - if (null == user) - { - return false; - } - - // The action bits in PagePerm (permission) + // The action bits in PagePerm (permission) // must be set in the current mask permission. - if ((mask & pagePerm.mask) != pagePerm.mask) - { - return false; - } + return (mask & pagePerm.mask) == pagePerm.mask; - return true; } /** - *

    Overrides Permission.newPermissionCollection().

    - * @see java.security.Permission#newPermissionCollection() + * @see java.security.Permission#equals(Object) */ - public PermissionCollection newPermissionCollection() + public boolean equals(Object object) { - return new PortalResourcePermissionCollection(); + if (!(object instanceof PagePermission)) + return false; + + PagePermission p = (PagePermission) object; + return ((p.mask == mask) && (p.getName().equals(getName()))); } } Modified: portals/jetspeed-2/trunk/commons/src/java/org/apache/jetspeed/security/PortalResourcePermission.java URL: http://svn.apache.org/viewcvs/portals/jetspeed-2/trunk/commons/src/java/org/apache/jetspeed/security/PortalResourcePermission.java?rev=373218&r1=373217&r2=373218&view=diff ============================================================================== --- portals/jetspeed-2/trunk/commons/src/java/org/apache/jetspeed/security/PortalResourcePermission.java (original) +++ portals/jetspeed-2/trunk/commons/src/java/org/apache/jetspeed/security/PortalResourcePermission.java Sat Jan 28 11:09:33 2006 @@ -14,66 +14,64 @@ */ package org.apache.jetspeed.security; +import org.apache.jetspeed.JetspeedActions; + import java.security.Permission; +import java.security.PermissionCollection; import java.util.StringTokenizer; -import javax.security.auth.Subject; - -import org.apache.jetspeed.JetspeedActions; - /** *

    Generalized Portlet Resoure permission.

    *

    This code was partially inspired from articles from:

    * + * * @author David Le Strat * @author David Sean Taylor */ public abstract class PortalResourcePermission extends Permission { - /**

    Mask used for determining what action to perform.

    */ - protected int mask; + /** + *

    Mask used for determining what actions are allowed or requested.

    + */ + protected final int mask; - /**

    The subject the permission is being performed against.

    */ - protected Subject subject; - /** *

    Constructor for PortletPermission.

    - * @param name The portlet name. + * + * @param name The portlet name. * @param actions The actions on the portlet. */ - public PortalResourcePermission(String name, String actions, Subject subject) + public PortalResourcePermission(String name, String actions) { super(name); - parseActions(actions); - this.subject = subject; + mask = parseActions(actions); } /** - * @see java.security.Permission#hashCode() + *

    Constructor for PortletPermission.

    + * + * @param name The portlet name. + * @param mask The mask representing actions on the portlet. */ - public int hashCode() + public PortalResourcePermission(String name, int mask) { - StringBuffer value = new StringBuffer(getName()); - return value.toString().hashCode() ^ mask; + super(name); + this.mask = mask; } /** - * @see java.security.Permission#equals(Object) + * @see java.security.Permission#hashCode() */ - public boolean equals(Object object) + public int hashCode() { - if (!(object instanceof PortletPermission)) - return false; - - PortletPermission p = (PortletPermission) object; - boolean isEqual = ((p.getName().equals(getName())) && (p.mask == mask)); - return isEqual; + StringBuffer value = new StringBuffer(getName()); + return value.toString().hashCode() ^ mask; } - + /** * @see java.security.Permission#getActions() */ @@ -130,18 +128,18 @@ */ public boolean implies(Permission permission) { - // TODO Auto-generated method stub - return false; + throw new IllegalStateException("Permission class did not implement implies"); } /** *

    Parses the actions string.

    *

    Actions are separated by commas or white space.

    + * * @param actions The actions */ - private void parseActions(String actions) + public static int parseActions(String actions) { - mask = 0; + int mask = 0; if (actions != null) { StringTokenizer tokenizer = new StringTokenizer(actions, ",\t "); @@ -150,7 +148,7 @@ String token = tokenizer.nextToken(); if (token.equals(JetspeedActions.VIEW)) mask |= JetspeedActions.MASK_VIEW; - else if (token.equals(JetspeedActions.VIEW) || token.equals(JetspeedActions.RESTORE)) + else if (token.equals(JetspeedActions.RESTORE)) mask |= JetspeedActions.MASK_VIEW; else if (token.equals(JetspeedActions.EDIT)) mask |= JetspeedActions.MASK_EDIT; @@ -161,20 +159,21 @@ else if (token.equals(JetspeedActions.HELP)) mask |= JetspeedActions.MASK_HELP; else if (token.equals(JetspeedActions.SECURE)) - mask |= JetspeedActions.MASK_SECURE; + mask |= JetspeedActions.MASK_SECURE; else throw new IllegalArgumentException("Unknown action: " + token); } } + return mask; } - + /** - *

    Gets the subject.

    - * @return Returns a Subject + *

    Overrides Permission.newPermissionCollection().

    + * + * @see java.security.Permission#newPermissionCollection() */ - public Subject getSubject() + public PermissionCollection newPermissionCollection() { - return subject; + return new PortalResourcePermissionCollection(); } - } Modified: portals/jetspeed-2/trunk/commons/src/java/org/apache/jetspeed/security/PortletPermission.java URL: http://svn.apache.org/viewcvs/portals/jetspeed-2/trunk/commons/src/java/org/apache/jetspeed/security/PortletPermission.java?rev=373218&r1=373217&r2=373218&view=diff ============================================================================== --- portals/jetspeed-2/trunk/commons/src/java/org/apache/jetspeed/security/PortletPermission.java (original) +++ portals/jetspeed-2/trunk/commons/src/java/org/apache/jetspeed/security/PortletPermission.java Sat Jan 28 11:09:33 2006 @@ -14,20 +14,16 @@ */ package org.apache.jetspeed.security; -import java.security.AccessController; -import java.security.AccessControlContext; import java.security.Permission; -import java.security.PermissionCollection; - -import javax.security.auth.Subject; /** *

    Portlet permission.

    *

    This code was partially inspired from articles from:

    * + * * @author David Le Strat */ public class PortletPermission extends PortalResourcePermission @@ -35,25 +31,26 @@ /** *

    Constructor for PortletPermission.

    - * @param name The portlet name. + * + * @param name The portlet name. * @param actions The actions on the portlet. */ public PortletPermission(String name, String actions) { - this(name, actions, null); + super(name, actions); } /** *

    Constructor for PortletPermission.

    + * * @param name The portlet name. - * @param actions The actions on the portlet. + * @param mask The mask of actions on the portlet. */ - public PortletPermission(String name, String actions, Subject subject) + public PortletPermission(String name, int mask) { - super(name, actions, subject); + super(name, mask); } - public boolean implies(Permission permission) { // The permission must be an instance @@ -63,58 +60,42 @@ return false; } - String name = getName(); - if (name != null) + String name = getName(); + if (name != null) { - int index = name.indexOf('*'); + int index = name.indexOf('*'); if (index > -1) { - if (!(permission.getName().startsWith(name.substring (0, index)))) + if (!(permission.getName().startsWith(name.substring(0, index)))) { return false; } - } + } else if (!(permission.getName().equals(name))) { // The portlet name must be the same. return false; - } + } } - - PortletPermission portletPerm = (PortletPermission) permission; - // Get the subject. - // It was either provide in the constructor. - Subject user = portletPerm.getSubject(); - // Or we get it from the AccessControlContext. - if (null == user) - { - AccessControlContext context = AccessController.getContext(); - user = Subject.getSubject(context); - } - // No user was passed. The permission must be denied. - if (null == user) - { - return false; - } + PortletPermission portletPerm = (PortletPermission) permission; // The action bits in portletPerm (permission) // must be set in the current mask permission. - if ((mask & portletPerm.mask) != portletPerm.mask) - { - return false; - } + return (mask & portletPerm.mask) == portletPerm.mask; - return true; } /** - *

    Overrides Permission.newPermissionCollection().

    - * @see java.security.Permission#newPermissionCollection() + * @see java.security.Permission#equals(Object) */ - public PermissionCollection newPermissionCollection() + public boolean equals(Object object) { - return new PortalResourcePermissionCollection(); + if (!(object instanceof PortletPermission)) + return false; + + PortletPermission p = (PortletPermission) object; + return ((p.mask == mask) && (p.getName().equals(getName()))); } } Modified: portals/jetspeed-2/trunk/components/page-manager/src/java/org/apache/jetspeed/om/folder/impl/FolderImpl.java URL: http://svn.apache.org/viewcvs/portals/jetspeed-2/trunk/components/page-manager/src/java/org/apache/jetspeed/om/folder/impl/FolderImpl.java?rev=373218&r1=373217&r2=373218&view=diff ============================================================================== --- portals/jetspeed-2/trunk/components/page-manager/src/java/org/apache/jetspeed/om/folder/impl/FolderImpl.java (original) +++ portals/jetspeed-2/trunk/components/page-manager/src/java/org/apache/jetspeed/om/folder/impl/FolderImpl.java Sat Jan 28 11:09:33 2006 @@ -21,9 +21,8 @@ import java.util.Comparator; import java.util.Iterator; import java.util.List; -import java.util.ListIterator; -import org.apache.jetspeed.om.common.SecuredResource; +import org.apache.jetspeed.JetspeedActions; import org.apache.jetspeed.om.folder.Folder; import org.apache.jetspeed.om.folder.FolderNotFoundException; import org.apache.jetspeed.om.folder.MenuDefinition; @@ -383,15 +382,15 @@ } /* (non-Javadoc) - * @see org.apache.jetspeed.om.page.impl.BaseElementImpl#checkPermissions(java.lang.String, java.lang.String, boolean, boolean) + * @see org.apache.jetspeed.om.page.impl.BaseElementImpl#checkPermissions(java.lang.String, int, boolean, boolean) */ - public void checkPermissions(String path, String actions, boolean checkNodeOnly, boolean checkParentsOnly) throws SecurityException + public void checkPermissions(String path, int mask, boolean checkNodeOnly, boolean checkParentsOnly) throws SecurityException { // check granted folder permissions unless the check is // to be skipped due to explicity granted access if (!checkParentsOnly) { - FolderPermission permission = new FolderPermission(path, actions); + FolderPermission permission = new FolderPermission(path, mask); AccessController.checkPermission(permission); } @@ -402,7 +401,7 @@ FolderImpl parentFolderImpl = (FolderImpl)ProxyHelper.getRealObject(getParent()); if (parentFolderImpl != null) { - parentFolderImpl.checkPermissions(actions, false, false); + parentFolderImpl.checkPermissions(mask, false, false); } } } @@ -569,7 +568,7 @@ } // check for view access on folder - folder.checkAccess(SecuredResource.VIEW_ACTION); + folder.checkAccess(JetspeedActions.VIEW); return folder; } @@ -596,7 +595,7 @@ } // check for view access on page - page.checkAccess(SecuredResource.VIEW_ACTION); + page.checkAccess(JetspeedActions.VIEW); return page; } @@ -623,7 +622,7 @@ } // check for view access on link - link.checkAccess(SecuredResource.VIEW_ACTION); + link.checkAccess(JetspeedActions.VIEW); return link; } @@ -641,7 +640,7 @@ } // check for view access on document - pageSecurity.checkAccess(SecuredResource.VIEW_ACTION); + pageSecurity.checkAccess(JetspeedActions.VIEW); return pageSecurity; } @@ -902,7 +901,7 @@ try { // check access - node.checkAccess(SecuredResource.VIEW_ACTION); + node.checkAccess(JetspeedActions.VIEW); // add to filteredNodes nodes if copying if (filteredNodes != null) Modified: portals/jetspeed-2/trunk/components/page-manager/src/java/org/apache/jetspeed/om/folder/psml/FolderImpl.java URL: http://svn.apache.org/viewcvs/portals/jetspeed-2/trunk/components/page-manager/src/java/org/apache/jetspeed/om/folder/psml/FolderImpl.java?rev=373218&r1=373217&r2=373218&view=diff ============================================================================== --- portals/jetspeed-2/trunk/components/page-manager/src/java/org/apache/jetspeed/om/folder/psml/FolderImpl.java (original) +++ portals/jetspeed-2/trunk/components/page-manager/src/java/org/apache/jetspeed/om/folder/psml/FolderImpl.java Sat Jan 28 11:09:33 2006 @@ -23,8 +23,8 @@ import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; +import org.apache.jetspeed.JetspeedActions; import org.apache.jetspeed.om.common.GenericMetadata; -import org.apache.jetspeed.om.common.SecuredResource; import org.apache.jetspeed.om.common.SecurityConstraints; import org.apache.jetspeed.om.folder.Folder; import org.apache.jetspeed.om.folder.FolderNotFoundException; @@ -37,7 +37,6 @@ import org.apache.jetspeed.om.page.Link; import org.apache.jetspeed.om.page.Page; import org.apache.jetspeed.om.page.PageSecurity; -import org.apache.jetspeed.page.PageManager; import org.apache.jetspeed.page.PageNotFoundException; import org.apache.jetspeed.page.document.DocumentException; import org.apache.jetspeed.page.document.DocumentHandlerFactory; @@ -207,7 +206,7 @@ // filter node set by access if (checkAccess) { - folders = checkAccess(folders, SecuredResource.VIEW_ACTION); + folders = checkAccess(folders, JetspeedActions.VIEW); } return folders; } @@ -246,7 +245,7 @@ // check access if (checkAccess) { - folder.checkAccess(SecuredResource.VIEW_ACTION); + folder.checkAccess(JetspeedActions.VIEW); } return folder; } @@ -279,7 +278,7 @@ // filter node set by access if (checkAccess) { - pages = checkAccess(pages, SecuredResource.VIEW_ACTION); + pages = checkAccess(pages, JetspeedActions.VIEW); } return pages; } @@ -318,7 +317,7 @@ // check access if (checkAccess) { - page.checkAccess(SecuredResource.VIEW_ACTION); + page.checkAccess(JetspeedActions.VIEW); } return page; } @@ -351,7 +350,7 @@ // filter node set by access if (checkAccess) { - links = checkAccess(links, SecuredResource.VIEW_ACTION); + links = checkAccess(links, JetspeedActions.VIEW); } return links; } @@ -390,7 +389,7 @@ // check access if (checkAccess) { - link.checkAccess(SecuredResource.VIEW_ACTION); + link.checkAccess(JetspeedActions.VIEW); } return link; } @@ -422,7 +421,7 @@ // of access to page security document if (checkAccess) { - checkAccess(SecuredResource.VIEW_ACTION); + checkAccess(JetspeedActions.VIEW); } // get pageSecurity @@ -462,7 +461,7 @@ Node node = (Node)checkAccessIter.next(); try { - ((AbstractNode) node).checkAccess(SecuredResource.VIEW_ACTION); + ((AbstractNode) node).checkAccess(JetspeedActions.VIEW); if (filteredNodes != null) { filteredNodes.add(node); @@ -603,7 +602,7 @@ *

    * * @see org.apache.jetspeed.page.document.AbstractNode#getMetadata() - * @return + * @return metadata */ public GenericMetadata getMetadata() { @@ -671,18 +670,18 @@ *

    * * @param path - * @param actions + * @param mask * @param checkNodeOnly * @param checkParentsOnly * @throws SecurityException */ - public void checkPermissions(String path, String actions, boolean checkNodeOnly, boolean checkParentsOnly) throws SecurityException + public void checkPermissions(String path, int mask, boolean checkNodeOnly, boolean checkParentsOnly) throws SecurityException { // check granted folder permissions unless the check is // to be skipped due to explicity granted access if (!checkParentsOnly) { - FolderPermission permission = new FolderPermission(path, actions); + FolderPermission permission = new FolderPermission(path, mask); AccessController.checkPermission(permission); } @@ -690,7 +689,7 @@ // all parent permissions in hierarchy if (!checkNodeOnly && (getParent() != null)) { - ((AbstractNode)getParent()).checkPermissions(actions, false, false); + ((AbstractNode)getParent()).checkPermissions(mask, false, false); } } @@ -701,7 +700,7 @@ * * @see org.apache.jetspeed.page.document.Node#getTitle(java.util.Locale) * @param locale - * @return + * @return title in specified locale */ public String getTitle( Locale locale ) { @@ -713,7 +712,7 @@ *

    * * @see org.apache.jetspeed.om.page.BaseElement#getTitle() - * @return + * @return title */ public String getTitle() { @@ -738,7 +737,7 @@ * * @see org.apache.jetspeed.page.document.Node#getShortTitle(java.util.Locale) * @param locale - * @return + * @return short title in supplied locate */ public String getShortTitle( Locale locale ) { @@ -750,7 +749,7 @@ *

    * * @see org.apache.jetspeed.om.page.BaseElement#getShortTitle() - * @return + * @return short title */ public String getShortTitle() { @@ -774,7 +773,7 @@ *

    * * @see org.apache.jetspeed.page.document.Node#getType() - * @return + * @return type string */ public String getType() { @@ -786,7 +785,7 @@ *

    * * @see org.apache.jetspeed.page.document.Node#isHidden() - * @return + * @return whether folder is hidden */ public boolean isHidden() { Modified: portals/jetspeed-2/trunk/components/page-manager/src/java/org/apache/jetspeed/om/page/ContentFragmentImpl.java URL: http://svn.apache.org/viewcvs/portals/jetspeed-2/trunk/components/page-manager/src/java/org/apache/jetspeed/om/page/ContentFragmentImpl.java?rev=373218&r1=373217&r2=373218&view=diff ============================================================================== --- portals/jetspeed-2/trunk/components/page-manager/src/java/org/apache/jetspeed/om/page/ContentFragmentImpl.java (original) +++ portals/jetspeed-2/trunk/components/page-manager/src/java/org/apache/jetspeed/om/page/ContentFragmentImpl.java Sat Jan 28 11:09:33 2006 @@ -67,6 +67,8 @@ if (portletContent != null) { + //TODO are you sure? Intellij warns, synchronization on a non-final field is + //unlikely to have useful semantics. synchronized (portletContent) { if (portletContent.isComplete()) @@ -348,12 +350,12 @@ } /* (non-Javadoc) - * @see org.apache.jetspeed.om.common.SecuredResource#checkPermissions(java.lang.String) + * @see org.apache.jetspeed.om.common.SecuredResource#checkPermissions(int) */ - public void checkPermissions(String actions) throws SecurityException + public void checkPermissions(int mask) throws SecurityException { - fragment.checkPermissions(actions); + fragment.checkPermissions(mask); } /* (non-Javadoc) Modified: portals/jetspeed-2/trunk/components/page-manager/src/java/org/apache/jetspeed/om/page/ContentPageImpl.java URL: http://svn.apache.org/viewcvs/portals/jetspeed-2/trunk/components/page-manager/src/java/org/apache/jetspeed/om/page/ContentPageImpl.java?rev=373218&r1=373217&r2=373218&view=diff ============================================================================== --- portals/jetspeed-2/trunk/components/page-manager/src/java/org/apache/jetspeed/om/page/ContentPageImpl.java (original) +++ portals/jetspeed-2/trunk/components/page-manager/src/java/org/apache/jetspeed/om/page/ContentPageImpl.java Sat Jan 28 11:09:33 2006 @@ -375,12 +375,12 @@ } /* (non-Javadoc) - * @see org.apache.jetspeed.om.common.SecuredResource#checkPermissions(java.lang.String) + * @see org.apache.jetspeed.om.common.SecuredResource#checkPermissions(int) */ - public void checkPermissions(String actions) throws SecurityException + public void checkPermissions(int mask) throws SecurityException { - page.checkPermissions(actions); + page.checkPermissions(mask); } /* (non-Javadoc) Modified: portals/jetspeed-2/trunk/components/page-manager/src/java/org/apache/jetspeed/om/page/impl/BaseElementImpl.java URL: http://svn.apache.org/viewcvs/portals/jetspeed-2/trunk/components/page-manager/src/java/org/apache/jetspeed/om/page/impl/BaseElementImpl.java?rev=373218&r1=373217&r2=373218&view=diff ============================================================================== --- portals/jetspeed-2/trunk/components/page-manager/src/java/org/apache/jetspeed/om/page/impl/BaseElementImpl.java (original) +++ portals/jetspeed-2/trunk/components/page-manager/src/java/org/apache/jetspeed/om/page/impl/BaseElementImpl.java Sat Jan 28 11:09:33 2006 @@ -35,6 +35,8 @@ import org.apache.jetspeed.security.PagePermission; import org.apache.jetspeed.security.RolePrincipal; import org.apache.jetspeed.security.UserPrincipal; +import org.apache.jetspeed.security.PortalResourcePermission; +import org.apache.jetspeed.JetspeedActions; /** * BaseElementImpl @@ -138,7 +140,7 @@ // check node constraints if available if ((constraints != null) && !constraints.isEmpty()) { - ((SecurityConstraintsImpl)constraints).checkConstraints(actions, userPrincipals, rolePrincipals, groupPrincipals, getEffectivePageSecurity()); + constraints.checkConstraints(actions, userPrincipals, rolePrincipals, groupPrincipals, getEffectivePageSecurity()); } } @@ -167,12 +169,12 @@ /** * checkPermissions * - * @param actions actions to check + * @param mask mask of actions to check * @param checkNodeOnly check node scope only * @param checkParentsOnly check parent folder scope only * @throws SecurityException */ - public void checkPermissions(String actions, boolean checkNodeOnly, boolean checkParentsOnly) throws SecurityException + public void checkPermissions(int mask, boolean checkNodeOnly, boolean checkParentsOnly) throws SecurityException { // check page and folder permissions String physicalPermissionPath = getPhysicalPermissionPath(); @@ -181,7 +183,7 @@ // check permissions using physical path try { - checkPermissions(physicalPermissionPath, actions, checkNodeOnly, checkParentsOnly); + checkPermissions(physicalPermissionPath, mask, checkNodeOnly, checkParentsOnly); } catch (SecurityException physicalSE) { @@ -189,7 +191,7 @@ String logicalPermissionPath = getLogicalPermissionPath(); if ((logicalPermissionPath != null) && !logicalPermissionPath.equals(physicalPermissionPath)) { - checkPermissions(logicalPermissionPath, actions, checkNodeOnly, checkParentsOnly); + checkPermissions(logicalPermissionPath, mask, checkNodeOnly, checkParentsOnly); } else { @@ -203,24 +205,24 @@ * checkPermissions * * @param path permissions path to check - * @param actions actions to check + * @param mask mask of actions to check * @param checkNodeOnly check node scope only * @param checkParentsOnly check parent folder scope only * @throws SecurityException */ - public void checkPermissions(String path, String actions, boolean checkNodeOnly, boolean checkParentsOnly) throws SecurityException + public void checkPermissions(String path, int mask, boolean checkNodeOnly, boolean checkParentsOnly) throws SecurityException { // check actions permissions try { // check for granted page permissions - PagePermission permission = new PagePermission(path, actions); + PagePermission permission = new PagePermission(path, mask); AccessController.checkPermission(permission); } catch (SecurityException se) { // fallback check for granted folder permissions - FolderPermission permission = new FolderPermission(path, actions); + FolderPermission permission = new FolderPermission(path, mask); AccessController.checkPermission(permission); } } @@ -332,7 +334,7 @@ List otherActionsList = null; if (viewActionList.size() == 1) { - if (!viewActionList.contains(SecuredResource.VIEW_ACTION)) + if (!viewActionList.contains(JetspeedActions.VIEW)) { otherActionsList = viewActionList; viewActionList = null; @@ -342,10 +344,10 @@ { otherActionsList = viewActionList; viewActionList = null; - if (otherActionsList.remove(SecuredResource.VIEW_ACTION)) + if (otherActionsList.remove(JetspeedActions.VIEW)) { viewActionList = new ArrayList(1); - viewActionList.add(SecuredResource.VIEW_ACTION); + viewActionList.add(JetspeedActions.VIEW); } } @@ -424,7 +426,7 @@ /* (non-Javadoc) * @see org.apache.jetspeed.om.common.SecuredResource#checkPermissions(java.lang.String) */ - public void checkPermissions(String actions) throws SecurityException + public void checkPermissions(int mask) throws SecurityException { // skip checks if not enabled if (!getPermissionsEnabled()) @@ -433,42 +435,17 @@ } // separate view and other actions to mimic file system permissions logic - boolean viewAction = false; - String otherActions = actions.trim(); - int viewActionIndex = otherActions.indexOf(SecuredResource.VIEW_ACTION); - if (viewActionIndex != -1) - { - viewAction = true; - if (viewActionIndex == 0) - { - if (otherActions.length() > SecuredResource.VIEW_ACTION.length()) - { - // remove view action from other actions - int nextDelimIndex = otherActions.indexOf(',', viewActionIndex + SecuredResource.VIEW_ACTION.length()); - otherActions = otherActions.substring(nextDelimIndex + 1); - } - else - { - // no other actions - otherActions = null; - } - } - else - { - // remove view action from other actions - int prevDelimIndex = otherActions.lastIndexOf(',', viewActionIndex); - otherActions = otherActions.substring(0, prevDelimIndex) + otherActions.substring(viewActionIndex + SecuredResource.VIEW_ACTION.length()); - } - } + boolean viewAction = (mask & JetspeedActions.MASK_VIEW) == JetspeedActions.MASK_VIEW; + int otherMask = mask & ~JetspeedActions.MASK_VIEW; // check permissions using parsed actions if (viewAction) { - checkPermissions(SecuredResource.VIEW_ACTION, false, grantViewActionAccess()); + checkPermissions(JetspeedActions.MASK_VIEW, false, grantViewActionAccess()); } - if (otherActions != null) + if (otherMask != 0) { - checkPermissions(otherActions, true, false); + checkPermissions(otherMask, true, false); } } @@ -480,7 +457,8 @@ // check access permissions and constraints as enabled if (getPermissionsEnabled()) { - checkPermissions(actions); + int mask = PortalResourcePermission.parseActions(actions); + checkPermissions(mask); } if (getConstraintsEnabled()) { Modified: portals/jetspeed-2/trunk/components/page-manager/src/java/org/apache/jetspeed/om/page/impl/FragmentImpl.java URL: http://svn.apache.org/viewcvs/portals/jetspeed-2/trunk/components/page-manager/src/java/org/apache/jetspeed/om/page/impl/FragmentImpl.java?rev=373218&r1=373217&r2=373218&view=diff ============================================================================== --- portals/jetspeed-2/trunk/components/page-manager/src/java/org/apache/jetspeed/om/page/impl/FragmentImpl.java (original) +++ portals/jetspeed-2/trunk/components/page-manager/src/java/org/apache/jetspeed/om/page/impl/FragmentImpl.java Sat Jan 28 11:09:33 2006 @@ -23,6 +23,7 @@ import java.util.List; import java.util.Map; +import org.apache.jetspeed.JetspeedActions; import org.apache.jetspeed.om.common.SecuredResource; import org.apache.jetspeed.om.folder.Folder; import org.apache.jetspeed.om.page.Fragment; @@ -454,12 +455,12 @@ } /* (non-Javadoc) - * @see org.apache.jetspeed.om.page.impl.BaseElementImpl#checkPermissions(java.lang.String, java.lang.String, boolean, boolean) + * @see org.apache.jetspeed.om.page.impl.BaseElementImpl#checkPermissions(java.lang.String, int, boolean, boolean) */ - public void checkPermissions(String path, String actions, boolean checkNodeOnly, boolean checkParentsOnly) throws SecurityException + public void checkPermissions(String path, int mask, boolean checkNodeOnly, boolean checkParentsOnly) throws SecurityException { // always check for granted fragment permissions - FragmentPermission permission = new FragmentPermission(path, actions); + FragmentPermission permission = new FragmentPermission(path, mask); AccessController.checkPermission(permission); } @@ -740,7 +741,7 @@ try { // check access - fragment.checkAccess(SecuredResource.VIEW_ACTION); + fragment.checkAccess(JetspeedActions.VIEW); // add to filteredFragments fragments if copying if (filteredFragments != null) Modified: portals/jetspeed-2/trunk/components/page-manager/src/java/org/apache/jetspeed/om/page/impl/PageImpl.java URL: http://svn.apache.org/viewcvs/portals/jetspeed-2/trunk/components/page-manager/src/java/org/apache/jetspeed/om/page/impl/PageImpl.java?rev=373218&r1=373217&r2=373218&view=diff ============================================================================== --- portals/jetspeed-2/trunk/components/page-manager/src/java/org/apache/jetspeed/om/page/impl/PageImpl.java (original) +++ portals/jetspeed-2/trunk/components/page-manager/src/java/org/apache/jetspeed/om/page/impl/PageImpl.java Sat Jan 28 11:09:33 2006 @@ -19,7 +19,7 @@ import java.util.Collection; import java.util.List; -import org.apache.jetspeed.om.common.SecuredResource; +import org.apache.jetspeed.JetspeedActions; import org.apache.jetspeed.om.folder.Folder; import org.apache.jetspeed.om.folder.MenuDefinition; import org.apache.jetspeed.om.folder.MenuExcludeDefinition; @@ -263,7 +263,7 @@ { try { - fragment.checkAccess(SecuredResource.VIEW_ACTION); + fragment.checkAccess(JetspeedActions.VIEW); } catch (SecurityException se) { Modified: portals/jetspeed-2/trunk/components/page-manager/src/java/org/apache/jetspeed/om/page/psml/AbstractBaseElement.java URL: http://svn.apache.org/viewcvs/portals/jetspeed-2/trunk/components/page-manager/src/java/org/apache/jetspeed/om/page/psml/AbstractBaseElement.java?rev=373218&r1=373217&r2=373218&view=diff ============================================================================== --- portals/jetspeed-2/trunk/components/page-manager/src/java/org/apache/jetspeed/om/page/psml/AbstractBaseElement.java (original) +++ portals/jetspeed-2/trunk/components/page-manager/src/java/org/apache/jetspeed/om/page/psml/AbstractBaseElement.java Sat Jan 28 11:09:33 2006 @@ -42,6 +42,8 @@ import org.apache.jetspeed.security.PagePermission; import org.apache.jetspeed.security.RolePrincipal; import org.apache.jetspeed.security.UserPrincipal; +import org.apache.jetspeed.security.PortalResourcePermission; +import org.apache.jetspeed.JetspeedActions; /** @@ -107,7 +109,7 @@ *

    * * @see org.apache.jetspeed.om.page.BaseElement#getShortTitle() - * @return + * @return short title */ public String getShortTitle() { @@ -138,7 +140,7 @@ *

    * * @see org.apache.jetspeed.om.common.SecureResource#getConstraintsEnabled() - * @return + * @return whether security relies on PSML constraints */ public boolean getConstraintsEnabled() { @@ -163,7 +165,7 @@ *

    * * @see org.apache.jetspeed.om.common.SecureResource#getSecurityConstraints() - * @return + * @return the PSML security constraints */ public SecurityConstraints getSecurityConstraints() { @@ -176,7 +178,7 @@ *

    * * @see org.apache.jetspeed.om.common.SecureResource#newSecurityConstraints() - * @return security constraints + * @return a new security constraints object */ public SecurityConstraints newSecurityConstraints() { @@ -238,7 +240,7 @@ List otherActionsList = null; if (viewActionList.size() == 1) { - if (!viewActionList.contains(SecuredResource.VIEW_ACTION)) + if (!viewActionList.contains(JetspeedActions.VIEW)) { otherActionsList = viewActionList; viewActionList = null; @@ -248,10 +250,10 @@ { otherActionsList = viewActionList; viewActionList = null; - if (otherActionsList.remove(SecuredResource.VIEW_ACTION)) + if (otherActionsList.remove(JetspeedActions.VIEW)) { viewActionList = new ArrayList(1); - viewActionList.add(SecuredResource.VIEW_ACTION); + viewActionList.add(JetspeedActions.VIEW); } } @@ -359,11 +361,11 @@ * checkPermissions *

    * - * @see org.apache.jetspeed.om.common.SecureResource#checkPermissions(java.lang.String) - * @param actions + * @see org.apache.jetspeed.om.common.SecuredResource#checkPermissions(int) + * @param mask Mask of actions requested * @throws SecurityException */ - public void checkPermissions(String actions) throws SecurityException + public void checkPermissions(int mask) throws SecurityException { // skip checks if not enabled if (!getPermissionsEnabled()) @@ -372,42 +374,17 @@ } // separate view and other actions to mimic file system permissions logic - boolean viewAction = false; - String otherActions = actions.trim(); - int viewActionIndex = otherActions.indexOf(SecuredResource.VIEW_ACTION); - if (viewActionIndex != -1) - { - viewAction = true; - if (viewActionIndex == 0) - { - if (otherActions.length() > SecuredResource.VIEW_ACTION.length()) - { - // remove view action from other actions - int nextDelimIndex = otherActions.indexOf(',', viewActionIndex + SecuredResource.VIEW_ACTION.length()); - otherActions = otherActions.substring(nextDelimIndex + 1); - } - else - { - // no other actions - otherActions = null; - } - } - else - { - // remove view action from other actions - int prevDelimIndex = otherActions.lastIndexOf(',', viewActionIndex); - otherActions = otherActions.substring(0, prevDelimIndex) + otherActions.substring(viewActionIndex + SecuredResource.VIEW_ACTION.length()); - } - } + boolean viewAction = (mask & JetspeedActions.MASK_VIEW) == JetspeedActions.MASK_VIEW; + int otherMask = mask & ~JetspeedActions.MASK_VIEW; // check permissions using parsed actions if (viewAction) { - checkPermissions(SecuredResource.VIEW_ACTION, false, grantViewActionAccess()); + checkPermissions(JetspeedActions.MASK_VIEW, false, grantViewActionAccess()); } - if (otherActions != null) + if (otherMask != 0) { - checkPermissions(otherActions, true, false); + checkPermissions(otherMask, true, false); } } /** @@ -415,12 +392,12 @@ * checkPermissions *

    * - * @param actions + * @param mask of actions * @param checkNodeOnly * @param checkParentsOnly * @throws SecurityException */ - public void checkPermissions(String actions, boolean checkNodeOnly, boolean checkParentsOnly) throws SecurityException + public void checkPermissions(int mask, boolean checkNodeOnly, boolean checkParentsOnly) throws SecurityException { // check page and folder permissions String physicalPermissionPath = getPhysicalPermissionPath(); @@ -429,7 +406,7 @@ // check permissions using physical path try { - checkPermissions(physicalPermissionPath, actions, checkNodeOnly, checkParentsOnly); + checkPermissions(physicalPermissionPath, mask, checkNodeOnly, checkParentsOnly); } catch (SecurityException physicalSE) { @@ -437,7 +414,7 @@ String logicalPermissionPath = getLogicalPermissionPath(); if ((logicalPermissionPath != null) && !logicalPermissionPath.equals(physicalPermissionPath)) { - checkPermissions(logicalPermissionPath, actions, checkNodeOnly, checkParentsOnly); + checkPermissions(logicalPermissionPath, mask, checkNodeOnly, checkParentsOnly); } else { @@ -452,24 +429,24 @@ *

    * * @param path - * @param actions + * @param mask Mask of actions requested * @param checkNodeOnly * @param checkParentsOnly * @throws SecurityException */ - public void checkPermissions(String path, String actions, boolean checkNodeOnly, boolean checkParentsOnly) throws SecurityException + public void checkPermissions(String path, int mask, boolean checkNodeOnly, boolean checkParentsOnly) throws SecurityException { // check actions permissions try { // check for granted page permissions - PagePermission permission = new PagePermission(path, actions); + PagePermission permission = new PagePermission(path, mask); AccessController.checkPermission(permission); } catch (SecurityException se) { // fallback check for granted folder permissions - FolderPermission permission = new FolderPermission(path, actions); + FolderPermission permission = new FolderPermission(path, mask); AccessController.checkPermission(permission); } } @@ -514,7 +491,8 @@ // check access permissions and constraints as enabled if (getPermissionsEnabled()) { - checkPermissions(actions); + int mask = PortalResourcePermission.parseActions(actions); + checkPermissions(mask); } if (getConstraintsEnabled()) { @@ -577,7 +555,7 @@ * * @see java.lang.Object#equals(java.lang.Object) * @param obj - * @return + * @return whether the supplied object equals this one */ public boolean equals( Object obj ) { @@ -598,7 +576,7 @@ *

    * * @see java.lang.Object#hashCode() - * @return + * @return the hashcode for this object */ public int hashCode() { @@ -611,7 +589,7 @@ *

    * * @see java.lang.Object#toString() - * @return + * @return the id as a string representation of this object */ public String toString() { @@ -620,12 +598,12 @@ /** *

    - * checkAccess + * checkAccess returns a set of nodes we can access. It may be the passed in node set or a partial copy. *

    * * @param nodes * @param actions - * @return + * @return a NodeSet containing the nodes allowing access */ public static NodeSet checkAccess(NodeSet nodes, String actions) { Modified: portals/jetspeed-2/trunk/components/page-manager/src/java/org/apache/jetspeed/om/page/psml/FragmentImpl.java URL: http://svn.apache.org/viewcvs/portals/jetspeed-2/trunk/components/page-manager/src/java/org/apache/jetspeed/om/page/psml/FragmentImpl.java?rev=373218&r1=373217&r2=373218&view=diff ============================================================================== --- portals/jetspeed-2/trunk/components/page-manager/src/java/org/apache/jetspeed/om/page/psml/FragmentImpl.java (original) +++ portals/jetspeed-2/trunk/components/page-manager/src/java/org/apache/jetspeed/om/page/psml/FragmentImpl.java Sat Jan 28 11:09:33 2006 @@ -24,7 +24,7 @@ import java.util.Map; import java.util.Vector; -import org.apache.jetspeed.om.common.SecuredResource; +import org.apache.jetspeed.JetspeedActions; import org.apache.jetspeed.om.folder.Folder; import org.apache.jetspeed.om.page.Fragment; import org.apache.jetspeed.om.page.PageSecurity; @@ -389,12 +389,12 @@ } /* (non-Javadoc) - * @see org.apache.jetspeed.om.page.psml.AbstractElementImpl#checkPermissions(java.lang.String, java.lang.String, boolean, boolean) + * @see org.apache.jetspeed.om.page.psml.AbstractElementImpl#checkPermissions(java.lang.String, int, boolean, boolean) */ - public void checkPermissions(String path, String actions, boolean checkNodeOnly, boolean checkParentsOnly) throws SecurityException + public void checkPermissions(String path, int mask, boolean checkNodeOnly, boolean checkParentsOnly) throws SecurityException { // always check for granted fragment permissions - FragmentPermission permission = new FragmentPermission(path, actions); + FragmentPermission permission = new FragmentPermission(path, mask); AccessController.checkPermission(permission); } @@ -511,11 +511,11 @@ Iterator checkAccessIter = fragments.iterator(); while (checkAccessIter.hasNext()) { - Fragment fragment = (Fragment)checkAccessIter.next(); + Fragment fragment = (Fragment) checkAccessIter.next(); try { // check access - fragment.checkAccess(SecuredResource.VIEW_ACTION); + fragment.checkAccess(JetspeedActions.VIEW); // add to filteredFragments fragments if copying if (filteredFragments != null) Modified: portals/jetspeed-2/trunk/components/page-manager/src/java/org/apache/jetspeed/page/document/impl/NodeImpl.java URL: http://svn.apache.org/viewcvs/portals/jetspeed-2/trunk/components/page-manager/src/java/org/apache/jetspeed/page/document/impl/NodeImpl.java?rev=373218&r1=373217&r2=373218&view=diff ============================================================================== --- portals/jetspeed-2/trunk/components/page-manager/src/java/org/apache/jetspeed/page/document/impl/NodeImpl.java (original) +++ portals/jetspeed-2/trunk/components/page-manager/src/java/org/apache/jetspeed/page/document/impl/NodeImpl.java Sat Jan 28 11:09:33 2006 @@ -277,15 +277,15 @@ } /* (non-Javadoc) - * @see org.apache.jetspeed.om.page.impl.BaseElementImpl#checkPermissions(java.lang.String, java.lang.String, boolean, boolean) + * @see org.apache.jetspeed.om.page.impl.BaseElementImpl#checkPermissions(java.lang.String, int, boolean, boolean) */ - public void checkPermissions(String path, String actions, boolean checkNodeOnly, boolean checkParentsOnly) throws SecurityException + public void checkPermissions(String path, int mask, boolean checkNodeOnly, boolean checkParentsOnly) throws SecurityException { // check granted node permissions unless the check is // to be skipped due to explicity granted access if (!checkParentsOnly) { - super.checkPermissions(path, actions, true, false); + super.checkPermissions(path, mask, true, false); } // if not checking node only, recursively check @@ -295,7 +295,7 @@ NodeImpl parentNodeImpl = (NodeImpl)ProxyHelper.getRealObject(parent); if (parentNodeImpl != null) { - parentNodeImpl.checkPermissions(actions, false, false); + parentNodeImpl.checkPermissions(mask, false, false); } } } --------------------------------------------------------------------- To unsubscribe, e-mail: jetspeed-dev-unsubscribe@portals.apache.org For additional commands, e-mail: jetspeed-dev-help@portals.apache.org