/** @see AbstractAccessControlManager#checkValidNodePath(String) */
@Override
protected void checkValidNodePath(String absPath)
throws PathNotFoundException, RepositoryException {
Path p = getPath(absPath);
if (p != null) {
if (!p.isAbsolute()) {
throw new RepositoryException("Absolute path expected.");
}
if (hierMgr.resolveNodePath(p) == null) {
throw new PathNotFoundException("No such node " + absPath);
}
}
}
/** @see AccessManager#isGranted(Path, int) */
public boolean isGranted(Path absPath, int permissions) throws RepositoryException {
checkInitialized();
if (!absPath.isAbsolute()) {
throw new RepositoryException("Absolute path expected");
}
return compiledPermissions.grants(absPath, permissions);
}
@Override
public boolean canRead(Path itemPath, ItemId itemId) throws RepositoryException {
if ((itemId != null && "cafebabe-cafe-babe-cafe-babecafebabe".equals(itemId.toString()))
|| (itemPath != null && "/".equals(itemPath.toString()))) {
// quick check - allow access to root to all like in old mgnl security
return true;
}
if (itemPath == null) {
// we deal only with permissions on nodes
if (!itemId.denotesNode()) {
itemId = ((PropertyId) itemId).getParentId();
}
synchronized (monitor) {
if (readCache.containsKey(itemId)) {
return readCache.get(itemId);
}
itemPath = session.getHierarchyManager().getPath(itemId);
boolean canRead = canRead(itemPath, itemId);
readCache.put(itemId, canRead);
return canRead;
}
}
String path = pathResolver.getJCRPath(itemPath);
log.debug("Read request for " + path + " :: " + itemId);
return ami.isGranted(path, Permission.READ);
}
/**
* {@inheritDoc}
*
* <p>The outer query hits loop contains the ancestor nodes.
*/
public ScoreNode[][] getMatchingScoreNodes(ScoreNode ancestor) throws IOException {
try {
Path ancestorPath = hmgr.getPath(ancestor.getNodeId());
PathBuilder builder = new PathBuilder(ancestorPath);
builder.addAll(relPath.getElements());
return contextIndex.getScoreNodes(builder.getPath().getNormalizedPath());
} catch (RepositoryException e) {
// ignore, probably does not exist anymore
return null;
}
}
public static final ParsedFacet getInstance(
String facetNameConfig, String facetNodeName, HippoVirtualProvider provider)
throws Exception {
String cacheKey = facetNameConfig + '\uFFFF' + facetNodeName;
ParsedFacet pf = sharedCache.get(cacheKey);
if (pf == null) {
pf = new ParsedFacet(facetNameConfig, facetNodeName, provider);
sharedCache.put(cacheKey, pf);
} else {
// we need to check if the namespace did not bump or change. IF so, we evict this item from
// cache.
Path currentQName = provider.resolvePath(pf.jcrPropertyName);
// if the currentQName is equal to pf.namespacedProperty , there was no namespace bumb and we
// can return pf
if (!currentQName.toString().equals(pf.namespacedProperty)) {
pf = new ParsedFacet(facetNameConfig, facetNodeName, provider);
sharedCache.put(cacheKey, pf);
}
}
return pf;
}
public ParsedFacet(String facetNameConfig, String facetNodeName, HippoVirtualProvider provider)
throws Exception {
displayFacetName = facetNameConfig;
boolean mapped = false;
// jcrPropertyName is format: prefix:localname
jcrPropertyName = facetNameConfig;
if (facetNodeName != null && !"".equals(facetNodeName)) {
displayFacetName = facetNodeName;
mapped = true;
}
if (facetNameConfig.indexOf("$[") > -1) {
try {
rangeConfig = facetNameConfig.substring(facetNameConfig.indexOf("$[") + 1);
JSONArray jsonArray = JSONArray.fromObject(rangeConfig);
facetRanges = (List<FacetRange>) JSONArray.toCollection(jsonArray, FacetRange.class);
jcrPropertyName = facetNameConfig.substring(0, facetNameConfig.indexOf("$["));
if (!mapped) {
displayFacetName = jcrPropertyName;
}
validate(facetRanges);
} catch (IllegalArgumentException e) {
throw (e);
} catch (Exception e) {
throw new Exception(
"Malformed facet range configuration '"
+ facetNameConfig
+ "'. Valid format is for example '"
+ VALID_RANGE_EXAMPLE
+ "'",
e);
}
}
Path qName = provider.resolvePath(jcrPropertyName);
this.namespacedProperty = qName.toString();
if (facetRanges != null) {
for (FacetRange range : facetRanges) {
range.setNamespacedProperty(namespacedProperty);
}
}
}
/** @see org.apache.jackrabbit.core.security.authorization.AccessControlUtils#isAcItem(Path) */
public boolean isAcItem(Path absPath) throws RepositoryException {
Path.Element[] elems = absPath.getElements();
// start looking for a rep:policy name starting from the last element.
// NOTE: with the current content structure max. 3 levels must be looked
// at as the rep:policy node may only have ACE nodes with properties.
if (elems.length > 1) {
for (int index = elems.length - 1, j = 1; index >= 0 && j <= 3; index--, j++) {
if (N_POLICY.equals(elems[index].getName())) {
return true;
}
}
}
return false;
}
