You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@lenya.apache.org by an...@apache.org on 2007/11/21 14:02:40 UTC
svn commit: r597062 - /lenya/trunk/src/modules-core/administration/java/src/org/apache/lenya/cms/ac/usecases/AccessControl.java

Author: andreas
Date: Wed Nov 21 05:02:39 2007
New Revision: 597062

URL: http://svn.apache.org/viewvc?rev=597062&view=rev
Log:
Move condition checks to AccessControl.checkExecutionConditions() to avoid flow errors

Modified:
    lenya/trunk/src/modules-core/administration/java/src/org/apache/lenya/cms/ac/usecases/AccessControl.java

Modified: lenya/trunk/src/modules-core/administration/java/src/org/apache/lenya/cms/ac/usecases/AccessControl.java
URL: http://svn.apache.org/viewvc/lenya/trunk/src/modules-core/administration/java/src/org/apache/lenya/cms/ac/usecases/AccessControl.java?rev=597062&r1=597061&r2=597062&view=diff
==============================================================================
--- lenya/trunk/src/modules-core/administration/java/src/org/apache/lenya/cms/ac/usecases/AccessControl.java (original)
+++ lenya/trunk/src/modules-core/administration/java/src/org/apache/lenya/cms/ac/usecases/AccessControl.java Wed Nov 21 05:02:39 2007
@@ -185,35 +185,16 @@
         }
     }
 
-    /**
-     * @see org.apache.lenya.cms.usecase.AbstractUsecase#doExecute()
-     */
-    public void doExecute() throws Exception {
-        super.doExecute();
-        if (getParameterAsString("change_ssl") != null) {
-            String ssl = getBooleanCheckboxParameter("ssl");
-            setSSLProtected(Boolean.valueOf(ssl).booleanValue());
-        }
-
+    protected void doCheckExecutionConditions() throws Exception {
+        super.doCheckExecutionConditions();
         for (int i = 0; i < types.length; i++) {
             for (int j = 0; j < operations.length; j++) {
                 String type = types[i];
                 String paramName = operations[j] + "Credential_" + type;
                 if (getParameterAsString(paramName) != null) {
                     String roleId = getParameterAsString(ROLE);
-                    String method = getParameterAsString(METHOD);
-
                     String id = getParameterAsString(type);
-                    Accreditable item = null;
-                    if (type.equals(USER)) {
-                        item = getUserManager().getUser(id);
-                    } else if (type.equals(GROUP)) {
-                        item = getGroupManager().getGroup(id);
-                    } else if (type.equals(IPRANGE)) {
-                        item = getIpRangeManager().getIPRange(id);
-                    } else if (type.equals(WORLD)) {
-                        item = World.getInstance();
-                    }
+                    Accreditable item = getAccreditable(type, id);
                     if (item == null) {
                         addErrorMessage("no_such_accreditable", new String[] { type, id });
                     } else {
@@ -224,15 +205,64 @@
                         if (!role.isAssignable()) {
                             addErrorMessage("cannot-assign-role", new String[] { roleId });
                         }
-                        manipulateCredential(item, role, operations[j], method);
-                        setParameter(SUB_CREDENTIALS, getSubtreeCredentials());
+                        if (operations[j].equals(ADD)) {
+                            ModifiablePolicy policy = getPolicy();
+                            if (containsCredential(policy, item, role)) {
+                                addErrorMessage("credential-already-contained",
+                                        new String[] { ((Item) item).getId(), role.getId() });
+                            }
+                        }
+                    }
+                    if (hasErrors()) {
+                        deleteParameter(paramName);
                     }
+                }
+            }
+        }
+    }
+
+    /**
+     * @see org.apache.lenya.cms.usecase.AbstractUsecase#doExecute()
+     */
+    public void doExecute() throws Exception {
+        super.doExecute();
+        if (getParameterAsString("change_ssl") != null) {
+            String ssl = getBooleanCheckboxParameter("ssl");
+            setSSLProtected(Boolean.valueOf(ssl).booleanValue());
+        }
+
+        for (int i = 0; i < types.length; i++) {
+            for (int j = 0; j < operations.length; j++) {
+                String type = types[i];
+                String paramName = operations[j] + "Credential_" + type;
+                if (getParameterAsString(paramName) != null) {
+                    String roleId = getParameterAsString(ROLE);
+                    String method = getParameterAsString(METHOD);
+                    String id = getParameterAsString(type);
+                    Accreditable item = getAccreditable(type, id);
+                    Role role = getRoleManager().getRole(roleId);
+                    manipulateCredential(item, role, operations[j], method);
+                    setParameter(SUB_CREDENTIALS, getSubtreeCredentials());
                     deleteParameter(paramName);
                 }
             }
         }
     }
 
+    protected Accreditable getAccreditable(String type, String id) {
+        Accreditable item = null;
+        if (type.equals(USER)) {
+            item = getUserManager().getUser(id);
+        } else if (type.equals(GROUP)) {
+            item = getGroupManager().getGroup(id);
+        } else if (type.equals(IPRANGE)) {
+            item = getIpRangeManager().getIPRange(id);
+        } else if (type.equals(WORLD)) {
+            item = World.getInstance();
+        }
+        return item;
+    }
+
     /**
      * Returns if one of the ancestors of this URL is SSL protected.
      * 
@@ -281,8 +311,7 @@
      */
     protected void setSSLProtected(boolean ssl) throws ProcessingException {
         try {
-            ModifiablePolicy policy = (ModifiablePolicy) getPolicyManager().buildSubtreePolicy(
-                    getAccreditableManager(), getPolicyURL());
+            ModifiablePolicy policy = getPolicy();
             policy.setSSL(ssl);
             getPolicyManager().saveSubtreePolicy(getPolicyURL(), policy);
         } catch (AccessControlException e) {
@@ -309,19 +338,11 @@
      */
     protected void manipulateCredential(Accreditable accreditable, Role role, String operation,
             String method) throws ProcessingException {
-        ModifiablePolicy policy = null;
         try {
-            policy = (ModifiablePolicy) getPolicyManager().buildSubtreePolicy(
-                    getAccreditableManager(), getPolicyURL());
+            ModifiablePolicy policy = getPolicy();
             
             if (operation.equals(ADD)) {
-                if (containsCredential(policy, accreditable, role)) {
-                    addErrorMessage("credential-already-contained",
-                            new String[] { ((Item) accreditable).getId(), role.getId() });
-                }
-                else {
-                    policy.addRole(accreditable, role, method);
-                }
+                policy.addRole(accreditable, role, method);
             } else if (operation.equals(DELETE)) {
                 policy.removeRole(accreditable, role);
             } else if (operation.equals(UP)) {
@@ -334,6 +355,11 @@
         } catch (Exception e) {
             throw new ProcessingException("Manipulating credential failed: ", e);
         }
+    }
+
+    protected ModifiablePolicy getPolicy() throws AccessControlException {
+        return (ModifiablePolicy) getPolicyManager().buildSubtreePolicy(
+                getAccreditableManager(), getPolicyURL());
     }
 
     protected boolean containsCredential(ModifiablePolicy policy, Accreditable accreditable, Role role)



---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@lenya.apache.org
For additional commands, e-mail: commits-help@lenya.apache.org