From adec844f9bcb5c6c45009409476776b3dbdc1d3d Mon Sep 17 00:00:00 2001 From: Bruno Sinou Date: Mon, 18 Mar 2013 12:10:23 +0000 Subject: [PATCH] Fix workspace display for user anonymous. git-svn-id: https://svn.argeo.org/slc/trunk@6155 4cfe0d0a-d680-48aa-b62c-e0a02a3f76cc --- .../slc/client/ui/dist/model/GroupElem.java | 26 ++++++++++- .../slc/client/ui/dist/model/RepoElem.java | 43 +++++++++---------- 2 files changed, 45 insertions(+), 24 deletions(-) diff --git a/plugins/org.argeo.slc.client.ui.dist/src/main/java/org/argeo/slc/client/ui/dist/model/GroupElem.java b/plugins/org.argeo.slc.client.ui.dist/src/main/java/org/argeo/slc/client/ui/dist/model/GroupElem.java index 512f1b5f9..8e9cef36d 100644 --- a/plugins/org.argeo.slc.client.ui.dist/src/main/java/org/argeo/slc/client/ui/dist/model/GroupElem.java +++ b/plugins/org.argeo.slc.client.ui.dist/src/main/java/org/argeo/slc/client/ui/dist/model/GroupElem.java @@ -1,5 +1,6 @@ package org.argeo.slc.client.ui.dist.model; +import java.security.AccessControlException; import java.util.ArrayList; import java.util.List; @@ -28,13 +29,34 @@ public class GroupElem extends DistParentElem { Session session = null; try { Repository repository = repoElem.getRepository(); - // Node repoNode = repoElem.getRepoNode(); session = repository.login(repoElem.getCredentials()); String[] workspaceNames = session.getWorkspace() .getAccessibleWorkspaceNames(); List distributionElems = new ArrayList(); - for (String workspaceName : workspaceNames) { + buildWksp: for (String workspaceName : workspaceNames) { + + // Filter non-public workspaces for user anonymous. + if (repoElem.getRepoNode() == null) { + Session tmpSession = null; + try { + tmpSession = repository.login(workspaceName); + Boolean res = true; + try { + tmpSession.checkPermission("/", "read"); + } catch (AccessControlException e) { + res = false; + } + if (!res) + continue buildWksp; + } catch (RepositoryException e) { + throw new SlcException( + "Cannot list workspaces for anonymous user", e); + } finally { + JcrUtils.logoutQuietly(tmpSession); + } + } + // filter technical workspaces if (workspaceName.startsWith(name)) { distributionElems.add(new WorkspaceElem(repoElem, diff --git a/plugins/org.argeo.slc.client.ui.dist/src/main/java/org/argeo/slc/client/ui/dist/model/RepoElem.java b/plugins/org.argeo.slc.client.ui.dist/src/main/java/org/argeo/slc/client/ui/dist/model/RepoElem.java index 8e48d231f..6d07d1c67 100644 --- a/plugins/org.argeo.slc.client.ui.dist/src/main/java/org/argeo/slc/client/ui/dist/model/RepoElem.java +++ b/plugins/org.argeo.slc.client.ui.dist/src/main/java/org/argeo/slc/client/ui/dist/model/RepoElem.java @@ -1,5 +1,6 @@ package org.argeo.slc.client.ui.dist.model; +import java.security.AccessControlException; import java.util.HashMap; import java.util.Map; @@ -25,7 +26,7 @@ import org.argeo.util.security.Keyring; * Node or just an URI and a label if user is anonymous */ public class RepoElem extends DistParentElem { - + // private final static Log log = LogFactory.getLog(RepoElem.class); private Repository repository; private Credentials credentials; private RepositoryFactory repositoryFactory; @@ -112,27 +113,25 @@ public class RepoElem extends DistParentElem { // Add a supplementary check to hide workspace that are not // public to anonymous user - // TODO fix this - // if (repoNode == null) { - // Session tmpSession = null; - // try { - // tmpSession = repository.login(); - // Privilege[] priv = new Privilege[1]; - // priv[0] = tmpSession.getAccessControlManager() - // .privilegeFromName(Privilege.JCR_READ); - // Privilege[] tmp = tmpSession.getAccessControlManager() - // .getPrivileges("/"); - // boolean res = tmpSession.getAccessControlManager() - // .hasPrivileges("/", priv); - // if (!res) - // continue buildWksp; - // } catch (RepositoryException e) { - // throw new SlcException( - // "Cannot list workspaces for anonymous user", e); - // } finally { - // JcrUtils.logoutQuietly(tmpSession); - // } - // } + if (repoNode == null) { + Session tmpSession = null; + try { + tmpSession = repository.login(workspaceName); + Boolean res = true; + try { + tmpSession.checkPermission("/", "read"); + } catch (AccessControlException e) { + res = false; + } + if (!res) + continue buildWksp; + } catch (RepositoryException e) { + throw new SlcException( + "Cannot list workspaces for anonymous user", e); + } finally { + JcrUtils.logoutQuietly(tmpSession); + } + } // filter technical workspaces // FIXME: rely on a more robust rule than just wksp name -- 2.39.5