You are viewing a plain text version of this content. The canonical link for it is here.
Posted to oak-commits@jackrabbit.apache.org by an...@apache.org on 2013/04/09 17:07:22 UTC

svn commit: r1466069 - in /jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization: AccessControlManagerImpl.java permission/PermissionValidator.java

Author: angela
Date: Tue Apr  9 15:07:21 2013
New Revision: 1466069

URL: http://svn.apache.org/r1466069
Log:
OAK-527: permissions (wip)

- accessmanager#hasPrivilege and #getPrivileges doesn't pass 'null' to permission provider for repo privileges
- permissionvalidatior should also skip hidden nodes
- permissionvalidator lacks special repo-permission handling for properties

Modified:
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlManagerImpl.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionValidator.java

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlManagerImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlManagerImpl.java?rev=1466069&r1=1466068&r2=1466069&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlManagerImpl.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlManagerImpl.java Tue Apr  9 15:07:21 2013
@@ -536,7 +536,7 @@ public class AccessControlManagerImpl im
         if (provider == null) {
             throw new UnsupportedRepositoryOperationException();
         }
-        Tree tree = getTree(getOakPath(absPath), Permissions.NO_PERMISSION);
+        Tree tree = (absPath == null) ? null : getTree(getOakPath(absPath), Permissions.NO_PERMISSION);
         Set<String> pNames = provider.getPrivileges(tree);
         if (pNames.isEmpty()) {
             return new Privilege[0];
@@ -555,7 +555,7 @@ public class AccessControlManagerImpl im
         if (provider == null) {
             throw new UnsupportedRepositoryOperationException();
         }
-        Tree tree = getTree(getOakPath(absPath), Permissions.NO_PERMISSION);
+        Tree tree = (absPath == null) ? null : getTree(getOakPath(absPath), Permissions.NO_PERMISSION);
         Set<String> privilegeNames = new HashSet<String>(privileges.length);
         for (Privilege privilege : privileges) {
             privilegeNames.add(namePathMapper.getOakName(privilege.getName()));

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionValidator.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionValidator.java?rev=1466069&r1=1466068&r2=1466069&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionValidator.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionValidator.java Tue Apr  9 15:07:21 2013
@@ -140,6 +140,9 @@ class PermissionValidator extends Defaul
 
     private Validator checkPermissions(@Nonnull Tree tree, boolean isBefore,
                                        long defaultPermission) throws CommitFailedException {
+        if (NodeStateUtils.isHidden(tree.getName())) {
+            return null;
+        }
         long toTest = getPermission(tree, defaultPermission);
         if (Permissions.isRepositoryPermission(toTest)) {
             if (!permissionProvider.isGranted(toTest)) {
@@ -162,11 +165,17 @@ class PermissionValidator extends Defaul
 
     private void checkPermissions(@Nonnull Tree parent, @Nonnull PropertyState property,
                                   long defaultPermission) throws CommitFailedException {
-        if (!NodeStateUtils.isHidden((property.getName()))) {
-            long toTest = getPermission(parent, property, defaultPermission);
-            if (!permissionProvider.isGranted(parent, property, toTest)) {
+        if (NodeStateUtils.isHidden(property.getName())) {
+            return;
+        }
+
+        long toTest = getPermission(parent, property, defaultPermission);
+        if (Permissions.isRepositoryPermission(toTest)) {
+            if (!permissionProvider.isGranted(toTest)) {
                 throw new CommitFailedException(ACCESS, 0, "Access denied");
             }
+        } else if (!permissionProvider.isGranted(parent, property, toTest)) {
+            throw new CommitFailedException(ACCESS, 0, "Access denied");
         }
     }