You are viewing a plain text version of this content. The canonical link for it is here.
Posted to oak-commits@jackrabbit.apache.org by an...@apache.org on 2013/11/04 15:19:46 UTC
svn commit: r1538619 -
/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/CompiledPermissionImpl.java
Author: angela
Date: Mon Nov 4 14:19:46 2013
New Revision: 1538619
URL: http://svn.apache.org/r1538619
Log:
OAK-527: permissions
- improve calculation of readstatus in case the target node and all it's properties can be read
Modified:
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/CompiledPermissionImpl.java
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/CompiledPermissionImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/CompiledPermissionImpl.java?rev=1538619&r1=1538618&r2=1538619&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/CompiledPermissionImpl.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/CompiledPermissionImpl.java Mon Nov 4 14:19:46 2013
@@ -645,13 +645,14 @@ final class CompiledPermissionImpl imple
private static final int THIS = 1;
private static final int PROPERTIES = 2;
private static final int CHILD_NODES = 4;
+ private static final int THIS_PROPERTIES = THIS | PROPERTIES;
private static final int ALL = THIS | PROPERTIES | CHILD_NODES;
private static final ReadStatus ALLOW_THIS = new ReadStatus(THIS, true);
- private static final ReadStatus ALLOW_PROPERTIES = new ReadStatus(PROPERTIES, true);
+ private static final ReadStatus ALLOW_THIS_PROPERTIES = new ReadStatus(THIS_PROPERTIES, true);
private static final ReadStatus ALLOW_ALL = new ReadStatus(ALL, true);
private static final ReadStatus DENY_THIS = new ReadStatus(THIS, false);
- private static final ReadStatus DENY_PROPERTIES = new ReadStatus(PROPERTIES, false);
+ private static final ReadStatus DENY_THIS_PROPERTIES = new ReadStatus(THIS_PROPERTIES, false);
private static final ReadStatus DENY_ALL = new ReadStatus(ALL, false);
private static final PrivilegeBits READ_BITS = PrivilegeBits.BUILT_IN.get(PrivilegeConstants.JCR_READ);
@@ -668,17 +669,20 @@ final class CompiledPermissionImpl imple
private static ReadStatus create(PermissionEntry pe, long permission) {
// best effort: read status is only calculated if the first matching
// entry doesn't define any restrictions and it's a regular tree
- if (pe.restriction == RestrictionPattern.EMPTY &&
- permission != Permissions.READ_ACCESS_CONTROL) {
- if (pe.privilegeBits.includes(READ_BITS)) {
- return (pe.isAllow) ? ALLOW_ALL : DENY_ALL;
- } else if (pe.privilegeBits.includes(READ_PROPERTIES_BITS)) {
- return (pe.isAllow) ? ALLOW_PROPERTIES : DENY_PROPERTIES;
+ if (permission == Permissions.READ_ACCESS_CONTROL) {
+ return (pe.isAllow) ? ALLOW_THIS : DENY_THIS;
+ } else {
+ if (pe.restriction == RestrictionPattern.EMPTY) {
+ if (pe.privilegeBits.includes(READ_BITS)) {
+ return (pe.isAllow) ? ALLOW_ALL : DENY_ALL;
+ } else if (pe.privilegeBits.includes(READ_PROPERTIES_BITS)) {
+ return (pe.isAllow) ? ALLOW_THIS_PROPERTIES : DENY_THIS_PROPERTIES;
+ } else {
+ return (pe.isAllow) ? ALLOW_THIS : DENY_THIS;
+ }
} else {
return (pe.isAllow) ? ALLOW_THIS : DENY_THIS;
}
- } else {
- return (pe.isAllow) ? ALLOW_THIS : DENY_THIS;
}
}