public ExternalAccessControlManager( NamespaceRegistry namespaceRegistry, ExternalSessionImpl session, ExternalDataSource dataSource) { this.session = session; this.workspaceName = session.getWorkspace().getName(); this.aclReadOnly = dataSource instanceof ExternalDataSource.AccessControllable || dataSource instanceof ExternalDataSource.SupportPrivileges; this.writable = dataSource instanceof ExternalDataSource.Writable; this.supportPrivileges = dataSource instanceof ExternalDataSource.SupportPrivileges; this.rootUserName = JahiaUserManagerService.getInstance().getRootUserName(); this.dataSource = dataSource; this.pathPermissionCache = Collections.synchronizedMap( new LRUMap(SettingsBean.getInstance().getAccessManagerPathPermissionCacheMaxSize())); this.jahiaPrincipal = new JahiaPrincipal( session.getUserID(), session.getRealm(), session.getUserID().startsWith(JahiaLoginModule.SYSTEM), JahiaLoginModule.GUEST.equals(session.getUserID())); try { registry = new JahiaPrivilegeRegistry(namespaceRegistry); this.modifyAccessControlPrivilege = registry.getPrivilege("jcr:modifyAccessControl", workspaceName); this.writePrivilege = registry.getPrivilege("jcr:write", workspaceName); } catch (RepositoryException e) { throw new JahiaRuntimeException(e); } }
@Override public Privilege privilegeFromName(String privilegeName) throws AccessControlException, RepositoryException { try { return registry.getPrivilege(privilegeName, null); } catch (AccessControlException e) { if (e.getMessage() != null && e.getMessage().startsWith("Unknown privilege {http://www.jcp.org/jcr/1.0}")) { // fallback to default workspace for JCR permissions return registry.getPrivilege(privilegeName, Constants.EDIT_WORKSPACE); } else { throw e; } } }
public boolean canManageNodeTypes(String path) throws RepositoryException { return hasPrivileges( path, new Privilege[] { registry.getPrivilege( JCR_NODE_TYPE_MANAGEMENT + "_" + session.getWorkspace().getName(), null) }); }
// JCR_REMOVE_NODE public void checkRemoveNode(String path) throws RepositoryException { if (!hasPrivileges( path, new Privilege[] { registry.getPrivilege(JCR_REMOVE_NODE + "_" + session.getWorkspace().getName(), null) })) { throw new AccessDeniedException(path); } }
// JCR_ADD_CHILD_NODES public void checkAddChildNodes(String path) throws RepositoryException { if (!hasPrivileges( path, new Privilege[] { registry.getPrivilege(JCR_ADD_CHILD_NODES + "_" + session.getWorkspace().getName(), null) })) { throw new AccessDeniedException(path); } }
public void checkRead(String path) throws RepositoryException { if (!hasPrivileges( path, new Privilege[] { registry.getPrivilege(JCR_READ + "_" + session.getWorkspace().getName(), null) })) { throw new PathNotFoundException(path); } }
// JCR_MODIFY_PROPERTIES public void checkModify(String path) throws RepositoryException { if (!hasPrivileges( path, new Privilege[] { registry.getPrivilege( JCR_MODIFY_PROPERTIES + "_" + session.getWorkspace().getName(), null) })) { throw new AccessDeniedException(path); } }
private Privilege[] getPrivilegesLegacy(String absPath) throws PathNotFoundException, RepositoryException { List<Privilege> l = new ArrayList<Privilege>(); for (String s : getPrivilegesNamesLegacy(absPath)) { Privilege privilege = registry.getPrivilege(s, null); if (privilege != null) { l.add(privilege); } } return l.toArray(new Privilege[l.size()]); }
@Override public Privilege[] getSupportedPrivileges(String absPath) throws PathNotFoundException, RepositoryException { return JahiaPrivilegeRegistry.getRegisteredPrivileges(); }