Changeset 29127

Timestamp:

01/17/08 20:11:29 (11 months ago)

Author:

tdelprat

Message:

NXP-1941
working on security exception propagation

Files:

• org.nuxeo.ecm.core/branches/1.4/nuxeo-core-api/src/main/java/org/nuxeo/ecm/core/api/ClientException.java (modified) (2 diffs)
• org.nuxeo.ecm.core/branches/1.4/nuxeo-core-api/src/main/java/org/nuxeo/ecm/core/api/DocumentSecurityException.java (added)
• org.nuxeo.ecm.core/branches/1.4/nuxeo-core-facade/src/test/java/org/nuxeo/ecm/core/api/TestSecurity.java (modified) (1 diff)
• org.nuxeo.ecm.core/branches/1.4/nuxeo-core/src/main/java/org/nuxeo/ecm/core/api/AbstractSession.java (modified) (5 diffs)

org.nuxeo.ecm.core/branches/1.4/nuxeo-core-api/src/main/java/org/nuxeo/ecm/core/api/ClientException.java

@@ -40 +40 @@
-    }
-
+    public ClientException(String message, ClientException cause) {
+        super(message, cause);
+    }
+
-    public ClientException(String message, Throwable cause) {
-        super(message, WrappedException.wrap(cause));
@@ -48 +52 @@
-    }
-
+    public ClientException(ClientException cause) {
+        super(cause);
+    }
+
-}

org.nuxeo.ecm.core/branches/1.4/nuxeo-core-facade/src/test/java/org/nuxeo/ecm/core/api/TestSecurity.java

@@ -203 +203 @@
-            folder2 = remote.createDocument(folder2);
-            fail("privilege is granted but should not be");
-
+Document
-            // ok
-        }

org.nuxeo.ecm.core/branches/1.4/nuxeo-core/src/main/java/org/nuxeo/ecm/core/api/AbstractSession.java

@@ -40 +40 @@
-import org.nuxeo.common.utils.IdUtils;
-import org.nuxeo.common.utils.Path;
+import org.nuxeo.common.utils.StringUtils;
-import org.nuxeo.ecm.core.NXCore;
-import org.nuxeo.ecm.core.api.event.CoreEvent;
@@ -256 +257 @@
-
-    protected final void checkPermission(Document doc, String permission)
-
+SecurityException, Document
-        if (!hasPermission(doc, permission)) {
-
+Document
-                    + "' is not granted to '" + getPrincipal().getName() + "'");
-        }
@@ -1000 +1001 @@
-            Document doc = resolveReference(docRef);
-            Document parentDoc = doc.getParent();
-
-
-
+
-                return null;
+            if (!hasPermission(parentDoc, READ)) {
+                throw new DocumentSecurityException("Provilege READ is not granted to " + getPrincipal().getName());
-            }
-            return readModel(parentDoc, null);
@@ -2183 +2184 @@
-        }
-        if (!isAdministrator()) {
-
+Document
-                    "You need to be an Administrator to do this.");
-        }
@@ -2276 +2277 @@
-            return doc;
-        } else {
-
-
-
+
+
+
+
-            } else {
-                return getSuperSpace(parent);
-            }
+        }
+    }
+
+
+    // walk the tree up until a accessible doc is found
+    private DocumentModel getDirectAccessibleParent(DocumentRef docRef) throws ClientException
+    {
+        try {
+            Document doc = resolveReference(docRef);
+            Document parentDoc = doc.getParent();
+            if (parentDoc==null)
+                return readModel(doc,null);
+            if (!hasPermission(parentDoc, READ)) {
+                String parentPath = parentDoc.getPath();
+                if ("/".equals(parentPath)){
+                    return getRootDocument();
+                }
+                else{
+                    // try on parent
+                    return getDirectAccessibleParent(new PathRef(parentDoc.getPath()));
+                }
+            }
+            return readModel(parentDoc, null);
+        } catch (DocumentException e) {
+            throw new ClientException(e);
-        }
-    }