You are viewing a plain text version of this content. The canonical link for it is here.
Posted to oak-commits@jackrabbit.apache.org by an...@apache.org on 2020/11/19 09:08:45 UTC
svn commit: r1883635 - in
/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission:
MoveAwarePermissionValidator.java PermissionValidator.java
Author: angela
Date: Thu Nov 19 09:08:44 2020
New Revision: 1883635
URL: http://svn.apache.org/viewvc?rev=1883635&view=rev
Log:
OAK-9279 : Add PermissionValidator#checkIsGranted
Modified:
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/MoveAwarePermissionValidator.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionValidator.java
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/MoveAwarePermissionValidator.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/MoveAwarePermissionValidator.java?rev=1883635&r1=1883634&r2=1883635&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/MoveAwarePermissionValidator.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/MoveAwarePermissionValidator.java Thu Nov 19 09:08:44 2020
@@ -171,9 +171,7 @@ public class MoveAwarePermissionValidato
}
private void checkPermissions(@NotNull Tree tree, long permissions) throws CommitFailedException {
- if (!getPermissionProvider().isGranted(tree, null, permissions)) {
- throw new CommitFailedException(ACCESS, 0, "Access denied");
- }
+ checkIsGranted(getPermissionProvider().isGranted(tree, null, permissions));
}
}
}
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionValidator.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionValidator.java?rev=1883635&r1=1883634&r2=1883635&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionValidator.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionValidator.java Thu Nov 19 09:08:44 2020
@@ -197,16 +197,12 @@ class PermissionValidator extends Defaul
long defaultPermission) throws CommitFailedException {
long toTest = getPermission(tree, defaultPermission);
if (Permissions.isRepositoryPermission(toTest)) {
- if (!permissionProvider.getRepositoryPermission().isGranted(toTest)) {
- throw new CommitFailedException(ACCESS, 0, "Access denied");
- }
+ checkIsGranted(permissionProvider.getRepositoryPermission().isGranted(toTest));
return null; // no need for further validation down the subtree
} else {
NodeState ns = provider.getTreeProvider().asNodeState(tree);
TreePermission tp = parentPermission.getChildPermission(tree.getName(), ns);
- if (!tp.isGranted(toTest)) {
- throw new CommitFailedException(ACCESS, 0, "Access denied");
- }
+ checkIsGranted(tp.isGranted(toTest));
if (noTraverse(toTest, defaultPermission)) {
return null;
} else {
@@ -227,15 +223,10 @@ class PermissionValidator extends Defaul
}
long toTest = getPermission(parent, property, defaultPermission);
if (toTest != Permissions.NO_PERMISSION) {
- boolean isGranted;
if (Permissions.isRepositoryPermission(toTest)) {
- isGranted = permissionProvider.getRepositoryPermission().isGranted(toTest);
+ checkIsGranted(permissionProvider.getRepositoryPermission().isGranted(toTest));
} else {
- isGranted = parentPermission.isGranted(toTest, property);
- }
-
- if (!isGranted) {
- throw new CommitFailedException(ACCESS, 0, "Access denied");
+ checkIsGranted(parentPermission.isGranted(toTest, property));
}
}
}
@@ -355,4 +346,10 @@ class PermissionValidator extends Defaul
private boolean isIndexDefinition(@NotNull Tree tree) {
return tree.getPath().contains(IndexConstants.INDEX_DEFINITIONS_NAME);
}
+
+ void checkIsGranted(boolean isGranted) throws CommitFailedException {
+ if (!isGranted) {
+ throw new CommitFailedException(ACCESS, 0, "Access denied");
+ }
+ }
}