Search in sources :

Example 1 with GateResult

use of org.apache.sling.resourceaccesssecurity.ResourceAccessGate.GateResult in project sling by apache.

the class ResourceAccessSecurityImpl method getReadableResource.

@Override
public Resource getReadableResource(final Resource resource) {
    Resource returnValue = null;
    final Iterator<ResourceAccessGateHandler> accessGateHandlers = getMatchingResourceAccessGateHandlerIterator(resource.getPath(), ResourceAccessGate.Operation.READ);
    GateResult finalGateResult = null;
    List<ResourceAccessGate> accessGatesForReadValues = null;
    boolean canReadAllValues = false;
    if (accessGateHandlers != null) {
        boolean noGateMatched = true;
        while (accessGateHandlers.hasNext()) {
            noGateMatched = false;
            final ResourceAccessGateHandler resourceAccessGateHandler = accessGateHandlers.next();
            final GateResult gateResult = !resourceAccessGateHandler.getResourceAccessGate().hasReadRestrictions(resource.getResourceResolver()) ? GateResult.GRANTED : resourceAccessGateHandler.getResourceAccessGate().canRead(resource);
            if (!canReadAllValues && gateResult == GateResult.GRANTED) {
                if (resourceAccessGateHandler.getResourceAccessGate().canReadAllValues(resource)) {
                    canReadAllValues = true;
                    accessGatesForReadValues = null;
                } else {
                    if (accessGatesForReadValues == null) {
                        accessGatesForReadValues = new ArrayList<ResourceAccessGate>();
                    }
                    accessGatesForReadValues.add(resourceAccessGateHandler.getResourceAccessGate());
                }
            }
            if (finalGateResult == null) {
                finalGateResult = gateResult;
            } else if (finalGateResult != GateResult.GRANTED && gateResult != GateResult.CANT_DECIDE) {
                finalGateResult = gateResult;
            }
            // stop checking if the operation is final and the result not GateResult.CANT_DECIDE
            if (gateResult != GateResult.CANT_DECIDE && resourceAccessGateHandler.isFinalOperation(ResourceAccessGate.Operation.READ)) {
                break;
            }
        }
        // return null if access is denied or no ResourceAccessGate is present
        if (finalGateResult == GateResult.DENIED) {
            returnValue = null;
        } else if (finalGateResult == GateResult.GRANTED) {
            returnValue = resource;
        } else if (noGateMatched && this.defaultAllowIfNoGateMatches) {
            returnValue = resource;
        }
    }
    boolean canUpdateResource = canUpdate(resource);
    // wrap Resource if read access is not or partly (values) not granted
    if (returnValue != null) {
        if (!canReadAllValues || !canUpdateResource) {
            returnValue = new AccessGateResourceWrapper(returnValue, accessGatesForReadValues, canUpdateResource);
        }
    }
    return returnValue;
}
Also used : GateResult(org.apache.sling.resourceaccesssecurity.ResourceAccessGate.GateResult) Resource(org.apache.sling.api.resource.Resource) ResourceAccessGate(org.apache.sling.resourceaccesssecurity.ResourceAccessGate)

Example 2 with GateResult

use of org.apache.sling.resourceaccesssecurity.ResourceAccessGate.GateResult in project sling by apache.

the class ResourceAccessSecurityImpl method canDelete.

@Override
public boolean canDelete(final Resource resource) {
    final Iterator<ResourceAccessGateHandler> handlers = getMatchingResourceAccessGateHandlerIterator(resource.getPath(), ResourceAccessGate.Operation.DELETE);
    boolean result = this.defaultAllowIfNoGateMatches;
    if (handlers != null) {
        GateResult finalGateResult = null;
        boolean noGateMatched = true;
        while (handlers.hasNext()) {
            noGateMatched = false;
            final ResourceAccessGateHandler resourceAccessGateHandler = handlers.next();
            final GateResult gateResult = !resourceAccessGateHandler.getResourceAccessGate().hasDeleteRestrictions(resource.getResourceResolver()) ? GateResult.GRANTED : resourceAccessGateHandler.getResourceAccessGate().canDelete(resource);
            if (finalGateResult == null) {
                finalGateResult = gateResult;
            } else if (finalGateResult != GateResult.GRANTED && gateResult != GateResult.CANT_DECIDE) {
                finalGateResult = gateResult;
            }
            if (finalGateResult == GateResult.GRANTED || gateResult != GateResult.CANT_DECIDE && resourceAccessGateHandler.isFinalOperation(ResourceAccessGate.Operation.DELETE)) {
                break;
            }
        }
        if (finalGateResult == GateResult.GRANTED) {
            result = true;
        } else if (finalGateResult == GateResult.DENIED) {
            result = false;
        } else if (noGateMatched && this.defaultAllowIfNoGateMatches) {
            result = true;
        }
    }
    return result;
}
Also used : GateResult(org.apache.sling.resourceaccesssecurity.ResourceAccessGate.GateResult)

Example 3 with GateResult

use of org.apache.sling.resourceaccesssecurity.ResourceAccessGate.GateResult in project sling by apache.

the class ResourceAccessSecurityImpl method canUpdate.

@Override
public boolean canUpdate(final Resource resource) {
    final Iterator<ResourceAccessGateHandler> handlers = getMatchingResourceAccessGateHandlerIterator(resource.getPath(), ResourceAccessGate.Operation.UPDATE);
    boolean result = this.defaultAllowIfNoGateMatches;
    if (handlers != null) {
        GateResult finalGateResult = null;
        boolean noGateMatched = true;
        while (handlers.hasNext()) {
            noGateMatched = false;
            final ResourceAccessGateHandler resourceAccessGateHandler = handlers.next();
            final GateResult gateResult = !resourceAccessGateHandler.getResourceAccessGate().hasUpdateRestrictions(resource.getResourceResolver()) ? GateResult.GRANTED : resourceAccessGateHandler.getResourceAccessGate().canUpdate(resource);
            if (finalGateResult == null) {
                finalGateResult = gateResult;
            } else if (finalGateResult != GateResult.GRANTED && gateResult != GateResult.CANT_DECIDE) {
                finalGateResult = gateResult;
            }
            if (finalGateResult == GateResult.GRANTED || gateResult != GateResult.CANT_DECIDE && resourceAccessGateHandler.isFinalOperation(ResourceAccessGate.Operation.UPDATE)) {
                break;
            }
        }
        if (finalGateResult == GateResult.GRANTED) {
            result = true;
        } else if (finalGateResult == GateResult.DENIED) {
            result = false;
        } else if (noGateMatched && this.defaultAllowIfNoGateMatches) {
            result = true;
        }
    }
    return result;
}
Also used : GateResult(org.apache.sling.resourceaccesssecurity.ResourceAccessGate.GateResult)

Example 4 with GateResult

use of org.apache.sling.resourceaccesssecurity.ResourceAccessGate.GateResult in project sling by apache.

the class ResourceAccessSecurityImpl method canExecute.

@Override
public boolean canExecute(final Resource resource) {
    final Iterator<ResourceAccessGateHandler> handlers = getMatchingResourceAccessGateHandlerIterator(resource.getPath(), ResourceAccessGate.Operation.EXECUTE);
    boolean result = this.defaultAllowIfNoGateMatches;
    if (handlers != null) {
        GateResult finalGateResult = null;
        boolean noGateMatched = true;
        while (handlers.hasNext()) {
            noGateMatched = false;
            final ResourceAccessGateHandler resourceAccessGateHandler = handlers.next();
            final GateResult gateResult = !resourceAccessGateHandler.getResourceAccessGate().hasExecuteRestrictions(resource.getResourceResolver()) ? GateResult.GRANTED : resourceAccessGateHandler.getResourceAccessGate().canExecute(resource);
            if (finalGateResult == null) {
                finalGateResult = gateResult;
            } else if (finalGateResult != GateResult.GRANTED && gateResult != GateResult.CANT_DECIDE) {
                finalGateResult = gateResult;
            }
            if (finalGateResult == GateResult.GRANTED || gateResult != GateResult.CANT_DECIDE && resourceAccessGateHandler.isFinalOperation(ResourceAccessGate.Operation.EXECUTE)) {
                break;
            }
        }
        if (finalGateResult == GateResult.GRANTED) {
            result = true;
        } else if (finalGateResult == GateResult.DENIED) {
            result = false;
        } else if (noGateMatched && this.defaultAllowIfNoGateMatches) {
            result = true;
        }
    }
    return result;
}
Also used : GateResult(org.apache.sling.resourceaccesssecurity.ResourceAccessGate.GateResult)

Example 5 with GateResult

use of org.apache.sling.resourceaccesssecurity.ResourceAccessGate.GateResult in project sling by apache.

the class ResourceAccessSecurityImpl method canCreate.

@Override
public boolean canCreate(final String path, final ResourceResolver resolver) {
    final Iterator<ResourceAccessGateHandler> handlers = getMatchingResourceAccessGateHandlerIterator(path, ResourceAccessGate.Operation.CREATE);
    boolean result = false;
    if (handlers != null) {
        GateResult finalGateResult = null;
        boolean noGateMatched = true;
        while (handlers.hasNext()) {
            noGateMatched = false;
            final ResourceAccessGateHandler resourceAccessGateHandler = handlers.next();
            final GateResult gateResult = !resourceAccessGateHandler.getResourceAccessGate().hasCreateRestrictions(resolver) ? GateResult.GRANTED : resourceAccessGateHandler.getResourceAccessGate().canCreate(path, resolver);
            if (finalGateResult == null) {
                finalGateResult = gateResult;
            } else if (finalGateResult != GateResult.GRANTED && gateResult != GateResult.CANT_DECIDE) {
                finalGateResult = gateResult;
            }
            if (finalGateResult == GateResult.GRANTED || gateResult != GateResult.CANT_DECIDE && resourceAccessGateHandler.isFinalOperation(ResourceAccessGate.Operation.CREATE)) {
                break;
            }
        }
        if (finalGateResult == GateResult.GRANTED) {
            result = true;
        } else if (finalGateResult == GateResult.DENIED) {
            result = false;
        } else if (noGateMatched && this.defaultAllowIfNoGateMatches) {
            result = true;
        }
    }
    return result;
}
Also used : GateResult(org.apache.sling.resourceaccesssecurity.ResourceAccessGate.GateResult)

Aggregations

GateResult (org.apache.sling.resourceaccesssecurity.ResourceAccessGate.GateResult)5 Resource (org.apache.sling.api.resource.Resource)1 ResourceAccessGate (org.apache.sling.resourceaccesssecurity.ResourceAccessGate)1