1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34 package info.magnolia.setup.for4_3;
35
36 import info.magnolia.cms.beans.config.ContentRepository;
37 import info.magnolia.cms.core.Content;
38 import info.magnolia.cms.core.ItemType;
39 import info.magnolia.cms.core.MetaData;
40 import info.magnolia.cms.core.Path;
41 import info.magnolia.cms.security.AccessDeniedException;
42 import info.magnolia.cms.security.MgnlUserManager;
43 import info.magnolia.cms.security.Permission;
44 import info.magnolia.cms.util.NodeTypeFilter;
45 import info.magnolia.module.InstallContext;
46 import info.magnolia.module.delta.AllChildrenNodesOperation;
47 import info.magnolia.module.delta.TaskExecutionException;
48
49 import javax.jcr.PathNotFoundException;
50 import javax.jcr.RepositoryException;
51
52 import org.slf4j.Logger;
53 import org.slf4j.LoggerFactory;
54
55
56
57
58
59
60
61
62 public class UpdateUserPermissions extends AllChildrenNodesOperation {
63
64 private static Logger log = LoggerFactory.getLogger(UpdateUserPermissions.class);
65
66 public UpdateUserPermissions() {
67 super("User definition update", "Changes user rights to allow properties updates while preventing user from modifying ACLs unintentionally.", ContentRepository.USERS, "/", new NodeTypeFilter(ItemType.FOLDER));
68 }
69
70 public void operateOnChildNode(Content node, InstallContext installContext)
71 throws RepositoryException, TaskExecutionException {
72 try {
73 for (Content user : node.getChildren(ItemType.USER)) {
74 String handle = user.getHandle();
75 boolean hadAccess = false;
76 Content acls = user.getContent("acl_users");
77 if (acls == null) {
78
79 installContext.warn("User " + user.getName() + " doesn't seem to be properly configured. Account path is " + handle + ".");
80 continue;
81 }
82 for (Content permission : acls.getChildren()) {
83
84 if ((handle + "/*").equals(permission.getNodeData("path").getString()) && (permission.getNodeData("permissions").getLong() >= Permission.WRITE)) {
85 hadAccess = true;
86 permission.delete();
87 break;
88 }
89 }
90 if (hadAccess) {
91
92 addWrite(handle, MgnlUserManager.PROPERTY_EMAIL, acls);
93 addWrite(handle, MgnlUserManager.PROPERTY_LANGUAGE, acls);
94 addWrite(handle, MgnlUserManager.PROPERTY_LASTACCESS, acls);
95 addWrite(handle, MgnlUserManager.PROPERTY_PASSWORD, acls);
96 addWrite(handle, MgnlUserManager.PROPERTY_TITLE, acls);
97
98 addWrite(handle, MetaData.DEFAULT_META_NODE, acls);
99 acls.save();
100 }
101 }
102 } catch (RepositoryException e) {
103 log.error(e.getMessage(), e);
104 throw new TaskExecutionException("Failed to update user permissions. See log file for more details.");
105 }
106 }
107
108 private Content addWrite(String parentPath, String property, Content acls) throws PathNotFoundException, RepositoryException, AccessDeniedException {
109 Content acl = acls.createContent(Path.getUniqueLabel(acls.getHierarchyManager(), acls.getHandle(), "0"), ItemType.CONTENTNODE);
110 acl.setNodeData("path", parentPath + "/" + property);
111 acl.setNodeData("permissions", new Long(Permission.ALL));
112 return acl;
113 }
114 }