[Yanel-commits] rev 36316 -
public/yanel/trunk/src/core/java/org/wyona/yanel/core/transformation
michi at wyona.com
michi at wyona.com
Sat May 3 23:58:33 CEST 2008
Author: michi
Date: 2008-05-03 23:58:33 +0200 (Sat, 03 May 2008)
New Revision: 36316
Modified:
public/yanel/trunk/src/core/java/org/wyona/yanel/core/transformation/AccessControlTransformer.java
Log:
also check access control policies of groups
Modified: public/yanel/trunk/src/core/java/org/wyona/yanel/core/transformation/AccessControlTransformer.java
===================================================================
--- public/yanel/trunk/src/core/java/org/wyona/yanel/core/transformation/AccessControlTransformer.java 2008-05-03 21:27:20 UTC (rev 36315)
+++ public/yanel/trunk/src/core/java/org/wyona/yanel/core/transformation/AccessControlTransformer.java 2008-05-03 21:58:33 UTC (rev 36316)
@@ -95,7 +95,7 @@
try {
if (path.startsWith("/")) {
- //log.debug("Check authorization for: " + path + ", " + identity + ", " + usecase);
+ //log.error("DEBUG: Check authorization for: " + path + ", " + identity + ", " + usecase);
if (policyManager.authorize(path, identity, usecase)) {
//log.error("DEBUG: Access granted for " + identity + ", " + usecase + ", " + path);
reinsertBufferedParentElementAndAnchor();
@@ -104,8 +104,23 @@
accessGranted = false;
}
} else {
- //log.warn("Path does not start with '/' (probably a group): " + path);
- reinsertBufferedParentElementAndAnchor();
+ log.warn("Path does not start with '/' (probably a GROUP!). Path = " + path);
+ String classAttr = parentAttrs.getValue("class");
+ if (classAttr != null && classAttr.equals("rubrikgruppe")) {
+ String idAttr = parentAttrs.getValue("id");
+ if (idAttr != null) {
+ log.error("DEBUG: Check policy for path: " + "/de/" + idAttr);
+ if (policyManager.authorize("/de/" + idAttr, identity, usecase)) {
+ log.error("DEBUG: Access granted for 'GROUP' with " + identity + ", " + usecase + ", " + path);
+ reinsertBufferedParentElementAndAnchor();
+ } else {
+ log.error("DEBUG: Access denied for 'GROUP' with " + identity + ", " + usecase + ", " + path);
+ accessGranted = false;
+ }
+ }
+ } else {
+ reinsertBufferedParentElementAndAnchor();
+ }
}
} catch (Exception e) {
log.error(e, e);
More information about the Yanel-commits
mailing list