inteligr8/alfresco-community-repo
1
0
Fork 0
mirror of https://github.com/Alfresco/alfresco-community-repo.git synced 2025-07-31 17:39:05 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merged V2.9 to HEAD

Browse Source 
9194:Merged V2.2 to V2.9
      8557: Fix for WCM-1120
      8580: Fix remainder of WCM-1120

git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@9200 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
This commit is contained in:
Andrew Hind
2008-05-21 11:14:22 +00:00
parent f0883f987f
commit 6c5f524c11
1 changed files with 38 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

49
source/java/org/alfresco/repo/security/permissions/impl/PermissionServiceImpl.java
View File

@@ -434,6 +434,12 @@ public class PermissionServiceImpl implements PermissionServiceSPI, Initializing
return doAvmCan(nodeRef, permIn); return doAvmCan(nodeRef, permIn);
} }
// Allow permissions for nodes that do not exist
if (!nodeService.exists(nodeRef))
{
return AccessStatus.ALLOWED;
}
final PermissionReference perm; final PermissionReference perm;
if (permIn.equals(OLD_ALL_PERMISSIONS_REFERENCE)) if (permIn.equals(OLD_ALL_PERMISSIONS_REFERENCE))
{ {
@@ -444,9 +450,12 @@ public class PermissionServiceImpl implements PermissionServiceSPI, Initializing
perm = permIn; perm = permIn;
} }
if (AuthenticationUtil.getCurrentEffectiveUserName() == null)
{
return AccessStatus.DENIED;
}
// Allow permissions for nodes that do not exist if (AuthenticationUtil.getCurrentEffectiveUserName().equals(AuthenticationUtil.getSystemUserName()))
if (!nodeService.exists(nodeRef))
{ {
return AccessStatus.ALLOWED; return AccessStatus.ALLOWED;
} }
@@ -469,16 +478,6 @@ public class PermissionServiceImpl implements PermissionServiceSPI, Initializing
return hasPermission(properties.getId(), context, perm); return hasPermission(properties.getId(), context, perm);
} }
if (AuthenticationUtil.getCurrentEffectiveUserName() == null)
{
return AccessStatus.DENIED;
}
if (AuthenticationUtil.getCurrentEffectiveUserName().equals(AuthenticationUtil.getSystemUserName()))
{
return AccessStatus.ALLOWED;
}
// Get the current authentications // Get the current authentications
// Use the smart authentication cache to improve permissions performance // Use the smart authentication cache to improve permissions performance
Authentication auth = AuthenticationUtil.getCurrentEffectiveAuthentication(); Authentication auth = AuthenticationUtil.getCurrentEffectiveAuthentication();
@@ -576,7 +575,31 @@ public class PermissionServiceImpl implements PermissionServiceSPI, Initializing
{ {
if (aclId == null) if (aclId == null)
{ {
return AccessStatus.ALLOWED; // Enforce store ACLs if set - the AVM default was to "allow" if there are no permissions set ...
if (context.getStoreAcl() == null)
{
return AccessStatus.ALLOWED;
}
else
{
if (AuthenticationUtil.getCurrentEffectiveUserName().equals(AuthenticationUtil.getSystemUserName()))
{
return AccessStatus.ALLOWED;
}
Authentication auth = AuthenticationUtil.getCurrentEffectiveAuthentication();
if (auth == null)
{
throw new IllegalStateException("Unauthenticated");
}
Set<String> storeAuthorisations = getAuthorisations(auth, (PermissionContext) null);
QName typeQname = context.getType();
Set<QName> aspectQNames = context.getAspects();
AclTest aclTest = new AclTest(permission, typeQname, aspectQNames);
boolean result = aclTest.evaluate(storeAuthorisations, context.getStoreAcl(), context);
AccessStatus status = result ? AccessStatus.ALLOWED : AccessStatus.DENIED;
return status;
}
} }
if (permission == null) if (permission == null)