[Exist-commits] eXist-1.0/src/org/exist/storage/serializers XIncludeFilter.java,1.17,1.18 Serializer

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Update of /cvsroot/exist/eXist-1.0/src/org/exist/storage/serializers
In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv15785/src/org/exist/storage/serializers

Modified Files:
	XIncludeFilter.java Serializer.java 
Log Message:
Fixed resource read/write permissions check.

Index: XIncludeFilter.java
===================================================================
RCS file: /cvsroot/exist/eXist-1.0/src/org/exist/storage/serializers/XIncludeFilter.java,v
retrieving revision 1.17
retrieving revision 1.18
diff -C2 -d -r1.17 -r1.18
*** XIncludeFilter.java	8 Mar 2004 11:21:21 -0000	1.17
--- XIncludeFilter.java	2 Jul 2004 16:53:54 -0000	1.18
***************
*** 12,15 ****
--- 12,16 ----
  import org.exist.dom.NodeSet;
  import org.exist.dom.XMLUtil;
+ import org.exist.security.Permission;
  import org.exist.security.PermissionDeniedException;
  import org.exist.xquery.PathExpr;
***************
*** 177,180 ****
--- 178,183 ----
  			try {
  				doc = (DocumentImpl) serializer.broker.getDocument(docName);
+ 				if(!doc.getPermissions().validate(serializer.broker.getUser(), Permission.READ))
+ 					throw new PermissionDeniedException("Permission denied to read xincluded resource");
  			} catch (PermissionDeniedException e) {
  				LOG.warn("permission denied", e);

Index: Serializer.java
===================================================================
RCS file: /cvsroot/exist/eXist-1.0/src/org/exist/storage/serializers/Serializer.java,v
retrieving revision 1.24
retrieving revision 1.25
diff -C2 -d -r1.24 -r1.25
*** Serializer.java	10 May 2004 11:22:43 -0000	1.24
--- Serializer.java	2 Jul 2004 16:53:54 -0000	1.25
***************
*** 52,55 ****
--- 52,56 ----
  import org.exist.dom.XMLUtil;
  import org.exist.memtree.Receiver;
+ import org.exist.security.Permission;
  import org.exist.security.PermissionDeniedException;
  import org.exist.security.User;
***************
*** 313,317 ****
  			else
  				LOG.debug("serializing " + doc.getFileName());
! 
  			serializeToSAX(doc, true);
  		} catch (PermissionDeniedException e) {
--- 314,319 ----
  			else
  				LOG.debug("serializing " + doc.getFileName());
! 			if(!doc.getPermissions().validate(broker.getUser(), Permission.READ))
! 				throw new PermissionDeniedException("Not allowed to read resource");
  			serializeToSAX(doc, true);
  		} catch (PermissionDeniedException e) {
***************
*** 709,712 ****
--- 711,719 ----
  				return;
  			}
+ 			if(!xsl.getPermissions().validate(broker.getUser(), Permission.READ)) {
+ 			    LOG.debug("Permission denied to read stylesheet doc.");
+ 			    return;
+ 			}
+ 				
  			if (xsl.getCollection() != null) {
  				factory.setURIResolver(

[Exist-commits] eXist-1.0/src/org/exist/storage/serializers XIncludeFilter.java,1.17,1.18 Serializer

eXist-db is a feature rich Open Source native XML database

[Exist-commits] eXist-1.0/src/org/exist/storage/serializers XIncludeFilter.java,1.17,1.18 Serializer.java,1.24,1.25