You are viewing a plain text version of this content. The canonical link for it is here.
Posted to oak-commits@jackrabbit.apache.org by an...@apache.org on 2013/04/18 09:07:37 UTC
svn commit: r1469190 -
/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlManagerImpl.java
Author: angela
Date: Thu Apr 18 07:07:36 2013
New Revision: 1469190
URL: http://svn.apache.org/r1469190
Log:
OAK-51 : Access Control Management (wip)
Modified:
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlManagerImpl.java
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlManagerImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlManagerImpl.java?rev=1469190&r1=1469189&r2=1469190&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlManagerImpl.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlManagerImpl.java Thu Apr 18 07:07:36 2013
@@ -38,6 +38,7 @@ import javax.jcr.security.AccessControlP
import javax.jcr.security.Privilege;
import com.google.common.base.Objects;
+import com.google.common.collect.Lists;
import org.apache.jackrabbit.JcrConstants;
import org.apache.jackrabbit.api.security.JackrabbitAccessControlEntry;
import org.apache.jackrabbit.api.security.JackrabbitAccessControlList;
@@ -216,12 +217,15 @@ public class AccessControlManagerImpl im
PrincipalACL existing = (plcs.length == 0) ? null : (PrincipalACL) plcs[0];
// TODO: handle re-ordered entries...
- // write new entries
- List<JackrabbitAccessControlEntry> entries = principalAcl.getEntries();
+ List<JackrabbitAccessControlEntry> toAdd = Lists.newArrayList(principalAcl.getEntries());
+ List<JackrabbitAccessControlEntry> toRemove = Collections.emptyList();
if (existing != null) {
- entries.removeAll(existing.getEntries());
+ toAdd.removeAll(existing.getEntries());
+ toRemove = existing.getEntries();
+ toRemove.removeAll(principalAcl.getEntries());
}
- for (JackrabbitAccessControlEntry ace : entries) {
+ // add new entries
+ for (JackrabbitAccessControlEntry ace : toAdd) {
String path = getOakPath(ace.getRestriction(REP_NODE_PATH).getString());
Tree tree = getTree(path, Permissions.MODIFY_ACCESS_CONTROL);
NodeUtil aclNode = getAclNode(path, tree);
@@ -233,18 +237,14 @@ public class AccessControlManagerImpl im
}
// remove entries that are not longer present in the acl to write
- if (existing != null) {
- List<JackrabbitAccessControlEntry> toRemove = existing.getEntries();
- toRemove.removeAll(principalAcl.getEntries());
- for (JackrabbitAccessControlEntry ace : toRemove) {
- String path = getOakPath(ace.getRestriction(REP_NODE_PATH).getString());
- NodeUtil aclNode = checkNotNull(getAclNode(path, getTree(path, Permissions.MODIFY_ACCESS_CONTROL)));
- Iterator<Tree> children = aclNode.getTree().getChildren().iterator();
- while (children.hasNext()) {
- Tree child = children.next();
- if (ace.equals(createACE(path, child, principalAcl.rProvider))) {
- child.remove();
- }
+ for (JackrabbitAccessControlEntry ace : toRemove) {
+ String path = getOakPath(ace.getRestriction(REP_NODE_PATH).getString());
+ NodeUtil aclNode = checkNotNull(getAclNode(path, getTree(path, Permissions.MODIFY_ACCESS_CONTROL)));
+ Iterator<Tree> children = aclNode.getTree().getChildren().iterator();
+ while (children.hasNext()) {
+ Tree child = children.next();
+ if (ace.equals(createACE(path, child, principalAcl.rProvider))) {
+ child.remove();
}
}
}
@@ -352,11 +352,7 @@ public class AccessControlManagerImpl im
return hasPrivileges(absPath, privileges);
} else {
PermissionProvider provider = acConfig.getPermissionProvider(root, principals);
- try {
- return hasPrivileges(absPath, privileges, provider, Permissions.READ_ACCESS_CONTROL);
- } finally {
- provider = null;
- }
+ return hasPrivileges(absPath, privileges, provider, Permissions.READ_ACCESS_CONTROL);
}
}
@@ -366,11 +362,7 @@ public class AccessControlManagerImpl im
return getPrivileges(absPath);
} else {
PermissionProvider provider = acConfig.getPermissionProvider(root, principals);
- try {
- return getPrivileges(absPath, provider, Permissions.READ_ACCESS_CONTROL);
- } finally {
- provider = null;
- }
+ return getPrivileges(absPath, provider, Permissions.READ_ACCESS_CONTROL);
}
}