You are viewing a plain text version of this content. The canonical link for it is here.
Posted to oak-commits@jackrabbit.apache.org by an...@apache.org on 2020/11/19 09:08:45 UTC

svn commit: r1883635 - in /jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission: MoveAwarePermissionValidator.java PermissionValidator.java

Author: angela
Date: Thu Nov 19 09:08:44 2020
New Revision: 1883635

URL: http://svn.apache.org/viewvc?rev=1883635&view=rev
Log:
OAK-9279 : Add PermissionValidator#checkIsGranted

Modified:
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/MoveAwarePermissionValidator.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionValidator.java

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/MoveAwarePermissionValidator.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/MoveAwarePermissionValidator.java?rev=1883635&r1=1883634&r2=1883635&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/MoveAwarePermissionValidator.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/MoveAwarePermissionValidator.java Thu Nov 19 09:08:44 2020
@@ -171,9 +171,7 @@ public class MoveAwarePermissionValidato
         }
 
         private void checkPermissions(@NotNull Tree tree, long permissions) throws CommitFailedException {
-            if (!getPermissionProvider().isGranted(tree, null, permissions)) {
-                throw new CommitFailedException(ACCESS, 0, "Access denied");
-            }
+            checkIsGranted(getPermissionProvider().isGranted(tree, null, permissions));
         }
     }
 }

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionValidator.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionValidator.java?rev=1883635&r1=1883634&r2=1883635&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionValidator.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionValidator.java Thu Nov 19 09:08:44 2020
@@ -197,16 +197,12 @@ class PermissionValidator extends Defaul
                                long defaultPermission) throws CommitFailedException {
         long toTest = getPermission(tree, defaultPermission);
         if (Permissions.isRepositoryPermission(toTest)) {
-            if (!permissionProvider.getRepositoryPermission().isGranted(toTest)) {
-                throw new CommitFailedException(ACCESS, 0, "Access denied");
-            }
+            checkIsGranted(permissionProvider.getRepositoryPermission().isGranted(toTest));
             return null; // no need for further validation down the subtree
         } else {
             NodeState ns = provider.getTreeProvider().asNodeState(tree);
             TreePermission tp = parentPermission.getChildPermission(tree.getName(), ns);
-            if (!tp.isGranted(toTest)) {
-                throw new CommitFailedException(ACCESS, 0, "Access denied");
-            }
+            checkIsGranted(tp.isGranted(toTest));
             if (noTraverse(toTest, defaultPermission)) {
                 return null;
             } else {
@@ -227,15 +223,10 @@ class PermissionValidator extends Defaul
         }
         long toTest = getPermission(parent, property, defaultPermission);
         if (toTest != Permissions.NO_PERMISSION) {
-            boolean isGranted;
             if (Permissions.isRepositoryPermission(toTest)) {
-                isGranted = permissionProvider.getRepositoryPermission().isGranted(toTest);
+                checkIsGranted(permissionProvider.getRepositoryPermission().isGranted(toTest));
             } else {
-                isGranted = parentPermission.isGranted(toTest, property);
-            }
-
-            if (!isGranted) {
-                throw new CommitFailedException(ACCESS, 0, "Access denied");
+                checkIsGranted(parentPermission.isGranted(toTest, property));
             }
         }
     }
@@ -355,4 +346,10 @@ class PermissionValidator extends Defaul
     private boolean isIndexDefinition(@NotNull Tree tree) {
         return tree.getPath().contains(IndexConstants.INDEX_DEFINITIONS_NAME);
     }
+
+    void checkIsGranted(boolean isGranted) throws CommitFailedException {
+        if (!isGranted) {
+            throw new CommitFailedException(ACCESS, 0, "Access denied");
+        }
+    }
 }