Menu
▾
▴
[Exist-commits] eXist-1.0/src/org/exist/xquery/functions FunDoc.java,1.5,1.6 ExtDocument.java,1.5,1.6 ExtCollection.java,1.5,1.6
|
From: Wolfgang M. M. <wol...@us...> - 2004-07-02 16:54:34
|
Update of /cvsroot/exist/eXist-1.0/src/org/exist/xquery/functions In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv15785/src/org/exist/xquery/functions Modified Files: FunDoc.java ExtDocument.java ExtCollection.java Log Message: Fixed resource read/write permissions check. Index: ExtDocument.java =================================================================== RCS file: /cvsroot/exist/eXist-1.0/src/org/exist/xquery/functions/ExtDocument.java,v retrieving revision 1.5 retrieving revision 1.6 diff -C2 -d -r1.5 -r1.6 *** ExtDocument.java 23 Jun 2004 12:46:35 -0000 1.5 --- ExtDocument.java 2 Jul 2004 16:53:55 -0000 1.6 *************** *** 32,35 **** --- 32,36 ---- import org.exist.dom.NodeProxy; import org.exist.dom.QName; + import org.exist.security.Permission; import org.exist.security.PermissionDeniedException; import org.exist.util.LockException; *************** *** 125,128 **** --- 126,131 ---- DocumentImpl doc = (DocumentImpl) context.getBroker().getDocument(next); if(doc != null) { + if(!doc.getPermissions().validate(context.getUser(), Permission.READ)) + throw new XPathException("Insufficient privileges to read resource " + next); docs.add(doc); } Index: FunDoc.java =================================================================== RCS file: /cvsroot/exist/eXist-1.0/src/org/exist/xquery/functions/FunDoc.java,v retrieving revision 1.5 retrieving revision 1.6 diff -C2 -d -r1.5 -r1.6 *** FunDoc.java 23 Jun 2004 12:46:35 -0000 1.5 --- FunDoc.java 2 Jul 2004 16:53:55 -0000 1.6 *************** *** 26,29 **** --- 26,30 ---- import org.exist.dom.NodeProxy; import org.exist.dom.QName; + import org.exist.security.Permission; import org.exist.security.PermissionDeniedException; import org.exist.util.Lock; *************** *** 111,114 **** --- 112,117 ---- if(doc == null) return Sequence.EMPTY_SEQUENCE; + if(!doc.getPermissions().validate(context.getUser(), Permission.READ)) + throw new XPathException(getASTNode(), "Insufficient privileges to read resource " + path); // wait for currently pending updates dlock = doc.getUpdateLock(); Index: ExtCollection.java =================================================================== RCS file: /cvsroot/exist/eXist-1.0/src/org/exist/xquery/functions/ExtCollection.java,v retrieving revision 1.5 retrieving revision 1.6 diff -C2 -d -r1.5 -r1.6 *** ExtCollection.java 23 Jun 2004 12:46:35 -0000 1.5 --- ExtCollection.java 2 Jul 2004 16:53:55 -0000 1.6 *************** *** 27,30 **** --- 27,31 ---- import java.util.List; + import org.exist.collections.Collection; import org.exist.dom.DocumentImpl; import org.exist.dom.DocumentSet; *************** *** 33,37 **** import org.exist.dom.NodeSet; import org.exist.dom.QName; - import org.exist.security.PermissionDeniedException; import org.exist.util.Lock; import org.exist.util.LockException; --- 34,37 ---- *************** *** 101,110 **** for (int i = 0; i < args.size(); i++) { String next = (String)args.get(i); ! try { ! context.getBroker().getDocumentsByCollection(next, docs, includeSubCollections); ! } catch (PermissionDeniedException e) { ! throw new XPathException( ! "Permission denied: unable to load document " + next); ! } } NodeSet result = new ExtArrayNodeSet(docs.getLength(), 1); --- 101,106 ---- for (int i = 0; i < args.size(); i++) { String next = (String)args.get(i); ! Collection coll = context.getBroker().getCollection(next); ! coll.allDocs(context.getBroker(), docs, includeSubCollections, true); } NodeSet result = new ExtArrayNodeSet(docs.getLength(), 1); |
