@Override public boolean isGranted(Path absPath, int permissions) throws RepositoryException { log.debug("isGranted({}:{}, {})", amctx.getWorkspaceName(), absPath, permissions); return super.isGranted(absPath, permissions); }
@Override public boolean canRead(Path itemPath, ItemId itemId) throws RepositoryException { boolean res = super.canRead(itemPath, itemId); boolean ourRes = ami.isGranted(null, Permission.READ); log.debug("can {} read({}:{},{})?{} or {}", printUserNames(amctx.getSubject().getPrincipals()), amctx.getWorkspaceName(), itemPath, itemId, res, ourRes); //TODO: check real perms here .. or rely on super ... double check return res; }
/** * {@inheritDoc} */ public void init(AMContext context, AccessControlProvider acProvider, WorkspaceAccessManager wspAccessManager) throws AccessDeniedException, Exception { if (initialized) { throw new IllegalStateException("already initialized"); } subject = context.getSubject(); hierMgr = context.getHierarchyManager(); resolver = context.getNamePathResolver(); privilegeManager = ((JackrabbitWorkspace) context.getSession().getWorkspace()).getPrivilegeManager(); wspAccessMgr = wspAccessManager; anonymous = !subject.getPrincipals(AnonymousPrincipal.class).isEmpty(); system = !subject.getPrincipals(SystemPrincipal.class).isEmpty(); // @todo check permission to access given workspace based on principals initialized = true; if (!canAccess(context.getWorkspaceName())) { throw new AccessDeniedException("Not allowed to access Workspace " + context.getWorkspaceName()); } }
/** * {@inheritDoc} */ public void init(AMContext context, AccessControlProvider acProvider, WorkspaceAccessManager wspAccessManager) throws AccessDeniedException, Exception { if (initialized) { throw new IllegalStateException("already initialized"); } subject = context.getSubject(); hierMgr = context.getHierarchyManager(); resolver = context.getNamePathResolver(); privilegeManager = ((JackrabbitWorkspace) context.getSession().getWorkspace()).getPrivilegeManager(); wspAccessMgr = wspAccessManager; anonymous = !subject.getPrincipals(AnonymousPrincipal.class).isEmpty(); system = !subject.getPrincipals(SystemPrincipal.class).isEmpty(); // @todo check permission to access given workspace based on principals initialized = true; if (!canAccess(context.getWorkspaceName())) { throw new AccessDeniedException("Not allowed to access Workspace " + context.getWorkspaceName()); } }
if (!canAccess(amContext.getWorkspaceName())) { throw new AccessDeniedException("Not allowed to access Workspace " + amContext.getWorkspaceName());
if (!canAccess(amContext.getWorkspaceName())) { throw new AccessDeniedException("Not allowed to access Workspace " + amContext.getWorkspaceName());