[
https://issues.apache.org/jira/browse/OAK-9494?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17381281#comment-17381281
]
Angela Schreiber edited comment on OAK-9494 at 7/15/21, 11:54 AM:
------------------------------------------------------------------
[~joerghoh], thanks for reporting.... i agree that the fully qualified name
constants are making it super-hard to compare sets of jcr names (like privilege
names in this case). what should work though is comparing privileges
themselves.... i.e. not looking at the names.
e.g. something like:
{code}
// TODO: if all aggregated privileges are required -> extract using
Privilege.isAggregate() and Privilege.getAggregatedPrivileges()
Set<Privilege> privileges =
ImmutableSet.copyOf(accessControlManger.getPrivileges(absPath));
Privilege readPrivilege = ....
boolean canRead = privileges.contains(readPrivilege);
{code}
and privilege can be access using ac-mgr or privilege manager (thanks for
reminding me of that!):
{code}
readPrivilege = acMgr.privilegeFromName(Privilege.JCR_READ)
or
PrivilegeManager privilegeManager = ((JackrabbitWorkspace)
session.getWorkspace()).getPrivilegeManager();
readPrivilege = privilegeManager.getPrivilege(Privilege.JCR_READ)
{code}
let me know if that works until we have complete this improvement.
btw: i believe that you want to check if a given privilege is granted at a
particular node and not check if you can apply it..... applicable privileges
for a given path are covered by a different API method:
{{AccessControlManager.getSupportedPrivileges(String absPath)}} will return an
array of privileges that can be used/applied at the given path....
was (Author: anchela):
[~joerghoh], thanks for reporting.... i agree that the fully qualified name
constants are making it super-hard to compare sets of jcr names (like privilege
names in this case). what should work though is comparing privileges
themselves.... i.e. not looking at the names.
e.g. something like:
{code}
// TODO: if all aggregated privileges are required -> extract using
Privilege.isAggregate() and Privilege.getAggregatedPrivileges()
Set<Privilege> privileges =
ImmutableSet.copyOf(accessControlManger.getPrivileges(absPath));
PrivilegeManager privilegeManager = ((JackrabbitWorkspace)
session.getWorkspace()).getPrivilegeManager();
boolean canRead =
privileges.contains(privilegeManager.getPrivilege(Privilege.JCR_READ));
{code}
let me know if that works until we have complete this improvement.
> Check if a privilege is granted at a node
> -----------------------------------------
>
> Key: OAK-9494
> URL: https://issues.apache.org/jira/browse/OAK-9494
> Project: Jackrabbit Oak
> Issue Type: Improvement
> Components: api, commons
> Reporter: Joerg Hoh
> Priority: Major
>
> I have a case where I need to check for a session if individual privileges
> are available for a specific node. For performance reasons I want to avoid to
> execute multiple calls to {{accessControlManager.hasPrivilege(...)}}, but get
> all Privileges of that node once and the set various flags based on the
> presene of certain privileges or not.
> I want to use something like this:
> {code}
> Set<String> applicablePrivilegeNames =
> ...(accessControlManager.getPrivileges(path))...
> boolean canAddChildNodes =
> applicablePrivilegeNames.contains(Privilege.JCR_ADD_CHILD_NODES);
> boolean canWrite = applicablePrivilegeNames.contains(Privilege.WRITE);
> {code}
> It should work with aggregates as well.
> Right now it's a bit problematic because {{privilege.getName()}} resolves to
> something like {{jcr:read}}, while the value of {{Privilege.JCR_READ}} is
> {{\{http://www.jcp.org/jcr/1.0}read}}
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
