Examples of org.exoplatform.services.jcr.access.AccessControlList

• org.exoplatform.services.jcr.access.AccessControlList
  Created by The eXo Platform SAS.
  Access Control List. @author Gennady Azarenkov @version $Id: AccessControlList.java 14556 2008-05-21 15:22:15Z pnedonosko $

      {

         final NodeData node = (NodeData)item;

         // the node ACL can't be are null as ACL manager does care about this
         final AccessControlList acl = node.getACL();
         if (acl == null)
         {
            throw new RepositoryException("Node ACL is null. " + node.getQPath().getAsString() + " "
               + node.getIdentifier());
         }

            }
            // going up to the root
            parent = (NodeData)getItemData(parent.getParentIdentifier());
         }
      }
      return new AccessControlList();
   }

    */
   private ItemData initACL(NodeData parent, NodeData node) throws RepositoryException
   {
      if (node != null)
      {
         AccessControlList acl = node.getACL();
         if (acl == null)
         {
            if (parent != null)
            {
               // use parent ACL
               node =
                  new TransientNodeData(node.getQPath(), node.getIdentifier(), node.getPersistedVersion(),
                     node.getPrimaryTypeName(), node.getMixinTypeNames(), node.getOrderNumber(),
                     node.getParentIdentifier(), parent.getACL());
            }
            else
            {
               // use nearest ancestor ACL... case of get by id
               node =
                  new TransientNodeData(node.getQPath(), node.getIdentifier(), node.getPersistedVersion(),
                     node.getPrimaryTypeName(), node.getMixinTypeNames(), node.getOrderNumber(),
                     node.getParentIdentifier(), getNearestACAncestorAcl(node));
            }
         }
         else if (!acl.hasPermissions())
         {
            // use nearest ancestor permissions
            AccessControlList ancestorAcl = getNearestACAncestorAcl(node);

            node =
               new TransientNodeData(node.getQPath(), node.getIdentifier(), node.getPersistedVersion(),
                  node.getPrimaryTypeName(), node.getMixinTypeNames(), node.getOrderNumber(),
                  node.getParentIdentifier(), new AccessControlList(acl.getOwner(), ancestorAcl.getPermissionEntries()));
         }
         else if (!acl.hasOwner())
         {
            // use nearest ancestor owner
            AccessControlList ancestorAcl = getNearestACAncestorAcl(node);

            node =
               new TransientNodeData(node.getQPath(), node.getIdentifier(), node.getPersistedVersion(),
                  node.getPrimaryTypeName(), node.getMixinTypeNames(), node.getOrderNumber(),
                  node.getParentIdentifier(), new AccessControlList(ancestorAcl.getOwner(), acl.getPermissionEntries()));

         }
      }

      return node;

               {
                  PropertyData aclData =
                     (PropertyData)dataManager.getItemData(frozen, new QPathEntry(Constants.EXO_PERMISSIONS, 0),
                        ItemType.PROPERTY);

                  AccessControlList acl = new AccessControlList();
                  acl.removePermissions(SystemIdentity.ANY);

                  for (ValueData value : aclData.getValues())
                  {
                     acl.addPermissions(new String(value.getAsByteArray(), Constants.DEFAULT_ENCODING));
                  }

                  accessList = acl.getPermissionEntries();
               }
               else if (mixins[i].equals(Constants.EXO_OWNEABLE))
               {
                  PropertyData ownerData =
                     (PropertyData)dataManager.getItemData(frozen, new QPathEntry(Constants.EXO_OWNER, 0),
                        ItemType.PROPERTY);

                  owner = new String(ownerData.getValues().get(0).getAsByteArray(), Constants.DEFAULT_ENCODING);
               }
            }
         }
         catch (IllegalNameException e)
         {
            throw new RepositoryException("jcr:frozenMixinTypes, error of data read "
               + userSession.getLocationFactory().createJCRPath(frozenMixinTypes.getQPath()).getAsString(false), e);
         }
         catch (IllegalStateException e)
         {
            throw new RepositoryException("jcr:frozenMixinTypes, error of data read "
               + userSession.getLocationFactory().createJCRPath(frozenMixinTypes.getQPath()).getAsString(false), e);
         }
         catch (IOException e)
         {
            throw new RepositoryException("jcr:frozenMixinTypes, error of data read "
               + userSession.getLocationFactory().createJCRPath(frozenMixinTypes.getQPath()).getAsString(false), e);
         }
      }

      AccessControlList acl = new AccessControlList(owner, accessList);

      InternalQName ptName = null;
      try
      {
         ptName = InternalQName.parse(new String(frozenPrimaryType.getValues().get(0).getAsByteArray()));

                        + existing.getIdentifier());
                  }
               }
            }

            AccessControlList acl = currentNode().getACL();

            boolean isPrivilegeable =
               nodeTypeDataManager.isNodeType(Constants.EXO_PRIVILEGEABLE, frozen.getPrimaryTypeName(),
                  frozen.getMixinTypeNames());

            boolean isOwneable =
               nodeTypeDataManager.isNodeType(Constants.EXO_OWNEABLE, frozen.getPrimaryTypeName(),
                  frozen.getMixinTypeNames());

            if (isPrivilegeable || isOwneable)
            {
               List<AccessControlEntry> permissionEntries = new ArrayList<AccessControlEntry>();
               permissionEntries.addAll((isPrivilegeable ? frozen.getACL() : currentNode().getACL())
                  .getPermissionEntries());

               String owner = isOwneable ? frozen.getACL().getOwner() : currentNode().getACL().getOwner();

               acl = new AccessControlList(owner, permissionEntries);
            }

            NodeData restoredData =
               new TransientNodeData(restoredPath, jcrUuid, frozen.getPersistedVersion(), frozen.getPrimaryTypeName(),
                  frozen.getMixinTypeNames(), frozen.getOrderNumber(), currentNode().getIdentifier(), acl);

   {

      try
      {
         JCRPath jcrPath = locationFactory.parseAbsPath(absPath);
         AccessControlList acl = dataManager.getACL(jcrPath.getInternalPath());
         if (!accessManager.hasPermission(acl, actions, getUserState().getIdentity()))
            throw new AccessControlException("Permission denied " + absPath + " : " + actions);
      }
      catch (RepositoryException e)
      {

      for (String perm : PermissionType.ALL)
      {
         AccessControlEntry ace = new AccessControlEntry(SystemIdentity.ANY, perm);
         aces.add(ace);
      }
      AccessControlList acl = new AccessControlList(getACL().getOwner(), aces);

      setACL(acl);
   }

      for (PropertyDefinitionData def : ntmanager.getAllPropertyDefinitions(type.getName()))
      {
         if (ntmanager.isNodeType(Constants.EXO_OWNEABLE, new InternalQName[]{type.getName()})
            && def.getName().equals(Constants.EXO_OWNER))
         {
            AccessControlList acl =
               new AccessControlList(session.getUserID(), ((NodeData)data).getACL().getPermissionEntries());
            setACL(acl);
         }
      }

      updateMixin(newMixin);

      for (AccessControlEntry aEntry : nodeData().getACL().getPermissionEntries())
      {
         listEntry.add(new AccessControlEntry(aEntry.getIdentity(), aEntry.getPermission()));
      }

      return new AccessControlList(nodeData().getACL().getOwner(), listEntry);
   }

         throw new AccessControlException("Node is not exo:privilegeable " + getPath());
      }

      checkPermission(PermissionType.CHANGE_PERMISSION);

      AccessControlList acl = new AccessControlList(getACL().getOwner(), getACL().getPermissionEntries());
      acl.removePermissions(identity);
      setACL(acl);
      updatePermissions(acl);
   }