use of javax.jcr.Item in project sling by apache.
the class DefaultContentCreator method getParentNode.
private Node getParentNode(Session session, String path) throws RepositoryException {
int lastSlash = path.lastIndexOf('/');
// not an absolute path, cannot find parent
if (lastSlash < 0) {
return null;
}
// node below root
if (lastSlash == 0) {
return session.getRootNode();
}
// item in the hierarchy
path = path.substring(0, lastSlash);
if (!session.itemExists(path)) {
return null;
}
Item item = session.getItem(path);
return (item.isNode()) ? (Node) item : null;
}
use of javax.jcr.Item in project sling by apache.
the class DeleteAcesServlet method deleteAces.
/* (non-Javadoc)
* @see org.apache.sling.jcr.jackrabbit.accessmanager.DeleteAces#deleteAces(javax.jcr.Session, java.lang.String, java.lang.String[])
*/
public void deleteAces(Session jcrSession, String resourcePath, String[] principalNamesToDelete) throws RepositoryException {
if (principalNamesToDelete == null) {
throw new RepositoryException("principalIds were not sumitted.");
} else {
if (jcrSession == null) {
throw new RepositoryException("JCR Session not found");
}
if (resourcePath == null) {
throw new ResourceNotFoundException("Resource path was not supplied.");
}
Item item = jcrSession.getItem(resourcePath);
if (item != null) {
resourcePath = item.getPath();
} else {
throw new ResourceNotFoundException("Resource is not a JCR Node");
}
//load the principalIds array into a set for quick lookup below
Set<String> pidSet = new HashSet<String>();
pidSet.addAll(Arrays.asList(principalNamesToDelete));
try {
AccessControlManager accessControlManager = AccessControlUtil.getAccessControlManager(jcrSession);
AccessControlList updatedAcl = getAccessControlList(accessControlManager, resourcePath, false);
//keep track of the existing Aces for the target principal
AccessControlEntry[] accessControlEntries = updatedAcl.getAccessControlEntries();
List<AccessControlEntry> oldAces = new ArrayList<AccessControlEntry>();
for (AccessControlEntry ace : accessControlEntries) {
if (pidSet.contains(ace.getPrincipal().getName())) {
oldAces.add(ace);
}
}
//remove the old aces
if (!oldAces.isEmpty()) {
for (AccessControlEntry ace : oldAces) {
updatedAcl.removeAccessControlEntry(ace);
}
}
//apply the changed policy
accessControlManager.setPolicy(resourcePath, updatedAcl);
} catch (RepositoryException re) {
throw new RepositoryException("Failed to delete access control.", re);
}
}
}
use of javax.jcr.Item in project sling by apache.
the class ModifyAceServlet method modifyAce.
/* (non-Javadoc)
* @see org.apache.sling.jcr.jackrabbit.accessmanager.ModifyAce#modifyAce(javax.jcr.Session, java.lang.String, java.lang.String, java.util.Map, java.lang.String)
*/
public void modifyAce(Session jcrSession, String resourcePath, String principalId, Map<String, String> privileges, String order) throws RepositoryException {
if (jcrSession == null) {
throw new RepositoryException("JCR Session not found");
}
if (principalId == null) {
throw new RepositoryException("principalId was not submitted.");
}
PrincipalManager principalManager = AccessControlUtil.getPrincipalManager(jcrSession);
Principal principal = principalManager.getPrincipal(principalId);
if (resourcePath == null) {
throw new ResourceNotFoundException("Resource path was not supplied.");
}
Item item = jcrSession.getItem(resourcePath);
if (item != null) {
resourcePath = item.getPath();
} else {
throw new ResourceNotFoundException("Resource is not a JCR Node");
}
// Collect the modified privileges from the request.
Set<String> grantedPrivilegeNames = new HashSet<String>();
Set<String> deniedPrivilegeNames = new HashSet<String>();
Set<String> removedPrivilegeNames = new HashSet<String>();
Set<Entry<String, String>> entrySet = privileges.entrySet();
for (Entry<String, String> entry : entrySet) {
String privilegeName = entry.getKey();
if (privilegeName.startsWith("privilege@")) {
privilegeName = privilegeName.substring(10);
}
String parameterValue = entry.getValue();
if (parameterValue != null && parameterValue.length() > 0) {
if ("granted".equals(parameterValue)) {
grantedPrivilegeNames.add(privilegeName);
} else if ("denied".equals(parameterValue)) {
deniedPrivilegeNames.add(privilegeName);
} else if ("none".equals(parameterValue)) {
removedPrivilegeNames.add(privilegeName);
}
}
}
// Make the actual changes.
try {
AccessControlUtil.replaceAccessControlEntry(jcrSession, resourcePath, principal, grantedPrivilegeNames.toArray(new String[grantedPrivilegeNames.size()]), deniedPrivilegeNames.toArray(new String[deniedPrivilegeNames.size()]), removedPrivilegeNames.toArray(new String[removedPrivilegeNames.size()]), order);
if (jcrSession.hasPendingChanges()) {
jcrSession.save();
}
} catch (RepositoryException re) {
throw new RepositoryException("Failed to create ace.", re);
}
}
use of javax.jcr.Item in project sling by apache.
the class AbstractGetAclServlet method internalGetAcl.
@SuppressWarnings("unchecked")
protected JsonObject internalGetAcl(Session jcrSession, String resourcePath) throws RepositoryException {
if (jcrSession == null) {
throw new RepositoryException("JCR Session not found");
}
Item item = jcrSession.getItem(resourcePath);
if (item != null) {
resourcePath = item.getPath();
} else {
throw new ResourceNotFoundException("Resource is not a JCR Node");
}
// Calculate a map of privileges to all the aggregate privileges it is contained in.
// Use for fast lookup during the mergePrivilegeSets calls below.
AccessControlManager accessControlManager = AccessControlUtil.getAccessControlManager(jcrSession);
Map<Privilege, Set<Privilege>> privilegeToAncestorMap = new HashMap<Privilege, Set<Privilege>>();
Privilege[] supportedPrivileges = accessControlManager.getSupportedPrivileges(item.getPath());
for (Privilege privilege : supportedPrivileges) {
if (privilege.isAggregate()) {
Privilege[] ap = privilege.getAggregatePrivileges();
for (Privilege privilege2 : ap) {
Set<Privilege> set = privilegeToAncestorMap.get(privilege2);
if (set == null) {
set = new HashSet<Privilege>();
privilegeToAncestorMap.put(privilege2, set);
}
set.add(privilege);
}
}
}
AccessControlEntry[] declaredAccessControlEntries = getAccessControlEntries(jcrSession, resourcePath);
Map<String, Map<String, Object>> aclMap = new LinkedHashMap<String, Map<String, Object>>();
int sequence = 0;
for (AccessControlEntry ace : declaredAccessControlEntries) {
Principal principal = ace.getPrincipal();
Map<String, Object> map = aclMap.get(principal.getName());
if (map == null) {
map = new LinkedHashMap<String, Object>();
aclMap.put(principal.getName(), map);
map.put("order", sequence++);
}
}
//evaluate these in reverse order so the most entries with highest specificity are last
for (int i = declaredAccessControlEntries.length - 1; i >= 0; i--) {
AccessControlEntry ace = declaredAccessControlEntries[i];
Principal principal = ace.getPrincipal();
Map<String, Object> map = aclMap.get(principal.getName());
Set<Privilege> grantedSet = (Set<Privilege>) map.get("granted");
if (grantedSet == null) {
grantedSet = new LinkedHashSet<Privilege>();
map.put("granted", grantedSet);
}
Set<Privilege> deniedSet = (Set<Privilege>) map.get("denied");
if (deniedSet == null) {
deniedSet = new LinkedHashSet<Privilege>();
map.put("denied", deniedSet);
}
boolean allow = AccessControlUtil.isAllow(ace);
if (allow) {
Privilege[] privileges = ace.getPrivileges();
for (Privilege privilege : privileges) {
mergePrivilegeSets(privilege, privilegeToAncestorMap, grantedSet, deniedSet);
}
} else {
Privilege[] privileges = ace.getPrivileges();
for (Privilege privilege : privileges) {
mergePrivilegeSets(privilege, privilegeToAncestorMap, deniedSet, grantedSet);
}
}
}
List<JsonObject> aclList = new ArrayList<>();
Set<Entry<String, Map<String, Object>>> entrySet = aclMap.entrySet();
for (Entry<String, Map<String, Object>> entry : entrySet) {
String principalName = entry.getKey();
Map<String, Object> value = entry.getValue();
JsonObjectBuilder aceObject = Json.createObjectBuilder();
aceObject.add("principal", principalName);
Set<Privilege> grantedSet = (Set<Privilege>) value.get("granted");
if (grantedSet != null && !grantedSet.isEmpty()) {
JsonArrayBuilder arrayBuilder = Json.createArrayBuilder();
for (Privilege v : grantedSet) {
arrayBuilder.add(v.getName());
}
aceObject.add("granted", arrayBuilder);
}
Set<Privilege> deniedSet = (Set<Privilege>) value.get("denied");
if (deniedSet != null && !deniedSet.isEmpty()) {
JsonArrayBuilder arrayBuilder = Json.createArrayBuilder();
for (Privilege v : deniedSet) {
arrayBuilder.add(v.getName());
}
aceObject.add("denied", arrayBuilder);
}
aceObject.add("order", (Integer) value.get("order"));
aclList.add(aceObject.build());
}
JsonObjectBuilder jsonAclMap = Json.createObjectBuilder();
for (Map.Entry<String, Map<String, Object>> entry : aclMap.entrySet()) {
JsonObjectBuilder builder = Json.createObjectBuilder();
for (Map.Entry<String, Object> inner : entry.getValue().entrySet()) {
addTo(builder, inner.getKey(), inner.getValue());
}
jsonAclMap.add(entry.getKey(), builder);
}
for (JsonObject jsonObj : aclList) {
jsonAclMap.add(jsonObj.getString("principal"), jsonObj);
}
return jsonAclMap.build();
}
use of javax.jcr.Item in project sling by apache.
the class JcrNodeResource method getInputStream.
/**
* Returns a stream to the <em>jcr:data</em> property if the
* {@link #getNode() node} is an <em>nt:file</em> or <em>nt:resource</em>
* node. Otherwise returns <code>null</code>.
*/
private InputStream getInputStream() {
// implement this for nt:file only
final Node node = getNode();
if (node != null) {
try {
// find the content node: for nt:file it is jcr:content
// otherwise it is the node of this resource
Node content = node.isNodeType(NT_FILE) ? node.getNode(JCR_CONTENT) : node.isNodeType(NT_LINKEDFILE) ? node.getProperty(JCR_CONTENT).getNode() : node;
Property data;
// if the node has a jcr:data property, use that property
if (content.hasProperty(JCR_DATA)) {
data = content.getProperty(JCR_DATA);
} else {
// otherwise try to follow default item trail
try {
Item item = content.getPrimaryItem();
while (item.isNode()) {
item = ((Node) item).getPrimaryItem();
}
data = (Property) item;
} catch (ItemNotFoundException infe) {
// we don't actually care, but log for completeness
LOGGER.debug("getInputStream: No primary items for {}", toString(), infe);
data = null;
}
}
if (data != null) {
return data.getBinary().getStream();
}
} catch (RepositoryException re) {
LOGGER.error("getInputStream: Cannot get InputStream for " + this, re);
}
}
// fallback to non-streamable resource
return null;
}
Aggregations