X-Git-Url: http://git.argeo.org/?a=blobdiff_plain;f=server%2Fruntime%2Forg.argeo.server.jcr%2Fsrc%2Fmain%2Fjava%2Forg%2Fargeo%2Fjcr%2FJcrUtils.java;h=5afebcee4811073514c498b064e525b0450ace5b;hb=659c636b913024e967b25730fac6f4d30ae173a8;hp=6f5765ed5c9672c1cdf12909613a069db73a4803;hpb=ad29722a3ece42252d6adcf5812f0a59bb084622;p=lgpl%2Fargeo-commons.git

diff --git a/server/runtime/org.argeo.server.jcr/src/main/java/org/argeo/jcr/JcrUtils.java b/server/runtime/org.argeo.server.jcr/src/main/java/org/argeo/jcr/JcrUtils.java
index 6f5765ed5..5afebcee4 100644
--- a/server/runtime/org.argeo.server.jcr/src/main/java/org/argeo/jcr/JcrUtils.java
+++ b/server/runtime/org.argeo.server.jcr/src/main/java/org/argeo/jcr/JcrUtils.java
@@ -1229,7 +1229,7 @@ public class JcrUtils implements ArgeoJcrConstants {
 	 * Convenience method for adding a single privilege to a principal (user or
 	 * role), typically jcr:all
 	 */
-	public static void addPrivilege(Session session, String path,
+	public synchronized static void addPrivilege(Session session, String path,
 			String principal, String privilege) throws RepositoryException {
 		List<Privilege> privileges = new ArrayList<Privilege>();
 		privileges.add(session.getAccessControlManager().privilegeFromName(
@@ -1239,28 +1239,53 @@ public class JcrUtils implements ArgeoJcrConstants {
 
 	/**
 	 * Add privileges on a path to a {@link Principal}. The path must already
-	 * exist. Session is saved.
+	 * exist. Session is saved. Synchronized to prevent concurrent modifications
+	 * of the same node.
 	 */
-	public static void addPrivileges(Session session, String path,
-			Principal principal, List<Privilege> privs)
+	public synchronized static Boolean addPrivileges(Session session,
+			String path, Principal principal, List<Privilege> privs)
 			throws RepositoryException {
+		// make sure the session is in line with the persisted state
+		session.refresh(false);
 		AccessControlManager acm = session.getAccessControlManager();
 		AccessControlList acl = getAccessControlList(acm, path);
-		acl.addAccessControlEntry(principal,
-				privs.toArray(new Privilege[privs.size()]));
+
+		accessControlEntries: for (AccessControlEntry ace : acl
+				.getAccessControlEntries()) {
+			Principal currentPrincipal = ace.getPrincipal();
+			if (currentPrincipal.getName().equals(principal.getName())) {
+				Privilege[] currentPrivileges = ace.getPrivileges();
+				if (currentPrivileges.length != privs.size())
+					break accessControlEntries;
+				for (int i = 0; i < currentPrivileges.length; i++) {
+					Privilege currP = currentPrivileges[i];
+					Privilege p = privs.get(i);
+					if (!currP.getName().equals(p.getName())) {
+						break accessControlEntries;
+					}
+				}
+				return false;
+			}
+		}
+
+		Privilege[] privileges = privs.toArray(new Privilege[privs.size()]);
+		acl.addAccessControlEntry(principal, privileges);
 		acm.setPolicy(path, acl);
 		if (log.isDebugEnabled()) {
 			StringBuffer privBuf = new StringBuffer();
 			for (Privilege priv : privs)
 				privBuf.append(priv.getName());
-			log.debug("Added privileges " + privBuf + " to " + principal
-					+ " on " + path);
+			log.debug("Added privileges " + privBuf + " to "
+					+ principal.getName() + " on " + path + " in '"
+					+ session.getWorkspace().getName() + "'");
 		}
+		session.refresh(true);
 		session.save();
+		return true;
 	}
 
 	/** Gets access control list for this path, throws exception if not found */
-	public static AccessControlList getAccessControlList(
+	public synchronized static AccessControlList getAccessControlList(
 			AccessControlManager acm, String path) throws RepositoryException {
 		// search for an access control list
 		AccessControlList acl = null;
@@ -1287,8 +1312,8 @@ public class JcrUtils implements ArgeoJcrConstants {
 	}
 
 	/** Clear authorizations for a user at this path */
-	public static void clearAccessControList(Session session, String path,
-			String username) throws RepositoryException {
+	public synchronized static void clearAccessControList(Session session,
+			String path, String username) throws RepositoryException {
 		AccessControlManager acm = session.getAccessControlManager();
 		AccessControlList acl = getAccessControlList(acm, path);
 		for (AccessControlEntry ace : acl.getAccessControlEntries()) {