Examples with AccessManager - org.apache.jackrabbit.oak.jcr.security.AccessManager

Example 1 with AccessManager

use of org.apache.jackrabbit.oak.jcr.security.AccessManager in project jackrabbit-oak by apache.

the class SessionImpl method hasCapability.

@Override
public boolean hasCapability(String methodName, Object target, Object[] arguments) throws RepositoryException {
    checkNotNull(methodName);
    checkNotNull(target);
    checkAlive();
    if (target instanceof ItemImpl) {
        ItemDelegate dlg = ((ItemImpl<?>) target).dlg;
        if (dlg.isProtected()) {
            return false;
        }
        boolean isNode = ((ItemImpl<?>) target).isNode();
        Node parent = (isNode) ? (Node) target : ((ItemImpl<?>) target).getParent();
        if (!parent.isCheckedOut()) {
            return false;
        }
        if (parent.isLocked()) {
            return false;
        }
        AccessManager accessMgr = sessionContext.getAccessManager();
        long permission = Permissions.NO_PERMISSION;
        if (isNode) {
            Tree tree = ((NodeDelegate) dlg).getTree();
            if ("addNode".equals(methodName)) {
                if (arguments != null && arguments.length > 0) {
                    // add-node needs to be checked on the (path of) the
                    // new node that has/will be added
                    String path = PathUtils.concat(tree.getPath(), sessionContext.getOakName(arguments[0].toString()));
                    return accessMgr.hasPermissions(path, Session.ACTION_ADD_NODE) && !isMountedReadOnly(path);
                }
            } else if ("setPrimaryType".equals(methodName) || "addMixin".equals(methodName) || "removeMixin".equals(methodName)) {
                permission = Permissions.NODE_TYPE_MANAGEMENT;
            } else if ("orderBefore".equals(methodName)) {
                if (tree.isRoot()) {
                    return false;
                } else {
                    permission = Permissions.MODIFY_CHILD_NODE_COLLECTION;
                    tree = tree.getParent();
                }
            } else if ("setProperty".equals(methodName)) {
                permission = Permissions.ADD_PROPERTY;
            } else if ("remove".equals(methodName)) {
                permission = Permissions.REMOVE_NODE;
            }
            return accessMgr.hasPermissions(tree, null, permission) && !isMountedReadOnly(tree.getPath());
        } else {
            if ("setValue".equals(methodName)) {
                permission = Permissions.MODIFY_PROPERTY;
            } else if ("remove".equals(methodName)) {
                permission = Permissions.REMOVE_PROPERTY;
            }
            NodeDelegate parentDelegate = dlg.getParent();
            if (parentDelegate != null) {
                return accessMgr.hasPermissions(parentDelegate.getTree(), ((PropertyDelegate) dlg).getPropertyState(), permission) && !isMountedReadOnly(parentDelegate.getPath());
            } else {
                return accessMgr.hasPermissions(dlg.getPath(), (permission == Permissions.MODIFY_PROPERTY) ? Session.ACTION_SET_PROPERTY : Session.ACTION_REMOVE) && !isMountedReadOnly(dlg.getPath());
            }
        }
    }
    // TODO: add more best-effort checks
    return true;
}

Also used : AccessManager(org.apache.jackrabbit.oak.jcr.security.AccessManager) Node(javax.jcr.Node) Tree(org.apache.jackrabbit.oak.api.Tree) NodeDelegate(org.apache.jackrabbit.oak.jcr.delegate.NodeDelegate) ItemDelegate(org.apache.jackrabbit.oak.jcr.delegate.ItemDelegate) PropertyDelegate(org.apache.jackrabbit.oak.jcr.delegate.PropertyDelegate)

Example 2 with AccessManager

use of org.apache.jackrabbit.oak.jcr.security.AccessManager in project jackrabbit-oak by apache.

the class WorkspaceDelegate method copy.

/**
 * Copy a node
 * @param srcPath  oak path to the source node to copy
 * @param destPath  oak path to the destination
 * @throws RepositoryException
 */
public void copy(String srcPath, String destPath) throws RepositoryException {
    SessionDelegate sessionDelegate = context.getSessionDelegate();
    AccessManager accessManager = context.getAccessManager();
    Root root = sessionDelegate.getContentSession().getLatestRoot();
    // check destination
    Tree dest = root.getTree(destPath);
    if (dest.exists()) {
        throw new ItemExistsException(destPath);
    }
    // check parent of destination
    Tree destParent = dest.getParent();
    if (!destParent.exists()) {
        throw new PathNotFoundException(destParent.getPath());
    }
    // check source exists
    Tree src = root.getTree(srcPath);
    if (src.isRoot()) {
        throw new RepositoryException("Cannot copy the root node");
    }
    if (!src.exists()) {
        throw new PathNotFoundException(srcPath);
    }
    accessManager.checkPermissions(destPath, Permissions.getString(Permissions.NODE_TYPE_MANAGEMENT));
    String userId = sessionDelegate.getAuthInfo().getUserID();
    new WorkspaceCopy(src, destParent, Text.getName(destPath)).perform(root, userId);
    sessionDelegate.refresh(true);
}

Also used : AccessManager(org.apache.jackrabbit.oak.jcr.security.AccessManager) Root(org.apache.jackrabbit.oak.api.Root) ItemExistsException(javax.jcr.ItemExistsException) Tree(org.apache.jackrabbit.oak.api.Tree) RepositoryException(javax.jcr.RepositoryException) PathNotFoundException(javax.jcr.PathNotFoundException)

Aggregations

Tree (org.apache.jackrabbit.oak.api.Tree)2 AccessManager (org.apache.jackrabbit.oak.jcr.security.AccessManager)2 ItemExistsException (javax.jcr.ItemExistsException)1 Node (javax.jcr.Node)1 PathNotFoundException (javax.jcr.PathNotFoundException)1 RepositoryException (javax.jcr.RepositoryException)1 Root (org.apache.jackrabbit.oak.api.Root)1 ItemDelegate (org.apache.jackrabbit.oak.jcr.delegate.ItemDelegate)1 NodeDelegate (org.apache.jackrabbit.oak.jcr.delegate.NodeDelegate)1 PropertyDelegate (org.apache.jackrabbit.oak.jcr.delegate.PropertyDelegate)1