• Home
• com.cognifide.aem
• apm-bundle
• 4.3.1
• source code
• PermissionActionHelper.java

×

Project download

Many resources are needed to download a project. Please understand that we have to compensate our server costs. Thank you in advance.
Project price only 1 $

You can buy this project and download/modify it how often you want.

com.cognifide.cq.cqsm.foundation.permissions.PermissionActionHelper Maven / Gradle / Ivy

/*-
 * ========================LICENSE_START=================================
 * AEM Permission Management
 * %%
 * Copyright (C) 2013 Cognifide Limited
 * %%
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *      http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 * =========================LICENSE_END==================================
 */
package com.cognifide.cq.cqsm.foundation.permissions;

import com.cognifide.cq.cqsm.core.utils.MessagingUtils;
import com.cognifide.cq.cqsm.foundation.permissions.exceptions.PermissionException;
import com.cognifide.cq.cqsm.foundation.permissions.utils.JackrabbitAccessControlListUtil;
import java.security.Principal;
import java.util.ArrayList;
import java.util.Collections;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import javax.jcr.RepositoryException;
import javax.jcr.Value;
import javax.jcr.ValueFactory;
import javax.jcr.security.AccessControlException;
import javax.jcr.security.AccessControlManager;
import javax.jcr.security.Privilege;
import org.apache.jackrabbit.api.security.JackrabbitAccessControlList;

public class PermissionActionHelper {

  private final ValueFactory valueFactory;

  private final String path;

  private final List permissions;

  private final Restrictions restrictions;

  public PermissionActionHelper(ValueFactory valueFactory, String path, List permissions,
      Restrictions restrictions) {
    this.valueFactory = valueFactory;
    this.path = path;
    this.permissions = permissions;
    this.restrictions = restrictions;
  }

  public void checkPermissions(AccessControlManager accessControlManager)
      throws RepositoryException, PermissionException {
    createPrivileges(accessControlManager, permissions);
  }

  public void applyPermissions(AccessControlManager accessControlManager, Principal principal,
      boolean allow) throws RepositoryException, PermissionException {
    final List privileges = createPrivileges(accessControlManager, permissions);
    updateAccessControlList(allow, accessControlManager, privileges, principal);
  }

  private void updateAccessControlList(boolean allow,
      final AccessControlManager accessControlManager,
      final List privileges, final Principal principal) throws RepositoryException {
    final JackrabbitAccessControlList jackrabbitAcl = JackrabbitAccessControlListUtil
        .getModifiableAcl(accessControlManager, path);

    addEntry(allow, privileges, principal, jackrabbitAcl);
    accessControlManager.setPolicy(path, jackrabbitAcl);
  }

  private void addEntry(boolean allow, final List privileges,
      final Principal principal,
      final JackrabbitAccessControlList jackrabbitAcl) throws RepositoryException {

    Map singleValueRestrictions = restrictions.getSingleValueRestrictions(valueFactory);
    Map multiValueRestrictions = restrictions.getMultiValueRestrictions(valueFactory);
    jackrabbitAcl.addEntry(principal, privileges.toArray(new Privilege[privileges.size()]), allow,
        singleValueRestrictions, multiValueRestrictions);
  }

  public List createPrivileges(final AccessControlManager accessControlManager,
      final List permissions) throws RepositoryException, PermissionException {
    final List privileges = new ArrayList<>();
    final List unknownPermissions = new ArrayList<>();
    for (final String permission : permissions) {
      try {
        privileges.addAll(createPrivileges(accessControlManager, permission));
      } catch (PermissionException e) {
        unknownPermissions.add(permission);
      }
    }
    if (!unknownPermissions.isEmpty()) {
      throw new PermissionException(MessagingUtils.unknownPermissions(unknownPermissions));
    }

    return privileges;
  }

  private List createPrivileges(final AccessControlManager accessControlManager,
      final String permission) throws RepositoryException, PermissionException {
    try {
      Optional privilegeGroup = PrivilegeGroup.getFromTitle(permission);
      if (privilegeGroup.isPresent()) {
        return privilegeGroup.get().toPrivileges(accessControlManager);
      } else {
        return Collections.singletonList(accessControlManager.privilegeFromName(permission));
      }
    } catch (AccessControlException e) {
      throw new PermissionException("Unknown permission " + permission, e);
    }
  }

}