/**
* @see
* org.apache.jackrabbit.core.security.authorization.AccessControlProvider#getEffectivePolicies(java.util.Set,
* CompiledPermissions)
*/
public AccessControlPolicy[] getEffectivePolicies(
Set<Principal> principals, CompiledPermissions permissions) throws RepositoryException {
String propName = ISO9075.encode(session.getJCRName(P_PRINCIPAL_NAME));
StringBuilder stmt = new StringBuilder("/jcr:root");
stmt.append("//element(*,");
stmt.append(session.getJCRName(NT_REP_ACE));
stmt.append(")[");
int i = 0;
for (Principal principal : principals) {
if (i > 0) {
stmt.append(" or ");
}
stmt.append("@");
stmt.append(propName);
stmt.append("='");
stmt.append(principal.getName().replaceAll("'", "''"));
stmt.append("'");
i++;
}
stmt.append("]");
QueryResult result;
try {
QueryManager qm = session.getWorkspace().getQueryManager();
Query q = qm.createQuery(stmt.toString(), Query.XPATH);
result = q.execute();
} catch (RepositoryException e) {
log.error("Unexpected error while searching effective policies.", e.getMessage());
throw new UnsupportedOperationException(
"Retrieve effective policies for set of principals not supported.", e);
}
Set<AccessControlPolicy> acls = new LinkedHashSet<AccessControlPolicy>();
for (NodeIterator it = result.getNodes(); it.hasNext(); ) {
NodeImpl aclNode = (NodeImpl) it.nextNode().getParent();
Name aclName = aclNode.getQName();
NodeImpl accessControlledNode = (NodeImpl) aclNode.getParent();
if (N_POLICY.equals(aclName) && isAccessControlled(accessControlledNode)) {
if (permissions.canRead(aclNode.getPrimaryPath(), aclNode.getNodeId())) {
acls.add(getACL(accessControlledNode, N_POLICY, accessControlledNode.getPath()));
} else {
throw new AccessDeniedException(
"Access denied at " + Text.getRelativeParent(aclNode.getPath(), 1));
}
} else if (N_REPO_POLICY.equals(aclName) && isRepoAccessControlled(accessControlledNode)) {
if (permissions.canRead(aclNode.getPrimaryPath(), aclNode.getNodeId())) {
acls.add(getACL(accessControlledNode, N_REPO_POLICY, null));
} else {
throw new AccessDeniedException(
"Access denied at " + Text.getRelativeParent(aclNode.getPath(), 1));
}
} // else: not a regular policy node -> ignore.
}
return acls.toArray(new AccessControlPolicy[acls.size()]);
}
public Node getLibraryNode(SlingHttpServletRequest request, HtmlLibrary library) {
Node node = null;
try {
// we want the non-minified version as the root path
String cacheRoot =
Text.getRelativeParent(
(new StringBuilder(CACHE_PATH).append(library.getPath(false))).toString(), 1);
String optPath =
(new StringBuilder(cacheRoot).append("/").append(getLibraryName(library))).toString();
node = JcrUtils.getNodeIfExists(optPath, getAdminSession());
if (null == node) {
// generate empty jcr:data to cache
node = createEmptyCache(library, cacheRoot, getAdminSession());
}
// lib was modified after last cache write
if (!node.hasNode(JcrConstants.JCR_CONTENT)
|| library.getLastModified(false)
> JcrUtils.getLongProperty(
node.getNode(JcrConstants.JCR_CONTENT), JcrConstants.JCR_LASTMODIFIED, 0L)) {
// generate new binary, if possible
node = populateCache(library, node.getPath(), getAdminSession());
}
// reassign with user session
node = request.getResourceResolver().resolve(node.getPath()).adaptTo(Node.class);
} catch (RepositoryException re) {
log.debug(re.getMessage());
} finally {
getResolver().close();
}
return node;
}
