You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@sling.apache.org by ro...@apache.org on 2017/11/07 09:49:14 UTC
[sling-org-apache-sling-jcr-resourcesecurity] 06/16: Simplify code,
use common method for permission check
This is an automated email from the ASF dual-hosted git repository.
rombert pushed a commit to annotated tag org.apache.sling.jcr.resourcesecurity-1.0.0
in repository https://gitbox.apache.org/repos/asf/sling-org-apache-sling-jcr-resourcesecurity.git
commit 52af11efe13413b33b4cdd0d923ff6cd410987e3
Author: Carsten Ziegeler <cz...@apache.org>
AuthorDate: Fri Mar 28 16:49:25 2014 +0000
Simplify code, use common method for permission check
git-svn-id: https://svn.apache.org/repos/asf/sling/trunk/contrib/jcr/resourcesecurity@1582820 13f79535-47bb-0310-9956-ffa450edef68
---
.../impl/ResourceAccessGateFactory.java | 76 +++++++++-------------
1 file changed, 31 insertions(+), 45 deletions(-)
diff --git a/src/main/java/org/apache/sling/jcr/resourcesecurity/impl/ResourceAccessGateFactory.java b/src/main/java/org/apache/sling/jcr/resourcesecurity/impl/ResourceAccessGateFactory.java
index e9ba073..7c13fed 100644
--- a/src/main/java/org/apache/sling/jcr/resourcesecurity/impl/ResourceAccessGateFactory.java
+++ b/src/main/java/org/apache/sling/jcr/resourcesecurity/impl/ResourceAccessGateFactory.java
@@ -45,6 +45,13 @@ import org.apache.sling.resourceaccesssecurity.ResourceAccessGate;
@Properties({
@Property(name=ResourceAccessGate.PATH, label="Path",
description="The path is a regular expression for which resources the service should be called"),
+ @Property(name=ResourceAccessGateFactory.PROP_PREFIX,
+ label="Deep Check Prefix",
+ description="If this value is configured with a prefix and the resource path starts with this" +
+ " prefix, the prefix is removed from the path and the remaining part is appended " +
+ " to the JCR path to check. For example if /foo/a/b/c is required, this prefix is " +
+ " configured with /foo and the JCR node to check is /check, the permissions at " +
+ " /check/a/b/c are checked."),
@Property(name=ResourceAccessGateFactory.PROP_JCR_PATH,
label="JCR Node",
description="This node is checked for permissions to the resources."),
@@ -57,6 +64,8 @@ public class ResourceAccessGateFactory
static final String PROP_JCR_PATH = "jcrPath";
+ static final String PROP_PREFIX = "checkpath.prefix";
+
private String jcrPath;
@Activate
@@ -75,6 +84,25 @@ public class ResourceAccessGateFactory
}
/**
+ * Check the permission
+ */
+ private GateResult checkPermission(final Resource resource, final String permission) {
+ if ( this.skipCheck(resource) ) {
+ return GateResult.GRANTED;
+ }
+ boolean granted = false;
+ final Session session = resource.getResourceResolver().adaptTo(Session.class);
+ if ( session != null ) {
+ try {
+ granted = session.hasPermission(jcrPath, permission);
+ } catch (final RepositoryException re) {
+ // ignore
+ }
+ }
+ return granted ? GateResult.GRANTED : GateResult.DENIED;
+ }
+
+ /**
* @see org.apache.sling.resourceaccesssecurity.AllowingResourceAccessGate#hasReadRestrictions(org.apache.sling.api.resource.ResourceResolver)
*/
@Override
@@ -111,19 +139,7 @@ public class ResourceAccessGateFactory
*/
@Override
public GateResult canRead(final Resource resource) {
- if ( this.skipCheck(resource) ) {
- return GateResult.GRANTED;
- }
- final Session session = resource.getResourceResolver().adaptTo(Session.class);
- boolean canRead = false;
- if ( session != null ) {
- try {
- canRead = session.nodeExists(this.jcrPath);
- } catch (final RepositoryException re) {
- // ignore
- }
- }
- return canRead ? GateResult.GRANTED : GateResult.DENIED;
+ return this.checkPermission(resource, Session.ACTION_READ);
}
/**
@@ -131,22 +147,7 @@ public class ResourceAccessGateFactory
*/
@Override
public GateResult canDelete(Resource resource) {
- if ( this.skipCheck(resource) ) {
- return GateResult.GRANTED;
- }
-
- boolean canDelete = false;
- final Session session = resource.getResourceResolver().adaptTo(Session.class);
- if ( session != null ) {
- try {
- canDelete = session.hasPermission(jcrPath, Session.ACTION_REMOVE);
- } catch (final RepositoryException re) {
- // ignore
- }
- }
-
- return canDelete ? GateResult.GRANTED : GateResult.DENIED;
-
+ return this.checkPermission(resource, Session.ACTION_REMOVE);
}
/**
@@ -154,22 +155,7 @@ public class ResourceAccessGateFactory
*/
@Override
public GateResult canUpdate(Resource resource) {
- if ( this.skipCheck(resource) ) {
- return GateResult.GRANTED;
- }
-
- boolean canUpdate = false;
-
- final Session session = resource.getResourceResolver().adaptTo(Session.class);
- if ( session != null ) {
- try {
- canUpdate = session.hasPermission(jcrPath, Session.ACTION_SET_PROPERTY);
- } catch (final RepositoryException re) {
- // ignore
- }
- }
-
- return canUpdate ? GateResult.GRANTED : GateResult.DENIED;
+ return this.checkPermission(resource, Session.ACTION_SET_PROPERTY);
}
/**
--
To stop receiving notification emails like this one, please contact
"commits@sling.apache.org" <co...@sling.apache.org>.