public static boolean createLink(
Content content, String link, org.sakaiproject.nakamura.api.lite.Session session)
throws org.sakaiproject.nakamura.api.lite.accesscontrol.AccessDeniedException,
StorageClientException {
String userId = session.getUserId();
if (User.ANON_USER.equals(userId)) {
throw new org.sakaiproject.nakamura.api.lite.accesscontrol.AccessDeniedException(
Security.ZONE_CONTENT, link, "Cant create a link", userId);
}
ContentManager contentManager = session.getContentManager();
Content linkNode = contentManager.get(link);
if (linkNode == null) {
linkNode =
new Content(
link,
ImmutableMap.of(
JcrResourceConstants.SLING_RESOURCE_TYPE_PROPERTY,
(Object) RT_SAKAI_LINK,
SAKAI_LINK,
content.getPath()));
} else {
linkNode.setProperty(JcrResourceConstants.SLING_RESOURCE_TYPE_PROPERTY, RT_SAKAI_LINK);
linkNode.setProperty(SAKAI_LINK, content.getPath());
}
contentManager.update(linkNode);
return true;
}
/**
* Process a query string to search using Solr.
*
* @param request
* @param query
* @param asAnon
* @param rs
* @return
* @throws SolrSearchException
*/
private SolrSearchResultSet processSolrQuery(
SlingHttpServletRequest request, Query query, boolean asAnon)
throws StorageClientException, AccessDeniedException, SolrServerException {
String queryString = query.getQueryString();
// apply readers restrictions.
if (asAnon) {
queryString = "(" + queryString + ") AND readers:" + User.ANON_USER;
} else {
Session session =
StorageClientUtils.adaptToSession(
request.getResourceResolver().adaptTo(javax.jcr.Session.class));
if (!User.ADMIN_USER.equals(session.getUserId())) {
AuthorizableManager am = session.getAuthorizableManager();
Authorizable user = am.findAuthorizable(session.getUserId());
Set<String> readers = Sets.newHashSet();
for (Iterator<Group> gi = user.memberOf(am); gi.hasNext(); ) {
readers.add(gi.next().getId());
}
readers.add(session.getUserId());
queryString =
"(" + queryString + ") AND readers:(" + StringUtils.join(readers, " OR ") + ")";
}
}
SolrQuery solrQuery = buildQuery(request, queryString, query.getOptions());
SolrServer solrServer = solrSearchService.getServer();
try {
LOGGER.info("Performing Query {} ", URLDecoder.decode(solrQuery.toString(), "UTF-8"));
} catch (UnsupportedEncodingException e) {
}
QueryResponse response = solrServer.query(solrQuery);
SolrDocumentList resultList = response.getResults();
LOGGER.info("Got {} hits in {} ms", resultList.size(), response.getElapsedTime());
return new SolrSearchResultSetImpl(response);
}
protected void updateGroupMembership(
SlingHttpServletRequest request,
Session session,
Authorizable authorizable,
String paramName,
List<Modification> changes,
Map<String, Object> toSave)
throws AccessDeniedException, StorageClientException {
if (authorizable instanceof Group) {
Group group = ((Group) authorizable);
String groupPath =
LiteAuthorizableResourceProvider.SYSTEM_USER_MANAGER_GROUP_PREFIX + group.getId();
boolean changed = false;
AuthorizableManager authorizableManager = session.getAuthorizableManager();
// first remove any members posted as ":member@Delete"
String[] membersToDelete =
request.getParameterValues(paramName + SlingPostConstants.SUFFIX_DELETE);
if (membersToDelete != null) {
toSave.put(group.getId(), group);
LOGGER.info("Members to delete {} ", membersToDelete);
for (String member : membersToDelete) {
String memberId = getAuthIdFromParameter(member);
group.removeMember(memberId);
changed = true;
}
}
Joinable groupJoin = getJoinable(group);
// second add any members posted as ":member"
String[] membersToAdd = request.getParameterValues(paramName);
if (membersToAdd != null) {
LOGGER.info("Members to add {} ", membersToAdd);
Group peerGroup = getPeerGroupOf(group, authorizableManager, toSave);
List<Authorizable> membersToRemoveFromPeer = new ArrayList<Authorizable>();
for (String member : membersToAdd) {
String memberId = getAuthIdFromParameter(member);
Authorizable memberAuthorizable = (Authorizable) toSave.get(memberId);
if (memberAuthorizable == null) {
memberAuthorizable = authorizableManager.findAuthorizable(memberId);
}
if (memberAuthorizable != null) {
if (!User.ADMIN_USER.equals(session.getUserId())
&& !UserConstants.ANON_USERID.equals(session.getUserId())
&& Joinable.yes.equals(groupJoin)
&& memberAuthorizable.getId().equals(session.getUserId())) {
LOGGER.debug("Is Joinable {} {} ", groupJoin, session.getUserId());
// we can grab admin session since group allows all users to join
Session adminSession = getSession();
try {
AuthorizableManager adminAuthorizableManager =
adminSession.getAuthorizableManager();
Group adminAuthGroup =
(Group) adminAuthorizableManager.findAuthorizable(group.getId());
if (adminAuthGroup != null) {
adminAuthGroup.addMember(memberAuthorizable.getId());
adminAuthorizableManager.updateAuthorizable(adminAuthGroup);
changed = true;
}
} finally {
ungetSession(adminSession);
}
} else {
LOGGER.info(
"Group {} is not Joinable: User {} adding {} ",
new Object[] {
group.getId(), session.getUserId(), memberAuthorizable.getId(),
});
// group is restricted, so use the current user's authorization
// to add the member to the group:
group.addMember(memberAuthorizable.getId());
if (LOGGER.isInfoEnabled()) {
LOGGER.info(
"{} Membership now {} {} {}",
new Object[] {
group.getId(),
Arrays.toString(group.getMembers()),
Arrays.toString(group.getMembersAdded()),
Arrays.toString(group.getMembersRemoved())
});
}
toSave.put(group.getId(), group);
Group gt = (Group) toSave.get(group.getId());
if (LOGGER.isInfoEnabled()) {
LOGGER.info(
"{} Membership now {} {} {}",
new Object[] {
group.getId(),
Arrays.toString(gt.getMembers()),
Arrays.toString(gt.getMembersAdded()),
Arrays.toString(gt.getMembersRemoved())
});
}
changed = true;
}
if (peerGroup != null && peerGroup.getId() != group.getId()) {
Set<String> members = ImmutableSet.of(peerGroup.getMembers());
if (members.contains(memberAuthorizable.getId())) {
membersToRemoveFromPeer.add(memberAuthorizable);
}
}
} else {
LOGGER.warn("member not found {} ", memberId);
}
}
if ((peerGroup != null) && (membersToRemoveFromPeer.size() > 0)) {
for (Authorizable member : membersToRemoveFromPeer) {
if (LOGGER.isInfoEnabled()) {
LOGGER.info("Removing Member {} from {} ", member.getId(), peerGroup.getId());
}
peerGroup.removeMember(member.getId());
}
toSave.put(peerGroup.getId(), peerGroup);
if (LOGGER.isInfoEnabled()) {
LOGGER.info(
"{} Just Updated Peer Group Membership now {} {} {}",
new Object[] {
peerGroup.getId(),
Arrays.toString(peerGroup.getMembers()),
Arrays.toString(peerGroup.getMembersAdded()),
Arrays.toString(peerGroup.getMembersRemoved())
});
}
}
}
if (changed) {
// add an entry to the changes list to record the membership
// change
changes.add(Modification.onModified(groupPath + "/members"));
}
}
}
public void createActivity(
Session session, Content targetLocation, String userId, ActivityServiceCallback callback)
throws AccessDeniedException, StorageClientException, ServletException, IOException {
if (userId == null) {
userId = session.getUserId();
}
if (!userId.equals(session.getUserId()) && !User.ADMIN_USER.equals(session.getUserId())) {
throw new IllegalStateException(
"Only Administrative sessions may act on behalf of another user for activities");
}
ContentManager contentManager = session.getContentManager();
// create activityStore if it does not exist
String path = StorageClientUtils.newPath(targetLocation.getPath(), ACTIVITY_STORE_NAME);
if (!contentManager.exists(path)) {
contentManager.update(
new Content(
path,
ImmutableMap.<String, Object>of(
SLING_RESOURCE_TYPE_PROPERTY, ACTIVITY_STORE_RESOURCE_TYPE)));
// inherit ACL from the target node, but let logged-in users write activities
session
.getAccessControlManager()
.setAcl(
Security.ZONE_CONTENT,
path,
new AclModification[] {
new AclModification(
AclModification.grantKey(Group.EVERYONE),
Permissions.CAN_WRITE.getPermission(),
Operation.OP_AND)
});
}
// create activity within activityStore
String activityPath = StorageClientUtils.newPath(path, ActivityUtils.createId());
String activityFeedPath = StorageClientUtils.newPath(targetLocation.getPath(), "activityFeed");
if (!contentManager.exists(activityFeedPath)) {
contentManager.update(new Content(activityFeedPath, null));
}
if (!contentManager.exists(activityPath)) {
contentManager.update(
new Content(
activityPath,
ImmutableMap.of(
JcrResourceConstants.SLING_RESOURCE_TYPE_PROPERTY,
(Object) ActivityConstants.ACTIVITY_ITEM_RESOURCE_TYPE)));
}
Content activtyNode = contentManager.get(activityPath);
callback.processRequest(activtyNode);
activtyNode = contentManager.get(activityPath);
activtyNode.setProperty(PARAM_ACTOR_ID, userId);
activtyNode.setProperty(ActivityConstants.PARAM_SOURCE, targetLocation.getPath());
Session adminSession = repository.loginAdministrative();
List<String> routesStr = new LinkedList<String>();
List<String> readers = new LinkedList<String>();
try {
List<ActivityRoute> routes =
activityRouterManager.getActivityRoutes(activtyNode, adminSession);
if (routes != null) {
for (ActivityRoute route : routes) {
routesStr.add(route.getDestination());
if (route.getReaders() != null && route.getReaders().length > 0) {
readers.addAll(Arrays.asList(route.getReaders()));
}
}
}
// store the routes as child content of the activity so we may lock it down to admin. It's
// common for
// the activity to be stored within the context of the content to which it pertains (e.g.,
// within the
// pooled content item on which the user performed the activity), therefore we could expose
// user
// activity routes there -- that is an exposure of potentially sensitive content such as who
// the user's
// connections are.
String routesPath =
StorageClientUtils.newPath(activtyNode.getPath(), ActivityConstants.PARAM_ROUTES);
contentManager.update(
new Content(
routesPath,
ImmutableMap.<String, Object>of(
ActivityConstants.PARAM_ROUTES,
routesStr.toArray(new String[routesStr.size()]))));
adminSession
.getAccessControlManager()
.setAcl(
Security.ZONE_CONTENT,
routesPath,
new AclModification[] {
new AclModification(
AclModification.denyKey(User.ANON_USER),
Permissions.ALL.getPermission(),
Operation.OP_REPLACE),
new AclModification(
AclModification.denyKey(Group.EVERYONE),
Permissions.ALL.getPermission(),
Operation.OP_REPLACE),
new AclModification(
AclModification.denyKey(userId),
Permissions.ALL.getPermission(),
Operation.OP_REPLACE)
});
if (!readers.isEmpty()) {
AclModification[] readerAcls = new AclModification[readers.size()];
int i = 0;
for (String reader : readers) {
// ensure all the necessary readers/routes can read the activity
readerAcls[i] =
new AclModification(
AclModification.grantKey(reader),
Permissions.CAN_READ.getPermission(),
Operation.OP_OR);
i++;
}
adminSession
.getAccessControlManager()
.setAcl(Security.ZONE_CONTENT, activtyNode.getPath(), readerAcls);
}
} finally {
SparseUtils.logoutQuietly(adminSession);
}
// store the activity node
contentManager.update(activtyNode);
// post the asynchronous OSGi event
final Dictionary<String, String> properties = new Hashtable<String, String>();
properties.put(UserConstants.EVENT_PROP_USERID, userId);
properties.put(ActivityConstants.EVENT_PROP_PATH, activityPath);
properties.put("path", activityPath);
properties.put("resourceType", ActivityConstants.ACTIVITY_ITEM_RESOURCE_TYPE);
EventUtils.sendOsgiEvent(properties, LITE_EVENT_TOPIC, eventAdmin);
}
/**
* Retrieves the list of members.
*
* <p>{@inheritDoc}
*
* @see
* org.apache.sling.api.servlets.SlingSafeMethodsServlet#doGet(org.apache.sling.api.SlingHttpServletRequest,
* org.apache.sling.api.SlingHttpServletResponse)
*/
@Override
protected void doGet(SlingHttpServletRequest request, SlingHttpServletResponse response)
throws ServletException, IOException {
try {
// Get hold of the actual file.
Resource resource = request.getResource();
javax.jcr.Session jcrSession = request.getResourceResolver().adaptTo(javax.jcr.Session.class);
Session session = resource.adaptTo(Session.class);
AuthorizableManager am = session.getAuthorizableManager();
AccessControlManager acm = session.getAccessControlManager();
Content node = resource.adaptTo(Content.class);
Authorizable thisUser = am.findAuthorizable(session.getUserId());
if (!acm.can(thisUser, Security.ZONE_CONTENT, resource.getPath(), Permissions.CAN_READ)) {
response.sendError(HttpServletResponse.SC_NOT_FOUND);
return;
}
Map<String, Object> properties = node.getProperties();
String[] managers = (String[]) properties.get(POOLED_CONTENT_USER_MANAGER);
String[] editors = (String[]) properties.get(POOLED_CONTENT_USER_EDITOR);
String[] viewers = (String[]) properties.get(POOLED_CONTENT_USER_VIEWER);
boolean detailed = false;
boolean tidy = false;
for (String selector : request.getRequestPathInfo().getSelectors()) {
if ("detailed".equals(selector)) {
detailed = true;
} else if ("tidy".equals(selector)) {
tidy = true;
}
}
// Loop over the sets and output it.
ExtendedJSONWriter writer = new ExtendedJSONWriter(response.getWriter());
writer.setTidy(tidy);
writer.object();
writer.key("managers");
writer.array();
for (String manager : StorageClientUtils.nonNullStringArray(managers)) {
try {
writeProfileMap(jcrSession, am, writer, manager, detailed);
} catch (AccessDeniedException e) {
LOGGER.debug("Skipping private manager [{}]", manager);
}
}
writer.endArray();
writer.key("editors");
writer.array();
for (String editor : StorageClientUtils.nonNullStringArray(editors)) {
try {
writeProfileMap(jcrSession, am, writer, editor, detailed);
} catch (AccessDeniedException e) {
LOGGER.debug("Skipping private editor [{}]", editor);
}
}
writer.endArray();
writer.key("viewers");
writer.array();
for (String viewer : StorageClientUtils.nonNullStringArray(viewers)) {
try {
writeProfileMap(jcrSession, am, writer, viewer, detailed);
} catch (AccessDeniedException e) {
LOGGER.debug("Skipping private viewer [{}]", viewer);
}
}
writer.endArray();
writer.endObject();
} catch (JSONException e) {
response.sendError(SC_INTERNAL_SERVER_ERROR, "Failed to generate proper JSON.");
LOGGER.error(e.getMessage(), e);
} catch (StorageClientException e) {
response.sendError(SC_INTERNAL_SERVER_ERROR, "Failed to generate proper JSON.");
LOGGER.error(e.getMessage(), e);
} catch (AccessDeniedException e) {
response.sendError(SC_INTERNAL_SERVER_ERROR, "Failed to generate proper JSON.");
LOGGER.error(e.getMessage(), e);
} catch (RepositoryException e) {
response.sendError(SC_INTERNAL_SERVER_ERROR, "Failed to generate proper JSON.");
LOGGER.error(e.getMessage(), e);
}
}
