You are viewing a plain text version of this content. The canonical link for it is here.
Posted to oak-commits@jackrabbit.apache.org by an...@apache.org on 2014/08/15 11:28:50 UTC
svn commit: r1618123 -
/jackrabbit/oak/trunk/oak-authorization-cug/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/CugExclude.java
Author: angela
Date: Fri Aug 15 09:28:50 2014
New Revision: 1618123
URL: http://svn.apache.org/r1618123
Log:
OAK-2008 : authorization setup for closed user groups (exclude system users as defined by JCR-3802)
Modified:
jackrabbit/oak/trunk/oak-authorization-cug/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/CugExclude.java
Modified: jackrabbit/oak/trunk/oak-authorization-cug/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/CugExclude.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-authorization-cug/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/CugExclude.java?rev=1618123&r1=1618122&r2=1618123&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-authorization-cug/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/CugExclude.java (original)
+++ jackrabbit/oak/trunk/oak-authorization-cug/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/CugExclude.java Fri Aug 15 09:28:50 2014
@@ -20,6 +20,10 @@ import java.security.Principal;
import java.util.Set;
import javax.annotation.Nonnull;
+import org.apache.jackrabbit.oak.spi.security.principal.AdminPrincipal;
+import org.apache.jackrabbit.oak.spi.security.principal.SystemPrincipal;
+import org.apache.jackrabbit.oak.spi.security.principal.SystemUserPrincipal;
+
/**
* CugExclude... TODO
*/
@@ -33,7 +37,18 @@ public interface CugExclude {
@Override
public boolean isExcluded(@Nonnull Set<Principal> principals) {
- return principals.isEmpty();
+ if (principals.isEmpty()) {
+ return true;
+ }
+ if (principals.contains(SystemPrincipal.INSTANCE)) {
+ return true;
+ }
+ for (Principal p : principals) {
+ if (p instanceof AdminPrincipal || p instanceof SystemUserPrincipal) {
+ return true;
+ }
+ }
+ return false;
}
}
}
\ No newline at end of file