Author: angela
Date: Tue Apr 9 18:01:50 2013
New Revision: 1466161
URL: http://svn.apache.org/r1466161
Log:
OAK-527: permissions (wip)
Modified:
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlManagerImpl.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionProviderImpl.java
Modified:
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlManagerImpl.java
URL:
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlManagerImpl.java?rev=1466161&r1=1466160&r2=1466161&view=diff
==============================================================================
---
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlManagerImpl.java
(original)
+++
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlManagerImpl.java
Tue Apr 9 18:01:50 2013
@@ -118,7 +118,7 @@ public class AccessControlManagerImpl im
@Nonnull
@Override
public Privilege[] getSupportedPrivileges(@Nullable String absPath) throws
RepositoryException {
- checkValidPath(absPath);
+ getTree(getOakPath(absPath), Permissions.NO_PERMISSION);
return privilegeManager.getRegisteredPrivileges();
}
@@ -351,26 +351,18 @@ public class AccessControlManagerImpl im
throw new PathNotFoundException("No tree at " + oakPath);
}
if (permissions != Permissions.NO_PERMISSION) {
- checkPermission(tree, permissions);
+ if (permissionProvider != null &&
!permissionProvider.isGranted(tree, null, permissions)) {
+ throw new AccessDeniedException("Access denied at " + tree);
+ }
+ // check if the tree is access controlled
+ if (acConfig.getContext().definesTree(tree)) {
+ throw new AccessControlException("Tree " + tree.getPath() + "
defines access control content.");
+ }
}
- // check if the tree is access controlled
- if (acConfig.getContext().definesTree(tree)) {
- throw new AccessControlException("Tree " + tree.getPath() + "
defines access control content.");
- }
return tree;
}
- private void checkPermission(@Nonnull Tree tree, long permissions) throws
AccessDeniedException {
- if (permissionProvider != null && !permissionProvider.isGranted(tree,
null, permissions)) {
- throw new AccessDeniedException("Access denied at " + tree);
- }
- }
-
- private void checkValidPath(@Nullable String jcrPath) throws
RepositoryException {
- getTree(getOakPath(jcrPath), Permissions.NO_PERMISSION);
- }
-
private static void checkValidPolicy(@Nullable String oakPath, @Nonnull
AccessControlPolicy policy) throws AccessControlException {
if (policy instanceof ACL) {
String path = ((ACL) policy).getOakPath();
Modified:
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionProviderImpl.java
URL:
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionProviderImpl.java?rev=1466161&r1=1466160&r2=1466161&view=diff
==============================================================================
---
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionProviderImpl.java
(original)
+++
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionProviderImpl.java
Tue Apr 9 18:01:50 2013
@@ -107,9 +107,9 @@ public class PermissionProviderImpl impl
// TODO: OAK-753 decide on where to filter out hidden items.
if (isHidden(tree, property)) {
return ReadStatus.DENY_ALL;
- } else if (isAccessControlContent(tree) &&
canReadAccessControlContent(tree, property)) {
+ } else if (isAccessControlContent(tree)) {
// TODO: review if read-ac permission is never fine-granular
- return ReadStatus.ALLOW_ALL;
+ return canReadAccessControlContent(tree, null) ?
ReadStatus.ALLOW_ALL : ReadStatus.DENY_ALL;
} else if (isVersionContent(tree)) {
return getVersionContentReadStatus(tree, property);
} else {
@@ -124,7 +124,9 @@ public class PermissionProviderImpl impl
@Override
public boolean isGranted(@Nonnull Tree tree, @Nullable PropertyState
property, long permissions) {
- if (isVersionContent(tree)) {
+ if (isHidden(tree, property)) {
+ return false;
+ } else if (isVersionContent(tree)) {
TreeLocation location = getVersionableLocation(tree, property);
if (location == null) {
// TODO: review permission evaluation on hierarchy nodes
within the different version stores.
