sling-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cziege...@apache.org
Subject svn commit: r1582820 - /sling/trunk/contrib/jcr/resourcesecurity/src/main/java/org/apache/sling/jcr/resourcesecurity/impl/ResourceAccessGateFactory.java
Date Fri, 28 Mar 2014 16:49:25 GMT
Author: cziegeler
Date: Fri Mar 28 16:49:25 2014
New Revision: 1582820

URL: http://svn.apache.org/r1582820
Log:
Simplify code, use common method for permission check

Modified:
    sling/trunk/contrib/jcr/resourcesecurity/src/main/java/org/apache/sling/jcr/resourcesecurity/impl/ResourceAccessGateFactory.java

Modified: sling/trunk/contrib/jcr/resourcesecurity/src/main/java/org/apache/sling/jcr/resourcesecurity/impl/ResourceAccessGateFactory.java
URL: http://svn.apache.org/viewvc/sling/trunk/contrib/jcr/resourcesecurity/src/main/java/org/apache/sling/jcr/resourcesecurity/impl/ResourceAccessGateFactory.java?rev=1582820&r1=1582819&r2=1582820&view=diff
==============================================================================
--- sling/trunk/contrib/jcr/resourcesecurity/src/main/java/org/apache/sling/jcr/resourcesecurity/impl/ResourceAccessGateFactory.java
(original)
+++ sling/trunk/contrib/jcr/resourcesecurity/src/main/java/org/apache/sling/jcr/resourcesecurity/impl/ResourceAccessGateFactory.java
Fri Mar 28 16:49:25 2014
@@ -45,6 +45,13 @@ import org.apache.sling.resourceaccessse
 @Properties({
     @Property(name=ResourceAccessGate.PATH, label="Path",
               description="The path is a regular expression for which resources the service
should be called"),
+    @Property(name=ResourceAccessGateFactory.PROP_PREFIX,
+              label="Deep Check Prefix",
+              description="If this value is configured with a prefix and the resource path
starts with this" +
+                          " prefix, the prefix is removed from the path and the remaining
part is appended " +
+                          " to the JCR path to check. For example if /foo/a/b/c is required,
this prefix is " +
+                          " configured with /foo and the JCR node to check is /check, the
permissions at " +
+                          " /check/a/b/c are checked."),
     @Property(name=ResourceAccessGateFactory.PROP_JCR_PATH,
               label="JCR Node",
               description="This node is checked for permissions to the resources."),
@@ -57,6 +64,8 @@ public class ResourceAccessGateFactory
 
     static final String PROP_JCR_PATH = "jcrPath";
 
+    static final String PROP_PREFIX = "checkpath.prefix";
+
     private String jcrPath;
 
     @Activate
@@ -75,6 +84,25 @@ public class ResourceAccessGateFactory
     }
 
     /**
+     * Check the permission
+     */
+    private GateResult checkPermission(final Resource resource, final String permission)
{
+        if ( this.skipCheck(resource) ) {
+            return GateResult.GRANTED;
+        }
+        boolean granted = false;
+        final Session session = resource.getResourceResolver().adaptTo(Session.class);
+        if ( session != null ) {
+            try {
+                granted = session.hasPermission(jcrPath, permission);
+            } catch (final RepositoryException re) {
+                // ignore
+            }
+        }
+        return granted ? GateResult.GRANTED : GateResult.DENIED;
+    }
+
+    /**
      * @see org.apache.sling.resourceaccesssecurity.AllowingResourceAccessGate#hasReadRestrictions(org.apache.sling.api.resource.ResourceResolver)
      */
     @Override
@@ -111,19 +139,7 @@ public class ResourceAccessGateFactory
      */
     @Override
     public GateResult canRead(final Resource resource) {
-        if ( this.skipCheck(resource) ) {
-            return GateResult.GRANTED;
-        }
-        final Session session = resource.getResourceResolver().adaptTo(Session.class);
-        boolean canRead = false;
-        if ( session != null ) {
-            try {
-                canRead = session.nodeExists(this.jcrPath);
-            } catch (final RepositoryException re) {
-                // ignore
-            }
-        }
-        return canRead ? GateResult.GRANTED : GateResult.DENIED;
+        return this.checkPermission(resource, Session.ACTION_READ);
     }
 
     /**
@@ -131,22 +147,7 @@ public class ResourceAccessGateFactory
      */
     @Override
     public GateResult canDelete(Resource resource) {
-        if ( this.skipCheck(resource) ) {
-            return GateResult.GRANTED;
-        }
-
-        boolean canDelete = false;
-        final Session session = resource.getResourceResolver().adaptTo(Session.class);
-        if ( session != null ) {
-            try {
-                canDelete = session.hasPermission(jcrPath, Session.ACTION_REMOVE);
-            } catch (final RepositoryException re) {
-                // ignore
-            }
-        }
-
-        return canDelete ? GateResult.GRANTED : GateResult.DENIED;
-
+        return this.checkPermission(resource, Session.ACTION_REMOVE);
     }
 
     /**
@@ -154,22 +155,7 @@ public class ResourceAccessGateFactory
      */
     @Override
     public GateResult canUpdate(Resource resource) {
-        if ( this.skipCheck(resource) ) {
-            return GateResult.GRANTED;
-        }
-
-        boolean canUpdate = false;
-
-        final Session session = resource.getResourceResolver().adaptTo(Session.class);
-        if ( session != null ) {
-            try {
-                canUpdate = session.hasPermission(jcrPath, Session.ACTION_SET_PROPERTY);
-            } catch (final RepositoryException re) {
-                // ignore
-            }
-        }
-
-        return canUpdate ? GateResult.GRANTED : GateResult.DENIED;
+        return this.checkPermission(resource, Session.ACTION_SET_PROPERTY);
     }
 
     /**



Mime
View raw message