Author: enorman Date: Sun May 1 23:13:21 2011 New Revision: 1098439 URL: http://svn.apache.org/viewvc?rev=1098439&view=rev Log: SLING-2067 Added null check to AuthorizablePrivilegesInfo to fix NPE when used in a script that is being rendered for the anonymous user
Modified: sling/trunk/bundles/jcr/jackrabbit-usermanager/src/main/java/org/apache/sling/jackrabbit/usermanager/impl/AuthorizablePrivilegesInfoImpl.java Modified: sling/trunk/bundles/jcr/jackrabbit-usermanager/src/main/java/org/apache/sling/jackrabbit/usermanager/impl/AuthorizablePrivilegesInfoImpl.java URL: http://svn.apache.org/viewvc/sling/trunk/bundles/jcr/jackrabbit-usermanager/src/main/java/org/apache/sling/jackrabbit/usermanager/impl/AuthorizablePrivilegesInfoImpl.java?rev=1098439&r1=1098438&r2=1098439&view=diff ============================================================================== --- sling/trunk/bundles/jcr/jackrabbit-usermanager/src/main/java/org/apache/sling/jackrabbit/usermanager/impl/AuthorizablePrivilegesInfoImpl.java (original) +++ sling/trunk/bundles/jcr/jackrabbit-usermanager/src/main/java/org/apache/sling/jackrabbit/usermanager/impl/AuthorizablePrivilegesInfoImpl.java Sun May 1 23:13:21 2011 @@ -23,6 +23,7 @@ import java.util.Dictionary; import javax.jcr.RepositoryException; import javax.jcr.Session; +import javax.servlet.Servlet; import org.apache.jackrabbit.api.security.user.Authorizable; import org.apache.jackrabbit.api.security.user.Group; @@ -31,6 +32,9 @@ import org.apache.jackrabbit.api.securit import org.apache.sling.commons.osgi.OsgiUtil; import org.apache.sling.jackrabbit.usermanager.AuthorizablePrivilegesInfo; import org.apache.sling.jcr.base.util.AccessControlUtil; +import org.osgi.framework.BundleContext; +import org.osgi.framework.InvalidSyntaxException; +import org.osgi.framework.ServiceReference; import org.osgi.service.component.ComponentContext; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -110,16 +114,18 @@ public class AuthorizablePrivilegesInfoI UserManager userManager = AccessControlUtil.getUserManager(jcrSession); Authorizable currentUser = userManager.getAuthorizable(jcrSession.getUserID()); - if (((User)currentUser).isAdmin()) { - return true; //admin user has full control - } - - //check if the user is a member of the 'Group administrator' group - Authorizable groupAdmin = userManager.getAuthorizable(this.groupAdminGroupName); - if (groupAdmin instanceof Group) { - boolean isMember = ((Group)groupAdmin).isMember(currentUser); - if (isMember) { - return true; + if (currentUser != null) { + if (((User)currentUser).isAdmin()) { + return true; //admin user has full control + } + + //check if the user is a member of the 'Group administrator' group + Authorizable groupAdmin = userManager.getAuthorizable(this.groupAdminGroupName); + if (groupAdmin instanceof Group) { + boolean isMember = ((Group)groupAdmin).isMember(currentUser); + if (isMember) { + return true; + } } } } catch (RepositoryException e) { @@ -133,23 +139,46 @@ public class AuthorizablePrivilegesInfoI */ public boolean canAddUser(Session jcrSession) { try { + //if self-registration is enabled, then anyone can create a user + if (componentContext != null) { + String filter = "(&(sling.servlet.resourceTypes=sling/users)(|(sling.servlet.methods=POST)(sling.servlet.selectors=create)))"; + BundleContext bundleContext = componentContext.getBundleContext(); + ServiceReference[] serviceReferences = bundleContext.getServiceReferences(Servlet.class.getName(), filter); + if (serviceReferences != null) { + String propName = "self.registration.enabled"; + for (ServiceReference serviceReference : serviceReferences) { + Object propValue = serviceReference.getProperty(propName); + if (propValue != null) { + boolean selfRegEnabled = Boolean.TRUE.equals(propValue); + if (selfRegEnabled) { + return true; + } + break; + } + } + } + } + UserManager userManager = AccessControlUtil.getUserManager(jcrSession); Authorizable currentUser = userManager.getAuthorizable(jcrSession.getUserID()); - - if (((User)currentUser).isAdmin()) { - return true; //admin user has full control - } - - //check if the user is a member of the 'User administrator' group - Authorizable userAdmin = userManager.getAuthorizable(this.userAdminGroupName); - if (userAdmin instanceof Group) { - boolean isMember = ((Group)userAdmin).isMember(currentUser); - if (isMember) { - return true; + if (currentUser != null) { + if (((User)currentUser).isAdmin()) { + return true; //admin user has full control + } + + //check if the user is a member of the 'User administrator' group + Authorizable userAdmin = userManager.getAuthorizable(this.userAdminGroupName); + if (userAdmin instanceof Group) { + boolean isMember = ((Group)userAdmin).isMember(currentUser); + if (isMember) { + return true; + } } } } catch (RepositoryException e) { log.warn("Failed to determine if {} can add a new user", jcrSession.getUserID()); + } catch (InvalidSyntaxException e) { + log.warn("Failed to determine if {} can add a new user", jcrSession.getUserID()); } return false; } @@ -276,6 +305,9 @@ public class AuthorizablePrivilegesInfoI // ---------- SCR Integration ---------------------------------------------- + //keep track of the bundle context + private ComponentContext componentContext; + /** * Called by SCR to activate the component. * @@ -288,6 +320,8 @@ public class AuthorizablePrivilegesInfoI throws InvalidKeyException, NoSuchAlgorithmException, IllegalStateException, UnsupportedEncodingException { + this.componentContext = componentContext; + Dictionary<?, ?> properties = componentContext.getProperties(); this.userAdminGroupName = OsgiUtil.toString(properties.get(PAR_USER_ADMIN_GROUP_NAME),