Revision 6830
Added by ben leinfelder over 12 years ago
| src/edu/ucsb/nceas/metacat/dataone/D1NodeService.java | ||
|---|---|---|
| 618 | 618 |
boolean allowed = false; |
| 619 | 619 |
|
| 620 | 620 |
// permissions are hierarchical |
| 621 |
List<Permission> expandedPermissions = expandPermissions(permission);
|
|
| 621 |
List<Permission> expandedPermissions = null;
|
|
| 622 | 622 |
|
| 623 | 623 |
// for the "Verified" symbolic user |
| 624 | 624 |
Subject verifiedSubject = new Subject(); |
| ... | ... | |
| 705 | 705 |
for (AccessRule accessRule: allows) {
|
| 706 | 706 |
for (Subject s: subjects) {
|
| 707 | 707 |
if (accessRule.getSubjectList().contains(s)) {
|
| 708 |
for (Permission p: expandedPermissions) {
|
|
| 709 |
allowed = accessRule.getPermissionList().contains(p); |
|
| 710 |
if (allowed) {
|
|
| 711 |
break search; //label break |
|
| 712 |
} |
|
| 708 |
for (Permission p: accessRule.getPermissionList()) {
|
|
| 709 |
expandedPermissions = expandPermissions(p); |
|
| 710 |
allowed = expandedPermissions.contains(permission); |
|
| 711 |
if (allowed) {
|
|
| 712 |
break search; //label break |
|
| 713 |
} |
|
| 713 | 714 |
} |
| 714 | 715 |
|
| 715 | 716 |
} |
Also available in: Unified diff
exapnd permissions on the exisiting access rule not on the permission being checked. (hierarchical permissions)