Changeset 29111

Show
Ignore:
Timestamp:
01/17/08 17:04:40 (11 months ago)
Author:
ogrisel
Message:

NXP-1940: make the initialization of the root permissions overridable by the content template manager platform service

Files:

Legend:

Unmodified
Added
Removed
Modified
Copied
Moved

  • org.nuxeo.ecm.core/trunk/nuxeo-core-jcr-connector/src/main/java/org/nuxeo/ecm/core/repository/jcr/JCRRoot.java

    r28346 r29111  
    186186            if (acp == null) { 
    187187                acp = new ACPImpl(); 
    188                 ACL acl = new ACLImpl(); 
    189                 acl.add(new ACE(SecurityConstants.ADMINISTRATORS, SecurityConstants.EVERYTHING, true)); 
    190                 acl.add(new ACE(SecurityConstants.MEMBERS, SecurityConstants.READ, true)); 
    191                 acl.add(new ACE(SecurityConstants.MEMBERS, SecurityConstants.VERSION, true)); 
     188            } 
     189            if (acp.listUsernamesForPermission(SecurityConstants.EVERYTHING).length == 0) { 
     190                // if nobody has the right to manage the repository set a 
     191                // default ACP that can be later overridden by the content 
     192                // template manager of NXP 
     193 
     194                ACL acl = acp.getOrCreateACL(); 
     195                acl.add(new ACE(SecurityConstants.ADMINISTRATORS, 
     196                        SecurityConstants.EVERYTHING, true)); 
     197                acl.add(new ACE(SecurityConstants.MEMBERS, 
     198                        SecurityConstants.READ, true)); 
     199                acl.add(new ACE(SecurityConstants.MEMBERS, 
     200                        SecurityConstants.VERSION, true)); 
    192201                // temporary hack to have junit tests running 
    193202                // TODO - update tests to an user from the administrators group 
    194                 acl.add(new ACE(SecurityConstants.ADMINISTRATOR, SecurityConstants.EVERYTHING, true)); 
     203                acl.add(new ACE(SecurityConstants.ADMINISTRATOR, 
     204                        SecurityConstants.EVERYTHING, true)); 
    195205                acp.addACL(acl); 
    196206                session.getSecurityManager().setACP(this, acp, true); 
    197207                // be sure to save the session 
    198208                session.jcrSession().save(); 
    199             } else { 
    200                 Access access = acp.getAccess(SecurityConstants.ADMINISTRATORS, SecurityConstants.EVERYTHING); 
    201                 if (access == Access.GRANT) { 
    202                     return; 
    203                 } 
    204                 ACL acl = acp.getOrCreateACL(); 
    205                 acl.add(new ACE(SecurityConstants.ADMINISTRATORS, SecurityConstants.EVERYTHING, true)); 
    206                 acl.add(new ACE(SecurityConstants.MEMBERS, SecurityConstants.READ, true)); 
    207                 acl.add(new ACE(SecurityConstants.MEMBERS, SecurityConstants.VERSION, true)); 
    208                 // temporary hack to have junit tests running 
    209                 // TODO - update tests to an user from the administrators group 
    210                 acl.add(new ACE(SecurityConstants.ADMINISTRATOR, SecurityConstants.EVERYTHING, true)); 
    211                 session.getSecurityManager().setACP(this, acp, true); 
    212                 // be sure to save the session 
    213                 session.jcrSession().save(); 
    214209            } 
    215210        } catch (org.nuxeo.ecm.core.security.SecurityException e) {