sling-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From romb...@apache.org
Subject [sling-org-apache-sling-resourceaccesssecurity] 02/13: SLING-3458 - Restrictions imposed by ProviderResourceAccessSecurity should not be discarded by ApplicationResourceAccessSecurity, SLING-3462 - Make ResourceAccessSecurity provider context and application context behave the same way
Date Tue, 07 Nov 2017 09:58:05 GMT
This is an automated email from the ASF dual-hosted git repository.

rombert pushed a commit to annotated tag org.apache.sling.resourceaccesssecurity-1.0.0
in repository https://gitbox.apache.org/repos/asf/sling-org-apache-sling-resourceaccesssecurity.git

commit 596c123bd3e4e83c1d5d52701bc5f268ebc3a30d
Author: Mike Müller <mykee@apache.org>
AuthorDate: Wed Mar 19 12:40:59 2014 +0000

    SLING-3458 - Restrictions imposed by ProviderResourceAccessSecurity should not be discarded
by ApplicationResourceAccessSecurity,
    SLING-3462 - Make ResourceAccessSecurity provider context and application context behave
the same way
    
    git-svn-id: https://svn.apache.org/repos/asf/sling/trunk/bundles/resourceaccesssecurity/core@1579213
13f79535-47bb-0310-9956-ffa450edef68
---
 .../AllowingResourceAccessGate.java                | 18 +++---
 .../resourceaccesssecurity/ResourceAccessGate.java |  2 +-
 .../ApplicationResourceAccessSecurityImpl.java     |  2 +-
 .../impl/ResourceAccessSecurityImpl.java           | 72 ++++++++++++++--------
 4 files changed, 59 insertions(+), 35 deletions(-)

diff --git a/src/main/java/org/apache/sling/resourceaccesssecurity/AllowingResourceAccessGate.java
b/src/main/java/org/apache/sling/resourceaccesssecurity/AllowingResourceAccessGate.java
index 1e7d8c7..2570f81 100644
--- a/src/main/java/org/apache/sling/resourceaccesssecurity/AllowingResourceAccessGate.java
+++ b/src/main/java/org/apache/sling/resourceaccesssecurity/AllowingResourceAccessGate.java
@@ -32,48 +32,48 @@ public abstract class AllowingResourceAccessGate implements ResourceAccessGate
{
 
     @Override
     public GateResult canRead(final Resource resource) {
-        return GateResult.DONTCARE;
+        return GateResult.CANT_DECIDE;
     }
 
     @Override
     public GateResult canCreate(final String absPathName,
             final ResourceResolver resourceResolver) {
-        return GateResult.DONTCARE;
+        return GateResult.CANT_DECIDE;
     }
 
     @Override
     public GateResult canUpdate(final Resource resource) {
-        return GateResult.DONTCARE;
+        return GateResult.CANT_DECIDE;
     }
 
     @Override
     public GateResult canDelete(final Resource resource) {
-        return GateResult.DONTCARE;
+        return GateResult.CANT_DECIDE;
     }
 
     @Override
     public GateResult canExecute(final Resource resource) {
-        return GateResult.DONTCARE;
+        return GateResult.CANT_DECIDE;
     }
 
     @Override
     public GateResult canReadValue(final Resource resource, final String valueName) {
-        return GateResult.DONTCARE;
+        return GateResult.CANT_DECIDE;
     }
 
     @Override
     public GateResult canCreateValue(final Resource resource, final String valueName) {
-        return GateResult.DONTCARE;
+        return GateResult.CANT_DECIDE;
     }
 
     @Override
     public GateResult canUpdateValue(final Resource resource, final String valueName) {
-        return GateResult.DONTCARE;
+        return GateResult.CANT_DECIDE;
     }
 
     @Override
     public GateResult canDeleteValue(final Resource resource, final String valueName) {
-        return GateResult.DONTCARE;
+        return GateResult.CANT_DECIDE;
     }
 
     @Override
diff --git a/src/main/java/org/apache/sling/resourceaccesssecurity/ResourceAccessGate.java
b/src/main/java/org/apache/sling/resourceaccesssecurity/ResourceAccessGate.java
index 4b096e8..6ee4e2b 100644
--- a/src/main/java/org/apache/sling/resourceaccesssecurity/ResourceAccessGate.java
+++ b/src/main/java/org/apache/sling/resourceaccesssecurity/ResourceAccessGate.java
@@ -123,7 +123,7 @@ public interface ResourceAccessGate {
      * </ul>
      */
     public enum GateResult {
-        GRANTED, DENIED, DONTCARE
+        GRANTED, DENIED, CANT_DECIDE
     };
 
     public enum Operation {
diff --git a/src/main/java/org/apache/sling/resourceaccesssecurity/impl/ApplicationResourceAccessSecurityImpl.java
b/src/main/java/org/apache/sling/resourceaccesssecurity/impl/ApplicationResourceAccessSecurityImpl.java
index e784236..d4ac38e 100644
--- a/src/main/java/org/apache/sling/resourceaccesssecurity/impl/ApplicationResourceAccessSecurityImpl.java
+++ b/src/main/java/org/apache/sling/resourceaccesssecurity/impl/ApplicationResourceAccessSecurityImpl.java
@@ -37,6 +37,6 @@ import org.apache.sling.resourceaccesssecurity.ResourceAccessGate;
 public class ApplicationResourceAccessSecurityImpl extends ResourceAccessSecurityImpl {
 
     public ApplicationResourceAccessSecurityImpl() {
-        super(true);
+        super(false);
     }
 }
diff --git a/src/main/java/org/apache/sling/resourceaccesssecurity/impl/ResourceAccessSecurityImpl.java
b/src/main/java/org/apache/sling/resourceaccesssecurity/impl/ResourceAccessSecurityImpl.java
index 72279e5..cd1f200 100644
--- a/src/main/java/org/apache/sling/resourceaccesssecurity/impl/ResourceAccessSecurityImpl.java
+++ b/src/main/java/org/apache/sling/resourceaccesssecurity/impl/ResourceAccessSecurityImpl.java
@@ -36,10 +36,10 @@ public abstract class ResourceAccessSecurityImpl implements ResourceAccessSecuri
 
     private List<ResourceAccessGateHandler> allHandlers = Collections.emptyList();
 
-    private final boolean defaultAllow;
+    private final boolean defaultAllowIfNoGateMatches;
 
-    public ResourceAccessSecurityImpl(final boolean defaultAllow) {
-        this.defaultAllow = defaultAllow;
+    public ResourceAccessSecurityImpl(final boolean defaultAllowIfNoGateMatches) {
+        this.defaultAllowIfNoGateMatches = defaultAllowIfNoGateMatches;
     }
 
     /**
@@ -101,7 +101,7 @@ public abstract class ResourceAccessSecurityImpl implements ResourceAccessSecuri
 
     @Override
     public Resource getReadableResource(final Resource resource) {
-        Resource returnValue = (this.defaultAllow ? resource : null);
+        Resource returnValue = null;
 
         final Iterator<ResourceAccessGateHandler> accessGateHandlers = getMatchingResourceAccessGateHandlerIterator(
                 resource.getPath(), ResourceAccessGate.Operation.READ);
@@ -113,7 +113,10 @@ public abstract class ResourceAccessSecurityImpl implements ResourceAccessSecuri
 
         if ( accessGateHandlers != null ) {
 
+            boolean noGateMatched = true;
+            
             while ( accessGateHandlers.hasNext() ) {
+                noGateMatched = false;
                 final ResourceAccessGateHandler resourceAccessGateHandler  = accessGateHandlers.next();
 
                 final GateResult gateResult = resourceAccessGateHandler.getResourceAccessGate().canRead(resource);
@@ -130,23 +133,24 @@ public abstract class ResourceAccessSecurityImpl implements ResourceAccessSecuri
                 }
                 if (finalGateResult == null) {
                     finalGateResult = gateResult;
-                } else if (finalGateResult != GateResult.GRANTED && gateResult !=
GateResult.DONTCARE) {
+                } else if (finalGateResult != GateResult.GRANTED && gateResult !=
GateResult.CANT_DECIDE) {
                     finalGateResult = gateResult;
                 }
                 // stop checking if the operation is final and the result not GateResult.DONTCARE
-                if (gateResult != GateResult.DONTCARE  && resourceAccessGateHandler.isFinalOperation(ResourceAccessGate.Operation.READ))
{
+                if (gateResult != GateResult.CANT_DECIDE  && resourceAccessGateHandler.isFinalOperation(ResourceAccessGate.Operation.READ))
{
                     break;
                 }
             }
 
 
             // return null if access is denied or no ResourceAccessGate is present
-            if (finalGateResult == null || finalGateResult == GateResult.DENIED) {
+            if (finalGateResult == GateResult.DENIED) {
                 returnValue = null;
-            } else if (finalGateResult == GateResult.DONTCARE) {
-                returnValue = (this.defaultAllow ? resource : null);
             } else if (finalGateResult == GateResult.GRANTED ) {
                 returnValue = resource;
+            } else if (noGateMatched && this.defaultAllowIfNoGateMatches)
+            {
+                returnValue = resource;
             }
         }
 
@@ -169,20 +173,22 @@ public abstract class ResourceAccessSecurityImpl implements ResourceAccessSecuri
             final ResourceResolver resolver) {
         final Iterator<ResourceAccessGateHandler> handlers = getMatchingResourceAccessGateHandlerIterator(
                 path, ResourceAccessGate.Operation.CREATE);
-        boolean result = this.defaultAllow;
+        boolean result = false;
         if ( handlers != null ) {
             GateResult finalGateResult = null;
+            boolean noGateMatched = true;
 
             while ( handlers.hasNext() ) {
+                noGateMatched = false;
                 final ResourceAccessGateHandler resourceAccessGateHandler  = handlers.next();
 
                 final GateResult gateResult = resourceAccessGateHandler.getResourceAccessGate().canCreate(path,
resolver);
                 if (finalGateResult == null) {
                     finalGateResult = gateResult;
-                } else if (finalGateResult != GateResult.GRANTED && gateResult !=
GateResult.DONTCARE) {
+                } else if (finalGateResult != GateResult.GRANTED && gateResult !=
GateResult.CANT_DECIDE) {
                     finalGateResult = gateResult;
                 }
-                if (finalGateResult == GateResult.GRANTED || gateResult != GateResult.DONTCARE
&& 
+                if (finalGateResult == GateResult.GRANTED || gateResult != GateResult.CANT_DECIDE
&& 
                         resourceAccessGateHandler.isFinalOperation(ResourceAccessGate.Operation.CREATE))
{
                     break;
                 }
@@ -192,6 +198,9 @@ public abstract class ResourceAccessSecurityImpl implements ResourceAccessSecuri
                 result = true;
             } else if ( finalGateResult == GateResult.DENIED ) {
                 result = false;
+            } else if ( noGateMatched && this.defaultAllowIfNoGateMatches )
+            {
+                result = true;
             }
         }
         return result;
@@ -201,20 +210,22 @@ public abstract class ResourceAccessSecurityImpl implements ResourceAccessSecuri
     public boolean canUpdate(final Resource resource) {
         final Iterator<ResourceAccessGateHandler> handlers = getMatchingResourceAccessGateHandlerIterator(
                 resource.getPath(), ResourceAccessGate.Operation.UPDATE);
-        boolean result = this.defaultAllow;
+        boolean result = this.defaultAllowIfNoGateMatches;
         if ( handlers != null ) {
             GateResult finalGateResult = null;
+            boolean noGateMatched = true;
 
             while ( handlers.hasNext() ) {
+                noGateMatched = false;
                 final ResourceAccessGateHandler resourceAccessGateHandler  = handlers.next();
 
                 final GateResult gateResult = resourceAccessGateHandler.getResourceAccessGate().canUpdate(resource);
                 if (finalGateResult == null) {
                     finalGateResult = gateResult;
-                } else if (finalGateResult != GateResult.GRANTED && gateResult !=
GateResult.DONTCARE) {
+                } else if (finalGateResult != GateResult.GRANTED && gateResult !=
GateResult.CANT_DECIDE) {
                     finalGateResult = gateResult;
                 }
-                if (finalGateResult == GateResult.GRANTED || gateResult != GateResult.DONTCARE
&& 
+                if (finalGateResult == GateResult.GRANTED || gateResult != GateResult.CANT_DECIDE
&& 
                         resourceAccessGateHandler.isFinalOperation(ResourceAccessGate.Operation.UPDATE))
{
                     break;
                 }
@@ -224,6 +235,9 @@ public abstract class ResourceAccessSecurityImpl implements ResourceAccessSecuri
                 result = true;
             } else if ( finalGateResult == GateResult.DENIED ) {
                 result = false;
+            } else if ( noGateMatched && this.defaultAllowIfNoGateMatches )
+            {
+                result = true;
             }
         }
         return result;
@@ -233,20 +247,22 @@ public abstract class ResourceAccessSecurityImpl implements ResourceAccessSecuri
     public boolean canDelete(final Resource resource) {
         final Iterator<ResourceAccessGateHandler> handlers = getMatchingResourceAccessGateHandlerIterator(
                 resource.getPath(), ResourceAccessGate.Operation.DELETE);
-        boolean result = this.defaultAllow;
+        boolean result = this.defaultAllowIfNoGateMatches;
         if ( handlers != null ) {
             GateResult finalGateResult = null;
+            boolean noGateMatched = true;
 
             while ( handlers.hasNext() ) {
+                noGateMatched = false;
                 final ResourceAccessGateHandler resourceAccessGateHandler  = handlers.next();
 
                 final GateResult gateResult = resourceAccessGateHandler.getResourceAccessGate().canDelete(resource);
                 if (finalGateResult == null) {
                     finalGateResult = gateResult;
-                } else if (finalGateResult != GateResult.GRANTED && gateResult !=
GateResult.DONTCARE) {
+                } else if (finalGateResult != GateResult.GRANTED && gateResult !=
GateResult.CANT_DECIDE) {
                     finalGateResult = gateResult;
                 }
-                if (finalGateResult == GateResult.GRANTED || gateResult != GateResult.DONTCARE
&& 
+                if (finalGateResult == GateResult.GRANTED || gateResult != GateResult.CANT_DECIDE
&& 
                         resourceAccessGateHandler.isFinalOperation(ResourceAccessGate.Operation.DELETE))
{
                     break;
                 }
@@ -256,6 +272,9 @@ public abstract class ResourceAccessSecurityImpl implements ResourceAccessSecuri
                 result = true;
             } else if ( finalGateResult == GateResult.DENIED ) {
                 result = false;
+            } else if ( noGateMatched && this.defaultAllowIfNoGateMatches )
+            {
+                result = true;
             }
         }
         return result;
@@ -265,20 +284,22 @@ public abstract class ResourceAccessSecurityImpl implements ResourceAccessSecuri
     public boolean canExecute(final Resource resource) {
         final Iterator<ResourceAccessGateHandler> handlers = getMatchingResourceAccessGateHandlerIterator(
                 resource.getPath(), ResourceAccessGate.Operation.EXECUTE);
-        boolean result = this.defaultAllow;
+        boolean result = this.defaultAllowIfNoGateMatches;
         if ( handlers != null ) {
             GateResult finalGateResult = null;
+            boolean noGateMatched = true;
 
             while ( handlers.hasNext() ) {
+                noGateMatched = false;
                 final ResourceAccessGateHandler resourceAccessGateHandler  = handlers.next();
 
                 final GateResult gateResult = resourceAccessGateHandler.getResourceAccessGate().canExecute(resource);
                 if (finalGateResult == null) {
                     finalGateResult = gateResult;
-                } else if (finalGateResult != GateResult.GRANTED && gateResult !=
GateResult.DONTCARE) {
+                } else if (finalGateResult != GateResult.GRANTED && gateResult !=
GateResult.CANT_DECIDE) {
                     finalGateResult = gateResult;
                 }
-                if (finalGateResult == GateResult.GRANTED || gateResult != GateResult.DONTCARE
&& resourceAccessGateHandler.isFinalOperation(ResourceAccessGate.Operation.EXECUTE))
{
+                if (finalGateResult == GateResult.GRANTED || gateResult != GateResult.CANT_DECIDE
&& resourceAccessGateHandler.isFinalOperation(ResourceAccessGate.Operation.EXECUTE))
{
                     break;
                 }
             }
@@ -287,6 +308,9 @@ public abstract class ResourceAccessSecurityImpl implements ResourceAccessSecuri
                 result = true;
             } else if ( finalGateResult == GateResult.DENIED ) {
                 result = false;
+            } else if ( noGateMatched && this.defaultAllowIfNoGateMatches )
+            {
+                result = true;
             }
         }
         return result;
@@ -295,19 +319,19 @@ public abstract class ResourceAccessSecurityImpl implements ResourceAccessSecuri
     @Override
     public boolean canReadValue(final Resource resource, final String valueName) {
         // TODO Auto-generated method stub
-        return this.defaultAllow;
+        return false;
     }
 
     @Override
     public boolean canSetValue(final Resource resource, final String valueName) {
         // TODO Auto-generated method stub
-        return this.defaultAllow;
+        return false;
     }
 
     @Override
     public boolean canDeleteValue(final Resource resource, final String valueName) {
         // TODO Auto-generated method stub
-        return this.defaultAllow;
+        return false;
     }
 
     @Override

-- 
To stop receiving notification emails like this one, please contact
"commits@sling.apache.org" <commits@sling.apache.org>.

Mime
View raw message