Ejemplo n.º 1
0
 /**
  * Set authorizable id.
  *
  * @param request The sling request.
  * @param node The node where the authorizableId property is set
  * @throws RepositoryException if there is an error when saving to repository
  */
 private void setAuthorizableId(final SlingHttpServletRequest request, final Node node)
     throws RepositoryException {
   final String userIdentifier = request.getParameter(CollabUser.PROP_NAME);
   final Profile sessionProfile = getSessionProfile(request);
   String sessionUserId = null;
   if (sessionProfile != null) {
     sessionUserId = sessionProfile.getAuthorizable().getID();
   }
   if (StringUtils.isNotBlank(sessionUserId)) {
     final boolean anonymous = "anonymous".equals(sessionUserId);
     final boolean authorMode = isAuthorMode();
     if (!anonymous && authorMode) {
       final boolean userExists = userExists(userIdentifier, node.getSession());
       final boolean hasPermissions =
           hasPermissions(userIdentifier, getRequestSession(request), node.getSession());
       // use node.getSession() because that's an admin session
       if (userExists && hasPermissions) {
         JcrUtil.setProperty(node, "authorizableId", userIdentifier);
         if (!userIdentifier.equals(sessionUserId)) {
           log.warn(
               "host {} posted a comment with different userIdentifier ({}) than sessionUserId ({})",
               new String[] {request.getRemoteAddr(), userIdentifier, sessionUserId});
         }
       } else {
         log.warn(
             "host {} posted a comment with an unknown userIdentifier ({})",
             request.getRemoteAddr(),
             userIdentifier);
       }
     } else if (!anonymous && !authorMode) {
       final String userId = sessionUserId;
       if (userIdentifier != null && !sessionUserId.equals(userIdentifier)) {
         final StringBuilder exception = new StringBuilder("host ");
         exception.append(request.getRemoteAddr());
         exception.append("posted a comment with suspect userIdentifier (");
         exception.append(userIdentifier);
         exception.append("), sessionUserId (");
         exception.append(sessionUserId);
         exception.append(")");
         final String exceptionMessage = exception.toString();
         if (log.isWarnEnabled()) {
           log.warn(exceptionMessage);
         }
         throw new CommentException(exceptionMessage);
       }
       JcrUtil.setProperty(node, "authorizableId", userId);
     }
   }
 }
Ejemplo n.º 2
0
 /**
  * Return if user has permission.
  *
  * @param userIdentifier The user id
  * @param requestSession The {@link Session}.
  * @param adminSession The administrator {@link Session}.
  * @return if user has permission.
  */
 private boolean hasPermissions(
     final String userIdentifier, final Session requestSession, final Session adminSession) {
   try {
     if (StringUtils.isNotBlank(userIdentifier)) {
       final UserManager um = userManagerFactory.createUserManager(adminSession);
       if (um != null) {
         final Profile profile = um.get(userIdentifier).getProfile();
         if (profile != null) {
           if (requestSession != null) {
             return requestSession.hasPermission(profile.getPath(), Session.ACTION_READ);
           }
         }
       }
     }
     return false;
   } catch (final RepositoryException e) {
     return false;
   } catch (final NoSuchAuthorizableException e) {
     return false;
   }
 }