Author: tdraier
Date: Thu Dec 27 18:32:12 2007
New Revision: 19425
URL: https://svndev.jahia.net/websvn/listing.php?sc=3D1&rev=3D19425&repname=
=3Djahia
Log:
fixed jackrabbit acl policy
Modified:
branches/JAHIA-5-0-3-DMS-JACKRABBIT-BRANCH/jackrabbit-ext/core/src/java=
/org/apache/jackrabbit/core/security/JahiaAccessManager.java
Modified: branches/JAHIA-5-0-3-DMS-JACKRABBIT-BRANCH/jackrabbit-ext/core/sr=
c/java/org/apache/jackrabbit/core/security/JahiaAccessManager.java
URL: https://svndev.jahia.net/websvn/diff.php?path=3D/branches/JAHIA-5-0-3-=
DMS-JACKRABBIT-BRANCH/jackrabbit-ext/core/src/java/org/apache/jackrabbit/co=
re/security/JahiaAccessManager.java&rev=3D19425&repname=3Djahia
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D
--- branches/JAHIA-5-0-3-DMS-JACKRABBIT-BRANCH/jackrabbit-ext/core/src/java=
/org/apache/jackrabbit/core/security/JahiaAccessManager.java (original)
+++ branches/JAHIA-5-0-3-DMS-JACKRABBIT-BRANCH/jackrabbit-ext/core/src/java=
/org/apache/jackrabbit/core/security/JahiaAccessManager.java Thu Dec 27 18:=
32:12 2007
@@ -22,6 +22,15 @@
import java.util.*;
=
/**
+ *
+ * Current ACL policy :
+ *
+ * - If there is a grant ACE defined for the user matching the permission,=
grant access
+ * - If there is a deny ACE defined for the user matching the permission, =
deny access
+ * - If there are at least one grant ACEs defined for groups the user belo=
ngs to, grant access
+ * - If there are at least one deny ACEs defined for groups the user belon=
gs to, deny access
+ * - Go to the parent node, repeat
+ *
* Created by IntelliJ IDEA.
* User: toto
* Date: 28 f=C3=83=C2=A9vr. 2006
@@ -126,9 +135,8 @@
if (service.isAdmin(p.getName(),name.getLocalName())) {
return true;
}
- CheckCommand v =3D new CheckCommand(permissions, name.=
getLocalName(), service);
- recurseonACPs(jcrPath, s, v);
- return v.isResult();
+
+ return recurseonACPs(jcrPath, s, permissions, name.get=
LocalName(), service); =
}
} else {
return true;
@@ -145,29 +153,6 @@
return true;
}
=
- public Map getPermissions(ItemId id) {
- Session s =3D null;
- try {
- s =3D getRepository().login(JahiaLoginModule.getSystemCredenti=
als());
- NamespaceResolver nr =3D new SessionNamespaceResolver(s);
- PathResolver pr =3D new DefaultNamePathResolver(nr);
-
- Path path =3D getPath(id);
- String jcrPath =3D pr.getJCRPath(path);
-
- ViewCommand vv =3D new ViewCommand();
- recurseonACPs(jcrPath, s, vv);
- return vv.getResults();
- } catch (Exception e) {
- e.printStackTrace(); //To change body of catch statement use =
File | Settings | File Templates.
- } finally {
- if (s !=3D null) {
- s.logout();
- } =
- }
- return new HashMap();
- }
-
private Path getPath(ItemId id) throws RepositoryException {
Path path =3D null;
try {
@@ -186,7 +171,7 @@
return path;
}
=
- private void recurseonACPs(String jcrPath, Session s, Command v) throw=
s RepositoryException {
+ private boolean recurseonACPs(String jcrPath, Session s, int permissio=
ns, String site, JahiaUserService service) throws RepositoryException {
while (jcrPath.length() > 0) {
if (s.itemExists(jcrPath)) {
Item i =3D s.getItem(jcrPath);
@@ -195,18 +180,37 @@
if (node.isNodeType("mix:accessControlled")) {
Node acp =3D node.getProperty("jcr:accessControlPo=
licy").getNode();
NodeIterator aces =3D acp.getNode("jcr:acl").getNo=
des("jcr:ace");
+ boolean match =3D false;
+ boolean result =3D false;
+
while (aces.hasNext()) {
Node ace =3D aces.nextNode();
String principal =3D ace.getProperty("jcr:prin=
cipal").getString();
String type =3D ace.getProperty("jcr:aceType")=
.getString();
Value[] privileges =3D ace.getProperty("jcr:pr=
ivileges").getValues();
+ for (int j =3D 0; j < privileges.length; j++) {
+ Value privilege =3D privileges[j];
+ if (match(permissions, privilege.getString=
())) {
+ String principalName =3D principal.sub=
string(2);
+ if (principal.charAt(0) =3D=3D 'u') {
+ if (principalName.equals(p.getName=
())) {
+ return type.equals("GRANT");
+ }
+ } else {
+ if (principalName.equals("guest") =
|| service.isUserMemberOf(p.getName(), principalName, site)) {
+ result |=3D type.equals("GRANT=
");
+ match =3D true;
+ }
+ }
=
- if (v.execute(jcrPath, principal, type, privil=
eges)) return;
+ }
+ }
}
+ if (match) return result;
}
}
if ("/".equals(jcrPath)) {
- return;
+ return false;
} else if (jcrPath.lastIndexOf('/') > 0) {
jcrPath =3D jcrPath.substring(0,jcrPath.lastIndexOf('/=
'));
} else {
@@ -214,6 +218,7 @@
}
}
}
+ return false;
}
=
public boolean match(int permission, String privilege) {
@@ -230,74 +235,6 @@
return false;
}
=
- interface Command {
- public boolean execute(String jcrPath, String principal, String ty=
pe, Value[] privileges) throws RepositoryException;
- }
-
- class CheckCommand implements Command {
- private int permissions;
- private String site;
- private JahiaUserService service;
- private boolean result;
-
- public CheckCommand(int permissions, String site, JahiaUserService=
service) {
- this.permissions =3D permissions;
- this.site =3D site;
- this.service =3D service;
- }
-
- public boolean isResult() {
- return result;
- }
-
- public boolean execute(String jcrPath, String principal, String ty=
pe, Value[] privileges) throws RepositoryException {
- for (int j =3D 0; j < privileges.length; j++) {
- Value privilege =3D privileges[j];
- if (match(permissions, privilege.getString())) {
- String principalName =3D principal.substring(2);
- if (principal.charAt(0) =3D=3D 'u') {
- if (principalName.equals(p.getName())) {
- result =3D type.equals("GRANT");
- return true;
- }
- } else {
- if (principalName.equals("guest") || service.isUse=
rMemberOf(p.getName(), principalName, site)) {
- result =3D type.equals("GRANT");
- return true;
- }
- }
-
- }
- }
- return false;
- }
-
- }
-
- class ViewCommand implements Command {
- private Map results =3D new HashMap();
-
- public Map getResults() {
- return results;
- }
-
- public boolean execute(String jcrPath, String principal, String ty=
pe, Value[] privileges) throws RepositoryException {
- List p =3D (List) results.get(principal);
-
- if (p =3D=3D null) {
- p =3D new ArrayList();
- results.put(principal, p);
- for (int i =3D 0; i < privileges.length; i++) {
- Value privilege =3D privileges[i];
- p.add(new String[]{jcrPath, type, privilege.getString(=
)});
- }
- }
-
- return false;
- }
- }
-
-
public boolean canAccess(String workspaceName) throws NoSuchWorkspaceE=
xception, RepositoryException {
return true;
}
_______________________________________________
cvs_list mailing list
[email protected]
http://lists.jahia.org/cgi-bin/mailman/listinfo/cvs_list
