public boolean canAccess(Authentication user, WorkspaceInfo workspace, AccessMode mode) { checkPropertyFile(); SecureTreeNode node = root.getDeepestNode(new String[] {workspace.getName()}); if (node.canAccess(user, mode)) { return true; } // perform a drill down search, we still allow access to the workspace // if there is anything inside the workspace that can be read (otherwise // we are denying access to everything below it, which is not the spirit of the // tree override design) if (mode == AccessMode.READ && canAccessChild(node, user, mode)) { return true; } else { return false; } }
private boolean canAccess( Authentication user, LayerGroupInfo layerGroup, boolean directAccess) { String[] path = getLayerGroupPath(layerGroup); SecureTreeNode node = root.getDeepestNode(path); boolean catalogNodeAllowsAccess = node.canAccess(user, AccessMode.READ); boolean allowAccess;
SecureTreeNode securityNode = root.getDeepestNode(new String[] {workspace, resourceName}); int catalogNodeDepth = securityNode.getDepth(); boolean rulesAllowAccess = securityNode.canAccess(user, mode);
@Override public ProcessAccessLimits getAccessLimits(Authentication user, String namespace) { SecureTreeNode node = dao.getSecurityTreeRoot().getDeepestNode(new String[] {namespace}); return new ProcessAccessLimits( dao.getMode(), node.canAccess(user, AccessMode.READ), namespace); }
@Override public ProcessAccessLimits getAccessLimits(Authentication user, Name process) { SecureTreeNode node = dao.getSecurityTreeRoot() .getDeepestNode( new String[] {process.getNamespaceURI(), process.getLocalPart()}); return new ProcessAccessLimits( dao.getMode(), node.canAccess(user, AccessMode.READ), process.toString()); } }
@Test public void testEmptyRoot() { SecureTreeNode root = new SecureTreeNode(); // smoke tests assertNull(root.getChild("NotThere")); assertEquals(SecureTreeNode.EVERYBODY, root.getAuthorizedRoles(AccessMode.READ)); assertEquals(SecureTreeNode.EVERYBODY, root.getAuthorizedRoles(AccessMode.WRITE)); // empty, deepest node is itself SecureTreeNode node = root.getDeepestNode(new String[] {"a", "b"}); assertSame(root, node); // allows access to everyone assertTrue(root.canAccess(anonymous, AccessMode.WRITE)); assertTrue(root.canAccess(anonymous, AccessMode.READ)); // make sure this includes not having a current user as well assertTrue(root.canAccess(null, AccessMode.WRITE)); assertTrue(root.canAccess(null, AccessMode.READ)); } }