コード例 #1
0
  public ExternalAccessControlManager(
      NamespaceRegistry namespaceRegistry,
      ExternalSessionImpl session,
      ExternalDataSource dataSource) {

    this.session = session;
    this.workspaceName = session.getWorkspace().getName();
    this.aclReadOnly =
        dataSource instanceof ExternalDataSource.AccessControllable
            || dataSource instanceof ExternalDataSource.SupportPrivileges;
    this.writable = dataSource instanceof ExternalDataSource.Writable;
    this.supportPrivileges = dataSource instanceof ExternalDataSource.SupportPrivileges;
    this.rootUserName = JahiaUserManagerService.getInstance().getRootUserName();
    this.dataSource = dataSource;

    this.pathPermissionCache =
        Collections.synchronizedMap(
            new LRUMap(SettingsBean.getInstance().getAccessManagerPathPermissionCacheMaxSize()));
    this.jahiaPrincipal =
        new JahiaPrincipal(
            session.getUserID(),
            session.getRealm(),
            session.getUserID().startsWith(JahiaLoginModule.SYSTEM),
            JahiaLoginModule.GUEST.equals(session.getUserID()));
    try {
      registry = new JahiaPrivilegeRegistry(namespaceRegistry);
      this.modifyAccessControlPrivilege =
          registry.getPrivilege("jcr:modifyAccessControl", workspaceName);
      this.writePrivilege = registry.getPrivilege("jcr:write", workspaceName);
    } catch (RepositoryException e) {
      throw new JahiaRuntimeException(e);
    }
  }
コード例 #2
0
 public boolean canManageNodeTypes(String path) throws RepositoryException {
   return hasPrivileges(
       path,
       new Privilege[] {
         registry.getPrivilege(
             JCR_NODE_TYPE_MANAGEMENT + "_" + session.getWorkspace().getName(), null)
       });
 }
コード例 #3
0
 // JCR_REMOVE_NODE
 public void checkRemoveNode(String path) throws RepositoryException {
   if (!hasPrivileges(
       path,
       new Privilege[] {
         registry.getPrivilege(JCR_REMOVE_NODE + "_" + session.getWorkspace().getName(), null)
       })) {
     throw new AccessDeniedException(path);
   }
 }
コード例 #4
0
 // JCR_ADD_CHILD_NODES
 public void checkAddChildNodes(String path) throws RepositoryException {
   if (!hasPrivileges(
       path,
       new Privilege[] {
         registry.getPrivilege(JCR_ADD_CHILD_NODES + "_" + session.getWorkspace().getName(), null)
       })) {
     throw new AccessDeniedException(path);
   }
 }
コード例 #5
0
 public void checkRead(String path) throws RepositoryException {
   if (!hasPrivileges(
       path,
       new Privilege[] {
         registry.getPrivilege(JCR_READ + "_" + session.getWorkspace().getName(), null)
       })) {
     throw new PathNotFoundException(path);
   }
 }
コード例 #6
0
 // JCR_MODIFY_PROPERTIES
 public void checkModify(String path) throws RepositoryException {
   if (!hasPrivileges(
       path,
       new Privilege[] {
         registry.getPrivilege(
             JCR_MODIFY_PROPERTIES + "_" + session.getWorkspace().getName(), null)
       })) {
     throw new AccessDeniedException(path);
   }
 }
コード例 #7
0
  @Override
  public boolean hasPrivileges(final String absPath, final Privilege[] privileges)
      throws PathNotFoundException, RepositoryException {

    if (supportPrivileges) {
      // if the node is created in the same session, return true
      for (Item item : session.getNewItems()) {
        if (item.getPath().equals(absPath)) {
          return true;
        }
      }

      // check privilege names
      return hasPrivilegesLegacy(absPath, privileges);
    } else {
      // check ACLs
      Set<String> privs = new HashSet<>();
      for (Privilege privilege : privileges) {
        privs.add(privilege.getName());
      }
      String mountPoint = session.getRepository().getStoreProvider().getMountPoint();
      Session securitySession =
          JCRSessionFactory.getInstance()
              .getCurrentSystemSession(session.getWorkspace().getName(), null, null);
      PathWrapper pathWrapper =
          new ExternalPathWrapperImpl(
              StringUtils.equals(absPath, "/") ? mountPoint : mountPoint + absPath,
              securitySession);
      return AccessManagerUtils.isGranted(
          pathWrapper,
          privs,
          securitySession,
          jahiaPrincipal,
          workspaceName,
          false,
          pathPermissionCache,
          compiledAcls,
          registry);
    }
  }