package org.argeo.slc.client.ui.dist.model;
+import java.security.AccessControlException;
import java.util.ArrayList;
import java.util.List;
Session session = null;
try {
Repository repository = repoElem.getRepository();
- // Node repoNode = repoElem.getRepoNode();
session = repository.login(repoElem.getCredentials());
String[] workspaceNames = session.getWorkspace()
.getAccessibleWorkspaceNames();
List<WorkspaceElem> distributionElems = new ArrayList<WorkspaceElem>();
- for (String workspaceName : workspaceNames) {
+ buildWksp: for (String workspaceName : workspaceNames) {
+
+ // Filter non-public workspaces for user anonymous.
+ if (repoElem.getRepoNode() == null) {
+ Session tmpSession = null;
+ try {
+ tmpSession = repository.login(workspaceName);
+ Boolean res = true;
+ try {
+ tmpSession.checkPermission("/", "read");
+ } catch (AccessControlException e) {
+ res = false;
+ }
+ if (!res)
+ continue buildWksp;
+ } catch (RepositoryException e) {
+ throw new SlcException(
+ "Cannot list workspaces for anonymous user", e);
+ } finally {
+ JcrUtils.logoutQuietly(tmpSession);
+ }
+ }
+
// filter technical workspaces
if (workspaceName.startsWith(name)) {
distributionElems.add(new WorkspaceElem(repoElem,
package org.argeo.slc.client.ui.dist.model;
+import java.security.AccessControlException;
import java.util.HashMap;
import java.util.Map;
* Node or just an URI and a label if user is anonymous
*/
public class RepoElem extends DistParentElem {
-
+ // private final static Log log = LogFactory.getLog(RepoElem.class);
private Repository repository;
private Credentials credentials;
private RepositoryFactory repositoryFactory;
// Add a supplementary check to hide workspace that are not
// public to anonymous user
- // TODO fix this
- // if (repoNode == null) {
- // Session tmpSession = null;
- // try {
- // tmpSession = repository.login();
- // Privilege[] priv = new Privilege[1];
- // priv[0] = tmpSession.getAccessControlManager()
- // .privilegeFromName(Privilege.JCR_READ);
- // Privilege[] tmp = tmpSession.getAccessControlManager()
- // .getPrivileges("/");
- // boolean res = tmpSession.getAccessControlManager()
- // .hasPrivileges("/", priv);
- // if (!res)
- // continue buildWksp;
- // } catch (RepositoryException e) {
- // throw new SlcException(
- // "Cannot list workspaces for anonymous user", e);
- // } finally {
- // JcrUtils.logoutQuietly(tmpSession);
- // }
- // }
+ if (repoNode == null) {
+ Session tmpSession = null;
+ try {
+ tmpSession = repository.login(workspaceName);
+ Boolean res = true;
+ try {
+ tmpSession.checkPermission("/", "read");
+ } catch (AccessControlException e) {
+ res = false;
+ }
+ if (!res)
+ continue buildWksp;
+ } catch (RepositoryException e) {
+ throw new SlcException(
+ "Cannot list workspaces for anonymous user", e);
+ } finally {
+ JcrUtils.logoutQuietly(tmpSession);
+ }
+ }
// filter technical workspaces
// FIXME: rely on a more robust rule than just wksp name