You are viewing a plain text version of this content. The canonical link for it is here.
Posted to oak-commits@jackrabbit.apache.org by an...@apache.org on 2013/04/09 17:07:22 UTC
svn commit: r1466069 - in
/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization:
AccessControlManagerImpl.java permission/PermissionValidator.java
Author: angela
Date: Tue Apr 9 15:07:21 2013
New Revision: 1466069
URL: http://svn.apache.org/r1466069
Log:
OAK-527: permissions (wip)
- accessmanager#hasPrivilege and #getPrivileges doesn't pass 'null' to permission provider for repo privileges
- permissionvalidatior should also skip hidden nodes
- permissionvalidator lacks special repo-permission handling for properties
Modified:
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlManagerImpl.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionValidator.java
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlManagerImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlManagerImpl.java?rev=1466069&r1=1466068&r2=1466069&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlManagerImpl.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlManagerImpl.java Tue Apr 9 15:07:21 2013
@@ -536,7 +536,7 @@ public class AccessControlManagerImpl im
if (provider == null) {
throw new UnsupportedRepositoryOperationException();
}
- Tree tree = getTree(getOakPath(absPath), Permissions.NO_PERMISSION);
+ Tree tree = (absPath == null) ? null : getTree(getOakPath(absPath), Permissions.NO_PERMISSION);
Set<String> pNames = provider.getPrivileges(tree);
if (pNames.isEmpty()) {
return new Privilege[0];
@@ -555,7 +555,7 @@ public class AccessControlManagerImpl im
if (provider == null) {
throw new UnsupportedRepositoryOperationException();
}
- Tree tree = getTree(getOakPath(absPath), Permissions.NO_PERMISSION);
+ Tree tree = (absPath == null) ? null : getTree(getOakPath(absPath), Permissions.NO_PERMISSION);
Set<String> privilegeNames = new HashSet<String>(privileges.length);
for (Privilege privilege : privileges) {
privilegeNames.add(namePathMapper.getOakName(privilege.getName()));
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionValidator.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionValidator.java?rev=1466069&r1=1466068&r2=1466069&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionValidator.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionValidator.java Tue Apr 9 15:07:21 2013
@@ -140,6 +140,9 @@ class PermissionValidator extends Defaul
private Validator checkPermissions(@Nonnull Tree tree, boolean isBefore,
long defaultPermission) throws CommitFailedException {
+ if (NodeStateUtils.isHidden(tree.getName())) {
+ return null;
+ }
long toTest = getPermission(tree, defaultPermission);
if (Permissions.isRepositoryPermission(toTest)) {
if (!permissionProvider.isGranted(toTest)) {
@@ -162,11 +165,17 @@ class PermissionValidator extends Defaul
private void checkPermissions(@Nonnull Tree parent, @Nonnull PropertyState property,
long defaultPermission) throws CommitFailedException {
- if (!NodeStateUtils.isHidden((property.getName()))) {
- long toTest = getPermission(parent, property, defaultPermission);
- if (!permissionProvider.isGranted(parent, property, toTest)) {
+ if (NodeStateUtils.isHidden(property.getName())) {
+ return;
+ }
+
+ long toTest = getPermission(parent, property, defaultPermission);
+ if (Permissions.isRepositoryPermission(toTest)) {
+ if (!permissionProvider.isGranted(toTest)) {
throw new CommitFailedException(ACCESS, 0, "Access denied");
}
+ } else if (!permissionProvider.isGranted(parent, property, toTest)) {
+ throw new CommitFailedException(ACCESS, 0, "Access denied");
}
}