Menu
▾
▴
[Exist-commits] eXist-1.0/src/org/exist/http RESTServer.java,1.13,1.14
|
From: Wolfgang M. M. <wol...@us...> - 2004-07-02 16:54:05
|
Update of /cvsroot/exist/eXist-1.0/src/org/exist/http In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv15785/src/org/exist/http Modified Files: RESTServer.java Log Message: Fixed resource read/write permissions check. Index: RESTServer.java =================================================================== RCS file: /cvsroot/exist/eXist-1.0/src/org/exist/http/RESTServer.java,v retrieving revision 1.13 retrieving revision 1.14 diff -C2 -d -r1.13 -r1.14 *** RESTServer.java 21 Jun 2004 15:27:38 -0000 1.13 --- RESTServer.java 2 Jul 2004 16:53:56 -0000 1.14 *************** *** 164,173 **** if(!collection.getPermissions().validate(broker.getUser(), Permission.READ)) throw new PermissionDeniedException("Not allowed to read collection"); ! else ! response = new Response(printCollection(broker, collection)); } else { throw new NotFoundException("Document " + path + " not found"); } } else { if(d.getResourceType() == DocumentImpl.BINARY_FILE) { response.setContent(broker.getBinaryResourceData((BinaryDocument)d)); --- 164,174 ---- if(!collection.getPermissions().validate(broker.getUser(), Permission.READ)) throw new PermissionDeniedException("Not allowed to read collection"); ! response = new Response(printCollection(broker, collection)); } else { throw new NotFoundException("Document " + path + " not found"); } } else { + if(!d.getPermissions().validate(broker.getUser(), Permission.READ)) + throw new PermissionDeniedException("Not allowed to read resource"); if(d.getResourceType() == DocumentImpl.BINARY_FILE) { response.setContent(broker.getBinaryResourceData((BinaryDocument)d)); *************** *** 277,286 **** Collection collection = broker.getCollection(path); if(collection != null) { ! collection.allDocs(broker, docs, true); } else { DocumentImpl xupdateDoc = (DocumentImpl)broker.getDocument(path); ! if(doc != null) ! docs.add(doc); ! else broker.getAllDocuments(docs); } --- 278,289 ---- Collection collection = broker.getCollection(path); if(collection != null) { ! collection.allDocs(broker, docs, true, true); } else { DocumentImpl xupdateDoc = (DocumentImpl)broker.getDocument(path); ! if(xupdateDoc != null) { ! if(!xupdateDoc.getPermissions().validate(broker.getUser(), Permission.READ)) ! throw new PermissionDeniedException("Not allowed to read collection"); ! docs.add(xupdateDoc); ! } else broker.getAllDocuments(docs); } *************** *** 432,441 **** Collection collection = broker.getCollection(path); if (collection != null) { ! collection.allDocs(broker, docs, true); } else { DocumentImpl doc = (DocumentImpl) broker.getDocument(path); ! if (doc != null) docs.add(doc); ! else broker.getAllDocuments(docs); } --- 435,446 ---- Collection collection = broker.getCollection(path); if (collection != null) { ! collection.allDocs(broker, docs, true, true); } else { DocumentImpl doc = (DocumentImpl) broker.getDocument(path); ! if (doc != null) { ! if(!doc.getPermissions().validate(broker.getUser(), Permission.READ)) ! throw new PermissionDeniedException("Not allowed to read collection"); docs.add(doc); ! } else broker.getAllDocuments(docs); } |
