public boolean addPrivilege(Privilege aPrivilege) {
boolean wasAdded = false;
if (privileges.contains(aPrivilege)) {
return false;
}
if (privileges.contains(aPrivilege)) {
return false;
}
if (privileges.contains(aPrivilege)) {
return false;
}
Employee existingEmployee = aPrivilege.getEmployee();
boolean isNewEmployee = existingEmployee != null && !this.equals(existingEmployee);
if (isNewEmployee && existingEmployee.numberOfPrivileges() <= minimumNumberOfPrivileges()) {
return wasAdded;
}
if (isNewEmployee) {
aPrivilege.setEmployee(this);
} else {
privileges.add(aPrivilege);
}
wasAdded = true;
return wasAdded;
}
private List<Privilege> getPrivilegesToFilter(Node node) {
if (node instanceof JCRNodeWrapper) {
node = ((JCRNodeWrapper) node).getRealNode();
}
List<Privilege> privilegeToFilterOut = new ArrayList<>();
// jcr:modifyAccessControl permission when data source is AccessControllable, only on
// ExternalNodeImpl
// ExtensionNodeImpl acls can be modify
if (aclReadOnly && node instanceof ExternalNodeImpl) {
privilegeToFilterOut.add(modifyAccessControlPrivilege);
}
// all write permissions in case of the data source not writable and not extendable
if (!writable
&& node instanceof ExternalNodeImpl
&& (session.getOverridableProperties() == null
|| session.getOverridableProperties().size() == 0)) {
privilegeToFilterOut.add(writePrivilege);
privilegeToFilterOut.addAll(Lists.newArrayList(writePrivilege.getAggregatePrivileges()));
}
return privilegeToFilterOut;
}
public void delete() {
for (int i = shifts.size(); i > 0; i--) {
Shift aShift = shifts.get(i - 1);
aShift.delete();
}
for (int i = privileges.size(); i > 0; i--) {
Privilege aPrivilege = privileges.get(i - 1);
aPrivilege.delete();
}
Hospital placeholderHospital = hospital;
this.hospital = null;
placeholderHospital.removeEmployee(this);
ArrayList<Ward> copyOfWards = new ArrayList<Ward>(wards);
wards.clear();
for (Ward aWard : copyOfWards) {
aWard.removeEmployee(this);
}
}
@Override
public boolean hasPrivileges(final String absPath, final Privilege[] privileges)
throws PathNotFoundException, RepositoryException {
if (supportPrivileges) {
// if the node is created in the same session, return true
for (Item item : session.getNewItems()) {
if (item.getPath().equals(absPath)) {
return true;
}
}
// check privilege names
return hasPrivilegesLegacy(absPath, privileges);
} else {
// check ACLs
Set<String> privs = new HashSet<>();
for (Privilege privilege : privileges) {
privs.add(privilege.getName());
}
String mountPoint = session.getRepository().getStoreProvider().getMountPoint();
Session securitySession =
JCRSessionFactory.getInstance()
.getCurrentSystemSession(session.getWorkspace().getName(), null, null);
PathWrapper pathWrapper =
new ExternalPathWrapperImpl(
StringUtils.equals(absPath, "/") ? mountPoint : mountPoint + absPath,
securitySession);
return AccessManagerUtils.isGranted(
pathWrapper,
privs,
securitySession,
jahiaPrincipal,
workspaceName,
false,
pathPermissionCache,
compiledAcls,
registry);
}
}
private static Privilege[] filterPrivileges(
Privilege[] privileges, List<Privilege> privilegesToFilterOut) {
Set<Privilege> filteredResult = new HashSet<Privilege>();
for (Privilege privilege : privileges) {
if (!privilegesToFilterOut.contains(privilege)) {
if (privilege.isAggregate()
&& areIntersecting(privilege.getDeclaredAggregatePrivileges(), privilegesToFilterOut)) {
// We de-aggregate a privilege in case any of its children are to be filtered out, since a
// privilege is valid only if all its children are valid.
filteredResult.addAll(
Arrays.asList(
filterPrivileges(
privilege.getDeclaredAggregatePrivileges(), privilegesToFilterOut)));
} else {
filteredResult.add(privilege);
}
}
}
return filteredResult.toArray(new Privilege[filteredResult.size()]);
}
public boolean removePrivilege(Privilege aPrivilege) {
boolean wasRemoved = false;
// Unable to remove aPrivilege, as it must always have a employee
if (this.equals(aPrivilege.getEmployee())) {
return wasRemoved;
}
// employee already at minimum (1)
if (numberOfPrivileges() <= minimumNumberOfPrivileges()) {
return wasRemoved;
}
privileges.remove(aPrivilege);
wasRemoved = true;
return wasRemoved;
}