Project

General

Profile

« Previous | Next » 

Revision 6830

exapnd permissions on the exisiting access rule not on the permission being checked. (hierarchical permissions)

View differences:

src/edu/ucsb/nceas/metacat/dataone/D1NodeService.java
618 618
    boolean allowed = false;
619 619
    
620 620
    // permissions are hierarchical
621
    List<Permission> expandedPermissions = expandPermissions(permission);
621
    List<Permission> expandedPermissions = null;
622 622
    
623 623
    // for the "Verified" symbolic user
624 624
    Subject verifiedSubject = new Subject();
......
705 705
	    for (AccessRule accessRule: allows) {
706 706
	      for (Subject s: subjects) {
707 707
	        if (accessRule.getSubjectList().contains(s)) {
708
	        	for (Permission p: expandedPermissions) {
709
		          allowed = accessRule.getPermissionList().contains(p);
710
		          if (allowed) {
711
		        	  break search; //label break
712
		          }
708
	        	for (Permission p: accessRule.getPermissionList()) {
709
	        		expandedPermissions = expandPermissions(p);
710
	        		allowed = expandedPermissions.contains(permission);
711
	        		if (allowed) {
712
	        			break search; //label break
713
	        		}
713 714
	        	}
714 715
        		
715 716
	        }

Also available in: Unified diff