Author: tdraier
Date: Fri Jul 13 18:47:42 2007
New Revision: 18006
URL: https://svndev.jahia.net/websvn/listing.php?sc=3D1&rev=3D18006&repname=
=3Djahia
Log:
maps ManageRights engine on jcr ACLs (only read/write now)
Modified:
trunk/core/src/java/org/jahia/engines/filemanager/DAVFilemanager_Engine=
.java
trunk/core/src/java/org/jahia/services/content/JahiaAccessManager.java
trunk/core/src/java/org/jahia/services/webdav/DAVFileAccess.java
Modified: trunk/core/src/java/org/jahia/engines/filemanager/DAVFilemanager_=
Engine.java
URL: https://svndev.jahia.net/websvn/diff.php?path=3D/trunk/core/src/java/o=
rg/jahia/engines/filemanager/DAVFilemanager_Engine.java&rev=3D18006&repname=
=3Djahia
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D
--- trunk/core/src/java/org/jahia/engines/filemanager/DAVFilemanager_Engine=
.java (original)
+++ trunk/core/src/java/org/jahia/engines/filemanager/DAVFilemanager_Engine=
.java Fri Jul 13 18:47:42 2007
@@ -1262,70 +1262,12 @@
engineMap.put("hasNegativePermissions", Boolean.TRUE);
engineMap.put("actionNames", JahiaAbstractACL.getActionNames());
=
- final Map readPerms =3D dav.getPermissions(DAVFileAccess.READ);
- final Map writePerms =3D dav.getPermissions(DAVFileAccess.WRITE);
- final Map adminPerms =3D dav.getPermissions(DAVFileAccess.MANAGE);
-
- final Set allUsers =3D new HashSet();
- allUsers.addAll(readPerms.keySet());
- allUsers.addAll(writePerms.keySet());
- allUsers.addAll(adminPerms.keySet());
-
- final HashMap aclEntries =3D new HashMap();
- for (final Iterator iterator =3D allUsers.iterator(); iterator.has=
Next();) {
- String s =3D (String) iterator.next();
-
- int permissions =3D 0;
- permissions |=3D getPermissionsAsInt(
- s, JahiaBaseACL.READ_RIGHTS, readPerms);
- permissions |=3D getPermissionsAsInt(
- s, JahiaBaseACL.WRITE_RIGHTS, writePerms);
- permissions |=3D getPermissionsAsInt(
- s, JahiaBaseACL.ADMIN_RIGHTS, adminPerms);
-
- if (s.equals("nobody") || s.equals("all")) {
- s =3D "+/groups/" + JahiaGroupManagerService.GUEST_GROUPNA=
ME + "/members";
- } else if (s.equals("root")) {
- s =3D "+/groups/" + JahiaGroupManagerService.ADMINISTRATOR=
S_GROUPNAME +
- "/members";
- } else if (s.equals("user") || s.equals("authenticated")) {
- s =3D "+/groups/" + JahiaGroupManagerService.USERS_GROUPNA=
ME + "/members";
- } else if (s.equals("guest") || s.equals("unauthenticated")) {
- s =3D "/users/" + JahiaUserManagerService.GUEST_USERNAME +=
"/members";
- }
- if (s.startsWith("+/groups/")) {
- JahiaGroup group =3D ServicesRegistry.getInstance().getJah=
iaGroupManagerService()
- .lookupGroup(jParams.getSiteID(), s.substring(9, s=
.lastIndexOf('/')));
- if (group =3D=3D null) {
- continue;
- }
- aclEntries.put(group, new Integer[]{new Integer(permission=
s)});
-
- } else if (s.startsWith("/users/")) {
- String name =3D s.substring(7);
- if (name.indexOf('/') > -1) {
- name =3D name.substring(0, name.indexOf('/'));
- }
- JahiaUser jahiaUser;
- try {
- jahiaUser =3D ServicesRegistry.getInstance().getJahiaS=
iteUserManagerService()
- .getMember(jParams.getSiteID(), name);
- } catch (JahiaException e) {
- continue;
- }
- aclEntries.put(jahiaUser, new Integer[]{new Integer(permis=
sions)});
-// aclEntries.add(JahiaTools.replacePattern(value, " ", "&n=
bsp;"));
-// aclEntries.add(JahiaTools.replacePattern(aclEntryStr, " =
",
-// " "));
- }
- }
- engineMap.put("aclEntries", aclEntries);
+ engineMap.put("aclEntries", dav.getJahiaAclEntries());
engineMap.put("noInheritanceCut", Boolean.TRUE);
engineMap.put("selectUsrGrp", SelectUG_Engine.getInstance().render=
Link(jParams, EMPTY_STRING));
engineMap.put("inheritance", new Integer(0));
engineMap.put("fieldForm", ServicesRegistry.getInstance().
getJahiaFetcherService().fetchServlet((ParamBean) jParams,=
RIGHTS_JSP));
-// engineMap.put()
return true;
}
=
@@ -1614,30 +1556,16 @@
usr_grp =3D ServicesRegistry.getInstance().getJahiaUse=
rManagerService().
lookupUser(
aclEntry.substring(keyIndex));
-// usr_grpName =3D ((JahiaUser)usr_grp).getUsername();
String username =3D ((JahiaUser) usr_grp).getUsername(=
);
-// if (JahiaUserManagerService.GUEST_USERNAME.equals(userna=
me)) {
-// subject =3D "guest";
-// } else {
- subject =3D "/users/" + username;
-// }
+ subject =3D "u:" + username;
break;
case 'g':
usr_grp =3D ServicesRegistry.getInstance()
.getJahiaGroupManagerService().
lookupGroup(
aclEntry.substring(keyIndex));
-// usr_grpName =3D ((JahiaGroup)usr_grp).getGroupname();
String groupname =3D ((JahiaGroup) usr_grp).getGroupna=
me();
-// if (JahiaGroupManagerService.GUEST_GROUPNAME.equals(grou=
pname)) {
-// subject =3D "nobody";
-// } else if (JahiaGroupManagerService.ADMINISTRATORS_GROUP=
NAME.equals(groupname)) {
-// subject =3D "root";
-// } else if (JahiaGroupManagerService.USERS_GROUPNAME.equa=
ls(groupname)) {
-// subject =3D "user";
-// } else {
- subject =3D "+/groups/" + groupname + "/members";
-// }
+ subject =3D "g:" + groupname;
break;
default:
logger.error("Unknown principal type");
@@ -1716,22 +1644,23 @@
private List areWeGoingtoGenerateA403(final List usageEntries,
final String subject,
final ProcessingContext jParams)=
throws JahiaException {
-
- final boolean groupSubject =3D subject.startsWith("+/groups/");
- final String entryName;
- if (groupSubject) {
- entryName =3D subject.substring(9, subject.lastIndexOf('/')) +=
":" + jParams.getSiteID();
-
- } else {
- String name =3D subject.substring(7);
- if (name.indexOf('/') > -1) {
- name =3D name.substring(0, name.indexOf('/'));
+ final Vector result =3D new Vector(usageEntries.size());
+ Principal pr =3D null;
+ try {
+ if (subject.startsWith("u:")) {
+ pr =3D ServicesRegistry.getInstance().getJahiaSiteUserMana=
gerService().getMember(jParams.getSiteID(), subject.substring(2));
+ } else {
+ pr =3D ServicesRegistry.getInstance().getJahiaGroupManager=
Service().lookupGroup(jParams.getSiteID(), subject.substring(2));
+ }
+ if (pr =3D=3D null) {
+ return result;
}
- entryName =3D name + ":" + jParams.getSiteID();
+ } catch (JahiaException e) {
+ e.printStackTrace();
+ return result;
}
- logger.debug("entryName: " + entryName);
+ String entryName =3D pr.getName();
=
- final Vector result =3D new Vector(usageEntries.size());
// Define an ACLEntry for "Read" Rights
final JahiaAclEntry aclEntry =3D new JahiaAclEntry();
aclEntry.setPermission(JahiaBaseACL.READ_RIGHTS, JahiaAclEntry.ACL=
_YES);
@@ -1755,21 +1684,6 @@
return result;
}
=
- private int getPermissionsAsInt(String subject, int c, Map perms) {
- if (perms.containsKey(subject)) {
- c =3D 1 << c;
- int state =3D ((Integer) perms.get(subject)).intValue();
- if ((state & DAVFileAccess.GRANTED) =3D=3D DAVFileAccess.GRANT=
ED)
- if ((state & DAVFileAccess.INHERITED) =3D=3D DAVFileAccess=
.INHERITED)
- return c + JahiaBaseACL.RIGHTS_INHERITANCE_FLAG;
- else
- return c;
- else if ((state & DAVFileAccess.INHERITED) =3D=3D DAVFileAcces=
s.INHERITED)
- return JahiaBaseACL.RIGHTS_INHERITANCE_FLAG;
- }
- return 0;
- }
-
private String decodeStrangeBrowserEncoding(final String name) {
final int index =3D name.lastIndexOf(File.separator);
final String fileName;
Modified: trunk/core/src/java/org/jahia/services/content/JahiaAccessManager=
.java
URL: https://svndev.jahia.net/websvn/diff.php?path=3D/trunk/core/src/java/o=
rg/jahia/services/content/JahiaAccessManager.java&rev=3D18006&repname=3Djah=
ia
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D
--- trunk/core/src/java/org/jahia/services/content/JahiaAccessManager.java =
(original)
+++ trunk/core/src/java/org/jahia/services/content/JahiaAccessManager.java =
Fri Jul 13 18:47:42 2007
@@ -18,7 +18,7 @@
=
import javax.jcr.*;
import javax.security.auth.Subject;
-import java.util.Set;
+import java.util.*;
=
/**
* Created by IntelliJ IDEA.
@@ -79,7 +79,7 @@
}
=
public void close() throws Exception {
- } =
+ }
=
public void checkPermission(ItemId id, int permissions) throws AccessD=
eniedException, ItemNotFoundException, RepositoryException {
if (!isGranted(id,permissions)) {
@@ -96,22 +96,10 @@
NamespaceResolver nr =3D new SessionNamespaceResolver(s);
=
try {
- Path path =3D null;
- try {
- path =3D hierMgr.getPath(id);
- } catch (ItemNotFoundException e) {
- if (!id.denotesNode()) {
- id =3D ((PropertyId)id).getParentId();
- try {
- path =3D hierMgr.getPath(id);
- } catch (ItemNotFoundException e1) {
- return false;
- }
- } else {
- return false;
- }
- }
+ Path path =3D getPath(id);
String jcrPath =3D PathFormat.format(path,nr);
+
+ // Always deny write access on system folders
if (s.itemExists(jcrPath)) {
Item i =3D s.getItem(jcrPath);
if (i.isNode() && permissions !=3D AccessManager.READ) {
@@ -123,6 +111,7 @@
}
}
=
+ // Administrators are always granted
JahiaGroup admingroup =3D ServicesRegistry.getInstance().getJa=
hiaGroupManagerService().lookupGroup(0, JahiaGroupManagerService.ADMINISTRA=
TORS_GROUPNAME);
if (admingroup !=3D null && admingroup.isMember(jahiaUser)) {
return true;
@@ -135,61 +124,14 @@
if (name.getNamespaceURI().equals("")) {
JahiaSite site =3D ServicesRegistry.getInstance().getJ=
ahiaSitesService().getSiteByKey(name.getLocalName());
siteid =3D site.getID();
-
+ // Site administrators are always granted
admingroup =3D ServicesRegistry.getInstance().getJahia=
GroupManagerService().lookupGroup(siteid, JahiaGroupManagerService.ADMINIST=
RATORS_GROUPNAME);
if (admingroup.isMember(jahiaUser)) {
return true;
}
-
- while (jcrPath.length() > 0) {
- if (s.itemExists(jcrPath)) {
- Item i =3D s.getItem(jcrPath);
- if (i.isNode()) {
- Node node =3D (Node) i;
- if (node.isNodeType("mix:accessControlled"=
)) {
- Node acp =3D node.getProperty("jcr:acc=
essControlPolicy").getNode();
- NodeIterator aces =3D acp.getNode("jcr=
:acl").getNodes("jcr:ace");
- while (aces.hasNext()) {
- Node ace =3D aces.nextNode();
- String type =3D ace.getProperty("j=
cr:aceType").getString();
- String principal =3D ace.getProper=
ty("jcr:principal").getString();
- Value[] privileges =3D ace.getProp=
erty("jcr:privileges").getValues();
-
- for (int j =3D 0; j < privileges.l=
ength; j++) {
- Value privilege =3D privileges=
[j];
- if (match(permissions, privile=
ge.getString())) {
- String userName =3D princi=
pal.substring(2);
- if (principal.charAt(0) =
=3D=3D 'u') {
- JahiaUser user =3D Ser=
vicesRegistry.getInstance().getJahiaUserManagerService().lookupUser(siteid,=
userName);
- if (user !=3D null) {
- if (jahiaUser !=3D=
null && user.getUserKey().equals(jahiaUser.getUserKey())) {
- return type.eq=
uals("GRANT");
- }
- }
- } else {
- JahiaGroup group =3D S=
ervicesRegistry.getInstance().getJahiaGroupManagerService().lookupGroup(sit=
eid, userName);
- if (group !=3D null) {
- if (group.getGroup=
name().equals(JahiaGroupManagerService.GUEST_GROUPNAME) || group.isMember(j=
ahiaUser)) {
- return type.eq=
uals("GRANT");
- }
- }
- }
-
- }
- }
- }
- break;
- }
- }
- if ("/".equals(jcrPath)) {
- break;
- } else if (jcrPath.lastIndexOf('/') > 0) {
- jcrPath =3D jcrPath.substring(0,jcrPath.la=
stIndexOf('/'));
- } else {
- jcrPath =3D "/";
- }
- }
- }
+ CheckCommand v =3D new CheckCommand(permissions, sitei=
d);
+ recurseonACPs(jcrPath, s, v);
+ return v.isResult();
}
}
=
@@ -200,20 +142,157 @@
return true;
}
=
+ public Map getPermissions(ItemId id) {
+ try {
+ Session s =3D JCRStoreService.getInstance().getRepository().lo=
gin(JahiaLoginModule.getSystemCredentials());
+ NamespaceResolver nr =3D new SessionNamespaceResolver(s);
+
+ Path path =3D getPath(id);
+ String jcrPath =3D PathFormat.format(path,nr);
+
+ ViewCommand vv =3D new ViewCommand();
+ recurseonACPs(jcrPath, s, vv);
+ return vv.getResults();
+ } catch (Exception e) {
+ e.printStackTrace(); //To change body of catch statement use =
File | Settings | File Templates.
+ }
+ return new HashMap();
+ }
+
+ private Path getPath(ItemId id) throws RepositoryException {
+ Path path =3D null;
+ try {
+ // Get the path of the node
+ path =3D hierMgr.getPath(id);
+ } catch (ItemNotFoundException e) {
+ // This might be a property, get the path of the parent node
+ if (!id.denotesNode()) {
+ id =3D ((PropertyId)id).getParentId();
+ try {
+ path =3D hierMgr.getPath(id);
+ } catch (ItemNotFoundException e1) {
+ }
+ }
+ }
+ return path;
+ }
+
+ private void recurseonACPs(String jcrPath, Session s, Command v) throw=
s RepositoryException {
+ while (jcrPath.length() > 0) {
+ if (s.itemExists(jcrPath)) {
+ Item i =3D s.getItem(jcrPath);
+ if (i.isNode()) {
+ Node node =3D (Node) i;
+ if (node.isNodeType("mix:accessControlled")) {
+ Node acp =3D node.getProperty("jcr:accessControlPo=
licy").getNode();
+ NodeIterator aces =3D acp.getNode("jcr:acl").getNo=
des("jcr:ace");
+ while (aces.hasNext()) {
+ Node ace =3D aces.nextNode();
+ String principal =3D ace.getProperty("jcr:prin=
cipal").getString();
+ String type =3D ace.getProperty("jcr:aceType")=
.getString();
+ Value[] privileges =3D ace.getProperty("jcr:pr=
ivileges").getValues();
+
+ if (v.execute(jcrPath, principal, type, privil=
eges)) return;
+ }
+ }
+ }
+ if ("/".equals(jcrPath)) {
+ return;
+ } else if (jcrPath.lastIndexOf('/') > 0) {
+ jcrPath =3D jcrPath.substring(0,jcrPath.lastIndexOf('/=
'));
+ } else {
+ jcrPath =3D "/";
+ }
+ }
+ }
+ }
+
public boolean match(int permission, String privilege) {
switch (permission) {
- case JahiaAccessManager.READ:
+ case AccessManager.READ:
return "jcr:read".equals(privilege) || "jcr:getAccessContr=
olPolicy".equals(privilege) ||
"jcr:all".equals(privilege) ;
- case JahiaAccessManager.WRITE:
+ case AccessManager.WRITE:
return "jcr:addChildNodes".equals(privilege) || "jcr:setPr=
operties".equals(privilege) ||
"jcr:setAccessControlPolicy".equals(privilege) || =
"jcr:write".equals(privilege) || "jcr:all".equals(privilege) ;
- case JahiaAccessManager.REMOVE:
+ case AccessManager.REMOVE:
return "jcr:removeChildNodes".equals(privilege) || "jcr:wr=
ite".equals(privilege) || "jcr:all".equals(privilege) ;
}
return false;
}
=
+ interface Command {
+ public boolean execute(String jcrPath, String principal, String ty=
pe, Value[] privileges) throws RepositoryException;
+ }
+
+ class CheckCommand implements Command {
+ private int permissions;
+ private int siteid;
+ private boolean result;
+
+ public CheckCommand(int permissions, int siteid) {
+ this.permissions =3D permissions;
+ this.siteid =3D siteid;
+ }
+
+ public boolean isResult() {
+ return result;
+ }
+
+ public boolean execute(String jcrPath, String principal, String ty=
pe, Value[] privileges) throws RepositoryException {
+ for (int j =3D 0; j < privileges.length; j++) {
+ Value privilege =3D privileges[j];
+ if (match(permissions, privilege.getString())) {
+ String userName =3D principal.substring(2);
+ if (principal.charAt(0) =3D=3D 'u') {
+ JahiaUser user =3D ServicesRegistry.getInstance().=
getJahiaUserManagerService().lookupUser(siteid, userName);
+ if (user !=3D null) {
+ if (jahiaUser !=3D null && user.getUserKey().e=
quals(jahiaUser.getUserKey())) {
+ result =3D type.equals("GRANT");
+ return true;
+ }
+ }
+ } else {
+ JahiaGroup group =3D ServicesRegistry.getInstance(=
).getJahiaGroupManagerService().lookupGroup(siteid, userName);
+ if (group !=3D null) {
+ if (group.getGroupname().equals(JahiaGroupMana=
gerService.GUEST_GROUPNAME) || group.isMember(jahiaUser)) {
+ result =3D type.equals("GRANT");
+ return true;
+ }
+ }
+ }
+
+ }
+ }
+ return false;
+ }
+
+ }
+
+ class ViewCommand implements Command {
+ private Map results =3D new HashMap();
+
+ public Map getResults() {
+ return results;
+ }
+
+ public boolean execute(String jcrPath, String principal, String ty=
pe, Value[] privileges) throws RepositoryException {
+ List p =3D (List) results.get(principal);
+
+ if (p =3D=3D null) {
+ p =3D new ArrayList();
+ results.put(principal, p);
+ for (int i =3D 0; i < privileges.length; i++) {
+ Value privilege =3D privileges[i];
+ p.add(new String[]{jcrPath, type, privilege.getString(=
)});
+ }
+ }
+
+ return false;
+ }
+ }
+
+
public boolean canAccess(String workspaceName) throws NoSuchWorkspaceE=
xception, RepositoryException {
return true;
}
Modified: trunk/core/src/java/org/jahia/services/webdav/DAVFileAccess.java
URL: https://svndev.jahia.net/websvn/diff.php?path=3D/trunk/core/src/java/o=
rg/jahia/services/webdav/DAVFileAccess.java&rev=3D18006&repname=3Djahia
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D
--- trunk/core/src/java/org/jahia/services/webdav/DAVFileAccess.java (origi=
nal)
+++ trunk/core/src/java/org/jahia/services/webdav/DAVFileAccess.java Fri Ju=
l 13 18:47:42 2007
@@ -44,14 +44,18 @@
import org.jahia.services.content.JCRStoreService;
import org.jahia.services.content.JahiaIOManager;
import org.jahia.services.content.Constants;
+import org.jahia.services.content.JahiaAccessManager;
+import org.jahia.services.acl.JahiaBaseACL;
import org.jahia.spring.aop.interceptor.SilentJamonPerformanceMonitorInter=
ceptor;
import org.jahia.urls.URI;
+import org.jahia.exceptions.JahiaException;
=
import javax.servlet.http.HttpServletRequest;
import javax.jcr.*;
import javax.jcr.lock.Lock;
import java.io.*;
import java.util.*;
+import java.security.Principal;
=
/**
* @author Thomas Draier
@@ -216,6 +220,50 @@
public void alignPermsWithField(JahiaField theField, Set users) {
}
=
+ public Map getJahiaAclEntries() {
+ Map aclEntries =3D new HashMap();
+
+ try {
+ String myPath =3D objectNode.getPath();
+
+ Map permissions =3D ((JahiaAccessManager) session.getAccessMan=
ager()).getPermissions(((NodeImpl)objectNode).getId());
+
+ for (Iterator iterator =3D permissions.keySet().iterator(); it=
erator.hasNext();) {
+ int p =3D 0;
+ String prString =3D (String) iterator.next();
+ Principal pr;
+ try {
+ if (prString.startsWith("u:")) {
+ pr =3D ServicesRegistry.getInstance().getJahiaSite=
UserManagerService().getMember(site.getID(), prString.substring(2));
+ } else {
+ pr =3D ServicesRegistry.getInstance().getJahiaGrou=
pManagerService().lookupGroup(site.getID(), prString.substring(2));
+ }
+ } catch (JahiaException e) {
+ e.printStackTrace();
+ continue;
+ }
+
+
+ List l =3D (List) permissions.get(prString);
+ for (Iterator iterator1 =3D l.iterator(); iterator1.hasNex=
t();) {
+ String[] s =3D (String[]) iterator1.next();
+ if (!s[0].equals(myPath)) p |=3D JahiaBaseACL.RIGHTS_I=
NHERITANCE_FLAG;
+ if (s[1].equals("GRANT")) {
+ if (s[2].equals("jcr:read")) {
+ p |=3D (1<<JahiaBaseACL.READ_RIGHTS);
+ } else if (s[2].equals("jcr:write")) {
+ p|=3D (1<<JahiaBaseACL.WRITE_RIGHTS);
+ }
+ }
+ }
+ aclEntries.put(pr, new Integer[]{new Integer(p)});
+ }
+ } catch (RepositoryException e) {
+ e.printStackTrace();
+ }
+ return aclEntries;
+ }
+
public Map getPermissions(String actionString) {
return new HashMap();
}
@@ -491,21 +539,90 @@
if (exception !=3D null) {
return false;
}
+ try {
+ List gr =3D new ArrayList();
+ List den =3D new ArrayList();
+ if (perm.charAt(0)=3D=3D'R') { gr.add("jcr:read"); } else { de=
n.add("jcr:read"); }
+ if (perm.charAt(1)=3D=3D'W') { gr.add("jcr:write"); } else { d=
en.add("jcr:write"); }
+
+ Node acl =3D getAcl();
+ NodeIterator ni =3D acl.getNodes();
+ Node aceg =3D null;
+ Node aced =3D null;
+ while (ni.hasNext()) {
+ Node ace =3D ni.nextNode();
+ if (ace.getProperty("jcr:principal").getString().equals(us=
er)) {
+ if (ace.getProperty("jcr:aceType").getString().equals(=
"GRANT")) {
+ aceg =3D ace;
+ } else {
+ aced =3D ace;
+ }
+ }
+ }
+ if (aceg =3D=3D null) {
+ aceg =3D acl.addNode("jcr:ace","nt:ace");
+ aceg.setProperty("jcr:principal",user);
+ aceg.setProperty("jcr:protected",false);
+ aceg.setProperty("jcr:aceType","GRANT");
+ }
+ if (aced =3D=3D null) {
+ aced =3D acl.addNode("jcr:ace","nt:ace");
+ aced.setProperty("jcr:principal",user);
+ aced.setProperty("jcr:protected",false);
+ aced.setProperty("jcr:aceType","DENY");
+ }
+
+ String[] grs =3D new String[gr.size()];
+ System.arraycopy(gr.toArray(),0,grs,0,gr.size());
+ aceg.setProperty("jcr:privileges",grs);
+ String[] dens =3D new String[den.size()];
+ System.arraycopy(den.toArray(),0,dens,0,den.size());
+ aced.setProperty("jcr:privileges",dens);
+
+ session.getItem("/jcr:system/jcr:accessControl").save();
+ objectNode.save();
+ } catch (RepositoryException e) {
+ e.printStackTrace(); //To change body of catch statement use =
File | Settings | File Templates.
+ }
=
return true;
}
=
- public boolean revokePermissions (String user) {
- if (exception !=3D null) {
- return false;
+ private Node getAcl() throws RepositoryException {
+ Node acl;
+ if (!objectNode.isNodeType("mix:accessControlled")) {
+ Node ac =3D (Node) session.getItem("/jcr:system/jcr:accessCont=
rol");
+ Node acp =3D ac.addNode("jahia:acp"+objectNode.getUUID(), "nt:=
accessControlPolicy");
+ acl =3D acp.addNode("jcr:acl", "nt:acl");
+ objectNode.addMixin("mix:accessControlled");
+ objectNode.setProperty("jcr:accessControlPolicy", acp);
+ } else {
+ Node acp =3D objectNode.getProperty("jcr:accessControlPolicy")=
.getNode();
+ acl =3D acp.getNode("jcr:acl");
}
- return true;
+ return acl;
}
=
- public boolean revokePermissions(String user, String action, boolean i=
nherited) {
+ public boolean revokePermissions (String user) {
if (exception !=3D null) {
return false;
}
+ try {
+ Node acl =3D getAcl();
+ NodeIterator ni =3D acl.getNodes();
+ while (ni.hasNext()) {
+ Node ace =3D ni.nextNode();
+ if (ace.getProperty("jcr:principal").getString().equals(us=
er)) {
+ ace.remove();
+ }
+ }
+
+ session.getItem("/jcr:system/jcr:accessControl").save();
+ objectNode.save();
+ } catch (RepositoryException e) {
+ e.printStackTrace(); //To change body of catch statement use =
File | Settings | File Templates.
+ }
+
return true;
}
=
@@ -536,7 +653,7 @@
}
=
return res;
- }
+ } =
=
public String getName () {
if (exception !=3D null) {
_______________________________________________
cvs_list mailing list
[email protected]
http://lists.jahia.org/cgi-bin/mailman/listinfo/cvs_list
