This is an automated email from the ASF dual-hosted git repository.

rombert pushed a commit to annotated tag 
org.apache.sling.jcr.resourcesecurity-1.0.0
in repository 
https://gitbox.apache.org/repos/asf/sling-org-apache-sling-jcr-resourcesecurity.git

commit 9615f3d4c50184c8dca6bcc218c18c8164b58a5f
Author: Carsten Ziegeler <[email protected]>
AuthorDate: Fri Mar 28 16:30:00 2014 +0000

    SLING-3438 : Provide ResourceAccessGate implementation that authorizes CRUD 
operations based on JCR permissios. Merge patch from Marius Petria with 
existing implementation
    
    git-svn-id: 
https://svn.apache.org/repos/asf/sling/trunk/contrib/jcr/resourcesecurity@1582808
 13f79535-47bb-0310-9956-ffa450edef68
---
 .../impl/ResourceAccessGateFactory.java            | 111 +++++++++++++++++++--
 1 file changed, 105 insertions(+), 6 deletions(-)

diff --git 
a/src/main/java/org/apache/sling/jcr/resourcesecurity/impl/ResourceAccessGateFactory.java
 
b/src/main/java/org/apache/sling/jcr/resourcesecurity/impl/ResourceAccessGateFactory.java
index eab7816..e9ba073 100644
--- 
a/src/main/java/org/apache/sling/jcr/resourcesecurity/impl/ResourceAccessGateFactory.java
+++ 
b/src/main/java/org/apache/sling/jcr/resourcesecurity/impl/ResourceAccessGateFactory.java
@@ -36,7 +36,6 @@ import org.apache.sling.commons.osgi.PropertiesUtil;
 import org.apache.sling.resourceaccesssecurity.AllowingResourceAccessGate;
 import org.apache.sling.resourceaccesssecurity.ResourceAccessGate;
 
-
 @Component(configurationFactory=true, policy=ConfigurationPolicy.REQUIRE, 
metatype=true,
            label="Apache Sling JCR Resource Access Gate",
            description="This access gate can be used to handle the access to 
resources" +
@@ -49,7 +48,7 @@ import 
org.apache.sling.resourceaccesssecurity.ResourceAccessGate;
     @Property(name=ResourceAccessGateFactory.PROP_JCR_PATH,
               label="JCR Node",
               description="This node is checked for permissions to the 
resources."),
-    @Property(name=ResourceAccessGate.OPERATIONS, value="read", 
propertyPrivate=true),
+    @Property(name=ResourceAccessGate.OPERATIONS, value= {"read", "create", 
"update", "delete"}, propertyPrivate=true),
     @Property(name=ResourceAccessGate.CONTEXT, 
value=ResourceAccessGate.PROVIDER_CONTEXT, propertyPrivate=true)
 })
 public class ResourceAccessGateFactory
@@ -65,16 +64,51 @@ public class ResourceAccessGateFactory
         this.jcrPath = PropertiesUtil.toString(props.get(PROP_JCR_PATH), null);
     }
 
+    /**
+     * Skip the check if the resource is backed by a JCR resource.
+     * This is a sanity check which should usually not be required if the 
system
+     * is configured correctly.
+     */
+    private boolean skipCheck(final Resource resource) {
+        // if resource is backed by a JCR node, skip check
+        return resource.adaptTo(Node.class) != null;
+    }
+
+    /**
+     * @see 
org.apache.sling.resourceaccesssecurity.AllowingResourceAccessGate#hasReadRestrictions(org.apache.sling.api.resource.ResourceResolver)
+     */
     @Override
-    public boolean hasReadRestrictions(ResourceResolver resourceResolver) {
+    public boolean hasReadRestrictions(final ResourceResolver 
resourceResolver) {
         return true;
     }
 
-    private boolean skipCheck(final Resource resource) {
-        // if resource is backed by a jcr node, skip check
-        return resource.adaptTo(Node.class) != null;
+    /**
+     * @see 
org.apache.sling.resourceaccesssecurity.AllowingResourceAccessGate#hasCreateRestrictions(org.apache.sling.api.resource.ResourceResolver)
+     */
+    @Override
+    public boolean hasCreateRestrictions(final ResourceResolver 
resourceResolver) {
+        return true;
+    }
+
+    /**
+     * @see 
org.apache.sling.resourceaccesssecurity.AllowingResourceAccessGate#hasUpdateRestrictions(org.apache.sling.api.resource.ResourceResolver)
+     */
+    @Override
+    public boolean hasUpdateRestrictions(final ResourceResolver 
resourceResolver) {
+        return true;
+    }
+
+    /**
+     * @see 
org.apache.sling.resourceaccesssecurity.AllowingResourceAccessGate#hasDeleteRestrictions(org.apache.sling.api.resource.ResourceResolver)
+     */
+    @Override
+    public boolean hasDeleteRestrictions(final ResourceResolver 
resourceResolver) {
+        return true;
     }
 
+    /**
+     * @see 
org.apache.sling.resourceaccesssecurity.AllowingResourceAccessGate#canRead(org.apache.sling.api.resource.Resource)
+     */
     @Override
     public GateResult canRead(final Resource resource) {
         if ( this.skipCheck(resource) ) {
@@ -91,4 +125,69 @@ public class ResourceAccessGateFactory
         }
         return canRead ? GateResult.GRANTED : GateResult.DENIED;
     }
+
+    /**
+     * @see 
org.apache.sling.resourceaccesssecurity.AllowingResourceAccessGate#canDelete(org.apache.sling.api.resource.Resource)
+     */
+    @Override
+    public GateResult canDelete(Resource resource) {
+        if ( this.skipCheck(resource) ) {
+            return GateResult.GRANTED;
+        }
+
+        boolean canDelete = false;
+        final Session session = 
resource.getResourceResolver().adaptTo(Session.class);
+        if ( session != null ) {
+            try {
+                canDelete = session.hasPermission(jcrPath, 
Session.ACTION_REMOVE);
+            } catch (final RepositoryException re) {
+                // ignore
+            }
+        }
+
+        return canDelete ? GateResult.GRANTED : GateResult.DENIED;
+
+    }
+
+    /**
+     * @see 
org.apache.sling.resourceaccesssecurity.AllowingResourceAccessGate#canUpdate(org.apache.sling.api.resource.Resource)
+     */
+    @Override
+    public GateResult canUpdate(Resource resource) {
+        if ( this.skipCheck(resource) ) {
+            return GateResult.GRANTED;
+        }
+
+        boolean canUpdate = false;
+
+        final Session session = 
resource.getResourceResolver().adaptTo(Session.class);
+        if ( session != null ) {
+            try {
+                canUpdate = session.hasPermission(jcrPath, 
Session.ACTION_SET_PROPERTY);
+            } catch (final RepositoryException re) {
+                // ignore
+            }
+        }
+
+        return canUpdate ? GateResult.GRANTED : GateResult.DENIED;
+    }
+
+    /**
+     * @see 
org.apache.sling.resourceaccesssecurity.AllowingResourceAccessGate#canCreate(java.lang.String,
 org.apache.sling.api.resource.ResourceResolver)
+     */
+    @Override
+    public GateResult canCreate(String absPathName, ResourceResolver 
resourceResolver) {
+        boolean canCreate = false;
+
+        final Session session = resourceResolver.adaptTo(Session.class);
+        if ( session != null ) {
+            try {
+                canCreate = session.hasPermission(jcrPath, 
Session.ACTION_ADD_NODE);
+            } catch (final RepositoryException re) {
+                // ignore
+            }
+        }
+
+        return canCreate ? GateResult.GRANTED : GateResult.DENIED;
+    }
 }

-- 
To stop receiving notification emails like this one, please contact
"[email protected]" <[email protected]>.

Reply via email to