This is an automated email from the ASF dual-hosted git repository. rombert pushed a commit to annotated tag org.apache.sling.jcr.jackrabbit.accessmanager-2.1.2 in repository https://gitbox.apache.org/repos/asf/sling-org-apache-sling-jcr-jackrabbit-accessmanager.git
commit fcc025a1005710ad8c3032c00e258c23678c755f Author: Eric Norman <enor...@apache.org> AuthorDate: Thu May 19 05:24:07 2011 +0000 SLING-2083 AccessManager permissions manipulation services that mirror the functionality of the REST operations for programmatic access management code. git-svn-id: https://svn.apache.org/repos/asf/sling/trunk/bundles/jcr/jackrabbit-accessmanager@1124538 13f79535-47bb-0310-9956-ffa450edef68 --- .../jcr/jackrabbit/accessmanager/DeleteAces.java | 46 ++++++ .../sling/jcr/jackrabbit/accessmanager/GetAcl.java | 48 ++++++ .../jackrabbit/accessmanager/GetEffectiveAcl.java | 48 ++++++ .../jcr/jackrabbit/accessmanager/ModifyAce.java | 54 +++++++ .../accessmanager/post/AbstractGetAclServlet.java | 176 +++++++++++---------- .../accessmanager/post/DeleteAcesServlet.java | 51 +++--- .../accessmanager/post/GetAclServlet.java | 14 +- .../accessmanager/post/GetEffectiveAclServlet.java | 16 +- .../accessmanager/post/ModifyAceServlet.java | 113 +++++++------ 9 files changed, 410 insertions(+), 156 deletions(-) diff --git a/src/main/java/org/apache/sling/jcr/jackrabbit/accessmanager/DeleteAces.java b/src/main/java/org/apache/sling/jcr/jackrabbit/accessmanager/DeleteAces.java new file mode 100644 index 0000000..26a03ff --- /dev/null +++ b/src/main/java/org/apache/sling/jcr/jackrabbit/accessmanager/DeleteAces.java @@ -0,0 +1,46 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.sling.jcr.jackrabbit.accessmanager; + +import javax.jcr.RepositoryException; +import javax.jcr.Session; + +/** + * The <code>DeleteAces</code> service api. + * <p> + * This interface is not intended to be implemented by bundles. It is + * implemented by this bundle and may be used by client bundles. + * </p> + */ +public interface DeleteAces { + + /** + * Deletes one or more ACEs from the access control list of a resource. + * + * @param jcrSession the JCR session of the user updating the user + * @param resourcePath The path of the resource to update the ACL for (required) + * @param principalNamesToDelete An array of ace principal names to delete.. (required) + * @throws RepositoryException + */ + public void deleteAces(Session jcrSession, + String resourcePath, + String [] principalNamesToDelete + ) throws RepositoryException; + +} diff --git a/src/main/java/org/apache/sling/jcr/jackrabbit/accessmanager/GetAcl.java b/src/main/java/org/apache/sling/jcr/jackrabbit/accessmanager/GetAcl.java new file mode 100644 index 0000000..127b631 --- /dev/null +++ b/src/main/java/org/apache/sling/jcr/jackrabbit/accessmanager/GetAcl.java @@ -0,0 +1,48 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.sling.jcr.jackrabbit.accessmanager; + +import javax.jcr.RepositoryException; +import javax.jcr.Session; + +import org.apache.sling.commons.json.JSONException; +import org.apache.sling.commons.json.JSONObject; + +/** + * The <code>GetAcl</code> service api. + * <p> + * This interface is not intended to be implemented by bundles. It is + * implemented by this bundle and may be used by client bundles. + * </p> + */ +public interface GetAcl { + + /** + * Gets the access control list for a resource. + * + * @param jcrSession the JCR session of the user updating the user + * @param resourcePath The path of the resource to get the ACL for (required) + * @return the ACL as a JSON object + * @throws RepositoryException + */ + public JSONObject getAcl(Session jcrSession, + String resourcePath + ) throws RepositoryException, JSONException; + +} diff --git a/src/main/java/org/apache/sling/jcr/jackrabbit/accessmanager/GetEffectiveAcl.java b/src/main/java/org/apache/sling/jcr/jackrabbit/accessmanager/GetEffectiveAcl.java new file mode 100644 index 0000000..a0e91c7 --- /dev/null +++ b/src/main/java/org/apache/sling/jcr/jackrabbit/accessmanager/GetEffectiveAcl.java @@ -0,0 +1,48 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.sling.jcr.jackrabbit.accessmanager; + +import javax.jcr.RepositoryException; +import javax.jcr.Session; + +import org.apache.sling.commons.json.JSONException; +import org.apache.sling.commons.json.JSONObject; + +/** + * The <code>GetAcl</code> service api. + * <p> + * This interface is not intended to be implemented by bundles. It is + * implemented by this bundle and may be used by client bundles. + * </p> + */ +public interface GetEffectiveAcl { + + /** + * Gets the effective access control list for a resource. + * + * @param jcrSession the JCR session of the user updating the user + * @param resourcePath The path of the resource to get the ACL for (required) + * @return the ACL as a JSON object + * @throws RepositoryException + */ + public JSONObject getEffectiveAcl(Session jcrSession, + String resourcePath + ) throws RepositoryException, JSONException; + +} diff --git a/src/main/java/org/apache/sling/jcr/jackrabbit/accessmanager/ModifyAce.java b/src/main/java/org/apache/sling/jcr/jackrabbit/accessmanager/ModifyAce.java new file mode 100644 index 0000000..acfc315 --- /dev/null +++ b/src/main/java/org/apache/sling/jcr/jackrabbit/accessmanager/ModifyAce.java @@ -0,0 +1,54 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.sling.jcr.jackrabbit.accessmanager; + +import java.util.Map; + +import javax.jcr.RepositoryException; +import javax.jcr.Session; + +/** + * The <code>ModifyAce</code> service api. + * <p> + * This interface is not intended to be implemented by bundles. It is + * implemented by this bundle and may be used by client bundles. + * </p> + */ +public interface ModifyAce { + + /** + * Add or modify the access control entry for the specified user + * or group. + * + * @param jcrSession the JCR session of the user updating the user + * @param resourcePath The absolute path of the resource to apply the ACE to (required) + * @param principalId The name of the user/group to provision (required) + * @param privileges Map of privileges to apply. (optional) + * @param changes The list of changes for this operation (optional) + * @return the user that was updated or null if not found + * @throws RepositoryException + */ + public void modifyAce(Session jcrSession, + String resourcePath, + String principalId, + Map<String, String> privileges, + String order + ) throws RepositoryException; + +} diff --git a/src/main/java/org/apache/sling/jcr/jackrabbit/accessmanager/post/AbstractGetAclServlet.java b/src/main/java/org/apache/sling/jcr/jackrabbit/accessmanager/post/AbstractGetAclServlet.java index 27986c9..4c0f868 100644 --- a/src/main/java/org/apache/sling/jcr/jackrabbit/accessmanager/post/AbstractGetAclServlet.java +++ b/src/main/java/org/apache/sling/jcr/jackrabbit/accessmanager/post/AbstractGetAclServlet.java @@ -23,8 +23,8 @@ import java.util.LinkedHashMap; import java.util.LinkedHashSet; import java.util.List; import java.util.Map; -import java.util.Map.Entry; import java.util.Set; +import java.util.Map.Entry; import javax.jcr.AccessDeniedException; import javax.jcr.Item; @@ -37,9 +37,9 @@ import javax.servlet.http.HttpServletResponse; import org.apache.sling.api.SlingHttpServletRequest; import org.apache.sling.api.SlingHttpServletResponse; -import org.apache.sling.api.resource.Resource; import org.apache.sling.api.resource.ResourceNotFoundException; import org.apache.sling.api.servlets.SlingAllMethodsServlet; +import org.apache.sling.commons.json.JSONException; import org.apache.sling.commons.json.JSONObject; import org.apache.sling.jcr.base.util.AccessControlUtil; import org.slf4j.Logger; @@ -56,98 +56,20 @@ public abstract class AbstractGetAclServlet extends SlingAllMethodsServlet { /* (non-Javadoc) * @see org.apache.sling.api.servlets.SlingSafeMethodsServlet#doGet(org.apache.sling.api.SlingHttpServletRequest, org.apache.sling.api.SlingHttpServletResponse) */ - @SuppressWarnings("unchecked") @Override protected void doGet(SlingHttpServletRequest request, SlingHttpServletResponse response) throws ServletException, IOException { - try { - Session session = request.getResourceResolver().adaptTo(Session.class); - if (session == null) { - throw new RepositoryException("JCR Session not found"); - } - - String resourcePath = null; - Resource resource = request.getResource(); - if (resource == null) { - throw new ResourceNotFoundException("Resource not found."); - } else { - Item item = resource.adaptTo(Item.class); - if (item != null) { - resourcePath = item.getPath(); - } else { - throw new ResourceNotFoundException("Resource is not a JCR Node"); - } - } - - AccessControlEntry[] declaredAccessControlEntries = getAccessControlEntries(session, resourcePath); - Map<String, Map<String, Object>> aclMap = new LinkedHashMap<String, Map<String,Object>>(); - int sequence = 0; - for (AccessControlEntry ace : declaredAccessControlEntries) { - Principal principal = ace.getPrincipal(); - Map<String, Object> map = aclMap.get(principal.getName()); - if (map == null) { - map = new LinkedHashMap<String, Object>(); - aclMap.put(principal.getName(), map); - map.put("order", sequence++); - } - - boolean allow = AccessControlUtil.isAllow(ace); - if (allow) { - Set<String> grantedSet = (Set<String>) map.get("granted"); - if (grantedSet == null) { - grantedSet = new LinkedHashSet<String>(); - map.put("granted", grantedSet); - } - Privilege[] privileges = ace.getPrivileges(); - for (Privilege privilege : privileges) { - grantedSet.add(privilege.getName()); - } - } else { - Set<String> deniedSet = (Set<String>) map.get("denied"); - if (deniedSet == null) { - deniedSet = new LinkedHashSet<String>(); - map.put("denied", deniedSet); - } - Privilege[] privileges = ace.getPrivileges(); - for (Privilege privilege : privileges) { - deniedSet.add(privilege.getName()); - } - } - } - + try { + Session session = request.getResourceResolver().adaptTo(Session.class); + String resourcePath = request.getResource().getPath(); - response.setContentType("application/json"); - response.setCharacterEncoding("UTF-8"); + JSONObject acl = internalGetAcl(session, resourcePath); + response.setContentType("application/json"); + response.setCharacterEncoding("UTF-8"); - List<JSONObject> aclList = new ArrayList<JSONObject>(); - Set<Entry<String, Map<String, Object>>> entrySet = aclMap.entrySet(); - for (Entry<String, Map<String, Object>> entry : entrySet) { - String principalName = entry.getKey(); - Map<String, Object> value = entry.getValue(); - - JSONObject aceObject = new JSONObject(); - aceObject.put("principal", principalName); - - Set<String> grantedSet = (Set<String>) value.get("granted"); - if (grantedSet != null) { - aceObject.put("granted", grantedSet); - } - - Set<String> deniedSet = (Set<String>) value.get("denied"); - if (deniedSet != null) { - aceObject.put("denied", deniedSet); - } - aceObject.put("order", value.get("order")); - aclList.add(aceObject); - } - JSONObject jsonAclMap = new JSONObject(aclMap); - for ( JSONObject jsonObj : aclList) { - jsonAclMap.put(jsonObj.getString("principal"), jsonObj); - } - jsonAclMap.write(response.getWriter()); - // do the dump + acl.write(response.getWriter()); } catch (AccessDeniedException ade) { response.sendError(HttpServletResponse.SC_NOT_FOUND); } catch (ResourceNotFoundException rnfe) { @@ -160,6 +82,86 @@ public abstract class AbstractGetAclServlet extends SlingAllMethodsServlet { } } + @SuppressWarnings("unchecked") + protected JSONObject internalGetAcl(Session jcrSession, String resourcePath) + throws RepositoryException, JSONException { + + if (jcrSession == null) { + throw new RepositoryException("JCR Session not found"); + } + + Item item = jcrSession.getItem(resourcePath); + if (item != null) { + resourcePath = item.getPath(); + } else { + throw new ResourceNotFoundException("Resource is not a JCR Node"); + } + + AccessControlEntry[] declaredAccessControlEntries = getAccessControlEntries(jcrSession, resourcePath); + Map<String, Map<String, Object>> aclMap = new LinkedHashMap<String, Map<String,Object>>(); + int sequence = 0; + for (AccessControlEntry ace : declaredAccessControlEntries) { + Principal principal = ace.getPrincipal(); + Map<String, Object> map = aclMap.get(principal.getName()); + if (map == null) { + map = new LinkedHashMap<String, Object>(); + aclMap.put(principal.getName(), map); + map.put("order", sequence++); + } + + boolean allow = AccessControlUtil.isAllow(ace); + if (allow) { + Set<String> grantedSet = (Set<String>) map.get("granted"); + if (grantedSet == null) { + grantedSet = new LinkedHashSet<String>(); + map.put("granted", grantedSet); + } + Privilege[] privileges = ace.getPrivileges(); + for (Privilege privilege : privileges) { + grantedSet.add(privilege.getName()); + } + } else { + Set<String> deniedSet = (Set<String>) map.get("denied"); + if (deniedSet == null) { + deniedSet = new LinkedHashSet<String>(); + map.put("denied", deniedSet); + } + Privilege[] privileges = ace.getPrivileges(); + for (Privilege privilege : privileges) { + deniedSet.add(privilege.getName()); + } + } + } + + List<JSONObject> aclList = new ArrayList<JSONObject>(); + Set<Entry<String, Map<String, Object>>> entrySet = aclMap.entrySet(); + for (Entry<String, Map<String, Object>> entry : entrySet) { + String principalName = entry.getKey(); + Map<String, Object> value = entry.getValue(); + + JSONObject aceObject = new JSONObject(); + aceObject.put("principal", principalName); + + Set<String> grantedSet = (Set<String>) value.get("granted"); + if (grantedSet != null) { + aceObject.put("granted", grantedSet); + } + + Set<String> deniedSet = (Set<String>) value.get("denied"); + if (deniedSet != null) { + aceObject.put("denied", deniedSet); + } + aceObject.put("order", value.get("order")); + aclList.add(aceObject); + } + JSONObject jsonAclMap = new JSONObject(aclMap); + for ( JSONObject jsonObj : aclList) { + jsonAclMap.put(jsonObj.getString("principal"), jsonObj); + } + + return jsonAclMap; + } + protected abstract AccessControlEntry[] getAccessControlEntries(Session session, String absPath) throws RepositoryException; } diff --git a/src/main/java/org/apache/sling/jcr/jackrabbit/accessmanager/post/DeleteAcesServlet.java b/src/main/java/org/apache/sling/jcr/jackrabbit/accessmanager/post/DeleteAcesServlet.java index dba545a..15f2d2c 100644 --- a/src/main/java/org/apache/sling/jcr/jackrabbit/accessmanager/post/DeleteAcesServlet.java +++ b/src/main/java/org/apache/sling/jcr/jackrabbit/accessmanager/post/DeleteAcesServlet.java @@ -25,15 +25,15 @@ import java.util.Set; import javax.jcr.Item; import javax.jcr.RepositoryException; import javax.jcr.Session; - import javax.jcr.security.AccessControlEntry; import javax.jcr.security.AccessControlList; import javax.jcr.security.AccessControlManager; + import org.apache.sling.api.SlingHttpServletRequest; -import org.apache.sling.api.resource.Resource; import org.apache.sling.api.resource.ResourceNotFoundException; import org.apache.sling.api.servlets.HtmlResponse; import org.apache.sling.jcr.base.util.AccessControlUtil; +import org.apache.sling.jcr.jackrabbit.accessmanager.DeleteAces; import org.apache.sling.servlets.post.Modification; import org.apache.sling.servlets.post.SlingPostConstants; @@ -70,11 +70,12 @@ import org.apache.sling.servlets.post.SlingPostConstants; * * @scr.component immediate="true" * @scr.service interface="javax.servlet.Servlet" + * @scr.service interface="org.apache.sling.jcr.jackrabbit.accessmanager.DeleteAces" * @scr.property name="sling.servlet.resourceTypes" value="sling/servlet/default" * @scr.property name="sling.servlet.methods" value="POST" * @scr.property name="sling.servlet.selectors" value="deleteAce" */ -public class DeleteAcesServlet extends AbstractAccessPostServlet { +public class DeleteAcesServlet extends AbstractAccessPostServlet implements DeleteAces { private static final long serialVersionUID = 3784866802938282971L; /* (non-Javadoc) @@ -85,34 +86,42 @@ public class DeleteAcesServlet extends AbstractAccessPostServlet { HtmlResponse htmlResponse, List<Modification> changes) throws RepositoryException { + Session session = request.getResourceResolver().adaptTo(Session.class); + String resourcePath = request.getResource().getPath(); String[] applyTo = request.getParameterValues(SlingPostConstants.RP_APPLY_TO); - if (applyTo == null) { + deleteAces(session, resourcePath, applyTo); + } + + /* (non-Javadoc) + * @see org.apache.sling.jcr.jackrabbit.accessmanager.DeleteAces#deleteAces(javax.jcr.Session, java.lang.String, java.lang.String[]) + */ + public void deleteAces(Session jcrSession, String resourcePath, + String[] principalNamesToDelete) throws RepositoryException { + + if (principalNamesToDelete == null) { throw new RepositoryException("principalIds were not sumitted."); } else { - String resourcePath = null; - Resource resource = request.getResource(); - if (resource == null) { - throw new ResourceNotFoundException("Resource not found."); - } else { - Item item = resource.adaptTo(Item.class); - if (item != null) { - resourcePath = item.getPath(); - } else { - throw new ResourceNotFoundException("Resource is not a JCR Node"); - } + if (jcrSession == null) { + throw new RepositoryException("JCR Session not found"); + } + + if (resourcePath == null) { + throw new ResourceNotFoundException("Resource path was not supplied."); } - Session session = request.getResourceResolver().adaptTo(Session.class); - if (session == null) { - throw new RepositoryException("JCR Session not found"); + Item item = jcrSession.getItem(resourcePath); + if (item != null) { + resourcePath = item.getPath(); + } else { + throw new ResourceNotFoundException("Resource is not a JCR Node"); } //load the principalIds array into a set for quick lookup below Set<String> pidSet = new HashSet<String>(); - pidSet.addAll(Arrays.asList(applyTo)); + pidSet.addAll(Arrays.asList(principalNamesToDelete)); try { - AccessControlManager accessControlManager = AccessControlUtil.getAccessControlManager(session); + AccessControlManager accessControlManager = AccessControlUtil.getAccessControlManager(jcrSession); AccessControlList updatedAcl = getAccessControlList(accessControlManager, resourcePath, false); //keep track of the existing Aces for the target principal @@ -138,5 +147,5 @@ public class DeleteAcesServlet extends AbstractAccessPostServlet { } } } - + } diff --git a/src/main/java/org/apache/sling/jcr/jackrabbit/accessmanager/post/GetAclServlet.java b/src/main/java/org/apache/sling/jcr/jackrabbit/accessmanager/post/GetAclServlet.java index 399dbb1..c0f907c 100644 --- a/src/main/java/org/apache/sling/jcr/jackrabbit/accessmanager/post/GetAclServlet.java +++ b/src/main/java/org/apache/sling/jcr/jackrabbit/accessmanager/post/GetAclServlet.java @@ -23,7 +23,10 @@ import javax.jcr.security.AccessControlList; import javax.jcr.security.AccessControlManager; import javax.jcr.security.AccessControlPolicy; +import org.apache.sling.commons.json.JSONException; +import org.apache.sling.commons.json.JSONObject; import org.apache.sling.jcr.base.util.AccessControlUtil; +import org.apache.sling.jcr.jackrabbit.accessmanager.GetAcl; /** * <p> @@ -92,14 +95,23 @@ import org.apache.sling.jcr.base.util.AccessControlUtil; * * @scr.component immediate="true" * @scr.service interface="javax.servlet.Servlet" + * @scr.service interface="org.apache.sling.jcr.jackrabbit.accessmanager.GetAcl" * @scr.property name="sling.servlet.resourceTypes" value="sling/servlet/default" * @scr.property name="sling.servlet.methods" value="GET" * @scr.property name="sling.servlet.selectors" value="acl" * @scr.property name="sling.servlet.extensions" value="json" */ -public class GetAclServlet extends AbstractGetAclServlet { +public class GetAclServlet extends AbstractGetAclServlet implements GetAcl { private static final long serialVersionUID = 3391376559396223185L; + /* (non-Javadoc) + * @see org.apache.sling.jcr.jackrabbit.accessmanager.GetAcl#getAcl(javax.jcr.Session, java.lang.String) + */ + public JSONObject getAcl(Session jcrSession, String resourcePath) + throws RepositoryException, JSONException { + return internalGetAcl(jcrSession, resourcePath); + } + @Override protected AccessControlEntry[] getAccessControlEntries(Session session, String absPath) throws RepositoryException { AccessControlManager accessControlManager = AccessControlUtil.getAccessControlManager(session); diff --git a/src/main/java/org/apache/sling/jcr/jackrabbit/accessmanager/post/GetEffectiveAclServlet.java b/src/main/java/org/apache/sling/jcr/jackrabbit/accessmanager/post/GetEffectiveAclServlet.java index 813d35f..e92ad7c 100644 --- a/src/main/java/org/apache/sling/jcr/jackrabbit/accessmanager/post/GetEffectiveAclServlet.java +++ b/src/main/java/org/apache/sling/jcr/jackrabbit/accessmanager/post/GetEffectiveAclServlet.java @@ -23,7 +23,10 @@ import javax.jcr.security.AccessControlList; import javax.jcr.security.AccessControlManager; import javax.jcr.security.AccessControlPolicy; +import org.apache.sling.commons.json.JSONException; +import org.apache.sling.commons.json.JSONObject; import org.apache.sling.jcr.base.util.AccessControlUtil; +import org.apache.sling.jcr.jackrabbit.accessmanager.GetEffectiveAcl; /** * <p> @@ -92,15 +95,24 @@ import org.apache.sling.jcr.base.util.AccessControlUtil; * * @scr.component immediate="true" * @scr.service interface="javax.servlet.Servlet" + * @scr.service interface="org.apache.sling.jcr.jackrabbit.accessmanager.GetEffectiveAcl" * @scr.property name="sling.servlet.resourceTypes" value="sling/servlet/default" * @scr.property name="sling.servlet.methods" value="GET" * @scr.property name="sling.servlet.selectors" value="eacl" * @scr.property name="sling.servlet.extensions" value="json" */ @SuppressWarnings("serial") -public class GetEffectiveAclServlet extends AbstractGetAclServlet { +public class GetEffectiveAclServlet extends AbstractGetAclServlet implements GetEffectiveAcl { - @Override + /* (non-Javadoc) + * @see org.apache.sling.jcr.jackrabbit.accessmanager.GetEffectiveAcl#getEffectiveAcl(javax.jcr.Session, java.lang.String) + */ + public JSONObject getEffectiveAcl(Session jcrSession, String resourcePath) + throws RepositoryException, JSONException { + return internalGetAcl(jcrSession, resourcePath); + } + + @Override protected AccessControlEntry[] getAccessControlEntries(Session session, String absPath) throws RepositoryException { AccessControlManager accessControlManager = AccessControlUtil.getAccessControlManager(session); AccessControlPolicy[] policies = accessControlManager.getEffectivePolicies(absPath); diff --git a/src/main/java/org/apache/sling/jcr/jackrabbit/accessmanager/post/ModifyAceServlet.java b/src/main/java/org/apache/sling/jcr/jackrabbit/accessmanager/post/ModifyAceServlet.java index f259e96..c916380 100644 --- a/src/main/java/org/apache/sling/jcr/jackrabbit/accessmanager/post/ModifyAceServlet.java +++ b/src/main/java/org/apache/sling/jcr/jackrabbit/accessmanager/post/ModifyAceServlet.java @@ -16,24 +16,27 @@ */ package org.apache.sling.jcr.jackrabbit.accessmanager.post; -import org.apache.jackrabbit.api.security.principal.PrincipalManager; -import org.apache.sling.api.SlingHttpServletRequest; -import org.apache.sling.api.resource.Resource; -import org.apache.sling.api.resource.ResourceNotFoundException; -import org.apache.sling.api.servlets.HtmlResponse; -import org.apache.sling.jcr.base.util.AccessControlUtil; -import org.apache.sling.servlets.post.Modification; - import java.security.Principal; import java.util.Enumeration; +import java.util.HashMap; import java.util.HashSet; import java.util.List; +import java.util.Map; import java.util.Set; +import java.util.Map.Entry; import javax.jcr.Item; import javax.jcr.RepositoryException; import javax.jcr.Session; +import org.apache.jackrabbit.api.security.principal.PrincipalManager; +import org.apache.sling.api.SlingHttpServletRequest; +import org.apache.sling.api.resource.ResourceNotFoundException; +import org.apache.sling.api.servlets.HtmlResponse; +import org.apache.sling.jcr.base.util.AccessControlUtil; +import org.apache.sling.jcr.jackrabbit.accessmanager.ModifyAce; +import org.apache.sling.servlets.post.Modification; + /** * <p> * Sling Post Servlet implementation for modifying the ACEs for a principal on a JCR @@ -77,11 +80,12 @@ import javax.jcr.Session; * * @scr.component immediate="true" * @scr.service interface="javax.servlet.Servlet" + * @scr.service interface="org.apache.sling.jcr.jackrabbit.accessmanager.ModifyAce" * @scr.property name="sling.servlet.resourceTypes" value="sling/servlet/default" * @scr.property name="sling.servlet.methods" value="POST" * @scr.property name="sling.servlet.selectors" value="modifyAce" */ -public class ModifyAceServlet extends AbstractAccessPostServlet { +public class ModifyAceServlet extends AbstractAccessPostServlet implements ModifyAce { private static final long serialVersionUID = -9182485466670280437L; /* (non-Javadoc) @@ -92,68 +96,87 @@ public class ModifyAceServlet extends AbstractAccessPostServlet { HtmlResponse htmlResponse, List<Modification> changes) throws RepositoryException { Session session = request.getResourceResolver().adaptTo(Session.class); - if (session == null) { + String resourcePath = request.getResource().getPath(); + String principalId = request.getParameter("principalId"); + Map<String, String> privileges = new HashMap<String, String>(); + Enumeration<?> parameterNames = request.getParameterNames(); + while (parameterNames.hasMoreElements()) { + Object nextElement = parameterNames.nextElement(); + if (nextElement instanceof String) { + String paramName = (String)nextElement; + if (paramName.startsWith("privilege@")) { + String privilegeName = paramName.substring(10); + String parameterValue = request.getParameter(paramName); + privileges.put(privilegeName, parameterValue); + } + } + } + String order = request.getParameter("order"); + modifyAce(session, resourcePath, principalId, privileges, order); + } + + /* (non-Javadoc) + * @see org.apache.sling.jcr.jackrabbit.accessmanager.ModifyAce#modifyAce(javax.jcr.Session, java.lang.String, java.lang.String, java.util.Map, java.lang.String) + */ + public void modifyAce(Session jcrSession, String resourcePath, + String principalId, Map<String, String> privileges, String order) + throws RepositoryException { + if (jcrSession == null) { throw new RepositoryException("JCR Session not found"); } - String principalId = request.getParameter("principalId"); if (principalId == null) { throw new RepositoryException("principalId was not submitted."); } - PrincipalManager principalManager = AccessControlUtil.getPrincipalManager(session); + PrincipalManager principalManager = AccessControlUtil.getPrincipalManager(jcrSession); Principal principal = principalManager.getPrincipal(principalId); - String resourcePath = null; - Resource resource = request.getResource(); - if (resource == null) { - throw new ResourceNotFoundException("Resource not found."); + + if (resourcePath == null) { + throw new ResourceNotFoundException("Resource path was not supplied."); + } + + Item item = jcrSession.getItem(resourcePath); + if (item != null) { + resourcePath = item.getPath(); } else { - Item item = resource.adaptTo(Item.class); - if (item != null) { - resourcePath = item.getPath(); - } else { - throw new ResourceNotFoundException("Resource is not a JCR Node"); - } + throw new ResourceNotFoundException("Resource is not a JCR Node"); } - + // Collect the modified privileges from the request. Set<String> grantedPrivilegeNames = new HashSet<String>(); Set<String> deniedPrivilegeNames = new HashSet<String>(); Set<String> removedPrivilegeNames = new HashSet<String>(); - Enumeration<?> parameterNames = request.getParameterNames(); - while (parameterNames.hasMoreElements()) { - Object nextElement = parameterNames.nextElement(); - if (nextElement instanceof String) { - String paramName = (String)nextElement; - if (paramName.startsWith("privilege@")) { - String privilegeName = paramName.substring(10); - String parameterValue = request.getParameter(paramName); - if (parameterValue != null && parameterValue.length() > 0) { - if ("granted".equals(parameterValue)) { - grantedPrivilegeNames.add(privilegeName); - } else if ("denied".equals(parameterValue)) { - deniedPrivilegeNames.add(privilegeName); - } else if ("none".equals(parameterValue)){ - removedPrivilegeNames.add(privilegeName); - } - } + Set<Entry<String, String>> entrySet = privileges.entrySet(); + for (Entry<String, String> entry : entrySet) { + String privilegeName = entry.getKey(); + if (privilegeName.startsWith("privilege@")) { + privilegeName = privilegeName.substring(10); + } + String parameterValue = entry.getValue(); + if (parameterValue != null && parameterValue.length() > 0) { + if ("granted".equals(parameterValue)) { + grantedPrivilegeNames.add(privilegeName); + } else if ("denied".equals(parameterValue)) { + deniedPrivilegeNames.add(privilegeName); + } else if ("none".equals(parameterValue)){ + removedPrivilegeNames.add(privilegeName); } } } - String order = request.getParameter("order"); - // Make the actual changes. try { - AccessControlUtil.replaceAccessControlEntry(session, resourcePath, principal, + AccessControlUtil.replaceAccessControlEntry(jcrSession, resourcePath, principal, grantedPrivilegeNames.toArray(new String[grantedPrivilegeNames.size()]), deniedPrivilegeNames.toArray(new String[deniedPrivilegeNames.size()]), removedPrivilegeNames.toArray(new String[removedPrivilegeNames.size()]), order); - if (session.hasPendingChanges()) { - session.save(); + if (jcrSession.hasPendingChanges()) { + jcrSession.save(); } } catch (RepositoryException re) { throw new RepositoryException("Failed to create ace.", re); } } + } -- To stop receiving notification emails like this one, please contact "commits@sling.apache.org" <commits@sling.apache.org>.