Example 81 with NodeImpl
use of org.apache.jackrabbit.core.NodeImpl in project pentaho-platform by pentaho.
the class PentahoCompiledPermissionsImpl method buildResult.
// ------------------------------------< AbstractCompiledPermissions >---
/**
* @see AbstractCompiledPermissions#buildResult(org.apache.jackrabbit.spi.Path)
*/
@Override
protected Result buildResult(Path absPath) throws RepositoryException {
boolean existingNode = false;
NodeImpl node;
ItemManager itemMgr = session.getItemManager();
try {
node = itemMgr.getNode(absPath);
existingNode = true;
} catch (RepositoryException e) {
// path points to a non-persisted item.
// -> find the nearest persisted node starting from the root.
Path.Element[] elems = absPath.getElements();
NodeImpl parent = (NodeImpl) session.getRootNode();
for (int i = 1; i < elems.length - 1; i++) {
Name name = elems[i].getName();
int index = elems[i].getIndex();
if (!parent.hasNode(name, index)) {
// last persisted node reached
break;
}
parent = parent.getNode(name, index);
}
node = parent;
}
if (node == null) {
// should never get here
throw new ItemNotFoundException("Item out of hierarchy.");
}
boolean isAcItem = util.isAcItem(absPath);
return buildResult(node, existingNode, isAcItem, new PentahoEntryFilterImpl(principalNames, absPath, session));
}
Also used :
Path(org.apache.jackrabbit.spi.Path)
NodeImpl(org.apache.jackrabbit.core.NodeImpl)
ItemManager(org.apache.jackrabbit.core.ItemManager)
RepositoryException(javax.jcr.RepositoryException)
Name(org.apache.jackrabbit.spi.Name)
ItemNotFoundException(javax.jcr.ItemNotFoundException)
Example 82 with NodeImpl
use of org.apache.jackrabbit.core.NodeImpl in project pentaho-platform by pentaho.
the class PentahoCompiledPermissionsImpl method isEntriesInheriting.
/**
* Returns stored entriesInheriting flag for given node
*/
private boolean isEntriesInheriting(final NodeImpl node) throws RepositoryException {
NodeImpl aclNode = node.getNode(AccessControlConstants.N_POLICY);
String path = aclNode != null ? aclNode.getParent().getPath() : null;
return JcrRepositoryFileAclUtils.getAclMetadata(session, node.getPath(), new ACLTemplate(aclNode, path, false)).isEntriesInheriting();
}
Also used :
NodeImpl(org.apache.jackrabbit.core.NodeImpl)
Example 83 with NodeImpl
use of org.apache.jackrabbit.core.NodeImpl in project pentaho-platform by pentaho.
the class PentahoEntry method readEntries.
static List<PentahoEntry> readEntries(NodeImpl aclNode, String path) throws RepositoryException {
if (aclNode == null || !NT_REP_ACL.equals(aclNode.getPrimaryNodeTypeName())) {
throw new IllegalArgumentException("Node must be of type 'rep:ACL'");
}
SessionImpl sImpl = (SessionImpl) aclNode.getSession();
PrincipalManager principalMgr = sImpl.getPrincipalManager();
PrivilegeManagerImpl privilegeMgr = (PrivilegeManagerImpl) ((JackrabbitWorkspace) sImpl.getWorkspace()).getPrivilegeManager();
NodeId nodeId = aclNode.getParentId();
List<PentahoEntry> entries = new ArrayList<PentahoEntry>();
// load the entries:
NodeIterator itr = aclNode.getNodes();
while (itr.hasNext()) {
NodeImpl aceNode = (NodeImpl) itr.nextNode();
try {
String principalName = aceNode.getProperty(P_PRINCIPAL_NAME).getString();
boolean isGroupEntry = false;
Principal princ = principalMgr.getPrincipal(principalName);
if (princ != null) {
isGroupEntry = (princ instanceof Group);
}
InternalValue[] privValues = aceNode.getProperty(P_PRIVILEGES).internalGetValues();
Name[] privNames = new Name[privValues.length];
for (int i = 0; i < privValues.length; i++) {
privNames[i] = privValues[i].getName();
}
Value globValue = null;
if (aceNode.hasProperty(P_GLOB)) {
globValue = aceNode.getProperty(P_GLOB).getValue();
}
boolean isAllow = NT_REP_GRANT_ACE.equals(aceNode.getPrimaryNodeTypeName());
PentahoEntry ace = new PentahoEntry(nodeId, principalName, isGroupEntry, privilegeMgr.getBits(privNames), isAllow, path, globValue);
entries.add(ace);
} catch (RepositoryException e) {
log.debug("Failed to build ACE from content. {}", e.getMessage());
}
}
return entries;
}
Also used :
PrincipalManager(org.apache.jackrabbit.api.security.principal.PrincipalManager)
NodeIterator(javax.jcr.NodeIterator)
Group(java.security.acl.Group)
NodeImpl(org.apache.jackrabbit.core.NodeImpl)
ArrayList(java.util.ArrayList)
RepositoryException(javax.jcr.RepositoryException)
InternalValue(org.apache.jackrabbit.core.value.InternalValue)
Name(org.apache.jackrabbit.spi.Name)
NodeId(org.apache.jackrabbit.core.id.NodeId)
InternalValue(org.apache.jackrabbit.core.value.InternalValue)
Value(javax.jcr.Value)
SessionImpl(org.apache.jackrabbit.core.SessionImpl)
Principal(java.security.Principal)
PrivilegeManagerImpl(org.apache.jackrabbit.core.security.authorization.PrivilegeManagerImpl)
Example 84 with NodeImpl
use of org.apache.jackrabbit.core.NodeImpl in project pentaho-platform by pentaho.
the class PentahoEntryCollector method findNonInheritingNode.
/**
* Find the ancestor (maybe the node itself) that is not inheriting ACEs.
*/
protected NodeImpl findNonInheritingNode(final NodeImpl node) throws RepositoryException {
NodeImpl currentNode = node;
ACLTemplate acl;
while (true) {
currentNode = findAccessControlledNode(currentNode);
NodeImpl aclNode = currentNode.getNode(N_POLICY);
String path = aclNode != null ? aclNode.getParent().getPath() : null;
acl = new ACLTemplate(aclNode, path, false);
// skip all nodes that are inheriting
AclMetadata aclMetadata = JcrRepositoryFileAclUtils.getAclMetadata(systemSession, currentNode.getPath(), acl);
if (aclMetadata != null && aclMetadata.isEntriesInheriting()) {
currentNode = (NodeImpl) currentNode.getParent();
continue;
}
break;
}
return currentNode;
}
Also used :
NodeImpl(org.apache.jackrabbit.core.NodeImpl)
AclMetadata(org.pentaho.platform.repository2.unified.jcr.IAclMetadataStrategy.AclMetadata)
Example 85 with NodeImpl
use of org.apache.jackrabbit.core.NodeImpl in project pentaho-platform by pentaho.
the class PentahoEntryCollector method getEntries.
/**
* Returns an {@code Entries} for the given node. This is where most of the customization lives.
*/
@Override
protected PentahoEntries getEntries(final NodeImpl node) throws RepositoryException {
// find nearest node with an ACL that is not inheriting ACEs
NodeImpl currentNode = node;
ACLTemplate acl;
// if we do hit the root, then you get jcr:read for everyone which is acceptable
if (currentNode.getPath().startsWith("/jcr:system/jcr:versionStorage")) {
// $NON-NLS-1$
currentNode = getVersionable(currentNode);
}
// find first access-controlled node
currentNode = findAccessControlledNode(currentNode);
acl = new ACLTemplate(currentNode.getNode(N_POLICY), currentNode.getPath(), false);
// owner comes from the first access-controlled node
String owner = null;
AclMetadata aclMetadata = JcrRepositoryFileAclUtils.getAclMetadata(systemSession, currentNode.getPath(), acl);
if (aclMetadata != null) {
owner = aclMetadata.getOwner();
}
// find the ACL
NodeImpl firstAccessControlledNode = currentNode;
currentNode = findNonInheritingNode(currentNode);
acl = new ACLTemplate(currentNode.getNode(N_POLICY), currentNode.getPath(), false);
// permissions. This needs to transform to become addChild removeChild
if (!currentNode.isSame(node)) {
Privilege removeNodePrivilege = systemSession.getAccessControlManager().privilegeFromName(Privilege.JCR_REMOVE_NODE);
Privilege removeChildNodesPrivilege = systemSession.getAccessControlManager().privilegeFromName(Privilege.JCR_REMOVE_CHILD_NODES);
for (AccessControlEntry entry : acl.getEntries()) {
Privilege[] expandedPrivileges = JcrRepositoryFileAclUtils.expandPrivileges(entry.getPrivileges(), false);
if (ArrayUtils.contains(expandedPrivileges, removeChildNodesPrivilege) && !ArrayUtils.contains(expandedPrivileges, removeNodePrivilege)) {
if (!acl.addAccessControlEntry(entry.getPrincipal(), new Privilege[] { removeNodePrivilege })) {
// two
throw new RuntimeException();
}
break;
}
}
}
// find first ancestor that is not inheriting; its ACEs will be used if the ACL is not inheriting
ACLTemplate ancestorAcl = null;
if (firstAccessControlledNode.isSame(currentNode) && !rootID.equals(currentNode.getNodeId())) {
NodeImpl ancestorNode = findNonInheritingNode((NodeImpl) currentNode.getParent());
ancestorAcl = new ACLTemplate(ancestorNode.getNode(N_POLICY), ancestorNode.getPath(), false);
}
return new PentahoEntries(getAcesIncludingMagicAces(currentNode.getPath(), owner, ancestorAcl, acl), null);
}
Also used :
NodeImpl(org.apache.jackrabbit.core.NodeImpl)
AclMetadata(org.pentaho.platform.repository2.unified.jcr.IAclMetadataStrategy.AclMetadata)
AccessControlEntry(javax.jcr.security.AccessControlEntry)
Privilege(javax.jcr.security.Privilege)
Aggregations
NodeImpl (org.apache.jackrabbit.core.NodeImpl)161
RepositoryException (javax.jcr.RepositoryException)34
Authorizable (org.apache.jackrabbit.api.security.user.Authorizable)29
NodeId (org.apache.jackrabbit.core.id.NodeId)25
AccessControlPolicy (javax.jcr.security.AccessControlPolicy)18
ArrayList (java.util.ArrayList)17
Value (javax.jcr.Value)16
Name (org.apache.jackrabbit.spi.Name)16
AccessControlEntry (javax.jcr.security.AccessControlEntry)15
ConstraintViolationException (javax.jcr.nodetype.ConstraintViolationException)13
AccessControlManager (javax.jcr.security.AccessControlManager)13
ByteArrayInputStream (java.io.ByteArrayInputStream)12
InputStream (java.io.InputStream)12
NodeIterator (javax.jcr.NodeIterator)12
JackrabbitAccessControlManager (org.apache.jackrabbit.api.security.JackrabbitAccessControlManager)11
NotExecutableException (org.apache.jackrabbit.test.NotExecutableException)11
Principal (java.security.Principal)10
Node (javax.jcr.Node)10
ParsingContentHandler (org.apache.jackrabbit.commons.xml.ParsingContentHandler)10
JackrabbitAccessControlList (org.apache.jackrabbit.api.security.JackrabbitAccessControlList)9
