1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34 package info.magnolia.cms.security;
35
36 import static info.magnolia.cms.security.SecurityConstants.NODE_GROUPS;
37 import static info.magnolia.cms.security.SecurityConstants.NODE_ROLES;
38 import info.magnolia.cms.core.ItemType;
39 import info.magnolia.context.MgnlContext;
40 import info.magnolia.jcr.iterator.FilteringPropertyIterator;
41 import info.magnolia.jcr.predicate.JCRPropertyHidingPredicate;
42 import info.magnolia.repository.RepositoryConstants;
43
44 import java.util.ArrayList;
45 import java.util.Collection;
46 import java.util.Collections;
47 import java.util.HashSet;
48 import java.util.List;
49
50 import javax.jcr.ItemNotFoundException;
51 import javax.jcr.Node;
52 import javax.jcr.NodeIterator;
53 import javax.jcr.Property;
54 import javax.jcr.PropertyIterator;
55 import javax.jcr.RepositoryException;
56 import javax.jcr.Session;
57 import javax.jcr.query.Query;
58
59 import org.slf4j.Logger;
60 import org.slf4j.LoggerFactory;
61
62
63
64
65
66 public class MgnlGroupManager extends RepositoryBackedSecurityManager implements GroupManager {
67 private static final Logger log = LoggerFactory.getLogger(MgnlGroupManager.class);
68
69 @Override
70 public Group createGroup(final String name) throws AccessDeniedException {
71 return MgnlContext.doInSystemContext(new SilentSessionOp<MgnlGroup>(getRepositoryName()) {
72
73 @Override
74 public MgnlGroup doExec(Session session) throws RepositoryException {
75 Node groupNode = session.getNode("/").addNode(name,ItemType.GROUP.getSystemName());
76 session.save();
77 return new MgnlGroup(groupNode.getIdentifier(), groupNode.getName(), Collections.EMPTY_LIST, Collections.EMPTY_LIST);
78 }
79
80 @Override
81 public String toString() {
82 return "create group " + name;
83 }
84 });
85 }
86
87 @Override
88 public Group getGroup(final String name) throws AccessDeniedException {
89 return MgnlContext.doInSystemContext(new SilentSessionOp<Group>(getRepositoryName()) {
90
91 @Override
92 public Group doExec(Session session) throws RepositoryException {
93 Node groupNode = session.getNode("/" + name);
94 return newGroupInstance(groupNode);
95 }
96
97 @Override
98 public String toString() {
99 return "get group " + name;
100 }
101 });
102 }
103
104 @Override
105 public Collection<Group> getAllGroups() {
106 return MgnlContext.doInSystemContext(new SilentSessionOp<Collection<Group>>(getRepositoryName()) {
107
108 @Override
109 public Collection<Group> doExec(Session session) throws RepositoryException {
110 List<Group> groups = new ArrayList<Group>();
111 for (NodeIterator iter = session.getNode("/").getNodes(); iter.hasNext();) {
112 Node node = iter.nextNode();
113 if (!node.isNodeType(ItemType.GROUP.getSystemName())) {
114 continue;
115 }
116 groups.add(newGroupInstance(node));
117 }
118 return groups;
119 }
120
121 @Override
122 public String toString() {
123 return "get all groups";
124 }
125
126 });
127 }
128
129 protected Group newGroupInstance(Node node) throws RepositoryException {
130
131 Collection<String> groups = new HashSet<String>();
132 if (node.hasNode(NODE_GROUPS)) {
133 for (PropertyIterator iter = new FilteringPropertyIterator(node.getNode(NODE_GROUPS).getProperties(), new JCRPropertyHidingPredicate()); iter.hasNext();) {
134 Property subgroup = iter.nextProperty();
135 try {
136 groups.add(getResourceName(subgroup.getString()));
137 } catch (ItemNotFoundException e) {
138 log.warn("assigned group " + subgroup.getString() + " doesn't exist.");
139 }
140 }
141 }
142 Collection<String> roles = new HashSet<String>();
143 if (node.hasNode(NODE_ROLES)) {
144 RoleManager roleMan = SecuritySupport.Factory.getInstance().getRoleManager();
145 for (PropertyIterator iter = new FilteringPropertyIterator(node.getNode(NODE_ROLES).getProperties(), new JCRPropertyHidingPredicate()); iter.hasNext();) {
146 Property role = iter.nextProperty();
147 try {
148 String roleName = roleMan.getRoleNameById(role.getString());
149 if (roleName != null) {
150 roles.add(roleName);
151 }
152 } catch (ItemNotFoundException e) {
153 log.warn("assigned role " + role.getString() + " doesn't exist.");
154 }
155 }
156 }
157 MgnlGroup group = new MgnlGroup(node.getIdentifier(), node.getName(), groups, roles);
158 return group;
159 }
160
161 @Override
162 protected Node findPrincipalNode(String principalName, Session session) throws RepositoryException {
163 final String where = "where name() = '" + principalName + "'";
164
165 final String statement = "select * from [" + ItemType.GROUP + "] " + where;
166
167 Query query = session.getWorkspace().getQueryManager().createQuery(statement, Query.JCR_SQL2);
168 NodeIterator iter = query.execute().getNodes();
169 Node group = null;
170 while (iter.hasNext()) {
171 Node node = iter.nextNode();
172
173 if (node.isNodeType(ItemType.GROUP.getSystemName())) {
174 group = node;
175 break;
176 }
177 }
178 if (iter.hasNext()) {
179 log.error("More than one group found with name \"{}\"", principalName);
180 }
181 return group;
182 }
183
184 @Override
185 protected String getRepositoryName() {
186 return RepositoryConstants.USER_GROUPS;
187 }
188
189 @Override
190 public Group addRole(Group group, String roleName) throws AccessDeniedException {
191 try {
192 add(group.getName(), roleName, NODE_ROLES);
193 } catch (PrincipalNotFoundException e) {
194
195 return null;
196 }
197 return getGroup(group.getName());
198 }
199
200 @Override
201 public Group addGroup(Group group, String groupName) throws AccessDeniedException {
202 try {
203 add(group.getName(), groupName, NODE_GROUPS);
204 } catch (PrincipalNotFoundException e) {
205
206 return null;
207 }
208 return getGroup(groupName);
209 }
210 }