protected void checkNegativeAcl(ACP acp) {
if (negativeAclAllowed) {
return;
}
if (acp == null) {
return;
}
for (ACL acl : acp.getACLs()) {
if (acl.getName().equals(ACL.INHERITED_ACL)) {
continue;
}
for (ACE ace : acl.getACEs()) {
if (ace.isGranted()) {
continue;
}
String permission = ace.getPermission();
if (permission.equals(SecurityConstants.EVERYTHING)
&& ace.getUsername().equals(SecurityConstants.EVERYONE)) {
continue;
}
// allow Write, as we're sure it doesn't include Read/Browse
if (permission.equals(SecurityConstants.WRITE)) {
continue;
}
throw new IllegalArgumentException("Negative ACL not allowed: " + ace);
}
}
}
protected static void addACLRow(List<ACLRow> aclrows, String name, ACE ace) {
// XXX should prefix user/group
String user = ace.getUsername();
if (user == null) {
// JCR implementation logs null and skips it
return;
}
String group = null; // XXX all in user for now
aclrows.add(
new ACLRow(aclrows.size(), name, ace.isGranted(), ace.getPermission(), user, group));
}
