use of org.apache.sling.resourceaccesssecurity.ResourceAccessGate.GateResult in project sling by apache.
the class ResourceAccessSecurityImpl method getReadableResource.
@Override
public Resource getReadableResource(final Resource resource) {
Resource returnValue = null;
final Iterator<ResourceAccessGateHandler> accessGateHandlers = getMatchingResourceAccessGateHandlerIterator(resource.getPath(), ResourceAccessGate.Operation.READ);
GateResult finalGateResult = null;
List<ResourceAccessGate> accessGatesForReadValues = null;
boolean canReadAllValues = false;
if (accessGateHandlers != null) {
boolean noGateMatched = true;
while (accessGateHandlers.hasNext()) {
noGateMatched = false;
final ResourceAccessGateHandler resourceAccessGateHandler = accessGateHandlers.next();
final GateResult gateResult = !resourceAccessGateHandler.getResourceAccessGate().hasReadRestrictions(resource.getResourceResolver()) ? GateResult.GRANTED : resourceAccessGateHandler.getResourceAccessGate().canRead(resource);
if (!canReadAllValues && gateResult == GateResult.GRANTED) {
if (resourceAccessGateHandler.getResourceAccessGate().canReadAllValues(resource)) {
canReadAllValues = true;
accessGatesForReadValues = null;
} else {
if (accessGatesForReadValues == null) {
accessGatesForReadValues = new ArrayList<ResourceAccessGate>();
}
accessGatesForReadValues.add(resourceAccessGateHandler.getResourceAccessGate());
}
}
if (finalGateResult == null) {
finalGateResult = gateResult;
} else if (finalGateResult != GateResult.GRANTED && gateResult != GateResult.CANT_DECIDE) {
finalGateResult = gateResult;
}
// stop checking if the operation is final and the result not GateResult.CANT_DECIDE
if (gateResult != GateResult.CANT_DECIDE && resourceAccessGateHandler.isFinalOperation(ResourceAccessGate.Operation.READ)) {
break;
}
}
// return null if access is denied or no ResourceAccessGate is present
if (finalGateResult == GateResult.DENIED) {
returnValue = null;
} else if (finalGateResult == GateResult.GRANTED) {
returnValue = resource;
} else if (noGateMatched && this.defaultAllowIfNoGateMatches) {
returnValue = resource;
}
}
boolean canUpdateResource = canUpdate(resource);
// wrap Resource if read access is not or partly (values) not granted
if (returnValue != null) {
if (!canReadAllValues || !canUpdateResource) {
returnValue = new AccessGateResourceWrapper(returnValue, accessGatesForReadValues, canUpdateResource);
}
}
return returnValue;
}
use of org.apache.sling.resourceaccesssecurity.ResourceAccessGate.GateResult in project sling by apache.
the class ResourceAccessSecurityImpl method canDelete.
@Override
public boolean canDelete(final Resource resource) {
final Iterator<ResourceAccessGateHandler> handlers = getMatchingResourceAccessGateHandlerIterator(resource.getPath(), ResourceAccessGate.Operation.DELETE);
boolean result = this.defaultAllowIfNoGateMatches;
if (handlers != null) {
GateResult finalGateResult = null;
boolean noGateMatched = true;
while (handlers.hasNext()) {
noGateMatched = false;
final ResourceAccessGateHandler resourceAccessGateHandler = handlers.next();
final GateResult gateResult = !resourceAccessGateHandler.getResourceAccessGate().hasDeleteRestrictions(resource.getResourceResolver()) ? GateResult.GRANTED : resourceAccessGateHandler.getResourceAccessGate().canDelete(resource);
if (finalGateResult == null) {
finalGateResult = gateResult;
} else if (finalGateResult != GateResult.GRANTED && gateResult != GateResult.CANT_DECIDE) {
finalGateResult = gateResult;
}
if (finalGateResult == GateResult.GRANTED || gateResult != GateResult.CANT_DECIDE && resourceAccessGateHandler.isFinalOperation(ResourceAccessGate.Operation.DELETE)) {
break;
}
}
if (finalGateResult == GateResult.GRANTED) {
result = true;
} else if (finalGateResult == GateResult.DENIED) {
result = false;
} else if (noGateMatched && this.defaultAllowIfNoGateMatches) {
result = true;
}
}
return result;
}
use of org.apache.sling.resourceaccesssecurity.ResourceAccessGate.GateResult in project sling by apache.
the class ResourceAccessSecurityImpl method canUpdate.
@Override
public boolean canUpdate(final Resource resource) {
final Iterator<ResourceAccessGateHandler> handlers = getMatchingResourceAccessGateHandlerIterator(resource.getPath(), ResourceAccessGate.Operation.UPDATE);
boolean result = this.defaultAllowIfNoGateMatches;
if (handlers != null) {
GateResult finalGateResult = null;
boolean noGateMatched = true;
while (handlers.hasNext()) {
noGateMatched = false;
final ResourceAccessGateHandler resourceAccessGateHandler = handlers.next();
final GateResult gateResult = !resourceAccessGateHandler.getResourceAccessGate().hasUpdateRestrictions(resource.getResourceResolver()) ? GateResult.GRANTED : resourceAccessGateHandler.getResourceAccessGate().canUpdate(resource);
if (finalGateResult == null) {
finalGateResult = gateResult;
} else if (finalGateResult != GateResult.GRANTED && gateResult != GateResult.CANT_DECIDE) {
finalGateResult = gateResult;
}
if (finalGateResult == GateResult.GRANTED || gateResult != GateResult.CANT_DECIDE && resourceAccessGateHandler.isFinalOperation(ResourceAccessGate.Operation.UPDATE)) {
break;
}
}
if (finalGateResult == GateResult.GRANTED) {
result = true;
} else if (finalGateResult == GateResult.DENIED) {
result = false;
} else if (noGateMatched && this.defaultAllowIfNoGateMatches) {
result = true;
}
}
return result;
}
use of org.apache.sling.resourceaccesssecurity.ResourceAccessGate.GateResult in project sling by apache.
the class ResourceAccessSecurityImpl method canExecute.
@Override
public boolean canExecute(final Resource resource) {
final Iterator<ResourceAccessGateHandler> handlers = getMatchingResourceAccessGateHandlerIterator(resource.getPath(), ResourceAccessGate.Operation.EXECUTE);
boolean result = this.defaultAllowIfNoGateMatches;
if (handlers != null) {
GateResult finalGateResult = null;
boolean noGateMatched = true;
while (handlers.hasNext()) {
noGateMatched = false;
final ResourceAccessGateHandler resourceAccessGateHandler = handlers.next();
final GateResult gateResult = !resourceAccessGateHandler.getResourceAccessGate().hasExecuteRestrictions(resource.getResourceResolver()) ? GateResult.GRANTED : resourceAccessGateHandler.getResourceAccessGate().canExecute(resource);
if (finalGateResult == null) {
finalGateResult = gateResult;
} else if (finalGateResult != GateResult.GRANTED && gateResult != GateResult.CANT_DECIDE) {
finalGateResult = gateResult;
}
if (finalGateResult == GateResult.GRANTED || gateResult != GateResult.CANT_DECIDE && resourceAccessGateHandler.isFinalOperation(ResourceAccessGate.Operation.EXECUTE)) {
break;
}
}
if (finalGateResult == GateResult.GRANTED) {
result = true;
} else if (finalGateResult == GateResult.DENIED) {
result = false;
} else if (noGateMatched && this.defaultAllowIfNoGateMatches) {
result = true;
}
}
return result;
}
use of org.apache.sling.resourceaccesssecurity.ResourceAccessGate.GateResult in project sling by apache.
the class ResourceAccessSecurityImpl method canCreate.
@Override
public boolean canCreate(final String path, final ResourceResolver resolver) {
final Iterator<ResourceAccessGateHandler> handlers = getMatchingResourceAccessGateHandlerIterator(path, ResourceAccessGate.Operation.CREATE);
boolean result = false;
if (handlers != null) {
GateResult finalGateResult = null;
boolean noGateMatched = true;
while (handlers.hasNext()) {
noGateMatched = false;
final ResourceAccessGateHandler resourceAccessGateHandler = handlers.next();
final GateResult gateResult = !resourceAccessGateHandler.getResourceAccessGate().hasCreateRestrictions(resolver) ? GateResult.GRANTED : resourceAccessGateHandler.getResourceAccessGate().canCreate(path, resolver);
if (finalGateResult == null) {
finalGateResult = gateResult;
} else if (finalGateResult != GateResult.GRANTED && gateResult != GateResult.CANT_DECIDE) {
finalGateResult = gateResult;
}
if (finalGateResult == GateResult.GRANTED || gateResult != GateResult.CANT_DECIDE && resourceAccessGateHandler.isFinalOperation(ResourceAccessGate.Operation.CREATE)) {
break;
}
}
if (finalGateResult == GateResult.GRANTED) {
result = true;
} else if (finalGateResult == GateResult.DENIED) {
result = false;
} else if (noGateMatched && this.defaultAllowIfNoGateMatches) {
result = true;
}
}
return result;
}
Aggregations