public static boolean createLink(
Content content, String link, org.sakaiproject.nakamura.api.lite.Session session)
throws org.sakaiproject.nakamura.api.lite.accesscontrol.AccessDeniedException,
StorageClientException {
String userId = session.getUserId();
if (User.ANON_USER.equals(userId)) {
throw new org.sakaiproject.nakamura.api.lite.accesscontrol.AccessDeniedException(
Security.ZONE_CONTENT, link, "Cant create a link", userId);
}
ContentManager contentManager = session.getContentManager();
Content linkNode = contentManager.get(link);
if (linkNode == null) {
linkNode =
new Content(
link,
ImmutableMap.of(
JcrResourceConstants.SLING_RESOURCE_TYPE_PROPERTY,
(Object) RT_SAKAI_LINK,
SAKAI_LINK,
content.getPath()));
} else {
linkNode.setProperty(JcrResourceConstants.SLING_RESOURCE_TYPE_PROPERTY, RT_SAKAI_LINK);
linkNode.setProperty(SAKAI_LINK, content.getPath());
}
contentManager.update(linkNode);
return true;
}
private void addDefaultFields(SolrInputDocument doc, RepositorySession repositorySession)
throws StorageClientException {
Object o = doc.getFieldValue(_DOC_SOURCE_OBJECT);
if (o instanceof Content) {
Content content = (Content) o;
boolean writeReaders = true;
Object suppressReadersValue = doc.getFieldValue(FIELD_SUPPRESS_READERS);
if (suppressReadersValue instanceof String) {
if (FIELD_SUPPRESS_READERS.equals(suppressReadersValue)) {
writeReaders = false;
doc.removeField(FIELD_SUPPRESS_READERS);
}
}
if (writeReaders) {
String[] principals =
getReadingPrincipals(repositorySession, Security.ZONE_CONTENT, content.getPath());
for (String principal : principals) {
doc.addField(FIELD_READERS, principal);
}
} else {
doc.removeField(FIELD_READERS);
}
if (content.hasProperty(SLING_RESOURCE_TYPE)) {
doc.setField(FIELD_RESOURCE_TYPE, content.getProperty(SLING_RESOURCE_TYPE));
}
String path = content.getPath();
// we don't overwrite the id field if it has been provided
if (!doc.getFieldNames().contains(FIELD_ID)) {
doc.setField(FIELD_ID, path);
}
while (path != null) {
doc.addField(FIELD_PATH, path);
String newPath = Utils.getParentPath(path);
if (path.equals(newPath)) {
break;
}
path = newPath;
}
doc.removeField(_DOC_SOURCE_OBJECT);
} else {
TelemetryCounter.incrementValue("solr", "SparseIndexingServiceImpl", "docMissingSource");
LOGGER.error(
"Note to Developer: Indexer must add the _source fields so that the default fields can be set, please correct, SolrDoc was {} ",
doc);
throw new StorageClientException(
_DOC_SOURCE_OBJECT
+ " fields was missing from Solr Document, please correct the handler implementation");
}
}
/**
* {@inheritDoc}
*
* @see
* org.sakaiproject.nakamura.api.message.LiteMessageTransport#send(org.sakaiproject.nakamura.api.message.MessageRoutes,
* org.osgi.service.event.Event, org.sakaiproject.nakamura.api.lite.content.Content)
*/
public void send(MessageRoutes routes, Event event, Content message) {
LOGGER.debug("Started handling an email message");
// delay list instantiation to save object creation when not needed.
List<String> recipients = null;
for (MessageRoute route : routes) {
if (TYPE.equals(route.getTransport())) {
if (recipients == null) {
recipients = new ArrayList<String>();
}
recipients.add(route.getRcpt());
}
}
if (recipients != null) {
Properties props = new Properties();
if (event != null) {
for (String propName : event.getPropertyNames()) {
Object propValue = event.getProperty(propName);
props.put(propName, propValue);
}
}
// make the message deliver to one listener, that means the desination must be a queue.
props.put(EventDeliveryConstants.DELIVERY_MODE, EventDeliveryMode.P2P);
// make the message persistent to survive restarts.
props.put(EventDeliveryConstants.MESSAGE_MODE, EventMessageMode.PERSISTENT);
props.put(LiteOutgoingEmailMessageListener.RECIPIENTS, recipients);
props.put(LiteOutgoingEmailMessageListener.CONTENT_PATH_PROPERTY, message.getPath());
Event emailEvent = new Event(LiteOutgoingEmailMessageListener.QUEUE_NAME, (Map) props);
LOGGER.debug("Sending event [" + emailEvent + "]");
eventAdmin.postEvent(emailEvent);
}
}
private static void writePermissions(
Content content, org.sakaiproject.nakamura.api.lite.Session session, JSONWriter writer)
throws StorageClientException, JSONException {
if (content == null) {
log.warn("Can't output permissions of null content.");
return;
}
AccessControlManager acm = session.getAccessControlManager();
String path = content.getPath();
writer.key("permissions");
writer.object();
writer.key("set_property");
// TODO does CAN_WRITE == set_property -CFH : yes, ieb
// TODO: make this a bit more efficient, checking permissions one by one is going to rely on
// caching to make it efficient. It would be better to get the permissions bitmap and then
// check it to see what has been set. That might require a niew methods in the
// AccessControl
// manager API.
writer.value(hasPermission(acm, path, Permissions.CAN_WRITE));
writer.key("read");
writer.value(hasPermission(acm, path, Permissions.CAN_READ));
writer.key("remove");
writer.value(hasPermission(acm, path, Permissions.CAN_DELETE));
writer.endObject();
}
private void writeCommentCountProperty(JSONWriter write, Session session, Content contentResult)
throws StorageClientException, JSONException, AccessDeniedException {
ContentManager contentManager = session.getContentManager();
Content comments = contentManager.get(contentResult.getPath() + "/" + "comments");
long commentCount = 0;
if (comments != null) {
for (@SuppressWarnings("unused") Content comment : comments.listChildren()) {
commentCount++;
}
}
write.key("commentCount");
write.value(commentCount);
}
private void updateContentAccess(
Session session, Content content, List<AclModification> aclModifications)
throws StorageClientException, AccessDeniedException {
LOGGER.debug(
"ACL Modifications {}",
Arrays.toString(aclModifications.toArray(new AclModification[aclModifications.size()])));
session
.getAccessControlManager()
.setAcl(
Security.ZONE_CONTENT,
content.getPath(),
aclModifications.toArray(new AclModification[aclModifications.size()]));
}
private void addDefaultFields(SolrInputDocument doc, RepositorySession repositorySession)
throws StorageClientException {
Object o = doc.getFieldValue(_DOC_SOURCE_OBJECT);
if (o instanceof Content) {
Content content = (Content) o;
String[] principals =
getReadingPrincipals(repositorySession, Security.ZONE_CONTENT, content.getPath());
for (String principal : principals) {
doc.addField(FIELD_READERS, principal);
}
if (content.hasProperty("sling:resourceType")) {
doc.setField(FIELD_RESOURCE_TYPE, content.getProperty("sling:resourceType"));
}
String path = content.getPath();
// we don't overwrite the id field if it has been provided
if (!doc.getFieldNames().contains(FIELD_ID)) {
doc.setField(FIELD_ID, path);
}
while (path != null) {
doc.addField(FIELD_PATH, path);
String newPath = Utils.getParentPath(path);
if (path.equals(newPath)) {
break;
}
path = newPath;
}
doc.removeField(_DOC_SOURCE_OBJECT);
} else {
LOGGER.error(
"Note to Developer: Indexer must add the _source fields so that the default fields can be set, please correct, SolrDoc was {} ",
doc);
throw new StorageClientException(
_DOC_SOURCE_OBJECT
+ " fields was missing from Solr Document, please correct the handler implementation");
}
}
/**
* Writes comments of content
*
* @param node
* @param session
* @param write
* @throws RepositoryException
* @throws JSONException
*/
public static void writeComments(
Content content, org.sakaiproject.nakamura.api.lite.Session session, JSONWriter writer)
throws StorageClientException, JSONException {
if (content == null) {
log.warn("Can't output comments of null content.");
return;
}
writer.key("comments");
writer.object();
Content commentContent = null;
try {
commentContent = session.getContentManager().get(content.getPath() + "/comments");
ExtendedJSONWriter.writeContentTreeToWriter(writer, commentContent, true, 2);
} catch (org.sakaiproject.nakamura.api.lite.accesscontrol.AccessDeniedException e) {
writer.value(false);
} finally {
writer.endObject();
}
}
private void scheduleRetry(int errorCode, Content contentNode) {
// All retry-able SMTP errors should have codes starting with 4
if ((errorCode / 100) == 4) {
long retryCount = 0;
if (contentNode.hasProperty(MessageConstants.PROP_SAKAI_RETRY_COUNT)) {
retryCount =
StorageClientUtils.toLong(
contentNode.getProperty(MessageConstants.PROP_SAKAI_RETRY_COUNT));
}
if (retryCount < maxRetries) {
Job job =
new Job() {
public void execute(JobContext jc) {
Map<String, Serializable> config = jc.getConfiguration();
Properties eventProps = new Properties();
eventProps.put(NODE_PATH_PROPERTY, config.get(NODE_PATH_PROPERTY));
Event retryEvent = new Event(QUEUE_NAME, eventProps);
eventAdmin.postEvent(retryEvent);
}
};
HashMap<String, Serializable> jobConfig = new HashMap<String, Serializable>();
jobConfig.put(NODE_PATH_PROPERTY, contentNode.getPath());
int retryIntervalMillis = retryInterval * 60000;
Date nextTry = new Date(System.currentTimeMillis() + (retryIntervalMillis));
try {
scheduler.fireJobAt(null, job, jobConfig, nextTry);
} catch (Exception e) {
LOGGER.error(e.getMessage(), e);
}
} else {
setError(contentNode, "Unable to send message, exhausted SMTP retries.");
}
} else {
LOGGER.warn("Not scheduling a retry for error code not of the form 4xx.");
}
}
/**
* Writes commentCount of content
*
* @param node
* @param session
* @param write
* @throws RepositoryException
* @throws JSONException
*/
public static void writeCommentCountProperty(
Content content,
org.sakaiproject.nakamura.api.lite.Session session,
JSONWriter writer,
Repository repository)
throws StorageClientException, JSONException {
int commentCount = 0;
String COMMENTCOUNT = "commentCount";
if (content.hasProperty(COMMENTCOUNT)) {
commentCount = (Integer) content.getProperty(COMMENTCOUNT);
} else {
// no commentCount property on Content, then evaluate count and add property
Content comments = null;
org.sakaiproject.nakamura.api.lite.Session adminSession = null;
try {
comments = session.getContentManager().get(content.getPath() + "/comments");
if (comments != null) {
commentCount = Iterables.size(comments.listChildPaths());
}
content.setProperty(COMMENTCOUNT, commentCount);
// save property
adminSession = repository.loginAdministrative();
ContentManager adminContentManager = adminSession.getContentManager();
adminContentManager.update(content);
} catch (org.sakaiproject.nakamura.api.lite.accesscontrol.AccessDeniedException e) {
log.error(e.getMessage(), e);
} finally {
if (adminSession != null) {
try {
adminSession.logout();
} catch (Exception e) {
log.error("Could not logout administrative session.");
}
}
}
}
writer.key(COMMENTCOUNT);
writer.value(commentCount);
}
/**
* {@inheritDoc} This post processor is only interested in posts to messages, so it should iterate
* rapidly through all messages.
*
* @see
* org.apache.sling.servlets.post.SlingPostProcessor#process(org.apache.sling.api.SlingHttpServletRequest,
* java.util.List)
*/
public void process(SlingHttpServletRequest request, List<Modification> changes)
throws Exception {
Resource resource = request.getResource();
ResourceResolver resourceResolver = request.getResourceResolver();
if (SparseContentResource.SPARSE_CONTENT_RT.equals(resource.getResourceSuperType())) {
Session session = resource.adaptTo(Session.class);
ContentManager contentManager = session.getContentManager();
Map<Content, String> messageMap = new HashMap<Content, String>();
for (Modification m : changes) {
try {
switch (m.getType()) {
case CREATE:
case MODIFY:
String path = m.getSource();
if (path.lastIndexOf("@") > 0) {
path = path.substring(0, path.lastIndexOf("@"));
}
if (path.endsWith("/" + MessageConstants.PROP_SAKAI_MESSAGEBOX)) {
path =
path.substring(
0, path.length() - MessageConstants.PROP_SAKAI_MESSAGEBOX.length() - 1);
}
// The Modification Source is the Resource path, and so we
// need to translate that into a Content path.
// TODO This is not a cheap operation. We might be better off
// if we start including the Content path in our Modification objects.
Resource modifiedResource = resourceResolver.getResource(path);
if (modifiedResource == null) {
return;
}
Content content = modifiedResource.adaptTo(Content.class);
String contentPath = content.getPath();
if (contentManager.exists(contentPath)) {
content = contentManager.get(contentPath);
if (content.hasProperty(SLING_RESOURCE_TYPE_PROPERTY)
&& content.hasProperty(PROP_SAKAI_MESSAGEBOX)) {
if (SAKAI_MESSAGE_RT.equals(content.getProperty(SLING_RESOURCE_TYPE_PROPERTY))
&& BOX_OUTBOX.equals(content.getProperty(PROP_SAKAI_MESSAGEBOX))) {
String sendstate;
if (content.hasProperty(PROP_SAKAI_SENDSTATE)) {
sendstate = (String) content.getProperty(PROP_SAKAI_SENDSTATE);
} else {
sendstate = STATE_NONE;
}
messageMap.put(content, sendstate);
}
}
}
break;
}
} catch (StorageClientException ex) {
LOGGER.warn("Failed to process on create for {} ", m.getSource(), ex);
} catch (AccessDeniedException ex) {
LOGGER.warn("Failed to process on create for {} ", m.getSource(), ex);
}
}
List<String> handledNodes = new ArrayList<String>();
// Check if we have any nodes that have a pending state and launch an OSGi
// event
for (Entry<Content, String> mm : messageMap.entrySet()) {
Content content = mm.getKey();
String path = content.getPath();
String state = mm.getValue();
if (!handledNodes.contains(path)) {
if (STATE_NONE.equals(state) || STATE_PENDING.equals(state)) {
content.setProperty(PROP_SAKAI_SENDSTATE, STATE_NOTIFIED);
contentManager.update(content);
Dictionary<String, Object> messageDict = new Hashtable<String, Object>();
// WARNING
// We can't pass in the node, because the session might expire before the event gets
// handled
// This does mean that the listener will have to get the node each time, and probably
// create a new session for each message
// This might be heavy on performance.
messageDict.put(EVENT_LOCATION, path);
messageDict.put(UserConstants.EVENT_PROP_USERID, request.getRemoteUser());
LOGGER.debug("Launched event for message: {} ", path);
Event pendingMessageEvent = new Event(PENDINGMESSAGE_EVENT, messageDict);
// KERN-790: Initiate a synchronous event.
try {
eventAdmin.postEvent(pendingMessageEvent);
handledNodes.add(path);
} catch (Exception e) {
LOGGER.warn("Failed to post message dispatch event, cause {} ", e.getMessage(), e);
}
}
}
}
}
}
private MultiPartEmail constructMessage(
Content contentNode,
List<String> recipients,
javax.jcr.Session session,
org.sakaiproject.nakamura.api.lite.Session sparseSession)
throws EmailDeliveryException, StorageClientException, AccessDeniedException,
PathNotFoundException, RepositoryException {
MultiPartEmail email = new MultiPartEmail();
// TODO: the SAKAI_TO may make no sense in an email context
// and there does not appear to be any distinction between Bcc and To in java mail.
Set<String> toRecipients = new HashSet<String>();
Set<String> bccRecipients = new HashSet<String>();
for (String r : recipients) {
bccRecipients.add(convertToEmail(r.trim(), sparseSession));
}
if (contentNode.hasProperty(MessageConstants.PROP_SAKAI_TO)) {
String[] tor =
StringUtils.split((String) contentNode.getProperty(MessageConstants.PROP_SAKAI_TO), ',');
for (String r : tor) {
r = convertToEmail(r.trim(), sparseSession);
if (bccRecipients.contains(r)) {
toRecipients.add(r);
bccRecipients.remove(r);
}
}
}
for (String r : toRecipients) {
try {
email.addTo(convertToEmail(r, sparseSession));
} catch (EmailException e) {
throw new EmailDeliveryException(
"Invalid To Address [" + r + "], message is being dropped :" + e.getMessage(), e);
}
}
for (String r : bccRecipients) {
try {
email.addBcc(convertToEmail(r, sparseSession));
} catch (EmailException e) {
throw new EmailDeliveryException(
"Invalid Bcc Address [" + r + "], message is being dropped :" + e.getMessage(), e);
}
}
if (contentNode.hasProperty(MessageConstants.PROP_SAKAI_FROM)) {
String from = (String) contentNode.getProperty(MessageConstants.PROP_SAKAI_FROM);
try {
email.setFrom(convertToEmail(from, sparseSession));
} catch (EmailException e) {
throw new EmailDeliveryException(
"Invalid From Address [" + from + "], message is being dropped :" + e.getMessage(), e);
}
} else {
throw new EmailDeliveryException("Must provide a 'from' address.");
}
if (contentNode.hasProperty(MessageConstants.PROP_SAKAI_BODY)) {
String messageBody = (String) contentNode.getProperty(MessageConstants.PROP_SAKAI_BODY);
// if this message has a template, use it
LOGGER.debug(
"Checking for sakai:templatePath and sakai:templateParams properties on the outgoing message's node.");
if (contentNode.hasProperty(MessageConstants.PROP_TEMPLATE_PATH)
&& contentNode.hasProperty(MessageConstants.PROP_TEMPLATE_PARAMS)) {
Map<String, String> parameters =
getTemplateProperties(
(String) contentNode.getProperty(MessageConstants.PROP_TEMPLATE_PARAMS));
String templatePath = (String) contentNode.getProperty(MessageConstants.PROP_TEMPLATE_PATH);
LOGGER.debug("Got the path '{0}' to the template for this outgoing message.", templatePath);
Node templateNode = session.getNode(templatePath);
if (templateNode.hasProperty("sakai:template")) {
String template = templateNode.getProperty("sakai:template").getString();
LOGGER.debug("Pulled the template body from the template node: {0}", template);
messageBody = templateService.evaluateTemplate(parameters, template);
LOGGER.debug("Performed parameter substitution in the template: {0}", messageBody);
}
} else {
LOGGER.debug(
"Message node '{0}' does not have sakai:templatePath and sakai:templateParams properties",
contentNode.getPath());
}
try {
email.setMsg(messageBody);
} catch (EmailException e) {
throw new EmailDeliveryException(
"Invalid Message Body, message is being dropped :" + e.getMessage(), e);
}
}
if (contentNode.hasProperty(MessageConstants.PROP_SAKAI_SUBJECT)) {
email.setSubject((String) contentNode.getProperty(MessageConstants.PROP_SAKAI_SUBJECT));
}
ContentManager contentManager = sparseSession.getContentManager();
for (String streamId : contentNode.listStreams()) {
String description = null;
if (contentNode.hasProperty(
StorageClientUtils.getAltField(
MessageConstants.PROP_SAKAI_ATTACHMENT_DESCRIPTION, streamId))) {
description =
(String)
contentNode.getProperty(
StorageClientUtils.getAltField(
MessageConstants.PROP_SAKAI_ATTACHMENT_DESCRIPTION, streamId));
}
LiteEmailDataSource ds = new LiteEmailDataSource(contentManager, contentNode, streamId);
try {
email.attach(ds, streamId, description);
} catch (EmailException e) {
throw new EmailDeliveryException(
"Invalid Attachment [" + streamId + "] message is being dropped :" + e.getMessage(), e);
}
}
return email;
}
/**
* {@inheritDoc}
*
* @see
* org.apache.sling.api.servlets.SlingSafeMethodsServlet#doGet(org.apache.sling.api.SlingHttpServletRequest,
* org.apache.sling.api.SlingHttpServletResponse)
*/
@Override
protected void doGet(SlingHttpServletRequest request, SlingHttpServletResponse response)
throws ServletException, IOException {
try {
List<Content> contentList = null;
RequestParameter rp = request.getRequestParameter("path");
ResourceResolver resourceResolver = request.getResourceResolver();
if (rp != null) {
String contentPath = rp.getString("UTF-8");
if (contentPath.startsWith("/_groupa:")) {
contentPath = contentPath.replaceFirst("/_groupa:", "/~");
}
if (contentPath.endsWith("/")) {
contentPath = contentPath.substring(0, contentPath.length() - 1);
}
Resource pagesResource = resourceResolver.getResource(contentPath);
if (pagesResource != null) {
contentList = getPageTree(pagesResource.adaptTo(Content.class));
;
}
}
response.setContentType("application/json");
response.setCharacterEncoding("UTF-8");
PrintWriter w = response.getWriter();
ExtendedJSONWriter writer = new ExtendedJSONWriter(w);
writer.object();
// pages info
int messageCount = 0;
writer.key("items");
writer.value(255);
writer.key("results");
writer.array();
if (contentList != null) {
for (int i = 0; i < contentList.size(); i++) {
Content page = contentList.get(i);
writer.object();
writer.key("jcr:path");
writer.value(
page.getPath()
.replaceFirst(
LitePersonalUtils.PATH_AUTHORIZABLE,
LitePersonalUtils.PATH_RESOURCE_AUTHORIZABLE));
for (String messagePropKey : page.getProperties().keySet()) {
writer.key(messagePropKey);
writer.value(massageValue(messagePropKey, page.getProperty(messagePropKey)));
}
writer.endObject();
messageCount++;
}
}
writer.endArray();
writer.key("total");
writer.value(messageCount);
writer.endObject();
} catch (JSONException e) {
LOG.error("Failed to create proper JSON response in /var/search/page", e);
response.sendError(
HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "Failed to create proper JSON response.");
}
}
public void createActivity(
Session session, Content targetLocation, String userId, ActivityServiceCallback callback)
throws AccessDeniedException, StorageClientException, ServletException, IOException {
if (userId == null) {
userId = session.getUserId();
}
if (!userId.equals(session.getUserId()) && !User.ADMIN_USER.equals(session.getUserId())) {
throw new IllegalStateException(
"Only Administrative sessions may act on behalf of another user for activities");
}
ContentManager contentManager = session.getContentManager();
// create activityStore if it does not exist
String path = StorageClientUtils.newPath(targetLocation.getPath(), ACTIVITY_STORE_NAME);
if (!contentManager.exists(path)) {
contentManager.update(
new Content(
path,
ImmutableMap.<String, Object>of(
SLING_RESOURCE_TYPE_PROPERTY, ACTIVITY_STORE_RESOURCE_TYPE)));
// inherit ACL from the target node, but let logged-in users write activities
session
.getAccessControlManager()
.setAcl(
Security.ZONE_CONTENT,
path,
new AclModification[] {
new AclModification(
AclModification.grantKey(Group.EVERYONE),
Permissions.CAN_WRITE.getPermission(),
Operation.OP_AND)
});
}
// create activity within activityStore
String activityPath = StorageClientUtils.newPath(path, ActivityUtils.createId());
String activityFeedPath = StorageClientUtils.newPath(targetLocation.getPath(), "activityFeed");
if (!contentManager.exists(activityFeedPath)) {
contentManager.update(new Content(activityFeedPath, null));
}
if (!contentManager.exists(activityPath)) {
contentManager.update(
new Content(
activityPath,
ImmutableMap.of(
JcrResourceConstants.SLING_RESOURCE_TYPE_PROPERTY,
(Object) ActivityConstants.ACTIVITY_ITEM_RESOURCE_TYPE)));
}
Content activtyNode = contentManager.get(activityPath);
callback.processRequest(activtyNode);
activtyNode = contentManager.get(activityPath);
activtyNode.setProperty(PARAM_ACTOR_ID, userId);
activtyNode.setProperty(ActivityConstants.PARAM_SOURCE, targetLocation.getPath());
Session adminSession = repository.loginAdministrative();
List<String> routesStr = new LinkedList<String>();
List<String> readers = new LinkedList<String>();
try {
List<ActivityRoute> routes =
activityRouterManager.getActivityRoutes(activtyNode, adminSession);
if (routes != null) {
for (ActivityRoute route : routes) {
routesStr.add(route.getDestination());
if (route.getReaders() != null && route.getReaders().length > 0) {
readers.addAll(Arrays.asList(route.getReaders()));
}
}
}
// store the routes as child content of the activity so we may lock it down to admin. It's
// common for
// the activity to be stored within the context of the content to which it pertains (e.g.,
// within the
// pooled content item on which the user performed the activity), therefore we could expose
// user
// activity routes there -- that is an exposure of potentially sensitive content such as who
// the user's
// connections are.
String routesPath =
StorageClientUtils.newPath(activtyNode.getPath(), ActivityConstants.PARAM_ROUTES);
contentManager.update(
new Content(
routesPath,
ImmutableMap.<String, Object>of(
ActivityConstants.PARAM_ROUTES,
routesStr.toArray(new String[routesStr.size()]))));
adminSession
.getAccessControlManager()
.setAcl(
Security.ZONE_CONTENT,
routesPath,
new AclModification[] {
new AclModification(
AclModification.denyKey(User.ANON_USER),
Permissions.ALL.getPermission(),
Operation.OP_REPLACE),
new AclModification(
AclModification.denyKey(Group.EVERYONE),
Permissions.ALL.getPermission(),
Operation.OP_REPLACE),
new AclModification(
AclModification.denyKey(userId),
Permissions.ALL.getPermission(),
Operation.OP_REPLACE)
});
if (!readers.isEmpty()) {
AclModification[] readerAcls = new AclModification[readers.size()];
int i = 0;
for (String reader : readers) {
// ensure all the necessary readers/routes can read the activity
readerAcls[i] =
new AclModification(
AclModification.grantKey(reader),
Permissions.CAN_READ.getPermission(),
Operation.OP_OR);
i++;
}
adminSession
.getAccessControlManager()
.setAcl(Security.ZONE_CONTENT, activtyNode.getPath(), readerAcls);
}
} finally {
SparseUtils.logoutQuietly(adminSession);
}
// store the activity node
contentManager.update(activtyNode);
// post the asynchronous OSGi event
final Dictionary<String, String> properties = new Hashtable<String, String>();
properties.put(UserConstants.EVENT_PROP_USERID, userId);
properties.put(ActivityConstants.EVENT_PROP_PATH, activityPath);
properties.put("path", activityPath);
properties.put("resourceType", ActivityConstants.ACTIVITY_ITEM_RESOURCE_TYPE);
EventUtils.sendOsgiEvent(properties, LITE_EVENT_TOPIC, eventAdmin);
}
/**
* Manipulate the member list for this file.
*
* <p>{@inheritDoc}
*
* @see
* org.apache.sling.api.servlets.SlingAllMethodsServlet#doPost(org.apache.sling.api.SlingHttpServletRequest,
* org.apache.sling.api.SlingHttpServletResponse)
*/
@SuppressWarnings("unchecked")
@Override
protected void doPost(SlingHttpServletRequest request, SlingHttpServletResponse response)
throws ServletException, IOException {
// fail if anonymous
String remoteUser = request.getRemoteUser();
if (User.ANON_USER.equals(remoteUser)) {
response.sendError(SC_FORBIDDEN, "Anonymous users cannot update content members.");
return;
}
Session session = null;
boolean releaseSession = false;
try {
Resource resource = request.getResource();
session = resource.adaptTo(Session.class);
Content pooledContent = resource.adaptTo(Content.class);
AccessControlManager accessControlManager = session.getAccessControlManager();
AuthorizableManager authorizableManager = session.getAuthorizableManager();
User thisUser = authorizableManager.getUser();
if (!accessControlManager.can(
thisUser, Security.ZONE_CONTENT, pooledContent.getPath(), Permissions.CAN_READ)) {
response.sendError(SC_FORBIDDEN, "Insufficient permission to read this content.");
}
Map<String, Object> properties = pooledContent.getProperties();
String[] managers =
StorageClientUtils.nonNullStringArray(
(String[]) properties.get(POOLED_CONTENT_USER_MANAGER));
String[] editors =
StorageClientUtils.nonNullStringArray(
(String[]) properties.get(POOLED_CONTENT_USER_EDITOR));
String[] viewers =
StorageClientUtils.nonNullStringArray(
(String[]) properties.get(POOLED_CONTENT_USER_VIEWER));
Set<String> managerSet = Sets.newHashSet(managers);
Set<String> editorSet = Sets.newHashSet(editors);
Set<String> viewerSet = Sets.newHashSet(viewers);
List<String> removeViewers =
Arrays.asList(
StorageClientUtils.nonNullStringArray(request.getParameterValues(":viewer@Delete")));
List<String> removeManagers =
Arrays.asList(
StorageClientUtils.nonNullStringArray(request.getParameterValues(":manager@Delete")));
List<String> removeEditors =
Arrays.asList(
StorageClientUtils.nonNullStringArray(request.getParameterValues(":editor@Delete")));
List<String> addViewers =
Arrays.asList(
StorageClientUtils.nonNullStringArray(request.getParameterValues(":viewer")));
List<String> addManagers =
Arrays.asList(
StorageClientUtils.nonNullStringArray(request.getParameterValues(":manager")));
List<String> addEditors =
Arrays.asList(
StorageClientUtils.nonNullStringArray(request.getParameterValues(":editor")));
if (!accessControlManager.can(
thisUser, Security.ZONE_CONTENT, pooledContent.getPath(), Permissions.CAN_WRITE)) {
if (!addManagers.isEmpty()) {
response.sendError(SC_FORBIDDEN, "Non-managers may not add managers to content.");
return;
}
for (String name : removeManagers) {
// asking to remove managers who don't exist is harmless
if (managerSet.contains(name)) {
response.sendError(SC_FORBIDDEN, "Non-managers may not remove managers from content.");
return;
}
}
if (addViewers.contains(User.ANON_USER) || addViewers.contains(Group.EVERYONE)) {
response.sendError(
SC_FORBIDDEN, "Non-managers may not add 'anonymous' or 'everyone' as viewers.");
return;
}
if (addEditors.contains(User.ANON_USER) || addEditors.contains(Group.EVERYONE)) {
response.sendError(
SC_FORBIDDEN, "Non-managers may not add 'anonymous' or 'everyone' as editors.");
return;
}
for (String name : removeViewers) {
if (!thisUser.getId().equals(name)) {
Authorizable viewer = authorizableManager.findAuthorizable(name);
if (viewer != null
&& !accessControlManager.can(
thisUser, Security.ZONE_AUTHORIZABLES, name, Permissions.CAN_WRITE)) {
response.sendError(
SC_FORBIDDEN,
"Non-managers may not remove any viewer other than themselves or a group which they manage.");
}
}
}
// the request has passed all the rules that govern non-manager users
// so we'll grant an administrative session
session = session.getRepository().loginAdministrative();
releaseSession = true;
}
List<AclModification> aclModifications = Lists.newArrayList();
for (String addManager : addManagers) {
if ((addManager.length() > 0) && !managerSet.contains(addManager)) {
managerSet.add(addManager);
AclModification.addAcl(true, Permissions.CAN_MANAGE, addManager, aclModifications);
}
}
for (String removeManager : removeManagers) {
if ((removeManager.length() > 0) && managerSet.contains(removeManager)) {
managerSet.remove(removeManager);
AclModification.removeAcl(true, Permissions.CAN_MANAGE, removeManager, aclModifications);
}
}
for (String addEditor : addEditors) {
if ((addEditor.length() > 0) && !editorSet.contains(addEditor)) {
editorSet.add(addEditor);
AclModification.addAcl(true, PERMISSION_EDITOR, addEditor, aclModifications);
}
}
for (String removeEditor : removeEditors) {
if ((removeEditor.length() > 0) && editorSet.contains(removeEditor)) {
editorSet.remove(removeEditor);
AclModification.removeAcl(true, PERMISSION_EDITOR, removeEditor, aclModifications);
}
}
for (String addViewer : addViewers) {
if ((addViewer.length() > 0) && !viewerSet.contains(addViewer)) {
viewerSet.add(addViewer);
AclModification.addAcl(true, Permissions.CAN_READ, addViewer, aclModifications);
}
}
for (String removeViewer : removeViewers) {
removeViewer = removeViewer.trim();
if ((removeViewer.length() > 0) && viewerSet.contains(removeViewer)) {
viewerSet.remove(removeViewer);
if (!managerSet.contains(removeViewer)) {
AclModification.removeAcl(true, Permissions.CAN_READ, removeViewer, aclModifications);
}
}
}
updateContentMembers(session, pooledContent, viewerSet, managerSet, editorSet);
updateContentAccess(session, pooledContent, aclModifications);
this.authorizableCountChanger.notify(
UserConstants.CONTENT_ITEMS_PROP,
addViewers,
addEditors,
addManagers,
removeViewers,
removeEditors,
removeManagers);
response.setStatus(SC_OK);
} catch (StorageClientException e) {
LOGGER.error(e.getMessage());
response.sendError(
SC_INTERNAL_SERVER_ERROR, "StorageClientException: " + e.getLocalizedMessage());
} catch (AccessDeniedException e) {
response.sendError(
SC_FORBIDDEN,
"Insufficient permission to update content members at " + request.getRequestURI());
} finally {
if (session != null && releaseSession) {
try {
session.logout();
} catch (ClientPoolException e) {
LOGGER.error(e.getMessage());
}
}
}
}
