Examples of org.apache.jackrabbit.oak.api.Root

• org.apache.jackrabbit.oak.api.Root
  A {@code Root} instance serves as a container for a {@link Tree}. It is obtained from a {@link ContentSession}, which governs accessibility and visibility of the {@code Tree} and its sub trees.

  All root instances created by a content session become invalid after the content session is closed. Any method called on an invalid root instance will throw an {@code InvalidStateException}.

  {@link Tree} instances may become non existing after a call to{@link #refresh()}, {@link #rebase()} or {@link #commit()}. Any write access to non existing {@code Tree} instances will cause an{@code InvalidStateException}. @see Tree Existence and iterability of trees

        Value pathValue = getValueFactory().createValue(testPath, PropertyType.PATH);
        assertTrue(acl.addEntry(testPrincipal, testPrivileges, true, Collections.singletonMap(REP_NODE_PATH, pathValue)));
        acMgr.setPolicy(acl.getPath(), acl);
        root.commit();

        Root root2 = adminSession.getLatestRoot();
        AccessControlPolicy[] policies = getAccessControlManager(root2).getPolicies(testPath);
        assertEquals(1, policies.length);
        assertEquals(1, ((ACL) policies[0]).getAccessControlEntries().length);

        policies = getAccessControlManager(root2).getPolicies(testPrincipal);

     * @throws RepositoryException
     */
    public void move(String srcPath, String destPath, boolean transientOp, AccessManager accessManager)
            throws RepositoryException {

        Root moveRoot = transientOp ? root : contentSession.getLatestRoot();

        // check destination
        Tree dest = moveRoot.getTree(destPath);
        if (dest.exists()) {
            throw new ItemExistsException(destPath);
        }

        // check parent of destination
        String destParentPath = PathUtils.getParentPath(destPath);
        Tree destParent = moveRoot.getTree(destParentPath);
        if (!destParent.exists()) {
            throw new PathNotFoundException(PathUtils.getParentPath(destPath));
        }

        // check source exists
        Tree src = moveRoot.getTree(srcPath);
        if (!src.exists()) {
            throw new PathNotFoundException(srcPath);
        }

        accessManager.checkPermissions(destPath, Permissions.getString(Permissions.NODE_TYPE_MANAGEMENT));

        try {
            if (!moveRoot.move(srcPath, destPath)) {
                throw new RepositoryException("Cannot move node at " + srcPath + " to " + destPath);
            }
            if (!transientOp) {
                moveRoot.commit();
                refresh(true);
            }
        } catch (CommitFailedException e) {
            throw newRepositoryException(e);
        }

        if (uri.equals(map.get(prefix))) {
            return; // Namespace already registered, so we do nothing
        }

        try {
            Root root = getWriteRoot();
            Tree namespaces =
                    getOrCreate(root, JcrConstants.JCR_SYSTEM, REP_NAMESPACES);
            if (!namespaces.hasProperty(JcrConstants.JCR_PRIMARYTYPE)) {
                namespaces.setProperty(JcrConstants.JCR_PRIMARYTYPE,
                        JcrConstants.NT_UNSTRUCTURED, NAME);
            }
            // remove existing mapping to given uri
            for (PropertyState p : namespaces.getProperties()) {
                if (!p.isArray() && p.getValue(STRING).equals(uri)) {
                    namespaces.removeProperty(p.getName());
                }
            }
            namespaces.setProperty(prefix, uri);
            root.commit();
            refresh();
        } catch (CommitFailedException e) {
            String message =
                    "Failed to register namespace mapping from "
                            + prefix + " to " + uri;

            public ContentSession run() throws Exception {
                return repo.login(null, null);
            }
        });
        try {
            Root root = cs.getLatestRoot();
            UserConfiguration uc = sp.getConfiguration(UserConfiguration.class);
            UserManager umgr = uc.getUserManager(root, NamePathMapper.DEFAULT);
            Authorizable adminUser = umgr.getAuthorizable("admin");
            assertNotNull(adminUser);

            Tree adminTree = root.getTree(adminUser.getPath());
            assertTrue(adminTree.exists());
            assertNull(adminTree.getProperty(UserConstants.REP_PASSWORD));
        } finally {
            cs.close();
        }

            public ContentSession run() throws Exception {
                return repo.login(null, null);
            }
        });
        try {
            Root root = cs.getLatestRoot();
            UserConfiguration uc = sp.getConfiguration(UserConfiguration.class);
            UserManager umgr = uc.getUserManager(root, NamePathMapper.DEFAULT);
            Authorizable anonymous = umgr.getAuthorizable(UserConstants.DEFAULT_ANONYMOUS_ID);
            assertNull(anonymous);
        } finally {

        return new ConfigurationParameters(ImmutableMap.of(AuthorizationConfiguration.NAME, acConfig));
    }

    @Test
    public void testUserManagementPermissionWithJr2Flag() throws Exception {
        Root testRoot = getTestRoot();
        testRoot.refresh();

        UserManager testUserMgr = getUserConfiguration().getUserManager(testRoot, NamePathMapper.DEFAULT);
        try {
            User u = testUserMgr.createUser("a", "b");
            testRoot.commit();

            u.changePassword("c");
            testRoot.commit();

            u.remove();
            testRoot.commit();
        } finally {
            root.refresh();
            Authorizable user = getUserManager(root).getAuthorizable("a");
            if (user != null) {
                user.remove();

        /* allow READ/WRITE privilege for testUser at 'path' */
        setupPermission("/a", testPrincipal, true, PrivilegeConstants.JCR_READ, PrivilegeConstants.REP_WRITE);
        /* deny REMOVE_NODE privilege at subtree. */
        setupPermission("/a/b", testPrincipal, false, PrivilegeConstants.JCR_REMOVE_NODE);

        Root testRoot = getTestRoot();
        AccessControlManager acMgr = getAccessControlManager(testRoot);
        assertTrue(acMgr.hasPrivileges("/a", privilegesFromNames(PrivilegeConstants.REP_WRITE)));
        assertFalse(acMgr.hasPrivileges("/a/b", privilegesFromNames(PrivilegeConstants.JCR_REMOVE_NODE)));

        // removing the tree must fail
        try {
            testRoot.getTree("/a").remove();
            testRoot.commit();
            fail();
        } catch (CommitFailedException e) {
            // success
            assertTrue(e.isAccessViolation());
        }

        /* allow READ/WRITE privilege for testUser at 'path' */
        setupPermission("/a", testPrincipal, true, PrivilegeConstants.JCR_READ, PrivilegeConstants.REP_WRITE);
        /* deny REP_REMOVE_PROPERTIES privilege at subtree. */
        setupPermission("/a/b", testPrincipal, false, PrivilegeConstants.REP_REMOVE_PROPERTIES);

        Root testRoot = getTestRoot();
        AccessControlManager acMgr = getAccessControlManager(testRoot);
        assertTrue(acMgr.hasPrivileges("/a", privilegesFromNames(PrivilegeConstants.REP_WRITE)));
        assertFalse(acMgr.hasPrivileges("/a/b", privilegesFromNames(PrivilegeConstants.REP_REMOVE_PROPERTIES)));

        // removing the tree must fail
        try {
            testRoot.getTree("/a").remove();
            testRoot.commit();
            fail();
        } catch (CommitFailedException e) {
            // success
            assertTrue(e.isAccessViolation());
        }

    @Override
    public AccessControlPolicy[] getEffectivePolicies(@Nullable String absPath) throws RepositoryException {
        String oakPath = getOakPath(absPath);
        Tree tree = getTree(oakPath, Permissions.READ_ACCESS_CONTROL, true);

        Root r = root.getContentSession().getLatestRoot();
        tree = r.getTree(tree.getPath());

        List<AccessControlPolicy> effective = new ArrayList<AccessControlPolicy>();
        AccessControlPolicy policy = createACL(oakPath, tree, true);
        if (policy != null) {
            effective.add(policy);
        }
        if (oakPath != null) {
            String parentPath = Text.getRelativeParent(oakPath, 1);
            while (!parentPath.isEmpty()) {
                Tree t = r.getTree(parentPath);
                AccessControlPolicy plc = createACL(parentPath, t, true);
                if (plc != null) {
                    effective.add(plc);
                }
                parentPath = (PathUtils.denotesRoot(parentPath)) ? "" : Text.getRelativeParent(parentPath, 1);

    @Nonnull
    @Override
    public AccessControlPolicy[] getEffectivePolicies(@Nonnull Set<Principal> principals) throws RepositoryException {
        Util.checkValidPrincipals(principals, principalManager);
        Root r = root.getContentSession().getLatestRoot();

        Result aceResult = searchAces(principals, r);
        List<AccessControlPolicy> effective = new ArrayList<AccessControlPolicy>();
        for (ResultRow row : aceResult.getRows()) {
            String acePath = row.getPath();
            String aclName = Text.getName(Text.getRelativeParent(acePath, 1));

            Tree accessControlledTree = r.getTree(Text.getRelativeParent(acePath, 2));
            if (aclName.isEmpty() || !accessControlledTree.exists()) {
                log.debug("Isolated access control entry -> ignore query result at " + acePath);
                continue;
            }