Menu
▾
▴
[Exist-commits] eXist-1.0/src/org/exist/collections Collection.java,1.32,1.33
|
From: Wolfgang M. M. <wol...@us...> - 2004-07-02 16:54:33
|
Update of /cvsroot/exist/eXist-1.0/src/org/exist/collections In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv15785/src/org/exist/collections Modified Files: Collection.java Log Message: Fixed resource read/write permissions check. Index: Collection.java =================================================================== RCS file: /cvsroot/exist/eXist-1.0/src/org/exist/collections/Collection.java,v retrieving revision 1.32 retrieving revision 1.33 diff -C2 -d -r1.32 -r1.33 *** Collection.java 21 Jun 2004 09:36:09 -0000 1.32 --- Collection.java 2 Jul 2004 16:53:53 -0000 1.33 *************** *** 267,280 **** */ public DocumentSet allDocs(DBBroker broker, DocumentSet docs, ! boolean recursive) { if (permissions.validate(broker.getUser(), Permission.READ)) { ! getDocuments(broker, docs); if (recursive) ! allDocs(broker, docs); } return docs; } ! private DocumentSet allDocs(DBBroker broker, DocumentSet docs) { try { lock.acquire(Lock.READ_LOCK); --- 267,280 ---- */ public DocumentSet allDocs(DBBroker broker, DocumentSet docs, ! boolean recursive, boolean checkPermissions) { if (permissions.validate(broker.getUser(), Permission.READ)) { ! getDocuments(broker, docs, checkPermissions); if (recursive) ! allDocs(broker, docs, checkPermissions); } return docs; } ! private DocumentSet allDocs(DBBroker broker, DocumentSet docs, boolean checkPermissions) { try { lock.acquire(Lock.READ_LOCK); *************** *** 287,294 **** if(child == null) { LOG.warn("child collection " + childName + " not found. Skipping ..."); } else if (child.permissions.validate(broker.getUser(), Permission.READ)) { ! child.getDocuments(broker, docs); if (child.getChildCollectionCount() > 0) ! child.allDocs(broker, docs); } } --- 287,295 ---- if(child == null) { LOG.warn("child collection " + childName + " not found. Skipping ..."); + // we always check if we have permissions to read the child collection } else if (child.permissions.validate(broker.getUser(), Permission.READ)) { ! child.getDocuments(broker, docs, checkPermissions); if (child.getChildCollectionCount() > 0) ! child.allDocs(broker, docs, checkPermissions); } } *************** *** 306,310 **** * @param docs */ ! public DocumentSet getDocuments(DBBroker broker, DocumentSet docs) { try { lock.acquire(Lock.READ_LOCK); --- 307,311 ---- * @param docs */ ! public DocumentSet getDocuments(DBBroker broker, DocumentSet docs, boolean checkPermissions) { try { lock.acquire(Lock.READ_LOCK); *************** *** 314,318 **** } docs.addCollection(this); ! docs.addAll(broker, documents.values()); } catch (LockException e) { LOG.warn(e.getMessage(), e); --- 315,319 ---- } docs.addCollection(this); ! docs.addAll(broker, documents.values(), checkPermissions); } catch (LockException e) { LOG.warn(e.getMessage(), e); *************** *** 538,542 **** */ public Iterator iterator(DBBroker broker) { ! return getDocuments(broker, new DocumentSet()).iterator(); } --- 539,543 ---- */ public Iterator iterator(DBBroker broker) { ! return getDocuments(broker, new DocumentSet(), false).iterator(); } *************** *** 682,685 **** --- 683,691 ---- throw new PermissionDeniedException("Document " + doc.getFileName() + " is locked for write"); + if (!getPermissions().validate(broker.getUser(), Permission.WRITE)) + throw new PermissionDeniedException( + "write access to collection denied; user=" + broker.getUser().getName()); + if (!doc.getPermissions().validate(broker.getUser(), Permission.WRITE)) + throw new PermissionDeniedException("permission to remove document denied"); try { lock.acquire(Lock.WRITE_LOCK); |
