1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34 package info.magnolia.cms.security;
35
36 import info.magnolia.cms.beans.config.ContentRepository;
37 import info.magnolia.cms.core.Content;
38 import info.magnolia.cms.core.ItemType;
39 import info.magnolia.cms.core.Path;
40 import info.magnolia.cms.core.HierarchyManager;
41
42 import java.util.Collection;
43
44 import javax.jcr.PathNotFoundException;
45 import javax.jcr.RepositoryException;
46
47 import org.slf4j.Logger;
48 import org.slf4j.LoggerFactory;
49
50
51
52
53
54
55 public class MgnlRole implements Role {
56 private static final Logger log = LoggerFactory.getLogger(MgnlRole.class);
57
58 public static long PERMISSION_ANY = -1;
59
60 private final Content roleNode;
61
62 protected MgnlRole(Content roleNode) {
63 this.roleNode = roleNode;
64 }
65
66 public String getName() {
67 return roleNode.getName();
68 }
69
70 public void addPermission(String repository, String path, long permission) {
71 try {
72 Content aclNode = getAclNode(repository);
73 if (!this.existsPermission(aclNode, path, permission)) {
74 HierarchyManager hm = MgnlSecurityUtil.getSystemHierarchyManager(ContentRepository.USER_ROLES);
75 String nodename = Path.getUniqueLabel(hm, aclNode.getHandle(), "0");
76 Content node = aclNode.createContent(nodename, ItemType.CONTENTNODE);
77 node.setNodeData("path", path);
78 node.setNodeData("permissions", permission);
79 roleNode.save();
80 }
81 }
82 catch (Exception e) {
83 log.error("can't add permission", e);
84 }
85 }
86
87 public void removePermission(String repository, String path) {
88 this.removePermission(repository, path, MgnlRole.PERMISSION_ANY);
89 }
90
91 public void removePermission(String repository, String path, long permission) {
92 try {
93 Content aclNode = getAclNode(repository);
94 Collection<Content> children = aclNode.getChildren();
95 for (Content child : children) {
96 if (child.getNodeData("path").getString().equals(path)) {
97 if (permission == MgnlRole.PERMISSION_ANY
98 || child.getNodeData("permissions").getLong() == permission) {
99 child.delete();
100 }
101 }
102 }
103 roleNode.save();
104 }
105 catch (Exception e) {
106 log.error("can't remove permission", e);
107 }
108 }
109
110
111
112
113 private Content getAclNode(String repository) throws RepositoryException, PathNotFoundException,
114 AccessDeniedException {
115 Content aclNode;
116 if (!roleNode.hasContent("acl_" + repository)) {
117 aclNode = roleNode.createContent("acl_" + repository, ItemType.CONTENTNODE);
118 }
119 else {
120 aclNode = roleNode.getContent("acl_" + repository);
121 }
122 return aclNode;
123 }
124
125
126
127
128 private boolean existsPermission(Content aclNode, String path, long permission) {
129 Collection<Content> children = aclNode.getChildren();
130 for (Content child : children) {
131 if (child.getNodeData("path").getString().equals(path)) {
132 if (permission == MgnlRole.PERMISSION_ANY
133 || child.getNodeData("permissions").getLong() == permission) {
134 return true;
135 }
136 }
137 }
138 return false;
139 }
140
141 public Content getRoleNode() {
142 return roleNode;
143 }
144 }