| Code with Misuse: |
class ItemManager {
/**
* @param data
* @param path Path to be used for the permission check or <code>null</code>
* in which case the itemId present with the specified <code>data</code> is used.
* @return true if the item with the given <code>data</code> can be read;
* <code>false</code> otherwise.
* @throws AccessDeniedException
* @throws RepositoryException
*/
private boolean canRead(ItemData data, Path path) throws AccessDeniedException, RepositoryException {
if (data.getState().getStatus() == ItemState.STATUS_NEW &&
!data.getDefinition().isProtected()) {
// NEW items can always be read as long they have been added
// through the API and NOT by the system (i.e. protected props).
return true;
} else {
return (path == null) ?
canRead(data.getId()) :
session.getAccessManager().canRead(path);
}
}
}
|
