/**
   * Apply the 'search by role' filter to the lucene query string.
   *
   * @param parametersMap
   * @param filters
   */
  protected void buildSearchByRoleQuery(Map<String, String> parametersMap, List<String> filters) {
    SearchableRole role =
        SearchableRole.valueOf(getSearchParam(parametersMap, REQUEST_PARAMETERS.role.toString()));
    String userid = getSearchParam(parametersMap, REQUEST_PARAMETERS.userid.toString());
    AuthorizableManager authorizableManager = null;
    Session adminSession = null;
    try {
      adminSession = repository.loginAdministrative();
      authorizableManager = adminSession.getAuthorizableManager();
      Authorizable au = authorizableManager.findAuthorizable(userid);
      List<Authorizable> groups = AuthorizableUtil.getUserFacingGroups(au, authorizableManager);
      groups.add(au);

      List<String> groupStrs = new ArrayList<String>(groups.size());
      for (Authorizable memberAuthz : groups) {
        groupStrs.add(ClientUtils.escapeQueryChars(memberAuthz.getId()));
      }

      filters.add(String.format(ROLE_TEMPLATE, role.toString(), JOINER_OR.join(groupStrs)));
      adminSession.logout();
    } catch (ClientPoolException e) {
      throw new RuntimeException(e);
    } catch (StorageClientException e) {
      throw new RuntimeException(e);
    } catch (AccessDeniedException e) {
      throw new RuntimeException(e);
    } finally {
      SparseUtils.logoutQuietly(adminSession);
    }
  }
 /**
  * {@inheritDoc}
  *
  * @see
  *     org.sakaiproject.nakamura.api.personal.PersonalTrackingStore#recordActivity(java.lang.String,
  *     java.lang.String, java.lang.String, java.lang.String, java.util.Date)
  */
 public void recordActivity(
     String resourceId,
     String resourceType,
     String activityType,
     String userId,
     Calendar timestamp) {
   Session session = null;
   try {
     session = repository.loginAdministrative();
     final ContentManager cm = session.getContentManager();
     final String trackingNodePath = "/activity/" + resourceType + "/" + resourceId;
     Content trackingNode = null;
     if (cm.exists(trackingNodePath)) {
       trackingNode = cm.get(trackingNodePath);
     } else {
       trackingNode = new Content(trackingNodePath, new HashMap<String, Object>());
     }
     if (!trackingNode.hasProperty("count")) {
       trackingNode.setProperty("count", BigDecimal.ZERO);
     }
     if (!trackingNode.hasProperty("sling:resourceType")) {
       trackingNode.setProperty("sling:resourceType", "sakai/resource-activity");
     }
     final String generatedNodeName =
         Base64.encodeBase64URLSafeString(asShorterByteArray(UUID.randomUUID()));
     final String activityNodePath = trackingNodePath + "/" + generatedNodeName;
     Content activityNode = null;
     if (cm.exists(activityNodePath)) {
       activityNode = cm.get(activityNodePath);
     } else {
       activityNode = new Content(activityNodePath, new HashMap<String, Object>());
     }
     BigDecimal activityCount = (BigDecimal) trackingNode.getProperty("count");
     activityNode.setProperty("sling:resourceType", "sakai/resource-update");
     trackingNode.setProperty("count", activityCount.add(BigDecimal.ONE));
     activityNode.setProperty("resourceId", resourceId);
     activityNode.setProperty("resourcetype", resourceType);
     activityNode.setProperty("activitytype", activityType);
     activityNode.setProperty("timestamp", timestamp);
     activityNode.setProperty("userid", userId);
     cm.update(activityNode);
     cm.update(trackingNode);
   } catch (AccessDeniedException e) {
     LOG.error(e.getLocalizedMessage(), e);
   } catch (StorageClientException e) {
     LOG.error(e.getLocalizedMessage(), e);
   } finally {
     if (session != null) {
       try {
         session.logout();
       } catch (ClientPoolException e) {
         LOG.error(e.getLocalizedMessage(), e);
         throw new IllegalStateException(e);
       }
     }
   }
 }
 /** Return the administrative session and close it. */
 private void ungetSession(final Session session) {
   if (session != null) {
     try {
       session.logout();
     } catch (Throwable t) {
       LOGGER.error("Unable to log out of session: " + t.getMessage(), t);
     }
   }
 }
 public CreateContentPoolServletTest()
     throws ClientPoolException, StorageClientException, AccessDeniedException,
         ClassNotFoundException {
   MockitoAnnotations.initMocks(this);
   BaseMemoryRepository baseMemoryRepository = new BaseMemoryRepository();
   repository = baseMemoryRepository.getRepository();
   Session session = repository.loginAdministrative();
   AuthorizableManager authorizableManager = session.getAuthorizableManager();
   authorizableManager.createUser("ieb", "Ian Boston", "test", ImmutableMap.of("x", (Object) "y"));
   org.sakaiproject.nakamura.api.lite.authorizable.Authorizable authorizable =
       authorizableManager.findAuthorizable("ieb");
   System.err.println("Got ieb as " + authorizable);
   session.logout();
 }
 public void process(FilterChain chain, Request request, Response response) {
   try {
     chain.process(request, response);
     for (Session s : tracker.get()) {
       LOGGER.debug("Committing {} ", s);
       s.commit();
     }
   } finally {
     Set<Session> sessions = tracker.get();
     for (Session s : sessions) {
       try {
         LOGGER.debug("Logout {} ", s);
         s.logout();
       } catch (ClientPoolException e) {
         LOGGER.error(e.getMessage(), e);
       }
     }
     sessions.clear();
   }
 }
Example #6
0
  /**
   * Writes commentCount of content
   *
   * @param node
   * @param session
   * @param write
   * @throws RepositoryException
   * @throws JSONException
   */
  public static void writeCommentCountProperty(
      Content content,
      org.sakaiproject.nakamura.api.lite.Session session,
      JSONWriter writer,
      Repository repository)
      throws StorageClientException, JSONException {

    int commentCount = 0;
    String COMMENTCOUNT = "commentCount";

    if (content.hasProperty(COMMENTCOUNT)) {
      commentCount = (Integer) content.getProperty(COMMENTCOUNT);
    } else {
      // no commentCount property on Content, then evaluate count and add property
      Content comments = null;
      org.sakaiproject.nakamura.api.lite.Session adminSession = null;
      try {
        comments = session.getContentManager().get(content.getPath() + "/comments");
        if (comments != null) {
          commentCount = Iterables.size(comments.listChildPaths());
        }
        content.setProperty(COMMENTCOUNT, commentCount);
        // save property
        adminSession = repository.loginAdministrative();
        ContentManager adminContentManager = adminSession.getContentManager();
        adminContentManager.update(content);
      } catch (org.sakaiproject.nakamura.api.lite.accesscontrol.AccessDeniedException e) {
        log.error(e.getMessage(), e);
      } finally {
        if (adminSession != null) {
          try {
            adminSession.logout();
          } catch (Exception e) {
            log.error("Could not logout administrative session.");
          }
        }
      }
    }
    writer.key(COMMENTCOUNT);
    writer.value(commentCount);
  }
  @SuppressWarnings("unchecked")
  public void onMessage(Message message) {
    log.debug("Receiving a message on {} : {}", SyncJMSMessageProducer.QUEUE_NAME, message);
    try {

      String topic = message.getJMSType();
      String groupId = (String) message.getStringProperty("path");

      String operation = "UNKNOWN";

      // A group was DELETED
      if ("org/sakaiproject/nakamura/lite/authorizables/DELETE".equals(topic)
          && config.getDeletesEnabled()) {
        Map<String, Object> attributes =
            (Map<String, Object>) message.getObjectProperty(StoreListener.BEFORE_EVENT_PROPERTY);
        grouperManager.deleteGroup(groupId, attributes);
        operation = "DELETED";
      }

      // A new group was ADDED or an existing group was UPDATED
      if ("org/sakaiproject/nakamura/lite/authorizables/ADDED".equals(topic)
          || "org/sakaiproject/nakamura/lite/authorizables/UPDATED".equals(topic)) {
        // These events should be under org/sakaiproject/nakamura/lite/authorizables/UPDATED
        // http://jira.sakaiproject.org/browse/KERN-1795
        String membersAdded =
            (String) message.getStringProperty(GrouperEventUtils.MEMBERS_ADDED_PROP);
        if (membersAdded != null) {
          // membership adds can be attached to the same event for the group add.
          grouperManager.createGroup(groupId, config.getGroupTypes());
          grouperManager.addMemberships(
              groupId, Arrays.asList(StringUtils.split(membersAdded, ",")));
          operation = "ADD_MEMBERS";
        }

        String membersRemoved =
            (String) message.getStringProperty(GrouperEventUtils.MEMBERS_REMOVED_PROP);
        if (membersRemoved != null) {
          grouperManager.removeMemberships(
              groupId, Arrays.asList(StringUtils.split(membersRemoved, ",")));
          operation = "REMOVE_MEMBERS";
        }

        if (membersAdded == null && membersRemoved == null) {
          org.sakaiproject.nakamura.api.lite.Session repositorySession =
              repository.loginAdministrative();
          AuthorizableManager am = repositorySession.getAuthorizableManager();
          Group group = (Group) am.findAuthorizable(groupId);
          repositorySession.logout();

          if (groupId.startsWith(ContactsGrouperNameProviderImpl.CONTACTS_GROUPID_PREFIX)) {
            // TODO Why are we not getting added and removed properties on the Message
            grouperManager.createGroup(groupId, null);
            grouperManager.addMemberships(groupId, Arrays.asList(group.getMembers()));
            operation = "UPDATE CONTACTS";
          } else {
            grouperManager.createGroup(groupId, config.getGroupTypes());
            grouperManager.addMemberships(groupId, Arrays.asList(group.getMembers()));
            operation = "CREATE";
          }
        }
      }

      // The message was processed successfully. No exceptions were thrown.
      // We acknowledge the message and its removed from the queue
      message.acknowledge();

      // We got a message that we didn't know what to do with.
      if (operation.equals("UNKNOWN")) {
        log.error(
            "I don't know what to do with this topic: {}. Turn on debug logs to see the message.",
            topic);
        log.debug(message.toString());
      } else {
        log.info("Successfully processed and acknowledged. {}, {}", operation, groupId);
        log.debug(message.toString());
      }

    } catch (JMSException jmse) {
      log.error("JMSException while processing message.", jmse);
    } catch (Exception e) {
      log.error("Exception while processing message.", e);
    }
  }
  /**
   * Manipulate the member list for this file.
   *
   * <p>{@inheritDoc}
   *
   * @see
   *     org.apache.sling.api.servlets.SlingAllMethodsServlet#doPost(org.apache.sling.api.SlingHttpServletRequest,
   *     org.apache.sling.api.SlingHttpServletResponse)
   */
  @SuppressWarnings("unchecked")
  @Override
  protected void doPost(SlingHttpServletRequest request, SlingHttpServletResponse response)
      throws ServletException, IOException {
    // fail if anonymous
    String remoteUser = request.getRemoteUser();
    if (User.ANON_USER.equals(remoteUser)) {
      response.sendError(SC_FORBIDDEN, "Anonymous users cannot update content members.");
      return;
    }
    Session session = null;
    boolean releaseSession = false;
    try {
      Resource resource = request.getResource();
      session = resource.adaptTo(Session.class);
      Content pooledContent = resource.adaptTo(Content.class);
      AccessControlManager accessControlManager = session.getAccessControlManager();
      AuthorizableManager authorizableManager = session.getAuthorizableManager();
      User thisUser = authorizableManager.getUser();
      if (!accessControlManager.can(
          thisUser, Security.ZONE_CONTENT, pooledContent.getPath(), Permissions.CAN_READ)) {
        response.sendError(SC_FORBIDDEN, "Insufficient permission to read this content.");
      }

      Map<String, Object> properties = pooledContent.getProperties();
      String[] managers =
          StorageClientUtils.nonNullStringArray(
              (String[]) properties.get(POOLED_CONTENT_USER_MANAGER));
      String[] editors =
          StorageClientUtils.nonNullStringArray(
              (String[]) properties.get(POOLED_CONTENT_USER_EDITOR));
      String[] viewers =
          StorageClientUtils.nonNullStringArray(
              (String[]) properties.get(POOLED_CONTENT_USER_VIEWER));

      Set<String> managerSet = Sets.newHashSet(managers);
      Set<String> editorSet = Sets.newHashSet(editors);
      Set<String> viewerSet = Sets.newHashSet(viewers);

      List<String> removeViewers =
          Arrays.asList(
              StorageClientUtils.nonNullStringArray(request.getParameterValues(":viewer@Delete")));
      List<String> removeManagers =
          Arrays.asList(
              StorageClientUtils.nonNullStringArray(request.getParameterValues(":manager@Delete")));
      List<String> removeEditors =
          Arrays.asList(
              StorageClientUtils.nonNullStringArray(request.getParameterValues(":editor@Delete")));
      List<String> addViewers =
          Arrays.asList(
              StorageClientUtils.nonNullStringArray(request.getParameterValues(":viewer")));
      List<String> addManagers =
          Arrays.asList(
              StorageClientUtils.nonNullStringArray(request.getParameterValues(":manager")));
      List<String> addEditors =
          Arrays.asList(
              StorageClientUtils.nonNullStringArray(request.getParameterValues(":editor")));

      if (!accessControlManager.can(
          thisUser, Security.ZONE_CONTENT, pooledContent.getPath(), Permissions.CAN_WRITE)) {
        if (!addManagers.isEmpty()) {
          response.sendError(SC_FORBIDDEN, "Non-managers may not add managers to content.");
          return;
        }

        for (String name : removeManagers) {
          // asking to remove managers who don't exist is harmless
          if (managerSet.contains(name)) {
            response.sendError(SC_FORBIDDEN, "Non-managers may not remove managers from content.");
            return;
          }
        }

        if (addViewers.contains(User.ANON_USER) || addViewers.contains(Group.EVERYONE)) {
          response.sendError(
              SC_FORBIDDEN, "Non-managers may not add 'anonymous' or 'everyone' as viewers.");
          return;
        }

        if (addEditors.contains(User.ANON_USER) || addEditors.contains(Group.EVERYONE)) {
          response.sendError(
              SC_FORBIDDEN, "Non-managers may not add 'anonymous' or 'everyone' as editors.");
          return;
        }

        for (String name : removeViewers) {
          if (!thisUser.getId().equals(name)) {
            Authorizable viewer = authorizableManager.findAuthorizable(name);
            if (viewer != null
                && !accessControlManager.can(
                    thisUser, Security.ZONE_AUTHORIZABLES, name, Permissions.CAN_WRITE)) {
              response.sendError(
                  SC_FORBIDDEN,
                  "Non-managers may not remove any viewer other than themselves or a group which they manage.");
            }
          }
        }

        // the request has passed all the rules that govern non-manager users
        // so we'll grant an administrative session
        session = session.getRepository().loginAdministrative();
        releaseSession = true;
      }
      List<AclModification> aclModifications = Lists.newArrayList();

      for (String addManager : addManagers) {
        if ((addManager.length() > 0) && !managerSet.contains(addManager)) {
          managerSet.add(addManager);
          AclModification.addAcl(true, Permissions.CAN_MANAGE, addManager, aclModifications);
        }
      }

      for (String removeManager : removeManagers) {
        if ((removeManager.length() > 0) && managerSet.contains(removeManager)) {
          managerSet.remove(removeManager);
          AclModification.removeAcl(true, Permissions.CAN_MANAGE, removeManager, aclModifications);
        }
      }

      for (String addEditor : addEditors) {
        if ((addEditor.length() > 0) && !editorSet.contains(addEditor)) {
          editorSet.add(addEditor);
          AclModification.addAcl(true, PERMISSION_EDITOR, addEditor, aclModifications);
        }
      }

      for (String removeEditor : removeEditors) {
        if ((removeEditor.length() > 0) && editorSet.contains(removeEditor)) {
          editorSet.remove(removeEditor);
          AclModification.removeAcl(true, PERMISSION_EDITOR, removeEditor, aclModifications);
        }
      }

      for (String addViewer : addViewers) {
        if ((addViewer.length() > 0) && !viewerSet.contains(addViewer)) {
          viewerSet.add(addViewer);
          AclModification.addAcl(true, Permissions.CAN_READ, addViewer, aclModifications);
        }
      }

      for (String removeViewer : removeViewers) {
        removeViewer = removeViewer.trim();
        if ((removeViewer.length() > 0) && viewerSet.contains(removeViewer)) {
          viewerSet.remove(removeViewer);
          if (!managerSet.contains(removeViewer)) {
            AclModification.removeAcl(true, Permissions.CAN_READ, removeViewer, aclModifications);
          }
        }
      }

      updateContentMembers(session, pooledContent, viewerSet, managerSet, editorSet);
      updateContentAccess(session, pooledContent, aclModifications);

      this.authorizableCountChanger.notify(
          UserConstants.CONTENT_ITEMS_PROP,
          addViewers,
          addEditors,
          addManagers,
          removeViewers,
          removeEditors,
          removeManagers);

      response.setStatus(SC_OK);

    } catch (StorageClientException e) {
      LOGGER.error(e.getMessage());
      response.sendError(
          SC_INTERNAL_SERVER_ERROR, "StorageClientException: " + e.getLocalizedMessage());
    } catch (AccessDeniedException e) {
      response.sendError(
          SC_FORBIDDEN,
          "Insufficient permission to update content members at " + request.getRequestURI());
    } finally {
      if (session != null && releaseSession) {
        try {
          session.logout();
        } catch (ClientPoolException e) {
          LOGGER.error(e.getMessage());
        }
      }
    }
  }