View Javadoc

1   /**
2    * This file Copyright (c) 2007-2011 Magnolia International
3    * Ltd.  (http://www.magnolia-cms.com). All rights reserved.
4    *
5    *
6    * This file is dual-licensed under both the Magnolia
7    * Network Agreement and the GNU General Public License.
8    * You may elect to use one or the other of these licenses.
9    *
10   * This file is distributed in the hope that it will be
11   * useful, but AS-IS and WITHOUT ANY WARRANTY; without even the
12   * implied warranty of MERCHANTABILITY or FITNESS FOR A
13   * PARTICULAR PURPOSE, TITLE, or NONINFRINGEMENT.
14   * Redistribution, except as permitted by whichever of the GPL
15   * or MNA you select, is prohibited.
16   *
17   * 1. For the GPL license (GPL), you can redistribute and/or
18   * modify this file under the terms of the GNU General
19   * Public License, Version 3, as published by the Free Software
20   * Foundation.  You should have received a copy of the GNU
21   * General Public License, Version 3 along with this program;
22   * if not, write to the Free Software Foundation, Inc., 51
23   * Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
24   *
25   * 2. For the Magnolia Network Agreement (MNA), this file
26   * and the accompanying materials are made available under the
27   * terms of the MNA which accompanies this distribution, and
28   * is available at http://www.magnolia-cms.com/mna.html
29   *
30   * Any modifications to this file must keep this entire header
31   * intact.
32   *
33   */
34  package info.magnolia.setup.for3_6_2;
35  
36  import info.magnolia.cms.core.Content;
37  import info.magnolia.cms.core.ItemType;
38  import info.magnolia.cms.core.Path;
39  import info.magnolia.cms.security.Permission;
40  import info.magnolia.cms.util.NodeTypeFilter;
41  import info.magnolia.module.InstallContext;
42  import info.magnolia.module.delta.AllChildrenNodesOperation;
43  import info.magnolia.module.delta.TaskExecutionException;
44  import info.magnolia.repository.RepositoryConstants;
45  
46  import java.util.Iterator;
47  
48  import javax.jcr.RepositoryException;
49  
50  import org.slf4j.Logger;
51  import org.slf4j.LoggerFactory;
52  
53  
54  /**
55   * Updates all users to add an extra permission to read their own configuration node..
56   * @author had
57   * @version $Id: $
58   *
59   */
60  public class UpdateRoles extends AllChildrenNodesOperation {
61  
62      private static Logger log = LoggerFactory.getLogger(UpdateRoles.class);
63  
64      public UpdateRoles() {
65          super("Roles definition update", "Adds right to read their own node to all existing roles.", RepositoryConstants.USER_ROLES,  "/", new NodeTypeFilter(ItemType.ROLE));
66      }
67  
68      @Override
69      public void operateOnChildNode(Content role, InstallContext installContext)
70          throws RepositoryException, TaskExecutionException {
71          try {
72              String handle = role.getHandle();
73              boolean hasAccess = false;
74              Content acls = role.getChildByName("acl_roles");
75              if (acls == null) {
76                  acls = role.createContent("acl_roles", ItemType.CONTENTNODE);
77                  role.save();
78              }
79              Iterator iter2 = acls.getChildren().iterator();
80              while (iter2.hasNext()) {
81                  Content permission = (Content)iter2.next();
82                  if (handle.equals(permission.getNodeData("path").getString()) && (permission.getNodeData("permissions").getLong() >= Permission.READ)) {
83                      hasAccess = true;
84                      break;
85                  }
86              }
87              if (!hasAccess) {
88                  Content acl = acls.createContent(Path.getUniqueLabel(installContext.getHierarchyManager(RepositoryConstants.USER_ROLES), acls.getHandle(), "0"), ItemType.CONTENTNODE);
89                  acl.createNodeData("path", handle);
90                  acl.createNodeData("permissions", new Long(Permission.READ));
91                  acls.save();
92              }
93              // base role needs special handling
94              if ("base".equals(role.getName())) {
95                  // add read permission to root of all workspaces and deny to all the children of the root
96                  Iterator iter = role.getChildren(ItemType.CONTENTNODE).iterator();
97                  while (iter.hasNext()) {
98                      Content acl = (Content) iter.next();
99                      Iterator iter3 = acl.getChildren().iterator();
100                     boolean found = false;
101                     while (iter3.hasNext()) {
102                         Content permission = (Content) iter3.next();
103                         if ("/*".equals(permission.getNodeData("path").getString())) {
104                             found = true;
105                             break;
106                         }
107                     }
108                     if (!found) {
109                         Content permission = acl.createContent(Path.getUniqueLabel(installContext.getHierarchyManager(RepositoryConstants.USER_ROLES), acl.getHandle(), "0"), ItemType.CONTENTNODE);
110                         permission.createNodeData("path", "/");
111                         permission.createNodeData("permissions", new Long(Permission.READ));
112                         acl.save();
113                         permission = acl.createContent(Path.getUniqueLabel(installContext.getHierarchyManager(RepositoryConstants.USER_ROLES), acl.getHandle(), "0"), ItemType.CONTENTNODE);
114                         permission.createNodeData("path", "/*");
115                         permission.createNodeData("permissions", Long.valueOf(Permission.NONE));
116                         acl.save();
117                     }
118                 }
119             }
120 
121         } catch (RepositoryException e) {
122             log.error(e.getMessage(), e);
123             throw new TaskExecutionException("Failed to update user permissions. See log file for more details.");
124         }
125     }
126 }