This is an automated email from the ASF dual-hosted git repository. rombert pushed a commit to annotated tag org.apache.sling.jcr.resourcesecurity-1.0.0 in repository https://gitbox.apache.org/repos/asf/sling-org-apache-sling-jcr-resourcesecurity.git
commit 52af11efe13413b33b4cdd0d923ff6cd410987e3 Author: Carsten Ziegeler <[email protected]> AuthorDate: Fri Mar 28 16:49:25 2014 +0000 Simplify code, use common method for permission check git-svn-id: https://svn.apache.org/repos/asf/sling/trunk/contrib/jcr/resourcesecurity@1582820 13f79535-47bb-0310-9956-ffa450edef68 --- .../impl/ResourceAccessGateFactory.java | 76 +++++++++------------- 1 file changed, 31 insertions(+), 45 deletions(-) diff --git a/src/main/java/org/apache/sling/jcr/resourcesecurity/impl/ResourceAccessGateFactory.java b/src/main/java/org/apache/sling/jcr/resourcesecurity/impl/ResourceAccessGateFactory.java index e9ba073..7c13fed 100644 --- a/src/main/java/org/apache/sling/jcr/resourcesecurity/impl/ResourceAccessGateFactory.java +++ b/src/main/java/org/apache/sling/jcr/resourcesecurity/impl/ResourceAccessGateFactory.java @@ -45,6 +45,13 @@ import org.apache.sling.resourceaccesssecurity.ResourceAccessGate; @Properties({ @Property(name=ResourceAccessGate.PATH, label="Path", description="The path is a regular expression for which resources the service should be called"), + @Property(name=ResourceAccessGateFactory.PROP_PREFIX, + label="Deep Check Prefix", + description="If this value is configured with a prefix and the resource path starts with this" + + " prefix, the prefix is removed from the path and the remaining part is appended " + + " to the JCR path to check. For example if /foo/a/b/c is required, this prefix is " + + " configured with /foo and the JCR node to check is /check, the permissions at " + + " /check/a/b/c are checked."), @Property(name=ResourceAccessGateFactory.PROP_JCR_PATH, label="JCR Node", description="This node is checked for permissions to the resources."), @@ -57,6 +64,8 @@ public class ResourceAccessGateFactory static final String PROP_JCR_PATH = "jcrPath"; + static final String PROP_PREFIX = "checkpath.prefix"; + private String jcrPath; @Activate @@ -75,6 +84,25 @@ public class ResourceAccessGateFactory } /** + * Check the permission + */ + private GateResult checkPermission(final Resource resource, final String permission) { + if ( this.skipCheck(resource) ) { + return GateResult.GRANTED; + } + boolean granted = false; + final Session session = resource.getResourceResolver().adaptTo(Session.class); + if ( session != null ) { + try { + granted = session.hasPermission(jcrPath, permission); + } catch (final RepositoryException re) { + // ignore + } + } + return granted ? GateResult.GRANTED : GateResult.DENIED; + } + + /** * @see org.apache.sling.resourceaccesssecurity.AllowingResourceAccessGate#hasReadRestrictions(org.apache.sling.api.resource.ResourceResolver) */ @Override @@ -111,19 +139,7 @@ public class ResourceAccessGateFactory */ @Override public GateResult canRead(final Resource resource) { - if ( this.skipCheck(resource) ) { - return GateResult.GRANTED; - } - final Session session = resource.getResourceResolver().adaptTo(Session.class); - boolean canRead = false; - if ( session != null ) { - try { - canRead = session.nodeExists(this.jcrPath); - } catch (final RepositoryException re) { - // ignore - } - } - return canRead ? GateResult.GRANTED : GateResult.DENIED; + return this.checkPermission(resource, Session.ACTION_READ); } /** @@ -131,22 +147,7 @@ public class ResourceAccessGateFactory */ @Override public GateResult canDelete(Resource resource) { - if ( this.skipCheck(resource) ) { - return GateResult.GRANTED; - } - - boolean canDelete = false; - final Session session = resource.getResourceResolver().adaptTo(Session.class); - if ( session != null ) { - try { - canDelete = session.hasPermission(jcrPath, Session.ACTION_REMOVE); - } catch (final RepositoryException re) { - // ignore - } - } - - return canDelete ? GateResult.GRANTED : GateResult.DENIED; - + return this.checkPermission(resource, Session.ACTION_REMOVE); } /** @@ -154,22 +155,7 @@ public class ResourceAccessGateFactory */ @Override public GateResult canUpdate(Resource resource) { - if ( this.skipCheck(resource) ) { - return GateResult.GRANTED; - } - - boolean canUpdate = false; - - final Session session = resource.getResourceResolver().adaptTo(Session.class); - if ( session != null ) { - try { - canUpdate = session.hasPermission(jcrPath, Session.ACTION_SET_PROPERTY); - } catch (final RepositoryException re) { - // ignore - } - } - - return canUpdate ? GateResult.GRANTED : GateResult.DENIED; + return this.checkPermission(resource, Session.ACTION_SET_PROPERTY); } /** -- To stop receiving notification emails like this one, please contact "[email protected]" <[email protected]>.
