luetzkendorf 2005/02/21 01:02:10
Modified: src/share/org/apache/slide/structure StructureImpl.java
Log:
New domain parameter "ancestors-read-permissions-required" introduced.
This allows to disable the test of the read permission on all anestors while
writing to a resource.
Revision Changes Path
1.56 +46 -48
jakarta-slide/src/share/org/apache/slide/structure/StructureImpl.java
Index: StructureImpl.java
===================================================================
RCS file:
/home/cvs/jakarta-slide/src/share/org/apache/slide/structure/StructureImpl.java,v
retrieving revision 1.55
retrieving revision 1.56
diff -u -r1.55 -r1.56
--- StructureImpl.java 15 Dec 2004 16:30:19 -0000 1.55
+++ StructureImpl.java 21 Feb 2005 09:02:10 -0000 1.56
@@ -29,6 +29,7 @@
import java.util.List;
import java.util.Vector;
+import org.apache.slide.common.Domain;
import org.apache.slide.common.Namespace;
import org.apache.slide.common.NamespaceConfig;
import org.apache.slide.common.ServiceAccessException;
@@ -176,15 +177,14 @@
// First of all, we try to load the object directly from the given
Uri.
try {
result = uri.getStore().retrieveObject(uri);
- securityHelper.checkCredentials
- (token, result, namespaceConfig.getReadObjectAction());
+ securityHelper.checkCredentials(token, result,
+ namespaceConfig.getReadObjectAction());
if ((translateLastUriElement) && (result instanceof LinkNode)) {
LinkNode link = (LinkNode) result;
Uri linkedUri = namespace.getUri(token, link.getLinkedUri());
- result = linkedUri.getStore()
- .retrieveObject(linkedUri);
- securityHelper.checkCredentials
- (token, result, namespaceConfig.getReadObjectAction());
+ result = linkedUri.getStore().retrieveObject(linkedUri);
+ securityHelper.checkCredentials(token, result,
+ namespaceConfig.getReadObjectAction());
}
} catch (ObjectNotFoundException e) {
}
@@ -208,13 +208,14 @@
// 3 - Load object's class from the uri. If the object
// does not exist, a DataException is thrown.
courUri = uriTokenizer.nextUri();
- courObject = courUri.getStore()
- .retrieveObject(courUri);
+ courObject = courUri.getStore().retrieveObject(courUri);
// We check to see if the credentials gives access to
//the current object
- securityHelper.checkCredentials
- (token, courObject,
namespaceConfig.getReadObjectAction());
+ if
(Domain.getParameter("ancestors-read-permissions-required",
"true").equals("true")) {
+ securityHelper.checkCredentials(token, courObject,
+ namespaceConfig.getReadObjectAction());
+ }
// 4 - Test if object is a link, ie if it is an instance
// of LinkNode or one of its subclasses
@@ -229,8 +230,8 @@
// the linked object
// Note : courUri still IS the Uri of the link, and so,
// in a way courUri is the parent of linkedUri.
- Uri linkedUri = namespace
- .getUri(token, ((LinkNode)
courObject).getLinkedUri());
+ Uri linkedUri = namespace.getUri(token,
+ ((LinkNode) courObject).getLinkedUri());
// 6 - We replace the courUri scope in the original uri
String courStrUri = courUri.toString();
@@ -269,8 +270,7 @@
}
- public void create(SlideToken token, ObjectNode object,
- String strUri)
+ public void create(SlideToken token, ObjectNode object, String strUri)
throws ServiceAccessException, ObjectAlreadyExistsException,
ObjectNotFoundException, LinkedObjectNotFoundException,
AccessDeniedException, ObjectLockedException, VetoException {
@@ -285,10 +285,8 @@
// Allow only the namespace admin to create roles
// he doesn't have
Uri rootUri = namespace.getUri(token, "/");
- ObjectNode rootObject =
- rootUri.getStore().retrieveObject(rootUri);
- securityHelper.checkCredentials
- (token, rootObject,
+ ObjectNode rootObject =
rootUri.getStore().retrieveObject(rootUri);
+ securityHelper.checkCredentials(token, rootObject,
namespaceConfig.getGrantPermissionAction());
break;
}
@@ -314,11 +312,11 @@
// not exist, a DataException is thrown.
courUri = uriTokenizer.nextUri();
try {
- courObject = courUri.getStore()
- .retrieveObject(courUri);
- securityHelper
- .checkCredentials(token, courObject,
- namespaceConfig.getReadObjectAction());
+ courObject = courUri.getStore().retrieveObject(courUri);
+ if
(Domain.getParameter("ancestor-read-permissions-required",
"true").equals("true")) {
+ securityHelper.checkCredentials(token, courObject,
+ namespaceConfig.getReadObjectAction());
+ }
if (!uriTokenizer.hasMoreElements()) {
// The object already exists
alreadyExists = true;
@@ -337,9 +335,8 @@
}
if (parentObject != null) {
- securityHelper
- .checkCredentials(token, courObject, namespaceConfig
- .getBindMemberAction());
+ securityHelper.checkCredentials(token, courObject,
+ namespaceConfig.getBindMemberAction());
// Now creating the new object
newObject.setUri(courUri.toString());
@@ -465,11 +462,9 @@
// Allow only the namespace admin to create roles
// he doesn't have
Uri rootUri = namespace.getUri(token, "/");
- ObjectNode rootObject =
- rootUri.getStore().retrieveObject(rootUri);
- securityHelper.checkCredentials
- (token, rootObject,
- namespaceConfig.getGrantPermissionAction());
+ ObjectNode rootObject =
rootUri.getStore().retrieveObject(rootUri);
+ securityHelper.checkCredentials(token, rootObject,
+ namespaceConfig.getGrantPermissionAction());
break;
}
}
@@ -477,9 +472,8 @@
// working on realObject, we will lose changes immediatly done
before call of store
// i observerd this with some BIND testcases
//ObjectNode realObject = retrieve(token, object.getUri(), false);
- securityHelper
- .checkCredentials(token, object,
- namespaceConfig.getCreateObjectAction());
+ securityHelper.checkCredentials(token, object,
+ namespaceConfig.getCreateObjectAction());
Uri uri = namespace.getUri(token, object.getUri());
Store store = uri.getStore();
store.storeObject(uri, object);
@@ -530,14 +524,14 @@
ObjectNode parentNode =
parentUri.getStore().retrieveObject(parentUri);
- securityHelper.checkCredentials
- (token, nodeToDelete,
namespaceConfig.getRemoveObjectAction());
- securityHelper.checkCredentials
- (token, parentNode, namespaceConfig.getUnbindMemberAction());
- lockHelper.checkLock
- (token, nodeToDelete,
namespaceConfig.getRemoveObjectAction());
- lockHelper.checkLock
- (token, parentNode, namespaceConfig.getUnbindMemberAction());
+ securityHelper.checkCredentials(token, nodeToDelete,
+ namespaceConfig.getRemoveObjectAction());
+ securityHelper.checkCredentials(token, parentNode,
+ namespaceConfig.getUnbindMemberAction());
+ lockHelper.checkLock(token, nodeToDelete,
+ namespaceConfig.getRemoveObjectAction());
+ lockHelper.checkLock(token, parentNode,
+ namespaceConfig.getUnbindMemberAction());
parentNode.removeChild(nodeToDelete);
store(token, parentNode, true);
@@ -667,7 +661,11 @@
* @throws AccessDeniedException
*
*/
- public List getParents(SlideToken token, ObjectNode object, boolean
pathOnly, boolean storeOnly, boolean includeSelf) throws
ServiceAccessException, ObjectNotFoundException, LinkedObjectNotFoundException,
AccessDeniedException, VetoException {
+ public List getParents(SlideToken token, ObjectNode object,
+ boolean pathOnly, boolean storeOnly, boolean includeSelf)
+ throws ServiceAccessException, ObjectNotFoundException,
+ LinkedObjectNotFoundException, AccessDeniedException,
VetoException
+ {
List result = new ArrayList();
if (pathOnly) {
@@ -689,7 +687,7 @@
result.add( retrieve(token, path.toString()) );
}
}
-}
+ }
else {
// TODO
}
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
