Menu
▾
▴
[Exist-commits] eXist-1.0/src/org/exist/xmlrpc RpcConnection.java,1.61,1.62
|
From: Wolfgang M. M. <wol...@us...> - 2004-07-02 16:54:06
|
Update of /cvsroot/exist/eXist-1.0/src/org/exist/xmlrpc In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv15785/src/org/exist/xmlrpc Modified Files: RpcConnection.java Log Message: Fixed resource read/write permissions check. Index: RpcConnection.java =================================================================== RCS file: /cvsroot/exist/eXist-1.0/src/org/exist/xmlrpc/RpcConnection.java,v retrieving revision 1.61 retrieving revision 1.62 diff -C2 -d -r1.61 -r1.62 *** RpcConnection.java 8 Jun 2004 08:16:12 -0000 1.61 --- RpcConnection.java 2 Jul 2004 16:53:56 -0000 1.62 *************** *** 221,225 **** docs = new DocumentSet(); Collection root = broker.getCollection(baseURI); ! root.allDocs(broker, docs, true); } } --- 221,225 ---- docs = new DocumentSet(); Collection root = broker.getCollection(baseURI); ! root.allDocs(broker, docs, true, true); } } *************** *** 438,441 **** --- 438,443 ---- return null; } + if(!collection.getPermissions().validate(user, Permission.READ)) + throw new PermissionDeniedException("Insufficient privileges to read resource"); doc = collection.getDocumentWithLock(broker, docName); if (doc == null) { *************** *** 443,446 **** --- 445,450 ---- throw new EXistException("document not found"); } + if(!doc.getPermissions().validate(user, Permission.READ)) + throw new PermissionDeniedException("Insufficient privileges to read resource " + docName); Serializer serializer = broker.getSerializer(); *************** *** 540,543 **** --- 544,549 ---- throw new EXistException("Document " + name + " is not a binary resource"); + if(!doc.getPermissions().validate(user, Permission.READ)) + throw new PermissionDeniedException("Insufficient privileges to read resource"); return broker.getBinaryResourceData((BinaryDocument) doc); } finally { *************** *** 557,561 **** + " not found"); DocumentSet docs = collection.allDocs(broker, new DocumentSet(), ! true); XUpdateProcessor processor = new XUpdateProcessor(broker, docs); Modification modifications[] = processor.parse(new InputSource( --- 563,567 ---- + " not found"); DocumentSet docs = collection.allDocs(broker, new DocumentSet(), ! true, true); XUpdateProcessor processor = new XUpdateProcessor(broker, docs); Modification modifications[] = processor.parse(new InputSource( *************** *** 582,588 **** try { broker = brokerPool.get(user); ! Document doc = broker.getDocument(resource); if (doc == null) throw new EXistException("document " + resource + " not found"); DocumentSet docs = new DocumentSet(); docs.add(doc); --- 588,596 ---- try { broker = brokerPool.get(user); ! DocumentImpl doc = (DocumentImpl)broker.getDocument(resource); if (doc == null) throw new EXistException("document " + resource + " not found"); + if(!doc.getPermissions().validate(user, Permission.READ)) + throw new PermissionDeniedException("Insufficient privileges to read resource"); DocumentSet docs = new DocumentSet(); docs.add(doc); *************** *** 1574,1577 **** --- 1582,1587 ---- broker = brokerPool.get(user); DocumentImpl doc = (DocumentImpl) broker.getDocument(path); + if(!doc.getPermissions().validate(user, Permission.READ)) + throw new PermissionDeniedException("Insufficient privileges to read resource"); if (doc == null) throw new EXistException("Resource " + path + " not found"); |
