Examples with ResourceAccessGate org.apache.sling.resourceaccesssecurity.ResourceAccessGate used on opensource projects

Example 1 with ResourceAccessGate

use of org.apache.sling.resourceaccesssecurity.ResourceAccessGate in project sling by apache.

the class ResourceAccessSecurityImpl method getReadableResource.

@Override
public Resource getReadableResource(final Resource resource) {
    Resource returnValue = null;
    final Iterator<ResourceAccessGateHandler> accessGateHandlers = getMatchingResourceAccessGateHandlerIterator(resource.getPath(), ResourceAccessGate.Operation.READ);
    GateResult finalGateResult = null;
    List<ResourceAccessGate> accessGatesForReadValues = null;
    boolean canReadAllValues = false;
    if (accessGateHandlers != null) {
        boolean noGateMatched = true;
        while (accessGateHandlers.hasNext()) {
            noGateMatched = false;
            final ResourceAccessGateHandler resourceAccessGateHandler = accessGateHandlers.next();
            final GateResult gateResult = !resourceAccessGateHandler.getResourceAccessGate().hasReadRestrictions(resource.getResourceResolver()) ? GateResult.GRANTED : resourceAccessGateHandler.getResourceAccessGate().canRead(resource);
            if (!canReadAllValues && gateResult == GateResult.GRANTED) {
                if (resourceAccessGateHandler.getResourceAccessGate().canReadAllValues(resource)) {
                    canReadAllValues = true;
                    accessGatesForReadValues = null;
                } else {
                    if (accessGatesForReadValues == null) {
                        accessGatesForReadValues = new ArrayList<ResourceAccessGate>();
                    }
                    accessGatesForReadValues.add(resourceAccessGateHandler.getResourceAccessGate());
                }
            }
            if (finalGateResult == null) {
                finalGateResult = gateResult;
            } else if (finalGateResult != GateResult.GRANTED && gateResult != GateResult.CANT_DECIDE) {
                finalGateResult = gateResult;
            }
            // stop checking if the operation is final and the result not GateResult.CANT_DECIDE
            if (gateResult != GateResult.CANT_DECIDE && resourceAccessGateHandler.isFinalOperation(ResourceAccessGate.Operation.READ)) {
                break;
            }
        }
        // return null if access is denied or no ResourceAccessGate is present
        if (finalGateResult == GateResult.DENIED) {
            returnValue = null;
        } else if (finalGateResult == GateResult.GRANTED) {
            returnValue = resource;
        } else if (noGateMatched && this.defaultAllowIfNoGateMatches) {
            returnValue = resource;
        }
    }
    boolean canUpdateResource = canUpdate(resource);
    // wrap Resource if read access is not or partly (values) not granted
    if (returnValue != null) {
        if (!canReadAllValues || !canUpdateResource) {
            returnValue = new AccessGateResourceWrapper(returnValue, accessGatesForReadValues, canUpdateResource);
        }
    }
    return returnValue;
}

Example 2 with ResourceAccessGate

use of org.apache.sling.resourceaccesssecurity.ResourceAccessGate in project sling by apache.

the class ResourceAccessSecurityImplTests method initMocks.

private void initMocks(String path, String[] operations) {
    serviceReference = mock(ServiceReference.class);
    Bundle bundle = mock(Bundle.class);
    BundleContext bundleContext = mock(BundleContext.class);
    resourceAccessGate = mock(ResourceAccessGate.class);
    when(serviceReference.getBundle()).thenReturn(bundle);
    when(bundle.getBundleContext()).thenReturn(bundleContext);
    when(bundleContext.getService(serviceReference)).thenReturn(resourceAccessGate);
    when(serviceReference.getProperty(ResourceAccessGate.PATH)).thenReturn(path);
    when(serviceReference.getProperty(ResourceAccessGate.OPERATIONS)).thenReturn(operations);
    ((ProviderResourceAccessSecurityImpl) resourceAccessSecurity).bindResourceAccessGate(serviceReference);
}