1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34 package info.magnolia.cms.security;
35
36 import info.magnolia.cms.beans.config.ContentRepository;
37 import info.magnolia.cms.core.Content;
38 import info.magnolia.cms.core.ItemType;
39 import info.magnolia.cms.core.Path;
40 import info.magnolia.cms.core.HierarchyManager;
41
42 import java.util.Collection;
43
44 import javax.jcr.PathNotFoundException;
45 import javax.jcr.RepositoryException;
46
47 import org.slf4j.Logger;
48 import org.slf4j.LoggerFactory;
49
50
51
52
53
54
55
56 public class MgnlRole implements Role {
57 private static final Logger log = LoggerFactory.getLogger(MgnlRole.class);
58
59
60
61
62 public static long PERMISSION_ANY = -1;
63
64
65
66
67 private final Content roleNode;
68
69
70
71
72 protected MgnlRole(Content roleNode) {
73 this.roleNode = roleNode;
74 }
75
76 public String getName() {
77 return roleNode.getName();
78 }
79
80 public void addPermission(String repository, String path, long permission) {
81 try {
82 Content aclNode = getAclNode(repository);
83 if (!this.existsPermission(aclNode, path, permission)) {
84 HierarchyManager hm = MgnlSecurityUtil.getSystemHierarchyManager(ContentRepository.USER_ROLES);
85 String nodename = Path.getUniqueLabel(hm, aclNode.getHandle(), "0");
86 Content node = aclNode.createContent(nodename, ItemType.CONTENTNODE);
87 node.createNodeData("path").setValue(path);
88 node.createNodeData("permissions").setValue(String.valueOf(permission));
89 roleNode.save();
90 }
91 }
92 catch (Exception e) {
93 log.error("can't add permission", e);
94 }
95 }
96
97 public void removePermission(String repository, String path) {
98 this.removePermission(repository, path, MgnlRole.PERMISSION_ANY);
99 }
100
101 public void removePermission(String repository, String path, long permission) {
102 try {
103 Content aclNode = getAclNode(repository);
104 Collection<Content> children = aclNode.getChildren();
105 for (Content child : children) {
106 if (child.getNodeData("path").getString().equals(path)) {
107 if (permission == MgnlRole.PERMISSION_ANY
108 || child.getNodeData("permissions").getLong() == permission) {
109 child.delete();
110 }
111 }
112 }
113 roleNode.save();
114 }
115 catch (Exception e) {
116 log.error("can't remove permission", e);
117 }
118 }
119
120
121
122
123
124
125
126
127
128 private Content getAclNode(String repository) throws RepositoryException, PathNotFoundException,
129 AccessDeniedException {
130 Content aclNode;
131 if (!roleNode.hasContent("acl_" + repository)) {
132 aclNode = roleNode.createContent("acl_" + repository, ItemType.CONTENTNODE);
133 }
134 else {
135 aclNode = roleNode.getContent("acl_" + repository);
136 }
137 return aclNode;
138 }
139
140
141
142
143
144
145
146 private boolean existsPermission(Content aclNode, String path, long permission) {
147 Collection<Content> children = aclNode.getChildren();
148 for (Content child : children) {
149 if (child.getNodeData("path").getString().equals(path)) {
150 if (permission == MgnlRole.PERMISSION_ANY
151 || child.getNodeData("permissions").getLong() == permission) {
152 return true;
153 }
154 }
155 }
156 return false;
157 }
158
159 public Content getRoleNode() {
160 return roleNode;
161 }
162 }