From 659c636b913024e967b25730fac6f4d30ae173a8 Mon Sep 17 00:00:00 2001
From: Mathieu Baudier <mbaudier@argeo.org>
Date: Thu, 8 Nov 2012 18:24:37 +0000
Subject: [PATCH] Make add privilege smarter

git-svn-id: https://svn.argeo.org/commons/trunk@5753 4cfe0d0a-d680-48aa-b62c-e0a02a3f76cc
---
 .../src/main/java/org/argeo/jcr/JcrUtils.java | 43 ++++++++++++++-----
 .../argeo/jcr/security/JcrAuthorizations.java | 21 +++++----
 2 files changed, 42 insertions(+), 22 deletions(-)

diff --git a/server/runtime/org.argeo.server.jcr/src/main/java/org/argeo/jcr/JcrUtils.java b/server/runtime/org.argeo.server.jcr/src/main/java/org/argeo/jcr/JcrUtils.java
index 0a2377b61..5afebcee4 100644
--- a/server/runtime/org.argeo.server.jcr/src/main/java/org/argeo/jcr/JcrUtils.java
+++ b/server/runtime/org.argeo.server.jcr/src/main/java/org/argeo/jcr/JcrUtils.java
@@ -1242,25 +1242,46 @@ public class JcrUtils implements ArgeoJcrConstants {
 	 * exist. Session is saved. Synchronized to prevent concurrent modifications
 	 * of the same node.
 	 */
-	public synchronized static void addPrivileges(Session session, String path,
-			Principal principal, List<Privilege> privs)
+	public synchronized static Boolean addPrivileges(Session session,
+			String path, Principal principal, List<Privilege> privs)
 			throws RepositoryException {
 		// make sure the session is in line with the persisted state
 		session.refresh(false);
 		AccessControlManager acm = session.getAccessControlManager();
 		AccessControlList acl = getAccessControlList(acm, path);
-		acl.addAccessControlEntry(principal,
-				privs.toArray(new Privilege[privs.size()]));
+
+		accessControlEntries: for (AccessControlEntry ace : acl
+				.getAccessControlEntries()) {
+			Principal currentPrincipal = ace.getPrincipal();
+			if (currentPrincipal.getName().equals(principal.getName())) {
+				Privilege[] currentPrivileges = ace.getPrivileges();
+				if (currentPrivileges.length != privs.size())
+					break accessControlEntries;
+				for (int i = 0; i < currentPrivileges.length; i++) {
+					Privilege currP = currentPrivileges[i];
+					Privilege p = privs.get(i);
+					if (!currP.getName().equals(p.getName())) {
+						break accessControlEntries;
+					}
+				}
+				return false;
+			}
+		}
+
+		Privilege[] privileges = privs.toArray(new Privilege[privs.size()]);
+		acl.addAccessControlEntry(principal, privileges);
 		acm.setPolicy(path, acl);
-//		if (log.isTraceEnabled()) {
-//			StringBuffer privBuf = new StringBuffer();
-//			for (Privilege priv : privs)
-//				privBuf.append(priv.getName());
-//			log.trace("Added privileges " + privBuf + " to " + principal
-//					+ " on " + path);
-//		}
+		if (log.isDebugEnabled()) {
+			StringBuffer privBuf = new StringBuffer();
+			for (Privilege priv : privs)
+				privBuf.append(priv.getName());
+			log.debug("Added privileges " + privBuf + " to "
+					+ principal.getName() + " on " + path + " in '"
+					+ session.getWorkspace().getName() + "'");
+		}
 		session.refresh(true);
 		session.save();
+		return true;
 	}
 
 	/** Gets access control list for this path, throws exception if not found */
diff --git a/server/runtime/org.argeo.server.jcr/src/main/java/org/argeo/jcr/security/JcrAuthorizations.java b/server/runtime/org.argeo.server.jcr/src/main/java/org/argeo/jcr/security/JcrAuthorizations.java
index 14ac2bc34..7e698602e 100644
--- a/server/runtime/org.argeo.server.jcr/src/main/java/org/argeo/jcr/security/JcrAuthorizations.java
+++ b/server/runtime/org.argeo.server.jcr/src/main/java/org/argeo/jcr/security/JcrAuthorizations.java
@@ -27,15 +27,14 @@ import javax.jcr.Session;
 import javax.jcr.security.AccessControlManager;
 import javax.jcr.security.Privilege;
 
-import org.apache.commons.logging.Log;
-import org.apache.commons.logging.LogFactory;
 import org.argeo.ArgeoException;
 import org.argeo.jcr.JcrUtils;
 import org.argeo.util.security.SimplePrincipal;
 
 /** Apply authorizations to a JCR repository. */
 public class JcrAuthorizations implements Runnable {
-	private final static Log log = LogFactory.getLog(JcrAuthorizations.class);
+	// private final static Log log =
+	// LogFactory.getLog(JcrAuthorizations.class);
 
 	private Repository repository;
 	private String workspace = null;
@@ -127,14 +126,14 @@ public class JcrAuthorizations implements Runnable {
 				Principal principal = getOrCreatePrincipal(session,
 						principalName);
 				JcrUtils.addPrivileges(session, path, principal, privs);
-				if (log.isDebugEnabled()) {
-					StringBuffer privBuf = new StringBuffer();
-					for (Privilege priv : privs)
-						privBuf.append(priv.getName());
-					log.debug("Added privileges " + privBuf + " to "
-							+ principal.getName() + " on " + path + " in '"
-							+ session.getWorkspace().getName() + "'");
-				}
+				// if (log.isDebugEnabled()) {
+				// StringBuffer privBuf = new StringBuffer();
+				// for (Privilege priv : privs)
+				// privBuf.append(priv.getName());
+				// log.debug("Added privileges " + privBuf + " to "
+				// + principal.getName() + " on " + path + " in '"
+				// + session.getWorkspace().getName() + "'");
+				// }
 			}
 		}
 
-- 
2.30.2