[Bedework-commit] access r103 - trunk/src/edu/rpi/cmt/access

svnadmin at bedework.org svnadmin at bedework.org
Fri Feb 27 15:53:20 EST 2009 

Author: douglm
Date: 2009-02-27 15:53:19 -0500 (Fri, 27 Feb 2009)
New Revision: 103

Modified:
   trunk/src/edu/rpi/cmt/access/AccessXmlUtil.java
Log:
Fix a number of bugs in xml acl parser

Modified: trunk/src/edu/rpi/cmt/access/AccessXmlUtil.java
===================================================================
--- trunk/src/edu/rpi/cmt/access/AccessXmlUtil.java	2009-02-20 14:59:37 UTC (rev 102)
+++ trunk/src/edu/rpi/cmt/access/AccessXmlUtil.java	2009-02-27 20:53:19 UTC (rev 103)
@@ -393,68 +393,101 @@
          <!ELEMENT grant (privilege+)>
          <!ELEMENT deny (privilege+)>
 
-         protected and inherited are for acl display
+         protected is for acl display
    */
   private boolean processAce(Node nd) throws Throwable {
     Element[] children = XmlUtil.getElementsArray(nd);
+    int pos = 0;
 
     if (children.length < 2) {
       throw exc("Bad ACE");
     }
 
-    Element curnode = children[0];
+    Element curnode = children[pos];
     boolean inverted = false;
 
     /* Require principal or invert */
 
-    if (XmlUtil.nodeMatches(curnode, WebdavTags.principal)) {
-    } else if (XmlUtil.nodeMatches(curnode, WebdavTags.invert)) {
+    if (XmlUtil.nodeMatches(curnode, WebdavTags.invert)) {
       /*  <!ELEMENT invert principal>       */
 
       inverted = true;
       curnode = XmlUtil.getOnlyElement(curnode);
-    } else {
-      throw exc("Bad ACE - expect principal | invert");
     }
 
     if (!parseAcePrincipal(curnode, inverted)) {
       return false;
     }
 
-    /* Recognize grant or deny */
-    for (int i = 1; i < children.length; i++) {
-      curnode = children[i];
+    pos++;
+    curnode = children[pos];
 
-      boolean denial = false;
+    /* grant or deny required here */
+    if (!parseGrantDeny(curnode)) {
+      if (debug) {
+        debugMsg("Expected grant | deny");
+      }
+      cb.setErrorTag(WebdavTags.noAceConflict);
+      return false;
+    }
 
-      if (XmlUtil.nodeMatches(curnode, WebdavTags.deny)) {
-        denial = true;
-      } else if (!XmlUtil.nodeMatches(curnode, WebdavTags.grant)) {
-        if (debug) {
-          debugMsg("Expected grant | deny");
-        }
-        cb.setErrorTag(WebdavTags.noAceConflict);
-        return false;
+    pos++;
+    if (pos == children.length) {
+      return true;
+    }
+    curnode = children[pos];
+
+    /* grant or deny possible here */
+    if (parseGrantDeny(curnode)) {
+      pos++;
+      if (pos == children.length) {
+        return true;
       }
+      curnode = children[pos];
+    }
 
-      Element[] pchildren = XmlUtil.getElementsArray(curnode);
+    /* possible inherited */
+    if (XmlUtil.nodeMatches(curnode, WebdavTags.inherited)) {
+      curAce.setInherited(true);
+      curnode = XmlUtil.getOnlyElement(curnode);
 
-      for (int pi = 0; pi < pchildren.length; pi++) {
-        Element pnode = pchildren[pi];
+      if (!XmlUtil.nodeMatches(curnode, WebdavTags.href)) {
+        throw exc("Missing inherited href");
+      }
 
-        if (!XmlUtil.nodeMatches(pnode, WebdavTags.privilege)) {
-          throw exc("Bad ACE - expect privilege");
-        }
+      String href = XmlUtil.getElementContent(curnode);
 
-        parsePrivilege(pnode, denial);
+      if ((href == null) || (href.length() == 0)) {
+        throw exc("Missing inherited href");
       }
+
+      curAce.setInheritedFrom(href);
     }
 
+    /* Need this
+    if (XmlUtil.nodeMatches(curnode, WebdavTags.protected)) {
+      pos++;
+      if (pos == children.length) {
+        return true;
+      }
+      curnode = children[pos];
+    }
+    */
+
+    pos++;
+    if (pos < children.length) {
+      throw exc("Unexpected element " + children[pos]);
+    }
+
     return true;
   }
 
   private boolean parseAcePrincipal(Node nd,
                                    boolean inverted) throws Throwable {
+    if (!XmlUtil.nodeMatches(nd, WebdavTags.principal)) {
+      throw exc("Bad ACE - expect principal");
+    }
+
     Element el = XmlUtil.getOnlyElement(nd);
 
     int whoType = -1;
@@ -506,6 +539,30 @@
     return true;
   }
 
+  private boolean parseGrantDeny(Node nd) throws Throwable {
+    boolean denial = false;
+
+    if (XmlUtil.nodeMatches(nd, WebdavTags.deny)) {
+      denial = true;
+    } else if (!XmlUtil.nodeMatches(nd, WebdavTags.grant)) {
+      return false;
+    }
+
+    Element[] pchildren = XmlUtil.getElementsArray(nd);
+
+    for (int pi = 0; pi < pchildren.length; pi++) {
+      Element pnode = pchildren[pi];
+
+      if (!XmlUtil.nodeMatches(pnode, WebdavTags.privilege)) {
+        throw exc("Bad ACE - expect privilege");
+      }
+
+      parsePrivilege(pnode, denial);
+    }
+
+    return true;
+  }
+
   private void parsePrivilege(Node nd,
                              boolean denial) throws Throwable {
     Element el = XmlUtil.getOnlyElement(nd);

More information about the Bedework-commit mailing list