private static boolean canReplicate(String path, Session session) throws RepositoryException {
   AccessControlManager acMgr = session.getAccessControlManager();
   return session
       .getAccessControlManager()
       .hasPrivileges(
           path, new Privilege[] {acMgr.privilegeFromName(Replicator.REPLICATE_PRIVILEGE)});
 }
  protected RepositoryFileAcl internalUpdateAcl(
      final Session session,
      final PentahoJcrConstants pentahoJcrConstants,
      final Serializable fileId,
      final RepositoryFileAcl acl)
      throws RepositoryException {
    Node node = session.getNodeByIdentifier(fileId.toString());
    if (node == null) {
      throw new RepositoryException(
          Messages.getInstance()
              .getString(
                  "JackrabbitRepositoryFileAclDao.ERROR_0001_NODE_NOT_FOUND",
                  fileId.toString())); // $NON-NLS-1$
    }
    String absPath = node.getPath();
    AccessControlManager acMgr = session.getAccessControlManager();
    AccessControlList acList = getAccessControlList(acMgr, absPath);

    // clear all entries
    AccessControlEntry[] acEntries = acList.getAccessControlEntries();
    for (int i = 0; i < acEntries.length; i++) {
      acList.removeAccessControlEntry(acEntries[i]);
    }

    JcrRepositoryFileAclUtils.setAclMetadata(
        session,
        absPath,
        acList,
        new AclMetadata(acl.getOwner().getName(), acl.isEntriesInheriting()));

    // add entries to now empty list but only if not inheriting; force user to start with clean
    // slate
    if (!acl.isEntriesInheriting()) {
      for (RepositoryFileAce ace : acl.getAces()) {
        Principal principal = null;
        if (RepositoryFileSid.Type.ROLE == ace.getSid().getType()) {
          principal = new SpringSecurityRolePrincipal(ace.getSid().getName());
        } else {
          principal = new SpringSecurityUserPrincipal(ace.getSid().getName());
        }
        acList.addAccessControlEntry(
            principal,
            permissionConversionHelper.pentahoPermissionsToPrivileges(
                session, ace.getPermissions()));
      }
    }
    acMgr.setPolicy(absPath, acList);
    session.save();
    return getAcl(fileId);
  }
  private RepositoryFileAcl toAcl(
      final Session session, final PentahoJcrConstants pentahoJcrConstants, final Serializable id)
      throws RepositoryException {

    Node node = session.getNodeByIdentifier(id.toString());
    if (node == null) {
      throw new RepositoryException(
          Messages.getInstance()
              .getString(
                  "JackrabbitRepositoryFileAclDao.ERROR_0001_NODE_NOT_FOUND",
                  id.toString())); // $NON-NLS-1$
    }
    String absPath = node.getPath();
    AccessControlManager acMgr = session.getAccessControlManager();
    AccessControlList acList = getAccessControlList(acMgr, absPath);

    RepositoryFileSid owner = null;
    String ownerString = getOwner(session, absPath, acList);

    if (ownerString != null) {
      // for now, just assume all owners are users; only has UI impact
      owner =
          new RepositoryFileSid(
              JcrTenantUtils.getUserNameUtils().getPrincipleName(ownerString),
              RepositoryFileSid.Type.USER);
    }

    RepositoryFileAcl.Builder aclBuilder = new RepositoryFileAcl.Builder(id, owner);

    aclBuilder.entriesInheriting(isEntriesInheriting(session, absPath, acList));

    List<AccessControlEntry> cleanedAcEntries =
        JcrRepositoryFileAclUtils.removeAclMetadata(
            Arrays.asList(acList.getAccessControlEntries()));

    for (AccessControlEntry acEntry : cleanedAcEntries) {
      if (!acEntry
          .getPrincipal()
          .equals(
              new SpringSecurityRolePrincipal(
                  JcrTenantUtils.getTenantedRole(tenantAdminAuthorityName)))) {
        aclBuilder.ace(toAce(session, acEntry));
      }
    }
    return aclBuilder.build();
  }
  protected void createUserHome(String userId) {
    LOG.log(Level.FINE, "Checking home folders for {0}", userId);
    try {
      if (repo == null) {
        LOG.log(Level.FINE, "Repo is null. Exiting");
        return;
      }

      Session sess = this.repo.login(new SimpleCredentials("admin", new char[0]));

      String userRoot = "/users/_" + HttpUtils.generateId(userId);
      String[] folders =
          new String[] {
            userRoot + "/Inbox",
            userRoot + "/Drafts",
            userRoot + "/Trash",
            userRoot + "/Sent",
            userRoot + "/Archive"
          };

      boolean needCreate = false;
      for (String fld : folders) {
        if (!sess.nodeExists(fld)) {
          needCreate = true;
          break;
        }
      }

      if (!needCreate) {
        sess.logout();
        return;
      }

      for (String fld : folders) {
        if (!sess.nodeExists(fld)) {
          JcrUtils.getOrCreateByPath(fld, NodeType.NT_FOLDER, sess);
        }
      }
      sess.save();

      AccessControlManager aMgr = sess.getAccessControlManager();
      // create a privilege set with jcr:all
      Privilege[] privileges = new Privilege[] {aMgr.privilegeFromName(Privilege.JCR_ALL)};
      AccessControlList acl;
      try {
        // get first applicable policy (for nodes w/o a policy)
        acl = (AccessControlList) aMgr.getApplicablePolicies(userRoot).nextAccessControlPolicy();
      } catch (NoSuchElementException e) {
        // else node already has a policy, get that one
        acl = (AccessControlList) aMgr.getPolicies(userRoot)[0];
      }

      // remove all existing entries
      for (AccessControlEntry e : acl.getAccessControlEntries()) {
        acl.removeAccessControlEntry(e);
      }

      // add a new one for a principal
      acl.addAccessControlEntry(new PrincipalImpl(userId), privileges);

      // the policy must be re-set
      aMgr.setPolicy(userRoot, acl);
      sess.save();
      sess.logout();
      LOG.log(Level.FINE, "Home folders created for {0}", userId);
    } catch (Exception e) {
      LOG.log(Level.FINE, null, e);
    }
  }
  protected RepositoryFileAcl internalUpdateAcl(
      final Session session,
      final PentahoJcrConstants pentahoJcrConstants,
      final Serializable fileId,
      final RepositoryFileAcl acl)
      throws RepositoryException {
    if (isKioskEnabled()) {
      throw new RuntimeException(
          Messages.getInstance()
              .getString("JcrRepositoryFileDao.ERROR_0006_ACCESS_DENIED")); // $NON-NLS-1$
    }

    DefaultPermissionConversionHelper permissionConversionHelper =
        new DefaultPermissionConversionHelper(session);
    Node node = session.getNodeByIdentifier(fileId.toString());
    if (node == null) {
      throw new RepositoryException(
          Messages.getInstance()
              .getString(
                  "JackrabbitRepositoryFileAclDao.ERROR_0001_NODE_NOT_FOUND",
                  fileId.toString())); // $NON-NLS-1$
    }
    String absPath = node.getPath();
    AccessControlManager acMgr = session.getAccessControlManager();
    AccessControlList acList = getAccessControlList(acMgr, absPath);

    // clear all entries
    AccessControlEntry[] acEntries = acList.getAccessControlEntries();
    for (int i = 0; i < acEntries.length; i++) {
      acList.removeAccessControlEntry(acEntries[i]);
    }

    JcrRepositoryFileAclUtils.setAclMetadata(
        session,
        absPath,
        acList,
        new AclMetadata(acl.getOwner().getName(), acl.isEntriesInheriting()));

    // add entries to now empty list but only if not inheriting; force user to start with clean
    // slate
    boolean adminPrincipalExist = false;
    ITenant principalTenant = null;
    if (!acl.isEntriesInheriting()) {
      for (RepositoryFileAce ace : acl.getAces()) {
        Principal principal = null;
        if (RepositoryFileSid.Type.ROLE == ace.getSid().getType()) {
          String principalName =
              JcrTenantUtils.getRoleNameUtils().getPrincipleName(ace.getSid().getName());
          if (tenantAdminAuthorityName.equals(principalName)) {
            adminPrincipalExist = true;
          }
          principal =
              new SpringSecurityRolePrincipal(
                  JcrTenantUtils.getTenantedRole(ace.getSid().getName()));
        } else {
          principal =
              new SpringSecurityUserPrincipal(
                  JcrTenantUtils.getTenantedUser(ace.getSid().getName()));
        }
        acList.addAccessControlEntry(
            principal,
            permissionConversionHelper.pentahoPermissionsToPrivileges(
                session, ace.getPermissions()));
      }
      if (!adminPrincipalExist) {
        if (acl.getAces() != null && acl.getAces().size() > 0) {
          principalTenant =
              JcrTenantUtils.getRoleNameUtils().getTenant(acl.getAces().get(0).getSid().getName());
        }

        if (principalTenant == null || principalTenant.getId() == null) {
          principalTenant = JcrTenantUtils.getTenant();
        }

        List<RepositoryFilePermission> permissionList = new ArrayList<RepositoryFilePermission>();
        permissionList.add(RepositoryFilePermission.ALL);
        Principal adminPrincipal =
            new SpringSecurityRolePrincipal(
                JcrTenantUtils.getRoleNameUtils()
                    .getPrincipleId(principalTenant, tenantAdminAuthorityName));
        acList.addAccessControlEntry(
            adminPrincipal,
            permissionConversionHelper.pentahoPermissionsToPrivileges(
                session, EnumSet.copyOf(permissionList)));
      }
    }
    acMgr.setPolicy(absPath, acList);
    session.save();
    return getAcl(fileId);
  }