You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@sling.apache.org by ro...@apache.org on 2017/11/07 09:58:05 UTC
[sling-org-apache-sling-resourceaccesssecurity] 02/13: SLING-3458 -
Restrictions imposed by ProviderResourceAccessSecurity should not be
discarded by ApplicationResourceAccessSecurity,
SLING-3462 - Make ResourceAccessSecurity provider context and application
context behave the same way
This is an automated email from the ASF dual-hosted git repository.
rombert pushed a commit to annotated tag org.apache.sling.resourceaccesssecurity-1.0.0
in repository https://gitbox.apache.org/repos/asf/sling-org-apache-sling-resourceaccesssecurity.git
commit 596c123bd3e4e83c1d5d52701bc5f268ebc3a30d
Author: Mike Müller <my...@apache.org>
AuthorDate: Wed Mar 19 12:40:59 2014 +0000
SLING-3458 - Restrictions imposed by ProviderResourceAccessSecurity should not be discarded by ApplicationResourceAccessSecurity,
SLING-3462 - Make ResourceAccessSecurity provider context and application context behave the same way
git-svn-id: https://svn.apache.org/repos/asf/sling/trunk/bundles/resourceaccesssecurity/core@1579213 13f79535-47bb-0310-9956-ffa450edef68
---
.../AllowingResourceAccessGate.java | 18 +++---
.../resourceaccesssecurity/ResourceAccessGate.java | 2 +-
.../ApplicationResourceAccessSecurityImpl.java | 2 +-
.../impl/ResourceAccessSecurityImpl.java | 72 ++++++++++++++--------
4 files changed, 59 insertions(+), 35 deletions(-)
diff --git a/src/main/java/org/apache/sling/resourceaccesssecurity/AllowingResourceAccessGate.java b/src/main/java/org/apache/sling/resourceaccesssecurity/AllowingResourceAccessGate.java
index 1e7d8c7..2570f81 100644
--- a/src/main/java/org/apache/sling/resourceaccesssecurity/AllowingResourceAccessGate.java
+++ b/src/main/java/org/apache/sling/resourceaccesssecurity/AllowingResourceAccessGate.java
@@ -32,48 +32,48 @@ public abstract class AllowingResourceAccessGate implements ResourceAccessGate {
@Override
public GateResult canRead(final Resource resource) {
- return GateResult.DONTCARE;
+ return GateResult.CANT_DECIDE;
}
@Override
public GateResult canCreate(final String absPathName,
final ResourceResolver resourceResolver) {
- return GateResult.DONTCARE;
+ return GateResult.CANT_DECIDE;
}
@Override
public GateResult canUpdate(final Resource resource) {
- return GateResult.DONTCARE;
+ return GateResult.CANT_DECIDE;
}
@Override
public GateResult canDelete(final Resource resource) {
- return GateResult.DONTCARE;
+ return GateResult.CANT_DECIDE;
}
@Override
public GateResult canExecute(final Resource resource) {
- return GateResult.DONTCARE;
+ return GateResult.CANT_DECIDE;
}
@Override
public GateResult canReadValue(final Resource resource, final String valueName) {
- return GateResult.DONTCARE;
+ return GateResult.CANT_DECIDE;
}
@Override
public GateResult canCreateValue(final Resource resource, final String valueName) {
- return GateResult.DONTCARE;
+ return GateResult.CANT_DECIDE;
}
@Override
public GateResult canUpdateValue(final Resource resource, final String valueName) {
- return GateResult.DONTCARE;
+ return GateResult.CANT_DECIDE;
}
@Override
public GateResult canDeleteValue(final Resource resource, final String valueName) {
- return GateResult.DONTCARE;
+ return GateResult.CANT_DECIDE;
}
@Override
diff --git a/src/main/java/org/apache/sling/resourceaccesssecurity/ResourceAccessGate.java b/src/main/java/org/apache/sling/resourceaccesssecurity/ResourceAccessGate.java
index 4b096e8..6ee4e2b 100644
--- a/src/main/java/org/apache/sling/resourceaccesssecurity/ResourceAccessGate.java
+++ b/src/main/java/org/apache/sling/resourceaccesssecurity/ResourceAccessGate.java
@@ -123,7 +123,7 @@ public interface ResourceAccessGate {
* </ul>
*/
public enum GateResult {
- GRANTED, DENIED, DONTCARE
+ GRANTED, DENIED, CANT_DECIDE
};
public enum Operation {
diff --git a/src/main/java/org/apache/sling/resourceaccesssecurity/impl/ApplicationResourceAccessSecurityImpl.java b/src/main/java/org/apache/sling/resourceaccesssecurity/impl/ApplicationResourceAccessSecurityImpl.java
index e784236..d4ac38e 100644
--- a/src/main/java/org/apache/sling/resourceaccesssecurity/impl/ApplicationResourceAccessSecurityImpl.java
+++ b/src/main/java/org/apache/sling/resourceaccesssecurity/impl/ApplicationResourceAccessSecurityImpl.java
@@ -37,6 +37,6 @@ import org.apache.sling.resourceaccesssecurity.ResourceAccessGate;
public class ApplicationResourceAccessSecurityImpl extends ResourceAccessSecurityImpl {
public ApplicationResourceAccessSecurityImpl() {
- super(true);
+ super(false);
}
}
diff --git a/src/main/java/org/apache/sling/resourceaccesssecurity/impl/ResourceAccessSecurityImpl.java b/src/main/java/org/apache/sling/resourceaccesssecurity/impl/ResourceAccessSecurityImpl.java
index 72279e5..cd1f200 100644
--- a/src/main/java/org/apache/sling/resourceaccesssecurity/impl/ResourceAccessSecurityImpl.java
+++ b/src/main/java/org/apache/sling/resourceaccesssecurity/impl/ResourceAccessSecurityImpl.java
@@ -36,10 +36,10 @@ public abstract class ResourceAccessSecurityImpl implements ResourceAccessSecuri
private List<ResourceAccessGateHandler> allHandlers = Collections.emptyList();
- private final boolean defaultAllow;
+ private final boolean defaultAllowIfNoGateMatches;
- public ResourceAccessSecurityImpl(final boolean defaultAllow) {
- this.defaultAllow = defaultAllow;
+ public ResourceAccessSecurityImpl(final boolean defaultAllowIfNoGateMatches) {
+ this.defaultAllowIfNoGateMatches = defaultAllowIfNoGateMatches;
}
/**
@@ -101,7 +101,7 @@ public abstract class ResourceAccessSecurityImpl implements ResourceAccessSecuri
@Override
public Resource getReadableResource(final Resource resource) {
- Resource returnValue = (this.defaultAllow ? resource : null);
+ Resource returnValue = null;
final Iterator<ResourceAccessGateHandler> accessGateHandlers = getMatchingResourceAccessGateHandlerIterator(
resource.getPath(), ResourceAccessGate.Operation.READ);
@@ -113,7 +113,10 @@ public abstract class ResourceAccessSecurityImpl implements ResourceAccessSecuri
if ( accessGateHandlers != null ) {
+ boolean noGateMatched = true;
+
while ( accessGateHandlers.hasNext() ) {
+ noGateMatched = false;
final ResourceAccessGateHandler resourceAccessGateHandler = accessGateHandlers.next();
final GateResult gateResult = resourceAccessGateHandler.getResourceAccessGate().canRead(resource);
@@ -130,23 +133,24 @@ public abstract class ResourceAccessSecurityImpl implements ResourceAccessSecuri
}
if (finalGateResult == null) {
finalGateResult = gateResult;
- } else if (finalGateResult != GateResult.GRANTED && gateResult != GateResult.DONTCARE) {
+ } else if (finalGateResult != GateResult.GRANTED && gateResult != GateResult.CANT_DECIDE) {
finalGateResult = gateResult;
}
// stop checking if the operation is final and the result not GateResult.DONTCARE
- if (gateResult != GateResult.DONTCARE && resourceAccessGateHandler.isFinalOperation(ResourceAccessGate.Operation.READ)) {
+ if (gateResult != GateResult.CANT_DECIDE && resourceAccessGateHandler.isFinalOperation(ResourceAccessGate.Operation.READ)) {
break;
}
}
// return null if access is denied or no ResourceAccessGate is present
- if (finalGateResult == null || finalGateResult == GateResult.DENIED) {
+ if (finalGateResult == GateResult.DENIED) {
returnValue = null;
- } else if (finalGateResult == GateResult.DONTCARE) {
- returnValue = (this.defaultAllow ? resource : null);
} else if (finalGateResult == GateResult.GRANTED ) {
returnValue = resource;
+ } else if (noGateMatched && this.defaultAllowIfNoGateMatches)
+ {
+ returnValue = resource;
}
}
@@ -169,20 +173,22 @@ public abstract class ResourceAccessSecurityImpl implements ResourceAccessSecuri
final ResourceResolver resolver) {
final Iterator<ResourceAccessGateHandler> handlers = getMatchingResourceAccessGateHandlerIterator(
path, ResourceAccessGate.Operation.CREATE);
- boolean result = this.defaultAllow;
+ boolean result = false;
if ( handlers != null ) {
GateResult finalGateResult = null;
+ boolean noGateMatched = true;
while ( handlers.hasNext() ) {
+ noGateMatched = false;
final ResourceAccessGateHandler resourceAccessGateHandler = handlers.next();
final GateResult gateResult = resourceAccessGateHandler.getResourceAccessGate().canCreate(path, resolver);
if (finalGateResult == null) {
finalGateResult = gateResult;
- } else if (finalGateResult != GateResult.GRANTED && gateResult != GateResult.DONTCARE) {
+ } else if (finalGateResult != GateResult.GRANTED && gateResult != GateResult.CANT_DECIDE) {
finalGateResult = gateResult;
}
- if (finalGateResult == GateResult.GRANTED || gateResult != GateResult.DONTCARE &&
+ if (finalGateResult == GateResult.GRANTED || gateResult != GateResult.CANT_DECIDE &&
resourceAccessGateHandler.isFinalOperation(ResourceAccessGate.Operation.CREATE)) {
break;
}
@@ -192,6 +198,9 @@ public abstract class ResourceAccessSecurityImpl implements ResourceAccessSecuri
result = true;
} else if ( finalGateResult == GateResult.DENIED ) {
result = false;
+ } else if ( noGateMatched && this.defaultAllowIfNoGateMatches )
+ {
+ result = true;
}
}
return result;
@@ -201,20 +210,22 @@ public abstract class ResourceAccessSecurityImpl implements ResourceAccessSecuri
public boolean canUpdate(final Resource resource) {
final Iterator<ResourceAccessGateHandler> handlers = getMatchingResourceAccessGateHandlerIterator(
resource.getPath(), ResourceAccessGate.Operation.UPDATE);
- boolean result = this.defaultAllow;
+ boolean result = this.defaultAllowIfNoGateMatches;
if ( handlers != null ) {
GateResult finalGateResult = null;
+ boolean noGateMatched = true;
while ( handlers.hasNext() ) {
+ noGateMatched = false;
final ResourceAccessGateHandler resourceAccessGateHandler = handlers.next();
final GateResult gateResult = resourceAccessGateHandler.getResourceAccessGate().canUpdate(resource);
if (finalGateResult == null) {
finalGateResult = gateResult;
- } else if (finalGateResult != GateResult.GRANTED && gateResult != GateResult.DONTCARE) {
+ } else if (finalGateResult != GateResult.GRANTED && gateResult != GateResult.CANT_DECIDE) {
finalGateResult = gateResult;
}
- if (finalGateResult == GateResult.GRANTED || gateResult != GateResult.DONTCARE &&
+ if (finalGateResult == GateResult.GRANTED || gateResult != GateResult.CANT_DECIDE &&
resourceAccessGateHandler.isFinalOperation(ResourceAccessGate.Operation.UPDATE)) {
break;
}
@@ -224,6 +235,9 @@ public abstract class ResourceAccessSecurityImpl implements ResourceAccessSecuri
result = true;
} else if ( finalGateResult == GateResult.DENIED ) {
result = false;
+ } else if ( noGateMatched && this.defaultAllowIfNoGateMatches )
+ {
+ result = true;
}
}
return result;
@@ -233,20 +247,22 @@ public abstract class ResourceAccessSecurityImpl implements ResourceAccessSecuri
public boolean canDelete(final Resource resource) {
final Iterator<ResourceAccessGateHandler> handlers = getMatchingResourceAccessGateHandlerIterator(
resource.getPath(), ResourceAccessGate.Operation.DELETE);
- boolean result = this.defaultAllow;
+ boolean result = this.defaultAllowIfNoGateMatches;
if ( handlers != null ) {
GateResult finalGateResult = null;
+ boolean noGateMatched = true;
while ( handlers.hasNext() ) {
+ noGateMatched = false;
final ResourceAccessGateHandler resourceAccessGateHandler = handlers.next();
final GateResult gateResult = resourceAccessGateHandler.getResourceAccessGate().canDelete(resource);
if (finalGateResult == null) {
finalGateResult = gateResult;
- } else if (finalGateResult != GateResult.GRANTED && gateResult != GateResult.DONTCARE) {
+ } else if (finalGateResult != GateResult.GRANTED && gateResult != GateResult.CANT_DECIDE) {
finalGateResult = gateResult;
}
- if (finalGateResult == GateResult.GRANTED || gateResult != GateResult.DONTCARE &&
+ if (finalGateResult == GateResult.GRANTED || gateResult != GateResult.CANT_DECIDE &&
resourceAccessGateHandler.isFinalOperation(ResourceAccessGate.Operation.DELETE)) {
break;
}
@@ -256,6 +272,9 @@ public abstract class ResourceAccessSecurityImpl implements ResourceAccessSecuri
result = true;
} else if ( finalGateResult == GateResult.DENIED ) {
result = false;
+ } else if ( noGateMatched && this.defaultAllowIfNoGateMatches )
+ {
+ result = true;
}
}
return result;
@@ -265,20 +284,22 @@ public abstract class ResourceAccessSecurityImpl implements ResourceAccessSecuri
public boolean canExecute(final Resource resource) {
final Iterator<ResourceAccessGateHandler> handlers = getMatchingResourceAccessGateHandlerIterator(
resource.getPath(), ResourceAccessGate.Operation.EXECUTE);
- boolean result = this.defaultAllow;
+ boolean result = this.defaultAllowIfNoGateMatches;
if ( handlers != null ) {
GateResult finalGateResult = null;
+ boolean noGateMatched = true;
while ( handlers.hasNext() ) {
+ noGateMatched = false;
final ResourceAccessGateHandler resourceAccessGateHandler = handlers.next();
final GateResult gateResult = resourceAccessGateHandler.getResourceAccessGate().canExecute(resource);
if (finalGateResult == null) {
finalGateResult = gateResult;
- } else if (finalGateResult != GateResult.GRANTED && gateResult != GateResult.DONTCARE) {
+ } else if (finalGateResult != GateResult.GRANTED && gateResult != GateResult.CANT_DECIDE) {
finalGateResult = gateResult;
}
- if (finalGateResult == GateResult.GRANTED || gateResult != GateResult.DONTCARE && resourceAccessGateHandler.isFinalOperation(ResourceAccessGate.Operation.EXECUTE)) {
+ if (finalGateResult == GateResult.GRANTED || gateResult != GateResult.CANT_DECIDE && resourceAccessGateHandler.isFinalOperation(ResourceAccessGate.Operation.EXECUTE)) {
break;
}
}
@@ -287,6 +308,9 @@ public abstract class ResourceAccessSecurityImpl implements ResourceAccessSecuri
result = true;
} else if ( finalGateResult == GateResult.DENIED ) {
result = false;
+ } else if ( noGateMatched && this.defaultAllowIfNoGateMatches )
+ {
+ result = true;
}
}
return result;
@@ -295,19 +319,19 @@ public abstract class ResourceAccessSecurityImpl implements ResourceAccessSecuri
@Override
public boolean canReadValue(final Resource resource, final String valueName) {
// TODO Auto-generated method stub
- return this.defaultAllow;
+ return false;
}
@Override
public boolean canSetValue(final Resource resource, final String valueName) {
// TODO Auto-generated method stub
- return this.defaultAllow;
+ return false;
}
@Override
public boolean canDeleteValue(final Resource resource, final String valueName) {
// TODO Auto-generated method stub
- return this.defaultAllow;
+ return false;
}
@Override
--
To stop receiving notification emails like this one, please contact
"commits@sling.apache.org" <co...@sling.apache.org>.