[JIRA] Commented: (NXP-1863) getPermissionGroups method in PermissionProvider doesn't return SecurityConstants.Everything right

Wed, 02 Apr 2008 10:02:13 -0700 

    [ 
http://jira.nuxeo.org/browse/NXP-1863?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=34783#action_34783
 ] 

Olivier Grisel commented on NXP-1863:
-------------------------------------

Proposed patch:

--- 
a/nuxeo-platform-webapp-core/src/main/java/org/nuxeo/ecm/webapp/security/SecurityActionsBean.java
+++ 
b/nuxeo-platform-webapp-core/src/main/java/org/nuxeo/ecm/webapp/security/SecurityActionsBean.java
@@ -23,6 +23,8 @@ import static org.jboss.seam.ScopeType.C

 import java.security.Principal;
 import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.LinkedList;
 import java.util.List;
 import java.util.Map;

@@ -82,8 +84,10 @@ public class SecurityActionsBean extends
     // XXX temporary
     protected static final String ADMIN_GROUP = "administrators";

-    protected static final String[] PERMISSIONS_TO_CHECK = 
{SecurityConstants.WRITE_SECURITY, SecurityConstants.READ_SECURITY};
-
+    protected static final String[] SEED_PERMISSIONS_TO_CHECK = 
{SecurityConstants.WRITE_SECURITY, SecurityConstants.READ_SECURITY};
+
+    protected String[] CACHED_PERMISSION_TO_CHECK = null;
+
     private static final Log log = 
LogFactory.getLog(SecurityActionsBean.class);

     private static final Labeler labeler = new Labeler(
@@ -617,11 +621,27 @@ public class SecurityActionsBean extends
         }
         acp.setRules(modifiableEntries.toArray(new UserEntry[0]));

-        final boolean access = acp.getAccess(principals.toArray(new 
String[0]), PERMISSIONS_TO_CHECK).toBoolean();
+        final boolean access = acp.getAccess(principals.toArray(new 
String[0]), getPermissionsToCheck()).toBoolean();
         if (!access) {
             rebuildSecurityData();
         }
         return access;
     }

+    protected String[] getPermissionsToCheck() throws ClientException {
+        if (CACHED_PERMISSION_TO_CHECK == null) {
+            try {
+            List<String> aggregatedPerms = new LinkedList<String>();
+                for (String seedPerm : SEED_PERMISSIONS_TO_CHECK) {
+                    PermissionProvider pprovider = 
Framework.getService(PermissionProvider.class);
+                    
aggregatedPerms.addAll(Arrays.asList(pprovider.getPermissionGroups(seedPerm)));
+                }
+                CACHED_PERMISSION_TO_CHECK = aggregatedPerms.toArray(new 
String[aggregatedPerms.size()]);
+            } catch (Exception e) {
+                throw new ClientException(e);
+            }
+        }
+        return CACHED_PERMISSION_TO_CHECK;
+    }
+


> getPermissionGroups method in PermissionProvider doesn't return 
> SecurityConstants.Everything right
> --------------------------------------------------------------------------------------------------
>
>                 Key: NXP-1863
>                 URL: http://jira.nuxeo.org/browse/NXP-1863
>             Project: Nuxeo Enterprise Platform 5
>          Issue Type: Bug
>          Components: Security
>    Affects Versions: 5.1.3
>         Environment: Latest build on branch
>            Reporter: Radu Darlea
>            Assignee: Thomas Roger
>             Fix For: 5.1.5, 5.2 M1
>
>
> The method PermissionProvider.getPermissionGroups() doesn't returns 
> SecurityConstants.EVERYTHING in list when required WRITE right, although it 
> is supposed that Everything includes Write right.  Although I can easily add 
> the Everything right in the returned list, I suppose there is a hidden 
> problem in the code so I would like a deeper investigation.

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: 
http://jira.nuxeo.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

        
_______________________________________________
ECM-tickets mailing list
[email protected]
http://lists.nuxeo.com/mailman/listinfo/ecm-tickets

Reply via email to