[Yanel-commits] rev 36316 - public/yanel/trunk/src/core/java/org/wyona/yanel/core/transformation

michi at wyona.com michi at wyona.com
Sat May 3 23:58:33 CEST 2008 

Author: michi
Date: 2008-05-03 23:58:33 +0200 (Sat, 03 May 2008)
New Revision: 36316

Modified:
   public/yanel/trunk/src/core/java/org/wyona/yanel/core/transformation/AccessControlTransformer.java
Log:
also check access control policies of groups

Modified: public/yanel/trunk/src/core/java/org/wyona/yanel/core/transformation/AccessControlTransformer.java
===================================================================
--- public/yanel/trunk/src/core/java/org/wyona/yanel/core/transformation/AccessControlTransformer.java	2008-05-03 21:27:20 UTC (rev 36315)
+++ public/yanel/trunk/src/core/java/org/wyona/yanel/core/transformation/AccessControlTransformer.java	2008-05-03 21:58:33 UTC (rev 36316)
@@ -95,7 +95,7 @@
 
             try {
                 if (path.startsWith("/")) {
-                    //log.debug("Check authorization for: " + path + ", " + identity + ", " + usecase);
+                    //log.error("DEBUG: Check authorization for: " + path + ", " + identity + ", " + usecase);
                     if (policyManager.authorize(path, identity, usecase)) {
                         //log.error("DEBUG: Access granted for " + identity + ", " + usecase + ", " + path);
                         reinsertBufferedParentElementAndAnchor();
@@ -104,8 +104,23 @@
                         accessGranted = false;
                     }
                 } else {
-                    //log.warn("Path does not start with '/' (probably a group): " + path);
-                    reinsertBufferedParentElementAndAnchor();
+                    log.warn("Path does not start with '/' (probably a GROUP!). Path = " + path);
+                    String classAttr = parentAttrs.getValue("class");
+                    if (classAttr != null && classAttr.equals("rubrikgruppe")) {
+                        String idAttr = parentAttrs.getValue("id");
+                        if (idAttr != null) {
+                            log.error("DEBUG: Check policy for path: " + "/de/" + idAttr);
+                            if (policyManager.authorize("/de/" + idAttr, identity, usecase)) {
+                                log.error("DEBUG: Access granted for 'GROUP' with " + identity + ", " + usecase + ", " + path);
+                                reinsertBufferedParentElementAndAnchor();
+                            } else {
+                                log.error("DEBUG: Access denied for 'GROUP' with " + identity + ", " + usecase + ", " + path);
+                                accessGranted = false;
+                            }
+                        }
+                    } else {
+                        reinsertBufferedParentElementAndAnchor();
+                    }
                 }
             } catch (Exception e) {
                 log.error(e, e);

More information about the Yanel-commits mailing list