예제 #1
1
  public boolean addPrivilege(Privilege aPrivilege) {
    boolean wasAdded = false;
    if (privileges.contains(aPrivilege)) {
      return false;
    }
    if (privileges.contains(aPrivilege)) {
      return false;
    }
    if (privileges.contains(aPrivilege)) {
      return false;
    }
    Employee existingEmployee = aPrivilege.getEmployee();
    boolean isNewEmployee = existingEmployee != null && !this.equals(existingEmployee);

    if (isNewEmployee && existingEmployee.numberOfPrivileges() <= minimumNumberOfPrivileges()) {
      return wasAdded;
    }
    if (isNewEmployee) {
      aPrivilege.setEmployee(this);
    } else {
      privileges.add(aPrivilege);
    }
    wasAdded = true;
    return wasAdded;
  }
  private List<Privilege> getPrivilegesToFilter(Node node) {

    if (node instanceof JCRNodeWrapper) {
      node = ((JCRNodeWrapper) node).getRealNode();
    }

    List<Privilege> privilegeToFilterOut = new ArrayList<>();

    // jcr:modifyAccessControl permission when data source is AccessControllable, only on
    // ExternalNodeImpl
    // ExtensionNodeImpl acls can be modify
    if (aclReadOnly && node instanceof ExternalNodeImpl) {
      privilegeToFilterOut.add(modifyAccessControlPrivilege);
    }

    // all write permissions in case of the data source not writable and not extendable
    if (!writable
        && node instanceof ExternalNodeImpl
        && (session.getOverridableProperties() == null
            || session.getOverridableProperties().size() == 0)) {
      privilegeToFilterOut.add(writePrivilege);
      privilegeToFilterOut.addAll(Lists.newArrayList(writePrivilege.getAggregatePrivileges()));
    }

    return privilegeToFilterOut;
  }
예제 #3
0
 public void delete() {
   for (int i = shifts.size(); i > 0; i--) {
     Shift aShift = shifts.get(i - 1);
     aShift.delete();
   }
   for (int i = privileges.size(); i > 0; i--) {
     Privilege aPrivilege = privileges.get(i - 1);
     aPrivilege.delete();
   }
   Hospital placeholderHospital = hospital;
   this.hospital = null;
   placeholderHospital.removeEmployee(this);
   ArrayList<Ward> copyOfWards = new ArrayList<Ward>(wards);
   wards.clear();
   for (Ward aWard : copyOfWards) {
     aWard.removeEmployee(this);
   }
 }
  @Override
  public boolean hasPrivileges(final String absPath, final Privilege[] privileges)
      throws PathNotFoundException, RepositoryException {

    if (supportPrivileges) {
      // if the node is created in the same session, return true
      for (Item item : session.getNewItems()) {
        if (item.getPath().equals(absPath)) {
          return true;
        }
      }

      // check privilege names
      return hasPrivilegesLegacy(absPath, privileges);
    } else {
      // check ACLs
      Set<String> privs = new HashSet<>();
      for (Privilege privilege : privileges) {
        privs.add(privilege.getName());
      }
      String mountPoint = session.getRepository().getStoreProvider().getMountPoint();
      Session securitySession =
          JCRSessionFactory.getInstance()
              .getCurrentSystemSession(session.getWorkspace().getName(), null, null);
      PathWrapper pathWrapper =
          new ExternalPathWrapperImpl(
              StringUtils.equals(absPath, "/") ? mountPoint : mountPoint + absPath,
              securitySession);
      return AccessManagerUtils.isGranted(
          pathWrapper,
          privs,
          securitySession,
          jahiaPrincipal,
          workspaceName,
          false,
          pathPermissionCache,
          compiledAcls,
          registry);
    }
  }
  private static Privilege[] filterPrivileges(
      Privilege[] privileges, List<Privilege> privilegesToFilterOut) {

    Set<Privilege> filteredResult = new HashSet<Privilege>();
    for (Privilege privilege : privileges) {
      if (!privilegesToFilterOut.contains(privilege)) {
        if (privilege.isAggregate()
            && areIntersecting(privilege.getDeclaredAggregatePrivileges(), privilegesToFilterOut)) {
          // We de-aggregate a privilege in case any of its children are to be filtered out, since a
          // privilege is valid only if all its children are valid.
          filteredResult.addAll(
              Arrays.asList(
                  filterPrivileges(
                      privilege.getDeclaredAggregatePrivileges(), privilegesToFilterOut)));
        } else {
          filteredResult.add(privilege);
        }
      }
    }

    return filteredResult.toArray(new Privilege[filteredResult.size()]);
  }
예제 #6
0
  public boolean removePrivilege(Privilege aPrivilege) {
    boolean wasRemoved = false;
    // Unable to remove aPrivilege, as it must always have a employee
    if (this.equals(aPrivilege.getEmployee())) {
      return wasRemoved;
    }

    // employee already at minimum (1)
    if (numberOfPrivileges() <= minimumNumberOfPrivileges()) {
      return wasRemoved;
    }

    privileges.remove(aPrivilege);
    wasRemoved = true;
    return wasRemoved;
  }