Revision 6830
Added by ben leinfelder almost 13 years ago
src/edu/ucsb/nceas/metacat/dataone/D1NodeService.java | ||
---|---|---|
618 | 618 |
boolean allowed = false; |
619 | 619 |
|
620 | 620 |
// permissions are hierarchical |
621 |
List<Permission> expandedPermissions = expandPermissions(permission);
|
|
621 |
List<Permission> expandedPermissions = null;
|
|
622 | 622 |
|
623 | 623 |
// for the "Verified" symbolic user |
624 | 624 |
Subject verifiedSubject = new Subject(); |
... | ... | |
705 | 705 |
for (AccessRule accessRule: allows) { |
706 | 706 |
for (Subject s: subjects) { |
707 | 707 |
if (accessRule.getSubjectList().contains(s)) { |
708 |
for (Permission p: expandedPermissions) { |
|
709 |
allowed = accessRule.getPermissionList().contains(p); |
|
710 |
if (allowed) { |
|
711 |
break search; //label break |
|
712 |
} |
|
708 |
for (Permission p: accessRule.getPermissionList()) { |
|
709 |
expandedPermissions = expandPermissions(p); |
|
710 |
allowed = expandedPermissions.contains(permission); |
|
711 |
if (allowed) { |
|
712 |
break search; //label break |
|
713 |
} |
|
713 | 714 |
} |
714 | 715 |
|
715 | 716 |
} |
Also available in: Unified diff
exapnd permissions on the exisiting access rule not on the permission being checked. (hierarchical permissions)