*/
AccessManager accessMgr = session.getAccessManager();
NodeTypeManagerImpl ntMgr = session.getNodeTypeManager();
// walk through list of dirty transient items and validate each
while (dirtyIter.hasNext()) {
ItemState itemState = dirtyIter.next();
ItemDefinition def;
if (itemState.isNode()) {
def = ntMgr.getNodeDefinition(((NodeState) itemState).getDefinitionId());
} else {
def = ntMgr.getPropertyDefinition(((PropertyState) itemState).getDefinitionId());
}
/* check permissions for non-protected items. protected items are
only added through API methods which need to assert that
permissions are not violated.
*/
if (!def.isProtected()) {
/* detect the effective set of modification:
- new added node -> add_node perm on the child
- new property added -> set_property permission
- property modified -> set_property permission
- modified nodes can be ignored for changes only included
child-item addition or removal or changes of protected
properties such as mixin-types which are covered separately
note: removed items are checked later on.
*/
Path path = stateMgr.getHierarchyMgr().getPath(itemState.getId());
boolean isGranted = true;
if (itemState.isNode()) {
if (itemState.getStatus() == ItemState.STATUS_NEW) {
isGranted = accessMgr.isGranted(path, Permission.ADD_NODE);
} // else: modified node (see comment above)
} else {
// modified or new property: set_property permission
isGranted = accessMgr.isGranted(path, Permission.SET_PROPERTY);
}
if (!isGranted) {
String msg = itemMgr.safeGetJCRPath(path) + ": not allowed to add or modify item";
log.debug(msg);
throw new AccessDeniedException(msg);
}
}
if (itemState.isNode()) {
// the transient item is a node
NodeState nodeState = (NodeState) itemState;
ItemId id = nodeState.getNodeId();
NodeDefinition nodeDef = (NodeDefinition) def;
// primary type
NodeTypeImpl pnt = ntMgr.getNodeType(nodeState.getNodeTypeName());
// effective node type (primary type incl. mixins)
EffectiveNodeType ent = getEffectiveNodeType(nodeState);
/**
* if the transient node was added (i.e. if it is 'new') or if
* its primary type has changed, check its node type against the
* required node type in its definition
*/
if (nodeState.getStatus() == ItemState.STATUS_NEW
|| !nodeState.getNodeTypeName().equals(
((NodeState) nodeState.getOverlayedState()).getNodeTypeName())) {
NodeType[] nta = nodeDef.getRequiredPrimaryTypes();
for (int i = 0; i < nta.length; i++) {
NodeTypeImpl ntReq = (NodeTypeImpl) nta[i];
if (!(pnt.getQName().equals(ntReq.getQName())
|| pnt.isDerivedFrom(ntReq.getQName()))) {
/**
* the transient node's primary node type does not
* satisfy the 'required primary types' constraint
*/
String msg = itemMgr.safeGetJCRPath(id)
+ " must be of node type " + ntReq.getName();
log.debug(msg);
throw new ConstraintViolationException(msg);
}
}
}
// mandatory child properties
PropDef[] pda = ent.getMandatoryPropDefs();
for (int i = 0; i < pda.length; i++) {
PropDef pd = pda[i];
if (pd.getDeclaringNodeType().equals(NameConstants.MIX_VERSIONABLE)
|| pd.getDeclaringNodeType().equals(NameConstants.MIX_SIMPLE_VERSIONABLE)) {
/**
* todo FIXME workaround for mix:versionable:
* the mandatory properties are initialized at a
* later stage and might not exist yet
*/
continue;
}
if (!nodeState.hasPropertyName(pd.getName())) {
String msg = itemMgr.safeGetJCRPath(id)
+ ": mandatory property " + pd.getName()
+ " does not exist";
log.debug(msg);
throw new ConstraintViolationException(msg);
}
}
// mandatory child nodes
NodeDef[] cnda = ent.getMandatoryNodeDefs();
for (int i = 0; i < cnda.length; i++) {
NodeDef cnd = cnda[i];
if (!nodeState.hasChildNodeEntry(cnd.getName())) {
String msg = itemMgr.safeGetJCRPath(id)
+ ": mandatory child node " + cnd.getName()
+ " does not exist";
log.debug(msg);
throw new ConstraintViolationException(msg);
}
}
} else {
// the transient item is a property
PropertyState propState = (PropertyState) itemState;
ItemId propId = propState.getPropertyId();
PropertyDefinitionImpl propDef = (PropertyDefinitionImpl) def;
/**
* check value constraints
* (no need to check value constraints of protected properties
* as those are set by the implementation only, i.e. they
* cannot be set by the user through the api)
*/
if (!def.isProtected()) {
String[] constraints = propDef.getValueConstraints();
if (constraints != null) {
InternalValue[] values = propState.getValues();
try {
EffectiveNodeType.checkSetPropertyValueConstraints(
propDef.unwrap(), values);
} catch (RepositoryException e) {
// repack exception for providing more verbose error message
String msg = itemMgr.safeGetJCRPath(propId) + ": " + e.getMessage();
log.debug(msg);
throw new ConstraintViolationException(msg);
}
/**
* need to manually check REFERENCE value constraints
* as this requires a session (target node needs to
* be checked)
*/
if (constraints.length > 0
&& (propDef.getRequiredType() == PropertyType.REFERENCE
|| propDef.getRequiredType() == PropertyType.WEAKREFERENCE)) {
for (int i = 0; i < values.length; i++) {
boolean satisfied = false;
String constraintViolationMsg = null;
try {
NodeId targetId = values[i].getNodeId();
if (propDef.getRequiredType() == PropertyType.WEAKREFERENCE
&& !itemMgr.itemExists(targetId)) {
// target of weakref doesn;t exist, skip
continue;
}
Node targetNode = session.getNodeById(targetId);
/**
* constraints are OR-ed, i.e. at least one
* has to be satisfied
*/
for (int j = 0; j < constraints.length; j++) {
/**
* a [WEAK]REFERENCE value constraint specifies
* the name of the required node type of
* the target node
*/
String ntName = constraints[j];
if (targetNode.isNodeType(ntName)) {
satisfied = true;
break;
}
}
if (!satisfied) {
NodeType[] mixinNodeTypes = targetNode.getMixinNodeTypes();
String[] targetMixins = new String[mixinNodeTypes.length];
for (int j = 0; j < mixinNodeTypes.length; j++) {
targetMixins[j] = mixinNodeTypes[j].getName();
}
String targetMixinsString = Text.implode(targetMixins, ", ");
String constraintsString = Text.implode(constraints, ", ");
constraintViolationMsg = itemMgr.safeGetJCRPath(propId)
+ ": is constraint to ["
+ constraintsString
+ "] but references [primaryType="
+ targetNode.getPrimaryNodeType().getName()
+ ", mixins="
+ targetMixinsString + "]";
}
} catch (RepositoryException re) {
String msg = itemMgr.safeGetJCRPath(propId)
+ ": failed to check "
+ ((propDef.getRequiredType() == PropertyType.REFERENCE) ? "REFERENCE" : "WEAKREFERENCE")
+ " value constraint";
log.debug(msg);
throw new ConstraintViolationException(msg, re);
}
if (!satisfied) {
log.debug(constraintViolationMsg);
throw new ConstraintViolationException(constraintViolationMsg);
}
}
}
}
}
/**
* no need to check the protected flag as this is checked
* in PropertyImpl.setValue(Value)
*/
}
}
// walk through list of removed transient items and check REMOVE permission
while (removedIter.hasNext()) {
ItemState itemState = removedIter.next();
ItemDefinition def;
if (itemState.isNode()) {
def = ntMgr.getNodeDefinition(((NodeState) itemState).getDefinitionId());
} else {
def = ntMgr.getPropertyDefinition(((PropertyState) itemState).getDefinitionId());
}
if (!def.isProtected()) {
Path path = stateMgr.getAtticAwareHierarchyMgr().getPath(itemState.getId());
// check REMOVE permission
int permission = (itemState.isNode()) ? Permission.REMOVE_NODE : Permission.REMOVE_PROPERTY;
if (!accessMgr.isGranted(path, permission)) {
String msg = itemMgr.safeGetJCRPath(path)
+ ": not allowed to remove item";
log.debug(msg);
throw new AccessDeniedException(msg);