private static boolean canReplicate(String path, Session session) throws RepositoryException {
AccessControlManager acMgr = session.getAccessControlManager();
return session
.getAccessControlManager()
.hasPrivileges(
path, new Privilege[] {acMgr.privilegeFromName(Replicator.REPLICATE_PRIVILEGE)});
}
protected RepositoryFileAcl internalUpdateAcl(
final Session session,
final PentahoJcrConstants pentahoJcrConstants,
final Serializable fileId,
final RepositoryFileAcl acl)
throws RepositoryException {
Node node = session.getNodeByIdentifier(fileId.toString());
if (node == null) {
throw new RepositoryException(
Messages.getInstance()
.getString(
"JackrabbitRepositoryFileAclDao.ERROR_0001_NODE_NOT_FOUND",
fileId.toString())); // $NON-NLS-1$
}
String absPath = node.getPath();
AccessControlManager acMgr = session.getAccessControlManager();
AccessControlList acList = getAccessControlList(acMgr, absPath);
// clear all entries
AccessControlEntry[] acEntries = acList.getAccessControlEntries();
for (int i = 0; i < acEntries.length; i++) {
acList.removeAccessControlEntry(acEntries[i]);
}
JcrRepositoryFileAclUtils.setAclMetadata(
session,
absPath,
acList,
new AclMetadata(acl.getOwner().getName(), acl.isEntriesInheriting()));
// add entries to now empty list but only if not inheriting; force user to start with clean
// slate
if (!acl.isEntriesInheriting()) {
for (RepositoryFileAce ace : acl.getAces()) {
Principal principal = null;
if (RepositoryFileSid.Type.ROLE == ace.getSid().getType()) {
principal = new SpringSecurityRolePrincipal(ace.getSid().getName());
} else {
principal = new SpringSecurityUserPrincipal(ace.getSid().getName());
}
acList.addAccessControlEntry(
principal,
permissionConversionHelper.pentahoPermissionsToPrivileges(
session, ace.getPermissions()));
}
}
acMgr.setPolicy(absPath, acList);
session.save();
return getAcl(fileId);
}
private RepositoryFileAcl toAcl(
final Session session, final PentahoJcrConstants pentahoJcrConstants, final Serializable id)
throws RepositoryException {
Node node = session.getNodeByIdentifier(id.toString());
if (node == null) {
throw new RepositoryException(
Messages.getInstance()
.getString(
"JackrabbitRepositoryFileAclDao.ERROR_0001_NODE_NOT_FOUND",
id.toString())); // $NON-NLS-1$
}
String absPath = node.getPath();
AccessControlManager acMgr = session.getAccessControlManager();
AccessControlList acList = getAccessControlList(acMgr, absPath);
RepositoryFileSid owner = null;
String ownerString = getOwner(session, absPath, acList);
if (ownerString != null) {
// for now, just assume all owners are users; only has UI impact
owner =
new RepositoryFileSid(
JcrTenantUtils.getUserNameUtils().getPrincipleName(ownerString),
RepositoryFileSid.Type.USER);
}
RepositoryFileAcl.Builder aclBuilder = new RepositoryFileAcl.Builder(id, owner);
aclBuilder.entriesInheriting(isEntriesInheriting(session, absPath, acList));
List<AccessControlEntry> cleanedAcEntries =
JcrRepositoryFileAclUtils.removeAclMetadata(
Arrays.asList(acList.getAccessControlEntries()));
for (AccessControlEntry acEntry : cleanedAcEntries) {
if (!acEntry
.getPrincipal()
.equals(
new SpringSecurityRolePrincipal(
JcrTenantUtils.getTenantedRole(tenantAdminAuthorityName)))) {
aclBuilder.ace(toAce(session, acEntry));
}
}
return aclBuilder.build();
}
protected void createUserHome(String userId) {
LOG.log(Level.FINE, "Checking home folders for {0}", userId);
try {
if (repo == null) {
LOG.log(Level.FINE, "Repo is null. Exiting");
return;
}
Session sess = this.repo.login(new SimpleCredentials("admin", new char[0]));
String userRoot = "/users/_" + HttpUtils.generateId(userId);
String[] folders =
new String[] {
userRoot + "/Inbox",
userRoot + "/Drafts",
userRoot + "/Trash",
userRoot + "/Sent",
userRoot + "/Archive"
};
boolean needCreate = false;
for (String fld : folders) {
if (!sess.nodeExists(fld)) {
needCreate = true;
break;
}
}
if (!needCreate) {
sess.logout();
return;
}
for (String fld : folders) {
if (!sess.nodeExists(fld)) {
JcrUtils.getOrCreateByPath(fld, NodeType.NT_FOLDER, sess);
}
}
sess.save();
AccessControlManager aMgr = sess.getAccessControlManager();
// create a privilege set with jcr:all
Privilege[] privileges = new Privilege[] {aMgr.privilegeFromName(Privilege.JCR_ALL)};
AccessControlList acl;
try {
// get first applicable policy (for nodes w/o a policy)
acl = (AccessControlList) aMgr.getApplicablePolicies(userRoot).nextAccessControlPolicy();
} catch (NoSuchElementException e) {
// else node already has a policy, get that one
acl = (AccessControlList) aMgr.getPolicies(userRoot)[0];
}
// remove all existing entries
for (AccessControlEntry e : acl.getAccessControlEntries()) {
acl.removeAccessControlEntry(e);
}
// add a new one for a principal
acl.addAccessControlEntry(new PrincipalImpl(userId), privileges);
// the policy must be re-set
aMgr.setPolicy(userRoot, acl);
sess.save();
sess.logout();
LOG.log(Level.FINE, "Home folders created for {0}", userId);
} catch (Exception e) {
LOG.log(Level.FINE, null, e);
}
}
protected RepositoryFileAcl internalUpdateAcl(
final Session session,
final PentahoJcrConstants pentahoJcrConstants,
final Serializable fileId,
final RepositoryFileAcl acl)
throws RepositoryException {
if (isKioskEnabled()) {
throw new RuntimeException(
Messages.getInstance()
.getString("JcrRepositoryFileDao.ERROR_0006_ACCESS_DENIED")); // $NON-NLS-1$
}
DefaultPermissionConversionHelper permissionConversionHelper =
new DefaultPermissionConversionHelper(session);
Node node = session.getNodeByIdentifier(fileId.toString());
if (node == null) {
throw new RepositoryException(
Messages.getInstance()
.getString(
"JackrabbitRepositoryFileAclDao.ERROR_0001_NODE_NOT_FOUND",
fileId.toString())); // $NON-NLS-1$
}
String absPath = node.getPath();
AccessControlManager acMgr = session.getAccessControlManager();
AccessControlList acList = getAccessControlList(acMgr, absPath);
// clear all entries
AccessControlEntry[] acEntries = acList.getAccessControlEntries();
for (int i = 0; i < acEntries.length; i++) {
acList.removeAccessControlEntry(acEntries[i]);
}
JcrRepositoryFileAclUtils.setAclMetadata(
session,
absPath,
acList,
new AclMetadata(acl.getOwner().getName(), acl.isEntriesInheriting()));
// add entries to now empty list but only if not inheriting; force user to start with clean
// slate
boolean adminPrincipalExist = false;
ITenant principalTenant = null;
if (!acl.isEntriesInheriting()) {
for (RepositoryFileAce ace : acl.getAces()) {
Principal principal = null;
if (RepositoryFileSid.Type.ROLE == ace.getSid().getType()) {
String principalName =
JcrTenantUtils.getRoleNameUtils().getPrincipleName(ace.getSid().getName());
if (tenantAdminAuthorityName.equals(principalName)) {
adminPrincipalExist = true;
}
principal =
new SpringSecurityRolePrincipal(
JcrTenantUtils.getTenantedRole(ace.getSid().getName()));
} else {
principal =
new SpringSecurityUserPrincipal(
JcrTenantUtils.getTenantedUser(ace.getSid().getName()));
}
acList.addAccessControlEntry(
principal,
permissionConversionHelper.pentahoPermissionsToPrivileges(
session, ace.getPermissions()));
}
if (!adminPrincipalExist) {
if (acl.getAces() != null && acl.getAces().size() > 0) {
principalTenant =
JcrTenantUtils.getRoleNameUtils().getTenant(acl.getAces().get(0).getSid().getName());
}
if (principalTenant == null || principalTenant.getId() == null) {
principalTenant = JcrTenantUtils.getTenant();
}
List<RepositoryFilePermission> permissionList = new ArrayList<RepositoryFilePermission>();
permissionList.add(RepositoryFilePermission.ALL);
Principal adminPrincipal =
new SpringSecurityRolePrincipal(
JcrTenantUtils.getRoleNameUtils()
.getPrincipleId(principalTenant, tenantAdminAuthorityName));
acList.addAccessControlEntry(
adminPrincipal,
permissionConversionHelper.pentahoPermissionsToPrivileges(
session, EnumSet.copyOf(permissionList)));
}
}
acMgr.setPolicy(absPath, acList);
session.save();
return getAcl(fileId);
}
