Added decide method for PermissionedResults (included in DOD5015 provider)

git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@28652 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
2025-08-07 17:49:17 +00:00 · 2011-06-28 11:13:49 +00:00
parent bb37ccc043
commit a9dda71f45
1 changed files with 17 additions and 39 deletions
--- a/source/java/org/alfresco/repo/security/permissions/impl/acegi/ACLEntryAfterInvocationProvider.java
+++ b/source/java/org/alfresco/repo/security/permissions/impl/acegi/ACLEntryAfterInvocationProvider.java
@@ -36,8 +36,6 @@ import net.sf.acegisecurity.ConfigAttributeDefinition;
 import net.sf.acegisecurity.afterinvocation.AfterInvocationProvider;
 import org.alfresco.cmis.CMISResultSet;
 import org.alfresco.error.AlfrescoRuntimeException;
 import org.alfresco.query.PagingResults;
 import org.alfresco.query.PermissionedResults;
 import org.alfresco.repo.blog.BlogPostInfo;
 import org.alfresco.repo.search.SimpleResultSetMetaData;
@@ -257,47 +255,19 @@ public class ACLEntryAfterInvocationProvider implements AfterInvocationProvider,
            }
            else if (StoreRef.class.isAssignableFrom(returnedObject.getClass()))
            {
                if (log.isDebugEnabled())
                {
                    log.debug("Store access");
                }
                return decide(authentication, object, config, nodeService.getRootNode((StoreRef) returnedObject)).getStoreRef();
            }
            else if (NodeRef.class.isAssignableFrom(returnedObject.getClass()))
            {
                if (log.isDebugEnabled())
                {
                    log.debug("Node access");
                }
                return decide(authentication, object, config, (NodeRef) returnedObject);
            }
            else if (FileInfo.class.isAssignableFrom(returnedObject.getClass()))
            {
                return decide(authentication, object, config, (FileInfo) returnedObject);
            }
-            else if (PagingResults.class.isAssignableFrom(returnedObject.getClass()))
+            else if (PermissionedResults.class.isAssignableFrom(returnedObject.getClass()))
            {
-                if (PermissionedResults.class.isAssignableFrom(returnedObject.getClass()) &&
+                return decide(authentication, object, config, (PermissionedResults) returnedObject);
                    (! ((PermissionedResults)returnedObject).permissionsApplied()))
                {
                    throw new AlfrescoRuntimeException("Not implemented");
                    /*
                    if (log.isDebugEnabled())
                    {
                        log.debug("Paging Results access");
                    }
                    return decide(authentication, object, config, ((PagingResults<?>) returnedObject);
                    */
                }
                else
                {
                    if (log.isDebugEnabled())
                    {
                        log.debug("Paging Results access - already checked permissions for " + object.getClass().getName());
                    }
                    return returnedObject;
                }
            }
            else if (Pair.class.isAssignableFrom(returnedObject.getClass()))
            {
@@ -486,7 +456,17 @@ public class ACLEntryAfterInvocationProvider implements AfterInvocationProvider,
        // the noderef was allowed
        return returnedObject;
    }
-
+    
    private PermissionedResults decide(Authentication authentication, Object object, ConfigAttributeDefinition config, PermissionedResults returnedObject) throws AccessDeniedException
    {
        if (!returnedObject.permissionsApplied())
        {
            throw new UnsupportedOperationException("PermissionedResults must have permissionsApplied() == true.");
        }
        // This passes
        return returnedObject;
    }
    @SuppressWarnings("rawtypes")
    private Pair decide(Authentication authentication, Object object, ConfigAttributeDefinition config, Pair returnedObject) throws AccessDeniedException
    {
@@ -496,6 +476,7 @@ public class ACLEntryAfterInvocationProvider implements AfterInvocationProvider,
        return returnedObject;
    }
    @SuppressWarnings("rawtypes")
    private List<ConfigAttributeDefintion> extractSupportedDefinitions(ConfigAttributeDefinition config)
    {
        List<ConfigAttributeDefintion> definitions = new ArrayList<ConfigAttributeDefintion>();
@@ -866,6 +847,7 @@ public class ACLEntryAfterInvocationProvider implements AfterInvocationProvider,
        return new QueryEngineResults(answer);
    }
    @SuppressWarnings("rawtypes")
    private Collection decide(Authentication authentication, Object object, ConfigAttributeDefinition config, Collection returnedObject) throws AccessDeniedException
    {
        if (returnedObject == null)
@@ -1045,15 +1027,10 @@ public class ACLEntryAfterInvocationProvider implements AfterInvocationProvider,
    @SuppressWarnings("rawtypes")
    private Object[] decide(Authentication authentication, Object object, ConfigAttributeDefinition config, Object[] returnedObject) throws AccessDeniedException
    {
        // Assumption: value is not null
        BitSet incudedSet = new BitSet(returnedObject.length);
        if (returnedObject == null)
        {
            return null;
        }
        List<ConfigAttributeDefintion> supportedDefinitions = extractSupportedDefinitions(config);
        if (supportedDefinitions.size() == 0)
@@ -1168,6 +1145,7 @@ public class ACLEntryAfterInvocationProvider implements AfterInvocationProvider,
        }
    }
    @SuppressWarnings("rawtypes")
    public boolean supports(Class clazz)
    {
        return (MethodInvocation.class.isAssignableFrom(clazz));