[exo-jcr-commits] exo-jcr SVN: r3371 - in jcr/trunk/exo.jcr.component.core/src/main/java/org/exoplatform/services/jcr: impl/core and 1 other directory.

do-not-reply at jboss.org do-not-reply at jboss.org
Mon Nov 1 06:04:34 EDT 2010 

Author: tolusha
Date: 2010-11-01 06:04:33 -0400 (Mon, 01 Nov 2010)
New Revision: 3371

Modified:
   jcr/trunk/exo.jcr.component.core/src/main/java/org/exoplatform/services/jcr/dataflow/ItemState.java
   jcr/trunk/exo.jcr.component.core/src/main/java/org/exoplatform/services/jcr/impl/core/SessionDataManager.java
Log:
JCR-1485:  The access permission should be checked in the method readItem to ensure that the security cannot be avoided. The access permission should be checked only when apiRead == false since when apiRead == true we check the permissions at JCR level. Check also the access permission in the constructor of ItemState when isInternalCreated == true

Modified: jcr/trunk/exo.jcr.component.core/src/main/java/org/exoplatform/services/jcr/dataflow/ItemState.java
===================================================================
--- jcr/trunk/exo.jcr.component.core/src/main/java/org/exoplatform/services/jcr/dataflow/ItemState.java	2010-10-29 15:43:22 UTC (rev 3370)
+++ jcr/trunk/exo.jcr.component.core/src/main/java/org/exoplatform/services/jcr/dataflow/ItemState.java	2010-11-01 10:04:33 UTC (rev 3371)
@@ -18,6 +18,7 @@
  */
 package org.exoplatform.services.jcr.dataflow;
 
+import org.exoplatform.services.jcr.core.security.JCRRuntimePermissions;
 import org.exoplatform.services.jcr.datamodel.ItemData;
 import org.exoplatform.services.jcr.datamodel.QPath;
 import org.exoplatform.services.log.ExoLogger;
@@ -102,7 +103,7 @@
     * @param ancestorToSave
     *          - path of item which should be called in save (usually for session.move())
     * @param isInternalCreated
-    *          - indicates that item is created internaly by system
+    *          - indicates that item is created internally by system
     */
    public ItemState(ItemData data, int state, boolean eventFire, QPath ancestorToSave, boolean isInternalCreated)
    {
@@ -112,6 +113,16 @@
    public ItemState(ItemData data, int state, boolean eventFire, QPath ancestorToSave, boolean isInternalCreated,
       boolean isPersisted)
    {
+      if (isInternalCreated)
+      {
+         // Need privileges
+         SecurityManager security = System.getSecurityManager();
+         if (security != null)
+         {
+            security.checkPermission(JCRRuntimePermissions.INVOKE_INTERNAL_API_PERMISSION);
+         }
+      }
+
       this.data = data;
       this.state = state;
       this.eventFire = eventFire;
@@ -208,6 +219,7 @@
       return ancestorToSave;
    }
 
+   @Override
    public boolean equals(Object obj)
    {
       if (this == obj)

Modified: jcr/trunk/exo.jcr.component.core/src/main/java/org/exoplatform/services/jcr/impl/core/SessionDataManager.java
===================================================================
--- jcr/trunk/exo.jcr.component.core/src/main/java/org/exoplatform/services/jcr/impl/core/SessionDataManager.java	2010-10-29 15:43:22 UTC (rev 3370)
+++ jcr/trunk/exo.jcr.component.core/src/main/java/org/exoplatform/services/jcr/impl/core/SessionDataManager.java	2010-11-01 10:04:33 UTC (rev 3371)
@@ -357,13 +357,6 @@
    public ItemImpl getItem(NodeData parent, QPathEntry name, boolean pool, ItemType itemType, boolean apiRead)
       throws RepositoryException
    {
-      // Need privileges
-      SecurityManager security = System.getSecurityManager();
-      if (security != null)
-      {
-         security.checkPermission(JCRRuntimePermissions.INVOKE_INTERNAL_API_PERMISSION);
-      }
-
       long start = System.currentTimeMillis();
       if (log.isDebugEnabled())
       {
@@ -577,6 +570,16 @@
    protected ItemImpl readItem(ItemData itemData, NodeData parent, boolean pool, boolean apiRead)
       throws RepositoryException
    {
+      if (!apiRead)
+      {
+         // Need privileges
+         SecurityManager security = System.getSecurityManager();
+         if (security != null)
+         {
+            security.checkPermission(JCRRuntimePermissions.INVOKE_INTERNAL_API_PERMISSION);
+         }
+      }
+
       if (itemData != null)
       {
          ItemImpl item;
@@ -639,13 +642,6 @@
     */
    public ItemImpl getItemByIdentifier(String identifier, boolean pool, boolean apiRead) throws RepositoryException
    {
-      // Need privileges
-      SecurityManager security = System.getSecurityManager();
-      if (security != null)
-      {
-         security.checkPermission(JCRRuntimePermissions.INVOKE_INTERNAL_API_PERMISSION);
-      }
-
       long start = System.currentTimeMillis();
       if (log.isDebugEnabled())
       {

More information about the exo-jcr-commits mailing list