[Exist-commits] eXist-1.0/src/org/exist/soap AdminSoapBindingImpl.java,1.14,1.15 QuerySoapBindingImpl.java,1.21,1.22

[Wolfgang M. M. <wol...@us...>]

Update of /cvsroot/exist/eXist-1.0/src/org/exist/soap
In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv15785/src/org/exist/soap

Modified Files:
	AdminSoapBindingImpl.java QuerySoapBindingImpl.java 
Log Message:
Fixed resource read/write permissions check.

Index: QuerySoapBindingImpl.java
===================================================================
RCS file: /cvsroot/exist/eXist-1.0/src/org/exist/soap/QuerySoapBindingImpl.java,v
retrieving revision 1.21
retrieving revision 1.22
diff -C2 -d -r1.21 -r1.22
*** QuerySoapBindingImpl.java	8 Jun 2004 08:16:10 -0000	1.21
--- QuerySoapBindingImpl.java	2 Jul 2004 16:53:55 -0000	1.22
***************
*** 165,168 ****
--- 165,170 ----
  			if (document == null)
  				throw new RemoteException("resource " + name + " not found");
+ 			if(!document.getPermissions().validate(broker.getUser(), Permission.READ))
+ 				throw new PermissionDeniedException("Not allowed to read resource");
  			Serializer serializer = broker.getSerializer();
  			serializer.reset();

Index: AdminSoapBindingImpl.java
===================================================================
RCS file: /cvsroot/exist/eXist-1.0/src/org/exist/soap/AdminSoapBindingImpl.java,v
retrieving revision 1.14
retrieving revision 1.15
diff -C2 -d -r1.14 -r1.15
*** AdminSoapBindingImpl.java	8 Jun 2004 08:16:10 -0000	1.14
--- AdminSoapBindingImpl.java	2 Jul 2004 16:53:55 -0000	1.15
***************
*** 12,15 ****
--- 12,16 ----
  import org.exist.dom.DocumentImpl;
  import org.exist.dom.DocumentSet;
+ import org.exist.security.Permission;
  import org.exist.security.PermissionDeniedException;
  import org.exist.security.User;
***************
*** 20,24 ****
  import org.exist.xupdate.Modification;
  import org.exist.xupdate.XUpdateProcessor;
- import org.w3c.dom.Document;
  import org.xml.sax.InputSource;
  import org.xml.sax.SAXException;
--- 21,24 ----
***************
*** 204,208 ****
  					"collection " + collectionName + " not found");
  			DocumentSet docs =
! 				collection.allDocs(broker, new DocumentSet(), true);
  			XUpdateProcessor processor =
  				new XUpdateProcessor(broker, docs);
--- 204,208 ----
  					"collection " + collectionName + " not found");
  			DocumentSet docs =
! 				collection.allDocs(broker, new DocumentSet(), true, true);
  			XUpdateProcessor processor =
  				new XUpdateProcessor(broker, docs);
***************
*** 246,253 ****
  		try {
  			broker = pool.get(session.getUser());
! 			Document doc = broker.getDocument(documentName);
  			if (doc == null)
  				throw new RemoteException(
  					"document " + documentName + " not found");
  			DocumentSet docs = new DocumentSet();
  			docs.add(doc);
--- 246,255 ----
  		try {
  			broker = pool.get(session.getUser());
! 			DocumentImpl doc = (DocumentImpl)broker.getDocument(documentName);
  			if (doc == null)
  				throw new RemoteException(
  					"document " + documentName + " not found");
+ 			if(!doc.getPermissions().validate(broker.getUser(), Permission.READ))
+ 				throw new RemoteException("Not allowed to read resource");
  			DocumentSet docs = new DocumentSet();
  			docs.add(doc);