You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@sling.apache.org by dk...@apache.org on 2021/01/12 04:08:56 UTC

[sling-org-apache-sling-app-cms] branch master updated: Fixing the rewritten security filter to support sub-resources of a page

This is an automated email from the ASF dual-hosted git repository.

dklco pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/sling-org-apache-sling-app-cms.git


The following commit(s) were added to refs/heads/master by this push:
     new 153b7dd  Fixing the rewritten security filter to support sub-resources of a page
153b7dd is described below

commit 153b7dd837a75944ecb442b57fa52f9a6a015eb2
Author: Dan Klco <dk...@apache.org>
AuthorDate: Mon Jan 11 23:08:39 2021 -0500

    Fixing the rewritten security filter to support sub-resources of a page
---
 .../apache/sling/cms/core/internal/filters/CMSSecurityFilter.java  | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/core/src/main/java/org/apache/sling/cms/core/internal/filters/CMSSecurityFilter.java b/core/src/main/java/org/apache/sling/cms/core/internal/filters/CMSSecurityFilter.java
index 0042435..e1ac4c2 100644
--- a/core/src/main/java/org/apache/sling/cms/core/internal/filters/CMSSecurityFilter.java
+++ b/core/src/main/java/org/apache/sling/cms/core/internal/filters/CMSSecurityFilter.java
@@ -19,6 +19,7 @@ package org.apache.sling.cms.core.internal.filters;
 import java.io.IOException;
 import java.util.Iterator;
 import java.util.List;
+import java.util.Optional;
 
 import javax.jcr.RepositoryException;
 import javax.jcr.Session;
@@ -37,6 +38,7 @@ import org.apache.jackrabbit.api.security.user.Group;
 import org.apache.jackrabbit.api.security.user.User;
 import org.apache.jackrabbit.api.security.user.UserManager;
 import org.apache.sling.api.SlingHttpServletRequest;
+import org.apache.sling.cms.CMSUtils;
 import org.apache.sling.cms.PublishableResource;
 import org.apache.sling.cms.publication.PUBLICATION_MODE;
 import org.apache.sling.cms.publication.PublicationManagerFactory;
@@ -102,7 +104,10 @@ public class CMSSecurityFilter implements Filter {
             allowed = true;
         }
 
-        PublishableResource publishableResource = slingRequest.getResource().adaptTo(PublishableResource.class);
+        PublishableResource publishableResource = Optional
+                .ofNullable(CMSUtils.findPublishableParent(slingRequest.getResource()))
+                .map(r -> r.adaptTo(PublishableResource.class)).orElse(null);
+
         if (publishableResource != null && publishableResource.isPublished()) {
             log.trace("Resource is published");
             allowed = true;