/** * @see * org.apache.jackrabbit.core.security.authorization.AccessControlProvider#getEffectivePolicies(java.util.Set, * CompiledPermissions) */ public AccessControlPolicy[] getEffectivePolicies( Set<Principal> principals, CompiledPermissions permissions) throws RepositoryException { String propName = ISO9075.encode(session.getJCRName(P_PRINCIPAL_NAME)); StringBuilder stmt = new StringBuilder("/jcr:root"); stmt.append("//element(*,"); stmt.append(session.getJCRName(NT_REP_ACE)); stmt.append(")["); int i = 0; for (Principal principal : principals) { if (i > 0) { stmt.append(" or "); } stmt.append("@"); stmt.append(propName); stmt.append("='"); stmt.append(principal.getName().replaceAll("'", "''")); stmt.append("'"); i++; } stmt.append("]"); QueryResult result; try { QueryManager qm = session.getWorkspace().getQueryManager(); Query q = qm.createQuery(stmt.toString(), Query.XPATH); result = q.execute(); } catch (RepositoryException e) { log.error("Unexpected error while searching effective policies.", e.getMessage()); throw new UnsupportedOperationException( "Retrieve effective policies for set of principals not supported.", e); } Set<AccessControlPolicy> acls = new LinkedHashSet<AccessControlPolicy>(); for (NodeIterator it = result.getNodes(); it.hasNext(); ) { NodeImpl aclNode = (NodeImpl) it.nextNode().getParent(); Name aclName = aclNode.getQName(); NodeImpl accessControlledNode = (NodeImpl) aclNode.getParent(); if (N_POLICY.equals(aclName) && isAccessControlled(accessControlledNode)) { if (permissions.canRead(aclNode.getPrimaryPath(), aclNode.getNodeId())) { acls.add(getACL(accessControlledNode, N_POLICY, accessControlledNode.getPath())); } else { throw new AccessDeniedException( "Access denied at " + Text.getRelativeParent(aclNode.getPath(), 1)); } } else if (N_REPO_POLICY.equals(aclName) && isRepoAccessControlled(accessControlledNode)) { if (permissions.canRead(aclNode.getPrimaryPath(), aclNode.getNodeId())) { acls.add(getACL(accessControlledNode, N_REPO_POLICY, null)); } else { throw new AccessDeniedException( "Access denied at " + Text.getRelativeParent(aclNode.getPath(), 1)); } } // else: not a regular policy node -> ignore. } return acls.toArray(new AccessControlPolicy[acls.size()]); }
public Node getLibraryNode(SlingHttpServletRequest request, HtmlLibrary library) { Node node = null; try { // we want the non-minified version as the root path String cacheRoot = Text.getRelativeParent( (new StringBuilder(CACHE_PATH).append(library.getPath(false))).toString(), 1); String optPath = (new StringBuilder(cacheRoot).append("/").append(getLibraryName(library))).toString(); node = JcrUtils.getNodeIfExists(optPath, getAdminSession()); if (null == node) { // generate empty jcr:data to cache node = createEmptyCache(library, cacheRoot, getAdminSession()); } // lib was modified after last cache write if (!node.hasNode(JcrConstants.JCR_CONTENT) || library.getLastModified(false) > JcrUtils.getLongProperty( node.getNode(JcrConstants.JCR_CONTENT), JcrConstants.JCR_LASTMODIFIED, 0L)) { // generate new binary, if possible node = populateCache(library, node.getPath(), getAdminSession()); } // reassign with user session node = request.getResourceResolver().resolve(node.getPath()).adaptTo(Node.class); } catch (RepositoryException re) { log.debug(re.getMessage()); } finally { getResolver().close(); } return node; }