Examples of org.exoplatform.services.jcr.access.AccessControlList

• org.exoplatform.services.jcr.access.AccessControlList
  Created by The eXo Platform SAS.
  Access Control List. @author Gennady Azarenkov @version $Id: AccessControlList.java 14556 2008-05-21 15:22:15Z pnedonosko $

            // MIXIN
            MixinInfo mixins = readMixins(cid);

            // ACL
            AccessControlList acl; // NO DEFAULT values!

            if (mixins.hasOwneable())
            {
               // has own owner
               if (mixins.hasPrivilegeable())
               {
                  // and permissions
                  acl = new AccessControlList(readACLOwner(cid), readACLPermisions(cid));
               }
               else if (parentACL != null)
               {
                  // use permissions from existed parent
                  acl =
                     new AccessControlList(readACLOwner(cid), parentACL.hasPermissions()
                        ? parentACL.getPermissionEntries() : null);
               }
               else
               {
                  // have to search nearest ancestor permissions in ACL manager
                  // acl = new AccessControlList(readACLOwner(cid), traverseACLPermissions(cpid));
                  acl = new AccessControlList(readACLOwner(cid), null);
               }
            }
            else if (mixins.hasPrivilegeable())
            {
               // has own permissions
               if (mixins.hasOwneable())
               {
                  // and owner
                  acl = new AccessControlList(readACLOwner(cid), readACLPermisions(cid));
               }
               else if (parentACL != null)
               {
                  // use owner from existed parent
                  acl = new AccessControlList(parentACL.getOwner(), readACLPermisions(cid));
               }
               else
               {
                  // have to search nearest ancestor owner in ACL manager
                  // acl = new AccessControlList(traverseACLOwner(cpid), readACLPermisions(cid));
                  acl = new AccessControlList(null, readACLPermisions(cid));
               }
            }
            else
            {
               if (parentACL != null)
               {
                  // construct ACL from existed parent ACL
                  acl =
                     new AccessControlList(parentACL.getOwner(), parentACL.hasPermissions()
                        ? parentACL.getPermissionEntries() : null);
               }
               else
               {
                  // have to search nearest ancestor owner and permissions in ACL manager

         }

         try
         {
            // ACL
            AccessControlList acl; // NO DEFAULT values!

            if (owneable)
            {
               // has own owner
               if (privilegeable)
               {
                  // and permissions
                  acl = new AccessControlList(readACLOwner(cid, properties), readACLPermisions(cid, properties));
               }
               else if (parentACL != null)
               {
                  // use permissions from existed parent
                  acl =
                     new AccessControlList(readACLOwner(cid, properties), parentACL.hasPermissions()
                        ? parentACL.getPermissionEntries() : null);
               }
               else
               {
                  // have to search nearest ancestor permissions in ACL manager
                  acl = new AccessControlList(readACLOwner(cid, properties), null);
               }
            }
            else if (privilegeable)
            {
               // has own permissions
               if (owneable)
               {
                  // and owner
                  acl = new AccessControlList(readACLOwner(cid, properties), readACLPermisions(cid, properties));
               }
               else if (parentACL != null)
               {
                  // use owner from existed parent
                  acl = new AccessControlList(parentACL.getOwner(), readACLPermisions(cid, properties));
               }
               else
               {
                  // have to search nearest ancestor owner in ACL manager
                  // acl = new AccessControlList(traverseACLOwner(cpid), readACLPermisions(cid));
                  acl = new AccessControlList(null, readACLPermisions(cid, properties));
               }
            }
            else
            {
               if (parentACL != null)
               {
                  // construct ACL from existed parent ACL
                  acl =
                     new AccessControlList(parentACL.getOwner(), parentACL.hasPermissions()
                        ? parentACL.getPermissionEntries() : null);
               }
               else
               {
                  // have to search nearest ancestor owner and permissions in ACL manager

      String id = keepIdentifiers ? node.getIdentifier() : IdGenerator.generate();

      QPath qpath = QPath.makeChildPath(destParent.getQPath(), qname, destIndex);

      AccessControlList acl = destParent.getACL();

      boolean isPrivilegeable =
         ntManager.isNodeType(Constants.EXO_PRIVILEGEABLE, node.getPrimaryTypeName(), node.getMixinTypeNames());

      boolean isOwneable =
         ntManager.isNodeType(Constants.EXO_OWNEABLE, node.getPrimaryTypeName(), node.getMixinTypeNames());

      if (isPrivilegeable || isOwneable)
      {
         List<AccessControlEntry> permissionEntries = new ArrayList<AccessControlEntry>();
         permissionEntries.addAll((isPrivilegeable ? node.getACL() : destParent.getACL()).getPermissionEntries());

         String owner = isOwneable ? node.getACL().getOwner() : destParent.getACL().getOwner();

         acl = new AccessControlList(owner, permissionEntries);
      }

      TransientNodeData newNode =
         new TransientNodeData(qpath, id, -1, node.getPrimaryTypeName(), node.getMixinTypeNames(), destOrderNum,
            destParent.getIdentifier(), acl);

            // MIXIN
            MixinInfo mixins = readMixins(cid);

            // ACL
            AccessControlList acl; // NO DEFAULT values!

            if (mixins.hasOwneable())
            {
               // has own owner
               if (mixins.hasPrivilegeable())
               {
                  // and permissions
                  acl = new AccessControlList(readACLOwner(cid), readACLPermisions(cid));
               }
               else if (parentACL != null)
               {
                  // use permissions from existed parent
                  acl =
                     new AccessControlList(readACLOwner(cid), parentACL.hasPermissions()
                        ? parentACL.getPermissionEntries() : null);
               }
               else
               {
                  // have to search nearest ancestor permissions in ACL manager
                  // acl = new AccessControlList(readACLOwner(cid), traverseACLPermissions(cpid));
                  acl = new AccessControlList(readACLOwner(cid), null);
               }
            }
            else if (mixins.hasPrivilegeable())
            {
               // has own permissions
               if (mixins.hasOwneable())
               {
                  // and owner
                  acl = new AccessControlList(readACLOwner(cid), readACLPermisions(cid));
               }
               else if (parentACL != null)
               {
                  // use owner from existed parent
                  acl = new AccessControlList(parentACL.getOwner(), readACLPermisions(cid));
               }
               else
               {
                  // have to search nearest ancestor owner in ACL manager
                  // acl = new AccessControlList(traverseACLOwner(cpid), readACLPermisions(cid));
                  acl = new AccessControlList(null, readACLPermisions(cid));
               }
            }
            else
            {
               if (parentACL != null)
               {
                  // construct ACL from existed parent ACL
                  acl =
                     new AccessControlList(parentACL.getOwner(), parentACL.hasPermissions()
                        ? parentACL.getPermissionEntries() : null);
               }
               else
               {
                  // have to search nearest ancestor owner and permissions in ACL manager

   }

   protected AccessControlList initAcl(AccessControlList parentACL, boolean isOwneable, boolean isPrivilegeable,
      String owner, List<String> exoPermissions)
   {
      AccessControlList acl;
      if (isOwneable)
      {
         // has own owner
         if (isPrivilegeable)
         {
            // and permissions
            acl = new AccessControlList(owner, readACLPermisions(exoPermissions));
         }
         else if (parentACL != null)
         {
            // use permissions from existed parent
            acl = new AccessControlList(owner, parentACL.hasPermissions() ? parentACL.getPermissionEntries() : null);
         }
         else
         {
            // have to search nearest ancestor permissions in ACL manager
            // acl = new AccessControlList(owner,
            // traverseACLPermissions(cpid));
            acl = new AccessControlList(owner, null);
         }
      }
      else if (isPrivilegeable)
      {
         // has own permissions
         if (isOwneable)
         {
            // and owner
            acl = new AccessControlList(owner, readACLPermisions(exoPermissions));
         }
         else if (parentACL != null)
         {
            // use owner from existed parent
            acl = new AccessControlList(parentACL.getOwner(), readACLPermisions(exoPermissions));
         }
         else
         {
            // have to search nearest ancestor owner in ACL manager
            // acl = new AccessControlList(traverseACLOwner(cpid),
            // readACLPermisions(cid));
            acl = new AccessControlList(null, readACLPermisions(exoPermissions));
         }
      }
      else
      {
         if (parentACL != null)
            // construct ACL from existed parent ACL
            acl =
               new AccessControlList(parentACL.getOwner(), parentACL.hasPermissions() ? parentACL
                  .getPermissionEntries() : null);
         else
            // have to search nearest ancestor owner and permissions in ACL manager
            // acl = traverseACL(cpid);
            acl = null;

      for (String perm : PermissionType.ALL)
      {
         AccessControlEntry ace = new AccessControlEntry(SystemIdentity.ANY, perm);
         aces.add(ace);
      }
      AccessControlList acl = new AccessControlList(getACL().getOwner(), aces);

      setACL(acl);
   }

      for (PropertyDefinitionData def : ntmanager.getAllPropertyDefinitions(type.getName()))
      {
         if (ntmanager.isNodeType(Constants.EXO_OWNEABLE, new InternalQName[]{type.getName()})
            && def.getName().equals(Constants.EXO_OWNER))
         {
            AccessControlList acl =
               new AccessControlList(session.getUserID(), ((NodeData)data).getACL().getPermissionEntries());
            setACL(acl);
         }
      }

      updateMixin(newMixin);

      for (AccessControlEntry aEntry : nodeData().getACL().getPermissionEntries())
      {
         listEntry.add(new AccessControlEntry(aEntry.getIdentity(), aEntry.getPermission()));
      }

      return new AccessControlList(nodeData().getACL().getOwner(), listEntry);
   }

         throw new AccessControlException("Node is not exo:privilegeable " + getPath());
      }

      checkPermission(PermissionType.CHANGE_PERMISSION);

      AccessControlList acl = new AccessControlList(getACL().getOwner(), getACL().getPermissionEntries());
      acl.removePermissions(identity);
      setACL(acl);
      updatePermissions(acl);
   }

         throw new AccessControlException("Node is not exo:privilegeable " + getPath());
      }

      checkPermission(PermissionType.CHANGE_PERMISSION);

      AccessControlList acl = new AccessControlList(getACL().getOwner(), getACL().getPermissionEntries());
      acl.removePermissions(identity, permission);
      setACL(acl);
      updatePermissions(acl);
   }