View Javadoc

1   /**
2    * This file Copyright (c) 2007-2011 Magnolia International
3    * Ltd.  (http://www.magnolia-cms.com). All rights reserved.
4    *
5    *
6    * This file is dual-licensed under both the Magnolia
7    * Network Agreement and the GNU General Public License.
8    * You may elect to use one or the other of these licenses.
9    *
10   * This file is distributed in the hope that it will be
11   * useful, but AS-IS and WITHOUT ANY WARRANTY; without even the
12   * implied warranty of MERCHANTABILITY or FITNESS FOR A
13   * PARTICULAR PURPOSE, TITLE, or NONINFRINGEMENT.
14   * Redistribution, except as permitted by whichever of the GPL
15   * or MNA you select, is prohibited.
16   *
17   * 1. For the GPL license (GPL), you can redistribute and/or
18   * modify this file under the terms of the GNU General
19   * Public License, Version 3, as published by the Free Software
20   * Foundation.  You should have received a copy of the GNU
21   * General Public License, Version 3 along with this program;
22   * if not, write to the Free Software Foundation, Inc., 51
23   * Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
24   *
25   * 2. For the Magnolia Network Agreement (MNA), this file
26   * and the accompanying materials are made available under the
27   * terms of the MNA which accompanies this distribution, and
28   * is available at http://www.magnolia-cms.com/mna.html
29   *
30   * Any modifications to this file must keep this entire header
31   * intact.
32   *
33   */
34  package info.magnolia.setup.for3_6_2;
35  
36  import info.magnolia.cms.beans.config.ContentRepository;
37  import info.magnolia.cms.core.Content;
38  import info.magnolia.cms.core.ItemType;
39  import info.magnolia.cms.core.Path;
40  import info.magnolia.cms.security.Permission;
41  import info.magnolia.cms.util.NodeTypeFilter;
42  import info.magnolia.module.InstallContext;
43  import info.magnolia.module.delta.AllChildrenNodesOperation;
44  import info.magnolia.module.delta.TaskExecutionException;
45  
46  import java.util.Iterator;
47  
48  import javax.jcr.RepositoryException;
49  
50  import org.slf4j.Logger;
51  import org.slf4j.LoggerFactory;
52  
53  
54  /**
55   * Updates all users to add an extra permission to read their own configuration node..
56   * @author had
57   * @version $Id: $
58   *
59   */
60  public class UpdateRoles extends AllChildrenNodesOperation {
61  
62      private static Logger log = LoggerFactory.getLogger(UpdateRoles.class);
63  
64      public UpdateRoles() {
65          super("Roles definition update", "Adds right to read their own node to all existing roles.", ContentRepository.USER_ROLES,  "/", new NodeTypeFilter(ItemType.ROLE));
66      }
67  
68      public void operateOnChildNode(Content role, InstallContext installContext)
69          throws RepositoryException, TaskExecutionException {
70          try {
71              String handle = role.getHandle();
72              boolean hasAccess = false;
73              Content acls = role.getChildByName("acl_roles");
74              if (acls == null) {
75                  acls = role.createContent("acl_roles", ItemType.CONTENTNODE);
76                  role.save();
77              }
78              Iterator iter2 = acls.getChildren().iterator();
79              while (iter2.hasNext()) {
80                  Content permission = (Content)iter2.next();
81                  if (handle.equals(permission.getNodeData("path").getString()) && (permission.getNodeData("permissions").getLong() >= Permission.READ)) {
82                      hasAccess = true;
83                      break;
84                  }
85              }
86              if (!hasAccess) {
87                  Content acl = acls.createContent(Path.getUniqueLabel(installContext.getHierarchyManager(ContentRepository.USER_ROLES), acls.getHandle(), "0"), ItemType.CONTENTNODE);
88                  acl.createNodeData("path", handle);
89                  acl.createNodeData("permissions", new Long(Permission.READ));
90                  acls.save();
91              }
92              // base role needs special handling
93              if ("base".equals(role.getName())) {
94                  // add read permission to root of all workspaces and deny to all the children of the root
95                  Iterator iter = role.getChildren(ItemType.CONTENTNODE).iterator();
96                  while (iter.hasNext()) {
97                      Content acl = (Content) iter.next();
98                      Iterator iter3 = acl.getChildren().iterator();
99                      boolean found = false;
100                     while (iter3.hasNext()) {
101                         Content permission = (Content) iter3.next();
102                         if ("/*".equals(permission.getNodeData("path").getString())) {
103                             found = true;
104                             break;
105                         }
106                     }
107                     if (!found) {
108                         Content permission = acl.createContent(Path.getUniqueLabel(installContext.getHierarchyManager(ContentRepository.USER_ROLES), acl.getHandle(), "0"), ItemType.CONTENTNODE);
109                         permission.createNodeData("path", "/");
110                         permission.createNodeData("permissions", new Long(Permission.READ));
111                         acl.save();
112                         permission = acl.createContent(Path.getUniqueLabel(installContext.getHierarchyManager(ContentRepository.USER_ROLES), acl.getHandle(), "0"), ItemType.CONTENTNODE);
113                         permission.createNodeData("path", "/*");
114                         permission.createNodeData("permissions", new Long(Permission.NONE));
115                         acl.save();
116                     }
117                 }
118             }
119 
120         } catch (RepositoryException e) {
121             log.error(e.getMessage(), e);
122             throw new TaskExecutionException("Failed to update user permissions. See log file for more details.");
123         }
124     }
125 }