[exo-jcr-commits] exo-jcr SVN: r3371 - in jcr/trunk/exo.jcr.component.core/src/main/java/org/exoplatform/services/jcr: impl/core and 1 other directory.
do-not-reply at jboss.org
do-not-reply at jboss.org
Mon Nov 1 06:04:34 EDT 2010
Author: tolusha
Date: 2010-11-01 06:04:33 -0400 (Mon, 01 Nov 2010)
New Revision: 3371
Modified:
jcr/trunk/exo.jcr.component.core/src/main/java/org/exoplatform/services/jcr/dataflow/ItemState.java
jcr/trunk/exo.jcr.component.core/src/main/java/org/exoplatform/services/jcr/impl/core/SessionDataManager.java
Log:
JCR-1485: The access permission should be checked in the method readItem to ensure that the security cannot be avoided. The access permission should be checked only when apiRead == false since when apiRead == true we check the permissions at JCR level. Check also the access permission in the constructor of ItemState when isInternalCreated == true
Modified: jcr/trunk/exo.jcr.component.core/src/main/java/org/exoplatform/services/jcr/dataflow/ItemState.java
===================================================================
--- jcr/trunk/exo.jcr.component.core/src/main/java/org/exoplatform/services/jcr/dataflow/ItemState.java 2010-10-29 15:43:22 UTC (rev 3370)
+++ jcr/trunk/exo.jcr.component.core/src/main/java/org/exoplatform/services/jcr/dataflow/ItemState.java 2010-11-01 10:04:33 UTC (rev 3371)
@@ -18,6 +18,7 @@
*/
package org.exoplatform.services.jcr.dataflow;
+import org.exoplatform.services.jcr.core.security.JCRRuntimePermissions;
import org.exoplatform.services.jcr.datamodel.ItemData;
import org.exoplatform.services.jcr.datamodel.QPath;
import org.exoplatform.services.log.ExoLogger;
@@ -102,7 +103,7 @@
* @param ancestorToSave
* - path of item which should be called in save (usually for session.move())
* @param isInternalCreated
- * - indicates that item is created internaly by system
+ * - indicates that item is created internally by system
*/
public ItemState(ItemData data, int state, boolean eventFire, QPath ancestorToSave, boolean isInternalCreated)
{
@@ -112,6 +113,16 @@
public ItemState(ItemData data, int state, boolean eventFire, QPath ancestorToSave, boolean isInternalCreated,
boolean isPersisted)
{
+ if (isInternalCreated)
+ {
+ // Need privileges
+ SecurityManager security = System.getSecurityManager();
+ if (security != null)
+ {
+ security.checkPermission(JCRRuntimePermissions.INVOKE_INTERNAL_API_PERMISSION);
+ }
+ }
+
this.data = data;
this.state = state;
this.eventFire = eventFire;
@@ -208,6 +219,7 @@
return ancestorToSave;
}
+ @Override
public boolean equals(Object obj)
{
if (this == obj)
Modified: jcr/trunk/exo.jcr.component.core/src/main/java/org/exoplatform/services/jcr/impl/core/SessionDataManager.java
===================================================================
--- jcr/trunk/exo.jcr.component.core/src/main/java/org/exoplatform/services/jcr/impl/core/SessionDataManager.java 2010-10-29 15:43:22 UTC (rev 3370)
+++ jcr/trunk/exo.jcr.component.core/src/main/java/org/exoplatform/services/jcr/impl/core/SessionDataManager.java 2010-11-01 10:04:33 UTC (rev 3371)
@@ -357,13 +357,6 @@
public ItemImpl getItem(NodeData parent, QPathEntry name, boolean pool, ItemType itemType, boolean apiRead)
throws RepositoryException
{
- // Need privileges
- SecurityManager security = System.getSecurityManager();
- if (security != null)
- {
- security.checkPermission(JCRRuntimePermissions.INVOKE_INTERNAL_API_PERMISSION);
- }
-
long start = System.currentTimeMillis();
if (log.isDebugEnabled())
{
@@ -577,6 +570,16 @@
protected ItemImpl readItem(ItemData itemData, NodeData parent, boolean pool, boolean apiRead)
throws RepositoryException
{
+ if (!apiRead)
+ {
+ // Need privileges
+ SecurityManager security = System.getSecurityManager();
+ if (security != null)
+ {
+ security.checkPermission(JCRRuntimePermissions.INVOKE_INTERNAL_API_PERMISSION);
+ }
+ }
+
if (itemData != null)
{
ItemImpl item;
@@ -639,13 +642,6 @@
*/
public ItemImpl getItemByIdentifier(String identifier, boolean pool, boolean apiRead) throws RepositoryException
{
- // Need privileges
- SecurityManager security = System.getSecurityManager();
- if (security != null)
- {
- security.checkPermission(JCRRuntimePermissions.INVOKE_INTERNAL_API_PERMISSION);
- }
-
long start = System.currentTimeMillis();
if (log.isDebugEnabled())
{
More information about the exo-jcr-commits
mailing list