Examples of org.modeshape.jcr.security.acl.JcrAccessControlList

• org.modeshape.jcr.security.acl.JcrAccessControlList
  Resources based Access Control List implementation. ACLs are stored per node in a special child node called mode:acl. This node has a list of mode:{$principal_name} child nodes which has multi-value property permissions. Permissions are defined by JCR specifications.

   {node} {mode:AccessControllable} +mode:acl {mode:Acl} +user-name {mode:permission} -permissions {String} 

  @author kulikov

    @Override
    public boolean hasPrivileges( String path,
                                  Privilege[] privileges ) throws PathNotFoundException, RepositoryException {
        // recursively search for first available access list
        JcrAccessControlList acl = getApplicableACL(path);
        return acl.isEmpty() || acl.hasPrivileges(securityContext(), privileges);
    }

        JcrAccessControlList acl = getApplicableACL(path);
        return acl.isEmpty() || acl.hasPrivileges(securityContext(), privileges);
    }

    private JcrAccessControlList getApplicableACL( String path ) throws RepositoryException {
        JcrAccessControlList acl = findAccessList(path, true);
        return acl != null ? acl : defaultACL;
    }

    }

    @Override
    public Privilege[] getPrivileges( String path ) throws PathNotFoundException, RepositoryException {
        // recursively search for first available access list
        JcrAccessControlList acl = getApplicableACL(path);
        // access list found, ask it to get defined privileges
        return acl.getPrivileges(securityContext());
    }

        throws PathNotFoundException, AccessDeniedException, RepositoryException {
        if (session.isReadOnly()) {
            throw new AccessDeniedException(JcrI18n.permissionDenied.text(absPath, "read access control content"));
        }

        JcrAccessControlList acl = getApplicableACL(absPath);
        if (!acl.isEmpty()
            && !acl.hasPrivileges(securityContext(), new Privilege[] {privileges.forName(Privilege.JCR_READ_ACCESS_CONTROL)})) {
            throw new AccessDeniedException();
        }

        CachedNode node = session.cachedNode(session.pathFactory().create(absPath), false);
        if (node.hasACL(session.cache())) {
            // we only support 1 ACL per node; therefore if the node already has an ACL, we don't want to allow any additional
            // ones
            return AccessControlPolicyIteratorImpl.EMPTY;
        }
        // the node doesn't have an ACL yet, so return a new, empty ACL which can be used by clients to set privileges
        return new AccessControlPolicyIteratorImpl(new JcrAccessControlList(this, absPath));
    }

        // we support only access list then cast policy to access list
        if (!(policy instanceof JcrAccessControlList)) {
            throw new AccessControlException("Invalid policy class (expected JcrAccessControlList): "
                                             + policy.getClass().getSimpleName());
        }
        JcrAccessControlList acl = (JcrAccessControlList)policy;
        Map<String, Set<String>> privilegesByPrincipalName = privilegesByPrincipalName(acl);
        try {
            CachedNode cacheNode = session.cachedNode(session.pathFactory().create(absPath), false);
            SessionCache cache = session.cache();
            MutableCachedNode mutableNode = cache.mutable(cacheNode.getKey());

            return null;
        }

        // create a new access list object
        String aclPath = startingNode.getKey().equals(node.getKey()) ? absPath : node.getPath(sessionCache).getString();
        JcrAccessControlList acl = new JcrAccessControlList(this, aclPath);
        for (String principalName : permissions.keySet()) {
            Set<String> privileges = permissions.get(principalName);
            acl.addAccessControlEntry(principal(principalName), privileges(privileges));
        }
        return acl;
    }